almost there. safety checkin

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@4050 dc483132-0cff-0310-8789-dd5450dbe970

10 files changed, 731 insertions, 150 deletions

diff --git a/src/appl/bsd/Makefile.in b/src/appl/bsd/Makefile.in
index ba695761bd..5f495d465a 100644
--- a/src/appl/bsd/Makefile.in
+++ b/src/appl/bsd/Makefile.in
@@ -1,4 +1,4 @@
-CFLAGS = $(CCOPTS) $(DEFS) $(LOCALINCLUDE)
+CFLAGS = $(CCOPTS) $(DEFS) $(LOCALINCLUDE) $(DEFINES)
 SETENVSRC=@SETENVSRC@
 SETENVOBJ=@SETENVOBJ@
 ISODELIB=@ISODELIB@
@@ -13,6 +13,11 @@ SRCS= krcp.c krlogin.c krsh.c kcmd.c forward.c logutil.c $(SETENVSRC) \
 OBJS= krcp.o krlogin.o krsh.o kcmd.o forward.c logutil.o $(SETENVOBJ) \
 	login.o $(LIBOBJS)
 
+RSH=	-DKRB_RLOGIN=\"$(PROGDIR)/rlogin\"
+
+DEFINES= $(RSH) $(RPROGS) \
+ 	-DLOGIN_PROGRAM=\"$(SERVER_BINDIR)/login.krb\" -DKPROGDIR=\"$(CLIENT_BINDIR)\"
+
 all:: rsh rcp rlogin krshd krlogind login.krb5
 
 rsh: krsh.o kcmd.o forward.o
diff --git a/src/appl/bsd/configure.in b/src/appl/bsd/configure.in
index f6c5122ecf..1dc3cdf2cd 100644
--- a/src/appl/bsd/configure.in
+++ b/src/appl/bsd/configure.in
@@ -9,10 +9,19 @@ AC_HAVE_LIBRARY(socket)
 AC_HAVE_LIBRARY(nsl)
 AC_FUNC_CHECK(utimes,AC_DEFINE(HAS_UTIMES))
 AC_FUNC_CHECK(getutent,AC_DEFINE(HAVE_GETUTENT))
-AC_HAVE_HEADERS(sys/filio.h unistd.h sys/label.h ttyent.h)
+AC_FUNC_CHECK(setreuid,AC_DEFINE(HAVE_SETREUID))
+AC_FUNC_CHECK(gettosbyname,AC_DEFINE(HAVE_GETTOSBYNAME))
+AC_FUNC_CHECK(killpg,AC_DEFINE(HAVE_KILLPG))
+AC_FUNC_CHECK(getdtablesize,AC_DEFINE(HAVE_GETDTABLESIZE))
+AC_FUNC_CHECK(initgroups,AC_DEFINE(HAVE_INITGROUPS))
+AC_FUNC_CHECK(setpriority,AC_DEFINE(HAVE_SETPRIORITY))
+AC_HAVE_HEADERS(sys/filio.h sys/sockio.h unistd.h sys/label.h ttyent.h sys/ptyvar.h lastlog.h)
 AC_REPLACE_FUNCS(getdtablesize)
 CHECK_DIRENT
 CHECK_FCNTL
+CHECK_WAIT_TYPE
+AC_WAIT3
+AC_HEADER_CHECK(termios.h,AC_FUNC_CHECK([tcsetattr],AC_DEFINE(POSIX_TERMIOS)))
 AC_COMPILE_CHECK([F_SETOWN],
 [#include <sys/types.h>
 #include <fcntl.h>],
@@ -37,5 +46,13 @@ AC_COMPILE_CHECK([setenv],
 SETENVOBJ=setenv.o
 AC_SUBST([SETENVSRC])
 AC_SUBST([SETENVOBJ])])
+dnl
+AC_COMPILE_CHECK([number of arguments to getpgrp],
+[#include <unistd.h>],[int pid = getpgrp()],
+AC_DEFINE(GETGRP_ONEARG))
+AC_COMPILE_CHECK([number of arguments to setpgrp],
+[#include <unistd.h>],[setpgrp(0,0)],
+AC_DEFINE(SETPGRP_TWOARG))
+dnl
 ADD_DEF(-DKERBEROS)
 AC_OUTPUT(Makefile,[EXTRA_RULES])
diff --git a/src/appl/bsd/kcmd.c b/src/appl/bsd/kcmd.c
index 4402b19276..d6d9f4a4bf 100644
--- a/src/appl/bsd/kcmd.c
+++ b/src/appl/bsd/kcmd.c
@@ -39,6 +39,11 @@ static char sccsid[] = "derived from @(#)rcmd.c	5.17 (Berkeley) 6/27/88";
 #include <sys/types.h>
 #define _TYPES_
 #endif
+#include <fcntl.h>
+#ifdef NEED_SYS_FCNTL_H
+#include <sys/fcntl.h>
+#endif
+
      
      
 #ifndef MAXPATHLEN
@@ -447,6 +452,7 @@ getport(alport)
 
 
 
+#ifdef HAVE_SETREUID
 #if defined(sun)
 /* The IMP  and ultrix do not like multiple defined routines 
    and since it does not have users with NFS filesystems 
@@ -593,7 +599,7 @@ _checkhost(rhost, lhost, len)
 	    nodomain = 1;
 	    return(0);
 	}
-	ldomain[MAXHOSTNAMELEN] = NULL;
+	ldomain[MAXHOSTNAMELEN] = 0;
 	if ((domainp = strchr(ldomain, '.')) == (char *)NULL) {
 	    nodomain = 1;
 	    return(0);
@@ -605,8 +611,8 @@ _checkhost(rhost, lhost, len)
     return(!strcmp(domainp, rhost + len +1));
     
 }
-#endif /* ! sysvimp */
-
+#endif /* ! sun */
+#endif /* HAVE_SETREUID */
 
 
 #if defined (hpux)
diff --git a/src/appl/bsd/krlogin.c b/src/appl/bsd/krlogin.c
index 6abfe7989c..3143d0ff7f 100644
--- a/src/appl/bsd/krlogin.c
+++ b/src/appl/bsd/krlogin.c
@@ -1,10 +1,6 @@
 /*
- *    $Source$!  *    $Author$
- *    $Header$
+ *    appl/bsd/krlogin.c
  */
-#ifndef lint
-static char rcsid_rlogin_c[] = "$Header$";
-#endif /* lint */
 
 /*
  * Copyright (c) 1983 The Regents of the University of California.
@@ -38,56 +34,96 @@ static char sccsid[] = "@(#)rlogin.c	5.12 (Berkeley) 9/19/88";
       * rlogin - remote login
       */
      
+#ifdef _AIX
+#undef _BSD
+#endif
+	
+#include <sys/types.h>
 #include <sys/param.h>
+#include <sys/ioctl.h>
 #include <sys/errno.h>
-#ifndef _TYPES
-#include <sys/types.h>
-#define _TYPES_
-#endif
 #include <sys/file.h>
 #include <sys/socket.h>
 #include <sys/time.h>
 #include <sys/resource.h>
 #include <sys/wait.h>
 #include <fcntl.h>
+#ifdef NEED_SYS_FCNTL_H
+#include <sys/fcntl.h>
+#endif
 
 #include <netinet/in.h>
-     
+
 #include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <pwd.h>
+#include <signal.h>
+#include <setjmp.h>
+#include <netdb.h>
      
-#ifdef SYSV
-#ifndef USE_TERMIO
-#define USE_TERMIO
+#ifdef HAS_STDLIB_H
+#include <stdlib.h>
 #endif
+
+#ifdef POSIX_TERMIOS
+#include <termios.h>
+#ifdef _AIX
+#include <termio.h>
 #endif
-     
-#ifdef USE_TERMIO
-#ifdef CRAY
+#endif
+
+#ifdef HAVE_SYS_SOCKIO_H
+/* for SIOCATMARK */
+#include <sys/sockio.h>
+#endif
+
+/****** MWE *****/
+#ifdef __SCO__
+/* for TIOCPKT_* */
+#include <sys/spt.h>
+/* for struct winsize */
+#include <sys/stream.h>
+#include <sys/ptem.h>
+#endif
+/****** MWE *****/
+
+/****** MWE *****/
+#include <sys/tty.h>
 #include <sys/ttold.h>
+#ifdef HAVE_SYS_PTYVAR_H
+/* solaris actually uses packet mode, so the real macros are needed too */
+#include <sys/ptyvar.h>
 #endif
-#include <sys/termio.h>
-#define sg_flags c_lflag
-#define sg_ospeed c_cflag&CBAUD
-     
-#ifndef TIOCGETP
-#define TIOCGETP TCGETA
+/****** MWE *****/
+
+/* how do we tell apart irix 5 and irix 4? */
+#if defined(__sgi) && defined(__mips)
+/* IRIX 5: TIOCGLTC doesn't actually work */
+#undef TIOCGLTC
 #endif
-#ifndef TIOCSETP
-#define TIOCSETP TCSETA
+
+#ifndef TIOCPKT_NOSTOP
+/* These values are over-the-wire protocol, *not* local values */
+#define TIOCPKT_NOSTOP          0x10
+#define TIOCPKT_DOSTOP          0x20
+#define TIOCPKT_FLUSHWRITE      0x02
 #endif
-#ifndef TIOCSETN
-#define TIOCSETN TCSETAW
+
+#ifdef __386BSD__
+#include <sys/ioctl_compat.h>
 #endif
-#else /* !USE_TERMIO */
+
+struct termios deftty;
+
+
+#ifdef POSIX_TERMIOS
+#ifdef CRAY
+#include <sys/ttold.h>
+#endif
+#else /* !POSIX_TERMIOS */
 #include <sgtty.h>
-#endif /* USE_TERMIO */
-     
-#include <errno.h>
-#include <pwd.h>
-#include <signal.h>
-#include <setjmp.h>
-#include <netdb.h>
-#include <string.h>
+#endif /* POSIX_TERMIOS */
      
 #ifndef roundup
 #define roundup(x,y) ((((x)+(y)-1)/(y))*(y))
@@ -114,7 +150,7 @@ krb5_encrypt_block eblock;      /* eblock for encrypt/decrypt */
 
 void try_normal();
 char *krb_realm = (char *)0;
-int encrypt = 0;
+int encrypt_flag = 0;
 int fflag = 0, Fflag = 0;
 krb5_creds *cred;
 struct sockaddr_in local, foreign;
@@ -127,6 +163,7 @@ struct sockaddr_in local, foreign;
 #endif
 #endif
 
+#include "rpaths.h"
 #else /* !KERBEROS */
 #define des_read read
 #define des_write write
@@ -137,11 +174,6 @@ struct sockaddr_in local, foreign;
 # define TIOCPKT_WINDOW 0x80
 # endif /* TIOCPKT_WINDOW */
 
-/* concession to sun */
-# ifndef SIGUSR1
-# define SIGUSR1 30
-# endif /* SIGUSR1 */
-
 char	*getenv();
 #ifndef convex
 struct	passwd *getpwuid();
@@ -162,7 +194,7 @@ int	flowcontrol;			/* Since emacs can alter the
 int	confirm = 0;			/* ask if ~. is given before dying. */
 int	litout;
 #ifdef hpux
-char    *speeds[] =
+char	*speeds[] =
 { "0", "50", "75", "110", "134", "150", "200", "300", "600",
     "900", "1200", "1800", "2400", "3600", "4800", "7200", "9600",
     "19200", "38400", "EXTA", "EXTB" };
@@ -242,11 +274,17 @@ struct winsize *wp;
 #endif /* TIOCGWINSZ */
 
 
+#ifdef POSIX_TERMIOS
+/* Globals for terminal modes and flow control */
+struct  termios defmodes;
+struct  termios ixon_state;
+#else
 #ifdef USE_TERMIO
 /* Globals for terminal modes and flow control */
 struct  termio defmodes;
 struct  termio ixon_state;
 #endif
+#endif
 
 
 
@@ -255,11 +293,15 @@ main(argc, argv)
      char **argv;
 {
     char *cp = (char *) NULL;
+#ifdef POSIX_TERMIOS
+    struct termios ttyb;
+#else
 #ifdef USE_TERMIO
     struct termio ttyb;
 #else
     struct sgttyb ttyb;
 #endif
+#endif
     struct passwd *pwd;
     struct servent *sp;
     int uid, options = 0, oldmask;
@@ -369,7 +411,7 @@ main(argc, argv)
 	goto another;
     }
     if (argc > 0 && !strcmp(*argv, "-x")) {
-	encrypt++;
+	encrypt_flag++;
 	argv++, argc--;
 	goto another;
     }
@@ -410,13 +452,13 @@ main(argc, argv)
      * attempt to login with Kerberos. 
      * If we fail at any step,  use the standard rlogin
      */
-    if (encrypt)
+    if (encrypt_flag)
       sp = getservbyname("eklogin","tcp");
     else 
       sp = getservbyname("klogin","tcp");
     if (sp == 0) {
 	fprintf(stderr, "rlogin: %s/tcp: unknown service\n",
-		encrypt ? "eklogin" : "klogin");
+		encrypt_flag ? "eklogin" : "klogin");
 	
 	try_normal(orig_argv);
     }
@@ -430,18 +472,43 @@ main(argc, argv)
     if (cp == (char *) NULL) cp = getenv("TERM");
     if (cp)
       (void) strcpy(term, cp);
+#ifdef POSIX_TERMIOS
+	if (tcgetattr(0, &ttyb) == 0) {
+		int ospeed = cfgetospeed (&ttyb);
+
+		(void) strcat(term, "/");
+		if (ospeed >= 50)
+			/* On some systems, ospeed is the baud rate itself,
+			   not a table index.  */
+			sprintf (term + strlen (term), "%d", ospeed);
+		else {
+#ifdef CBAUD
+/* some "posix" systems don't have cfget... so used CBAUD if it's there */
+			(void) strcat(term, speeds[ttyb.c_cflag & CBAUD]);
+#else
+			(void) strcat(term, speeds[cfgetospeed(&ttyb)]);
+#endif
+		}
+	}
+#else
     if (ioctl(0, TIOCGETP, &ttyb) == 0) {
 	(void) strcat(term, "/");
 	(void) strcat(term, speeds[ttyb.sg_ospeed]);
     }
+#endif
     (void) get_window_size(0, &winsize);
     
+#ifdef POSIX_TERMIOS
+    tcgetattr(0, &defmodes);
+    tcgetattr(0, &ixon_state);
+#else
 #ifdef USE_TERMIO
     /**** moved before rcmd call so that if get a SIGPIPE in rcmd **/
     /**** we will have the defmodes set already. ***/
     (void)ioctl(fileno(stdin), TIOCGETP, &defmodes);
     (void)ioctl(fileno(stdin), TIOCGETP,&ixon_state);
 #endif
+#endif
     (void) signal(SIGPIPE, lostpeer);
     
     /* will use SIGUSR1 for window size hack, so hold it off */
@@ -474,6 +541,7 @@ main(argc, argv)
 		  &local, &foreign,
 		  authopts);
     if (status) {
+	/* should check for KDC_PR_UNKNOWN, NO_TKT_FILE here -- XXX */
 	fprintf(stderr,
 		"%s: kcmd to host %s failed - %s\n",orig_argv[0], host,
 		error_message(status));
@@ -508,11 +576,20 @@ main(argc, argv)
        it to the reader, and the oob() processing code in the reader will
        work properly even if it is called when no oob() data is present.
        */
+#ifdef hpux
+	/* hpux invention */
+	{
+	  int pid = getpid();
+	  ioctl(rem, FIOSSAIOSTAT, &pid); /* trick: pid is non-zero */
+	  ioctl(rem, FIOSSAIOOWN, &pid);
+	}
+#else
 #ifdef HAVE_SETOWN
     (void) fcntl(rem, F_SETOWN, getpid());
 #endif
+#endif
     if (options & SO_DEBUG &&
-	setsockopt(rem, SOL_SOCKET, SO_DEBUG, &on, sizeof (on)) < 0)
+	setsockopt(rem, SOL_SOCKET, SO_DEBUG, (char*)&on, sizeof (on)) < 0)
       perror("rlogin: setsockopt (SO_DEBUG)");
     uid = getuid();
     if (setuid(uid) < 0) {
@@ -590,14 +667,39 @@ struct tchars {
 };
 #endif
 
+#ifdef TIOCGLTC
+/*
+ * POSIX 1003.1-1988 does not define a 'suspend' character.
+ * POSIX 1003.1-1990 does define an optional VSUSP but not a VDSUSP character.
+ * Some termio implementations (A/UX, Ultrix 4.2) include both.
+ *
+ * However, since this is all derived from the BSD ioctl() and ltchars
+ * concept, all these implementations generally also allow for the BSD-style
+ * ioctl().  So we'll simplify the problem by only testing for the ioctl().
+ */
+struct	ltchars defltc;
+struct	ltchars noltc =	{ -1, -1, -1, -1, -1, -1 };
+#endif
+
+#ifndef POSIX_TERMIOS
 struct	tchars deftc;
 struct	tchars notc =	{ -1, -1, -1, -1, -1, -1 };
 struct	ltchars defltc;
 struct	ltchars noltc =	{ -1, -1, -1, -1, -1, -1 };
-
+#endif
 
 doit(oldmask)
 {
+#ifdef POSIX_TERMIOS
+	(void) tcgetattr(0, &deftty);
+#ifdef __svr4__
+	/* there's a POSIX way of doing this, but do we need it general? */
+	deftty.c_cc[VLNEXT] = 0;
+#endif
+#ifdef TIOCGLTC
+	(void) ioctl(0, TIOCGLTC, (char *)&defltc);
+#endif
+#else
 #ifdef USE_TERMIO
     struct termio sb;
 #else
@@ -628,10 +730,11 @@ doit(oldmask)
     (void) ioctl(0, TIOCLGET, (char *)&deflflags);
     (void) ioctl(0, TIOCGETC, (char *)&deftc);
 #endif
-    
+
     notc.t_startc = deftc.t_startc;
     notc.t_stopc = deftc.t_stopc;
     (void) ioctl(0, TIOCGLTC, (char *)&defltc);
+#endif    
     (void) signal(SIGINT, SIG_IGN);
     setsignal(SIGHUP, exit);
     setsignal(SIGQUIT,exit);
@@ -674,7 +777,8 @@ doit(oldmask)
  * Trap a signal, unless it is being ignored.
  */
 setsignal(sig, act)
-     int sig, (*act)();
+     int sig;
+     krb5_sigtype (*act)();
 {
 #ifdef sgi
     int omask = sigignore(sigmask(sig));
@@ -701,7 +805,7 @@ done(status)
 	/* make sure catchild does not snap it up */
 	(void) signal(SIGCHLD, SIG_DFL);
 	if (kill(child, SIGKILL) >= 0)
-	  while ((w = wait((union wait *)0)) > 0 && w != child)
+	  while ((w = wait(0)) > 0 && w != child)
 	    /*void*/;
     }
     exit(status);
@@ -741,22 +845,36 @@ krb5_sigtype
 krb5_sigtype
   catchild()
 {
+#ifdef WAIT_USES_INT
+    int status;
+#else
     union wait status;
+#endif
     int pid;
     
   again:
+#ifdef HAVE_WAIT3
     pid = wait3(&status, WNOHANG|WUNTRACED, (struct rusage *)0);
+#else
+    pid = waitpid(-1, &status, WNOHANG|WUNTRACED);
+#endif
     if (pid == 0)
       return;
     /*
      * if the child (reader) dies, just quit
      */
+#ifdef WAIT_USES_INT
+    if (pid < 0 || (pid == child && !WIFSTOPPED(status)))
+      done(status);
+#else
 #if defined(hpux)
+    /* I think this one is wrong: XXX -- [eichin:19940727.1853EST] */
     if ((pid < 0) || ((pid == child) && (!WIFSTOPPED(status.w_stopval))))
 #else
-      if ((pid < 0) || ((pid == child) && (!WIFSTOPPED( status))))
+    if ((pid < 0) || ((pid == child) && (!WIFSTOPPED( status))))
 #endif
 	done((int)(status.w_termsig | status.w_retcode));
+#endif
     goto again;
 }
 
@@ -821,12 +939,17 @@ writer()
 	    }
 	} else if (local) {
 	    local = 0;
+#ifdef POSIX_TERMIOS
+	    if (c == '.' || c == deftty.c_cc[VEOF]) {
+#else
 	    if (c == '.' || c == deftc.t_eofc) {
+#endif
 		if (confirm_death()) {
 		    echo(c);
 		    break;
 		}
 	    }
+#ifdef TIOCGLTC
 	    if ((c == defltc.t_suspc || c == defltc.t_dsuspc)
 		&& !no_local_escape) {
 		bol = 1;
@@ -834,6 +957,23 @@ writer()
 		stop(c);
 		continue;
 	    }
+#else
+#ifdef POSIX_TERMIOS
+	    if ( (
+		  (c == deftty.c_cc[VSUSP]) 
+#ifdef VDSUSP
+		  || (c == deftty.c_cc[VDSUSP]) 
+#endif
+		  )
+		&& !no_local_escape) {
+	      bol = 1;
+	      echo(c);
+	      stop(c);
+	      continue;
+	    }
+#endif
+#endif
+
 	    if (c != cmdchar)
 	      (void) des_write(rem, &cmdchar, 1);
 	}
@@ -841,9 +981,19 @@ writer()
 	    prf("line gone");
 	    break;
 	}
+#ifdef POSIX_TERMIOS
+	bol = (c == deftty.c_cc[VKILL] ||
+	       c == deftty.c_cc[VINTR] ||
+	       c == '\r' || c == '\n');
+#ifdef TIOCGLTC
+	if (!bol)
+	  bol = (c == defltc.t_suspc);
+#endif
+#else /* !POSIX_TERMIOS */
 	bol = c == defkill || c == deftc.t_eofc ||
 	  c == deftc.t_intrc || c == defltc.t_suspc ||
 	    c == '\r' || c == '\n';
+#endif
     }
 }
 
@@ -877,7 +1027,13 @@ stop(cmdc)
 {
     mode(0);
     (void) signal(SIGCHLD, SIG_IGN);
+#ifdef TIOCGLTC
     (void) kill(cmdc == defltc.t_suspc ? 0 : getpid(), SIGTSTP);
+#else
+#ifdef POSIX_TERMIOS
+    (void) kill(cmdc == deftty.c_cc[VSUSP] ? 0 : getpid(), SIGTSTP);
+#endif
+#endif
     (void) signal(SIGCHLD, catchild);
     mode(1);
     sigwinch();			/* check for size changes */
@@ -938,11 +1094,15 @@ krb5_sigtype
     int out = FWRITE, atmark, n;
     int rcvd = 0;
     char waste[BUFSIZ], mark;
+#ifdef POSIX_TERMIOS
+    struct termios tty;
+#else
 #ifdef USE_TERMIO
     struct termio sb;
 #else
     struct sgttyb sb;
 #endif
+#endif
     
     while (recv(rem, &mark, 1, MSG_OOB) < 0)
       switch (errno) {
@@ -976,6 +1136,18 @@ krb5_sigtype
 	 */
 	(void) kill(ppid, SIGUSR1);
     }
+#ifdef POSIX_TERMIOS
+    if (!eight && (mark & TIOCPKT_NOSTOP)) {
+      (void) tcgetattr(0, &tty);
+      tty.c_iflag &= ~IXON;
+      (void) tcsetattr(0, TCSADRAIN, &tty);
+    }
+    if (!eight && (mark & TIOCPKT_DOSTOP)) {
+      (void) tcgetattr(0, &tty);
+      tty.c_iflag |= IXON;
+      (void) tcsetattr(0, TCSADRAIN, &tty);
+    }
+#else
     if (!eight && (mark & TIOCPKT_NOSTOP)) {
 	(void) ioctl(0, TIOCGETP, (char *)&sb);
 #ifdef USE_TERMIO
@@ -1004,12 +1176,17 @@ krb5_sigtype
 #endif
 	(void) ioctl(0, TIOCSETN, (char *)&sb);
     }
+#endif
     if (mark & TIOCPKT_FLUSHWRITE) {
+#ifdef POSIX_TERMIOS
+        (void) tcflush(1, TCOFLUSH);
+#else
 #ifdef  TIOCFLUSH
 	(void) ioctl(1, TIOCFLUSH, (char *)&out);
 #else
 	(void) ioctl(1, TCFLSH, 1);
 #endif
+#endif
 	for (;;) {
 	    if (ioctl(rem, SIOCATMARK, &atmark) < 0) {
 		perror("ioctl");
@@ -1101,6 +1278,66 @@ reader(oldmask)
 
 mode(f)
 {
+#ifdef POSIX_TERMIOS
+	struct termios newtty;
+
+	switch(f) {
+	case 0:
+#ifdef TIOCGLTC
+#ifndef solaris20
+		(void) ioctl(0, TIOCSLTC, (char *)&defltc);
+#endif
+#endif
+		(void) tcsetattr(0, TCSADRAIN, &deftty);
+		break;
+	case 1:
+		(void) tcgetattr(0, &newtty);
+#ifdef __svr4__
+	/* there's a POSIX way of doing this, but do we need it general? */
+		newtty.c_cc[VLNEXT] = 0;
+#endif
+		
+		newtty.c_lflag &= ~(ICANON|ISIG|ECHO);
+		if (!flow)
+		{
+			newtty.c_lflag &= ~(ICANON|ISIG|ECHO);
+			newtty.c_iflag &= ~(BRKINT|INLCR|ICRNL|ISTRIP);
+			/* newtty.c_iflag |=  (IXON|IXANY); */
+			newtty.c_iflag &= ~(IXON|IXANY);
+			newtty.c_oflag &= ~(OPOST);
+		} else {
+			newtty.c_lflag &= ~(ICANON|ISIG|ECHO);
+			newtty.c_iflag &= ~(INLCR|ICRNL);
+			/* newtty.c_iflag |=  (BRKINT|ISTRIP|IXON|IXANY); */
+			newtty.c_iflag &= ~(IXON|IXANY);
+			newtty.c_iflag |=  (BRKINT|ISTRIP);
+			newtty.c_oflag &= ~(ONLCR|ONOCR);
+			newtty.c_oflag |=  (OPOST);
+		}
+		/* preserve tab delays, but turn off XTABS */
+		if ((newtty.c_oflag & TABDLY) == TAB3)
+			newtty.c_oflag &= ~TABDLY;
+
+		if (litout)
+			newtty.c_oflag &= ~OPOST;
+
+		newtty.c_cc[VMIN] = 1;
+		newtty.c_cc[VTIME] = 0;
+		(void) tcsetattr(0, TCSADRAIN, &newtty);
+#ifdef TIOCGLTC
+		/* Do this after the tcsetattr() in case this version
+		 * of termio supports the VSUSP or VDSUSP characters */
+#ifndef solaris20
+		/* this forces ICRNL under Solaris... */
+		(void) ioctl(0, TIOCSLTC, (char *)&noltc);
+#endif
+#endif
+		break;
+	default:
+		return;
+		/* NOTREACHED */
+	}
+#else
     struct ltchars *ltc;
 #ifdef USE_TERMIO
     struct termio sb;
@@ -1196,6 +1433,7 @@ mode(f)
     (void) ioctl(0, TIOCLSET, (char *)&lflags);
 #endif
     (void) ioctl(0, TIOCSETN, (char *)&sb);
+#endif /* !POSIX_TERMIOS */
 }
 
 
@@ -1216,7 +1454,7 @@ void try_normal(argv)
 {
     register char *host;
     
-    if (encrypt)
+    if (encrypt_flag)
       exit(1);
     fprintf(stderr,"trying normal rlogin (%s)\n",
 	    UCB_RLOGIN);
@@ -1252,7 +1490,7 @@ int des_read(fd, buf, len)
     long net_len,rd_len;
     int cc;
     
-    if (!encrypt)
+    if (!encrypt_flag)
       return(read(fd, buf, len));
     
     if (nstored >= len) {
@@ -1330,7 +1568,7 @@ int des_write(fd, buf, len)
 {
     long net_len;
     
-    if (!encrypt)
+    if (!encrypt_flag)
       return(write(fd, buf, len));
     
     desoutbuf.length = krb5_encrypt_size(len,eblock.crypto_entry);
@@ -1380,7 +1618,7 @@ int des_read(fd, buf, len)
     long net_len, rd_len;
     int cc;
     
-    if (!encrypt)
+    if (!encrypt_flag)
       return(read(fd, buf, len));
     
     if (nstored >= len) {
@@ -1464,7 +1702,7 @@ int des_write(fd, buf, len)
     static char garbage_buf[8];
     long garbage;
     
-    if (!encrypt)
+    if (!encrypt_flag)
       return(write(fd, buf, len));
     
 #define min(a,b) ((a < b) ? a : b)
diff --git a/src/appl/bsd/krlogind.c b/src/appl/bsd/krlogind.c
index 32f1512990..ef088dfefb 100644
--- a/src/appl/bsd/krlogind.c
+++ b/src/appl/bsd/krlogind.c
@@ -1,13 +1,7 @@
 /*
- *	$Source$
- *	$Header$
+ *	appl/bsd/krlogind.c
  */
 
-
-#ifndef lint
-static char *rcsid_rlogind_c = "$Header$";
-#endif	/* lint */
-
 /*
  * Copyright (c) 1983 The Regents of the University of California.
  * All rights reserved.
@@ -115,8 +109,15 @@ static char sccsid[] = "@(#)rlogind.c	5.17 (Berkeley) 8/31/88";
 #include <sys/wait.h>
 #include <sys/file.h>
 #include <ctype.h>
-
-/* #include <sys/unistd.h>  ??? What system has a sys/unistd.h? */
+#ifdef NEED_SYS_FCNTL_H
+#include <sys/fcntl.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef __SCO__
+#include <sys/unistd.h>
+#endif
      
 #include <netinet/in.h>
 #include <errno.h>
@@ -156,11 +157,32 @@ static char sccsid[] = "@(#)rlogind.c	5.17 (Berkeley) 8/31/88";
 #include <sys/param.h>
 #include <utmp.h>
      
+#ifdef __svr4__
+#include <sys/tty.h>
+#ifndef solaris20
+/* These values are over-the-wire protocol, *not* local values */
+#define TIOCPKT_NOSTOP          0x10
+#define TIOCPKT_DOSTOP          0x20
+#define TIOCPKT_FLUSHWRITE      0x02
+#else
+/* but solaris actually uses packet mode, so the real macros are needed too */
+#include <sys/ptyvar.h>
+#endif
+#endif
+
 #ifdef HAVE_SYS_FILIO_H
 /* get FIONBIO from sys/filio.h, so what if it is a compatibility feature */
 #include <sys/filio.h>
 #endif
 
+#ifndef SETPGRP_TWOARG
+#define setpgrp(a,b) setpgrp()
+#endif
+
+#ifndef HAVE_KILLPG
+#define killpg(pid, sig) kill(-(pid), (sig))
+#endif
+
 #ifdef NO_WINSIZE
 struct winsize {
     unsigned short ws_row, ws_col;
@@ -616,13 +638,13 @@ void doit(f, fromp)
 #ifdef sysvimp
 	    pid = 0;
 #else
-#ifdef convex
+#ifdef GETGRP_ONEARG
 	    pid = getpgrp();
 #else
 	    pid = getpgrp(getpid());
 #endif
 #endif
-#ifdef POSIX /* solaris */
+#ifdef POSIX_TERMIOS /* solaris */
 	    /* we've already done setsid above. Just do tcsetpgrp here. */
 	    tcsetpgrp(0, pid);
 #else
@@ -759,7 +781,10 @@ void doit(f, fromp)
     (void) fcntl(p,F_SETFL,fcntl(p,F_GETFL,0) | O_NDELAY);
 #endif
     
+/*** XXX -- make this portable ***/
+#if defined(TIOCPKT) && !defined(__svr4__) || defined(solaris20)
     ioctl(p, TIOCPKT, &on);
+#endif
     signal(SIGTSTP, SIG_IGN);
 #ifdef hpux
     setpgrp2(0, 0);
diff --git a/src/appl/bsd/krsh.c b/src/appl/bsd/krsh.c
index 9dace665e6..cabfc6c6bf 100644
--- a/src/appl/bsd/krsh.c
+++ b/src/appl/bsd/krsh.c
@@ -1,13 +1,7 @@
 /*
- *	$Source$
- *	$Header$
+ *	appl/bsd/krsh.c
  */
 
-#ifndef lint
-static char *rcsid_rsh_c = 
-  "$Header$";
-#endif /* lint */
-
 /*
  * Copyright (c) 1983 The Regents of the University of California.
  * All rights reserved.
@@ -39,16 +33,16 @@ static char sccsid[] = "@(#)rsh.c	5.7 (Berkeley) 9/20/88";
 #include <sys/socket.h>
 #include <sys/ioctl.h>
 #include <sys/file.h>
-     
+
 #include <netinet/in.h>
-     
+
 #include <stdio.h>
-#include <errno.h>
 #include <string.h>
+#include <errno.h>
 #include <signal.h>
 #include <pwd.h>
 #include <netdb.h>
-     
+
 #ifdef HAVE_SYS_FILIO_H
 /* get FIONBIO from sys/filio.h, so what if it is a compatibility feature */
 #include <sys/filio.h>
@@ -63,12 +57,13 @@ static char sccsid[] = "@(#)rsh.c	5.7 (Berkeley) 9/20/88";
 #include "defines.h"
 #endif /* KERBEROS */
      
-     /*
-      * rsh - remote shell
-      */
+/*
+ * rsh - remote shell
+ */
 
 int	error();
      
+/*** XXX -- don't declare this here ever??? ***/
 #ifndef convex
 struct	passwd *getpwuid();
 #endif
@@ -94,7 +89,7 @@ void	try_normal();
      
 #define	mask(s)	(1 << ((s) - 1))
      
-     main(argc, argv0)
+main(argc, argv0)
      int argc;
      char **argv0;
 {
@@ -111,6 +106,7 @@ void	try_normal();
     krb5_flags authopts;
     krb5_error_code status;
     int fflag = 0, Fflag = 0;
+    int xflag = 0;
     int debug_port = 0;
 #endif  /* KERBEROS */
    
@@ -171,6 +167,7 @@ void	try_normal();
      */
     if (argc > 0 && !strncmp(*argv, "-x", 2)) {
 	argv++, argc--;
+	xflag++;
 	goto another;
     }
     if (argc > 0 && !strncmp(*argv, "-f", 2)) {
@@ -251,6 +248,18 @@ void	try_normal();
 	perror(RLOGIN_PROGRAM);
 	exit(1);
     }
+
+    /* Unlike the other rlogin flags, we should warn if `-x' is
+       given and rlogin is not run, because the user could be
+       dangerously confused otherwise.  He might think he's got a
+       secure rsh channel, and there's no such thing yet.  */
+    if (xflag)
+      {
+	fprintf (stderr, "%s: Encrypted rsh is not yet available.\n",
+		 argv0[0]);
+	return 1;
+      }
+
     pwd = getpwuid(getuid());
     if (pwd == 0) {
 	fprintf(stderr, "who are you?\n");
@@ -307,6 +316,7 @@ void	try_normal();
 		  (struct sockaddr_in *) 0,
 		  authopts);
     if (status) {
+        /* check NO_TKT_FILE or equivalent... */
 	fprintf(stderr,
 		"%s: kcmd to host %s failed - %s\n",argv0[0], host,
 		error_message(status));
diff --git a/src/appl/bsd/krshd.c b/src/appl/bsd/krshd.c
index 5b8622a607..69688cd3bf 100644
--- a/src/appl/bsd/krshd.c
+++ b/src/appl/bsd/krshd.c
@@ -1,13 +1,7 @@
 /*
- *	$Author$
- *	$Header$
+ *	appl/bsd/krshd.c
  */
 
-#ifndef lint
-static char rcsid_rshd_c[] =
-  "$Header$";
-#endif /* lint */
-
 /*
  * Copyright (c) 1983 The Regents of the University of California.
  * All rights reserved.
@@ -92,11 +86,25 @@ static char sccsid[] = "@(#)rshd.c	5.12 (Berkeley) 9/12/88";
 #define LOG_REMOTE_REALM
 #define LOG_CMD
      
+#include <sys/types.h>
 #include <sys/ioctl.h>
 #include <sys/param.h>
+#include <sys/socket.h>
+#include <sys/file.h>
+#include <sys/time.h>
      
+#ifdef NEED_SYS_FCNTL_H
+#include <sys/fcntl.h>
+#endif
+#ifdef USE_UNISTD_H
+#include <unistd.h>
+#endif
+#ifdef __SCO__
+#include <sys/unistd.h>
+#endif
+
+/** XXX -- this may be bogus **/
 #if defined(CRAY) || defined(sysvimp) || defined(aux20)
-#include <sys/types.h>
 #ifndef _TYPES_
 #define _TYPES_
 #endif
@@ -104,17 +112,13 @@ static char sccsid[] = "@(#)rshd.c	5.12 (Berkeley) 9/12/88";
 #define F_OK 0
 #endif
 #endif
-     
-#include <sys/socket.h>
-#include <sys/file.h>
-#include <sys/time.h>
-#include <sys/resource.h>
+/** XXX **/     
+
+/* not portable: #include <sys/resource.h> */
      
 #include <netinet/in.h>
      
-#ifndef SYSV
 #include <arpa/inet.h>
-#endif
      
 #include <stdio.h>
 #include <errno.h>
@@ -165,11 +169,42 @@ static char sccsid[] = "@(#)rshd.c	5.12 (Berkeley) 9/12/88";
 
 #include <com_err.h>
 
+#include "loginpaths.h"
+
+/** XXX - make these portable **/
+#ifdef hpux
+/* has no killpg... */
+#define killpg(pid, sig) kill(-(pid), (sig))
+#endif
+
+#ifdef __svr4__
+#define setpgrp(a,b) setpgrp()
+#define getpgrp(a) getpgid(a)
+/* has no killpg... */
+#define killpg(pid, sig) kill(-(pid), (sig))
+#endif
+
+#ifdef linux
+#define setpgrp(a,b) setpgid(a,b) 
+#endif
+
+#ifdef __SCO__
+/* sco has getgroups and setgroups but no initgroups */
+int initgroups(char* name, gid_t basegid) {
+  gid_t others[NGROUPS_MAX+1];
+  int ngrps;
+
+  others[0] = basegid;
+  ngrps = getgroups(NGROUPS_MAX, others+1);
+  return setgroups(ngrps+1, others);
+}
+#endif
+/** XXX **/
+
 #define ARGSTR	"rRkKD:?"
 #else /* !KERBEROS */
 #define ARGSTR	"rRD:?"
      
-char *strsave();
 #endif /* KERBEROS */
      
 int must_pass_rhosts = 0, must_pass_k5 = 0, must_pass_one = 0;
@@ -193,7 +228,7 @@ main(argc, argv)
      int argc;
      char **argv;
 {
-#if defined(BSD) && BSD >= 43
+#if defined(BSD) && BSD+0 >= 43
     struct linger linger;
 #endif
     int on = 1, fromlen;
@@ -322,7 +357,7 @@ main(argc, argv)
 		   sizeof (on)) < 0)
       syslog(LOG_WARNING,
 	     "setsockopt (SO_KEEPALIVE): %m");
-#if defined(BSD) && BSD >= 43
+#if defined(BSD) && BSD+0 >= 43
     linger.l_onoff = 1;
     linger.l_linger = 60;			/* XXX */
     if (setsockopt(fd, SOL_SOCKET, SO_LINGER, (char *)&linger,
@@ -343,30 +378,30 @@ char	username[20] = "USER=";
 char	homedir[64] = "HOME=";
 char	shell[64] = "SHELL=";
 char    term[64] = "TERM=network";
+char	path[128] = "PATH=";
+char	path_rest[64] = RPATH;
 
 #ifdef KERBEROS
 char    *envinit[] =
 #ifdef CRAY
-{homedir, shell, PATH, username, "TZ=GMT0", tmpdir, term, 0};
+{homedir, shell, path, username, "TZ=GMT0", tmpdir, term, 0};
 #define TZENV   4
 #define TMPDIRENV 5
 char    *getenv();
 extern
 #else
-{homedir, shell, "PATH=:/usr/ucb:/bin:/usr/bin:/usr/bin/kerberos",
-   username, term, 0};
+{homedir, shell, path, username, term, 0};
 #endif /* CRAY */
 #else /* !KERBEROS */
 char	*envinit[] =
 #ifdef CRAY
-{homedir, shell, PATH, username, "TZ=GMT0", tmpdir, term, 0};
+{homedir, shell, path, username, "TZ=GMT0", tmpdir, term, 0};
 #define TZENV   4
 #define TMPDIRENV 5
 char    *getenv();
 extern
 #else
-{homedir, shell, "PATH=:/usr/ucb:/bin:/usr/bin:/usr/bin/kerberos",
-   username, term, 0};
+{homedir, shell, path, username, term, 0};
 #endif /* CRAY */
 #endif /* KERBEROS */
 
@@ -380,6 +415,11 @@ int maxlogs;
 #define SIZEOF_INADDR sizeof(struct in_addr)
 #endif
 
+#ifndef NCARGS
+/* linux doesn't seem to have it... */
+#define NCARGS 1024
+#endif
+
 #define NMAX   16 
 
 int pid;
@@ -455,6 +495,8 @@ doit(f, fromp)
     int non_privileged = 0;
 
 #ifdef IP_TOS
+/* solaris has IP_TOS, but only IPTOS_* values */
+#ifdef HAVE_GETTOSBYNAME
     struct tosent *tp;
 
     if ((tp = gettosbyname("interactive", "tcp")) &&
@@ -464,6 +506,7 @@ doit(f, fromp)
 #else
     ;       /* silently ignore TOS errors in 6E */
 #endif
+#endif
 #endif /* IP_TOS */
     
     fromaddr = *fromp;
@@ -993,7 +1036,7 @@ doit(f, fromp)
 	}
 	pid = fork();
 	if (pid == -1)  {
-	    error("Try again.\n");
+	    error("Fork failed.\n");
 	    goto signout_please;
 	}
 	if (pid) {
@@ -1073,6 +1116,9 @@ doit(f, fromp)
     strncat(homedir, pwd->pw_dir, sizeof(homedir)-6);
     strncat(shell, pwd->pw_shell, sizeof(shell)-7);
     strncat(username, pwd->pw_name, sizeof(username)-6);
+    strcat(path, KPROGDIR);
+    strcat(path, ":");
+    strcat(path, path_rest);
     cp = strrchr(pwd->pw_shell, '/');
     if (cp)
       cp++;
@@ -1098,7 +1144,7 @@ doit(f, fromp)
 /*VARARGS1*/
 error(fmt, a1, a2, a3)
      char *fmt;
-     int a1, a2, a3;
+     char *a1, *a2, *a3;
 {
     char buf[BUFSIZ];
     
diff --git a/src/appl/bsd/login.c b/src/appl/bsd/login.c
index cc7a4bec6f..a2ba6f39d2 100644
--- a/src/appl/bsd/login.c
+++ b/src/appl/bsd/login.c
@@ -1,7 +1,5 @@
 /*
- *	$Source$
- *	$Author$
- *	$Id$
+ *	appl/bsd/login.c
  */
 
 /*
@@ -59,14 +57,28 @@ static char sccsid[] = "@(#)login.c	5.25 (Berkeley) 1/6/89";
 #include <sys/resource.h>
 #include <sys/file.h>
 #include <sys/ioctl.h>
+#include <fcntl.h>
+#ifdef NEED_SYS_FCNTL_H
+#include <sys/fcntl.h>
+#endif
+#ifdef HAVE_UNISTD_H
+#include <unistd.h>
+#endif
 
 #include <utmp.h>
 #include <signal.h>
 
-#if !defined(_AIX)
+#ifdef HAVE_LASTLOG_H
 #include <lastlog.h>
 #endif
 
+#ifdef linux
+/* linux has V* but not C* in headers. Perhaps we shouldn't be
+ * initializing these values anyway -- tcgetattr *should* give
+ * them reasonable defaults... */
+#define NO_INIT_CC
+#endif
+
 #include <errno.h>
 #ifdef HAVE_TTYENT_H
 #include <ttyent.h>
@@ -86,9 +98,12 @@ static char sccsid[] = "@(#)login.c	5.25 (Berkeley) 1/6/89";
 #include <arpa/resolv.h>
 #endif /* BIND_HACK */
 #endif /* KRB4 */
+#include "loginpaths.h"
 
 #ifdef POSIX
 #include <stdlib.h>
+#endif
+#ifdef POSIX_TERMIOS
 #include <termios.h>
 #ifdef _AIX
 #include <termio.h>
@@ -100,21 +115,36 @@ static char sccsid[] = "@(#)login.c	5.25 (Berkeley) 1/6/89";
 #include <sys/id.h>
 #endif
 
+#ifndef HAVE_GETDTABLESIZE
+#include <sys/resource.h>
+int getdtablesize() {
+  struct rlimit rl;
+  getrlimit(RLIMIT_NOFILE, &rl);
+  return rl.rlim_cur;
+}
+#endif
+
 #if defined(_AIX)
 #define PRIO_OFFSET 20
 #else
 #define PRIO_OFFSET 0
 #endif
 
-#ifdef UIDGID_T
-uid_t getuid();
+/* XXX -- do we ever need to test for these? */
 #define uid_type uid_t
 #define gid_type gid_t
-#else
-int getuid();
-#define uid_type int
-#define gid_type int
-#endif /* UIDGID_T */
+
+#ifndef HAVE_INITGROUPS
+/* sco has getgroups and setgroups but no initgroups */
+int initgroups(char* name, gid_t basegid) {
+  gid_t others[NGROUPS_MAX+1];
+  int ngrps;
+
+  others[0] = basegid;
+  ngrps = getgroups(NGROUPS_MAX, others+1);
+  return setgroups(ngrps+1, others);
+}
+#endif
 
 #define	TTYGRPNAME	"tty"		/* name of group to own ttys */
 
@@ -138,8 +168,13 @@ int getuid();
 #define REGISTER	"/usr/etc/go_register"
 #define GET_MOTD	"/bin/athena/get_message"
 
+#ifndef NO_UT_HOST
 #define	UT_HOSTSIZE	sizeof(((struct utmp *)0)->ut_host)
+#endif
+#ifndef UT_NAMESIZE
+/* linux defines it directly in <utmp.h> */
 #define	UT_NAMESIZE	sizeof(((struct utmp *)0)->ut_name)
+#endif
 
 #define MAXENVIRON	32
 
@@ -152,7 +187,7 @@ int	timeout = 300;
 struct passwd *pwd;
 char term[64], *hostname, *username;
 
-#ifndef POSIX
+#ifndef POSIX_TERMIOS
 struct sgttyb sgttyb;
 struct tchars tc = {
 	CINTR, CQUIT, CSTART, CSTOP, CEOT, CBRK
@@ -182,7 +217,6 @@ int pagflag = 0;			/* true if setpag() has been called */
 #endif /* KRB4 */
 
 char *getenv();
-char *strsave();
 void dofork();
 
 #ifdef POSIX
@@ -219,9 +253,9 @@ main(argc, argv)
 	char *domain, *salt, **envinit, *ttyn, *tty, *ktty;
 	char tbuf[MAXPATHLEN + 2];
 	char *ttyname(), *stypeof(), *crypt(), *getpass();
-	time_t time(), login_time;
+	time_t login_time;
 	off_t lseek();
-#ifdef POSIX
+#ifdef POSIX_TERMIOS
 	struct termios tc;
 #endif
 
@@ -229,7 +263,9 @@ main(argc, argv)
 	(void)alarm((u_int)timeout);
 	(void)signal(SIGQUIT, SIG_IGN);
 	(void)signal(SIGINT, SIG_IGN);
+#ifdef HAVE_SETPRIORITY
 	(void)setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET);
+#endif
 #ifdef OQUOTA
 	(void)quota(Q_SETUID, 0, 0, 0);
 #endif
@@ -351,7 +387,7 @@ main(argc, argv)
 	(void)ioctl(0, TIOCNXCL, (char *)0);
 	(void)fcntl(0, F_SETFL, ioctlval);
 #endif
-#ifdef POSIX
+#ifdef POSIX_TERMIOS
 	(void)tcgetattr(0, &tc);
 #else
 	(void)ioctl(0, TIOCGETP, (char *)&sgttyb);
@@ -363,11 +399,12 @@ main(argc, argv)
 	 */
 	if (eflag)
 	    	lgetstr(term, sizeof(term), "Terminal type");
-#ifdef POSIX
+#ifdef POSIX_TERMIOS
 	if (rflag || kflag || Kflag || eflag)
 		doremoteterm(&tc);
 	tc.c_cc[VMIN] = 1;
 	tc.c_cc[VTIME] = 0;
+#ifndef NO_INIT_CC
 	tc.c_cc[VERASE] = CERASE;
 	tc.c_cc[VKILL] = CKILL;
 	tc.c_cc[VEOF] = CEOF;
@@ -375,12 +412,20 @@ main(argc, argv)
 	tc.c_cc[VQUIT] = CQUIT;
 	tc.c_cc[VSTART] = CSTART;
 	tc.c_cc[VSTOP] = CSTOP;
+#ifndef CNUL
+#define CNUL CEOL
+#endif
 	tc.c_cc[VEOL] = CNUL;
 	/* The following are common extensions to POSIX */
 #ifdef VEOL2
 	tc.c_cc[VEOL2] = CNUL;
 #endif
 #ifdef VSUSP
+#ifdef hpux
+#ifndef CSUSP
+#define CSUSP CSWTCH
+#endif
+#endif
 	tc.c_cc[VSUSP] = CSUSP;
 #endif
 #ifdef VDSUSP
@@ -398,6 +443,7 @@ main(argc, argv)
 #ifdef VWERSE
 	tc.c_cc[VWERSE] = CWERASE;
 #endif
+#endif /* NO_INIT_CC */
 	tcsetattr(0, TCSANOW, &tc);
 #else
 	if (rflag || kflag || Kflag || eflag)
@@ -498,10 +544,14 @@ main(argc, argv)
 		kpass_ok = 0;
 		lpass_ok = 0;
 
+#ifdef HAVE_SETPRIORITY
 		(void) setpriority(PRIO_PROCESS, 0, -4 + PRIO_OFFSET);
+#endif
 		if (read_long_pw_string(pp2, sizeof(pp2)-1, "Password: ", 0)) {
 		    /* reading password failed... */
+#ifdef HAVE_SETPRIORITY
 		    (void) setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET);
+#endif
 		    goto bad_login;
 		}
 		if (!pwd)		/* avoid doing useless work */
@@ -550,7 +600,9 @@ main(argc, argv)
 						   realm,
 						   DEFAULT_TKT_LIFE, pp2);
 		    memset (pp2, 0, sizeof(pp2));
+#ifdef HAVE_SETPRIORITY
 		    (void) setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET);
+#endif
 		    switch (krbval) {
 		    case INTK_OK:
 			kpass_ok = 1;
@@ -579,7 +631,9 @@ main(argc, argv)
 		    }
 		} else {
 		    (void) memset (pp2, 0, sizeof(pp2));
+#ifdef HAVE_SETPRIORITY
 		    (void) setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET);
+#endif
 		}
 
 		/* Policy: If local password is good, user is good.
@@ -597,9 +651,13 @@ bad_login:
 		if (krbflag)
 		    dest_tkt();		/* clean up tickets if login fails */
 #else /* !KRB4 */
+#ifdef HAVE_SETPRIORITY
 		(void) setpriority(PRIO_PROCESS, 0, -4 + PRIO_OFFSET);
+#endif
 		p = crypt(getpass("password:"), salt);
+#ifdef HAVE_SETPRIORITY
 		(void) setpriority(PRIO_PROCESS, 0, 0 + PRIO_OFFSET);
+#endif
 		if (pwd && !strcmp(p, pwd->pw_passwd))
 			break;
 #endif /* KRB4 */
@@ -607,15 +665,25 @@ bad_login:
 		printf("Login incorrect\n");
 		if (++cnt >= 5) {
 			if (hostname)
+#ifdef UT_HOSTSIZE
 			    syslog(LOG_ERR,
 				"REPEATED LOGIN FAILURES ON %s FROM %.*s, %.*s",
 				tty, UT_HOSTSIZE, hostname, UT_NAMESIZE,
 				username);
+#else
+			    syslog(LOG_ERR,
+				"REPEATED LOGIN FAILURES ON %s FROM %s, %.*s",
+				tty, hostname, UT_NAMESIZE,
+				username);
+#endif
 			else
 			    syslog(LOG_ERR,
 				"REPEATED LOGIN FAILURES ON %s, %.*s",
 				tty, UT_NAMESIZE, username);
+/* irix has no tichpcl */
+#ifdef TIOCHPCL
 			(void)ioctl(0, TIOCHPCL, (char *)0);
+#endif
 			sleepexit(1);
 		}
 	}
@@ -631,8 +699,13 @@ bad_login:
 	 */
 	if (pwd->pw_uid == 0 && !rootterm(tty) && (passwd_req || rflag)) {
 		if (hostname)
+#ifdef UT_HOSTSIZE
 			syslog(LOG_ERR, "ROOT LOGIN REFUSED ON %s FROM %.*s",
 			    tty, UT_HOSTSIZE, hostname);
+#else
+			syslog(LOG_ERR, "ROOT LOGIN REFUSED ON %s FROM %s",
+			    tty, hostname);
+#endif
 		else
 			syslog(LOG_ERR, "ROOT LOGIN REFUSED ON %s", tty);
 		printf("Login incorrect\n");
@@ -672,11 +745,14 @@ bad_login:
 		memset((char *)&utmp, 0, sizeof(utmp));
 		login_time = time(&utmp.ut_time);
 		(void) strncpy(utmp.ut_name, username, sizeof(utmp.ut_name));
+#ifndef NO_UT_HOST
 		if (hostname)
 		    (void) strncpy(utmp.ut_host, hostname,
 				   sizeof(utmp.ut_host));
 		else
 		    memset(utmp.ut_host, 0, sizeof(utmp.ut_host));
+#endif
+		/* Solaris 2.0, 2.1 used ttyn here. Never Again... */
 		(void) strncpy(utmp.ut_line, tty, sizeof(utmp.ut_line));
 		login(&utmp);
 	}
@@ -715,6 +791,10 @@ bad_login:
 #ifdef OQUOTA
 	quota(Q_DOWARN, pwd->pw_uid, (dev_t)-1, 0);
 #endif
+#ifdef __SCO__
+	/* this is necessary when C2 mode is enabled, but not otherwise */
+	setluid((uid_type) pwd->pw_uid);
+#endif
 	/* This call MUST succeed */
 #ifdef _IBMR2
 	setuidx(ID_LOGIN, pwd->pw_uid);
@@ -728,10 +808,13 @@ bad_login:
 		pwd->pw_shell = BSHELL;
 	/* turn on new line discipline for the csh */
 	else if (!strcmp(pwd->pw_shell, "/bin/csh")) {
+#ifdef NTTYDISC
+/* sco, svr4 don't have it */
 #if !defined(_IBMR2)
 		ioctlval = NTTYDISC;
 		(void)ioctl(0, TIOCSETD, (char *)&ioctlval);
 #endif
+#endif
 	}
 
 	/* destroy environment unless user has requested preservation */
@@ -771,7 +854,7 @@ bad_login:
 	envinit[i++] = NULL;
 
 	setenv("HOME", pwd->pw_dir, 0);
-	setenv("PATH", "/usr/local/krb5/bin:/usr/local/bin:/usr/bin/X11:/usr/ucb:/bin:/usr/bin:.", 0);
+	setenv("PATH", LPATH, 0);
 	setenv("USER", pwd->pw_name, 0);
 	setenv("SHELL", pwd->pw_shell, 0);
 
@@ -799,16 +882,29 @@ bad_login:
 			    /* @*$&@#*($)#@$ syslog doesn't handle very
 			       many arguments */
 			    char buf[BUFSIZ];
+#ifdef UT_HOSTSIZE
 			    (void) sprintf(buf,
 				   "ROOT LOGIN (krb) %s from %.*s, %s.%s@%s",
 				   tty, UT_HOSTSIZE, hostname,
 				   kdata->pname, kdata->pinst,
 				   kdata->prealm);
+#else
+			    (void) sprintf(buf,
+				   "ROOT LOGIN (krb) %s from %s, %s.%s@%s",
+				   tty, hostname,
+				   kdata->pname, kdata->pinst,
+				   kdata->prealm);
+#endif
 			    syslog(LOG_NOTICE, buf);
 		        } else {
 #endif /* KRB4 */
+#ifdef UT_HOSTSIZE
 			syslog(LOG_NOTICE, "ROOT LOGIN %s FROM %.*s",
 			    tty, UT_HOSTSIZE, hostname);
+#else
+			syslog(LOG_NOTICE, "ROOT LOGIN %s FROM %s",
+			    tty, hostname);
+#endif
 #ifdef KRB4
 			}
   		else 
@@ -887,19 +983,19 @@ timedout()
 	exit(0);
 }
 
-#ifdef NOTTYENT
+#ifndef HAVE_TTYENT_H
 int root_tty_security = 1;
 #endif
 rootterm(tty)
 	char *tty;
 {
-#ifdef NOTTYENT
+#ifndef HAVE_TTYENT_H
 	return(root_tty_security);
 #else
 	struct ttyent *t;
 
 	return((t = getttynam(tty)) && t->ty_status&TTY_SECURE);
-#endif /* NOTTYENT */
+#endif /* HAVE_TTYENT_H */
 }
 
 jmp_buf motdinterrupt;
@@ -942,7 +1038,7 @@ dolastlog(quiet, tty)
 	int quiet;
 	char *tty;
 {
-#if !defined(_AIX)
+#ifdef HAVE_LASTLOG_H
 	struct lastlog ll;
 	int fd;
 
@@ -981,7 +1077,7 @@ char *
 stypeof(ttyid)
 	char *ttyid;
 {
-#ifdef NOTTYENT
+#ifndef HAVE_TTYENT_H
 	return(UNKNOWN);
 #else
 	struct ttyent *t;
@@ -1126,8 +1222,18 @@ char *speeds[] = {
 };
 #define	NSPEEDS	(sizeof(speeds) / sizeof(speeds[0]))
 
+#ifdef POSIX_TERMIOS
+#ifndef CBAUD
+/* this must be in sync with the list above */
+speed_t b_speeds[] = {
+	B0, B50, B75, B110, B134, B150, B200, B300, B600,
+	B1200, B1800, B2400, B4800, B9600, B19200, B38400,
+};
+#endif
+#endif
+
 doremoteterm(tp)
-#ifdef POSIX
+#ifdef POSIX_TERMIOS
 	struct termios *tp;
 #else
 	struct sgttyb *tp;
@@ -1144,21 +1250,38 @@ doremoteterm(tp)
 			*cp++ = '\0';
 		for (cpp = speeds; cpp < &speeds[NSPEEDS]; cpp++)
 			if (strcmp(*cpp, speed) == 0) {
-#ifdef POSIX
+#ifdef POSIX_TERMIOS
+#ifdef CBAUD
+/* some otherwise-posix systems seem not to have cfset... for now, leave
+   the old code for those who can use it */
 				tp->c_cflag =
 					(tp->c_cflag & ~CBAUD) | (cpp-speeds);
 #else
+				cfsetispeed(tp, b_speeds[cpp-speeds]);
+				cfsetospeed(tp, b_speeds[cpp-speeds]);
+#endif
+#else
 				tp->sg_ispeed = tp->sg_ospeed = cpp-speeds;
 #endif
 				break;
 			}
 	}
-#ifdef POSIX
+#ifdef POSIX_TERMIOS
  	/* set all standard echo, edit, and job control options */
- 	tp->c_lflag = ECHO|ECHOE|ECHOK|ICANON|ISIG;
+	/* but leave any extensions */
+ 	tp->c_lflag |= ECHO|ECHOE|ECHOK|ICANON|ISIG;
+	tp->c_lflag &= ~(NOFLSH|TOSTOP|IEXTEN);
+#ifdef ECHOCTL
+	/* Not POSIX, but if we have it, we probably want it */
+ 	tp->c_lflag |= ECHOCTL;
+#endif
+#ifdef ECHOKE
+	/* Not POSIX, but if we have it, we probably want it */
+ 	tp->c_lflag |= ECHOKE;
+#endif
  	tp->c_iflag |= ICRNL|BRKINT;
  	tp->c_oflag |= ONLCR|OPOST|TAB3;
-#else /* !POSIX */
+#else /* !POSIX_TERMIOS */
 	tp->sg_flags = ECHO|CRMOD|ANYP|XTABS;
 #endif
 }
@@ -1180,6 +1303,11 @@ sleepexit(eval)
  * It exits only in the child process.
  */
 #include <sys/wait.h>
+#ifdef WAIT_USES_INT
+#define WAIT_TYPE int
+#else
+#define WAIT_TYPE union wait
+#endif
 void
 dofork()
 {
@@ -1195,7 +1323,7 @@ dofork()
     (void) chdir("/");	/* Let's not keep the fs busy... */
     
     /* If we're the parent, watch the child until it dies */
-    while(wait((union wait *)0) != child)
+    while(wait((WAIT_TYPE *)0) != child)
 	    ;
 
     /* Cleanup stuff */
@@ -1215,14 +1343,6 @@ dofork()
 #endif /* KRB4 */
 
 
-char *strsave(s)
-char *s;
-{
-    char *ret = (char *)malloc(strlen(s) + 1);
-    strcpy(ret, s);
-    return(ret);
-}
-
 #ifdef _IBMR2
 update_ref_count(int adj)
 {
diff --git a/src/appl/bsd/loginpaths.h b/src/appl/bsd/loginpaths.h
new file mode 100644
index 0000000000..cb51327bac
--- /dev/null
+++ b/src/appl/bsd/loginpaths.h
@@ -0,0 +1,83 @@
+/* here are actual path values from each operating system supported. */
+/* LPATH is from rlogin, for login.c; RPATH is from rsh, for rshd.c */
+#ifdef sun
+#ifdef solaris20
+#define RPATH ":/usr/bin"
+#define LPATH "/usr/bin:"
+#else
+/* sun3 and sun4 */
+#define LPATH ":/usr/ucb:/bin:/usr/bin"
+#define RPATH ":/usr/ucb:/bin:/usr/bin"
+#endif
+#endif
+
+#ifdef ultrix
+#define LPATH ":/usr/ucb:/bin:/usr/bin"
+#define RPATH ":/usr/ucb:/bin:/usr/bin"
+#endif
+
+#ifdef hpux
+/* hpux 8, both hppa and s300 */
+#define LPATH "/bin:/usr/bin:/usr/contrib/bin:/usr/local/bin"
+#define RPATH "/bin:/usr/bin:/usr/contrib/bin:/usr/local/bin"
+#endif
+
+#ifdef NeXT
+#define LPATH ":/usr/ucb:/bin:/usr/bin:/usr/local/bin"
+#define RPATH "/bin:/usr/ucb:/usr/bin:"
+#endif
+
+#ifdef _IBMR2
+/* 3.2.0 */ 
+#define LPATH "/usr/bin:/etc:/usr/sbin:/usr/ucb:/usr/bin/X11:/sbin"
+#define RPATH ":/usr/ucb:/bin:/usr/bin:/usr/bin/X11"
+#endif
+
+#ifdef __SCO__
+#define LPATH "/bin:/usr/bin:/usr/dbin:/usr/ldbin"
+#define RPATH "/bin:/usr/bin:/usr/local/bin::"
+#endif
+
+#ifdef sgi
+#define LPATH ":/usr/sbin:/usr/bsd:/usr/bin:/bin:/usr/bin/X11"
+#define RPATH ":/usr/sbin:/usr/bsd:/usr/bin:/bin:/usr/bin/X11"
+#endif
+
+#ifdef linux
+#define LPATH "/local/bin:/usr/bin:/bin:/usr/local/bin:/usr/bin/X11:."
+#define RPATH "/local/bin:/usr/bin:/bin:/usr/local/bin:/usr/bin/X11:."
+#endif
+
+#ifdef __386BSD__
+#define LPATH "/usr/bin:/bin"
+#define RPATH "/usr/bin:/bin"
+#endif
+
+#ifdef __alpha
+#ifdef __osf__
+#define LPATH "/usr/bin:."
+#define RPATH "/usr/bin:/bin:"
+#endif
+#endif
+
+#ifdef __pyrsoft
+#ifdef MIPSEB
+#define RPATH ":/bin:/usr/bin"
+#define LPATH "/usr/bin:/usr/ccs/bin:/usr/ucb:."
+#endif
+#endif
+
+#ifdef __DGUX
+#ifdef __m88k__
+#define RPATH "/usr/bin"
+#define LPATH "/usr/bin"
+#endif
+#endif
+
+#ifndef LPATH
+#ifdef __svr4__
+/* taken from unixware, sirius... */
+#define RPATH ":/bin:/usr/bin:/usr/X/bin"
+#define LPATH "/usr/bin:/usr/dbin:/usr/dbin"
+#endif
+#endif
diff --git a/src/appl/bsd/rpaths.h b/src/appl/bsd/rpaths.h
new file mode 100644
index 0000000000..4925ea33a1
--- /dev/null
+++ b/src/appl/bsd/rpaths.h
@@ -0,0 +1,31 @@
+/* fallback pathnames */
+
+#ifdef RPROGS_IN_USR_UCB
+#define	UCB_RLOGIN	"/usr/ucb/rlogin"
+#define	UCB_RCP	"/usr/ucb/rcp"
+#define	UCB_RSH	"/usr/ucb/rsh"
+/* all in /usr/ucb/, don't look for /bin/rcp */
+#endif
+
+#ifdef RPROGS_IN_USR_BIN
+#define UCB_RLOGIN "/usr/bin/rlogin"
+#define UCB_RCP "/usr/bin/rcp"
+#define UCB_RSH "/usr/bin/rsh"
+#endif
+
+#ifdef RPROGS_IN_USR_BSD
+#define UCB_RLOGIN "/usr/bsd/rlogin"
+#define UCB_RCP "/usr/bsd/rcp"
+#define UCB_RSH "/usr/bsd/rsh"
+#endif
+
+#ifdef RSH_IS_RCMD
+#undef UCB_RSH
+#define UCB_RSH "/usr/bin/rcmd"
+#endif
+
+#ifdef RSH_IS_REMSH
+#undef UCB_RSH
+#define UCB_RSH "/usr/bin/remsh"
+#endif
+