* Initial commit of C CCAPI implementation

ticket: 2753

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16840 dc483132-0cff-0310-8789-dd5450dbe970

17 files changed, 3333 insertions, 0 deletions

diff --git a/src/lib/ccapi/client/ChangeLog b/src/lib/ccapi/client/ChangeLog
new file mode 100644
index 0000000000..aaa59da726
--- /dev/null
+++ b/src/lib/ccapi/client/ChangeLog
@@ -0,0 +1,4 @@
+2004-10-27   Jeffrey Altman  <jaltman@mit.edu>
+
+ * Initial commit of C CCAPI implementation
+
diff --git a/src/lib/ccapi/client/NTMakefile b/src/lib/ccapi/client/NTMakefile
new file mode 100644
index 0000000000..09ef9df38b
--- /dev/null
+++ b/src/lib/ccapi/client/NTMakefile
@@ -0,0 +1,22 @@
+!INCLUDE <WIN32.MAK>
+
+CFLAGS = -I../include
+
+CCAPI_OBJS = cacheapi.obj context.obj ccache.obj credentials.obj ccache_iterator.obj \
+             credentials_iterator.obj ccstring.obj marshall.obj msg.obj 
+
+CCAPI_LIB = ccapi.lib
+
+$(CCAPI_LIB): $(CCAPI_OBJS)
+        $(implib) /NOLOGO /OUT:$@ $**
+
+CCAPI_DLLFILE = krbcc32.dll
+
+
+
+$(CCAPI_DLLFILE): $(CCAPI_LIB)
+        $(DLLGUILINK) -def:windows\krbcc32.def
+        $(DLLPREP)
+
+clean:
+        del *.obj *.lib
diff --git a/src/lib/ccapi/client/cacheapi.c b/src/lib/ccapi/client/cacheapi.c
new file mode 100644
index 0000000000..2c874bec0f
--- /dev/null
+++ b/src/lib/ccapi/client/cacheapi.c
@@ -0,0 +1,118 @@
+/* $Copyright:
+ *
+ * Copyright 2004 by the Massachusetts Institute of Technology.
+ * 
+ * All rights reserved.
+ * 
+ * Export of this software from the United States of America may require a
+ * specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute
+ * this software and its documentation for any purpose and without fee is
+ * hereby granted, provided that the above copyright notice appear in all
+ * copies and that both that copyright notice and this permission notice
+ * appear in supporting documentation, and that the name of M.I.T. not be
+ * used in advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.  Furthermore if you
+ * modify this software you must label your software as modified software
+ * and not distribute it in such a fashion that it might be confused with
+ * the original MIT software. M.I.T. makes no representations about the
+ * suitability of this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ * 
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+ * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ * 
+ * Individual source code files are copyright MIT, Cygnus Support,
+ * OpenVision, Oracle, Sun Soft, FundsXpress, and others.
+ * 
+ * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
+ * and Zephyr are trademarks of the Massachusetts Institute of Technology
+ * (MIT).  No commercial use of these trademarks may be made without prior
+ * written permission of MIT.
+ * 
+ * "Commercial use" means use of a name in a product or other for-profit
+ * manner.  It does NOT prevent a commercial firm from referring to the MIT
+ * trademarks in order to convey information (although in doing so,
+ * recognition of their trademark status should be given).
+ * $
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <CredentialsCache.h>
+#include "ccache.h"
+#include "ccache_iterator.h"
+#include "context.h"
+#include "msg.h"
+#include "msg_headers.h"
+
+cc_int32 
+cc_initialize (	cc_context_t*		outContext,
+                cc_int32		inVersion,
+                cc_int32*		outSupportedVersion,
+                char const**		outVendor)
+{
+    static char vendor[128] = "";
+    cc_msg_t     *request;
+    ccmsg_init_t *request_header;
+    cc_msg_t     *response;
+    ccmsg_init_resp_t *response_header;
+    cc_int32 code;
+
+    if ((inVersion != ccapi_version_2) &&
+         (inVersion != ccapi_version_3) &&
+         (inVersion != ccapi_version_4) &&
+         (inVersion != ccapi_version_5)) {
+
+        if (outSupportedVersion != NULL) {
+            *outSupportedVersion = ccapi_version_5;
+        }
+        return ccErrBadAPIVersion;
+    }   
+
+    request_header = (ccmsg_init_t*)malloc(sizeof(ccmsg_init_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+
+    request_header->in_version = inVersion;
+
+    code = cci_msg_new(ccmsg_INIT, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_init_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        response_header = (ccmsg_init_resp_t *)response->header;
+        *outSupportedVersion = response_header->out_version;
+        code = cc_context_int_new(outContext, response_header->out_ctx, response_header->out_version);
+
+        if (!vendor[0]) {
+            char * string;
+            code = cci_msg_retrieve_blob(response, response_header->vendor_offset, response_header->vendor_length, &string);
+            strncpy(vendor, string, sizeof(vendor)-1);
+            vendor[sizeof(vendor)-1] = '\0';
+            free(string);
+        } 
+        *outVendor = vendor;
+
+        code = ccNoError;
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+
diff --git a/src/lib/ccapi/client/ccache.c b/src/lib/ccapi/client/ccache.c
new file mode 100644
index 0000000000..5de3880e4f
--- /dev/null
+++ b/src/lib/ccapi/client/ccache.c
@@ -0,0 +1,1098 @@
+/* $Copyright:
+ *
+ * Copyright 2004 by the Massachusetts Institute of Technology.
+ * 
+ * All rights reserved.
+ * 
+ * Export of this software from the United States of America may require a
+ * specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute
+ * this software and its documentation for any purpose and without fee is
+ * hereby granted, provided that the above copyright notice appear in all
+ * copies and that both that copyright notice and this permission notice
+ * appear in supporting documentation, and that the name of M.I.T. not be
+ * used in advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.  Furthermore if you
+ * modify this software you must label your software as modified software
+ * and not distribute it in such a fashion that it might be confused with
+ * the original MIT software. M.I.T. makes no representations about the
+ * suitability of this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ * 
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+ * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ * 
+ * Individual source code files are copyright MIT, Cygnus Support,
+ * OpenVision, Oracle, Sun Soft, FundsXpress, and others.
+ * 
+ * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
+ * and Zephyr are trademarks of the Massachusetts Institute of Technology
+ * (MIT).  No commercial use of these trademarks may be made without prior
+ * written permission of MIT.
+ * 
+ * "Commercial use" means use of a name in a product or other for-profit
+ * manner.  It does NOT prevent a commercial firm from referring to the MIT
+ * trademarks in order to convey information (although in doing so,
+ * recognition of their trademark status should be given).
+ * $
+ */
+
+
+/* ccache.c */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <CredentialsCache.h>
+#include "credentials.h"
+#include "ccache.h"
+#include "msg.h"
+#include "msg_headers.h"
+
+cc_int32
+cc_int_ccache_new( cc_ccache_t * pccache, cc_handle hctx, cc_handle hccache )
+{
+    cc_int_ccache_t ccache = (cc_int_ccache_t)malloc(sizeof(cc_int_ccache_d));
+    if ( ccache == NULL )
+        return ccErrNoMem;
+
+    ccache->functions = (cc_ccache_f*)malloc(sizeof(cc_ccache_f));
+    if ( ccache->functions == NULL ) {
+        free(ccache);
+        return ccErrNoMem;
+    }
+
+    ccache->functions->release = cc_int_ccache_release;
+    ccache->functions->destroy = cc_int_ccache_destroy;
+    ccache->functions->set_default = cc_int_ccache_set_default;
+    ccache->functions->get_credentials_version = cc_int_ccache_get_credentials_version;
+    ccache->functions->get_name = cc_int_ccache_get_name;
+    ccache->functions->get_principal = cc_int_ccache_get_principal;
+    ccache->functions->set_principal = cc_int_ccache_set_principal;
+    ccache->functions->store_credentials = cc_int_ccache_store_credentials;
+    ccache->functions->remove_credentials = cc_int_ccache_remove_credentials;
+    ccache->functions->new_credentials_iterator = cc_int_ccache_new_credentials_iterator;
+    ccache->functions->move = cc_int_ccache_move;
+    ccache->functions->lock = cc_int_ccache_lock;
+    ccache->functions->unlock = cc_int_ccache_unlock;
+    ccache->functions->get_last_default_time = cc_int_ccache_get_last_default_time;
+    ccache->functions->get_change_time = cc_int_ccache_get_change_time;
+    ccache->functions->compare = cc_int_ccache_compare;
+    ccache->functions->get_kdc_time_offset = cc_int_ccache_get_kdc_time_offset;
+    ccache->functions->set_kdc_time_offset = cc_int_ccache_set_kdc_time_offset;
+    ccache->functions->clear_kdc_time_offset = cc_int_ccache_clear_kdc_time_offset;
+
+    ccache->magic = CC_CCACHE_MAGIC;
+    ccache->ctx = hctx;
+    ccache->handle = hccache;
+
+    *pccache = (cc_ccache_t)ccache;
+
+    return ccNoError;
+}
+
+cc_int32    
+cc_int_ccache_release( cc_ccache_t ccache )
+{
+    cc_int_ccache_t int_ccache;
+    cc_msg_t        *request;
+    ccmsg_ccache_release_t *request_header;
+    cc_msg_t        *response;
+    cc_int32 code;
+
+    if ( ccache == NULL )
+        return ccErrBadParam;
+
+    int_ccache = (cc_int_ccache_t)ccache;
+
+    if ( int_ccache->magic != CC_CCACHE_MAGIC )
+        return ccErrInvalidCCache;
+
+    request_header = (ccmsg_ccache_release_t*)malloc(sizeof(ccmsg_ccache_release_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+    request_header->ctx = int_ccache->ctx;
+    request_header->ccache = int_ccache->handle;
+
+    code = cci_msg_new(ccmsg_CCACHE_RELEASE, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ccache_release_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        code = ccNoError;
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    free(int_ccache->functions);
+    free(int_ccache);
+    return code;
+}
+
+
+cc_int32    
+cc_int_ccache_destroy( cc_ccache_t ccache )
+{
+    cc_int_ccache_t int_ccache;
+    cc_msg_t        *request;
+    ccmsg_ccache_destroy_t *request_header;
+    cc_msg_t        *response;
+    cc_int32 code;
+
+    if ( ccache == NULL )
+        return ccErrBadParam;
+
+    int_ccache = (cc_int_ccache_t)ccache;
+
+    if ( int_ccache->magic != CC_CCACHE_MAGIC )
+        return ccErrInvalidCCache;
+
+    request_header = (ccmsg_ccache_destroy_t*)malloc(sizeof(ccmsg_ccache_destroy_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+    request_header->ctx = int_ccache->ctx;
+    request_header->ccache = int_ccache->handle;
+
+    code = cci_msg_new(ccmsg_CCACHE_DESTROY, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ccache_destroy_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        code = ccNoError;
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    free(ccache);
+    return code;
+}
+
+
+cc_int32
+cc_int_ccache_set_default( cc_ccache_t ccache )
+{
+    cc_int_ccache_t int_ccache;
+    cc_msg_t        *request;
+    ccmsg_ccache_set_default_t *request_header;
+    cc_msg_t        *response;
+    cc_int32 code;
+
+    if ( ccache == NULL )
+        return ccErrBadParam;
+
+    int_ccache = (cc_int_ccache_t)ccache;
+
+    if ( int_ccache->magic != CC_CCACHE_MAGIC )
+        return ccErrInvalidCCache;
+
+    request_header = (ccmsg_ccache_set_default_t*)malloc(sizeof(ccmsg_ccache_set_default_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+    request_header->ctx = int_ccache->ctx;
+    request_header->ccache = int_ccache->handle;
+
+    code = cci_msg_new(ccmsg_CCACHE_SET_DEFAULT, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ccache_set_default_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        code = ccNoError;
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+
+cc_int32
+cc_int_ccache_get_credentials_version( cc_ccache_t ccache,
+                                   cc_uint32* credentials_version)
+{
+    cc_int_ccache_t int_ccache;
+    cc_msg_t        *request;
+    ccmsg_ccache_get_creds_version_t *request_header;
+    cc_msg_t        *response;
+    cc_int32 code;
+
+    if ( ccache == NULL )
+        return ccErrBadParam;
+
+    int_ccache = (cc_int_ccache_t)ccache;
+
+    if ( int_ccache->magic != CC_CCACHE_MAGIC )
+        return ccErrInvalidCCache;
+
+    request_header = (ccmsg_ccache_get_creds_version_t*)malloc(sizeof(ccmsg_ccache_get_creds_version_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+    request_header->ctx = int_ccache->ctx;
+    request_header->ccache = int_ccache->handle;
+
+    code = cci_msg_new(ccmsg_CCACHE_GET_CREDS_VERSION, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ccache_get_creds_version_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        ccmsg_ccache_get_creds_version_resp_t * response_header = (ccmsg_ccache_get_creds_version_resp_t*)response->header;
+        *credentials_version = response_header->version;
+        code = ccNoError;
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+
+cc_int32
+cc_int_ccache_get_name( cc_ccache_t ccache,
+                    cc_string_t* name )
+{
+    cc_int_ccache_t int_ccache;
+    cc_msg_t        *request;
+    ccmsg_ccache_get_name_t *request_header;
+    cc_msg_t        *response;
+    cc_int32 code;
+
+    if ( ccache == NULL )
+        return ccErrBadParam;
+
+    int_ccache = (cc_int_ccache_t)ccache;
+
+    if ( int_ccache->magic != CC_CCACHE_MAGIC )
+        return ccErrInvalidCCache;
+
+    request_header = (ccmsg_ccache_get_name_t*)malloc(sizeof(ccmsg_ccache_get_name_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+    request_header->ctx = int_ccache->ctx;
+    request_header->ccache = int_ccache->handle;
+
+    code = cci_msg_new(ccmsg_CCACHE_GET_NAME, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ccache_get_name_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        char * string;
+        ccmsg_ccache_get_name_resp_t * response_header = (ccmsg_ccache_get_name_resp_t*)response->header;
+        code = cci_msg_retrieve_blob(response, response_header->name_offset, 
+                                      response_header->name_len, &string);
+        if (code == ccNoError) {
+            code = cc_string_new(&name, string);
+            free(string);
+        }
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+
+cc_int32
+cc_int_ccache_get_principal( cc_ccache_t ccache,
+                        cc_uint32 credentials_version,
+                        cc_string_t* principal )
+{
+    cc_int_ccache_t int_ccache;
+    cc_msg_t        *request;
+    ccmsg_ccache_get_principal_t *request_header;
+    cc_msg_t        *response;
+    cc_int32 code;
+
+    if ( ccache == NULL )
+        return ccErrBadParam;
+
+    int_ccache = (cc_int_ccache_t)ccache;
+
+    if ( int_ccache->magic != CC_CCACHE_MAGIC )
+        return ccErrInvalidCCache;
+
+    request_header = (ccmsg_ccache_get_principal_t*)malloc(sizeof(ccmsg_ccache_get_principal_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+    request_header->ctx = int_ccache->ctx;
+    request_header->ccache = int_ccache->handle;
+    request_header->version = credentials_version;
+
+    code = cci_msg_new(ccmsg_CCACHE_GET_PRINCIPAL, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ccache_get_principal_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        char * string;
+        ccmsg_ccache_get_principal_resp_t * response_header = (ccmsg_ccache_get_principal_resp_t*)response->header;
+        code = cci_msg_retrieve_blob(response, response_header->principal_offset, 
+                                      response_header->principal_len, &string);
+        if (code == ccNoError) {
+            code = cc_string_new(&principal, string);
+            free(string);
+        }
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+
+cc_int32
+cc_int_ccache_set_principal( cc_ccache_t ccache,
+                         cc_uint32 credentials_version,
+                         const char* principal )
+{
+    cc_uint32   blob_pos;
+    cc_int_ccache_t int_ccache;
+    cc_msg_t        *request;
+    ccmsg_ccache_set_principal_t *request_header;
+    cc_msg_t        *response;
+    cc_int32 code;
+
+    if ( ccache == NULL )
+        return ccErrBadParam;
+
+    int_ccache = (cc_int_ccache_t)ccache;
+
+    if ( int_ccache->magic != CC_CCACHE_MAGIC )
+        return ccErrInvalidCCache;
+
+    request_header = (ccmsg_ccache_set_principal_t*)malloc(sizeof(ccmsg_ccache_set_principal_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+    request_header->ctx = int_ccache->ctx;
+    request_header->ccache = int_ccache->handle;
+    request_header->version = credentials_version;
+
+    code = cci_msg_new(ccmsg_CCACHE_GET_PRINCIPAL, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_data_blob(request, (void*)principal, strlen(principal) + 1, &blob_pos);
+    if (code != ccNoError) {
+        cci_msg_destroy(request);
+        free(request_header);
+        return code;
+    }
+    
+    request_header->principal_offset = blob_pos;
+    request_header->principal_len = strlen(principal) + 1;
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ccache_set_principal_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        code = ccNoError;
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+
+cc_int32
+cc_int_ccache_new_credentials_iterator( cc_ccache_t ccache,
+                                        cc_credentials_iterator_t* iterator )
+{
+    cc_int_ccache_t int_ccache;
+    cc_msg_t        *request;
+    ccmsg_ccache_creds_iterator_t *request_header;
+    cc_msg_t        *response;
+    cc_int32 code;
+
+    if ( ccache == NULL )
+        return ccErrBadParam;
+
+    int_ccache = (cc_int_ccache_t)ccache;
+
+    if ( int_ccache->magic != CC_CCACHE_MAGIC )
+        return ccErrInvalidCCache;
+
+    request_header = (ccmsg_ccache_creds_iterator_t*)malloc(sizeof(ccmsg_ccache_creds_iterator_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+    request_header->ctx = int_ccache->ctx;
+    request_header->ccache = int_ccache->handle;
+
+    code = cci_msg_new(ccmsg_CCACHE_CREDS_ITERATOR, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ccache_creds_iterator_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        ccmsg_ccache_creds_iterator_resp_t * response_header = (ccmsg_ccache_creds_iterator_resp_t*)response->header;
+        code = cc_int_credentials_iterator_new(iterator, response_header->iterator);
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+
+cc_int32
+cc_int_ccache_store_credentials( cc_ccache_t ccache,
+                             const cc_credentials_union* credentials )
+{
+    cc_int_ccache_t int_ccache;
+    cc_msg_t        *request;
+    ccmsg_ccache_store_creds_t *request_header;
+    cc_msg_t        *response;
+    char            *flat_cred = 0;
+    cc_uint32       flat_cred_len = 0;
+    cc_uint32       blob_pos;
+    cc_int32 code;
+
+    if ( ccache == NULL || credentials == NULL )
+        return ccErrBadParam;
+
+    int_ccache = (cc_int_ccache_t)ccache;
+
+    if ( int_ccache->magic != CC_CCACHE_MAGIC )
+        return ccErrInvalidCCache;
+
+    request_header = (ccmsg_ccache_store_creds_t*)malloc(sizeof(ccmsg_ccache_store_creds_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+    request_header->ctx = int_ccache->ctx;
+    request_header->ccache = int_ccache->handle;
+
+    code = cci_msg_new(ccmsg_CCACHE_STORE_CREDS, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    switch ( credentials->version ) {
+    case cc_credentials_v4:
+        code = cci_creds_v4_marshall(credentials->credentials.credentials_v4, &flat_cred, &flat_cred_len);
+        break;
+    case cc_credentials_v5:
+        code = cci_creds_v5_marshall(credentials->credentials.credentials_v5, &flat_cred, &flat_cred_len);
+        break;
+    default:
+        cci_msg_destroy(request);
+        free(request_header);
+        return ccErrBadCredentialsVersion;
+    }
+    if (code != ccNoError) {
+        cci_msg_destroy(request);
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_data_blob(request, (void*)flat_cred, flat_cred_len, &blob_pos);
+    if (code != ccNoError) {
+        cci_msg_destroy(request);
+        free(request_header);
+        return code;
+    }
+    
+    request_header->creds_version = credentials->version;
+    request_header->creds_offset = blob_pos;
+    request_header->creds_len = flat_cred_len;
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ccache_store_creds_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        code = ccNoError;
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    free(flat_cred);
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+
+cc_int32
+cc_int_ccache_remove_credentials( cc_ccache_t ccache,
+                              cc_credentials_t credentials )
+{
+    cc_int_ccache_t int_ccache;
+    cc_int_credentials_t  int_creds;
+    cc_msg_t        *request;
+    ccmsg_ccache_rem_creds_t *request_header;
+    cc_msg_t        *response;
+    cc_int32 code;
+
+    if ( ccache == NULL || credentials == NULL )
+        return ccErrBadParam;
+
+    int_ccache = (cc_int_ccache_t)ccache;
+    int_creds  = (cc_int_credentials_t)credentials;
+
+    if ( int_ccache->magic != CC_CCACHE_MAGIC )
+        return ccErrInvalidCCache;
+
+    if ( int_creds->magic != CC_CREDS_MAGIC )
+        return ccErrInvalidCredentials;
+
+    request_header = (ccmsg_ccache_rem_creds_t*)malloc(sizeof(ccmsg_ccache_rem_creds_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+    
+    request_header->ctx = int_ccache->ctx;
+    request_header->ccache = int_ccache->handle;
+    request_header->creds  = int_creds->handle;
+
+    code = cci_msg_new(ccmsg_CCACHE_REM_CREDS, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ccache_rem_creds_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        code = ccNoError;
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+
+
+cc_int32
+cc_int_ccache_move( cc_ccache_t source,
+                    cc_ccache_t destination )
+{
+    cc_int_ccache_t int_ccache_source;
+    cc_int_ccache_t int_ccache_dest;
+    cc_msg_t        *request;
+    ccmsg_ccache_move_t *request_header;
+    cc_msg_t        *response;
+    cc_int32 code;
+
+    if ( source == NULL || destination == NULL )
+        return ccErrBadParam;
+
+    int_ccache_source = (cc_int_ccache_t)source;
+    int_ccache_dest = (cc_int_ccache_t)destination;
+
+    if ( int_ccache_source->magic != CC_CCACHE_MAGIC ||
+         int_ccache_dest->magic != CC_CCACHE_MAGIC )
+        return ccErrInvalidCCache;
+
+    if ( int_ccache_source->ctx != int_ccache_dest->ctx )
+        return ccErrInvalidContext;
+
+    request_header = (ccmsg_ccache_move_t*)malloc(sizeof(ccmsg_ccache_move_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+
+    code = cci_msg_new(ccmsg_CCACHE_MOVE, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    request_header->ctx = int_ccache_source->ctx;
+    request_header->ccache_source = int_ccache_source->handle;
+    request_header->ccache_dest = int_ccache_dest->handle;
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ccache_move_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        code = ccNoError;
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}       
+
+cc_int_ccache_lock( cc_ccache_t ccache,
+                cc_uint32 lock_type,
+                cc_uint32 block )
+{
+    cc_int_ccache_t int_ccache;
+    cc_msg_t        *request;
+    ccmsg_ccache_lock_t *request_header;
+    cc_msg_t        *response;
+    cc_int32 code;
+
+    if ( ccache == NULL || 
+         (lock_type != cc_lock_read && lock_type != cc_lock_write) ||
+         (block != cc_lock_block && block != cc_lock_noblock) )
+        return ccErrBadParam;
+
+    int_ccache = (cc_int_ccache_t)ccache;
+
+    if ( int_ccache->magic != CC_CCACHE_MAGIC )
+        return ccErrInvalidCCache;
+
+    request_header = (ccmsg_ccache_lock_t*)malloc(sizeof(ccmsg_ccache_lock_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+
+    code = cci_msg_new(ccmsg_CCACHE_LOCK, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    request_header->ctx = int_ccache->ctx;
+    request_header->ccache = int_ccache->handle;
+    request_header->lock_type;
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ccache_lock_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+
+        // TODO: if (block == cc_lock_block) .....
+    } else if (response->type == ccmsg_ACK) {
+        code = ccNoError;
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+
+cc_int32
+cc_int_ccache_unlock( cc_ccache_t ccache )
+{
+    cc_int_ccache_t int_ccache;
+    cc_msg_t        *request;
+    ccmsg_ccache_unlock_t *request_header;
+    cc_msg_t        *response;
+    cc_int32 code;
+
+    if ( ccache == NULL )
+        return ccErrBadParam;
+
+    int_ccache = (cc_int_ccache_t)ccache;
+
+    if ( int_ccache->magic != CC_CCACHE_MAGIC )
+        return ccErrInvalidCCache;
+
+    request_header = (ccmsg_ccache_unlock_t*)malloc(sizeof(ccmsg_ccache_unlock_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+
+    code = cci_msg_new(ccmsg_CCACHE_UNLOCK, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    request_header->ctx = int_ccache->ctx;
+    request_header->ccache = int_ccache->handle;
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ccache_unlock_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        code = ccNoError;
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+
+
+cc_int32
+cc_int_ccache_get_last_default_time( cc_ccache_t ccache,
+                                     cc_time_t* time_offset )
+{
+    cc_int_ccache_t int_ccache;
+    cc_msg_t        *request;
+    ccmsg_ccache_get_last_default_time_t *request_header;
+    cc_msg_t        *response;
+    cc_int32 code;
+
+    if ( ccache == NULL )
+        return ccErrBadParam;
+
+    int_ccache = (cc_int_ccache_t)ccache;
+
+    if ( int_ccache->magic != CC_CCACHE_MAGIC )
+        return ccErrInvalidCCache;
+
+    request_header = (ccmsg_ccache_get_last_default_time_t*)malloc(sizeof(ccmsg_ccache_get_last_default_time_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+    request_header->ctx = int_ccache->ctx;
+    request_header->ccache = int_ccache->handle;
+
+    code = cci_msg_new(ccmsg_CCACHE_GET_LAST_DEFAULT_TIME, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ccache_get_last_default_time_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        ccmsg_ccache_get_last_default_time_resp_t * response_header = (ccmsg_ccache_get_last_default_time_resp_t*)response->header;
+        *time_offset = response_header->last_default_time;
+        code = ccNoError;
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+
+cc_int32
+cc_int_ccache_get_change_time( cc_ccache_t ccache,
+                           cc_time_t* time )
+{
+    cc_int_ccache_t int_ccache;
+    cc_msg_t        *request;
+    ccmsg_ccache_get_change_time_t *request_header;
+    cc_msg_t        *response;
+    cc_int32 code;
+
+    if ( ccache == NULL )
+        return ccErrBadParam;
+
+    int_ccache = (cc_int_ccache_t)ccache;
+
+    if ( int_ccache->magic != CC_CCACHE_MAGIC )
+        return ccErrInvalidCCache;
+
+    request_header = (ccmsg_ccache_get_change_time_t*)malloc(sizeof(ccmsg_ccache_get_change_time_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+    request_header->ctx = int_ccache->ctx;
+    request_header->ccache = int_ccache->handle;
+
+    code = cci_msg_new(ccmsg_CCACHE_GET_CHANGE_TIME, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ccache_get_change_time_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        ccmsg_ccache_get_change_time_resp_t * response_header = (ccmsg_ccache_get_change_time_resp_t*)response->header;
+        *time = response_header->time;
+        code = ccNoError;
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+
+cc_int32
+cc_int_ccache_compare( cc_ccache_t ccache,
+                   cc_ccache_t compare_to,
+                   cc_uint32* equal )
+{
+    cc_int_ccache_t int_ccache;
+    cc_int_ccache_t int_compare_to;
+    cc_msg_t        *request;
+    ccmsg_ccache_compare_t *request_header;
+    cc_msg_t        *response;
+    cc_int32 code;
+
+    if ( ccache == NULL )
+        return ccErrBadParam;
+
+    int_ccache = (cc_int_ccache_t)ccache;
+    int_compare_to = (cc_int_ccache_t)ccache;
+
+    if ( int_ccache->magic != CC_CCACHE_MAGIC ||
+         int_compare_to->magic != CC_CCACHE_MAGIC )
+        return ccErrInvalidCCache;
+
+    request_header = (ccmsg_ccache_compare_t*)malloc(sizeof(ccmsg_ccache_compare_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+    request_header->ctx = int_ccache->ctx;
+    request_header->ccache1 = int_ccache->handle;
+    request_header->ccache2 = int_compare_to->handle;
+
+    code = cci_msg_new(ccmsg_CCACHE_COMPARE, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ccache_compare_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        ccmsg_ccache_compare_resp_t * response_header = (ccmsg_ccache_compare_resp_t*)response->header;
+        *equal = response_header->is_equal;
+        code = ccNoError;
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+
+cc_int32	
+cc_int_ccache_get_kdc_time_offset( cc_ccache_t ccache,
+                               cc_int32	credentials_version,
+                               cc_time_t*	time_offset )
+{
+    cc_int_ccache_t int_ccache;
+    cc_msg_t        *request;
+    ccmsg_ccache_get_kdc_time_offset_t *request_header;
+    cc_msg_t        *response;
+    cc_int32 code;
+
+    if ( ccache == NULL )
+        return ccErrBadParam;
+
+    int_ccache = (cc_int_ccache_t)ccache;
+
+    if ( int_ccache->magic != CC_CCACHE_MAGIC )
+        return ccErrInvalidCCache;
+
+    request_header = (ccmsg_ccache_get_kdc_time_offset_t*)malloc(sizeof(ccmsg_ccache_get_kdc_time_offset_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+    request_header->ctx = int_ccache->ctx;
+    request_header->ccache = int_ccache->handle;
+    request_header->creds_version = credentials_version;
+
+    code = cci_msg_new(ccmsg_CCACHE_GET_KDC_TIME_OFFSET, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ccache_get_kdc_time_offset_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        ccmsg_ccache_get_kdc_time_offset_resp_t * response_header = (ccmsg_ccache_get_kdc_time_offset_resp_t*)response->header;
+        *time_offset = response_header->offset;
+        code = ccNoError;
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+
+cc_int32
+cc_int_ccache_set_kdc_time_offset( cc_ccache_t ccache,
+                               cc_int32	credentials_version,
+                               cc_time_t	time_offset )
+{
+    cc_int_ccache_t int_ccache;
+    cc_msg_t        *request;
+    ccmsg_ccache_set_kdc_time_offset_t *request_header;
+    cc_msg_t        *response;
+    cc_int32 code;
+
+    if ( ccache == NULL )
+        return ccErrBadParam;
+
+    int_ccache = (cc_int_ccache_t)ccache;
+
+    if ( int_ccache->magic != CC_CCACHE_MAGIC )
+        return ccErrInvalidCCache;
+
+    request_header = (ccmsg_ccache_set_kdc_time_offset_t*)malloc(sizeof(ccmsg_ccache_set_kdc_time_offset_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+    request_header->ctx = int_ccache->ctx;
+    request_header->ccache = int_ccache->handle;
+    request_header->creds_version = credentials_version;
+
+    code = cci_msg_new(ccmsg_CCACHE_SET_KDC_TIME_OFFSET, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ccache_set_kdc_time_offset_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        code = ccNoError;
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+                                
+cc_int32
+cc_int_ccache_clear_kdc_time_offset( cc_ccache_t	ccache,
+                                 cc_int32	credentials_version )
+{
+    cc_int_ccache_t int_ccache;
+    cc_msg_t        *request;
+    ccmsg_ccache_clear_kdc_time_offset_t *request_header;
+    cc_msg_t        *response;
+    cc_int32 code;
+
+    if ( ccache == NULL )
+        return ccErrBadParam;
+
+    int_ccache = (cc_int_ccache_t)ccache;
+
+    if ( int_ccache->magic != CC_CCACHE_MAGIC )
+        return ccErrInvalidCCache;
+
+    request_header = (ccmsg_ccache_clear_kdc_time_offset_t*)malloc(sizeof(ccmsg_ccache_clear_kdc_time_offset_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+    request_header->ctx = int_ccache->ctx;
+    request_header->ccache = int_ccache->handle;
+    request_header->creds_version = credentials_version;
+
+    code = cci_msg_new(ccmsg_CCACHE_CLEAR_KDC_TIME_OFFSET, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ccache_clear_kdc_time_offset_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        code = ccNoError;
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+
+
diff --git a/src/lib/ccapi/client/ccache.h b/src/lib/ccapi/client/ccache.h
new file mode 100644
index 0000000000..e3b3993ee0
--- /dev/null
+++ b/src/lib/ccapi/client/ccache.h
@@ -0,0 +1,146 @@
+/* $Copyright:
+ *
+ * Copyright 2004 by the Massachusetts Institute of Technology.
+ * 
+ * All rights reserved.
+ * 
+ * Export of this software from the United States of America may require a
+ * specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute
+ * this software and its documentation for any purpose and without fee is
+ * hereby granted, provided that the above copyright notice appear in all
+ * copies and that both that copyright notice and this permission notice
+ * appear in supporting documentation, and that the name of M.I.T. not be
+ * used in advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.  Furthermore if you
+ * modify this software you must label your software as modified software
+ * and not distribute it in such a fashion that it might be confused with
+ * the original MIT software. M.I.T. makes no representations about the
+ * suitability of this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ * 
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+ * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ * 
+ * Individual source code files are copyright MIT, Cygnus Support,
+ * OpenVision, Oracle, Sun Soft, FundsXpress, and others.
+ * 
+ * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
+ * and Zephyr are trademarks of the Massachusetts Institute of Technology
+ * (MIT).  No commercial use of these trademarks may be made without prior
+ * written permission of MIT.
+ * 
+ * "Commercial use" means use of a name in a product or other for-profit
+ * manner.  It does NOT prevent a commercial firm from referring to the MIT
+ * trademarks in order to convey information (although in doing so,
+ * recognition of their trademark status should be given).
+ * $
+ */
+
+/* ccache.h */
+
+#define CC_CCACHE_MAGIC ('C'<<24 | 'C'<<16 | 'A'<<8 | 'C')
+
+struct cc_int_ccache_d {
+    cc_ccache_f*	functions;
+#if TARGET_OS_MAC
+    const cc_ccache_f*	otherFunctions;
+#endif
+    cc_uint32           magic;
+    cc_handle           handle;
+    cc_handle           ctx;
+};
+typedef struct cc_int_ccache_d  cc_int_ccache_d;
+typedef cc_int_ccache_d*        cc_int_ccache_t;
+
+
+cc_int32
+cc_int_ccache_new( cc_ccache_t * pccache, cc_handle hctx, cc_handle hccache );
+
+cc_int32    
+cc_int_ccache_release( cc_ccache_t ccache );
+
+cc_int32    
+cc_int_ccache_destroy( cc_ccache_t ccache );
+
+cc_int32
+cc_int_ccache_set_default( cc_ccache_t ccache );
+
+cc_int32
+cc_int_ccache_get_credentials_version( cc_ccache_t ccache,
+                                  cc_uint32* credentials_version);   
+
+cc_int32
+cc_int_ccache_get_name( cc_ccache_t ccache,
+                   cc_string_t* name );
+
+cc_int32
+cc_int_ccache_get_principal( cc_ccache_t ccache,
+                        cc_uint32 credentials_version,
+                        cc_string_t* principal );
+
+cc_int32
+cc_int_ccache_set_principal( cc_ccache_t ccache,
+                        cc_uint32 credentials_version,
+                        const char* principal );
+
+cc_int32
+cc_int_ccache_store_credentials( cc_ccache_t ccache,
+                            const cc_credentials_union* credentials );
+
+cc_int32
+cc_int_ccache_remove_credentials( cc_ccache_t ccache,
+                              cc_credentials_t credentials );
+
+cc_int32
+cc_int_ccache_new_credentials_iterator( cc_ccache_t ccache,
+                                        cc_credentials_iterator_t* iterator );
+
+cc_int32
+cc_int_ccache_move( cc_ccache_t source,
+               cc_ccache_t destination );
+
+cc_int32
+cc_int_ccache_lock( cc_ccache_t ccache,
+               cc_uint32 block,
+               cc_uint32 lock_type );
+
+cc_int32
+cc_int_ccache_unlock( cc_ccache_t ccache );
+
+cc_int32
+cc_int_ccache_get_last_default_time( cc_ccache_t ccache,
+                                cc_time_t* time );
+
+cc_int32
+cc_int_ccache_get_change_time( cc_ccache_t ccache,
+                          cc_time_t* time );
+
+cc_int32
+cc_int_ccache_compare( cc_ccache_t ccache,
+                  cc_ccache_t compare_to,
+                  cc_uint32* equal );
+
+cc_int32	
+cc_int_ccache_get_kdc_time_offset( cc_ccache_t ccache,
+                              cc_int32	credentials_version,
+                              cc_time_t*	time_offset );
+
+cc_int32
+cc_int_ccache_set_kdc_time_offset( cc_ccache_t ccache,
+                              cc_int32	credentials_version,
+                              cc_time_t	time_offset );
+                                
+cc_int32
+cc_int_ccache_clear_kdc_time_offset( cc_ccache_t	ccache,
+                                cc_int32	credentials_version );
+
+
+cc_int32
+cc_int_ccache_compat_clone( cc_int_ccache_t     ccache,
+                            cc_int_ccache_t    *clone );
+
diff --git a/src/lib/ccapi/client/ccache_iterator.c b/src/lib/ccapi/client/ccache_iterator.c
new file mode 100644
index 0000000000..03266b1bbe
--- /dev/null
+++ b/src/lib/ccapi/client/ccache_iterator.c
@@ -0,0 +1,179 @@
+/* $Copyright:
+ *
+ * Copyright 2004 by the Massachusetts Institute of Technology.
+ * 
+ * All rights reserved.
+ * 
+ * Export of this software from the United States of America may require a
+ * specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute
+ * this software and its documentation for any purpose and without fee is
+ * hereby granted, provided that the above copyright notice appear in all
+ * copies and that both that copyright notice and this permission notice
+ * appear in supporting documentation, and that the name of M.I.T. not be
+ * used in advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.  Furthermore if you
+ * modify this software you must label your software as modified software
+ * and not distribute it in such a fashion that it might be confused with
+ * the original MIT software. M.I.T. makes no representations about the
+ * suitability of this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ * 
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+ * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ * 
+ * Individual source code files are copyright MIT, Cygnus Support,
+ * OpenVision, Oracle, Sun Soft, FundsXpress, and others.
+ * 
+ * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
+ * and Zephyr are trademarks of the Massachusetts Institute of Technology
+ * (MIT).  No commercial use of these trademarks may be made without prior
+ * written permission of MIT.
+ * 
+ * "Commercial use" means use of a name in a product or other for-profit
+ * manner.  It does NOT prevent a commercial firm from referring to the MIT
+ * trademarks in order to convey information (although in doing so,
+ * recognition of their trademark status should be given).
+ * $
+ */
+
+/* ccache_iterator.c */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <CredentialsCache.h>
+#include "ccache_iterator.h"
+#include "msg.h"
+#include "msg_headers.h"
+
+
+cc_int32
+cc_int_ccache_iterator_new( cc_ccache_iterator_t * piter,
+                            cc_handle ctx,
+                            cc_handle handle )
+{
+    cc_int_ccache_iterator_t iter;
+
+    if ( piter == NULL )
+        return ccErrBadParam;
+
+    iter = (cc_int_ccache_iterator_t) malloc( sizeof(cc_int_ccache_iterator_d) );
+    if ( iter == NULL )
+        return ccErrNoMem;
+
+    iter->functions = (cc_ccache_iterator_f*)malloc( sizeof(cc_ccache_iterator_f));
+    if ( iter->functions ) {
+        free(iter);
+        return ccErrNoMem;
+    }
+
+    iter->functions->release = cc_int_ccache_iterator_release;
+    iter->functions->next = cc_int_ccache_iterator_next;
+    iter->magic = CC_CCACHE_ITER_MAGIC;
+    iter->ctx = ctx;
+    iter->handle = handle;
+
+    *piter = (cc_ccache_iterator_t)iter;
+    return ccNoError;
+}
+
+cc_int32
+cc_int_ccache_iterator_release( cc_ccache_iterator_t iter )
+{
+    cc_int_ccache_iterator_t int_iter;
+    cc_msg_t        *request;
+    ccmsg_ccache_iterator_release_t *request_header;
+    cc_msg_t        *response;
+    cc_int32 code;
+
+
+    if ( iter == NULL )
+        return ccErrBadParam;
+
+    int_iter = (cc_int_ccache_iterator_t) iter;
+
+    if ( int_iter->magic != CC_CCACHE_ITER_MAGIC )
+        return ccErrInvalidCCacheIterator;
+
+    request_header = (ccmsg_ccache_iterator_release_t*)malloc(sizeof(ccmsg_ccache_iterator_release_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+    request_header->ctx = int_iter->ctx;
+    request_header->iterator = int_iter->handle;
+    code = cci_msg_new(ccmsg_CCACHE_ITERATOR_RELEASE, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ccache_iterator_release_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        code = ccNoError;
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+
+    free(int_iter->functions);
+    free(int_iter);
+    return ccNoError;
+}
+
+cc_int32
+cc_int_ccache_iterator_next( cc_ccache_iterator_t iter,
+                             cc_ccache_t * ccache )
+{
+    cc_int_ccache_iterator_t int_iter;
+    cc_msg_t        *request;
+    ccmsg_ccache_iterator_next_t *request_header;
+    cc_msg_t        *response;
+    cc_int32 code;
+
+    if ( ccache == NULL )
+        return ccErrBadParam;
+
+    int_iter = (cc_int_ccache_iterator_t)iter;
+
+    if ( int_iter->magic != CC_CCACHE_ITER_MAGIC )
+        return ccErrInvalidCCacheIterator;
+
+    request_header = (ccmsg_ccache_iterator_next_t*)malloc(sizeof(ccmsg_ccache_iterator_next_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+    request_header->ctx = int_iter->ctx;
+    request_header->iterator = int_iter->handle;
+
+    code = cci_msg_new(ccmsg_CCACHE_ITERATOR_NEXT, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ccache_iterator_next_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        ccmsg_ccache_iterator_next_resp_t * response_header = (ccmsg_ccache_iterator_next_resp_t*)response->header;
+        code = cc_ccache_new(ccache, int_iter->ctx, response_header->ccache);
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
diff --git a/src/lib/ccapi/client/ccache_iterator.h b/src/lib/ccapi/client/ccache_iterator.h
new file mode 100644
index 0000000000..c55d72ee67
--- /dev/null
+++ b/src/lib/ccapi/client/ccache_iterator.h
@@ -0,0 +1,85 @@
+/* $Copyright:
+ *
+ * Copyright 2004 by the Massachusetts Institute of Technology.
+ * 
+ * All rights reserved.
+ * 
+ * Export of this software from the United States of America may require a
+ * specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute
+ * this software and its documentation for any purpose and without fee is
+ * hereby granted, provided that the above copyright notice appear in all
+ * copies and that both that copyright notice and this permission notice
+ * appear in supporting documentation, and that the name of M.I.T. not be
+ * used in advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.  Furthermore if you
+ * modify this software you must label your software as modified software
+ * and not distribute it in such a fashion that it might be confused with
+ * the original MIT software. M.I.T. makes no representations about the
+ * suitability of this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ * 
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+ * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ * 
+ * Individual source code files are copyright MIT, Cygnus Support,
+ * OpenVision, Oracle, Sun Soft, FundsXpress, and others.
+ * 
+ * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
+ * and Zephyr are trademarks of the Massachusetts Institute of Technology
+ * (MIT).  No commercial use of these trademarks may be made without prior
+ * written permission of MIT.
+ * 
+ * "Commercial use" means use of a name in a product or other for-profit
+ * manner.  It does NOT prevent a commercial firm from referring to the MIT
+ * trademarks in order to convey information (although in doing so,
+ * recognition of their trademark status should be given).
+ * $
+ */
+
+/* ccache_iterator.h */
+
+#define CC_CCACHE_ITER_MAGIC ('C'<<24 | 'C'<<16 | 'I'<<8 | 'T')
+
+struct cc_int_ccache_iterator_d {
+    cc_ccache_iterator_f*	functions;
+#if TARGET_OS_MAC
+    cc_ccache_iterator_f*	otherFunctions;
+#endif
+    cc_uint32           magic;
+    cc_handle           handle;
+    cc_handle           ctx;
+
+    cc_uint32           repeat_count;
+    cc_ccache_t         compat_copy;
+};
+typedef struct cc_int_ccache_iterator_d cc_int_ccache_iterator_d;
+typedef cc_int_ccache_iterator_d*	cc_int_ccache_iterator_t;
+
+
+cc_int32
+cc_int_ccache_iterator_new( cc_ccache_iterator_t * piter,
+                            cc_handle ctx,
+                            cc_handle handle );
+
+cc_int32
+cc_int_ccache_iterator_release( cc_ccache_iterator_t iter );
+
+cc_int32
+cc_int_ccache_iterator_next( cc_ccache_iterator_t iter,
+                             cc_ccache_t * ccache );
+
+cc_int32
+cc_int_ccache_iterator_set_repeat_count( cc_int_ccache_iterator_t iter, 
+                                         cc_uint32 count );
+
+cc_int32
+cc_int_ccache_iterator_get_repeat_count( cc_int_ccache_iterator_t iter, 
+                                         cc_uint32 * count );
+
+
+
diff --git a/src/lib/ccapi/client/ccstring.c b/src/lib/ccapi/client/ccstring.c
new file mode 100644
index 0000000000..419bfef772
--- /dev/null
+++ b/src/lib/ccapi/client/ccstring.c
@@ -0,0 +1,94 @@
+/* $Copyright:
+ *
+ * Copyright 2004 by the Massachusetts Institute of Technology.
+ * 
+ * All rights reserved.
+ * 
+ * Export of this software from the United States of America may require a
+ * specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute
+ * this software and its documentation for any purpose and without fee is
+ * hereby granted, provided that the above copyright notice appear in all
+ * copies and that both that copyright notice and this permission notice
+ * appear in supporting documentation, and that the name of M.I.T. not be
+ * used in advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.  Furthermore if you
+ * modify this software you must label your software as modified software
+ * and not distribute it in such a fashion that it might be confused with
+ * the original MIT software. M.I.T. makes no representations about the
+ * suitability of this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ * 
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+ * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ * 
+ * Individual source code files are copyright MIT, Cygnus Support,
+ * OpenVision, Oracle, Sun Soft, FundsXpress, and others.
+ * 
+ * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
+ * and Zephyr are trademarks of the Massachusetts Institute of Technology
+ * (MIT).  No commercial use of these trademarks may be made without prior
+ * written permission of MIT.
+ * 
+ * "Commercial use" means use of a name in a product or other for-profit
+ * manner.  It does NOT prevent a commercial firm from referring to the MIT
+ * trademarks in order to convey information (although in doing so,
+ * recognition of their trademark status should be given).
+ * $
+ */
+
+/* ccstring.c */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <CredentialsCache.h>
+#include "ccstring.h"
+
+cc_int32
+cc_int_string_new( cc_string_t * pstring, char * data )
+{
+    cc_int_string_t string = (cc_int_string_t)malloc(sizeof(cc_int_string_d));
+    if ( string == NULL )
+        return ccErrNoMem;
+
+    string->functions = (cc_string_f *)malloc(sizeof(cc_string_f));
+    if ( string->functions == NULL ) {
+        free(string);
+        return ccErrNoMem;
+    }
+
+    string->magic = CC_STRING_MAGIC;
+    string->functions->release = cc_int_string_release;
+
+    string->data = strdup(data);
+    if ( string->data == NULL ) {
+        free(string->functions);
+        free(string);
+        return ccErrNoMem;
+    }
+
+    *pstring = (cc_string_t)string;
+    return ccNoError;
+}
+
+cc_int32
+cc_int_string_release( cc_string_t str )
+{
+    cc_int_string_t int_string;
+    if ( str == NULL )
+        return ccErrBadParam;
+
+    int_string = (cc_int_string_t)str;
+    if ( int_string->magic != CC_STRING_MAGIC )
+        return ccErrInvalidString;
+
+    free(int_string->functions);
+    free(int_string->data);
+    free(int_string);
+    return ccNoError;
+}
diff --git a/src/lib/ccapi/client/ccstring.h b/src/lib/ccapi/client/ccstring.h
new file mode 100644
index 0000000000..9e0ad223f5
--- /dev/null
+++ b/src/lib/ccapi/client/ccstring.h
@@ -0,0 +1,65 @@
+/* $Copyright:
+ *
+ * Copyright 2004 by the Massachusetts Institute of Technology.
+ * 
+ * All rights reserved.
+ * 
+ * Export of this software from the United States of America may require a
+ * specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute
+ * this software and its documentation for any purpose and without fee is
+ * hereby granted, provided that the above copyright notice appear in all
+ * copies and that both that copyright notice and this permission notice
+ * appear in supporting documentation, and that the name of M.I.T. not be
+ * used in advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.  Furthermore if you
+ * modify this software you must label your software as modified software
+ * and not distribute it in such a fashion that it might be confused with
+ * the original MIT software. M.I.T. makes no representations about the
+ * suitability of this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ * 
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+ * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ * 
+ * Individual source code files are copyright MIT, Cygnus Support,
+ * OpenVision, Oracle, Sun Soft, FundsXpress, and others.
+ * 
+ * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
+ * and Zephyr are trademarks of the Massachusetts Institute of Technology
+ * (MIT).  No commercial use of these trademarks may be made without prior
+ * written permission of MIT.
+ * 
+ * "Commercial use" means use of a name in a product or other for-profit
+ * manner.  It does NOT prevent a commercial firm from referring to the MIT
+ * trademarks in order to convey information (although in doing so,
+ * recognition of their trademark status should be given).
+ * $
+ */
+
+/* ccstring.h */
+
+#define CC_STRING_MAGIC ('S'<<24 | 'T'<<16 | 'R'<<8 | 'I')
+
+struct cc_int_string_d {
+    char*         data;
+    cc_string_f*  functions;
+#if TARGET_OS_MAC
+    cc_string_f*  otherFunctions;
+#endif
+    cc_uint32           magic;
+};
+typedef struct cc_int_string_d cc_int_string_d;
+typedef cc_int_string_d*    cc_int_string_t;
+
+cc_int32
+cc_int_string_new( cc_string_t * pstring, char * data );
+
+cc_int32
+cc_int_string_release( cc_string_t string );
+
+
diff --git a/src/lib/ccapi/client/context.c b/src/lib/ccapi/client/context.c
new file mode 100644
index 0000000000..86c41b8e70
--- /dev/null
+++ b/src/lib/ccapi/client/context.c
@@ -0,0 +1,849 @@
+/* $Copyright:
+ *
+ * Copyright 2004 by the Massachusetts Institute of Technology.
+ * 
+ * All rights reserved.
+ * 
+ * Export of this software from the United States of America may require a
+ * specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute
+ * this software and its documentation for any purpose and without fee is
+ * hereby granted, provided that the above copyright notice appear in all
+ * copies and that both that copyright notice and this permission notice
+ * appear in supporting documentation, and that the name of M.I.T. not be
+ * used in advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.  Furthermore if you
+ * modify this software you must label your software as modified software
+ * and not distribute it in such a fashion that it might be confused with
+ * the original MIT software. M.I.T. makes no representations about the
+ * suitability of this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ * 
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+ * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ * 
+ * Individual source code files are copyright MIT, Cygnus Support,
+ * OpenVision, Oracle, Sun Soft, FundsXpress, and others.
+ * 
+ * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
+ * and Zephyr are trademarks of the Massachusetts Institute of Technology
+ * (MIT).  No commercial use of these trademarks may be made without prior
+ * written permission of MIT.
+ * 
+ * "Commercial use" means use of a name in a product or other for-profit
+ * manner.  It does NOT prevent a commercial firm from referring to the MIT
+ * trademarks in order to convey information (although in doing so,
+ * recognition of their trademark status should be given).
+ * $
+ */
+
+/* context.c */                                                 
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <CredentialsCache.h>
+#include "context.h"
+#include "msg.h"
+#include "msg_headers.h"
+
+cc_int32
+cc_int_context_new( cc_context_t * pcontext, cc_handle handle, cc_uint32 version )
+{
+    cc_int_context_t context = (cc_int_context_t)malloc(sizeof(cc_int_context_d));
+    if (context == NULL)
+        return ccErrNoMem;
+
+    context->functions = (cc_context_f*)malloc(sizeof(cc_context_f));
+    if (context->functions == NULL) {
+        free(context);
+        return ccErrNoMem;
+    }
+
+    context->functions->release = cc_int_context_release;
+    context->functions->get_change_time = cc_int_context_get_change_time;
+    context->functions->get_default_ccache_name = cc_int_context_get_default_ccache_name;
+    context->functions->open_ccache = cc_int_context_open_ccache;
+    context->functions->open_default_ccache = cc_int_context_open_default_ccache;
+    context->functions->create_ccache = cc_int_context_create_ccache;
+    context->functions->create_default_ccache = cc_int_context_create_default_ccache;
+    context->functions->create_new_ccache = cc_int_context_create_new_ccache;
+    context->functions->new_ccache_iterator = cc_int_context_new_ccache_iterator;
+    context->functions->lock = cc_int_context_lock;
+    context->functions->unlock = cc_int_context_unlock;
+    context->functions->compare = cc_int_context_compare;
+
+    context->magic = CC_CONTEXT_MAGIC;
+    context->handle = handle;
+    context->api_version = version;
+
+    *pcontext = (cc_context_t)context;
+    return ccNoError;
+}
+
+cc_int32    
+cc_int_context_release( cc_context_t context )
+{
+    cc_int_context_t int_context;
+    cc_msg_t        *request;
+    ccmsg_ctx_release_t *request_header;
+    cc_msg_t        *response;
+    cc_int32 code;
+
+    if ( context == NULL )
+        return ccErrBadParam;
+
+    int_context = (cc_int_context_t)context;
+
+    if ( int_context->magic != CC_CONTEXT_MAGIC )
+        return ccErrInvalidContext;
+
+    request_header = (ccmsg_ctx_release_t*)malloc(sizeof(ccmsg_ctx_release_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+    request_header->ctx = int_context->handle;
+
+    code = cci_msg_new(ccmsg_CTX_RELEASE, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ctx_release_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        code = ccNoError;
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    free(int_context->functions);
+    free(int_context);
+    return code;
+}
+
+cc_int32
+cc_int_context_get_change_time( cc_context_t context,
+                                cc_time_t* time)
+{
+    cc_int_context_t int_context;
+    cc_msg_t        *request;
+    ccmsg_ctx_get_change_time_t *request_header;
+    cc_msg_t        *response;
+    ccmsg_ctx_get_change_time_resp_t *response_header;
+    cc_int32 code;
+
+    if ( context == NULL || time == NULL )
+        return ccErrBadParam;
+
+    int_context = (cc_int_context_t)context;
+
+    if ( int_context->magic != CC_CONTEXT_MAGIC )
+        return ccErrInvalidContext;
+
+    request_header = (ccmsg_ctx_get_change_time_t*)malloc(sizeof(ccmsg_ctx_get_change_time_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+    request_header->ctx = int_context->handle;
+
+    code = cci_msg_new(ccmsg_CTX_GET_CHANGE_TIME, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ctx_get_change_time_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        response_header = (ccmsg_ctx_get_change_time_resp_t*)response->header;
+        *time = response_header->time;
+        code = ccNoError;
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+
+cc_int32
+cc_int_context_get_default_ccache_name( cc_context_t context,
+                                        cc_string_t* name )
+{
+    cc_int_context_t int_context;
+    cc_msg_t        *request;
+    ccmsg_ctx_get_default_ccache_name_t *request_header;
+    cc_msg_t        *response;
+    ccmsg_ctx_get_default_ccache_name_resp_t *response_header;
+    cc_int32 code;
+
+    if ( context == NULL || name == NULL )
+        return ccErrBadParam;
+
+    int_context = (cc_int_context_t)context;
+
+    if ( int_context->magic != CC_CONTEXT_MAGIC )
+        return ccErrInvalidContext;
+
+    request_header = (ccmsg_ctx_get_default_ccache_name_t*)malloc(sizeof(ccmsg_ctx_get_default_ccache_name_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+    request_header->ctx = int_context->handle;
+
+    code = cci_msg_new(ccmsg_CTX_GET_DEFAULT_CCACHE_NAME, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ctx_get_default_ccache_name_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        char * string;
+        response_header = (ccmsg_ctx_get_default_ccache_name_resp_t*)response->header;
+        code = cci_msg_retrieve_blob(response, response_header->name_offset, 
+                                     response_header->name_len, &string);
+        if (code == ccNoError) {
+            code = cc_string_new(&name, string);
+            free(string);
+        }
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+
+cc_int32
+cc_int_context_compare( cc_context_t context,
+                        cc_context_t compare_to,
+                        cc_uint32* equal )
+{
+    cc_int_context_t int_context, int_compare_to;
+    cc_msg_t        *request;
+    ccmsg_ctx_compare_t *request_header;
+    cc_msg_t        *response;
+    ccmsg_ctx_compare_resp_t *response_header;
+    cc_int32 code;
+
+    if ( context == NULL || compare_to == NULL || 
+         equal == NULL )
+        return ccErrBadParam;
+
+    int_context = (cc_int_context_t)context;
+    int_compare_to = (cc_int_context_t)compare_to;
+
+    if ( int_context->magic != CC_CONTEXT_MAGIC ||
+         int_compare_to->magic != CC_CONTEXT_MAGIC )
+        return ccErrInvalidContext;
+
+    request_header = (ccmsg_ctx_compare_t*)malloc(sizeof(ccmsg_ctx_compare_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+    request_header->ctx1 = int_context->handle;
+    request_header->ctx2 = int_compare_to->handle;
+
+    code = cci_msg_new(ccmsg_CTX_COMPARE, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ctx_compare_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        response_header = (ccmsg_ctx_compare_resp_t*)response->header;
+        *equal = response_header->is_equal;
+        code = ccNoError;
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+
+
+cc_int32
+cc_int_context_new_ccache_iterator( cc_context_t context,
+                                    cc_ccache_iterator_t* iterator )
+{
+    cc_int_context_t int_context;
+    cc_msg_t        *request;
+    ccmsg_ctx_new_ccache_iterator_t *request_header;
+    cc_msg_t        *response;
+    ccmsg_ctx_new_ccache_iterator_resp_t *response_header;
+    cc_int32 code;
+
+    if ( context == NULL || iterator == NULL )
+        return ccErrBadParam;
+
+    int_context = (cc_int_context_t)context;
+
+    if ( int_context->magic != CC_CONTEXT_MAGIC )
+        return ccErrInvalidContext;
+
+    request_header = (ccmsg_ctx_new_ccache_iterator_t*)malloc(sizeof(ccmsg_ctx_new_ccache_iterator_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+    request_header->ctx = int_context->handle;
+
+    code = cci_msg_new(ccmsg_CTX_NEW_CCACHE_ITERATOR, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ctx_new_ccache_iterator_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        response_header = (ccmsg_ctx_new_ccache_iterator_resp_t*)response->header;
+        code = cc_int_ccache_iterator_new(iterator, int_context->handle, response_header->iterator);
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+
+cc_int32
+cc_int_context_open_ccache( cc_context_t context,
+                            const char* name,
+                            cc_ccache_t* ccache )
+{
+    cc_uint32 blob_pos;
+    cc_int_context_t int_context;
+    cc_msg_t        *request;
+    ccmsg_ccache_open_t *request_header;
+    cc_msg_t        *response;
+    ccmsg_ccache_open_resp_t *response_header;
+    cc_int32 code;
+
+    if ( context == NULL || name == NULL || ccache == NULL )
+        return ccErrBadParam;
+
+    int_context = (cc_int_context_t)context;
+
+    if ( int_context->magic != CC_CONTEXT_MAGIC )
+        return ccErrInvalidContext;
+
+    request_header = (ccmsg_ccache_open_t*)malloc(sizeof(ccmsg_ccache_open_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+
+    code = cci_msg_new(ccmsg_CCACHE_OPEN, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_data_blob(request, (void *)name, strlen(name) + 1, &blob_pos);
+    if (code != ccNoError) {
+        cci_msg_destroy(request);
+        free(request_header);
+        return code;
+    }
+    
+    request_header->ctx = int_context->handle;
+    request_header->name_offset = blob_pos;
+    request_header->name_len = strlen(name) + 1;
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ccache_open_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        response_header = (ccmsg_ccache_open_resp_t*)response->header;
+        code = cc_cache_new(ccache, response_header->ccache);
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+
+cc_int32
+cc_int_context_open_default_ccache( cc_context_t context,
+                                    cc_ccache_t* ccache)
+{
+    cc_int_context_t int_context;
+    cc_msg_t        *request;
+    ccmsg_ccache_open_default_t *request_header;
+    cc_msg_t        *response;
+    ccmsg_ccache_open_resp_t *response_header;
+    cc_int32 code;
+
+    if ( context == NULL || ccache == NULL )
+        return ccErrBadParam;
+
+    int_context = (cc_int_context_t)context;
+
+    if ( int_context->magic != CC_CONTEXT_MAGIC )
+        return ccErrInvalidContext;
+
+    request_header = (ccmsg_ccache_open_default_t*)malloc(sizeof(ccmsg_ccache_open_default_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+
+    code = cci_msg_new(ccmsg_CCACHE_OPEN_DEFAULT, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    request_header->ctx = int_context->handle;
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ccache_open_default_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        response_header = (ccmsg_ccache_open_resp_t*)response->header;
+        code = cc_cache_new(ccache, response_header->ccache);
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+
+cc_int32
+cc_int_context_create_ccache( cc_context_t context,
+                              const char* name,
+                              cc_uint32 cred_vers,
+                              const char* principal, 
+                              cc_ccache_t* ccache )
+{
+    cc_uint32 blob_pos;
+    cc_int_context_t int_context;
+    cc_msg_t        *request;
+    ccmsg_ccache_create_t *request_header;
+    cc_msg_t        *response;
+    ccmsg_ccache_create_resp_t *response_header;
+    cc_int32 code;
+
+    if ( context == NULL || name == NULL || 
+         cred_vers == 0 || cred_vers > cc_credentials_v4_v5 ||
+         principal == NULL || ccache == NULL )
+        return ccErrBadParam;
+
+    int_context = (cc_int_context_t)context;
+
+    if ( int_context->magic != CC_CONTEXT_MAGIC )
+        return ccErrInvalidContext;
+
+    request_header = (ccmsg_ccache_create_t*)malloc(sizeof(ccmsg_ccache_create_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+
+    code = cci_msg_new(ccmsg_CCACHE_CREATE, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_data_blob(request, (void *)name, strlen(name) + 1, &blob_pos);
+    if (code != ccNoError) {
+        cci_msg_destroy(request);
+        free(request_header);
+        return code;
+    }
+    
+    request_header->ctx = int_context->handle;
+    request_header->version = cred_vers;
+    request_header->name_offset = blob_pos;
+    request_header->name_len = strlen(name) + 1;
+
+    code = cci_msg_add_data_blob(request, (void *)principal, strlen(principal) + 1, &blob_pos);
+    if (code != ccNoError) {
+        cci_msg_destroy(request);
+        free(request_header);
+        return code;
+    }
+    request_header->principal_offset = blob_pos;
+    request_header->principal_len = strlen(principal) + 1;
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ccache_create_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        response_header = (ccmsg_ccache_create_resp_t*)response->header;
+        code = cc_cache_new(ccache, response_header->ccache);
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+
+cc_int32
+cc_int_context_create_default_ccache( cc_context_t context,
+                                      cc_uint32 cred_vers,
+                                      const char* principal, 
+                                      cc_ccache_t* ccache )
+{
+    cc_uint32 blob_pos;
+    cc_int_context_t int_context;
+    cc_msg_t        *request;
+    ccmsg_ccache_create_default_t *request_header;
+    cc_msg_t        *response;
+    ccmsg_ccache_create_resp_t *response_header;
+    cc_int32 code;
+
+    if ( context == NULL ||
+         cred_vers == 0 || cred_vers > cc_credentials_v4_v5 ||
+         principal == NULL || ccache == NULL )
+        return ccErrBadParam;
+
+    int_context = (cc_int_context_t)context;
+
+    if ( int_context->magic != CC_CONTEXT_MAGIC )
+        return ccErrInvalidContext;
+
+    request_header = (ccmsg_ccache_create_default_t*)malloc(sizeof(ccmsg_ccache_create_default_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+
+    code = cci_msg_new(ccmsg_CCACHE_CREATE_DEFAULT, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    request_header->ctx = int_context->handle;
+    request_header->version = cred_vers;
+
+    code = cci_msg_add_data_blob(request, (void *)principal, strlen(principal) + 1, &blob_pos);
+    if (code != ccNoError) {
+        cci_msg_destroy(request);
+        free(request_header);
+        return code;
+    }
+    request_header->principal_offset = blob_pos;
+    request_header->principal_len = strlen(principal) + 1;
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ccache_create_default_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        response_header = (ccmsg_ccache_create_resp_t*)response->header;
+        code = cc_cache_new(ccache, response_header->ccache);
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+
+cc_int32
+cc_int_context_create_new_ccache( cc_context_t context,
+                                  cc_uint32 cred_vers,
+                                  const char* principal, 
+                                  cc_ccache_t* ccache )
+{
+    cc_uint32 blob_pos;
+    cc_int_context_t int_context;
+    cc_msg_t        *request;
+    ccmsg_ccache_create_unique_t *request_header;
+    cc_msg_t        *response;
+    ccmsg_ccache_create_resp_t *response_header;
+    cc_int32 code;
+
+    if ( context == NULL ||
+         cred_vers == 0 || cred_vers > cc_credentials_v4_v5 ||
+         principal == NULL || ccache == NULL )
+        return ccErrBadParam;
+
+    int_context = (cc_int_context_t)context;
+
+    if ( int_context->magic != CC_CONTEXT_MAGIC )
+        return ccErrInvalidContext;
+
+    request_header = (ccmsg_ccache_create_unique_t*)malloc(sizeof(ccmsg_ccache_create_unique_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+
+    code = cci_msg_new(ccmsg_CCACHE_CREATE_UNIQUE, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    request_header->ctx = int_context->handle;
+    request_header->version = cred_vers;
+
+    code = cci_msg_add_data_blob(request, (void *)principal, strlen(principal) + 1, &blob_pos);
+    if (code != ccNoError) {
+        cci_msg_destroy(request);
+        free(request_header);
+        return code;
+    }
+    request_header->principal_offset = blob_pos;
+    request_header->principal_len = strlen(principal) + 1;
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ccache_create_unique_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        response_header = (ccmsg_ccache_create_resp_t*)response-> header;
+        code = cc_cache_new(ccache, response_header->ccache);
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+ 
+cc_int32
+cc_int_context_lock( cc_context_t context,
+                     cc_uint32 lock_type,
+                     cc_uint32 block )
+{
+    cc_int_context_t int_context;
+    cc_msg_t        *request;
+    ccmsg_ctx_lock_t *request_header;
+    cc_msg_t        *response;
+    cc_int32 code;
+
+    if ( context == NULL || 
+         (lock_type != cc_lock_read && lock_type != cc_lock_write) ||
+         (block != cc_lock_block && block != cc_lock_noblock) )
+        return ccErrBadParam;
+
+    int_context = (cc_int_context_t)context;
+
+    if ( int_context->magic != CC_CONTEXT_MAGIC )
+        return ccErrInvalidContext;
+
+    request_header = (ccmsg_ctx_lock_t*)malloc(sizeof(ccmsg_ctx_lock_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+
+    code = cci_msg_new(ccmsg_CTX_LOCK, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    request_header->ctx = int_context->handle;
+    request_header->lock_type;
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ctx_lock_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+
+        // TODO: if (block == cc_lock_block) .....
+    } else if (response->type == ccmsg_ACK) {
+        code = ccNoError;
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+
+cc_int32
+cc_int_context_unlock( cc_context_t context )
+{
+    cc_int_context_t int_context;
+    cc_msg_t        *request;
+    ccmsg_ctx_unlock_t *request_header;
+    cc_msg_t        *response;
+    cc_int32 code;
+
+    if ( context == NULL )
+        return ccErrBadParam;
+
+    int_context = (cc_int_context_t)context;
+
+    if ( int_context->magic != CC_CONTEXT_MAGIC )
+        return ccErrInvalidContext;
+
+    request_header = (ccmsg_ctx_unlock_t*)malloc(sizeof(ccmsg_ctx_unlock_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+
+    code = cci_msg_new(ccmsg_CTX_UNLOCK, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    request_header->ctx = int_context->handle;
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_ctx_unlock_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        code = ccNoError;
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+
+cc_int32
+cc_int_context_clone( cc_context_t      inContext,
+                      cc_context_t*     outContext,
+                      cc_int32          requestedVersion,
+                      cc_int32*         supportedVersion,
+                      char const**      vendor )
+{
+    cc_int_context_t int_context, new_context;
+    static char vendor_st[128] = "";
+    cc_msg_t     *request;
+    ccmsg_clone_t *request_header;
+    cc_msg_t     *response;
+    ccmsg_clone_resp_t *response_header;
+    cc_int32 code;
+
+    if ( inContext == NULL ||
+         outContext == NULL ||
+         supportedVersion == NULL )
+        return ccErrBadParam;
+
+    int_context = (cc_int_context_t)context;
+
+    if ( int_context->magic != CC_CONTEXT_MAGIC )
+        return ccErrInvalidContext;
+
+    if ((requestedVersion != ccapi_version_2) &&
+         (requestedVersion != ccapi_version_3) &&
+         (requestedVersion != ccapi_version_4) &&
+         (requestedVersion != ccapi_version_5)) {
+
+        if (supportedVersion != NULL) {
+            *supportedVersion = ccapi_version_5;
+        }
+        return ccErrBadAPIVersion;
+    }   
+
+    request_header = (ccmsg_clone_t*)malloc(sizeof(ccmsg_clone_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+
+    request_header->ctx = int_context->handle;
+    request_header->in_version = requestedVersion;
+
+    code = cci_msg_new(ccmsg_INIT, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_init_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        response_header = (ccmsg_clone_resp_t *)response->header;
+        *supportedVersion = response_header->out_version;
+        code = cc_int_context_new(outContext, response_header->out_ctx, response_header->out_version);
+
+        if (!vendor_st[0]) {
+            char * string;
+            code = cci_msg_retrieve_blob(response, response_header->vendor_offset, response_header->vendor_length, &string);
+            strncpy(vendor_st, string, sizeof(vendor_st)-1);
+            vendor_st[sizeof(vendor_st)-1] = '\0';
+            free(string);
+        } 
+        *vendor = vendor_st;
+
+        code = ccNoError;
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
+
+cc_int32
+cc_int_context_get_version( cc_context_t        context,
+                            cc_int32*           version )
+{
+    cc_int_context_t int_context;
+    cc_int32 code;
+
+    if ( context == NULL ||
+         version == NULL )
+        return ccErrBadParam;
+
+    int_context = (cc_int_context_t)context;
+
+    if ( int_context->magic != CC_CONTEXT_MAGIC )
+        return ccErrInvalidContext;
+
+    *version = int_context->api_version;
+    return ccNoError;
+}
+
+
diff --git a/src/lib/ccapi/client/context.h b/src/lib/ccapi/client/context.h
new file mode 100644
index 0000000000..cd5ca678d4
--- /dev/null
+++ b/src/lib/ccapi/client/context.h
@@ -0,0 +1,131 @@
+/* $Copyright:
+ *
+ * Copyright 2004 by the Massachusetts Institute of Technology.
+ * 
+ * All rights reserved.
+ * 
+ * Export of this software from the United States of America may require a
+ * specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute
+ * this software and its documentation for any purpose and without fee is
+ * hereby granted, provided that the above copyright notice appear in all
+ * copies and that both that copyright notice and this permission notice
+ * appear in supporting documentation, and that the name of M.I.T. not be
+ * used in advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.  Furthermore if you
+ * modify this software you must label your software as modified software
+ * and not distribute it in such a fashion that it might be confused with
+ * the original MIT software. M.I.T. makes no representations about the
+ * suitability of this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ * 
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+ * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ * 
+ * Individual source code files are copyright MIT, Cygnus Support,
+ * OpenVision, Oracle, Sun Soft, FundsXpress, and others.
+ * 
+ * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
+ * and Zephyr are trademarks of the Massachusetts Institute of Technology
+ * (MIT).  No commercial use of these trademarks may be made without prior
+ * written permission of MIT.
+ * 
+ * "Commercial use" means use of a name in a product or other for-profit
+ * manner.  It does NOT prevent a commercial firm from referring to the MIT
+ * trademarks in order to convey information (although in doing so,
+ * recognition of their trademark status should be given).
+ * $
+ */
+
+/* context.h */
+
+#define CC_CONTEXT_MAGIC ('C'<<24 | 'C'<<16 | 'T'<<8 | 'X')
+
+struct cc_int_context {
+    cc_context_f*	functions;
+
+    cc_uint32           magic;
+#ifdef CCAPI_V2_COMPAT
+    cc_uint32           version;
+#endif
+    cc_uint32           api_version;
+    cc_handle           handle;
+};
+typedef struct cc_int_context cc_int_context_d;
+typedef cc_int_context_d*     cc_int_context_t;
+
+cc_int32
+cc_int_context_new( cc_context_t *pcontext, cc_handle handle, cc_uint32 version );
+
+cc_int32    
+cc_int_context_release( cc_context_t context );
+
+cc_int32
+cc_int_context_get_change_time( cc_context_t context,
+                                cc_time_t* time);
+
+cc_int32
+cc_int_context_get_default_ccache_name( cc_context_t context,
+                                        cc_string_t* name );
+
+cc_int32
+cc_int_context_open_ccache( cc_context_t context,
+                            const char* name,
+                            cc_ccache_t* ccache );
+
+cc_int32
+cc_int_context_open_default_ccache( cc_context_t context,
+                                    cc_ccache_t* ccache );
+
+cc_int32
+cc_int_context_create_ccache( cc_context_t context,
+                              const char* name,
+                              cc_uint32 cred_vers,
+                              const char* principal, 
+                              cc_ccache_t* ccache );
+
+cc_int32
+cc_int_context_create_default_ccache( cc_context_t context,
+                                      cc_uint32 cred_vers,
+                                      const char* principal, 
+                                      cc_ccache_t* ccache );
+
+cc_int32
+cc_int_context_create_new_ccache( cc_context_t context,
+                                  cc_uint32 cred_vers,
+                                  const char* principal, 
+                                  cc_ccache_t* ccache );
+ 
+cc_int32
+cc_int_context_new_ccache_iterator( cc_context_t context,
+                                    cc_ccache_iterator_t* iterator );
+
+cc_int32
+cc_int_context_lock( cc_context_t context,
+                     cc_uint32 lock_type,
+                     cc_uint32 block );
+
+cc_int32
+cc_int_context_unlock( cc_context_t context );
+
+cc_int32
+cc_int_context_compare( cc_context_t context,
+                        cc_context_t compare_to,
+                        cc_uint32*   equal );
+
+cc_int32
+cc_int_context_clone( cc_context_t      inContext,
+                      cc_context_t*     outContext,
+                      cc_int32          requestedVersion,
+                      cc_int32*         supportedVersion,
+                      char const**      vendor );
+
+cc_int32
+cc_int_context_get_version( cc_context_t        context,
+                            cc_int32*           version );
+
+
diff --git a/src/lib/ccapi/client/credentials.c b/src/lib/ccapi/client/credentials.c
new file mode 100644
index 0000000000..b0a3df2b75
--- /dev/null
+++ b/src/lib/ccapi/client/credentials.c
@@ -0,0 +1,181 @@
+/* $Copyright:
+ *
+ * Copyright 2004 by the Massachusetts Institute of Technology.
+ * 
+ * All rights reserved.
+ * 
+ * Export of this software from the United States of America may require a
+ * specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute
+ * this software and its documentation for any purpose and without fee is
+ * hereby granted, provided that the above copyright notice appear in all
+ * copies and that both that copyright notice and this permission notice
+ * appear in supporting documentation, and that the name of M.I.T. not be
+ * used in advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.  Furthermore if you
+ * modify this software you must label your software as modified software
+ * and not distribute it in such a fashion that it might be confused with
+ * the original MIT software. M.I.T. makes no representations about the
+ * suitability of this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ * 
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+ * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ * 
+ * Individual source code files are copyright MIT, Cygnus Support,
+ * OpenVision, Oracle, Sun Soft, FundsXpress, and others.
+ * 
+ * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
+ * and Zephyr are trademarks of the Massachusetts Institute of Technology
+ * (MIT).  No commercial use of these trademarks may be made without prior
+ * written permission of MIT.
+ * 
+ * "Commercial use" means use of a name in a product or other for-profit
+ * manner.  It does NOT prevent a commercial firm from referring to the MIT
+ * trademarks in order to convey information (although in doing so,
+ * recognition of their trademark status should be given).
+ * $
+ */
+
+/* credentials.c */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <CredentialsCache.h>
+#include "credentials.h"
+#include "msg.h"
+#include "msg_headers.h"
+
+
+cc_int32
+cc_int_credentials_new( cc_credentials_t *pcredentials, cc_uint32 version, 
+                    cc_handle ctx, cc_handle ccache, cc_handle handle, 
+                    char * data, cc_uint32 len )
+{
+    cc_int_credentials_t credentials;
+    cc_int32 code;
+    
+    if ( pcredentials == NULL )
+        return ccErrBadParam;
+
+    credentials = (cc_int_credentials_t)malloc(sizeof(cc_int_credentials_d));
+    if ( credentials == NULL )
+        return ccErrNoMem;
+
+    credentials->data = (cc_credentials_union *)malloc(sizeof(cc_credentials_union));
+    if ( credentials->data == NULL ) {
+        free(credentials);
+        return ccErrNoMem;
+    }
+
+    credentials->functions = (cc_credentials_f *)malloc(sizeof(cc_credentials_f));
+    if ( credentials->functions == NULL ) {
+        free(credentials->data);
+        free(credentials);
+        return ccErrNoMem;
+    }
+
+    credentials->functions->release = cc_int_credentials_release;
+    credentials->functions->compare = cc_int_credentials_compare;
+    credentials->magic = CC_CREDS_MAGIC;
+    credentials->ctx = ctx;
+    credentials->ccache = ccache;
+    credentials->handle = handle;
+
+    switch ( version ) {
+    case cc_credentials_v4:
+        code = cci_cred_v4_unmarshall(data, len, credentials->data);
+        break;
+    case cc_credentials_v5:
+        code = cci_cred_v5_unmarshall(data, len, credentials->data);
+        break;
+    default:
+        free(credentials);
+        return ccErrBadCredentialsVersion;
+    }
+
+    *pcredentials = (cc_credentials_t)credentials;
+    return ccNoError;
+}
+
+
+cc_int32
+cc_int_credentials_release( cc_credentials_t creds )
+{
+    cc_int_credentials_t int_creds;
+    unsigned short i;
+
+    if ( creds == NULL )
+        return ccErrBadParam;
+
+    int_creds = (cc_int_credentials_t)creds;
+
+    if ( int_creds->magic != CC_CREDS_MAGIC )
+        return ccErrInvalidCredentials;
+
+    switch (int_creds->data->version) {
+    case cc_credentials_v4:
+        free(int_creds->data->credentials.credentials_v4);
+        break;
+    case cc_credentials_v5:
+        if ( int_creds->data->credentials.credentials_v5->client )
+            free(int_creds->data->credentials.credentials_v5->client);
+        if ( int_creds->data->credentials.credentials_v5->server )
+            free(int_creds->data->credentials.credentials_v5->server );
+        if ( int_creds->data->credentials.credentials_v5->keyblock.data )
+            free(int_creds->data->credentials.credentials_v5->keyblock.data);
+        if ( int_creds->data->credentials.credentials_v5->ticket.data )
+            free(int_creds->data->credentials.credentials_v5->ticket.data);
+        if ( int_creds->data->credentials.credentials_v5->second_ticket.data )
+            free(int_creds->data->credentials.credentials_v5->second_ticket.data);
+        if ( int_creds->data->credentials.credentials_v5->addresses ) {
+            for ( i=0; int_creds->data->credentials.credentials_v5->addresses[i]; i++) {
+                if (int_creds->data->credentials.credentials_v5->addresses[i]->data)
+                    free(int_creds->data->credentials.credentials_v5->addresses[i]->data);
+            }
+            free(int_creds->data->credentials.credentials_v5->addresses);
+        }
+        if ( int_creds->data->credentials.credentials_v5->authdata ) {
+            for ( i=0; int_creds->data->credentials.credentials_v5->authdata[i]; i++) {
+                if ( int_creds->data->credentials.credentials_v5->authdata[i]->data )
+                    free(int_creds->data->credentials.credentials_v5->authdata[i]->data);
+            }
+            free(int_creds->data->credentials.credentials_v5->authdata);
+        }
+        break;
+    default:
+        return ccErrBadCredentialsVersion;
+    }
+
+    free(int_creds->functions);
+    free(int_creds->data);
+    free(int_creds);
+    return ccNoError;
+}
+
+cc_int32
+cc_int_credentials_compare( cc_credentials_t credentials,
+                        cc_credentials_t compare_to,
+                        cc_uint32* equal )
+{
+    cc_int_credentials_t int_credentials;
+    cc_int_credentials_t int_compare_to;
+
+    if ( credentials == NULL || compare_to == NULL || equal == NULL )
+        return ccErrBadParam;
+
+    
+    if ( int_credentials->magic != CC_CREDS_MAGIC ||
+         int_compare_to->magic != CC_CREDS_MAGIC )
+        return ccErrInvalidCredentials;
+
+    int_credentials = (cc_int_credentials_t)credentials;
+    int_compare_to  = (cc_int_credentials_t)compare_to;
+
+    *equal = (int_credentials->handle == int_compare_to->handle);
+    return ccNoError;
+}
diff --git a/src/lib/ccapi/client/credentials.h b/src/lib/ccapi/client/credentials.h
new file mode 100644
index 0000000000..320c618257
--- /dev/null
+++ b/src/lib/ccapi/client/credentials.h
@@ -0,0 +1,94 @@
+/* $Copyright:
+ *
+ * Copyright 2004 by the Massachusetts Institute of Technology.
+ * 
+ * All rights reserved.
+ * 
+ * Export of this software from the United States of America may require a
+ * specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute
+ * this software and its documentation for any purpose and without fee is
+ * hereby granted, provided that the above copyright notice appear in all
+ * copies and that both that copyright notice and this permission notice
+ * appear in supporting documentation, and that the name of M.I.T. not be
+ * used in advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.  Furthermore if you
+ * modify this software you must label your software as modified software
+ * and not distribute it in such a fashion that it might be confused with
+ * the original MIT software. M.I.T. makes no representations about the
+ * suitability of this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ * 
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+ * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ * 
+ * Individual source code files are copyright MIT, Cygnus Support,
+ * OpenVision, Oracle, Sun Soft, FundsXpress, and others.
+ * 
+ * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
+ * and Zephyr are trademarks of the Massachusetts Institute of Technology
+ * (MIT).  No commercial use of these trademarks may be made without prior
+ * written permission of MIT.
+ * 
+ * "Commercial use" means use of a name in a product or other for-profit
+ * manner.  It does NOT prevent a commercial firm from referring to the MIT
+ * trademarks in order to convey information (although in doing so,
+ * recognition of their trademark status should be given).
+ * $
+ */
+
+/* credentials.h */
+
+#define CC_CREDS_MAGIC ('C'<<24 | 'R'<<16 | 'E'<<8 | 'D')
+
+struct cc_int_credentials_d {
+    cc_credentials_union* data;
+    cc_credentials_f* functions;
+#if TARGET_OS_MAC
+    cc_credentials_f*     otherFunctions;
+#endif
+    cc_uint32   magic;
+    cc_handle   ctx;
+    cc_handle   ccache;
+    cc_handle   handle;
+};
+typedef struct cc_int_credentials_d cc_int_credentials_d;
+typedef cc_int_credentials_d* cc_int_credentials_t;
+
+cc_int32
+cc_int_credentials_new( cc_credentials_t * pcredentials, cc_uint32 version, 
+                    cc_handle ctx, cc_handle ccache, cc_handle handle, 
+                    char * data, cc_uint32 len);
+
+cc_int32
+cc_int_credentials_release( cc_credentials_t credentials );
+
+cc_int32
+cc_int_credentials_compare( cc_credentials_t credentials,
+                        cc_credentials_t compare_to,
+                        cc_uint32* equal );
+
+cc_int32
+cci_creds_v4_marshall( cc_credentials_v4_t * creds, 
+                       char ** flat, 
+                       cc_uint32 * len);
+
+cc_int32
+cci_creds_v5_marshall( cc_credentials_v5_t * creds, 
+                       char ** flat, 
+                       cc_uint32 * len);
+
+cc_int32
+cci_creds_v4_unmarshall( char * flat, 
+                             cc_uint32 len,
+                             cc_credentials_union * creds);
+
+cc_int32
+cci_creds_v5_unmarshall( char * flat, 
+                         cc_uint32 len,
+                         cc_credentials_union * creds);
+
diff --git a/src/lib/ccapi/client/credentials_iterator.c b/src/lib/ccapi/client/credentials_iterator.c
new file mode 100644
index 0000000000..b7333daf30
--- /dev/null
+++ b/src/lib/ccapi/client/credentials_iterator.c
@@ -0,0 +1,187 @@
+/* $Copyright:
+ *
+ * Copyright 2004 by the Massachusetts Institute of Technology.
+ * 
+ * All rights reserved.
+ * 
+ * Export of this software from the United States of America may require a
+ * specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute
+ * this software and its documentation for any purpose and without fee is
+ * hereby granted, provided that the above copyright notice appear in all
+ * copies and that both that copyright notice and this permission notice
+ * appear in supporting documentation, and that the name of M.I.T. not be
+ * used in advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.  Furthermore if you
+ * modify this software you must label your software as modified software
+ * and not distribute it in such a fashion that it might be confused with
+ * the original MIT software. M.I.T. makes no representations about the
+ * suitability of this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ * 
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+ * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ * 
+ * Individual source code files are copyright MIT, Cygnus Support,
+ * OpenVision, Oracle, Sun Soft, FundsXpress, and others.
+ * 
+ * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
+ * and Zephyr are trademarks of the Massachusetts Institute of Technology
+ * (MIT).  No commercial use of these trademarks may be made without prior
+ * written permission of MIT.
+ * 
+ * "Commercial use" means use of a name in a product or other for-profit
+ * manner.  It does NOT prevent a commercial firm from referring to the MIT
+ * trademarks in order to convey information (although in doing so,
+ * recognition of their trademark status should be given).
+ * $
+ */
+
+/* credentials_iterator.c */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <CredentialsCache.h>
+#include "credentials_iterator.h"
+#include "msg.h"
+#include "msg_headers.h"
+
+
+cc_int32
+cc_int_credentials_iterator_new( cc_credentials_iterator_t * piter, 
+                                 cc_handle ctx,
+                                 cc_handle ccache,
+                                 cc_handle handle )
+{
+    cc_int_credentials_iterator_t iter;
+
+    if ( piter == NULL )
+        return ccErrBadParam;
+
+    iter = (cc_int_credentials_iterator_t) malloc( sizeof(cc_int_credentials_iterator_d) );
+    if ( iter == NULL )
+        return ccErrNoMem;
+
+    iter->functions = (cc_credentials_iterator_f*)malloc(sizeof(cc_credentials_iterator_f));
+    if ( iter->functions == NULL ) {
+        free(iter);
+        return ccErrNoMem;
+    }
+
+    iter->functions->release = cc_int_credentials_iterator_release;
+    iter->functions->next = cc_int_credentials_iterator_next;
+    iter->magic = CC_CREDS_ITER_MAGIC;
+    iter->ctx = ctx;
+    iter->ccache = ccache;
+    iter->handle = handle;
+
+    *piter = (cc_credentials_iterator_t) iter;
+    return ccNoError;
+}
+
+cc_int32
+cc_int_credentials_iterator_release( cc_credentials_iterator_t iter )
+{
+    cc_int_credentials_iterator_t int_iter;
+    cc_msg_t        *request;
+    ccmsg_creds_iterator_release_t *request_header;
+    cc_msg_t        *response;
+    cc_int32 code;
+
+    if ( iter == NULL )
+        return ccErrBadParam;
+
+    int_iter = (cc_int_credentials_iterator_t) iter;
+
+    if ( int_iter->magic != CC_CREDS_ITER_MAGIC )
+        return ccErrInvalidCredentialsIterator;
+
+    request_header = (ccmsg_creds_iterator_release_t*)malloc(sizeof(ccmsg_creds_iterator_release_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+    request_header->ctx = int_iter->ctx;
+    request_header->ccache = int_iter->ccache;
+    request_header->iterator = int_iter->handle;
+    code = cci_msg_new(ccmsg_CREDS_ITERATOR_RELEASE, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_creds_iterator_release_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        code = ccNoError;
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+
+    free(int_iter->functions);
+    free(int_iter);
+    return ccNoError;
+}
+
+cc_int32
+cc_int_credentials_iterator_next( cc_credentials_iterator_t iter,
+                                  cc_credentials_t * credentials )
+{
+    cc_int_credentials_iterator_t int_iter;
+    cc_msg_t        *request;
+    ccmsg_creds_iterator_next_t *request_header;
+    cc_msg_t        *response;
+    cc_int32 code;
+
+    if ( credentials == NULL )
+        return ccErrBadParam;
+
+    int_iter = (cc_int_credentials_iterator_t)iter;
+
+    if ( int_iter->magic != CC_CREDS_ITER_MAGIC )
+        return ccErrInvalidCredentialsIterator;
+
+    request_header = (ccmsg_creds_iterator_next_t*)malloc(sizeof(ccmsg_creds_iterator_next_t));
+    if (request_header == NULL)
+        return ccErrNoMem;
+    request_header->ctx = int_iter->ctx;
+    request_header->ccache = int_iter->ccache;
+    request_header->iterator = int_iter->handle;
+
+    code = cci_msg_new(ccmsg_CREDS_ITERATOR_NEXT, &request);
+    if (code != ccNoError) {
+        free(request_header);
+        return code;
+    }
+
+    code = cci_msg_add_header(request, request_header, sizeof(ccmsg_creds_iterator_next_t));
+
+    code = cci_perform_rpc(request, &response);
+
+    if (response->type == ccmsg_NACK) {
+        ccmsg_nack_t * nack_header = (ccmsg_nack_t *)response->header;
+        code = nack_header->err_code;
+    } else if (response->type == ccmsg_ACK) {
+        char * blob;
+        ccmsg_creds_iterator_next_resp_t * response_header = (ccmsg_creds_iterator_next_resp_t*)response->header;
+        code = cci_msg_retrieve_blob(response, response_header->creds_offset, response_header->creds_len, &blob);
+        code = cc_credentials_new(credentials, response_header->version,
+                                  int_iter->ctx, int_iter->ccache, response_header->creds_handle, 
+                                  blob, response_header->creds_len);
+        free(blob);
+    } else {
+        code = ccErrBadInternalMessage;
+    }
+    cci_msg_destroy(request);
+    cci_msg_destroy(response);
+    return code;
+}
diff --git a/src/lib/ccapi/client/credentials_iterator.h b/src/lib/ccapi/client/credentials_iterator.h
new file mode 100644
index 0000000000..2a6f8edf2d
--- /dev/null
+++ b/src/lib/ccapi/client/credentials_iterator.h
@@ -0,0 +1,72 @@
+/* $Copyright:
+ *
+ * Copyright 2004 by the Massachusetts Institute of Technology.
+ * 
+ * All rights reserved.
+ * 
+ * Export of this software from the United States of America may require a
+ * specific license from the United States Government.  It is the
+ * responsibility of any person or organization contemplating export to
+ * obtain such a license before exporting.
+ * 
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and distribute
+ * this software and its documentation for any purpose and without fee is
+ * hereby granted, provided that the above copyright notice appear in all
+ * copies and that both that copyright notice and this permission notice
+ * appear in supporting documentation, and that the name of M.I.T. not be
+ * used in advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.  Furthermore if you
+ * modify this software you must label your software as modified software
+ * and not distribute it in such a fashion that it might be confused with
+ * the original MIT software. M.I.T. makes no representations about the
+ * suitability of this software for any purpose.  It is provided "as is"
+ * without express or implied warranty.
+ * 
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
+ * MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ * 
+ * Individual source code files are copyright MIT, Cygnus Support,
+ * OpenVision, Oracle, Sun Soft, FundsXpress, and others.
+ * 
+ * Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
+ * and Zephyr are trademarks of the Massachusetts Institute of Technology
+ * (MIT).  No commercial use of these trademarks may be made without prior
+ * written permission of MIT.
+ * 
+ * "Commercial use" means use of a name in a product or other for-profit
+ * manner.  It does NOT prevent a commercial firm from referring to the MIT
+ * trademarks in order to convey information (although in doing so,
+ * recognition of their trademark status should be given).
+ * $
+ */
+
+/* credentials_iterator.h */
+
+#define CC_CREDS_ITER_MAGIC ('C'<<24 | 'R'<<16 | 'I'<<8 | 'T')
+
+struct cc_int_credentials_iterator_d {
+    cc_credentials_iterator_f*	functions;
+#if TARGET_OS_MAC
+    cc_credentials_iterator_f*	otherFunctions;
+#endif
+    cc_uint32   magic;
+    cc_handle   handle;
+    cc_handle   ccache;
+    cc_handle   ctx;
+};
+typedef struct cc_int_credentials_iterator_d cc_int_credentials_iterator_d;
+typedef cc_int_credentials_iterator_d*	cc_int_credentials_iterator_t;
+
+
+cc_int32
+cc_int_credentials_iterator_new( cc_credentials_iterator_t * piter, cc_handle ctx, cc_handle ccache, cc_handle iter );
+
+cc_int32
+cc_int_credentials_iterator_release( cc_credentials_iterator_t iter );
+
+cc_int32
+cc_int_credentials_iterator_next( cc_credentials_iterator_t iter,
+                                  cc_credentials_t * credentials );
+
+
diff --git a/src/lib/ccapi/client/mac/ChangeLog b/src/lib/ccapi/client/mac/ChangeLog
new file mode 100644
index 0000000000..aaa59da726
--- /dev/null
+++ b/src/lib/ccapi/client/mac/ChangeLog
@@ -0,0 +1,4 @@
+2004-10-27   Jeffrey Altman  <jaltman@mit.edu>
+
+ * Initial commit of C CCAPI implementation
+
diff --git a/src/lib/ccapi/client/windows/ChangeLog b/src/lib/ccapi/client/windows/ChangeLog
new file mode 100644
index 0000000000..aaa59da726
--- /dev/null
+++ b/src/lib/ccapi/client/windows/ChangeLog
@@ -0,0 +1,4 @@
+2004-10-27   Jeffrey Altman  <jaltman@mit.edu>
+
+ * Initial commit of C CCAPI implementation
+