Moving NSCP Directory Server from DirectoryBranch to TRUNK, initial drop. (foxworth)ldapserver7x

97 files changed, 16130 insertions, 0 deletions

diff --git a/include/Makefile b/include/Makefile
new file mode 100644
index 00000000..40e9f063
--- /dev/null
+++ b/include/Makefile
@@ -0,0 +1,85 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+# Makefile for netsite.h
+
+MCOM_ROOT = ../..
+MODULE=netsiteInclude
+
+include ../nsdefs.mk
+
+HDRDEST=$(OBJDIR)/include
+
+NSPRDEST=$(HDRDEST)
+NSPRHDRS= \
+	prio.h \
+	prlong.h \
+	prtypes.h \
+	prtime.h \
+	prthread.h \
+	prinrval.h \
+	md/prcpucfg.h \
+	obsolete/protypes.h
+
+NSPRBINS=$(addprefix $(NSPRDEST)/, $(NSPRHDRS))
+
+PREFIX=copyrght.h
+
+
+NOSTDSTRIP=true
+NOSTDDEPEND=true
+
+HDRS=netsite.h version.h
+
+BINS=$(addprefix $(HDRDEST)/,$(HDRS))
+
+all: stuff nspr
+
+strip:
+depend:
+
+include ../nsconfig.mk
+
+ifeq ($(NSAPI_CAPABLE), true)
+
+stuff: $(HDRDEST) $(BINS) sub-hdrs
+
+$(HDRDEST):
+	mkdir -p $(HDRDEST)
+
+ifeq ($(PRODUCT), "Netscape Proxy Server")
+sub-hdrs:
+	cd base; gmake
+	cd frame; gmake
+	cd libproxy; gmake
+else
+sub-hdrs:
+	cd base; gmake
+	cd frame; gmake
+endif
+
+$(HDRDEST)/%.h: %.h
+	cat $(PREFIX) $< > $(HDRDEST)/$*.h
+
+else
+stuff:
+
+endif
+
+$(NSPRDEST): 
+	mkdir -p $(NSPRDEST)
+
+$(NSPRDEST)/md: $(NSPRDEST)
+	mkdir -p $(NSPRDEST)/md
+
+$(NSPRDEST)/obsolete: $(NSPRDEST)
+	mkdir -p $(NSPRDEST)/obsolete
+
+$(NSPRDEST)/%.h: 
+	cp $(NSCP_DISTDIR)/include/nspr20/pr/$*.h $(NSPRDEST)/$*.h
+
+nspr: $(NSPRDEST)/md $(NSPRDEST)/obsolete $(NSPRBINS)
diff --git a/include/base/Makefile b/include/base/Makefile
new file mode 100644
index 00000000..9f2f6a35
--- /dev/null
+++ b/include/base/Makefile
@@ -0,0 +1,40 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+# Makefile for netsite.h
+
+MCOM_ROOT = ../../..
+MODULE=netsiteIncludeBase
+
+include ../../nsdefs.mk
+
+HDRDEST=$(OBJDIR)/include/base
+
+PREFIX=../copyrght.h
+
+
+NOSTDSTRIP=true
+NOSTDDEPEND=true
+
+#HDRS=$(wildcard *.h)
+HDRS=daemon.h cinfo.h crit.h ereport.h buffer.h net.h pblock.h sem.h session.h shexp.h shmem.h systhr.h util.h file.h pool.h regexp.h systems.h
+
+
+BINS=$(addprefix $(HDRDEST)/,$(HDRS))
+
+all: $(HDRDEST) $(BINS)
+
+$(HDRDEST):
+	mkdir -p $(HDRDEST)
+
+strip:
+depend:
+
+include ../../nsconfig.mk
+
+$(HDRDEST)/%.h: %.h
+	cat $(PREFIX) $< > $(HDRDEST)/$*.h
diff --git a/include/base/crit.h b/include/base/crit.h
new file mode 100644
index 00000000..1ff7e957
--- /dev/null
+++ b/include/base/crit.h
@@ -0,0 +1,209 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef BASE_CRIT_H
+#define BASE_CRIT_H
+
+#ifndef NOINTNSAPI
+#define INTNSAPI
+#endif /* !NOINTNSAPI */
+
+/*
+ * crit.h: Critical section abstraction. Used in threaded servers to protect
+ *         areas where two threads can interfere with each other.
+ *
+ *         Condvars are condition variables that are used for thread-thread 
+ *         synchronization.
+ * 
+ * Rob McCool
+ */
+
+#ifndef NETSITE_H
+#include "netsite.h"
+#endif /* !NETSITE_H */
+
+/* Define C interface */
+#ifndef PUBLIC_BASE_CRIT_H
+#include "public/base/crit.h"
+#endif /* !PUBLIC_BASE_CRIT_H */
+
+/* Define C++ interface */
+#ifdef __cplusplus
+
+#ifndef BASE_NSASSERT_H
+#include "nsassert.h"
+#endif /* !BASE_NSASSERT_H */
+
+#ifndef prmon_h___
+#include "prmon.h"
+#endif /* !prmon_h___ */
+
+class NSAPI_PUBLIC CriticalSection
+{
+public:
+    CriticalSection();
+    ~CriticalSection();
+    void Acquire(){PR_EnterMonitor(_crtsec);}
+    void Release(){PR_ExitMonitor(_crtsec);}
+
+private:
+    PRMonitor *_crtsec;
+};
+
+inline CriticalSection::CriticalSection():_crtsec(0)
+{
+    _crtsec = PR_NewMonitor();
+    NS_ASSERT(_crtsec);
+}
+
+inline CriticalSection::~CriticalSection()
+{
+    if (_crtsec)
+        PR_DestroyMonitor(_crtsec);
+}
+
+class SafeLock {
+ public:
+    SafeLock (CriticalSection&);		// acquire lock
+    ~SafeLock (); 						// release lock
+ private:
+    CriticalSection& lock; 
+};
+
+inline SafeLock::SafeLock (CriticalSection& _lock) : lock(_lock)
+{
+    lock.Acquire();
+}
+
+inline SafeLock::~SafeLock ()
+{
+    lock.Release();
+}
+#endif /* __cplusplus */
+
+/* --- Begin function prototypes --- */
+
+#ifdef INTNSAPI
+
+NSPR_BEGIN_EXTERN_C
+
+/* ASSERT function only */
+NSAPI_PUBLIC int crit_owner_is_me(CRITICAL id);
+
+/*
+ * INTcrit_init creates and returns a new critical section variable. At the 
+ * time of creation no one has entered it.
+ */
+NSAPI_PUBLIC CRITICAL INTcrit_init(void);
+
+/*
+ * INTcrit_enter enters a critical section. If someone is already in the
+ * section, the calling thread is blocked until that thread exits.
+ */
+NSAPI_PUBLIC void INTcrit_enter(CRITICAL id);
+
+
+/*
+ * INTcrit_exit exits a critical section. If another thread is blocked waiting
+ * to enter, it will be unblocked and given ownership of the section.
+ */
+NSAPI_PUBLIC void INTcrit_exit(CRITICAL id);
+
+
+/*
+ * INTcrit_terminate removes a previously allocated critical section variable.
+ */
+NSAPI_PUBLIC void INTcrit_terminate(CRITICAL id);
+
+
+/*
+ * INTcondvar_init initializes and returns a new condition variable. You 
+ * must provide a critical section to be associated with this condition 
+ * variable.
+ */
+NSAPI_PUBLIC CONDVAR INTcondvar_init(CRITICAL id);
+
+
+/*
+ * INTcondvar_wait blocks on the given condition variable. The calling thread
+ * will be blocked until another thread calls INTcondvar_notify on this variable.
+ * The caller must have entered the critical section associated with this
+ * condition variable prior to waiting for it.
+ */
+NSAPI_PUBLIC void INTcondvar_wait(CONDVAR cv);
+NSAPI_PUBLIC void condvar_timed_wait(CONDVAR _cv, long secs);
+
+
+/*
+ * INTcondvar_notify awakens any threads blocked on the given condition
+ * variable. The caller must have entered the critical section associated
+ * with this variable first.
+ */
+NSAPI_PUBLIC void INTcondvar_notify(CONDVAR cv);
+
+/*
+ * INTcondvar_notifyAll awakens all threads blocked on the given condition
+ * variable. The caller must have entered the critical section associated
+ * with this variable first.
+ */
+NSAPI_PUBLIC void INTcondvar_notifyAll(CONDVAR cv);
+
+/*
+ * INTcondvar_terminate frees the given previously allocated condition variable
+ */
+NSAPI_PUBLIC void INTcondvar_terminate(CONDVAR cv);
+
+
+/*
+ * Create a counting semaphore.  
+ * Return non-zero on success, 0 on failure.
+ */
+NSAPI_PUBLIC COUNTING_SEMAPHORE INTcs_init(int initial_count);
+
+/*
+ * Destroy a counting semaphore 
+ */
+NSAPI_PUBLIC void INTcs_terminate(COUNTING_SEMAPHORE csp);
+
+/*
+ * Wait to "enter" the semaphore.
+ * Return 0 on success, -1 on failure.
+ */
+NSAPI_PUBLIC int INTcs_wait(COUNTING_SEMAPHORE csp);
+
+/*
+ * Enter the semaphore if the count is > 0.  Otherwise return -1.
+ *
+ */
+NSAPI_PUBLIC int INTcs_trywait(COUNTING_SEMAPHORE csp);
+
+/*
+ * Release the semaphore- allowing a thread to enter.
+ * Return 0 on success, -1 on failure.
+ */
+NSAPI_PUBLIC int INTcs_release(COUNTING_SEMAPHORE csp);
+
+NSPR_END_EXTERN_C
+
+/* --- End function prototypes --- */
+
+#define crit_init INTcrit_init
+#define crit_enter INTcrit_enter
+#define crit_exit INTcrit_exit
+#define crit_terminate INTcrit_terminate
+#define condvar_init INTcondvar_init
+#define condvar_wait INTcondvar_wait
+#define condvar_notify INTcondvar_notify
+#define condvar_notifyAll INTcondvar_notifyAll
+#define condvar_terminate INTcondvar_terminate
+#define cs_init INTcs_init
+#define cs_terminate INTcs_terminate
+#define cs_wait INTcs_wait
+#define cs_trywait INTcs_trywait
+#define cs_release INTcs_release
+
+#endif /* INTNSAPI */
+
+#endif /* !BASE_CRIT_H */
diff --git a/include/base/dbtbase.h b/include/base/dbtbase.h
new file mode 100644
index 00000000..5f30d374
--- /dev/null
+++ b/include/base/dbtbase.h
@@ -0,0 +1,217 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#define LIBRARY_NAME "base"
+
+static char dbtbaseid[] = "$DBT: base referenced v1 $";
+
+#include "i18n.h"
+
+BEGIN_STR(base)
+	ResDef( DBT_LibraryID_, -1, dbtbaseid )/* extracted from dbtbase.h*/
+	ResDef( DBT_insufficientMemoryToCreateHashTa_, 1, "insufficient memory to create hash table" )/*extracted from cache.cpp*/
+	ResDef( DBT_insufficientMemoryToCreateHashTa_1, 2, "insufficient memory to create hash table" )/*extracted from cache.cpp*/
+	ResDef( DBT_cacheDestroyCacheTablesAppearCor_, 3, "cache_destroy: cache tables appear corrupt." )/*extracted from cache.cpp*/
+	ResDef( DBT_unableToAllocateHashEntry_, 4, "unable to allocate hash entry" )/*extracted from cache.cpp*/
+	ResDef( DBT_cacheInsertUnableToCreateCacheEn_, 5, "cache_insert: unable to create cache entry" )/*extracted from cache.cpp*/
+	ResDef( DBT_http10200OkNcontentTypeTextHtmlN_, 6, "HTTP/1.0 200 OK\nContent-type: text/html\n\n" )/*extracted from cache.cpp*/
+	ResDef( DBT_H2NetscapeCacheStatusReportH2N_, 7, "<H2>Netscape cache status report</H2>\n" )/*extracted from cache.cpp*/
+	ResDef( DBT_noCachesOnSystemP_, 8, "No caches on system<P>" )/*extracted from cache.cpp*/
+	ResDef( DBT_H2SCacheH2N_, 9, "<H2>%s cache</H2>\n" )/*extracted from cache.cpp*/
+	ResDef( DBT_cacheHitRatioDDFPNPN_, 10, "Cache hit ratio: %d/%d (%f)</P>\n</P>\n" )/*extracted from cache.cpp*/
+	ResDef( DBT_cacheSizeDDPNPN_, 11, "Cache size: %d/%d</P>\n</P>\n" )/*extracted from cache.cpp*/
+	ResDef( DBT_hashTableSizeDPNPN_, 12, "Hash table size: %d</P>\n</P>\n" )/*extracted from cache.cpp*/
+	ResDef( DBT_mruDPNlruDPN_, 13, "mru       : %d</P>\nlru       : %d</P>\n" )/*extracted from cache.cpp*/
+	ResDef( DBT_UlTableBorder4ThBucketThThAddres_, 14, "<UL><TABLE BORDER=4> <TH>Bucket</TH> <TH>Address</TH> <TH>Key</TH> <TH>Access Count</TH> <TH>Delete</TH> <TH>Next</TH> <TH>LRU</TH> <TH>MRU</TH> <TH>Data</TH>\n" )/*extracted from cache.cpp*/
+	ResDef( DBT_munmapFailedS_, 15, "munmap failed (%s)" )/*extracted from buffer.cpp*/
+	ResDef( DBT_munmapFailedS_1, 16, "munmap failed (%s)" )/*extracted from buffer.cpp*/
+	ResDef( DBT_closeFailedS_, 17, "close failed (%s)" )/*extracted from buffer.cpp*/
+	ResDef( DBT_daemonUnableToForkNewProcessSN_, 18, "daemon: unable to fork new process (%s)\n" )/*extracted from daemon.cpp*/
+	ResDef( DBT_daemonSetsidFailedSN_, 19, "daemon: setsid failed (%s)\n" )/*extracted from daemon.cpp*/
+	ResDef( DBT_daemonCanTLogPidToSSN_, 20, "daemon: can't log pid to %s (%s)\n" )/*extracted from daemon.cpp*/
+	ResDef( DBT_warningCouldNotSetGroupIdToDSN_, 21, "warning: could not set group id to %d (%s)\n" )/*extracted from daemon.cpp*/
+	ResDef( DBT_warningCouldNotSetUserIdToDSN_, 22, "warning: could not set user id to %d (%s)\n" )/*extracted from daemon.cpp*/
+	ResDef( DBT_warningDaemonIsRunningAsSuperUse_, 23, "warning: daemon is running as super-user\n" )/*extracted from daemon.cpp*/
+	ResDef( DBT_couldNotDetermineCurrentUserName_, 24, "could not determine current user name\n" )/*extracted from daemon.cpp*/
+	ResDef( DBT_errorChrootToSFailedSN_, 25, "error: chroot to %s failed (%s)\n" )/*extracted from daemon.cpp*/
+	ResDef( DBT_AddressS_, 27, ", address %s" )/*extracted from daemon.cpp*/
+	ResDef( DBT_warningStatisticsDisabledSN_, 28, "warning: statistics disabled (%s)\n" )/*extracted from daemon.cpp*/
+	ResDef( DBT_securityHandshakeTimedOutForPidD_, 29, "security handshake timed out for pid %d" )/*extracted from daemon.cpp*/
+	ResDef( DBT_warningStatisticsDisabledSN_1, 30, "warning: statistics disabled (%s)\n" )/*extracted from daemon.cpp*/
+	ResDef( DBT_secureHandshakeFailedCodeDN_, 31, "secure handshake failed (code %d)\n" )/*extracted from daemon.cpp*/
+	ResDef( DBT_acceptFailedS_, 32, "accept failed (%s)" )/*extracted from daemon.cpp*/
+	ResDef( DBT_warningStatisticsDisabledSN_2, 33, "warning: statistics disabled (%s)\n" )/*extracted from daemon.cpp*/
+	ResDef( DBT_selectThreadMiss_, 34, "select thread miss" )/*extracted from daemon.cpp*/
+	ResDef( DBT_keepaliveWorkerAwokenWithNoWorkT_, 35, "keepalive worker awoken with no work to do" )/*extracted from daemon.cpp*/
+	ResDef( DBT_couldNotCreateNewThreadDS_, 36, "could not create new thread: %d (%s)" )/*extracted from daemon.cpp*/
+	ResDef( DBT_waitForSemaSucceededButNothingTo_, 37, "wait for sema succeeded, but nothing to dequeue" )/*extracted from daemon.cpp*/
+	ResDef( DBT_queueSemaCreationFailure_, 38, "queue-sema creation failure" )/*extracted from daemon.cpp*/
+	ResDef( DBT_errorGettingProcessorInfoForProc_, 39, "error getting processor info for processor %d" )/*extracted from daemon.cpp*/
+	ResDef( DBT_errorBindingToProcessorD_, 40, "Error binding to processor %d" )/*extracted from daemon.cpp*/
+	ResDef( DBT_boundProcessDToProcessorD_, 41, "bound process %d to processor %d" )/*extracted from daemon.cpp*/
+	ResDef( DBT_netscapeServerIsNotExplicitlyBin_, 42, "Netscape server is not explicitly binding to any processors." )/*extracted from daemon.cpp*/
+	ResDef( DBT_cacheMonitorExited_, 43, "cache monitor exited" )/*extracted from daemon.cpp*/
+	ResDef( DBT_cacheBatchUpdateDaemonExited_, 44, "cache batch update daemon exited" )/*extracted from daemon.cpp*/
+	ResDef( DBT_usingSingleThreadedAccepts_, 45, "Using single threaded accepts." )/*extracted from daemon.cpp*/
+	ResDef( DBT_usingMultiThreadedAccepts_, 46, "Using multi threaded accepts." )/*extracted from daemon.cpp*/
+	ResDef( DBT_usingPartialSingleThreadedAccept_, 47, "Using partial single threaded accepts." )/*extracted from daemon.cpp*/
+	ResDef( DBT_thisMachineHasDProcessors_, 48, "This machine has %d processors." )/*extracted from daemon.cpp*/
+	ResDef( DBT_errorCallingThrSeconcurrencyDS_, 49, "Error calling thr_seconcurrency(%d)- (%s)" )/*extracted from daemon.cpp*/
+	ResDef( DBT_setConncurrencyToD_, 50, "Set conncurrency to %d." )/*extracted from daemon.cpp*/
+	ResDef( DBT_warningNetscapeExecutableAndLibr_, 51, "WARNING! netscape executable and library have different versions.\n" )/*extracted from daemon.cpp*/
+	ResDef( DBT_seminitFailedSN_, 54, "seminit failed (%s)\n" )/*extracted from daemon.cpp*/
+	ResDef( DBT_thisBetaSoftwareHasExpiredN_, 55, "This beta software has expired.\n" )/*extracted from daemon.cpp*/
+	ResDef( DBT_cacheMonitorRespawned_, 56, "Cache monitor respawned" )/*extracted from daemon.cpp*/
+	ResDef( DBT_cacheBatchUpdateDaemonRespawned_, 57, "Cache batch update daemon respawned" )/*extracted from daemon.cpp*/
+	ResDef( DBT_canTFindEmptyStatisticsSlot_, 58, "can't find empty statistics slot" )/*extracted from daemon.cpp*/
+	ResDef( DBT_canTForkNewProcessS_, 59, "can't fork new process (%s)" )/*extracted from daemon.cpp*/
+	ResDef( DBT_assertFailedSN_, 60, "assert failed! %s\n" )/*extracted from multiplex.c*/
+	ResDef( DBT_mrTableInit_, 61, "mr_table_init()" )/*extracted from multiplex.c*/
+	ResDef( DBT_mallocFailed_, 62, "malloc failed" )/*extracted from multiplex.c*/
+	ResDef( DBT_mallocFailed_1, 63, "malloc failed!" )/*extracted from multiplex.c*/
+	ResDef( DBT_mrAddIoDTypeDFileD_, 64, "mr_add_io(%d, type %d, file %d)" )/*extracted from multiplex.c*/
+	ResDef( DBT_mrAddIoStage1_, 65, "mr_add_io - stage 1" )/*extracted from multiplex.c*/
+	ResDef( DBT_mrAddIoStage2_, 66, "mr_add_io - stage 2" )/*extracted from multiplex.c*/
+	ResDef( DBT_mrAddIoFoundInvalidIoTypeD_, 67, "mr_add_io found invalid IO type %d" )/*extracted from multiplex.c*/
+	ResDef( DBT_mrAddIoAddingTimeout_, 68, "mr_add_io - adding timeout" )/*extracted from multiplex.c*/
+	ResDef( DBT_outOfMemoryN_, 69, "Out of memory!\n" )/*extracted from multiplex.c*/
+	ResDef( DBT_doneWithMrAddIo_, 70, "done with mr_add_io" )/*extracted from multiplex.c*/
+	ResDef( DBT_mrDelIoDTypeDFileD_, 71, "mr_del_io(%d, type %d, file %d)" )/*extracted from multiplex.c*/
+	ResDef( DBT_mrDelIoFoundInvalidIoTypeD_, 72, "mr_del_io found invalid IO type %d" )/*extracted from multiplex.c*/
+	ResDef( DBT_mrLookupIoD_, 73, "mr_lookup_io(%d)" )/*extracted from multiplex.c*/
+	ResDef( DBT_mrAsyncIoDDBytesFileD_, 74, "mr_async_io(%d, %d bytes, file %d)" )/*extracted from multiplex.c*/
+	ResDef( DBT_mallocFailureAddingAsyncIo_, 75, "malloc failure adding async IO" )/*extracted from multiplex.c*/
+	ResDef( DBT_errorAddingAsyncIo_, 76, "Error adding async io!" )/*extracted from multiplex.c*/
+	ResDef( DBT_cannotSeekForRead_, 77, "Cannot seek for read!" )/*extracted from multiplex.c*/
+	ResDef( DBT_readFailureDS_, 78, "read failure! (%d, %s)" )/*extracted from multiplex.c*/
+	ResDef( DBT_doReadReadDBytesForFileD_, 79, "do_read read %d bytes for file %d" )/*extracted from multiplex.c*/
+	ResDef( DBT_cannotSeekForWrite_, 80, "Cannot seek for write!" )/*extracted from multiplex.c*/
+	ResDef( DBT_writevFailureDS_, 81, "writev failure! (%d, %s)" )/*extracted from multiplex.c*/
+	ResDef( DBT_writeFailureDS_, 82, "write failure! (%d, %s)" )/*extracted from multiplex.c*/
+	ResDef( DBT_doWriteWroteDBytesForFileD_, 83, "do_write wrote %d bytes for file %d" )/*extracted from multiplex.c*/
+	ResDef( DBT_doTimeoutMrpD_, 84, "do_timeout(mrp %d)" )/*extracted from multiplex.c*/
+	ResDef( DBT_doTimeoutFoundIoTimerDTimeD_, 85, "do_timeout: found IO (timer=%d, time=%d)" )/*extracted from multiplex.c*/
+	ResDef( DBT_errorDeletingIo_, 86, "error deleting io" )/*extracted from multiplex.c*/
+	ResDef( DBT_timeoutCallbackFailureForDN_, 87, "timeout callback failure for %d\n" )/*extracted from multiplex.c*/
+	ResDef( DBT_mrGetEventDOutstandingIoD_, 88, "mr_get_event(%d) - outstanding io %d" )/*extracted from multiplex.c*/
+	ResDef( DBT_mrGetEventWaitingForReadsOnFd_, 89, "mr_get_event: Waiting for reads on FD:" )/*extracted from multiplex.c*/
+	ResDef( DBT_mrGetEventWaitingForWritesOnFd_, 90, "mr_get_event: Waiting for writes on FD:" )/*extracted from multiplex.c*/
+	ResDef( DBT_TD_, 91, "\t%d" )/*extracted from multiplex.c*/
+	ResDef( DBT_TD_1, 92, "\t%d" )/*extracted from multiplex.c*/
+	ResDef( DBT_mrGetEventSetNoTimeout_, 93, "mr_get_event set no timeout" )/*extracted from multiplex.c*/
+	ResDef( DBT_mrGetEventSetTimeoutToDDSec_, 94, "mr_get_event set timeout to: %d.%d sec" )/*extracted from multiplex.c*/
+	ResDef( DBT_errorInSelectDS_, 95, "error in select (%d, %s)" )/*extracted from multiplex.c*/
+	ResDef( DBT_mrGetEventSelectFoundD_, 96, "mr_get_event() - select found %d" )/*extracted from multiplex.c*/
+	ResDef( DBT_errorLookingUpIoFdD_, 97, "error looking up IO fd %d" )/*extracted from multiplex.c*/
+	ResDef( DBT_readFailedForFdD_, 98, "read failed for fd %d" )/*extracted from multiplex.c*/
+	ResDef( DBT_errorDeletingIo_1, 99, "error deleting io" )/*extracted from multiplex.c*/
+	ResDef( DBT_callbackFailureForDN_, 100, "callback failure for %d\n" )/*extracted from multiplex.c*/
+	ResDef( DBT_errorLookingUpIoFdD_1, 101, "error looking up IO fd %d" )/*extracted from multiplex.c*/
+	ResDef( DBT_writingHeaderLenDWritelenDTotalD_, 102, "writing: header len %d, writelen %d, total %d" )/*extracted from multiplex.c*/
+	ResDef( DBT_writeFailedForFdD_, 103, "write failed for fd %d" )/*extracted from multiplex.c*/
+	ResDef( DBT_errorDeletingIo_2, 104, "error deleting io" )/*extracted from multiplex.c*/
+	ResDef( DBT_callbackFailureForDN_1, 105, "callback failure for %d\n" )/*extracted from multiplex.c*/
+	ResDef( DBT_errorCreatingDnsCache_, 106, "Error creating dns cache" )/*extracted from dns_cache.cpp*/
+	ResDef( DBT_dnsCacheInitHashSize0UsingD_, 107, "dns_cache_init: hash_size <= 0, using %d" )/*extracted from dns_cache.cpp*/
+	ResDef( DBT_dnsCacheInitCacheSizeDUsingD_, 108, "dns_cache_init: cache-size <= %d, using %d" )/*extracted from dns_cache.cpp*/
+	ResDef( DBT_dnsCacheInitCacheSizeIsDIsTooLar_, 109, "dns_cache_init: cache-size is %d is too large, using %d." )/*extracted from dns_cache.cpp*/
+	ResDef( DBT_dnsCacheInitExpireTime0UsingD_, 110, "dns_cache_init: expire_time <= 0, using %d" )/*extracted from dns_cache.cpp*/
+	ResDef( DBT_dnsCacheInitExpireIsDIsTooLargeU_, 111, "dns_cache_init: expire is %d is too large, using %d seconds." )/*extracted from dns_cache.cpp*/
+	ResDef( DBT_errorCreatingDnsCache_1, 112, "Error creating dns cache" )/*extracted from dns_cache.cpp*/
+	ResDef( DBT_dnsCacheInsertErrorAllocatingEnt_, 113, "dns-cache-insert: Error allocating entry" )/*extracted from dns_cache.cpp*/
+	ResDef( DBT_dnsCacheInsertMallocFailure_, 114, "dns-cache-insert: malloc failure" )/*extracted from dns_cache.cpp*/
+	ResDef( DBT_successfulServerStartup_, 115, "successful server startup" )/*extracted from ereport.cpp*/
+	ResDef( DBT_SBS_, 116, "%s B%s" )/*extracted from ereport.cpp*/
+	ResDef( DBT_netscapeExecutableAndSharedLibra_, 117, "Netscape executable and shared library have different versions" )/*extracted from ereport.cpp*/
+	ResDef( DBT_executableVersionIsS_, 118, "   executable version is %s" )/*extracted from ereport.cpp*/
+	ResDef( DBT_sharedLibraryVersionIsS_, 119, "   shared library version is %s" )/*extracted from ereport.cpp*/
+	ResDef( DBT_errorReportingShuttingDown_, 120, "error reporting shutting down" )/*extracted from ereport.cpp*/
+	ResDef( DBT_warning_, 121, "warning" )/*extracted from ereport.cpp*/
+	ResDef( DBT_config_, 122, "config" )/*extracted from ereport.cpp*/
+	ResDef( DBT_security_, 123, "security" )/*extracted from ereport.cpp*/
+	ResDef( DBT_failure_, 124, "failure" )/*extracted from ereport.cpp*/
+	ResDef( DBT_catastrophe_, 125, "catastrophe" )/*extracted from ereport.cpp*/
+	ResDef( DBT_info_, 126, "info" )/*extracted from ereport.cpp*/
+	ResDef( DBT_verbose_, 127, "verbose" )/*extracted from ereport.cpp*/
+	ResDef( DBT_eventHandlerFailedToWaitOnEvents_, 128, "event_handler:Failed to wait on events %s" )/*extracted from eventhandler.cpp*/
+	ResDef( DBT_couldNotWaitOnResumeEventEventS_, 129, "could not wait on resume event event  (%s)" )/*extracted from eventhandler.cpp*/
+	ResDef( DBT_dlopenOfSFailedS_, 130, "dlopen of %s failed (%s)" )/*extracted from LibMgr.cpp*/
+	ResDef( DBT_dlopenOfSFailedS_1, 131, "dlopen of %s failed (%s)" )/*extracted from LibMgr.cpp*/
+	ResDef( DBT_theServerIsTerminatingDueToAnErr_, 132, "The server is terminating due to an error. Check the event viewer for the error message. SERVER EXITING!" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_terminatingTheServerS_, 133, "Terminating the server %s" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_killServerCannotOpenServerEventS_, 134, "kill_server:cannot open server event %s" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_killServerCannotSetServerEventS_, 135, "kill_server:cannot set server event %s" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_errorCouldNotGetSocketSN_, 136, "error: could not get socket (%s)\n" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_errorCouldNotSetSocketOptionSN_, 137, "error: could not set socket option (%s)\n" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_terminatingServiceErrorCouldNotB_, 138, "Terminating Service:error: could not bind to address %s port %d (%s)\n" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_terminatingServiceErrorCouldNotB_1, 139, "Terminating Service:error: could not bind to port %d (%s)\n" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_sethandlenoninheritableCouldNotD_, 140, "SetHandleNonInheritable: could not duplicate socket (%s)" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_sethandlenoninheritableClosingTh_, 141, "SetHandleNonInheritable: closing the original socket failed (%s)" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_couldNotSethandleinformationS_, 142, "Could not SetHandleInformation (%s)" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_terminatingServiceFailureCouldNo_, 143, "Terminating Service:Failure: Could not open statistics file (%s)\n" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_couldNotSetThreadLocalStorageVal_, 144, "Could not set Thread Local Storage Value for thread at slot %d" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_secureHandshakeFailedCodeDN_1, 145, "secure handshake failed (code %d)\n" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_acceptFailedDS_, 146, "accept failed %d (%s)" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_failedToPulseEventDS_, 147, "Failed to pulse Event %d %s" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_failedToSendMobgrowthEventToPare_, 148, "Failed to send MobGrowth Event to parent %s" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_pulsingMobrespawnEventD_, 149, "Pulsing MobRespawn Event %d" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_respawnThreadPoolToDD_, 150, "respawn thread pool to %d (%d)" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_couldNotOpenEventToSignalRotateA_, 151, "Could not open event to signal rotate application. Could not create the MoveLog event:%s" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_failedToSendMovelogEventToRotate_, 152, "Failed to send MoveLog Event to rotate app %s" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_growingThreadPoolFromDToD_, 153, "growing thread pool from %d to %d" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_couldNotOpenTheServicecontrolman_, 154, "Could not open the ServiceControlManager, Error %d" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_startnetsiteserviceCouldNotOpenT_, 155, "StartNetsiteService:Could not open the service %s: Error %d" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_startnetsiteserviceCouldNotStart_, 156, "StartNetsiteService:Could not start the service %s" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_serviceStartupCouldNotAllocateSe_, 157, "Service Startup: Could not allocate security descriptor" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_serviceStartupCouldNotInitSecuri_, 158, "Service Startup: Could not init security descriptor" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_serviceStartupCouldNotSetTheSecu_, 159, "Service Startup: Could not set the security Dacl" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_terminatingServiceWinsockInitFai_, 160, "Terminating Service:WinSock init failed: %s" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_httpdServerStartupFailedS_, 161, "Httpd Server Startup failed: %s" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_canTFindEmptyStatisticsSlot_1, 162, "can't find empty statistics slot" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_ntDaemonCouldNotCreateNewThreadD_, 163, "NT daemon: could not create new thread %d" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_serviceStartupFailureTerminating_, 164, "Service Startup Failure. Terminating Service:Could not create event %d:%s" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_serviceStartupErrorCouldNotCreat_, 165, "Service Startup Error. Could not create the MoveLog event:%s" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_failedToWaitOnEventObjectsS_, 166, "Failed to wait on Event objects %s" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_failedToWaitOnEventObjectsS_1, 167, "Failed to wait on Event objects %s" )/*extracted from ntdaemon.cpp*/
+	ResDef( DBT_pipebufBuf2sdPipebufGrabIoErrorD_, 168, "pipebuf_buf2sd: pipebuf_grab IO_ERROR %d" )/*extracted from ntpipe.cpp*/
+	ResDef( DBT_poolInitMemoryPoolsDisabled_, 169, "pool-init: memory pools disabled" )/*extracted from pool.cpp*/
+	ResDef( DBT_poolInitFreeSize0UsingD_, 170, "pool-init: free_size <= 0, using %d" )/*extracted from pool.cpp*/
+	ResDef( DBT_poolCreateBlockOutOfMemory_, 171, "pool-create-block: out of memory" )/*extracted from pool.cpp*/
+	ResDef( DBT_poolCreateOutOfMemory_, 172, "pool-create: out of memory" )/*extracted from pool.cpp*/
+	ResDef( DBT_poolCreateOutOfMemory_1, 173, "pool-create: out of memory" )/*extracted from pool.cpp*/
+	ResDef( DBT_poolMallocOutOfMemory_, 174, "pool-malloc: out of memory" )/*extracted from pool.cpp*/
+	ResDef( DBT_freeUsedWherePermFreeShouldHaveB_, 175, "FREE() used where PERM_FREE() should have been used- problem corrected and supressing further warnings." )/*extracted from pool.cpp*/
+	ResDef( DBT_regexErrorSRegexS_, 176, "regex error: %s (regex: '%s')" )/*extracted from regexp.cpp*/
+	ResDef( DBT_canTCreateIpcPipeS_, 177, "can't create IPC pipe (%s)" )/*extracted from thrconn.cpp*/
+	ResDef( DBT_writeToWakeupPipeFailedS_, 178, "write to wakeup pipe failed (%s)" )/*extracted from thrconn.cpp*/
+	ResDef( DBT_flushingDConnectionsCurrentDTotD_, 179, "flushing %d connections; current %d; tot %d" )/*extracted from thrconn.cpp*/
+	ResDef( DBT_acceptFailedS_1, 180, "accept failed (%s)" )/*extracted from thrconn.cpp*/
+	ResDef( DBT_errorCreatingTimeCache_, 181, "Error creating time cache" )/*extracted from time_cache.cpp*/
+	ResDef( DBT_timeCacheCacheDisabled_, 182, "time-cache: cache disabled" )/*extracted from time_cache.cpp*/
+	ResDef( DBT_timeCacheInitHashSizeDUsingDefau_, 183, "time_cache_init: hash_size < %d, using default, %d" )/*extracted from time_cache.cpp*/
+	ResDef( DBT_timeCacheInitHashSizeDUsingDefau_1, 184, "time_cache_init: hash_size > %d, using default, %d" )/*extracted from time_cache.cpp*/
+	ResDef( DBT_timeCacheInitCacheSizeDUsingDefa_, 185, "time_cache_init: cache_size < %d, using default, %d" )/*extracted from time_cache.cpp*/
+	ResDef( DBT_timeCacheInitCacheSizeDUsingDefa_1, 186, "time_cache_init: cache_size > %d, using default, %d" )/*extracted from time_cache.cpp*/
+	ResDef( DBT_errorAllocatingMemoryForTimeCach_, 187, "Error allocating memory for time_cache" )/*extracted from time_cache.cpp*/
+	ResDef( DBT_errorAllocatingMemoryForTimeCach_1, 188, "Error allocating memory for time_cache entry" )/*extracted from time_cache.cpp*/
+	ResDef( DBT_errorAllocatingMemoryForTimeCach_2, 189, "Error allocating memory for time_cache entry" )/*extracted from time_cache.cpp*/
+	ResDef( DBT_errorInsertingNewTimeCacheEntry_, 190, "Error inserting new time_cache entry" )/*extracted from time_cache.cpp*/
+	ResDef( DBT_errorAllocatingMemoryForTimeCach_3, 191, "Error allocating memory for time_cache" )/*extracted from time_cache.cpp*/
+	ResDef( DBT_csTerminateFailureS_, 192, "cs-terminate failure (%s)" )/*extracted from crit.cpp*/
+	ResDef( DBT_csInitFailureS_, 193, "cs-init failure (%s)" )/*extracted from crit.cpp*/
+	ResDef( DBT_csWaitFailureS_, 194, "cs-wait failure (%s)" )/*extracted from crit.cpp*/
+	ResDef( DBT_csPostFailureS_, 195, "cs-post failure (%s)" )/*extracted from crit.cpp*/
+	ResDef( DBT_unableToCreateNonblockingSocketS_, 196, "Unable to create nonblocking socket (%s)" )/*extracted from net.cpp*/
+	ResDef( DBT_errorCouldNotSetKeepaliveSN_, 197, "error: could not set keepalive (%s)\n" )/*extracted from net.cpp*/
+	ResDef( DBT_errorCouldNotSetRecvTimeoutSN_, 198, "error: could not set recv timeout (%s)\n" )/*extracted from net.cpp*/
+	ResDef( DBT_errorCouldNotSetSendTimeoutSN_, 199, "error: could not set send timeout (%s)\n" )/*extracted from net.cpp*/
+	ResDef( DBT_unableToCreateNonblockingSocketS_1, 200, "Unable to create nonblocking socket (%s)" )/*extracted from net.cpp*/
+	ResDef( DBT_semGrabFailedS_, 201, "sem_grab failed (%s)" )/*extracted from net.cpp*/
+	ResDef( DBT_semReleaseFailedS_, 202, "sem_release failed (%s)" )/*extracted from net.cpp*/
+	ResDef( DBT_semReleaseFailedS_1, 203, "sem_release failed (%s)" )/*extracted from net.cpp*/
+	ResDef( DBT_couldNotRemoveTemporaryDirectory_, 204, "Could not remove temporary directory %s,  Error %d" )/*extracted from util.cpp*/
+	ResDef( DBT_couldNotRemoveTemporaryDirectory_1, 205, "Could not remove temporary directory %s, Error %d" )/*extracted from util.cpp*/
+END_STR(base)
diff --git a/include/base/ereport.h b/include/base/ereport.h
new file mode 100644
index 00000000..0c74e957
--- /dev/null
+++ b/include/base/ereport.h
@@ -0,0 +1,76 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef BASE_EREPORT_H
+#define BASE_EREPORT_H
+
+#ifndef NOINTNSAPI
+#define INTNSAPI
+#endif /* !NOINTNSAPI */
+
+/*
+ * ereport.h: Records transactions, reports errors to administrators, etc.
+ * 
+ * Rob McCool
+ */
+
+#ifndef BASE_SESSION_H
+#include "session.h"
+#endif /* !BASE_SESSION_H */
+
+#ifndef PUBLIC_BASE_EREPORT_H
+#include "public/base/ereport.h"
+#endif /* !PUBLIC_BASE_EREPORT_H */
+
+/* --- Begin function prototypes --- */
+
+#ifdef INTNSAPI
+
+NSPR_BEGIN_EXTERN_C
+
+/*
+ * INTereport logs an error of the given degree and formats the arguments with 
+ * the printf() style fmt. Returns whether the log was successful. Records 
+ * the current date.
+ */
+
+NSAPI_PUBLIC int INTereport(int degree, char *fmt, ...);
+NSAPI_PUBLIC int INTereport_v(int degree, char *fmt, va_list args);
+
+/*
+ * INTereport_init initializes the error logging subsystem and opens the static
+ * file descriptors. It returns NULL upon success and an error string upon
+ * error. If a userpw is given, the logs will be chowned to that user.
+ * 
+ * email is the address of a person to mail upon catastrophic error. It
+ * can be NULL if no e-mail is desired. INTereport_init will not duplicate
+ * its own copy of this string; you must make sure it stays around and free
+ * it when you shut down the server.
+ */
+
+NSAPI_PUBLIC
+char *INTereport_init(char *err_fn, char *email, PASSWD pwuser, char *version);
+
+/*
+ * log_terminate closes the error and common log file descriptors.
+ */
+NSAPI_PUBLIC void INTereport_terminate(void);
+
+/* For restarts */
+NSAPI_PUBLIC SYS_FILE INTereport_getfd(void);
+
+NSPR_END_EXTERN_C
+
+/* --- End function prototypes --- */
+
+#define ereport INTereport
+#define ereport_v INTereport_v
+#define ereport_init INTereport_init
+#define ereport_terminate INTereport_terminate
+#define ereport_getfd INTereport_getfd
+
+#endif /* INTNSAPI */
+
+#endif /* !BASE_EREPORT_H */
diff --git a/include/base/eventhandler.h b/include/base/eventhandler.h
new file mode 100644
index 00000000..a68a231e
--- /dev/null
+++ b/include/base/eventhandler.h
@@ -0,0 +1,73 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+/*
+ * eventhandler.h: Handle registration of event handlers
+ *
+ * This is a facility in the NT server to provide a way to register event
+ * handling functions. Often there is a need to send a control signal of some
+ * kind to the server. This could be a signal for the server to rotate its
+ * logs, or a signal to collect and return statistical information of some kind
+ * such as perfmon stats.
+ * 
+ * This file specifies the structures and functions necessary to set up this
+ * kind of asynchronous special event handling.
+ * 
+ * Aruna Victor 2/21/96
+ */
+
+#ifndef EVENTHANDLER_H
+#define EVENTHANDLER_H
+
+#include "netsite.h"
+
+/* ------------------------------ Structures ------------------------------ */
+
+/* EVENT_HANDLER specifies
+    1. The name of the event. This is the event that the event handler will
+       create and wait on for a signal.
+    2. The name of the function should be called to handle the event.
+    3. The argument that should be passed to this function.
+    4. The next EVENT_HANDLER on the list this structure is on. */
+
+typedef struct event_handler {
+	int event_number;
+    char *event_name;
+    void (*_event_handler)(void *);
+    void *argument;
+    struct event_handler *next;
+} EVENT_HANDLER;
+
+/* ------------------------------ Prototypes ------------------------------ */
+
+NSPR_BEGIN_EXTERN_C
+
+char *initialize_event_handler(char *serverid);
+
+char *terminate_event_handler();
+
+char *add_handler(char *event, void (*fn)(void *), void *arg);
+
+char *delete_handler(char *event);
+
+char *add_rotation_handler(char *event, void (*fn)(void *), void *arg);
+
+NSPR_END_EXTERN_C
+
+#endif /* !EVENTHANDLER	 */
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/include/base/eventlog.h b/include/base/eventlog.h
new file mode 100644
index 00000000..a8dd6d27
--- /dev/null
+++ b/include/base/eventlog.h
@@ -0,0 +1,34 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+// EVENTLOG.H
+//
+// This file contains the defines that make NT an installable service.
+//
+// 1/12/95 aruna
+//
+
+// Functions in eventlog.c
+
+#ifndef _EVENTLOG_H_
+#define _EVENTLOG_H_
+
+#include "netsite.h"
+
+
+#if defined(XP_WIN32)
+
+NSPR_BEGIN_EXTERN_C
+
+NSAPI_PUBLIC HANDLE InitializeLogging(char *szEventLogName);
+NSAPI_PUBLIC BOOL TerminateLogging(HANDLE hEventSource);
+NSAPI_PUBLIC BOOL LogErrorEvent(HANDLE hEventSource, WORD fwEventType, WORD fwCategory, DWORD IDEvent, LPTSTR chMsg, LPTSTR lpszMsg);
+
+NSPR_END_EXTERN_C
+
+#endif /* XP_WIN32 */
+
+
+#endif
diff --git a/include/base/file.h b/include/base/file.h
new file mode 100644
index 00000000..6447bb83
--- /dev/null
+++ b/include/base/file.h
@@ -0,0 +1,121 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef BASE_FILE_H
+#define BASE_FILE_H
+
+#ifndef NOINTNSAPI
+#define INTNSAPI
+#endif /* !NOINTNSAPI */
+
+/* GLOBAL FUNCTIONS:
+ * DESCRIPTION:
+ * system-specific functions for reading/writing files
+ */
+
+#ifndef NETSITE_H
+#include "../netsite.h"
+#endif /* !NETSITE_H */
+
+#ifndef PUBLIC_BASE_FILE_H
+#include "public/base/file.h"
+#endif /* !PUBLIC_BASE_FILE_H */
+
+/* --- Begin function prototypes --- */
+
+#ifdef INTNSAPI
+
+NSPR_BEGIN_EXTERN_C
+
+void INTsystem_errmsg_init(void);
+
+NSAPI_PUBLIC SYS_FILE INTsystem_fopenRO(char *path);
+NSAPI_PUBLIC SYS_FILE INTsystem_fopenWA(char *path);
+NSAPI_PUBLIC SYS_FILE INTsystem_fopenRW(char *path);
+NSAPI_PUBLIC SYS_FILE INTsystem_fopenWT(char *path);
+NSAPI_PUBLIC int INTsystem_fread(SYS_FILE fd, char *buf, int sz);
+NSAPI_PUBLIC int INTsystem_fwrite(SYS_FILE fd,char *buf,int sz);
+NSAPI_PUBLIC int INTsystem_fwrite_atomic(SYS_FILE fd, char *buf, int sz);
+NSAPI_PUBLIC int INTsystem_lseek(SYS_FILE fd, int off, int wh);
+NSAPI_PUBLIC int INTsystem_fclose(SYS_FILE fd);
+NSAPI_PUBLIC int INTsystem_stat(char *name, struct stat *finfo);
+NSAPI_PUBLIC int INTsystem_rename(char *oldpath, char *newpath);
+NSAPI_PUBLIC int INTsystem_unlink(char *path);
+NSAPI_PUBLIC int INTsystem_tlock(SYS_FILE fd);
+NSAPI_PUBLIC int INTsystem_flock(SYS_FILE fd);
+NSAPI_PUBLIC int INTsystem_ulock(SYS_FILE fd);
+
+#ifdef XP_WIN32
+NSAPI_PUBLIC SYS_DIR INTdir_open(char *path);
+NSAPI_PUBLIC SYS_DIRENT *INTdir_read(SYS_DIR ds);
+NSAPI_PUBLIC void INTdir_close(SYS_DIR ds);
+#endif /* XP_WIN32 */
+
+NSAPI_PUBLIC int INTdir_create_all(char *dir);
+
+/* --- OBSOLETE ----------------------------------------------------------
+ * The following macros/functions are obsolete and are only maintained for
+ * compatibility.  Do not use them. 11-19-96
+ * -----------------------------------------------------------------------
+ */
+
+#ifdef XP_WIN32
+NSAPI_PUBLIC char *INTsystem_winsockerr(void);
+NSAPI_PUBLIC char *INTsystem_winerr(void);
+NSAPI_PUBLIC int INTsystem_pread(SYS_FILE fd, char *buf, int sz);
+NSAPI_PUBLIC int INTsystem_pwrite(SYS_FILE fd, char *buf, int sz);
+NSAPI_PUBLIC void INTfile_unix2local(char *path, char *p2);
+#endif /* XP_WIN32 */
+
+NSAPI_PUBLIC int INTsystem_nocoredumps(void);
+NSAPI_PUBLIC int INTfile_setinherit(SYS_FILE fd, int value);
+NSAPI_PUBLIC int INTfile_notfound(void);
+NSAPI_PUBLIC char *INTsystem_errmsg(void);
+NSAPI_PUBLIC int INTsystem_errmsg_fn(char **buff, size_t maxlen);
+
+NSPR_END_EXTERN_C
+
+#define system_errmsg_init INTsystem_errmsg_init
+#define system_fopenRO INTsystem_fopenRO
+#define system_fopenWA INTsystem_fopenWA
+#define system_fopenRW INTsystem_fopenRW
+#define system_fopenWT INTsystem_fopenWT
+#define system_fread INTsystem_fread
+#define system_fwrite INTsystem_fwrite
+#define system_fwrite_atomic INTsystem_fwrite_atomic
+#define system_lseek INTsystem_lseek
+#define system_fclose INTsystem_fclose
+#define system_stat INTsystem_stat
+#define system_rename INTsystem_rename
+#define system_unlink INTsystem_unlink
+#define system_tlock INTsystem_tlock
+#define system_flock INTsystem_flock
+#define system_ulock INTsystem_ulock
+#ifdef XP_WIN32
+#define dir_open INTdir_open
+#define dir_read INTdir_read
+#define dir_close INTdir_close
+#endif /* XP_WIN32 */
+#define dir_create_all INTdir_create_all
+
+/* Obsolete */
+#ifdef XP_WIN32
+#define system_winsockerr INTsystem_winsockerr
+#define system_winerr INTsystem_winerr
+#define system_pread INTsystem_pread
+#define system_pwrite INTsystem_pwrite
+#define file_unix2local INTfile_unix2local
+#endif /* XP_WIN32 */
+
+#define system_nocoredumps INTsystem_nocoredumps
+#define file_setinherit INTfile_setinherit
+#define file_notfound INTfile_notfound
+#define rtfile_notfound INTfile_notfound
+#define system_errmsg INTsystem_errmsg
+#define system_errmsg_fn INTsystem_errmsg_fn
+
+#endif /* INTNSAPI */
+
+#endif /* BASE_FILE_H */
diff --git a/include/base/fsmutex.h b/include/base/fsmutex.h
new file mode 100644
index 00000000..486f0f4c
--- /dev/null
+++ b/include/base/fsmutex.h
@@ -0,0 +1,94 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+/*
+ * fsmutex: Mutexes that are filesystem-based so they're available from more
+ * than one process and address space
+ * 
+ * Rob McCool
+ */
+
+
+#ifndef FSMUTEX_H
+#define FSMUTEX_H
+
+#include "netsite.h"
+
+typedef void * FSMUTEX;
+
+
+/* ------------------------------ Prototypes ------------------------------ */
+
+NSPR_BEGIN_EXTERN_C
+
+/* 
+   Flags to fsmutex_init. 
+
+   FSMUTEX_VISIBLE makes a filesystem mutex which can be opened by other
+   programs or processes.
+
+   FSMUTEX_NEEDCRIT specifies that the fsmutex_lock and fsmutex_unlock 
+   functions should also use a critical section to ensure that more than
+   one thread does not acquire the mutex at a time. If this flag is not 
+   specified, it is up to the caller to ensure that only thread within a 
+   process tries to acquire the lock at any given time.
+ */
+#define FSMUTEX_VISIBLE 0x01
+#define FSMUTEX_NEEDCRIT 0x02
+
+
+/*
+   fsmutex_init creates a new filesystem-based mutex. The resulting mutex
+   is part of the filesystem. The name and number parameters are used to
+   create a name for the mutex. If the FSMUTEX_VISIBLE flag is specified, 
+   the mutex will be left in the filesystem for other programs and processes
+   to access. If a mutex with the given name/number combination already
+   exists, the calling process is allowed access to it. If the mutex does
+   not already exist, the mutex is created.
+
+   Returns NULL on failure, a void pointer to a fsmutex structure otherwise.
+   This fsmutex structure is local to the current process.
+ */
+NSAPI_PUBLIC FSMUTEX fsmutex_init(char *name, int number, int flags);
+
+/* 
+   Sets the ownership of the underlying filesystem object to the given
+   uid and gid. Only effective if the server is running as root.
+ */
+#ifdef XP_UNIX
+#include <unistd.h>
+#ifdef __sony
+#include <sys/types.h>
+#endif
+NSAPI_PUBLIC void fsmutex_setowner(FSMUTEX fsm, uid_t uid, gid_t gid);
+#endif
+
+
+
+/*
+   fsmutex_terminate deletes a filesystem-based mutex. A mutex will only
+   be deleted when every process which has an open pointer to the mutex 
+   calls this function.
+ */
+NSAPI_PUBLIC void fsmutex_terminate(FSMUTEX id);
+
+/*
+   fsmutex_lock attempts to acquire the given filesystem-based mutex. If 
+   another process is holding the mutex, or if the FSMUTEX_NEEDCRIT flag
+   was passed to fsmutex_init and another thread in the current process is 
+   holding the mutex, then the calling thread will block until the mutex
+   is available.
+ */
+NSAPI_PUBLIC void fsmutex_lock(FSMUTEX id);
+
+/*
+   fsmutex_unlock releases a filesystem-based mutex previously acquired
+   by fsmutex_lock.
+ */
+NSAPI_PUBLIC void fsmutex_unlock(FSMUTEX id);
+
+NSPR_END_EXTERN_C
+
+#endif
diff --git a/include/base/lexer.h b/include/base/lexer.h
new file mode 100644
index 00000000..129aa449
--- /dev/null
+++ b/include/base/lexer.h
@@ -0,0 +1,89 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef __lexer_h
+#define __lexer_h
+
+#ifndef _POOL_H_
+#include "base/pool.h"
+#endif /* _POOL_H_ */
+
+/* Define error codes */
+#define LEXERR_MALLOC	-1		/* insufficient dynamic memory */
+
+
+typedef struct LEXStream_s LEXStream_t;
+typedef int (*LEXStreamGet_t)(LEXStream_t *);
+struct LEXStream_s {
+    LEXStream_t * lst_next;		/* link for "include" parent stream */
+    void * lst_strmid;			/* client stream identifier */
+    LEXStreamGet_t lst_get;		/* pointer to stream "get" function */
+    char * lst_buf;			/* stream buffer pointer */
+    char * lst_cp;			/* current position in buffer */
+    int lst_len;			/* remaining bytes in buffer */
+    int lst_buflen;			/* buffer length */
+    int lst_flags;			/* bit flags */
+#define LST_FREEBUF	0x1		/* free lst_buf in stream destroy */
+};
+NSPR_BEGIN_EXTERN_C
+
+/* Functions in lexer.c */
+NSAPI_PUBLIC
+int lex_class_check(void * chtab, char code, unsigned long cbits);
+
+NSAPI_PUBLIC
+int lex_class_create(int classc, char * classv[], void **pchtab);
+
+NSAPI_PUBLIC void lex_class_destroy(void * chtab);
+
+NSAPI_PUBLIC
+LEXStream_t * lex_stream_create(LEXStreamGet_t strmget, void * strmid,
+                                char * buf, int buflen);
+
+NSAPI_PUBLIC void lex_stream_destroy(LEXStream_t * lst);
+
+NSAPI_PUBLIC int
+lex_token_new(pool_handle_t * pool, int initlen, int growlen, void **token);
+
+NSAPI_PUBLIC int lex_token_start(void * token);
+
+NSAPI_PUBLIC
+char * lex_token_info(void * token, int * tdatalen, int * tbufflen);
+
+NSAPI_PUBLIC char * lex_token(void * token);
+
+NSAPI_PUBLIC void lex_token_destroy(void * token);
+
+NSAPI_PUBLIC
+char * lex_token_get(void * token, int * tdatalen, int * tbufflen);
+
+NSAPI_PUBLIC char * lex_token_take(void * token);
+
+NSAPI_PUBLIC
+int lex_token_append(void * token, int nbytes, char * src);
+
+NSAPI_PUBLIC
+int lex_next_char(LEXStream_t * lst, void * chtab, unsigned long cbits);
+
+NSAPI_PUBLIC
+int lex_scan_over(LEXStream_t * lst, void * chtab, unsigned long cbits,
+			 void * token);
+
+NSAPI_PUBLIC
+int lex_scan_string(LEXStream_t * lst, void * token, int flags);
+
+NSAPI_PUBLIC
+int lex_scan_to(LEXStream_t * lst, void * chtab, unsigned long cbits,
+                void * token);
+
+NSAPI_PUBLIC
+int lex_skip_over(LEXStream_t * lst, void * chtab, unsigned long cbits);
+
+NSAPI_PUBLIC
+int lex_skip_to(LEXStream_t * lst, void * chtab, unsigned long cbits);
+
+NSPR_END_EXTERN_C
+
+#endif /* __lexer_h */
diff --git a/include/base/nterr.h b/include/base/nterr.h
new file mode 100644
index 00000000..55d1be22
--- /dev/null
+++ b/include/base/nterr.h
@@ -0,0 +1,21 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+/*
+ * Added function prototypes for nterror stuff.
+ *
+ * Robin Maxwell
+ */
+
+#ifndef _NTERR_H
+#define _NTERR_H
+NSPR_BEGIN_EXTERN_C
+
+char * FindError(int error);
+NSAPI_PUBLIC void HashNtErrors();
+
+NSPR_END_EXTERN_C
+
+#endif /* _NTERR_H */
diff --git a/include/base/nterrors.h b/include/base/nterrors.h
new file mode 100644
index 00000000..f9e4aa1f
--- /dev/null
+++ b/include/base/nterrors.h
@@ -0,0 +1,67 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+/* DO NOT EDIT THIS FILE - it is automatically generated */
+
+typedef struct _NtError {
+	int ErrorNumber;
+	char *ErrorString;
+	struct _NtError *next;
+} NtError;
+
+NtError NtErrorStrings[] = {
+{ 10004 , "WSAEINTR" },
+{ 10009 , "WSAEBADF" },
+{ 10013 , "WSAEACCES" },
+{ 10014 , "WSAEFAULT" },
+{ 10022 , "WSAEINVAL" },
+{ 10024 , "WSAEMFILE" },
+{ 10035 , "WSAEWOULDBLOCK" },
+{ 10036 , "WSAEINPROGRESS" },
+{ 10037 , "WSAEALREADY" },
+{ 10038 , "WSAENOTSOCK" },
+{ 10039 , "WSAEDESTADDRREQ" },
+{ 10040 , "WSAEMSGSIZE" },
+{ 10041 , "WSAEPROTOTYPE" },
+{ 10042 , "WSAENOPROTOOPT" },
+{ 10043 , "WSAEPROTONOSUPPORT" },
+{ 10044 , "WSAESOCKTNOSUPPORT" },
+{ 10045 , "WSAEOPNOTSUPP" },
+{ 10046 , "WSAEPFNOSUPPORT" },
+{ 10047 , "WSAEAFNOSUPPORT" },
+{ 10048 , "WSAEADDRINUSE" },
+{ 10049 , "WSAEADDRNOTAVAIL" },
+{ 10050 , "WSAENETDOWN" },
+{ 10051 , "WSAENETUNREACH" },
+{ 10052 , "WSAENETRESET" },
+{ 10053 , "WSAECONNABORTED" },
+{ 10054 , "WSAECONNRESET" },
+{ 10055 , "WSAENOBUFS" },
+{ 10056 , "WSAEISCONN" },
+{ 10057 , "WSAENOTCONN" },
+{ 10058 , "WSAESHUTDOWN" },
+{ 10059 , "WSAETOOMANYREFS" },
+{ 10060 , "WSAETIMEDOUT" },
+{ 10061 , "WSAECONNREFUSED" },
+{ 10062 , "WSAELOOP" },
+{ 10063 , "WSAENAMETOOLONG" },
+{ 10064 , "WSAEHOSTDOWN" },
+{ 10065 , "WSAEHOSTUNREACH" },
+{ 10066 , "WSAENOTEMPTY" },
+{ 10067 , "WSAEPROCLIM" },
+{ 10068 , "WSAEUSERS" },
+{ 10069 , "WSAEDQUOT" },
+{ 10070 , "WSAESTALE" },
+{ 10071 , "WSAEREMOTE" },
+{ 10101 , "WSAEDISCON" },
+{ 10091 , "WSASYSNOTREADY" },
+{ 10092 , "WSAVERNOTSUPPORTED" },
+{ 10093 , "WSANOTINITIALISED" },
+{ 11001 , "WSAHOST_NOT_FOUND" },
+{ 11002 , "WSATRY_AGAIN" },
+{ 11003 , "WSANO_RECOVERY" },
+{ 11004 , "WSANO_DATA" },
+{ 0, NULL }
+};
diff --git a/include/base/plist.h b/include/base/plist.h
new file mode 100644
index 00000000..d9ab744f
--- /dev/null
+++ b/include/base/plist.h
@@ -0,0 +1,61 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef _PLIST_H
+#define _PLIST_H
+
+#ifndef NOINTNSACL
+#define INTNSACL
+#endif /* !NOINTNSACL */
+
+/*
+ * TYPE:        PList_t
+ *
+ * DESCRIPTION:
+ *
+ *      This type defines a handle for a property list.
+ */
+
+#include "base/pool.h"
+
+#ifndef PUBLIC_NSACL_PLISTDEF_H
+#include "../public/nsacl/plistdef.h"
+#endif /* !PUBLIC_NSACL_PLISTDEF_H */
+
+#ifdef INTNSACL
+
+/* Functions in plist.c */
+NSPR_BEGIN_EXTERN_C
+
+NSAPI_PUBLIC extern int PListAssignValue(PList_t plist, const char *pname,
+                            const void *pvalue, PList_t ptype);
+NSAPI_PUBLIC extern PList_t PListCreate(pool_handle_t *mempool,
+                           int resvprop, int maxprop, int flags);
+NSAPI_PUBLIC extern int PListDefProp(PList_t plist, int pindex, 
+                        const char *pname, const int flags);
+NSAPI_PUBLIC extern const void * PListDeleteProp(PList_t plist, int pindex, const char *pname);
+NSAPI_PUBLIC extern int PListFindValue(PList_t plist,
+                          const char *pname, void **pvalue, PList_t *type);
+NSAPI_PUBLIC extern int PListInitProp(PList_t plist, int pindex, const char *pname,
+                         const void *pvalue, PList_t ptype);
+NSAPI_PUBLIC extern PList_t PListNew(pool_handle_t *mempool);
+NSAPI_PUBLIC extern void PListDestroy(PList_t plist);
+NSAPI_PUBLIC extern int PListGetValue(PList_t plist,
+                         int pindex, void **pvalue, PList_t *type);
+NSAPI_PUBLIC extern int PListNameProp(PList_t plist, int pindex, const char *pname);
+NSAPI_PUBLIC extern int PListSetType(PList_t plist, int pindex, PList_t type);
+NSAPI_PUBLIC extern int PListSetValue(PList_t plist,
+                         int pindex, const void *pvalue, PList_t type);
+NSAPI_PUBLIC extern void PListEnumerate(PList_t plist, PListFunc_t *user_func, 
+                           void *user_data);
+NSAPI_PUBLIC extern PList_t
+PListDuplicate(PList_t plist, pool_handle_t *new_mempool, int flags);
+NSAPI_PUBLIC extern pool_handle_t *PListGetPool(PList_t plist);
+
+NSPR_END_EXTERN_C
+
+#endif /* INTNSACL */
+
+#endif /* _PLIST_H */
diff --git a/include/base/pool.h b/include/base/pool.h
new file mode 100644
index 00000000..bca055c7
--- /dev/null
+++ b/include/base/pool.h
@@ -0,0 +1,103 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef BASE_POOL_H
+#define BASE_POOL_H
+
+#ifndef NOINTNSAPI
+#define INTNSAPI
+#endif /* !NOINTNSAPI */
+
+/*
+ * pool.h
+ *
+ * Module for handling memory allocations.
+ *
+ * Notes:
+ * This module is used instead of the NSPR prarena module because the prarenas
+ * did not fit as cleanly into the existing server.
+ *
+ * Mike Belshe
+ * 10-02-95
+ *
+ */
+
+#ifdef MALLOC_POOLS
+
+#ifndef NETSITE_H
+#include "netsite.h"
+#endif /* !NETSITE_H */
+
+#ifndef BASE_PBLOCK_H
+#include "pblock.h"
+#endif /* !BASE_PBLOCK_H */
+
+#ifndef BASE_SESSION_H
+#include "session.h"
+#endif /* !BASE_SESSION_H */
+
+#ifndef FRAME_REQ_H
+#include "frame/req.h"
+#endif /* !FRAME_REQ_H */
+
+#ifndef PUBLIC_BASE_POOL_H
+#include "public/base/pool.h"
+#endif /* !PUBLIC_BASE_POOL_H */
+
+/* --- Begin function prototypes --- */
+
+#ifdef INTNSAPI
+
+NSPR_BEGIN_EXTERN_C
+
+int pool_internal_init(void);
+
+NSAPI_PUBLIC int INTpool_init(pblock *pb, Session *sn, Request *rq);
+
+#ifdef DEBUG_CACHES
+NSAPI_PUBLIC int INTpool_service_debug(pblock *pb, Session *sn, Request *rq);
+#endif
+
+NSAPI_PUBLIC pool_handle_t *INTpool_create(void);
+
+NSAPI_PUBLIC void INTpool_destroy(pool_handle_t *pool_handle);
+
+NSAPI_PUBLIC int INTpool_enabled(void);
+
+NSAPI_PUBLIC void *INTpool_malloc(pool_handle_t *pool_handle, size_t size );
+
+NSAPI_PUBLIC void INTpool_free(pool_handle_t *pool_handle, void *ptr );
+
+NSAPI_PUBLIC 
+void *INTpool_calloc(pool_handle_t *pool_handle, size_t nelem, size_t elsize);
+
+NSAPI_PUBLIC 
+void *INTpool_realloc(pool_handle_t *pool_handle, void *ptr, size_t size );
+
+NSAPI_PUBLIC
+char *INTpool_strdup(pool_handle_t *pool_handle, const char *orig_str );
+
+NSPR_END_EXTERN_C
+
+#define pool_init INTpool_init
+
+#ifdef DEBUG_CACHES
+#define pool_service_debug INTpool_service_debug
+#endif /* DEBUG_CACHES */
+
+#define pool_create INTpool_create
+#define pool_destroy INTpool_destroy
+#define pool_enabled INTpool_enabled
+#define pool_malloc INTpool_malloc
+#define pool_free INTpool_free
+#define pool_calloc INTpool_calloc
+#define pool_realloc INTpool_realloc
+#define pool_strdup INTpool_strdup
+
+#endif /* INTNSAPI */
+
+#endif /* MALLOC_POOLS */
+
+#endif /* !BASE_POOL_H_ */
diff --git a/include/base/rwlock.h b/include/base/rwlock.h
new file mode 100644
index 00000000..2111e97b
--- /dev/null
+++ b/include/base/rwlock.h
@@ -0,0 +1,54 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+/*
+ * rwlock.h: Shared/Exclusive lock abstraction. 
+ * 
+ * Sanjay Krishnamurthi
+ */
+#ifndef _BASE_RWLOCK_H_
+#define _BASE_RWLOCK_H_
+
+#include "netsite.h"
+#include "crit.h"
+
+NSPR_BEGIN_EXTERN_C
+
+typedef void* RWLOCK;
+
+/*
+ * rwlock_Init()
+ *  creates and returns a new readwrite lock variable. 
+ */
+NSAPI_PUBLIC RWLOCK rwlock_Init(void);
+
+/*
+ * rwlock_ReadLock()
+ */
+NSAPI_PUBLIC void rwlock_ReadLock(RWLOCK lock);
+
+/*
+ * rwlock_WriteLock()
+ */
+NSAPI_PUBLIC void rwlock_WriteLock(RWLOCK lock);
+
+/*
+ * rwlock_Unlock()
+ */
+NSAPI_PUBLIC void rwlock_Unlock(RWLOCK lock);
+
+/*
+ * rwlock_DemoteLock()
+ */
+NSAPI_PUBLIC void rwlock_DemoteLock(RWLOCK lock);
+
+/*
+ * rwlock_terminate removes a previously allocated RWLOCK variable.
+ */
+NSAPI_PUBLIC void rwlock_Terminate(RWLOCK lock);
+
+NSPR_END_EXTERN_C
+
+#endif /* _BASE_RWLOCK_H_ */
diff --git a/include/base/shexp.h b/include/base/shexp.h
new file mode 100644
index 00000000..f1a5aab6
--- /dev/null
+++ b/include/base/shexp.h
@@ -0,0 +1,114 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef BASE_SHEXP_H
+#define BASE_SHEXP_H
+
+#ifndef NOINTNSAPI
+#define INTNSAPI
+#endif /* !NOINTNSAPI */
+
+/*
+ * shexp.h: Defines and prototypes for shell exp. match routines
+ * 
+ *
+ * This routine will match a string with a shell expression. The expressions
+ * accepted are based loosely on the expressions accepted by zsh.
+ * 
+ * o * matches anything
+ * o ? matches one character
+ * o \ will escape a special character
+ * o $ matches the end of the string
+ * o [abc] matches one occurence of a, b, or c. The only character that needs
+ *         to be escaped in this is ], all others are not special.
+ * o [a-z] matches any character between a and z
+ * o [^az] matches any character except a or z
+ * o ~ followed by another shell expression will remove any pattern
+ *     matching the shell expression from the match list
+ * o (foo|bar) will match either the substring foo, or the substring bar.
+ *             These can be shell expressions as well.
+ * 
+ * The public interface to these routines is documented in
+ * public/base/shexp.h.
+ * 
+ * Rob McCool
+ * 
+ */
+
+/*
+ * Requires that the macro MALLOC be set to a "safe" malloc that will 
+ * exit if no memory is available. If not under MCC httpd, define MALLOC
+ * to be the real malloc and play with fire, or make your own function.
+ */
+
+#ifndef NETSITE_H
+#include "../netsite.h"
+#endif /* !NETSITE_H */
+
+#ifndef OS_CTYPE_H
+#include <ctype.h>  /* isalnum */
+#define OS_CTYPE_H
+#endif /* !OS_CTYPE_H */
+
+#ifndef OS_STRING_H
+#include <string.h> /* strlen */
+#define OS_STRING_H
+#endif /* !OS_STRING_H */
+
+/* See public/base/shexp.h or public/base/regexp.h concerning USE_REGEX */
+
+/*
+ * This little bit of nonsense is because USE_REGEX is currently
+ * supposed to be recognized only by the proxy.  If that's the
+ * case, only the proxy should define USE_REGEX, but I'm playing
+ * it safe.  XXXHEP 12/96
+ */
+#ifndef MCC_PROXY
+#ifdef USE_REGEX
+#define SAVED_USE_REGEX USE_REGEX
+#undef USE_REGEX
+#endif /* USE_REGEX */
+#endif /* !MCC_PROXY */
+
+#ifndef PUBLIC_BASE_SHEXP_H
+#include "public/base/shexp.h"
+#endif /* !PUBLIC_BASE_SHEXP_H */
+
+/* --- Begin function prototypes --- */
+
+#ifdef INTNSAPI
+
+NSPR_BEGIN_EXTERN_C
+
+NSAPI_PUBLIC int INTshexp_valid(char *exp);
+
+NSAPI_PUBLIC int INTshexp_match(char *str, char *exp);
+
+NSAPI_PUBLIC int INTshexp_cmp(char *str, char *exp);
+
+NSAPI_PUBLIC int INTshexp_casecmp(char *str, char *exp);
+
+NSPR_END_EXTERN_C
+
+/* --- End function prototypes --- */
+
+#define shexp_valid INTshexp_valid
+#define shexp_match INTshexp_match
+#define shexp_cmp INTshexp_cmp
+#define shexp_casecmp INTshexp_casecmp
+
+#endif /* INTNSAPI */
+
+/* Restore USE_REGEX definition for non-proxy.  See above. */
+#ifdef SAVED_USE_REGEX
+#define USE_REGEX SAVED_USE_REGEX
+#undef SAVED_USE_REGEX
+#endif /* SAVED_USE_REGEX */
+
+#ifdef USE_REGEX
+#include "base/regexp.h"
+#endif /* USE_REGEX */
+
+#endif /* !BASE_SHEXP_H */
diff --git a/include/base/systems.h b/include/base/systems.h
new file mode 100644
index 00000000..ca28c453
--- /dev/null
+++ b/include/base/systems.h
@@ -0,0 +1,565 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef BASE_SYSTEMS_H
+#define BASE_SYSTEMS_H
+
+#ifndef NOINTNSAPI
+#define INTNSAPI
+#endif /* !NOINTNSAPI */
+
+/*
+ * systems.h: Lists of defines for systems
+ * 
+ * This sets what general flavor the system is (UNIX, etc.), 
+ * and defines what extra functions your particular system needs.
+ */
+
+
+/* --- Begin common definitions for all supported platforms --- */
+
+#define DAEMON_ANY
+#define DAEMON_STATS
+
+/* --- End common definitions for all supported platforms --- */
+
+/* --- Begin platform-specific definitions --- */
+
+#if defined(AIX)
+
+#define ACCELERATOR_CACHE
+#define AUTH_DBM
+#define BSD_RLIMIT
+#undef BSD_SIGNALS
+/* AIX can handle really big shoes */
+#define DAEMON_LISTEN_SIZE 4096
+#define DAEMON_NEEDS_SEMAPHORE
+#define DAEMON_UNIX_MOBRULE
+#define DLL_CAPABLE
+#define DLL_DLOPEN
+#define DLL_DLOPEN_FLAGS RTLD_NOW|RTLD_GLOBAL
+#define DNS_CACHE
+#define FILE_INHERIT_FCNTL
+#define FILE_MMAP_FLAGS MAP_SHARED
+#define HAS_STATFS
+#define HAVE_ATEXIT
+#define HAVE_PW_R /* reent passwd routines */
+#define HAVE_STRERROR_R
+#define HAVE_STRTOK_R
+#define HAVE_TIME_R 2 /* arg count */
+#define HAVE_STRFTIME /* no cftime */
+#define JAVA_STATIC_LINK
+#undef NEED_CRYPT_H
+#define NEED_SETEID_PROTO /* setegid, seteuid */
+#define NEED_STRINGS_H /* for strcasecmp */
+#define NET_SOCKETS
+#define SA_HANDLER_T(x) (void (*)(int))x
+#if OSVERSION < 4210
+#define SA_NOCLDWAIT 0 /* AIX < 4.2 don't got this */
+#endif /* OSVERSION < 4210 */
+#define SHMEM_MMAP_FLAGS MAP_SHARED
+#ifdef HW_THREADS
+#define THREAD_ANY
+#endif
+
+#elif defined(BSDI)
+
+#define ACCELERATOR_CACHE
+#define AUTH_DBM
+#define BSD_MAIL
+#define BSD_RLIMIT
+#define BSD_SIGNALS
+#define BSD_TIME
+#define DAEMON_UNIX_MOBRULE
+#define DNS_CACHE
+#define FILE_INHERIT_FCNTL
+#define FILE_MMAP_FLAGS (MAP_FILE | MAP_SHARED)
+#define HAS_STATFS
+#define HAVE_ATEXIT
+#undef NEED_CRYPT_PROTO
+#define NET_SOCKETS
+#ifndef NO_DOMAINNAME
+#define NO_DOMAINNAME
+#endif
+#define SHMEM_MMAP_FLAGS MAP_SHARED
+#define JAVA_STATIC_LINK
+
+#elif defined(HPUX)
+
+#define ACCELERATOR_CACHE
+#define AUTH_DBM
+#undef BSD_RLIMIT
+#undef BSD_SIGNALS
+#ifdef MCC_PROXY
+#define DAEMON_NEEDS_SEMAPHORE
+#else
+#undef DAEMON_NEEDS_SEMAPHORE
+#endif
+#define DAEMON_UNIX_MOBRULE
+#define DLL_CAPABLE
+#define DLL_HPSHL
+#define DNS_CACHE
+#define FILE_INHERIT_FCNTL
+#define FILE_MMAP_FLAGS MAP_PRIVATE
+#define HAS_STATFS
+#define HAVE_ATEXIT
+#define HAVE_STRFTIME
+#define JAVA_STATIC_LINK
+#undef NEED_CRYPT_H
+#define NET_SOCKETS
+#define SA_HANDLER_T(x) (void (*)(int))x
+/* warning: mmap doesn't work under 9.04 */
+#define SHMEM_MMAP_FLAGS MAP_FILE | MAP_VARIABLE | MAP_SHARED
+
+#elif defined (IRIX)
+
+#define ACCELERATOR_CACHE
+#define AUTH_DBM
+#define BSD_RLIMIT
+#undef BSD_SIGNALS
+#define DAEMON_UNIX_MOBRULE
+#define DLL_CAPABLE
+#define DLL_DLOPEN
+#define DLL_DLOPEN_FLAGS RTLD_NOW
+#define DNS_CACHE
+#define FILE_INHERIT_FCNTL
+#define FILE_MMAP_FLAGS MAP_SHARED
+#define HAS_STATVFS
+#define HAVE_ATEXIT
+#define HAVE_STRTOK_R
+#ifdef IRIX
+#define HAVE_TIME_R 2 /* arg count */
+#else
+#define HAVE_TIME_R 3 /* arg count */
+#define NEED_SETEID_PROTO /* setegid, seteuid */
+#endif
+#define JAVA_STATIC_LINK
+#define NEED_CRYPT_H
+#define NET_SOCKETS
+#define SA_HANDLER_T(x) (void (*)(int))x
+#define SHMEM_MMAP_FLAGS MAP_SHARED
+#define THROW_HACK throw()
+
+#elif defined(NCR)
+
+#define ACCELERATOR_CACHE
+#define AUTH_DBM
+#undef BSD_RLIMIT
+/* #define DAEMON_NEEDS_SEMAPHORE */
+#define DAEMON_UNIX_MOBRULE
+#define DLL_CAPABLE
+#define DLL_DLOPEN
+#define DLL_DLOPEN_FLAGS RTLD_NOW
+#define DNS_CACHE
+#define FILE_INHERIT_FCNTL
+#define FILE_MMAP_FLAGS MAP_SHARED
+#define HAS_STATVFS
+#define HAVE_ATEXIT
+#define HAVE_STRTOK_R
+#define JAVA_STATIC_LINK
+#define NEED_CRYPT_H
+#define NEED_FILIO
+#define NEED_GHN_PROTO
+#define NET_SOCKETS
+#define SHMEM_MMAP_FLAGS MAP_SHARED
+
+#elif defined(NEC)
+
+#define ACCELERATOR_CACHE
+#define DNS_CACHE
+#define AUTH_DBM
+#undef BSD_RLIMIT
+#define DAEMON_NEEDS_SEMAPHORE
+#define DAEMON_UNIX_MOBRULE
+#define DLL_DLOPEN
+#define DLL_DLOPEN_FLAGS RTLD_NOW
+#define DLL_CAPABLE
+#define FILE_INHERIT_FCNTL
+#define FILE_MMAP_FLAGS MAP_SHARED
+#define HAS_STATVFS
+#define HAVE_ATEXIT
+#define HAVE_STRTOK_R
+#define HAVE_TIME_R 2 /* arg count */
+#define JAVA_STATIC_LINK
+#define NEED_CRYPT_H
+#define NEED_FILIO
+#define NET_SOCKETS
+#define SHMEM_MMAP_FLAGS MAP_SHARED
+
+#elif defined(OSF1)
+
+#define ACCELERATOR_CACHE
+#define AUTH_DBM
+#define BSD_RLIMIT
+#undef BSD_SIGNALS
+#define BSD_TIME
+#define DAEMON_NEEDS_SEMAPHORE
+#define DAEMON_UNIX_MOBRULE
+#define DLL_CAPABLE
+#define DLL_DLOPEN
+#define DLL_DLOPEN_FLAGS RTLD_NOW
+#define DNS_CACHE
+#define FILE_INHERIT_FCNTL
+#define FILE_MMAP_FLAGS MAP_SHARED
+#define HAVE_ATEXIT
+#define HAVE_STRFTIME /* no cftime */
+#define HAVE_TIME_R 2 /* ctime_r arg count */
+#define NET_SOCKETS
+#define SA_HANDLER_T(x) (void (*)(int))x
+#define SHMEM_MMAP_FLAGS MAP_SHARED
+
+#elif defined(SCO)
+
+#define ACCELERATOR_CACHE
+#define AUTH_DBM
+#undef BSD_RLIMIT
+#undef BSD_SIGNALS
+#define DAEMON_NEEDS_SEMAPHORE
+#define DAEMON_UNIX_MOBRULE
+#define DLL_CAPABLE
+#define DLL_DLOPEN
+#define DLL_DLOPEN_FLAGS RTLD_NOW
+#define DNS_CACHE
+#define FILE_INHERIT_FCNTL
+#define FILE_MMAP_FLAGS MAP_SHARED
+#define HAS_STATVFS
+#define HAVE_ATEXIT
+#undef NEED_CRYPT_H
+#undef NEED_FILIO
+#undef NEED_GHN_PROTO
+#undef NEED_SETEID_PROTO /* setegid, seteuid */
+#define NET_SOCKETS
+#define SHMEM_MMAP_FLAGS MAP_SHARED
+#define SA_HANDLER_T(x) (void (*)(int))x
+
+
+#elif defined(SNI)
+
+#define ACCELERATOR_CACHE
+#define AUTH_DBM
+#undef BSD_RLIMIT
+#define DAEMON_NEEDS_SEMAPHORE
+#define DAEMON_UNIX_MOBRULE
+#define DLL_CAPABLE
+#define DLL_DLOPEN
+#define DLL_DLOPEN_FLAGS RTLD_NOW
+#define DNS_CACHE
+#define FILE_INHERIT_FCNTL
+#define FILE_MMAP_FLAGS MAP_SHARED
+#define HAS_STATVFS
+#define HAVE_ATEXIT
+#define JAVA_STATIC_LINK
+#define NEED_CRYPT_H
+#define NEED_FILIO
+#define NEED_SETEID_PROTO /* setegid, seteuid */
+#define NET_SOCKETS
+#define SHMEM_MMAP_FLAGS MAP_SHARED
+#define TCPLEN_T size_t
+#define USE_PIPE
+/*
+ * define this if your C++ platform has separate inline functions for
+ * e.g. const char *strchr(const char *, char)
+ *  and
+ *      char *strchr(char *, char)
+ * and your compiler complains about this:
+ * func(const char *bla)
+ * {
+ *     char *fasel = strchr(bla, '.');
+ * ....
+ * because it says that you cannot initialize a char * with a const char *
+ */
+#define HAS_CONSTVALUED_STRFUNCS
+
+/* hack for C++ platforms where bool is a keyword */
+#ifndef boolean
+#define boolean boolean
+#endif
+
+#elif defined(Linux)
+
+#define ACCELERATOR_CACHE
+#define DNS_CACHE
+#define FILE_INHERIT_FCNTL
+#define DAEMON_UNIX_MOBRULE
+#define BSD_RLIMIT
+#undef BSD_SIGNALS
+#define FILE_UNIX_MMAP
+#define FILE_MMAP_FLAGS (MAP_FILE | MAP_SHARED)
+#define SHMEM_UNIX_MMAP
+#define SHMEM_MMAP_FLAGS MAP_SHARED
+#define AUTH_DBM
+#define SEM_FLOCK
+#define DLL_CAPABLE
+#define DLL_DLOPEN
+#define DLL_DLOPEN_FLAGS RTLD_NOW
+#define HAVE_ATEXIT
+#define HAS_STATFS
+#define JAVA_STATIC_LINK
+#define SA_HANDLER_T(x) (void (*)(int))(x)
+#define SA_NOCLDWAIT 0 /* Linux doesn't have this */
+#define TCPLEN_T size_t
+
+#undef NEED_CRYPT_PROTO
+#define NET_SOCKETS
+#ifndef NO_DOMAINNAME
+#define NO_DOMAINNAME
+#endif
+#elif defined(SOLARIS) || defined(SOLARISx86)
+
+#define ACCELERATOR_CACHE
+#define AUTH_DBM
+#define BSD_RLIMIT
+#undef BSD_SIGNALS
+#define DAEMON_NEEDS_SEMAPHORE
+#define DAEMON_UNIX_MOBRULE
+#define DLL_CAPABLE
+#define DLL_DLOPEN
+#define DLL_DLOPEN_FLAGS RTLD_NOW
+#define DNS_CACHE
+#define FILE_INHERIT_FCNTL
+#define FILE_MMAP_FLAGS MAP_SHARED
+#define HAS_STATVFS
+#define HAVE_ATEXIT
+#define HAVE_PW_R
+#define HAVE_STRTOK_R
+#define HAVE_TIME_R 3 /* arg count */
+#define NEED_CRYPT_H
+#define NEED_FILIO
+#if OSVERSION < 506 || OSVERSION == 50501
+#define NEED_GHN_PROTO
+#endif
+#define NET_SOCKETS
+#if OSVERSION > 504 
+#define SA_HANDLER_T(x) x 
+#endif
+#define SHMEM_MMAP_FLAGS MAP_SHARED
+
+#elif defined (SONY)
+
+#define AUTH_DBM
+#undef BSD_RLIMIT
+#define DAEMON_NEEDS_SEMAPHORE
+#define DAEMON_UNIX_MOBRULE
+#define DLL_CAPABLE
+#define FILE_INHERIT_FCNTL
+#define FILE_MMAP_FLAGS MAP_SHARED
+#define HAVE_ATEXIT
+#define NEED_CRYPT_H
+#define NEED_FILIO
+#define NET_SOCKETS
+#define SHMEM_MMAP_FLAGS MAP_SHARED
+
+#elif defined(SUNOS4)
+
+#define ACCELERATOR_CACHE
+#define AUTH_DBM
+#define BSD_MAIL
+#define BSD_RLIMIT
+#define BSD_SIGNALS
+#define BSD_TIME
+#define DAEMON_UNIX_MOBRULE
+#define DLL_CAPABLE
+#define DLL_DLOPEN
+#define DLL_DLOPEN_FLAGS 1
+#define DNS_CACHE
+#define FILE_INHERIT_FCNTL
+#define FILE_MMAP_FLAGS MAP_SHARED
+#define HAS_STATFS
+#undef HAVE_ATEXIT
+#undef NEED_CRYPT_H
+#define NEED_CRYPT_PROTO
+#define NEED_FILIO
+#define NET_SOCKETS
+#define SHMEM_MMAP_FLAGS MAP_SHARED
+
+#elif defined(UNIXWARE) || defined(UnixWare)
+
+#define ACCELERATOR_CACHE
+#define AUTH_DBM
+#undef BSD_RLIMIT
+#define DAEMON_UNIX_MOBRULE
+#define DLL_CAPABLE
+#define DLL_DLOPEN
+#define DLL_DLOPEN_FLAGS RTLD_NOW
+#define DNS_CACHE
+#define FILE_INHERIT_FCNTL
+#define FILE_MMAP_FLAGS MAP_SHARED
+#define HAS_STATVFS
+#define HAVE_ATEXIT
+#define NEED_CRYPT_H
+#define NEED_FILIO
+#define NEED_GHN_PROTO
+#define NEED_SETEID_PROTO /* setegid, seteuid */
+#define NET_SOCKETS
+#define SHMEM_MMAP_FLAGS MAP_SHARED
+
+#ifndef boolean
+#define boolean boolean
+#endif
+
+#if defined (UnixWare)
+/* UnixWare but not UNIXWARE... */
+#define NEED_STRINGS_H /* for strcasecmp */
+#define SA_HANDLER_T(x) (void (*)(int))x
+#endif
+
+#elif defined (XP_WIN32)      /* Windows NT */
+
+#include <wtypes.h>
+#include <winbase.h>
+
+typedef void* PASSWD;
+
+#define ACCELERATOR_CACHE
+#define AUTH_DBM
+/* size has been raised to 200 with NT 4.0 server; NT 4.0 workstation is still
+ * limited
+ */
+#define DAEMON_LISTEN_SIZE 200
+#define DAEMON_WIN32
+#define DLL_CAPABLE
+#define DLL_WIN32
+#define DNS_CACHE
+#define LOG_BUFFERING
+#define HAVE_STRFTIME /* no cftime */
+#define NEED_CRYPT_PROTO
+#define NEEDS_WRITEV
+#define NET_SOCKETS
+#ifndef NO_DOMAINNAME
+#define NO_DOMAINNAME
+#endif
+#ifdef BUILD_DLL
+#define NSAPI_PUBLIC __declspec(dllexport)
+#else
+#define NSAPI_PUBLIC
+#endif /* BUILD_DLL */
+#define THREAD_ANY
+#define THREAD_NSPR_KERNEL
+#define USE_NSPR
+#define USE_STRFTIME /* no cftime */
+
+#else
+
+#error "Missing defines in ns/netsite/include/base/systems.h"
+
+#endif	/* Windows NT */
+
+/* Pick up the configuration symbols in the public interface */
+#ifndef PUBLIC_BASE_SYSTEMS_H
+#include "public/base/systems.h"
+#endif /* PUBLIC_BASE_SYSTEMS_H */
+
+/* --- Begin defaults for values not defined above --- */
+
+#ifndef DAEMON_LISTEN_SIZE
+#define DAEMON_LISTEN_SIZE 128
+#endif /* !DAEMON_LISTEN_SIZE */
+
+#ifndef SA_HANDLER_T
+#define SA_HANDLER_T(x) (void (*)())x 
+#endif
+
+#ifdef HAS_CONSTVALUED_STRFUNCS
+#define CONSTVALSTRCAST (char *)
+#else
+#define CONSTVALSTRCAST
+#endif
+
+#ifndef TCPLEN_T
+#define TCPLEN_T int
+#endif
+
+#ifndef THROW_HACK
+#define THROW_HACK /* as nothing */
+#endif
+
+
+/* --- End defaults for values not defined above --- */
+
+/* --- Begin the great debate --- */
+
+/* NS_MAIL builds sec-key.c which calls systhread_init, which requires */
+/* that USE_NSPR is defined when systhr.c is compiled.  --lachman */
+/* MCC_PROXY does the same thing now --nbreslow -- LIKE HELL --ari */
+#if (defined(MCC_HTTPD) || defined(MCC_ADMSERV) || defined(MCC_PROXY) || defined(NS_MAIL)) && defined(XP_UNIX)
+#define USE_NSPR
+/* XXXrobm This is UNIX-only for the moment */
+#define LOG_BUFFERING
+#ifdef SW_THREADS
+#define THREAD_NSPR_USER
+#else
+#define THREAD_NSPR_KERNEL
+#ifdef IRIX 
+#undef SEM_FLOCK
+#define SEM_IRIX
+#endif 
+#endif
+#define THREAD_ANY
+#endif
+
+/* --- End the great debate --- */
+
+#ifndef APSTUDIO_READONLY_SYMBOLS
+
+#ifndef NSPR_PRIO_H
+#include <prio.h>
+#define NSPR_PRIO_H
+#endif /* !NSPR_PRIO_H */
+
+/*
+ * These types have to be defined early, because they are defined
+ * as (void *) in the public API.
+ */
+
+#ifndef SYS_FILE_T
+typedef PRFileDesc *SYS_FILE;
+#define SYS_FILE_T PRFileDesc *
+#endif /* !SYS_FILE_T */
+
+#ifndef SYS_NETFD_T
+typedef PRFileDesc *SYS_NETFD;
+#define SYS_NETFD_T PRFileDesc *
+#endif /* !SYS_NETFD_T */
+
+#ifdef SEM_WIN32
+
+typedef HANDLE SEMAPHORE;
+#define SEMAPHORE_T HANDLE
+#define SEM_ERROR NULL
+/* That oughta hold them (I hope) */
+#define SEM_MAXVALUE 32767
+
+#elif defined(SEM_IRIX)
+
+#ifndef OS_ULOCKS_H
+#include <ulocks.h>
+#define OS_ULOCKS_H
+#endif /* !OS_ULOCKS_H */
+
+typedef struct {
+    usptr_t *arena;
+    usema_t *sem;
+} semirix_s;
+typedef semirix_s* SEMAPHORE;
+#define SEMAPHORE_T semirix_s *
+#define SEM_ERROR NULL
+
+#elif defined(SEM_FLOCK)
+
+#define SEMAPHORE_T SYS_FILE
+typedef SYS_FILE SEMAPHORE;
+#define SEM_ERROR NULL
+
+#else /* ! SEM_WIN32, !SEM_IRIX */
+
+typedef int SEMAPHORE;
+#define SEMAPHORE_T int
+#define SEM_ERROR -1
+
+#endif /* SEM_WIN32 */
+
+#endif /* !APSTUDIO_READONLY_SYMBOLS */
+
+#endif /* BASE_SYSTEMS_H */
diff --git a/include/base/systhr.h b/include/base/systhr.h
new file mode 100644
index 00000000..714246df
--- /dev/null
+++ b/include/base/systhr.h
@@ -0,0 +1,91 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef BASE_SYSTHR_H
+#define BASE_SYSTHR_H
+
+#ifndef NOINTNSAPI
+#define INTNSAPI
+#endif /* !NOINTNSAPI */
+
+/*
+ * systhr.h: Abstracted threading mechanisms
+ * 
+ * Rob McCool
+ */
+
+#ifndef NETSITE_H
+#include "netsite.h"
+#endif /* !NETSITE_H */
+
+#ifdef THREAD_ANY
+
+#ifndef PUBLIC_BASE_SYSTHR_H
+#include "public/base/systhr.h"
+#endif /* !PUBLIC_BASE_SYSTHR_H */
+
+/* --- Begin function prototypes --- */
+
+#ifdef INTNSAPI
+
+NSPR_BEGIN_EXTERN_C
+
+#ifdef UnixWare
+typedef void(*ArgFn_systhread_start)(void *);
+NSAPI_PUBLIC
+SYS_THREAD INTsysthread_start( int prio, int stksz, \
+                              ArgFn_systhread_start, void *arg);
+#else
+NSAPI_PUBLIC
+SYS_THREAD INTsysthread_start(int prio, int stksz, void (*fn)(void *), void *arg);
+#endif
+
+NSAPI_PUBLIC SYS_THREAD INTsysthread_current(void);
+
+NSAPI_PUBLIC void INTsysthread_yield(void);
+
+NSAPI_PUBLIC SYS_THREAD INTsysthread_attach(void);
+
+NSAPI_PUBLIC void INTsysthread_detach(SYS_THREAD thr);
+
+NSAPI_PUBLIC void INTsysthread_terminate(SYS_THREAD thr);
+
+NSAPI_PUBLIC void INTsysthread_sleep(int milliseconds);
+
+NSAPI_PUBLIC void INTsysthread_init(char *name);
+
+NSAPI_PUBLIC void INTsysthread_timerset(int usec);
+
+NSAPI_PUBLIC int INTsysthread_newkey(void);
+
+NSAPI_PUBLIC void *INTsysthread_getdata(int key);
+
+NSAPI_PUBLIC void INTsysthread_setdata(int key, void *data);
+
+NSAPI_PUBLIC 
+void INTsysthread_set_default_stacksize(unsigned long size);
+
+NSPR_END_EXTERN_C
+
+/* --- End function prototypes --- */
+#define systhread_start INTsysthread_start
+#define systhread_current INTsysthread_current
+#define systhread_yield INTsysthread_yield
+#define systhread_attach INTsysthread_attach
+#define systhread_detach INTsysthread_detach
+#define systhread_terminate INTsysthread_terminate
+#define systhread_sleep INTsysthread_sleep
+#define systhread_init INTsysthread_init
+#define systhread_timerset INTsysthread_timerset
+#define systhread_newkey INTsysthread_newkey
+#define systhread_getdata INTsysthread_getdata
+#define systhread_setdata INTsysthread_setdata
+#define systhread_set_default_stacksize INTsysthread_set_default_stacksize
+
+#endif /* INTNSAPI */
+
+#endif /* THREAD_ANY */
+
+#endif /* !BASE_SYSTHR_H */
diff --git a/include/base/util.h b/include/base/util.h
new file mode 100644
index 00000000..7778b924
--- /dev/null
+++ b/include/base/util.h
@@ -0,0 +1,210 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef BASE_UTIL_H
+#define BASE_UTIL_H
+
+#ifndef NOINTNSAPI
+#define INTNSAPI
+#endif /* !NOINTNSAPI */
+
+/*
+ * util.h: A hodge podge of utility functions and standard functions which 
+ *         are unavailable on certain systems
+ * 
+ * Rob McCool
+ */
+
+/* Needed for various reentrant functions */
+#define DEF_CTIMEBUF 26
+#define DEF_ERRBUF 256
+#define DEF_PWBUF 256
+
+#ifndef BASE_BUFFER_H
+#include "buffer.h"    /* filebuf for getline */
+#endif /* !BASE_BUFFER_H */
+
+#ifndef PUBLIC_BASE_UTIL_H
+#include "public/base/util.h"
+#endif /* !PUBLIC_BASE_UTIL_H */
+
+/* --- Begin common function prototypes --- */
+
+#ifdef INTNSAPI
+
+NSPR_BEGIN_EXTERN_C
+
+NSAPI_PUBLIC
+int INTutil_getline(filebuffer *buf, int lineno, int maxlen, char *l);
+
+NSAPI_PUBLIC char **INTutil_env_create(char **env, int n, int *pos);
+
+NSAPI_PUBLIC char *INTutil_env_str(char *name, char *value);
+
+NSAPI_PUBLIC void INTutil_env_replace(char **env, char *name, char *value);
+
+NSAPI_PUBLIC void INTutil_env_free(char **env);
+
+NSAPI_PUBLIC char **INTutil_env_copy(char **src, char **dst);
+
+NSAPI_PUBLIC char *INTutil_env_find(char **env, char *name);
+
+NSAPI_PUBLIC char *INTutil_hostname(void);
+
+NSAPI_PUBLIC int INTutil_chdir2path(char *path);
+
+NSAPI_PUBLIC int INTutil_is_mozilla(char *ua, char *major, char *minor);
+
+NSAPI_PUBLIC int INTutil_is_url(char *url);
+
+NSAPI_PUBLIC int INTutil_later_than(struct tm *lms, char *ims);
+
+NSAPI_PUBLIC int INTutil_time_equal(struct tm *lms, char *ims);
+
+NSAPI_PUBLIC int INTutil_str_time_equal(char *t1, char *t2);
+
+NSAPI_PUBLIC int INTutil_uri_is_evil(char *t);
+
+NSAPI_PUBLIC void INTutil_uri_parse(char *uri);
+
+NSAPI_PUBLIC void INTutil_uri_unescape(char *s);
+
+NSAPI_PUBLIC char *INTutil_uri_escape(char *d, char *s);
+
+NSAPI_PUBLIC char *INTutil_url_escape(char *d, char *s);
+
+NSAPI_PUBLIC char *INTutil_sh_escape(char *s);
+
+NSAPI_PUBLIC int INTutil_mime_separator(char *sep);
+
+NSAPI_PUBLIC int INTutil_itoa(int i, char *a);
+
+NSAPI_PUBLIC
+int INTutil_vsprintf(char *s, register const char *fmt, va_list args);
+
+NSAPI_PUBLIC int INTutil_sprintf(char *s, const char *fmt, ...);
+
+NSAPI_PUBLIC int INTutil_vsnprintf(char *s, int n, register const char *fmt, 
+                                  va_list args);
+
+NSAPI_PUBLIC int INTutil_snprintf(char *s, int n, const char *fmt, ...);
+
+NSAPI_PUBLIC int INTutil_strftime(char *s, const char *format, const struct tm *t);
+
+NSAPI_PUBLIC char *INTutil_strtok(char *s1, const char *s2, char **lasts);
+
+NSAPI_PUBLIC struct tm *INTutil_localtime(const time_t *clock, struct tm *res);
+
+NSAPI_PUBLIC char *INTutil_ctime(const time_t *clock, char *buf, int buflen);
+
+NSAPI_PUBLIC char *INTutil_strerror(int errnum, char *msg, int buflen);
+
+NSAPI_PUBLIC struct tm *INTutil_gmtime(const time_t *clock, struct tm *res);
+
+NSAPI_PUBLIC char *INTutil_asctime(const struct tm *tm,char *buf, int buflen);
+
+#ifdef NEED_STRCASECMP
+NSAPI_PUBLIC int INTutil_strcasecmp(CASECMPARG_T char *one, CASECMPARG_T char *two);
+#endif /* NEED_STRCASECMP */
+
+#ifdef NEED_STRNCASECMP
+NSAPI_PUBLIC int INTutil_strncasecmp(CASECMPARG_T char *one, CASECMPARG_T char *two, int n);
+#endif /* NEED_STRNCASECMP */
+
+/* --- End common function prototypes --- */
+
+/* --- Begin Unix-only function prototypes --- */
+
+#ifdef XP_UNIX
+
+NSAPI_PUBLIC int INTutil_can_exec(struct stat *finfo, uid_t uid, gid_t gid);
+
+NSAPI_PUBLIC
+struct passwd *INTutil_getpwnam(const char *name, struct passwd *result,
+                               char *buffer,  int buflen);
+
+NSAPI_PUBLIC pid_t INTutil_waitpid(pid_t pid, int *statptr, int options);
+
+#endif /* XP_UNIX */
+
+/* --- End Unix-only function prototypes --- */
+
+/* --- Begin Windows-only function prototypes --- */
+
+#ifdef XP_WIN32
+
+NSAPI_PUBLIC
+VOID INTutil_delete_directory(char *FileName, BOOL delete_directory);
+
+#endif /* XP_WIN32 */
+
+/* --- End Windows-only function prototypes --- */
+
+NSPR_END_EXTERN_C
+
+#define util_getline INTutil_getline
+#define util_env_create INTutil_env_create
+#define util_env_str INTutil_env_str
+#define util_env_replace INTutil_env_replace
+#define util_env_free INTutil_env_free
+#define util_env_copy INTutil_env_copy
+#define util_env_find INTutil_env_find
+#define util_hostname INTutil_hostname
+#define util_chdir2path INTutil_chdir2path
+#define util_is_mozilla INTutil_is_mozilla
+#define util_is_url INTutil_is_url
+#define util_later_than INTutil_later_than
+#define util_time_equal INTutil_time_equal
+#define util_str_time_equal INTutil_str_time_equal
+#define util_uri_is_evil INTutil_uri_is_evil
+#define util_uri_parse INTutil_uri_parse
+#define util_uri_unescape INTutil_uri_unescape
+#define util_uri_escape INTutil_uri_escape
+#define util_url_escape INTutil_url_escape
+#define util_sh_escape INTutil_sh_escape
+#define util_mime_separator INTutil_mime_separator
+#define util_itoa INTutil_itoa
+#define util_vsprintf INTutil_vsprintf
+#define util_sprintf INTutil_sprintf
+#define util_vsnprintf INTutil_vsnprintf
+#define util_snprintf INTutil_snprintf
+#define util_strftime INTutil_strftime
+#define util_strcasecmp INTutil_strcasecmp
+#define util_strncasecmp INTutil_strncasecmp
+#define util_strtok INTutil_strtok
+#define util_localtime INTutil_localtime
+#define util_ctime INTutil_ctime
+#define util_strerror INTutil_strerror
+#define util_gmtime INTutil_gmtime
+#define util_asctime INTutil_asctime
+
+#ifdef XP_UNIX
+#define util_can_exec INTutil_can_exec
+#define util_getpwnam INTutil_getpwnam
+#define util_waitpid INTutil_waitpid
+#endif /* XP_UNIX */
+
+#ifdef XP_WIN32
+#define util_delete_directory INTutil_delete_directory
+#endif /* XP_WIN32 */
+
+#ifdef NEED_STRCASECMP
+#define util_strcasecmp INTutil_strcasecmp
+#define strcasecmp INTutil_strcasecmp
+#endif /* NEED_STRCASECMP */
+
+#ifdef NEED_STRINGS_H /* usually for strcasecmp */
+#include <strings.h>
+#endif
+
+#ifdef NEED_STRNCASECMP
+#define util_strncasecmp INTutil_strncasecmp
+#define strncasecmp INTutil_strncasecmp
+#endif /* NEED_STRNCASECMP */
+
+#endif /* INTNSAPI */
+
+#endif /* !BASE_UTIL_H */
+
diff --git a/include/copyrght.h b/include/copyrght.h
new file mode 100644
index 00000000..4f8ec167
--- /dev/null
+++ b/include/copyrght.h
@@ -0,0 +1,6 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
diff --git a/include/i18n.h b/include/i18n.h
new file mode 100644
index 00000000..1a6e67c4
--- /dev/null
+++ b/include/i18n.h
@@ -0,0 +1,245 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef I18N_H
+#define I18N_H
+
+/* Make NSAPI_PUBLIC available */
+#include "base/systems.h"
+#include "libadminutil/resource.h"
+
+typedef res_RESOURCE_TABLE RESOURCE_TABLE;
+typedef res_RESOURCE_GLOBAL RESOURCE_GLOBAL;
+
+/*******************************************************************************/
+
+/*
+ * In accordance with the recommendations in the 
+ * "Netscape Coding Standard for Server Internationalization",
+ * the following aliases are defined for fprintf, et al., and
+ * these aliases should be used to clearly indicate the intended
+ * destination for output.
+ */
+
+#define AdminFprintf  fprintf
+#define DebugFprintf  fprintf
+
+#define ClientSprintf sprintf
+#define AdminSprintf  sprintf
+#define DebugSprintf  sprintf
+
+#define ClientFputs   fputs
+#define AdminFputs    fputs
+#define DebugFputs    fputs
+
+/* more #define, as needed */
+
+/*******************************************************************************/
+
+/*
+ * Function prototypes for application and libraries
+ */
+
+
+#ifdef __cplusplus
+extern "C" 
+{
+#endif
+
+/***************************/
+/* XP_InitStringDatabase() */
+/***************************/
+
+NSAPI_PUBLIC
+void
+XP_InitStringDatabase(char* pathCWD, char* databaseName);
+
+/* Initialize the resource string database */
+
+/******************************/
+/* XP_GetStringFromDatabase() */
+/******************************/
+
+NSAPI_PUBLIC
+extern char*
+XP_GetStringFromDatabase(char* strLibraryName,
+                         char* strLanguage,
+                         int iToken);
+
+/* Given the LibraryName, Language and Token, extracts the string corresponding
+   to that library and token from the database in the language requested and
+   returns a pointer to the string.  Note: Use the macros XP_GetClientStr() and
+   XP_GetAdminStr() defined below to simplify source code. */
+
+/*****************/
+/* SetLanguage() */
+/*****************/
+enum
+{
+	CLIENT_LANGUAGE,
+	ADMIN_LANGUAGE,
+	DEFAULT_LANGUAGE
+};
+
+NSAPI_PUBLIC
+extern void
+SetLanguage(int type, char *language);
+
+/* Set language for Client, Admin and Default, XP_GetStringFromDatabase will
+   base on the setting to retrieve correct string for specific language */
+ 
+/***********************/
+/* GetClientLanguage() */
+/***********************/
+
+NSAPI_PUBLIC
+extern char*
+GetClientLanguage(void);
+
+/* Returns a pointer to a string with the name of the language requested by
+   the current client; intended to be passed to XP_GetStringFromDatabase()
+   and used by the front end macro XP_GetClientStr(). */
+
+/**********************/
+/* GetAdminLanguage() */
+/**********************/
+
+NSAPI_PUBLIC
+extern char*
+GetAdminLanguage(void);
+
+/* Returns a pointer to a string with the name of the language requested by
+   the administrator; intended to be passed to XP_GetStringFromDatabase()
+   and used by the front end macro XP_GetAdminStr(). */
+
+/************************/
+/* GetDefaultLanguage() */
+/************************/
+
+NSAPI_PUBLIC
+extern char*
+GetDefaultLanguage(void);
+
+/* Returns a pointer to a string with the name of the default language
+   for the installation from the configuration file. */
+
+/************************/
+/* GetFileForLanguage() */
+/************************/
+
+NSAPI_PUBLIC
+int
+GetFileForLanguage(char* filepath,char* language,char* existingFilepath);
+
+/* Looks for a file in the appropriate language.
+
+   Input: filePath,language
+   filePath is of the form "/xxx/xxx/$$LANGDIR/xxx/xxx/filename"
+            or of the form "/xxx/xxx/xxx/xxx/filename".
+   filename may or may not have an extension.
+   language is an Accept-Language list; each language-range will be
+     tried as a subdirectory name and possibly as a filename modifier.
+     "*" is ignored - default always provided if needed.
+     "-" is replaced by "_".
+   $$LANGDIR is a special string replaced by language. It is optional.
+     For the default case, $$LANGDIR/ is replaced by nothing
+     (so // is not created).
+   
+   Returned: existingPath
+   existingFilePath is the path of a satisfactory, existing file.
+   if no file is found, an empty string "" is returned.
+   
+   int returned: -1 if no file found (existingFilePath = "")
+                  0 if default file is returned
+                  1 if language file is returned (any in list) */
+
+/********************/
+/* XP_AccLangList() */
+/********************/
+
+#define MAX_ACCEPT_LANGUAGE 16
+#define MAX_ACCEPT_LENGTH 18
+
+typedef char ACCEPT_LANGUAGE_LIST[MAX_ACCEPT_LANGUAGE][MAX_ACCEPT_LENGTH];
+
+NSAPI_PUBLIC
+int
+XP_AccLangList(char* AcceptLanguage,
+               ACCEPT_LANGUAGE_LIST AcceptLanguageList);
+
+#ifdef __cplusplus
+}
+#endif
+
+
+/*******************************************************************************/
+
+/*
+ * Function prototypes for building string database
+ */
+
+extern int XP_MakeStringDatabase(void);
+
+/* Used to create the string database at build time; not used by the application
+   itself.  Returns 0 is successful. */
+
+extern void XP_PrintStringDatabase(void);
+
+/* DEBUG: Prints out entire string database to standard output. */
+
+/*******************************************************************************/
+
+/*
+ * Macros to simplify calls to XP_GetStringFromDatabase
+ * (need one argument instead of three)
+ */
+
+#define XP_GetClientStr(DBTTokenName)                  \
+        XP_GetStringFromDatabase(LIBRARY_NAME,         \
+                                 GetClientLanguage(),  \
+                                 DBTTokenName)
+
+#define XP_GetAdminStr(DBTTokenName)                   \
+        XP_GetStringFromDatabase(LIBRARY_NAME,         \
+                                 "en",   \
+                                 DBTTokenName)
+
+/*******************************************************************************/
+
+
+/*******************************************************************************/
+
+/*
+ * Define the ResDef macro to simplify the maintenance of strings which are to
+ * be added to the library or application header file (dbtxxx.h). This enables
+ * source code to refer to the strings by theit TokenNames, and allows the
+ * strings to be stored in the database.
+ *
+ * Usage:   ResDef(TokenName,TokenValue,String)
+ *
+ * Example: ResDef(DBT_HelloWorld_, \
+ *                 1,"Hello, World!")
+ *          ResDef(DBT_TheCowJumpedOverTheMoon_, \
+ *                 2,"The cow jumped over the moon.")
+ *          ResDef(DBT_TheValueOfPiIsAbout31415926536_, \
+ *                 3,"The value of PI is about 3.1415926536."
+ *
+ * RESOURCE_STR is used by makstrdb.c only.  It is not used by getstrdb.c or
+ * in library or application source code.
+ */
+ 
+#if 0
+#define BEGIN_STR(argLibraryName) \
+                          enum {
+#define ResDef(argToken,argID,argString) \
+                          argToken = argID,
+#define END_STR(argLibraryName) \
+                          argLibraryName ## top };
+
+#endif
+/*******************************************************************************/
+
+#endif
diff --git a/include/ldaputil/cert.h b/include/ldaputil/cert.h
new file mode 100644
index 00000000..4dac8f05
--- /dev/null
+++ b/include/ldaputil/cert.h
@@ -0,0 +1,27 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef _LDAPU_CERT_H
+#define _LDAPU_CERT_H
+
+#ifndef NSAPI_PUBLIC
+#ifdef XP_WIN32
+#define NSAPI_PUBLIC __declspec(dllexport)
+#else
+#define NSAPI_PUBLIC 
+#endif
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+NSAPI_PUBLIC int ldapu_get_cert (void *SSLendpoint, void **cert);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _LDAPU_CERT_H */
diff --git a/include/ldaputil/certmap.h b/include/ldaputil/certmap.h
new file mode 100644
index 00000000..921cbd06
--- /dev/null
+++ b/include/ldaputil/certmap.h
@@ -0,0 +1,124 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef _LDAPU_CERTMAP_H
+#define _LDAPU_CERTMAP_H
+
+#ifndef INTLDAPU
+#define INTLDAPU
+#endif /* INTLDAPU */
+
+#include "extcmap.h"
+
+enum {
+    LDAPU_STR_FILTER_DEFAULT,
+    LDAPU_STR_FILTER_USER,
+    LDAPU_STR_FILTER_GROUP,
+    LDAPU_STR_FILTER_MEMBER,
+    LDAPU_STR_FILTER_MEMBER_RECURSE,
+    LDAPU_STR_ATTR_USER,
+    LDAPU_STR_ATTR_CERT,
+    LDAPU_STR_ATTR_CERT_NOSUBTYPE,
+    LDAPU_STR_MAX_INDEX
+};
+
+static char *ldapu_strings[] = {
+    "objectclass=*",		/* LDAPU_STR_DEFAULT */
+    "uid=%s",			/* LDAPU_STR_FILTER_USER */
+    "(& (cn=%s) (| (objectclass=groupofuniquenames) (objectclass=groupofnames)))", /* LDAPU_STR_FILTER_GROUP */
+    "(| (uniquemember=%s) (member=%s))",	/* LDAPU_STR_FILTER_MEMBER */
+    "(& %s (| (objectclass=groupofuniquenames) (objectclass=groupofnames))", /* LDAPU_STR_FILTER_MEMBER_RECURSE */
+    "uid",			/* LDAPU_STR_ATTR_USER */
+    "userCertificate;binary",	/* LDAPU_STR_ATTR_CERT */
+    "userCertificate"	/* LDAPU_STR_ATTR_CERT_NOSUBTYPE */
+};
+    
+typedef struct {
+    char *str;
+    int size;
+    int len;
+} LDAPUStr_t;
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+NSAPI_PUBLIC int ldapu_cert_to_ldap_entry (void *cert, LDAP *ld,
+					   const char *basedn,
+					   LDAPMessage **res);
+
+NSAPI_PUBLIC int ldapu_set_cert_mapfn (const char *issuerDN,
+				       CertMapFn_t mapfn);
+
+
+NSAPI_PUBLIC CertMapFn_t ldapu_get_cert_mapfn (const char *issuerDN);
+
+NSAPI_PUBLIC int ldapu_set_cert_searchfn (const char *issuerDN,
+					  CertSearchFn_t searchfn);
+
+
+NSAPI_PUBLIC CertSearchFn_t ldapu_get_cert_searchfn (const char *issuerDN);
+
+NSAPI_PUBLIC int ldapu_set_cert_verifyfn (const char *issuerDN,
+					  CertVerifyFn_t verifyFn);
+
+NSAPI_PUBLIC CertVerifyFn_t ldapu_get_cert_verifyfn (const char *issuerDN);
+
+
+NSAPI_PUBLIC int ldapu_get_cert_subject_dn (void *cert, char **subjectDN);
+
+
+NSAPI_PUBLIC int ldapu_get_cert_issuer_dn (void *cert, char **issuerDN);
+
+
+NSAPI_PUBLIC int ldapu_get_cert_ava_val (void *cert, int which_dn,
+					 const char *attr, char ***val);
+
+
+NSAPI_PUBLIC int ldapu_free_cert_ava_val (char **val);
+
+
+NSAPI_PUBLIC int ldapu_get_cert_der (void *cert, unsigned char **derCert,
+				     unsigned int *len);
+
+
+NSAPI_PUBLIC int ldapu_issuer_certinfo (const char *issuerDN,
+					void **certmap_info);
+
+
+NSAPI_PUBLIC int ldapu_certmap_info_attrval (void *certmap_info,
+					     const char *attr, char **val);
+
+
+NSAPI_PUBLIC char *ldapu_err2string (int err);
+
+/* Keep the old fn for backward compatibility */
+NSAPI_PUBLIC void ldapu_free_old (char *ptr);
+
+
+NSAPI_PUBLIC void *ldapu_malloc (int size);
+
+
+NSAPI_PUBLIC char *ldapu_strdup (const char *ptr);
+
+
+NSAPI_PUBLIC void *ldapu_realloc (void *ptr, int size);
+
+
+NSAPI_PUBLIC void ldapu_free (void *ptr);
+
+
+NSAPI_PUBLIC int ldapu_string_set (const int type, const char *filter);
+
+
+NSAPI_PUBLIC const char *ldapu_string_get (const int type);
+
+NSAPI_PUBLIC int ldaputil_exit ();
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _LDAPU_CERTMAP_H */
diff --git a/include/ldaputil/dbconf.h b/include/ldaputil/dbconf.h
new file mode 100644
index 00000000..3556c36e
--- /dev/null
+++ b/include/ldaputil/dbconf.h
@@ -0,0 +1,91 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef _LDAPU_DBCONF_H
+#define _LDAPU_DBCONF_H
+
+#include <stdio.h>
+
+#ifndef NSAPI_PUBLIC
+#ifdef XP_WIN32
+#define NSAPI_PUBLIC __declspec(dllexport)
+#else
+#define NSAPI_PUBLIC 
+#endif
+#endif
+
+typedef struct dbconf_propval {
+    char *prop;			    /* Property name */
+    char *val;			    /* Property value */
+    struct dbconf_propval *next;    /* Pointer to the next prop-val pair */
+} DBPropVal_t;
+
+typedef struct dbconf_dbinfo {
+    char *dbname;		/* Database name */
+    char *url;			/* Database URL */
+    DBPropVal_t *firstprop;	/* pointer to first property-value pair */
+    DBPropVal_t *lastprop;	/* pointer to last property-value pair */
+    struct dbconf_dbinfo *next;	/* pointer to next db info */
+} DBConfDBInfo_t;
+
+typedef struct {
+    DBConfDBInfo_t *firstdb;	/* pointer to first db info */
+    DBConfDBInfo_t *lastdb;	/* pointer to last db info */
+} DBConfInfo_t;
+
+#define DBCONF_DEFAULT_DBNAME "default"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+NSAPI_PUBLIC extern int dbconf_read_default_dbinfo (const char *file,
+						    DBConfDBInfo_t **db_info);
+NSAPI_PUBLIC extern int dbconf_read_config_file (const char *file,
+						 DBConfInfo_t **conf_info);
+
+NSAPI_PUBLIC extern int ldapu_dbinfo_attrval (DBConfDBInfo_t *db_info,
+					      const char *attr, char **val);
+
+NSAPI_PUBLIC extern void dbconf_free_confinfo (DBConfInfo_t *conf_info);
+NSAPI_PUBLIC extern void dbconf_free_dbinfo (DBConfDBInfo_t *db_info);
+
+extern void dbconf_free_propval (DBPropVal_t *propval);
+
+extern void dbconf_print_confinfo (DBConfInfo_t *conf_info);
+extern void dbconf_print_dbinfo (DBConfDBInfo_t *db_info);
+extern void dbconf_print_propval (DBPropVal_t *propval);
+
+
+NSAPI_PUBLIC int dbconf_output_db_directive (FILE *fp, const char *dbname,
+				       const char *url);
+
+NSAPI_PUBLIC int dbconf_output_propval (FILE *fp, const char *dbname,
+				  const char *prop, const char *val,
+				  const int encoded);
+
+/* Following functions are required by certmap.c file */
+extern int dbconf_read_config_file_sub (const char *file,
+					const char *directive,
+					const int directive_len,
+					DBConfInfo_t **conf_info_out);
+
+extern int dbconf_read_default_dbinfo_sub (const char *file,
+					   const char *directive,
+					   const int directive_len,
+					   DBConfDBInfo_t **db_info_out);
+
+NSAPI_PUBLIC int dbconf_get_dbnames (const char *dbmap, char ***dbnames, int *cnt);
+
+NSAPI_PUBLIC int dbconf_free_dbnames (char **dbnames);
+
+
+extern int ldapu_strcasecmp (const char *s1, const char *s2); 
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _LDAPU_DBCONF_H */
diff --git a/include/ldaputil/encode.h b/include/ldaputil/encode.h
new file mode 100644
index 00000000..6cc7729e
--- /dev/null
+++ b/include/ldaputil/encode.h
@@ -0,0 +1,29 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef _LDAPU_ENCODE_H
+#define _LDAPU_ENCODE_H
+
+#ifndef NSAPI_PUBLIC
+#ifdef XP_WIN32
+#define NSAPI_PUBLIC __declspec(dllexport)
+#else
+#define NSAPI_PUBLIC 
+#endif
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+NSAPI_PUBLIC extern char *dbconf_encodeval(const char *val);
+
+NSAPI_PUBLIC extern char *dbconf_decodeval (const char *val);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _LDAPU_ENCODE_H */
diff --git a/include/ldaputil/errors.h b/include/ldaputil/errors.h
new file mode 100644
index 00000000..de6f893d
--- /dev/null
+++ b/include/ldaputil/errors.h
@@ -0,0 +1,108 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef _LDAPU_ERRORS_H
+#define _LDAPU_ERRORS_H
+
+#ifndef NSAPI_PUBLIC
+#ifdef XP_WIN32
+#define NSAPI_PUBLIC __declspec(dllexport)
+#else
+#define NSAPI_PUBLIC 
+#endif
+#endif
+
+#ifdef DBG_PRINT
+#include <stdio.h>
+#define DBG_PRINT1(x) fprintf(stderr, x)
+#define DBG_PRINT2(x,y) fprintf(stderr, x, y)
+#define DBG_PRINT3(x,y,z) fprintf(stderr, x, y, z)
+#define DBG_PRINT4(x,y,z,a) fprintf(stderr, x, y, z, a)
+#else
+#define DBG_PRINT1(x) 
+#define DBG_PRINT2(x,y) 
+#define DBG_PRINT3(x,y,z) 
+#define DBG_PRINT4(x,y,z,a) 
+#endif
+
+/* Common error codes */
+#define LDAPU_ERR_NOT_IMPLEMENTED	     -1000
+#define LDAPU_ERR_INTERNAL		     -1001
+/* #define LDAPU_SUCCESS	0 */	    /* defined in extcmap.h */
+/* #define LDAPU_FAILED		-1 */	    /* defined in extcmap.h */
+/* #define LDAPU_CERT_MAP_FUNCTION_FAILED    -2 *//* defined in extcmap.h */
+/* #define LDAPU_CERT_VERIFY_FUNCTION_FAILED -3 *//* defined in extcmap.h */
+/* #define LDAPU_CERT_VERIFY_FUNCTION_FAILED -4 *//* defined in extcmap.h */
+/* #define LDAPU_CERT_MAP_INITFN_FAILED      -5 *//* defined in extcmap.h */
+
+/* Error codes returned by ldapdb.c */
+#define LDAPU_ERR_OUT_OF_MEMORY		     -110
+#define LDAPU_ERR_URL_INVALID_PREFIX	     -112
+#define LDAPU_ERR_URL_NO_BASEDN		     -113
+#define LDAPU_ERR_URL_PARSE_FAILED	     -114
+    
+#define LDAPU_ERR_LDAP_INIT_FAILED	     -120
+#define LDAPU_ERR_LCACHE_INIT_FAILED	     -121 
+#define LDAPU_ERR_LDAP_SET_OPTION_FAILED     -122 
+#define LDAPU_ERR_NO_DEFAULT_CERTDB          -123
+
+/* Errors returned by dbconf.c */
+#define LDAPU_ERR_CANNOT_OPEN_FILE	     -141
+#define LDAPU_ERR_DBNAME_IS_MISSING	     -142
+#define LDAPU_ERR_PROP_IS_MISSING	     -143
+#define LDAPU_ERR_DIRECTIVE_IS_MISSING	     -145
+#define LDAPU_ERR_NOT_PROPVAL		     -146
+#define LDAPU_ATTR_NOT_FOUND		     -147
+
+/* Error codes returned by certmap.c */
+#define LDAPU_ERR_NO_ISSUERDN_IN_CERT	     -181
+#define LDAPU_ERR_NO_ISSUERDN_IN_CONFIG_FILE -182
+#define LDAPU_ERR_CERTMAP_INFO_MISSING	     -183
+#define LDAPU_ERR_MALFORMED_SUBJECT_DN	     -184
+#define LDAPU_ERR_MAPPED_ENTRY_NOT_FOUND     -185
+#define LDAPU_ERR_UNABLE_TO_LOAD_PLUGIN	     -186
+#define LDAPU_ERR_MISSING_INIT_FN_IN_LIB     -187
+#define LDAPU_ERR_MISSING_INIT_FN_IN_CONFIG  -188
+#define LDAPU_ERR_CERT_VERIFY_FAILED	     -189
+#define LDAPU_ERR_CERT_VERIFY_NO_CERTS	     -190
+#define LDAPU_ERR_MISSING_LIBNAME	     -191
+#define LDAPU_ERR_MISSING_INIT_FN_NAME	     -192
+
+#define LDAPU_ERR_EMPTY_LDAP_RESULT	     -193
+#define LDAPU_ERR_MULTIPLE_MATCHES	     -194
+#define LDAPU_ERR_MISSING_RES_ENTRY	     -195
+#define LDAPU_ERR_MISSING_UID_ATTR	     -196
+#define LDAPU_ERR_WRONG_ARGS		     -197
+#define LDAPU_ERR_RENAME_FILE_FAILED	     -198
+
+#define LDAPU_ERR_MISSING_VERIFYCERT_VAL     -199
+#define LDAPU_ERR_CANAME_IS_MISSING	     -200
+#define LDAPU_ERR_CAPROP_IS_MISSING	     -201
+#define LDAPU_ERR_UNKNOWN_CERT_ATTR	     -202
+#define LDAPU_ERR_INVALID_ARGUMENT	     -203
+#define LDAPU_ERR_INVALID_SUFFIX	     -204
+
+/* Error codes returned by cert.c */
+#define LDAPU_ERR_EXTRACT_SUBJECTDN_FAILED  -300
+#define LDAPU_ERR_EXTRACT_ISSUERDN_FAILED   -301
+#define LDAPU_ERR_EXTRACT_DERCERT_FAILED    -302
+
+/* Error codes returned by ldapauth.c */
+#define LDAPU_ERR_CIRCULAR_GROUPS	    -400
+#define LDAPU_ERR_INVALID_STRING	    -401
+#define LDAPU_ERR_INVALID_STRING_INDEX	    -402
+#define LDAPU_ERR_MISSING_ATTR_VAL	    -403
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+    /* NSAPI_PUBLIC extern char *ldapu_err2string(int err); */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LDAPUTIL_LDAPU_H */
diff --git a/include/ldaputil/extcmap.h b/include/ldaputil/extcmap.h
new file mode 100644
index 00000000..fde6a4b3
--- /dev/null
+++ b/include/ldaputil/extcmap.h
@@ -0,0 +1,634 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef _PUBLIC_CERTMAP_H
+#define _PUBLIC_CERTMAP_H
+
+#include <ldap.h>
+
+#ifndef NSAPI_PUBLIC
+#if defined( _WINDOWS ) || defined( _WIN32 ) || defined( XP_WIN32 )
+#define NSAPI_PUBLIC __declspec(dllexport)
+#else
+#define NSAPI_PUBLIC 
+#endif
+#endif
+
+
+#define LDAPU_ATTR_INITFN		"InitFn"
+#define LDAPU_ATTR_LIBRARY		"library"
+#define LDAPU_ATTR_DNCOMPS		"DNComps"
+#define LDAPU_ATTR_FILTERCOMPS		"FilterComps"
+#define LDAPU_ATTR_VERIFYCERT 		"VerifyCert"
+#define LDAPU_ATTR_CERTMAP_LDAP_ATTR 	"CmapLdapAttr"
+
+/* Error/Success codes */
+#define LDAPU_SUCCESS			   0
+#define LDAPU_FAILED			  -1
+#define LDAPU_CERT_MAP_FUNCTION_FAILED    -2
+#define LDAPU_CERT_SEARCH_FUNCTION_FAILED -3
+#define LDAPU_CERT_VERIFY_FUNCTION_FAILED -4
+#define LDAPU_CERT_MAP_INITFN_FAILED      -5
+
+
+/*
+ * CertMapFn_t -
+ *  This is a typedef for cert mapping function.  The mapping function is
+ *  called by the function ldapu_cert_to_ldap_entry.
+ * Parameters:
+ *  cert         -  cert to be mapped.  You can pass this to
+ *		    functions ldapu_get_cert_XYZ.
+ *  ld		 -  Handle to the connection to the directory server.
+ *  certmap_info -  This structure contains information about the 
+ *		    configuration parameters for the cert's issuer (CA).
+ *		    This structure can be passed to the function
+ *		    ldapu_certmap_info_attrval to get value for a particular
+ *		    configuration attribute (or a property).
+ *  ldapdn	 -  The mapping function should allocate memory for ldapdn
+ *		    using malloc and set this variable using the 'cert' and
+ *		    'certmap_info'.  This DN will be used for ldap lookup.
+ *  filter	 -  The mapping function should allocate memory for filter
+ *		    using malloc and set this variable using the 'cert' and
+ *		    'certmap_info'.  This will be used as ldap filter for ldap
+ *		    lookup of the ldapdn.
+ *
+ * Return Value:
+ *  return LDAPU_SUCCESS upon successful completion (cert is mapped)
+ *  return LDAPU_FAILED there is no unexpected error but cert could not
+ *		    mapped (probably because ldap entry doesn't exist).
+ *  otherwise return LDAPU_CERT_MAP_FUNCTION_FAILED.
+ */
+typedef int (*CertMapFn_t)(void *cert, LDAP *ld, void *certmap_info,
+			   char **ldapdn, char **filter);
+
+
+/*
+ * CertSearchFn_t -
+ *  This is a typedef for cert search function.  The search function is
+ *  called by the function ldapu_cert_to_ldap_entry after calling the mapping
+ *  function.  The candidate 'dn' and 'filter' returned by the mapping
+ *  function is passed to this function.
+ *  The default search function works as follows:
+ *	1.  If the 'filter' is NULL, default it to 'objectclass=*'.
+ *	2.  If the 'dn' is non-NULL, do a base level search with the 'dn' and
+ *	    'filter'.  If it succeeds, we are done.  If there is no serious
+ *	    error (LDAP_NO_SUCH_OBJECT is not serious error yet), continue.
+ *	3.  If the 'dn' is NULL, default it to 'basedn'.
+ *	4.  Perform a 'subtree' search in LDAP for the 'dn' and the 'filter'.
+ *	5.  Return the results of the last search.
+ * Parameters:
+ *  cert         -  cert to be mapped.  You can pass this to
+ *		    functions ldapu_get_cert_XYZ.
+ *  ld		 -  Handle to the connection to the directory server.
+ *  certmap_info -  This structure contains information about the 
+ *		    configuration parameters for the cert's issuer (CA).
+ *		    This structure can be passed to the function
+ *		    ldapu_certmap_info_attrval to get value for a particular
+ *		    configuration attribute (or a property).
+ *  suffix	 -  If the ldapdn is empty then use this DN to begin the
+ *		    search.  This is the DN of the root object in LDAP
+ *		    Directory.
+ *  ldapdn	 -  candidate 'dn' returned by the mapping function.
+ *  filter	 -  returned by the mapping function.
+ *  attrs	 -  list of attributes to return from the search.  If this is
+ *		    NULL, all attributes are returned.
+ *  res		 -  result of the search which is passed to the verify
+ *		    function.
+ *
+ * Return Value:
+ *  return LDAPU_SUCCESS upon successful completion
+ *  return LDAPU_FAILED there is no unexpected error but entries matching the
+ *  'dn' and 'filter' doesn't exist.
+ *  otherwise return LDAPU_CERT_SEARCH_FUNCTION_FAILED.
+ */
+typedef int (*CertSearchFn_t)(void *cert, LDAP *ld, void *certmap_info,
+			      const char *suffix, const char *ldapdn,
+			      const char *filter, const char **attrs,
+			      LDAPMessage ***res);
+
+
+/*
+ * CertVerifyFn_t -
+ *  This is a typedef for cert verify function.  The verify function is
+ *  called by the function ldapu_cert_to_ldap_entry after the cert is
+ *  successfully mapped to ldapdn and filter, and an entry matching that
+ *  exists in the directory server.   The verify fn may get called for
+ *  multiple matched entries.  This function must go through all the entries
+ *  and check which one is appropriate.  The pointer to that entry must be
+ *  passed back in the 'LDAPMessage **entry' parameter.
+ * Parameters:
+ *  cert	 -  Original cert to be mapped.  You can pass this to
+ *		    functions ldapu_get_cert_XYZ.
+ *  ld		 -  Handle to the connection to the directory server.
+ *  certmap_info -  This structure contains information about the 
+ *		    configuration parameters for the cert's issuer (CA).
+ *		    This structure can be passed to the function
+ *		    ldapu_certmap_info_attrval to get value for a particular
+ *		    configuration attribute (or a property).
+ *  res		 -  cert is first mapped to ldapdn and filter.  'res' is the
+ *		    result of ldap search using the ldapdn and filter.
+ *		    'ld' and 'res' can be used in the calls to ldapsdk API.
+ *  entry	 -  pointer to the entry from 'res' which is the correct match
+ *		    according to the verify function.
+ *		    
+ * Return Values:
+ *  return LDAPU_SUCCESS upon successful completion (cert is verified)
+ *  return LDAPU_FAILED there is no unexpected error but cert could not
+ *			verified (probably because it was revoked).
+ *  otherwise return LDAPU_CERT_VERIFY_FUNCTION_FAILED.
+ */
+typedef int (*CertVerifyFn_t)(void *cert, LDAP *ld, void *certmap_info,
+			      LDAPMessage *res, LDAPMessage **entry);
+
+
+
+/*
+ * CertmapInitFn_t -
+ *  This is a typedef for user defined init function.  An init function can be
+ *  specified in the config file (<ServerRoot>/userdb/certmap.conf) per issuer
+ *  of a certificate.  This init function must from the user's library, also
+ *  loaded from the config file using the 'library' property.  The init
+ *  function is specified in the config file using the 'InitFn' property.
+ *  When the config file is loaded, any user defined init functions will be
+ *  called with the certmap_info pertaining to the issuer (CA).
+ * Parameters:
+ *  certmap_info -  This structure contains information about the 
+ *		    configuration parameters for the cert's issuer (CA).
+ *		    This structure can be passed to the function
+ *		    ldapu_certmap_info_attrval to get value for a particular
+ *		    configuration attribute (or a property).
+ * 
+ * Return Value:
+ *  return LDAPU_SUCCESS upon successful completion
+ *  otherwise return LDAPU_CERT_MAP_INITFN_FAILED.  The server startup will be
+ *  aborted if the return value is not LDAPU_SUCCESS.
+ */
+typedef int (*CertMapInitFn_t)(void *certmap_info, const char *issuerName,
+			       const char *issuerDN, const char *libname);
+
+/*
+ * Refer to the description of the function ldapu_get_cert_ava_val
+ */
+enum {
+    LDAPU_SUBJECT_DN,
+    LDAPU_ISSUER_DN
+};
+
+/* ldapu_cert_to_ldap_entry */
+typedef int (*t_ldapu_cert_to_ldap_entry)(void *cert, LDAP *ld,
+					  const char *suffix,
+					  LDAPMessage **res);
+
+/* ldapu_set_cert_mapfn */
+typedef int (*t_ldapu_set_cert_mapfn)(const char *issuerDN,
+				      CertMapFn_t mapfn);
+
+/* ldapu_get_cert_mapfn */
+typedef CertMapFn_t (*t_ldapu_get_cert_mapfn) (const char *issuerDN);
+
+/* ldapu_set_cert_searchfn */
+typedef int (*t_ldapu_set_cert_searchfn) (const char *issuerDN,
+					  CertSearchFn_t searchfn);
+
+/* ldapu_get_cert_searchfn */
+typedef CertSearchFn_t (*t_ldapu_get_cert_searchfn) (const char *issuerDN);
+
+/* ldapu_set_cert_verifyfn */
+typedef int (*t_ldapu_set_cert_verifyfn) (const char *issuerDN,
+					  CertVerifyFn_t verifyFn);
+
+/* ldapu_get_cert_verifyfn */
+typedef CertVerifyFn_t (*t_ldapu_get_cert_verifyfn) (const char *issuerDN);
+
+/* ldapu_get_cert_subject_dn */
+typedef int (*t_ldapu_get_cert_subject_dn) (void *cert, char **subjectDN);
+
+/* ldapu_get_cert_issuer_dn */
+typedef int (*t_ldapu_get_cert_issuer_dn) (void *cert, char **issuerDN);
+
+/* ldapu_get_cert_ava_val */
+typedef int (*t_ldapu_get_cert_ava_val) (void *cert, int which_dn,
+					 const char *attr, char ***val);
+
+/* ldapu_free_cert_ava_val */
+typedef int (*t_ldapu_free_cert_ava_val) (char **val);
+
+/* ldapu_get_cert_der */
+typedef int (*t_ldapu_get_cert_der) (void *cert, unsigned char **derCert,
+				     unsigned int *len);
+
+/* ldapu_issuer_certinfo */
+typedef int (*t_ldapu_issuer_certinfo) (const char *issuerDN,
+					void **certmap_info);
+
+/* ldapu_certmap_info_attrval */
+typedef int (*t_ldapu_certmap_info_attrval) (void *certmap_info,
+					     const char *attr, char **val);
+
+/* ldapu_err2string */
+typedef char * (*t_ldapu_err2string) (int err);
+
+/* ldapu_free */
+typedef void (*t_ldapu_free_old) (char *ptr);
+typedef void (*t_ldapu_free) (void *ptr);
+
+/* ldapu_malloc */
+typedef void *(*t_ldapu_malloc) (int size);
+
+/* ldapu_strdup */
+typedef char *(*t_ldapu_strdup) (const char *ptr);
+
+
+typedef struct LDAPUDispatchVector LDAPUDispatchVector_t;
+struct LDAPUDispatchVector {
+    t_ldapu_cert_to_ldap_entry      f_ldapu_cert_to_ldap_entry;
+    t_ldapu_set_cert_mapfn	    f_ldapu_set_cert_mapfn;
+    t_ldapu_get_cert_mapfn	    f_ldapu_get_cert_mapfn;
+    t_ldapu_set_cert_searchfn	    f_ldapu_set_cert_searchfn;
+    t_ldapu_get_cert_searchfn	    f_ldapu_get_cert_searchfn;
+    t_ldapu_set_cert_verifyfn	    f_ldapu_set_cert_verifyfn;
+    t_ldapu_get_cert_verifyfn	    f_ldapu_get_cert_verifyfn;
+    t_ldapu_get_cert_subject_dn     f_ldapu_get_cert_subject_dn;
+    t_ldapu_get_cert_issuer_dn	    f_ldapu_get_cert_issuer_dn;
+    t_ldapu_get_cert_ava_val	    f_ldapu_get_cert_ava_val;
+    t_ldapu_free_cert_ava_val	    f_ldapu_free_cert_ava_val;
+    t_ldapu_get_cert_der	    f_ldapu_get_cert_der;
+    t_ldapu_issuer_certinfo	    f_ldapu_issuer_certinfo;
+    t_ldapu_certmap_info_attrval    f_ldapu_certmap_info_attrval;
+    t_ldapu_err2string		    f_ldapu_err2string;
+    t_ldapu_free_old		    f_ldapu_free_old;
+    t_ldapu_malloc		    f_ldapu_malloc;
+    t_ldapu_strdup		    f_ldapu_strdup;
+    t_ldapu_free		    f_ldapu_free;
+};
+
+
+#ifdef INTLDAPU
+NSAPI_PUBLIC extern LDAPUDispatchVector_t *__ldapu_table;
+#else
+typedef int (*CertMapDLLInitFn_t)(LDAPUDispatchVector_t **table);
+
+NSAPI_PUBLIC extern int CertMapDLLInitFn(LDAPUDispatchVector_t **table);
+
+extern LDAPUDispatchVector_t *__ldapu_table;
+
+#if defined( _WINDOWS ) || defined( _WIN32 ) || defined( XP_WIN32 )
+#define CertmapDLLInitFnTbl LDAPUDispatchVector_t *__ldapu_table;
+#define CertmapDLLInit(rv, libname) \
+{\
+	HANDLE h = LoadLibrary((libname)); \
+	CertMapDLLInitFn_t init_fn; \
+	if (!h) return LDAPU_CERT_MAP_INITFN_FAILED; \
+	init_fn = (CertMapDLLInitFn_t)GetProcAddress(h, "CertMapDLLInitFn"); \
+	rv = init_fn(&__ldapu_table); \
+}
+#else
+#define CertmapDLLInit(rv, libname)
+#define CertmapDLLInitFnTbl
+#endif
+
+#endif /* INTLDAPU */
+
+#ifndef INTLDAPU
+
+/*
+ * ldapu_cert_to_ldap_entry -
+ *  This function is called to map a cert to an ldap entry.  It extracts the
+ *  cert issuer information from the given cert.  The mapping function set for
+ *  the issuer (if any) or the default mapping function is called to map the
+ *  subject DN from the cert to a candidate ldap DN and filter for ldap
+ *  search.  If the mapped ldap DN is NULL, the 'basedn' passed into this
+ *  function is used as a starting place for the search.  If the mapped filter
+ *  is NULL, "objectclass=*" is used as a filter.  A base level search is
+ *  performed to see if the candidate DN exists in the LDAP database matching
+ *  the filter.  If there is no match, a scoped search (sub-tree search) is
+ *  performed.  If at least one entry matched the mapped DN and filter, the
+ *  result is passed to the appropriate verify function.  The verify function
+ *  is called only if 'VerifyCert' parameter has been set for the cert issuer
+ *  in the certmap.conf file.
+ *  If the verify function succeeds, it must return the pointer to the matched
+ *  'entry'.  If at the end, there is only one matching entry, the mapping is
+ *  successful.
+ * Parameters:
+ *  cert         -  cert to be mapped.  You can pass this to
+ *		    functions ldapu_get_cert_XYZ.
+ *  ld		 -  Handle to the connection to the directory server.
+ *  suffix	 -  If the subject dn is mapped to empty LDAP DN then use this
+ *		    DN to begin the search.  This is the DN of the root object
+ *		    in LDAP Directory.
+ *  res		 -  cert is first mapped to ldapdn and filter.  'res' is the
+ *		    result of ldap search using the ldapdn and filter.
+ *		    'ld' and 'res' can be used in the calls to ldapsdk API.
+ *		    When done with 'res', free it using ldap_msgfree(res)
+ * 
+ * Return Value:
+ *  return LDAPU_SUCCESS upon successful completion
+ *  otherwise returns an error code that can be passed to ldapu_err2string.
+ */
+#define ldapu_cert_to_ldap_entry (*__ldapu_table->f_ldapu_cert_to_ldap_entry)
+
+/*
+ * ldapu_set_cert_mapfn -
+ *  This function can be used to set the cert mapping function for the given
+ *  issuer (CA).  If the mapping information doesn't exist for the given
+ *  issuer then a new one will be created and the mapping function will be
+ *  set.  When creating the new mapping information, the default mapping
+ *  information is copied.
+ * Parameters:
+ *  issuerDN	 -  DN of the cert issuer.  This mapping function will be used
+ *		    for all certs issued by this issuer.  If the issuerDN is
+ *		    NULL, the given 'mapfn' becomes the default mapping
+ *		    function (which is used when no mapping function has been
+ *		    set for the cert's issuer).
+ *  mapfn	 -  the mapping function.  Look at the desciption of
+ *		    CertMapFn_t to find out more about the mapping functions.
+ *
+ * Return Value:
+ *  return LDAPU_SUCCESS upon successful completion
+ *  otherwise returns an error code that can be passed to ldapu_err2string.
+ */
+#define ldapu_set_cert_mapfn (*__ldapu_table->f_ldapu_set_cert_mapfn)
+
+
+/*
+ * ldapu_get_cert_mapfn -
+ *  This function can be used to get the cert mapping function for the given
+ *  issuer (CA).  This will always return a non-NULL function.
+ * Parameters:
+ *  issuerDN	 -  DN of the cert issuer for which the mapping function is to
+ *		    be retrieved.  If this is NULL, default mapping function
+ *		    is returned.
+ *
+ * Return Value:
+ *  The mapping function set for the issuer is returned.  If the issuerDN is
+ *  NULL or if no specific mapping function has been set for the issuer, the
+ *  default mapping function is returned.
+ */
+#define ldapu_get_cert_mapfn (*__ldapu_table->f_ldapu_get_cert_mapfn)
+
+/*
+ * ldapu_set_cert_searchfn -
+ *  This function can be used to set the cert search function for the given
+ *  issuer (CA).
+ * Parameters:
+ *  issuerDN	 -  DN of the cert issuer.  This search function will be used
+ *		    for all certs issued by this issuer.  If the issuerDN is
+ *		    NULL, the given 'searchfn' becomes the default search
+ *		    function (which is used when no search function has been
+ *		    set for the cert's issuer).
+ *  searchfn	 -  the search function.  Look at the desciption of
+ *		    CertSearchFn_t to find out more about the search functions.
+ *
+ * Return Value:
+ *  return LDAPU_SUCCESS upon successful completion
+ *  otherwise returns an error code that can be passed to ldapu_err2string.
+ */
+#define ldapu_set_cert_searchfn (*__ldapu_table->f_ldapu_set_cert_searchfn)
+
+
+/*
+ * ldapu_get_cert_searchfn -
+ *  This function can be used to get the cert search function for the given
+ *  issuer (CA).  This will always return a non-NULL function.
+ * Parameters:
+ *  issuerDN	 -  DN of the cert issuer for which the search function is to
+ *		    be retrieved.  If this is NULL, the default search
+ *		    function is returned.
+ *
+ * Return Value:
+ *  The search function set for the issuer is returned.  If the issuerDN is
+ *  NULL or if no specific search function has been set for the issuer, the
+ *  default search function is returned.
+ */
+#define ldapu_get_cert_searchfn (*__ldapu_table->f_ldapu_get_cert_searchfn)
+
+/*
+ * ldapu_set_cert_verifyfn -
+ *  This function can be used to set the cert verify function for the given
+ *  issuer (CA).  If the mapping information doesn't exist for the given
+ *  issuer then a new one will be created and the verify function will be
+ *  set.  When creating the new mapping information, the default mapping
+ *  information is copied.
+ * Parameters:
+ *  issuerDN	 -  DN of the cert issuer.  This verify function will be used
+ *		    for all certs issued by this issuer.  If the issuerDN is
+ *		    NULL, the given 'verifyFn' becomes the default verify
+ *		    function (which is used when no verify function has been
+ *		    set for the cert's issuer).
+ *  verifyFn	 -  the verify function.  Look at the desciption of
+ *		    CertMapFn_t to find out more about the verify functions.
+ *
+ * Return Value:
+ *  return LDAPU_SUCCESS upon successful completion
+ *  otherwise returns an error code that can be passed to ldapu_err2string.
+ */
+#define ldapu_set_cert_verifyfn (*__ldapu_table->f_ldapu_set_cert_verifyfn)
+
+/*
+ * ldapu_get_cert_verifyfn -
+ *  This function can be used to get the cert verify function for the given
+ *  issuer (CA).  This function can return NULL when there is no applicable
+ *  verify function.
+ * Parameters:
+ *  issuerDN	 -  DN of the cert issuer for which the verify function is to
+ *		    be retrieved.  If this is NULL, default verify function
+ *		    is returned.
+ *
+ * Return Value:
+ *  The verify function set for the issuer is returned.  If the issuerDN is
+ *  NULL or if no specific verify function has been set for the issuer, the
+ *  default verify function is returned.  This function can return NULL when
+ *  there is no applicable verify function.
+ */
+#define ldapu_get_cert_verifyfn (*__ldapu_table->f_ldapu_get_cert_verifyfn)
+
+
+/*
+ * ldapu_get_cert_subject_dn -
+ *  This function can be used to get the subject DN from the cert.  Free the
+ *  subjectDN using 'free' after you are done using it.
+ * Parameters:
+ *  cert	 -  cert from which the DN is to be extracted.
+ *  subjectDN	 -  subjectDN extracted from the cert.  Free it using 'free'
+ *		    after it is no longer required.
+ *
+ * Return Value:
+ *  return LDAPU_SUCCESS upon successful completion
+ *  otherwise returns an error code that can be passed to ldapu_err2string.
+ */
+#define ldapu_get_cert_subject_dn (*__ldapu_table->f_ldapu_get_cert_subject_dn)
+
+
+/*
+ * ldapu_get_cert_issuer_dn -
+ *  This function can be used to get the issuer DN from the cert.  Free the
+ *  issuerDN using 'free' after you are done using it.
+ * Parameters:
+ *  cert	 -  cert from which the DN is to be extracted.
+ *  issuerDN	 -  issuerDN extracted from the cert.  Free it using 'free'
+ *		    after it is no longer required.
+ *
+ * Return Value:
+ *  return LDAPU_SUCCESS upon successful completion
+ *  otherwise returns an error code that can be passed to ldapu_err2string.
+ */
+#define ldapu_get_cert_issuer_dn (*__ldapu_table->f_ldapu_get_cert_issuer_dn)
+
+
+/*
+ * ldapu_get_cert_ava_val -
+ *  This function can be used to get value of the given attribute from either
+ *  the subject DN or the issuer DN from the cert.
+ * Parameters:
+ *  cert	 -  cert from which the values are to be extracted.
+ *  which_dn	 -  Should be either LDAPU_ISSUER_DN or LDAPU_SUBJECT_DN.
+ *  attr	 -  Should be one of "CN", "OU", "O", "C", "UID", "MAIL",
+ *		    "E", "L", and "ST".
+ *  val		 -  An array of attribute values extracted from the cert.
+ *		    There could be multiple values.  The last entry in the
+ *		    array is NULL.  You must free this array of strings after
+ *		    you are done with it (using the function
+ *		    ldapu_free_cert_ava_val).  'val' is initialized to NULL if
+ *		    there is an error.
+ *
+ * Return Value:
+ *  return LDAPU_SUCCESS upon successful completion
+ *  otherwise returns an error code that can be passed to ldapu_err2string.
+ */
+#define ldapu_get_cert_ava_val (*__ldapu_table->f_ldapu_get_cert_ava_val)
+
+
+/*
+ * ldapu_free_cert_ava_val -
+ *  This function can be used to free the array returned by the
+ *  ldapu_get_cert_ava_val function.
+ * Parameters:
+ *  val		 -  An array of attribute values returned by
+ *		    ldapu_get_cert_ava_val. 
+ *
+ * Return Value:
+ *  return LDAPU_SUCCESS upon successful completion
+ *  otherwise returns an error code that can be passed to ldapu_err2string.
+ */
+#define ldapu_free_cert_ava_val (*__ldapu_table->f_ldapu_free_cert_ava_val)
+
+
+/*
+ * ldapu_get_cert_der -
+ *  This function can be used to get the original DER encoded cert for the
+ *  given cert.
+ * Parameters:
+ *  cert	 -  cert from which the original DER is to be extracted.
+ *  derCert	 -  the original DER encoded cert
+ *  len		 -  length of derCert
+ *
+ * Return Value:
+ *  return LDAPU_SUCCESS upon successful completion
+ *  otherwise returns an error code that can be passed to ldapu_err2string.
+ */
+#define ldapu_get_cert_der (*__ldapu_table->f_ldapu_get_cert_der)
+
+
+/*
+ * ldapu_issuer_certinfo -
+ *  This function can be used to get the handle on the internal structure for
+ *  the given issuer.  This handle can be passed to ldapu_certmap_info_attrval
+ *  to get configuration attribute values for the issuer.
+ * Parameters:
+ *  issuerDN	 -  DN of the issuer for whom the handle on internal structure
+ *		    is requested.  If issuerDN is NULL, the handle to the
+ *		    default configuration information is returned.
+ *  certmap_info -  This structure contains information about the 
+ *		    configuration parameters for the cert's issuer (CA).
+ *		    This structure can be passed to the function
+ *		    ldapu_certmap_info_attrval to get value for a particular
+ *		    configuration attribute (or a property).
+ *
+ * Return Value:
+ *  return LDAPU_SUCCESS upon successful completion
+ *  otherwise returns an error code that can be passed to ldapu_err2string.
+ *  CAUTION: DON'T FREE THE 'certmap_info' STRUCTURE.
+ */
+#define ldapu_issuer_certinfo (*__ldapu_table->f_ldapu_issuer_certinfo)
+
+
+/*
+ * ldapu_certmap_info_attrval -
+ *  This function can be used to get values for the given attribute/property
+ *  from the given certmap_info.  You can get handle on the certmap_info by
+ *  calling the ldapu_issuer_certinfo function.  Free the 'val' using 'free'
+ *  after it is no longer required.
+ * Parameters:
+ *  certmap_info -  This structure contains information about the 
+ *		    configuration parameters for the cert's issuer (CA).
+ *  attr	 -  name of the attribute/property for which the value is to
+ *		    be returned.  The attribute can be one of the attributes
+ *		    listed above (LDAPU_ATTR_XYZ).  User defined attributes
+ *		    can also be used.
+ *  val		 -  Value of the 'attr' from the 'certmap_info'.
+ *
+ * Return Value:
+ *  return LDAPU_SUCCESS upon successful completion
+ *  otherwise returns an error code that can be passed to ldapu_err2string.
+ */
+#define ldapu_certmap_info_attrval (*__ldapu_table->f_ldapu_certmap_info_attrval)
+
+
+/*
+ * ldapu_err2string -
+ *  This function can be used to print any of the ldaputil or LDAP error
+ *  code.
+ * Parameters:
+ *  err		 -  error code to be converted to printable string.
+ *
+ * Return Value:
+ *  Printable representation of the given error code.
+ */
+#define ldapu_err2string (*__ldapu_table->f_ldapu_err2string)
+
+/*
+ * ldapu_free -
+ *  This function should be used to free the memory allocated by
+ *  ldapu_* functions if the ldapu_* function doesn't have a corresponding
+ *  'free' function.  Use this function for free'ing the memory allocated by
+ *  the following functions:
+ *	ldapu_get_cert_subject_dn
+ *	ldapu_get_cert_issuer_dn
+ *	ldapu_get_cert_der
+ *	ldapu_certmap_info_attrval
+ *  To free memory allocated by ldapu_get_cert_ava_val, use
+ *  ldapu_free_cert_ava_val.  Do not free the certmap_info pointer returned by
+ *  ldapu_issuer_certinfo.
+ * Parameters:
+ *  ptr		 -  pointer returned by ldapu_get_cert_* functions.
+ */
+#define ldapu_free (*__ldapu_table->f_ldapu_free)
+
+/*
+ * ldapu_malloc -
+ *  This function is a cover function for the 'malloc' system call.  On NT, it
+ *  is best to alloc & free the memory in the same DLL.
+ * Parameters:
+ *  size	 -  size of the memory to be allocated
+ * Return Value:
+ *  same as 'malloc' -- pointer to the allocated memory or NULL on failure.
+ */
+#define ldapu_malloc (*__ldapu_table->f_ldapu_malloc)
+
+/*
+ * ldapu_strdup -
+ *  This function is a cover function for the 'strdup' system call.  On NT, it
+ *  is best to alloc & free the memory in the same DLL.
+ * Parameters:
+ *  ptr		 -  Pointer to the string to be copied
+ * Return Value:
+ *  same as 'strdup' -- pointer to the copied string or NULL on failure.
+ */
+#define ldapu_strdup (*__ldapu_table->f_ldapu_strdup)
+
+
+#endif /* !INTLDAPU */
+
+#endif /* _PUBLIC_CERTMAP_H */
diff --git a/include/ldaputil/init.h b/include/ldaputil/init.h
new file mode 100644
index 00000000..e983787b
--- /dev/null
+++ b/include/ldaputil/init.h
@@ -0,0 +1,23 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef _LDAPU_INIT_H
+#define _LDAPU_INIT_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+NSAPI_PUBLIC extern int ldaputil_init (const char *config_file,
+				       const char *dllname,
+				       const char *serv_root,
+				       const char *serv_type,
+				       const char *serv_id);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _LDAPU_INIT_H */
diff --git a/include/ldaputil/ldapauth.h b/include/ldaputil/ldapauth.h
new file mode 100644
index 00000000..d4d96bfc
--- /dev/null
+++ b/include/ldaputil/ldapauth.h
@@ -0,0 +1,94 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef LDAPU_AUTH_H
+#define LDAPU_AUTH_H
+
+#include <ldap.h>
+
+#ifndef NSAPI_PUBLIC
+#ifdef XP_WIN32
+#define NSAPI_PUBLIC __declspec(dllexport)
+#else
+#define NSAPI_PUBLIC 
+#endif
+#endif
+
+typedef int (*LDAPU_GroupCmpFn_t)(const void *groupids, const char *group,
+				  const int len);
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern int ldapu_find (LDAP *ld, const char *base, int scope,
+		       const char *filter, const char **attrs,
+		       int attrsonly, LDAPMessage **res);
+
+int ldapu_find_entire_tree (LDAP *ld, int scope,
+			    const char *filter, const char **attrs,
+			    int attrsonly, LDAPMessage ***res);
+
+extern int ldapu_auth_userdn_groupdn (LDAP *ld, const char *userdn,
+				      const char *groupdn,
+				      const char *base);
+
+extern int ldapu_auth_uid_groupdn (LDAP *ld, const char *uid,
+				   const char *groupdn, const char *base);
+
+extern int ldapu_auth_uid_groupid (LDAP *ld, const char *uid,
+				   const char *groupid, const char *base);
+
+extern int ldapu_auth_userdn_groupid (LDAP *ld,
+				      const char *userdn, const char *groupid,
+				      const char *base);
+
+extern int ldapu_auth_userdn_groupids (LDAP *ld, const char *userdn,
+				       void *groupids,
+				       LDAPU_GroupCmpFn_t grpcmpfn,
+				       const char *base,
+				       char **group_out);
+
+extern int ldapu_auth_userdn_attrfilter (LDAP *ld,
+					 const char *userdn,
+					 const char *attrfilter);
+
+extern int ldapu_auth_uid_attrfilter (LDAP *ld, const char *uid,
+				      const char *attrfilter,
+				      const char *base);
+
+extern int ldapu_auth_userdn_password (LDAP *ld,
+				       const char *userdn,
+				       const char *password);
+
+extern int ldapu_find_uid_attrs (LDAP *ld, const char *uid,
+				 const char *base, const char **attrs,
+				 int attrsonly, LDAPMessage **res);
+
+extern int ldapu_find_uid (LDAP *ld, const char *uid,
+			   const char *base, LDAPMessage **res);
+
+NSAPI_PUBLIC extern int ldapu_find_userdn (LDAP *ld, const char *uid,
+			      const char *base, char **dn);
+
+extern int ldapu_find_group_attrs (LDAP *ld, const char *groupid,
+				   const char *base, const char **attrs,
+				   int attrsonly, LDAPMessage **res);
+
+extern int ldapu_find_group (LDAP *ld, const char *groupid,
+			     const char *base, LDAPMessage **res);
+
+extern int ldapu_find_groupdn (LDAP *ld, const char *groupid,
+			       const char *base, char **dn);
+
+extern int ldapu_auth_uid_password (LDAP *ld, const char *uid,
+				    const char *password, const char *base);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* LDAPU_AUTH_H */
diff --git a/include/ldaputil/ldapdb.h b/include/ldaputil/ldapdb.h
new file mode 100644
index 00000000..13254a93
--- /dev/null
+++ b/include/ldaputil/ldapdb.h
@@ -0,0 +1,100 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef _LDAPU_LDAPDB_H
+#define _LDAPU_LDAPDB_H
+
+#include <ldap.h>
+/* removed for LDAPSDK31 integration
+#include <lcache.h>
+*/
+#ifdef LDAPDB_THREAD_SAFE
+/* In the past, we used CRITICAL objects from lib/base/crit.cpp.
+ * Now we use PRMonitor to avoid ldapu to depend on lib/base.
+ */
+#include <prmon.h>
+#else
+#define PRMonitor void
+#endif /* LDAPDB_THREAD_SAFE */
+
+#ifndef NSAPI_PUBLIC
+#ifdef XP_WIN32
+#define NSAPI_PUBLIC __declspec(dllexport)
+#else
+#define NSAPI_PUBLIC 
+#endif
+#endif
+
+#define LDAPDB_URL_PREFIX "ldapdb:"
+#define LDAPDB_URL_PREFIX_LEN 7
+
+typedef struct {
+    int use_ssl;    /* Set to 0 in case of local LDAP cache */
+    char *host;     /* Set to 0 in case of local LDAP cache */
+    int port;	    /* Set to 0 in case of local LDAP cache */
+    char *basedn;
+    char *scope;
+    char *filter;
+    LDAP *ld;
+    char *binddn;   /* Set to 0 in case of local LDAP cache */
+    char *bindpw;   /* Set to 0 in case of local LDAP cache */
+    int bound;	    /* If 0 then not bound with binddn & bindpw */
+    PRMonitor* crit;/* to control critical sections */
+} LDAPDatabase_t;
+
+#define LDAPU_ATTR_BINDDN	"binddn"
+#define LDAPU_ATTR_BINDPW	"bindpw"
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+NSAPI_PUBLIC extern int ldapu_url_parse (const char *url, const char *binddn,
+					 const char *bindpw,
+					 LDAPDatabase_t **ldb);
+
+NSAPI_PUBLIC extern int ldapu_ldapdb_url_parse (const char *url,
+						LDAPDatabase_t **ldb);
+
+NSAPI_PUBLIC extern int ldapu_is_local_db (const LDAPDatabase_t *ldb);
+
+NSAPI_PUBLIC extern void ldapu_free_LDAPDatabase_t (LDAPDatabase_t *ldb);
+
+NSAPI_PUBLIC extern LDAPDatabase_t *ldapu_copy_LDAPDatabase_t (const LDAPDatabase_t *ldb);
+
+NSAPI_PUBLIC extern int ldapu_ldap_init (LDAPDatabase_t *ldb);
+
+NSAPI_PUBLIC extern int ldapu_ldap_init_and_bind (LDAPDatabase_t *ldb);
+
+NSAPI_PUBLIC extern int ldapu_ldap_rebind (LDAPDatabase_t *ldb);
+
+NSAPI_PUBLIC extern int ldapu_ldap_reinit_and_rebind (LDAPDatabase_t *ldb);
+
+#ifdef __cplusplus
+}
+#endif
+
+/*
+ * LDAPU_REQ --
+ * 'ld' is cached in the 'ldb' structure.  If the LDAP server goes down since
+ * it was cached, the ldap lookup commands fail with LDAP_SERVER_DOWN.  This
+ * macro can be used to rebind to the server and retry the command once if
+ * this happens.
+ */
+#define LDAPU_REQ(rv, ldb, cmd) \
+{ \
+      int numtry = 0; \
+      while(1) { \
+	  rv = cmd; \
+	  if (rv != LDAP_SERVER_DOWN || numtry++ != 0) break; \
+	  /* Server went down since our last ldap lookup ... reconnect */ \
+	  rv = ldapu_ldap_reinit_and_rebind(ldb); \
+	  if (rv != LDAPU_SUCCESS) break; \
+      } \
+}
+
+
+#endif /* LDAPUTIL_LDAPDB_H */
diff --git a/include/ldaputil/ldaputil.h b/include/ldaputil/ldaputil.h
new file mode 100644
index 00000000..f0d87c22
--- /dev/null
+++ b/include/ldaputil/ldaputil.h
@@ -0,0 +1,132 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef _LDAPU_LDAPUTIL_H
+#define _LDAPU_LDAPUTIL_H
+
+#include <ldaputil/dbconf.h>
+#include <ldaputil/certmap.h>
+
+typedef struct ldapu_list_node {
+    void *info;				/* pointer to the corresponding info */
+    struct ldapu_list_node *next;	/* pointer to the next node */
+    struct ldapu_list_node *prev;	/* pointer to the prev node */
+} LDAPUListNode_t;
+
+typedef struct ldapu_list {
+    LDAPUListNode_t *head;
+    LDAPUListNode_t *tail;
+} LDAPUList_t;
+
+typedef struct {
+    char *prop;			/* property name */
+    char *val;			/* value -- only char* supported for now */
+} LDAPUPropVal_t;
+
+typedef LDAPUList_t LDAPUPropValList_t;
+
+enum {
+    COMPS_COMMENTED_OUT,
+    COMPS_EMPTY,
+    COMPS_HAS_ATTRS
+};
+
+typedef struct {
+    char *issuerName;		  /* issuer (symbolic/short) name */
+    char *issuerDN;		  /* cert issuer's DN */
+    LDAPUPropValList_t *propval;  /* pointer to the prop-val pairs list */
+    CertMapFn_t mapfn;		  /* cert to ldapdn & filter mapping func */
+    CertVerifyFn_t verifyfn;	  /* verify cert function */
+    CertSearchFn_t searchfn;	  /* search ldap entry function */
+    long dncomps;		  /* bitmask: components to form ldap dn */
+    long filtercomps;		  /* components used to form ldap filter */
+    int verifyCert;		  /* Verify the cert? */
+    char *searchAttr;		  /* LDAP attr used by the search fn */
+    int dncompsState;		  /* Empty, commented out, or attr names */
+    int filtercompsState;	  /* Empty, commented out, or attr names */
+} LDAPUCertMapInfo_t;
+
+typedef LDAPUList_t LDAPUCertMapListInfo_t;
+
+typedef void * (*LDAPUListNodeFn_t)(void *info, void *arg);
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern int certmap_read_default_certinfo (const char *file);
+
+extern int certmap_read_certconfig_file (const char *file);
+
+extern void ldapu_certinfo_free (void *certmap_info);
+
+extern void ldapu_certmap_listinfo_free (void *certmap_listinfo);
+
+extern void ldapu_propval_list_free (void *propval_list);
+
+NSAPI_PUBLIC extern int ldaputil_exit ();
+
+NSAPI_PUBLIC extern int ldapu_cert_to_user (void *cert, LDAP *ld,
+					    const char *basedn,
+					    LDAPMessage **res,
+					    char **user);
+
+NSAPI_PUBLIC extern int ldapu_certmap_init (const char *config_file,
+					    const char *libname,
+					    LDAPUCertMapListInfo_t **certmap_list,
+					    LDAPUCertMapInfo_t
+					    **certmap_default);
+
+NSAPI_PUBLIC extern int ldapu_certinfo_modify (const char *issuerName,
+					       const char *issuerDN,
+					       const LDAPUPropValList_t *propval);
+
+NSAPI_PUBLIC extern int ldapu_certinfo_delete (const char *issuerDN);
+
+NSAPI_PUBLIC extern int ldapu_certinfo_save (const char *fname,
+					     const char *old_fname,
+					     const char *tmp_fname);
+
+NSAPI_PUBLIC extern int ldapu_list_alloc (LDAPUList_t **list);
+NSAPI_PUBLIC extern int ldapu_propval_alloc (const char *prop, const char *val,
+					     LDAPUPropVal_t **propval);
+NSAPI_PUBLIC extern int ldapu_list_add_info (LDAPUList_t *list, void *info);
+
+#ifndef DONT_USE_LDAP_SSL
+#define USE_LDAP_SSL
+#endif
+
+typedef struct {
+#ifdef USE_LDAP_SSL
+    LDAP*       (LDAP_CALL LDAP_CALLBACK *ldapuV_ssl_init)         ( const char*, int, int );
+#else
+    LDAP*       (LDAP_CALL LDAP_CALLBACK *ldapuV_init)             ( const char*, int );
+#endif
+    int         (LDAP_CALL LDAP_CALLBACK *ldapuV_set_option)       ( LDAP*, int, void* );
+    int         (LDAP_CALL LDAP_CALLBACK *ldapuV_simple_bind_s)    ( LDAP*, const char*, const char* );
+    int         (LDAP_CALL LDAP_CALLBACK *ldapuV_unbind)           ( LDAP* );
+    int         (LDAP_CALL LDAP_CALLBACK *ldapuV_search_s)         ( LDAP*, const char*, int, const char*, char**, int, LDAPMessage** );
+    int         (LDAP_CALL LDAP_CALLBACK *ldapuV_count_entries)    ( LDAP*, LDAPMessage* );
+    LDAPMessage*(LDAP_CALL LDAP_CALLBACK *ldapuV_first_entry)      ( LDAP*, LDAPMessage* );
+    LDAPMessage*(LDAP_CALL LDAP_CALLBACK *ldapuV_next_entry)       ( LDAP*, LDAPMessage* );
+    int         (LDAP_CALL LDAP_CALLBACK *ldapuV_msgfree)          ( LDAP*, LDAPMessage* );
+    char*       (LDAP_CALL LDAP_CALLBACK *ldapuV_get_dn)           ( LDAP*, LDAPMessage* );
+    void        (LDAP_CALL LDAP_CALLBACK *ldapuV_memfree)          ( LDAP*, void* );
+    char*       (LDAP_CALL LDAP_CALLBACK *ldapuV_first_attribute)  ( LDAP*, LDAPMessage*, BerElement** );
+    char*       (LDAP_CALL LDAP_CALLBACK *ldapuV_next_attribute)   ( LDAP*, LDAPMessage*, BerElement* );
+    void        (LDAP_CALL LDAP_CALLBACK *ldapuV_ber_free)         ( LDAP*, BerElement*, int );
+    char**      (LDAP_CALL LDAP_CALLBACK *ldapuV_get_values)       ( LDAP*, LDAPMessage*, const char* );
+    void        (LDAP_CALL LDAP_CALLBACK *ldapuV_value_free)       ( LDAP*, char** );
+    struct berval**(LDAP_CALL LDAP_CALLBACK *ldapuV_get_values_len)( LDAP*, LDAPMessage*, const char* );
+    void           (LDAP_CALL LDAP_CALLBACK *ldapuV_value_free_len)( LDAP*, struct berval** );
+} LDAPUVTable_t;
+
+NSAPI_PUBLIC extern void ldapu_VTable_set (LDAPUVTable_t*);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _LDAPU_LDAPUTIL_H */
diff --git a/include/libaccess/acl.h b/include/libaccess/acl.h
new file mode 100644
index 00000000..88ac07f4
--- /dev/null
+++ b/include/libaccess/acl.h
@@ -0,0 +1,41 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef ACL_HEADER
+#define ACL_HEADER
+
+#ifndef NOINTNSACL
+#define INTNSACL
+#endif /* NOINTNSACL */
+
+#include <netsite.h>
+#include <base/pool.h>
+#include <base/pblock.h>
+#include <base/plist.h>
+#include <libaccess/nserror.h>
+
+#ifndef FALSE
+#define	FALSE			0
+#endif
+#ifndef TRUE
+#define	TRUE			1
+#endif
+
+#ifndef PUBLIC_NSACL_ACLAPI_H
+#include "public/nsacl/aclapi.h"
+#endif /* !PUBLIC_NSACL_ACLAPI_H */
+
+#ifdef INTNSACL
+
+NSPR_BEGIN_EXTERN_C
+
+extern	char	*generic_rights[];
+extern	char	*http_generic[];
+
+NSPR_END_EXTERN_C
+
+#endif /* INTNSACL */
+
+#endif
diff --git a/include/libaccess/acladmin.h b/include/libaccess/acladmin.h
new file mode 100644
index 00000000..9bd75623
--- /dev/null
+++ b/include/libaccess/acladmin.h
@@ -0,0 +1,79 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef __acladmin_h
+#define __acladmin_h
+
+
+/*
+ * Description (acladmin.h)
+ *
+ *	This file describes the interface to access control list (ACL)
+ *	administration functions.  This interface provides mechanisms
+ *	for inspecting, modifying, and writing out in text form ACL
+ *	structures.
+ */
+
+#include "aclstruct.h"
+
+NSPR_BEGIN_EXTERN_C
+
+/* Flags used for various functions */
+#define ACLF_NPREFIX	0x1		/* ACL name string is a name prefix */
+#define ACLF_REXACT	0x2		/* rights must match exactly */
+#define ACLF_RALL	0x4		/* must have all specified rights */
+
+/* Functions in acladmin.c */
+extern NSAPI_PUBLIC int aclDNSAddHost(char * newhost,
+				      char ***alist, int * asize);
+extern NSAPI_PUBLIC int aclDNSAddAliases(char * host,
+					 char ***alist, int * asize);
+extern NSAPI_PUBLIC int aclDNSPutHost(char * hname, int fqdn, int aliases,
+				      char ***alist, int * asize);
+extern NSAPI_PUBLIC int aclFindByName(ACContext_t * acc, char * aclname,
+			 char **rights, int flags, ACL_t **pacl);
+extern NSAPI_PUBLIC char * aclGetAuthMethod(ACL_t * acl, int dirno);
+extern NSAPI_PUBLIC char * aclGetDatabase(ACL_t * acl, int dirno);
+extern NSAPI_PUBLIC char **aclGetHosts(ACL_t * acl, int dirno, int clsno);
+extern NSAPI_PUBLIC char * aclGetPrompt(ACL_t * acl, int dirno);
+extern NSAPI_PUBLIC char **aclGetRights(ACL_t * acl);
+extern NSAPI_PUBLIC unsigned long aclGetRightsMask(ACContext_t * acc, char **rlist);
+extern NSAPI_PUBLIC char * aclGetSignature(ACL_t * acl);
+extern NSAPI_PUBLIC char **aclGetUsers(ACL_t * acl, int dirno, int clsno);
+extern NSAPI_PUBLIC int aclDNSFilterStrings(char **list, DNSFilter_t * dnf);
+extern NSAPI_PUBLIC int aclIPFilterStrings(char **list, IPFilter_t * ipf);
+extern NSAPI_PUBLIC int aclIdsToNames(char **list,
+			 USIList_t * uilptr, int uflag, Realm_t * rlm);
+extern NSAPI_PUBLIC int aclMakeNew(ACContext_t * acc, char * aclsig, char * aclname,
+		      char **rights, int flags, ACL_t **pacl);
+extern NSAPI_PUBLIC int aclPutAllowDeny(NSErr_t * errp, ACL_t * acl,
+			   int always, int allow, char **users, char **hosts);
+extern NSAPI_PUBLIC int aclPutAuth(NSErr_t * errp, ACL_t * acl,
+		      int always, int amethod, char * dbname, char * prompt);
+extern NSAPI_PUBLIC char * aclSafeIdent(char * str);
+extern NSAPI_PUBLIC int aclSetRights(ACL_t * acl, char **rights, int replace);
+extern NSAPI_PUBLIC int accWriteFile(ACContext_t * acc, char * filename, int flags);
+extern NSAPI_PUBLIC int aclStringGet(LEXStream_t * lst);
+extern NSAPI_PUBLIC int aclStringOpen(NSErr_t * errp,
+			 int slen, char * sptr, int flags, ACLFile_t **pacf);
+extern NSAPI_PUBLIC int aclCheckUsers(NSErr_t * errp, char * dbpath, char * usernames,
+			 char * groupnames, char ***uglist, char ***badulist,
+			 char ***badglist);
+extern NSAPI_PUBLIC int aclCheckHosts(NSErr_t * errp,
+			 int hexpand, char * dnsspecs, char * ipspecs,
+			 char ***hlist, char ***baddns, char ***badip);
+
+#ifdef NOTDEF
+extern int aclSetAuthMethod(ACL_t * acl, int dirno, char * amethod);
+extern int aclSetDatabase(ACL_t * acl, int dirno, char * dbname);
+extern int aclSetExecOptions(ACL_t * acl, char **options);
+extern int aclSetHosts(ACL_t * acl, int dirno, char **hostlist);
+extern int aclSetPrompt(ACL_t * acl, int dirno, char * prompt);
+extern int aclSetUsers(ACL_t * acl, int dirno, char **userlist);
+#endif /* NOTDEF */
+
+NSPR_END_EXTERN_C
+
+#endif /* __acladmin_h */
diff --git a/include/libaccess/aclbuild.h b/include/libaccess/aclbuild.h
new file mode 100644
index 00000000..319f5342
--- /dev/null
+++ b/include/libaccess/aclbuild.h
@@ -0,0 +1,56 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef __aclbuild_h
+#define __aclbuild_h
+
+/*
+ * Description (aclbuild.h)
+ *
+ *	This file describes the interface to a module which provides
+ *	functions for building Access Control List (ACL) structures
+ *	in memory.
+ */
+
+#include "usi.h"
+#include "nserror.h"
+#include "aclstruct.h"
+
+/* Define flags for aclAuthNameAdd() return value */
+#define ANA_GROUP	0x1		/* name matches group name */
+#define ANA_USER	0x2		/* name matches user name */
+#define ANA_DUP		0x4		/* name already in AuthNode_t */
+
+NSPR_BEGIN_EXTERN_C
+
+/* Functions in aclbuild.c */
+extern int accCreate(NSErr_t * errp, void * stp, ACContext_t **pacc);
+extern void accDestroy(ACContext_t * acc, int flags);
+extern int accDestroySym(Symbol_t * sym, void * argp);
+extern int accReadFile(NSErr_t * errp, char * aclfile, ACContext_t **pacc);
+extern int aclAuthDNSAdd(HostSpec_t **hspp, char * dnsspec, int fqdn);
+extern int aclAuthIPAdd(HostSpec_t **hspp, IPAddr_t ipaddr, IPAddr_t netmask);
+extern int aclAuthNameAdd(NSErr_t * errp, UserSpec_t * usp,
+			  Realm_t * rlm, char * name);
+extern ACClients_t * aclClientsDirCreate();
+extern int aclCreate(NSErr_t * errp,
+		     ACContext_t * acc, char * aclname, ACL_t **pacl);
+extern void aclDestroy(ACL_t * acl);
+extern void aclDelete(ACL_t * acl);
+extern int aclDirectiveAdd(ACL_t * acl, ACDirective_t * acd);
+extern ACDirective_t * aclDirectiveCreate();
+extern void aclDirectiveDestroy(ACDirective_t * acd);
+extern int aclDNSSpecDestroy(Symbol_t * sym, void * parg);
+extern void aclHostSpecDestroy(HostSpec_t * hsp);
+extern void aclRealmSpecDestroy(RealmSpec_t * rsp);
+extern int aclRightDef(NSErr_t * errp,
+		       ACContext_t * acc, char * rname, RightDef_t **prd);
+extern void aclRightSpecDestroy(RightSpec_t * rsp);
+extern UserSpec_t * aclUserSpecCreate();
+extern void aclUserSpecDestroy(UserSpec_t * usp);
+
+NSPR_END_EXTERN_C
+
+#endif /* __aclbuild_h */
diff --git a/include/libaccess/aclerror.h b/include/libaccess/aclerror.h
new file mode 100644
index 00000000..ffd5510b
--- /dev/null
+++ b/include/libaccess/aclerror.h
@@ -0,0 +1,307 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef __aclerror_h
+#define __aclerror_h
+
+/* ACL facility name string (in aclbuild.c) */
+NSPR_BEGIN_EXTERN_C
+extern char * ACL_Program;
+NSPR_END_EXTERN_C
+
+/* Define error identifiers */
+
+/* Errors generated in aclparse.c */
+
+/* aclAuthListParse() */
+#define ACLERR1000	1000	/* dynamic memory shortage */
+
+/* aclAuthHostsParse() */
+#define ACLERR1100	1100	/* unsupported list of host lists */
+#define ACLERR1120	1120	/* host list name not found where expected */
+#define ACLERR1140	1140	/* undefined host list name */
+#define ACLERR1160	1160	/* *unused* */
+#define ACLERR1180	1180	/* error adding IP filter entry */
+#define ACLERR1200	1200	/* error adding DNS filter entry */
+#define ACLERR1220	1220	/* ")" missing */
+
+/* aclAuthUsersParse() */
+#define ACLERR1300	1300	/* *unused* */
+#define ACLERR1320	1320	/* *unused* */
+#define ACLERR1340	1340	/* *unused* */
+#define ACLERR1360	1360	/* undefined user or group name */
+#define ACLERR1380	1380	/* duplicate user or group name */
+#define ACLERR1400	1400	/* ")" missing */
+#define ACLERR1420	1420	/* empty auth-user-elem */
+#define ACLERR1440	1440	/* duplicate or conflicting use of "all" */
+#define ACLERR1460	1460	/* duplicate or conflicting use of "any" */
+#define ACLERR1480	1480	/* conflicting use of "all" or "any" */
+#define ACLERR1500	1500	/* insufficient dynamic memory */
+#define ACLERR1520	1520	/* insufficient dynamic memory */
+
+/* aclDirectivesParse() */
+#define ACLERR1600	1600	/* dir-access missing */
+#define ACLERR1620	1620	/* invalid dir-access specification */
+#define ACLERR1640	1640	/* error adding ACD_AUTH directive to ACL */
+#define ACLERR1650	1650	/* error adding directive to ACL */
+#define ACLERR1660	1660	/* insufficient dynamic memory */
+#define ACLERR1680	1680	/* insufficient dynamic memory */
+#define ACLERR1685	1685	/* insufficient dynamic memory */
+#define ACLERR1690	1690	/* error adding directive to ACL */
+#define ACLERR1695	1695	/* error in "execute" directive */
+
+/* aclACLParse() */
+#define ACLERR1700	1700	/* ACL statement missing */
+#define ACLERR1720	1720	/* ACL name missing */
+#define ACLERR1740	1740	/* opening "{" missing */
+#define ACLERR1760	1760	/* closing "}" missing */
+#define ACLERR1780	1780	/* unrecognized ACL statement */
+
+/* aclFileOpen() */
+#define ACLERR1900	1900	/* file open error */
+#define ACLERR1920	1920	/* memory shortage for ACLFile_t */
+#define ACLERR1940	1940	/* memory shortage for token */
+#define ACLERR1960	1960	/* memory shortage for LEX stream */
+
+/* aclGetDNSString() */
+#define ACLERR2100	2100	/* */
+#define ACLERR2120	2120	/* */
+#define ACLERR2140	2140	/* */
+
+/* aclGetIPAddr() */
+#define ACLERR2200	2200	/* */
+#define ACLERR2220	2220	/* */
+#define ACLERR2240	2240	/* */
+#define ACLERR2260	2260	/* */
+#define ACLERR2280	2280	/* */
+#define ACLERR2300	2300	/* */
+#define ACLERR2320	2320	/* */
+
+/* aclGetToken() */
+#define ACLERR2400	2400	/* aclGetToken() parse error */
+
+/* aclParseInit() */
+
+/* aclRealmSpecParse() */
+#define ACLERR2500	2500	/* missing realm name */
+#define ACLERR2520	2520	/* undefined realm name */
+#define ACLERR2540	2540	/* insufficient dynamic memory */
+#define ACLERR2560	2560	/* missing realm directive */
+#define ACLERR2570	2570	/* missing database filespec */
+#define ACLERR2580	2580	/* missing authentication method name */
+#define ACLERR2600	2600	/* unknown authentication method name */
+#define ACLERR2605	2605	/* realm prompt string missing */
+#define ACLERR2610	2610	/* unknown realm directive */
+#define ACLERR2620	2620	/* missing "}" */
+
+/* aclRightsParse() */
+#define ACLERR2700	2700	/* missing rights list element */
+#define ACLERR2720	2720	/* missing rights list name */
+#define ACLERR2740	2740	/* undefined rights list name */
+#define ACLERR2760	2760	/* insufficient dynamic memory */
+#define ACLERR2780	2780	/* insufficient dynamic memory */
+#define ACLERR2800	2800	/* error creating access right definition */
+#define ACLERR2820	2820	/* insufficient dynamic memory */
+#define ACLERR2840	2840	/* missing ")" */
+
+/* aclGetFileSpec() */
+#define ACLERR2900	2900	/* skip over whitespace failed */
+#define ACLERR2920	2920	/* scan over filename failed */
+#define ACLERR2940	2940	/* missing filename */
+
+/* aclStringOpen() */
+#define ACLERR5000	5000	/* memory shortage for ACLFile_t */
+#define ACLERR5020	5020	/* memory shortage for token */
+#define ACLERR5040	5040	/* memory shortage for LEX stream */
+
+/* Errors generated in aclbuild.c */
+
+/* accCreate() */
+#define ACLERR3000	3000		/* insufficient dynamic memory */
+#define ACLERR3020	3020		/* insufficient dynamic memory */
+
+/* accFileRead() */
+#define ACLERR3100	3100		/* error initializing ACL parser */
+#define ACLERR3120	3120		/* error creating ACL symbol table */
+
+/* aclCreate() */
+#define ACLERR3200	3200		/* insufficient dynamic memory */
+#define ACLERR3220	3220		/* duplicate ACL name */
+
+/* aclAuthNameAdd() */
+#define ACLERR3400	3400		/* realm missing for user/group name */
+#define ACLERR3420	3420		/* error opening authentication DB */
+#define ACLERR3440	3440		/* error finding name in DB */
+#define ACLERR3460	3460		/* insufficient dynamic memory */
+
+/* aclRightDef() */
+#define ACLERR3600	3600		/* insufficient dynamic memory */
+#define ACLERR3620	3620		/* add right to symbol table failed */
+
+/* ACL_ListPostParseForAuth() */
+#define ACLERR3800	3800		/* Undefined method/database */
+#define ACLERR3810	3810		/* insufficient dynamic memory */
+
+/* Register.cpp */
+#define ACLERR3900	3900		/* Duplicate LAS registered */
+
+/* ACL_EvalBuildContext */
+#define ACLERR4000	4000		/* Unable to create context hash */
+#define ACLERR4010	4010		/* Unable to alloc cache structure */
+#define ACLERR4020	4020		/* Unable to alloc ACE entry */
+#define ACLERR4030	4030		/* Unable to alloc ACE entry */
+#define ACLERR4040	4040		/* Unable to alloc Auth Ptr Array */
+#define ACLERR4050	4050		/* Unable to alloc Auth Ptr Array */
+
+/* ACL_EvalTestRights */
+#define ACLERR4100	4100		/* Interim absolute, non-allow value */
+#define ACLERR4110	4110		/* BuildContext call failed */
+
+/* ACL_ModuleRegister */
+#define ACLERR4200	4200		/* module name missing */
+#define ACLERR4210	4210		/* module registration call failed */
+
+/* ACL_GetAttribute */
+#define ACLERR4300	4300		/* Couldn't determine method */
+#define ACLERR4310	4310		/* Couldn't locate Getter */
+#define ACLERR4320	4320		/* Couldn't Set Attr */
+#define ACLERR4330	4330		/* Couldn't Get Attr */
+#define ACLERR4340	4340		/* All getters declined */
+#define ACLERR4350	4350		/* All getters declined */
+#define ACLERR4360	4360		/* All getters declined */
+#define ACLERR4370	4370		/* All getters declined */
+#define ACLERR4380	4380		/* Couldn't determine dbtype */
+
+/* reg_dbname_internal */
+#define ACLERR4400	4400		/* dbtype not defined yet */
+#define ACLERR4410	4410		/* dbtype not defined yet */
+#define ACLERR4420	4420		/* out of memory */
+
+/* ACL_DatabaseRegister */
+#define ACLERR4500	4500		/* database name is missing */
+
+/* ACL_ReadDbMapFile */
+#define	ACLERR4600	4600		/* Error reading the Map file */
+#define	ACLERR4610	4610		/* Couldn't determine dbtype */
+#define	ACLERR4620	4620		/* Missing URL for database */
+#define	ACLERR4630	4630		/* Invalid proprty pair */
+#define	ACLERR4640	4640		/* Register database failed */
+#define	ACLERR4650	4650		/* Default database not LDAP */
+#define	ACLERR4660	4660		/* Multiple default databases */
+#define	ACLERR4670	4670		/* No default database */
+
+/* LASDnsBuild */
+#define	ACLERR4700	4700		/* Cannot allocatae hash */
+#define	ACLERR4710	4710		/* Cannot add token to hash */
+#define	ACLERR4720	4720		/* Cannot add token to hash */
+#define	ACLERR4730	4730		/* Cannot add token to hash */
+#define	ACLERR4740	4740		/* Cannot add token to hash */
+#define	ACLERR4750	4750		/* Cannot add token to hash */
+#define	ACLERR4760	4760		/* Cannot add token to hash */
+
+/* LASDnsEval */
+#define	ACLERR4800	4800		/* Wrong attribute name */
+#define	ACLERR4810	4810		/* Illegal comparator */
+#define	ACLERR4820	4820		/* Cannot allocate context struct */
+#define	ACLERR4830	4830		/* Cannot get DNS attribute */
+
+/* LASGroupEval */
+#define ACLERR4900	4900		/* wrong attribute */
+#define ACLERR4910	4910		/* bad comparator */
+#define ACLERR4920	4920		/* unable to get database name */
+
+/* LASIpTreeAllocNode */
+#define	ACLERR5000	5000		/* Cannot allocate IP tree */
+
+/* LASIpAddPattern */
+#define	ACLERR5100	5100		/* Cannot allocate IP tree node */
+#define	ACLERR5110	5110		/* Cannot allocate IP tree node */
+
+/* LASIpEval */
+#define	ACLERR5200	5200		/* Wrong attribute */
+#define	ACLERR5210	5210		/* Bad comparator */
+#define	ACLERR5220	5220		/* Cannot get session pointer */
+#define	ACLERR5230	5230		/* Cannot allocate context */
+#define	ACLERR5240	5240		/* Tested 32 bits without conclusion */
+
+/* LASProgramEval */
+#define	ACLERR5300	5300		/* Wrong attribute */
+#define	ACLERR5310	5310		/* Bad comparator */
+#define	ACLERR5320	5320		/* Can't get request pointer */
+#define	ACLERR5330	5330		/* Invalid program expression */
+#define	ACLERR5340	5340		/* Rejecting Request */
+
+/* LASDayOfWeekEval */
+#define	ACLERR5400	5400		/* wrong attribute */
+#define	ACLERR5410	5410		/* bad comparator */
+
+/* LASTimeOfDayEval */
+#define ACLERR5600	5600		/* wrong attribute */
+#define ACLERR5610	5610		/* bad comparator */
+
+/* LASUserEval */
+#define ACLERR5700	5700		/* wrong attribute */
+#define ACLERR5710	5710		/* bad comparator */
+#define ACLERR5720	5720		/* Out of memory */
+
+/* ldapacl.cpp */
+#define	ACLERR5800	5800		/* missing the database url */
+#define	ACLERR5810	5810		/* missing the database name */
+#define	ACLERR5820	5820		/* error parsing the db url */
+#define	ACLERR5830	5830		/* unable to get db name */
+#define ACLERR5840	5840		/* can't get parsed db name */
+#define ACLERR5850	5850		/* can't init ldap connection */
+#define ACLERR5860	5860		/* passwd check ldap error */
+#define ACLERR5870	5870		/* Out of memory */
+#define ACLERR5880	5880		/* User doesn't exist anymore */
+#define ACLERR5890	5890		/* PList error */
+
+/* get_user_ismember_ldap */
+#define ACLERR5900	5900		/* Can't get db name */
+#define ACLERR5910	5910		/* Can't get parsed db name */
+#define	ACLERR5920	5920		/* Out of memory */
+#define	ACLERR5930	5930		/* Can't init ldap connection */
+#define	ACLERR5940	5940		/* Group doesn't exist */
+#define	ACLERR5950	5950		/* LDAP error */
+
+/* ACL_LDAPDatabaseHandle */
+#define ACLERR6000	6000		/* Not a registered db */
+#define ACLERR6010	6010		/* Not an LDAP db */
+#define ACLERR6020	6020		/* Out of memory */
+#define ACLERR6030	6030		/* Can't init ldap connection */
+#define ACLERR6040	6040		/* Can't bind to ldap server */
+
+
+
+/* Define error return codes */
+#define ACLERRNOMEM	-1		/* insufficient dynamic memory */
+#define ACLERROPEN	-2		/* file open error */
+#define ACLERRDUPSYM	-3		/* duplicate symbol */
+#define ACLERRSYNTAX	-4		/* syntax error */
+#define ACLERRUNDEF	-5		/* undefined symbol */
+#define ACLERRADB	-6		/* authentication DB access error */
+#define ACLERRPARSE	-7		/* ACL parsing error */
+#define ACLERRNORLM	-8		/* missing authentication realm */
+#define ACLERRIO	-9		/* IO error */
+#define ACLERRINTERNAL	-10		/* internal processing error */
+/* #define ACLERRFAIL	-11 */	/* defined in include/public/nsacl/acldef.h */
+#define ACLERRINVAL	-12		/* invalid argument */
+#define ACLERRCONFIG	-13		/* auth realms don't math acl */
+
+#include "nserror.h"
+
+#ifndef PUBLIC_NSACL_ACLDEF_H
+#include "public/nsacl/acldef.h"
+#endif /* !PUBLIC_NSACL_ACLDEF_H */
+
+NSPR_BEGIN_EXTERN_C
+
+/* Functions in aclerror.c */
+extern void aclErrorFmt(NSErr_t * errp,
+			char * msgbuf, int maxlen, int maxdepth);
+
+NSPR_END_EXTERN_C
+
+#endif /* __aclerror_h */
diff --git a/include/libaccess/acleval.h b/include/libaccess/acleval.h
new file mode 100644
index 00000000..7fbd077a
--- /dev/null
+++ b/include/libaccess/acleval.h
@@ -0,0 +1,37 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef __acleval_h
+#define __acleval_h
+
+/*
+ * Description (acleval.h)
+ *
+ *	This file defines the interface to the ACL evaluation module.
+ */
+
+#include "nserror.h"
+#include "nsauth.h"
+#include "aclstruct.h"
+
+/* Define values returned by lookup routines */
+#define ACL_NOMATCH	0		/* no match */
+#define ACL_IPMATCH	0x1		/* IP address match */
+#define ACL_DNMATCH	0x2		/* DNS name match */
+#define ACL_USMATCH	0x4		/* user name match */
+#define ACL_GRMATCH	0x8		/* user is member of group */
+
+NSPR_BEGIN_EXTERN_C
+
+/* Functions in acleval.c */
+extern int aclDNSLookup(DNSFilter_t * dnf,
+			char * dnsspec, int fqdn, char **match);
+extern int aclIPLookup(IPFilter_t * ipf, IPAddr_t ipaddr, void **match);
+extern int aclUserLookup(UidUser_t * uup, UserObj_t * uoptr);
+extern int aclEvaluate(ACL_t * acl, USI_t arid, ClAuth_t * clauth, int * padn);
+
+NSPR_END_EXTERN_C
+
+#endif /* __acleval_h */
diff --git a/include/libaccess/aclglobal.h b/include/libaccess/aclglobal.h
new file mode 100644
index 00000000..165a69ef
--- /dev/null
+++ b/include/libaccess/aclglobal.h
@@ -0,0 +1,52 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+/*
+**	Header file containing global data elements.  These are duplicated
+**	when a cache flush is done.
+*/
+
+#include	<libaccess/acl.h>
+
+struct ACLGlobal_s {
+	ACLListHandle_t	*masterlist;
+	pool_handle_t	*pool;	/* Deallocate at the start of cache flush */
+	pool_handle_t	*databasepool;
+	pool_handle_t	*methodpool;
+	PRHashTable	*urihash;
+	PRHashTable	*urigethash;
+	PRHashTable	*listhash;
+	PRHashTable	*evalhash;
+	PRHashTable	*flushhash;
+	PRHashTable	*methodhash;
+	PRHashTable	*dbtypehash;
+	PRHashTable	*dbnamehash;
+	PRHashTable	*attrgetterhash;
+	PRHashTable	*userLdbHash; /* user's LDAP handle hash */
+};
+
+typedef struct ACLGlobal_s ACLGlobal_t;
+typedef struct ACLGlobal_s *ACLGlobal_p;
+
+#define acl_uri_hash_pool	ACLGlobal->pool
+#define acl_uri_hash		ACLGlobal->urihash
+#define acl_uri_get_hash	ACLGlobal->urigethash
+#define ACLListHash		ACLGlobal->listhash
+#define	ACLLasEvalHash		ACLGlobal->evalhash
+#define ACLLasFlushHash		ACLGlobal->flushhash
+#define ACLMethodHash		ACLGlobal->methodhash
+#define	ACLDbTypeHash		ACLGlobal->dbtypehash
+#define	ACLDbNameHash		ACLGlobal->dbnamehash
+#define	ACLAttrGetterHash	ACLGlobal->attrgetterhash
+#define	ACLUserLdbHash		ACLGlobal->userLdbHash
+#define ACL_DATABASE_POOL	ACLGlobal->databasepool
+#define ACL_METHOD_POOL		ACLGlobal->methodpool
+
+NSPR_BEGIN_EXTERN_C
+
+extern ACLGlobal_p ACLGlobal;
+extern ACLGlobal_p oldACLGlobal;
+
+NSPR_END_EXTERN_C
diff --git a/include/libaccess/aclparse.h b/include/libaccess/aclparse.h
new file mode 100644
index 00000000..503657e1
--- /dev/null
+++ b/include/libaccess/aclparse.h
@@ -0,0 +1,112 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef __aclparse_h
+#define __aclparse_h
+
+/*
+ * Description (aclparse.h)
+ *
+ *	This file describes the interface to a parser for files
+ *	containing Access Control List (ACL) definitions.  The parser
+ *	uses the services of the aclbuild module to construct an
+ *	in-memory representation of the ACLs it parses.
+ */
+
+#include "nserror.h"
+#include "aclbuild.h"
+
+/* Define keywords */
+#define KEYWORD_ACL	"acl"
+#define KEYWORD_ALL	"all"
+#define KEYWORD_ALLOW	"allow"
+#define KEYWORD_ANY	"anyone"
+#define KEYWORD_AT	"at"
+#define KEYWORD_AUTH	"authenticate"
+#define KEYWORD_BASIC	"basic"
+#define KEYWORD_DATABASE "database"
+#define KEYWORD_DEFAULT	"default"
+#define KEYWORD_DENY	"deny"
+#define KEYWORD_EXECUTE	"execute"
+#define KEYWORD_HOSTS	"hosts"
+#define KEYWORD_IF	"if"
+#define KEYWORD_IN	"in"
+#define KEYWORD_INCLUDE	"include"
+#define KEYWORD_METHOD	"method"
+#define KEYWORD_PROMPT	"prompt"
+#define KEYWORD_REALM	"realm"
+#define KEYWORD_RIGHTS	"rights"
+#define KEYWORD_SSL	"ssl"
+
+/* Define character classes */
+#define CCM_WS		0x1	/* whitespace */
+#define CCM_NL		0x2	/* newline */
+#define CCM_SPECIAL	0x4	/* special characters */
+#define CCM_DIGIT	0x8	/* digits */
+#define CCM_LETTER	0x10	/* letters */
+#define CCM_HYPHEN	0x20	/* hyphen */
+#define CCM_USCORE	0x40	/* underscore */
+#define CCM_FILESPEC	0x80	/* filename special characters */
+
+#define CCM_HYPUND	(CCM_HYPHEN|CCM_USCORE)
+#define CCM_IDENT	(CCM_LETTER|CCM_DIGIT|CCM_HYPUND)
+#define CCM_FILENAME	(CCM_LETTER|CCM_DIGIT|CCM_FILESPEC)
+
+/* Define token numbers */
+#define TOKEN_ERROR	-1	/* error in reading data stream */
+#define TOKEN_EOF	0	/* end-of-file */
+#define TOKEN_EOS	1	/* end-of-statement */
+#define TOKEN_IDENT	2	/* identifier */
+#define TOKEN_NUMBER	3	/* number */
+#define TOKEN_COMMA	4	/* comma */
+#define TOKEN_SEMI	5	/* semicolon */
+#define TOKEN_PERIOD	6	/* period */
+#define TOKEN_LPAREN	7	/* left parenthesis */
+#define TOKEN_RPAREN	8	/* right parenthesis */
+#define TOKEN_LBRACE	9	/* left brace */
+#define TOKEN_RBRACE	10	/* right brace */
+#define TOKEN_AT	11	/* at sign */
+#define TOKEN_PLUS	12	/* plus sign */
+#define TOKEN_STAR	13	/* asterisk */
+#define TOKEN_STRING	14	/* quoted string */
+#define TOKEN_HUH	15	/* unrecognized input */
+
+/* Define flags bits for aclGetToken() */
+#define AGT_NOSKIP	0x1		/* don't skip leading whitespace */
+#define AGT_APPEND	0x2		/* append next to token buffer */
+
+NSPR_BEGIN_EXTERN_C
+
+extern void * aclChTab;			/* character table for ACL parsing */
+
+/* Functions in aclparse.c */
+extern int aclAuthListParse(NSErr_t * errp, ACLFile_t * acf,
+			    ACContext_t * acc, Realm_t * rlm,
+			    ACClients_t **clsp);
+extern int aclAuthHostsParse(NSErr_t * errp, ACLFile_t * acf,
+			     ACContext_t * acc, HostSpec_t **hspp);
+extern int aclAuthUsersParse(NSErr_t * errp, ACLFile_t * acf,
+			     Realm_t * rlm, UserSpec_t **uspp, char ***elist);
+extern int aclDirectivesParse(NSErr_t * errp, ACLFile_t * acf, ACL_t * acl);
+extern int aclACLParse(NSErr_t * errp,
+		       ACLFile_t * acf, ACContext_t * acc, int flags);
+extern void aclFileClose(ACLFile_t * acf, int flags);
+extern int aclFileOpen(NSErr_t * errp,
+		       char * filename, int flags, ACLFile_t **pacf);
+extern int aclGetDNSString(NSErr_t * errp, ACLFile_t * acf);
+extern int aclGetFileSpec(NSErr_t * errp, ACLFile_t * acf, int flags);
+extern int aclGetIPAddr(NSErr_t * errp,
+			ACLFile_t * acf, IPAddr_t * pip, IPAddr_t * pmask);
+extern int aclGetToken(NSErr_t * errp, ACLFile_t * acf, int flags);
+extern int aclParseInit();
+extern int aclRealmSpecParse(NSErr_t * errp, ACLFile_t * acf,
+			     ACContext_t * acc, RealmSpec_t **rspp);
+extern int aclRightsParse(NSErr_t * errp, ACLFile_t * acf, ACContext_t * acc,
+			  RightSpec_t **rights);
+extern int aclStreamGet(LEXStream_t * lst);
+
+NSPR_END_EXTERN_C
+
+#endif /* __aclparse_h */
diff --git a/include/libaccess/aclproto.h b/include/libaccess/aclproto.h
new file mode 100644
index 00000000..6dbc07d5
--- /dev/null
+++ b/include/libaccess/aclproto.h
@@ -0,0 +1,156 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef ACL_PROTO_HEADER
+#define ACL_PROTO_HEADER
+
+#ifndef NOINTNSACL
+#define INTNSACL
+#endif /* !NOINTNSACL */
+
+#ifndef PUBLIC_NSACL_ACLDEF_H
+#include "public/nsacl/acldef.h"
+#endif /* !PUBLIC_NSACL_ACLDEF_H */
+
+#ifdef INTNSACL
+
+NSPR_BEGIN_EXTERN_C
+
+/*********************************************************************
+ *  ACL language and file interfaces
+ *********************************************************************/
+
+NSAPI_PUBLIC ACLListHandle_t * ACL_ParseFile(NSErr_t *errp, char *filename);
+NSAPI_PUBLIC ACLListHandle_t * ACL_ParseString(NSErr_t *errp, char *buffer);
+NSAPI_PUBLIC int ACL_Decompose(NSErr_t *errp, char **acl, ACLListHandle_t *acl_list);
+NSAPI_PUBLIC int ACL_WriteString(NSErr_t *errp, char **acl, ACLListHandle_t *acllist);
+NSAPI_PUBLIC int ACL_WriteFile(NSErr_t *errp, char *filename, ACLListHandle_t *acllist);
+NSAPI_PUBLIC int ACL_FileRenameAcl(NSErr_t *errp, char *filename, char *acl_name, char *new_acl_name, int flags);
+NSAPI_PUBLIC int ACL_FileDeleteAcl(NSErr_t *errp, char *filename, char *acl_name, int flags);
+NSAPI_PUBLIC int ACL_FileGetAcl(NSErr_t *errp, char *filename, char *acl_name, char **acl_text, int flags);
+NSAPI_PUBLIC int ACL_FileSetAcl(NSErr_t *errp, char *filename, char *acl_text, int flags);
+NSAPI_PUBLIC int ACL_FileMergeAcl(NSErr_t *errp, char *filename, char **acl_name_list, char *new_acl_name, int  flags);
+NSAPI_PUBLIC int ACL_FileMergeFile(NSErr_t *errp, char *filename, char **file_list, int  flags);
+
+
+/*********************************************************************
+ *  ACL Expression construction interfaces
+ *********************************************************************/
+NSAPI_PUBLIC ACLExprHandle_t *ACL_ExprNew(const ACLExprType_t expr_type);
+NSAPI_PUBLIC void ACL_ExprDestroy(ACLExprHandle_t *expr);
+NSAPI_PUBLIC int ACL_ExprSetPFlags(NSErr_t *errp, ACLExprHandle_t *expr, PFlags_t flags);
+NSAPI_PUBLIC int ACL_ExprClearPFlags(NSErr_t *errp, ACLExprHandle_t *expr);
+NSAPI_PUBLIC int ACL_ExprTerm(NSErr_t *errp, ACLExprHandle_t *acl_expr, char *attr_name, CmpOp_t cmp, char *attr_pattern);
+NSAPI_PUBLIC int ACL_ExprNot(NSErr_t *errp, ACLExprHandle_t *acl_expr);
+NSAPI_PUBLIC int ACL_ExprAnd(NSErr_t *errp, ACLExprHandle_t *acl_expr);
+NSAPI_PUBLIC int ACL_ExprOr(NSErr_t *errp, ACLExprHandle_t *acl_expr);
+NSAPI_PUBLIC int ACL_ExprAddAuthInfo(ACLExprHandle_t *expr, PList_t auth_info);
+NSAPI_PUBLIC int ACL_ExprAddArg(NSErr_t *errp, ACLExprHandle_t *expr, char *arg);
+NSAPI_PUBLIC int ACL_ExprSetDenyWith(NSErr_t *errp, ACLExprHandle_t *expr, char *deny_type, char *deny_response);
+NSAPI_PUBLIC int ACL_ExprGetDenyWith(NSErr_t *errp, ACLExprHandle_t *expr, char **deny_type, char **deny_response);
+
+/*********************************************************************
+ * ACL manipulation
+ *********************************************************************/
+
+NSAPI_PUBLIC ACLHandle_t * ACL_AclNew(NSErr_t *errp, char *tag);
+NSAPI_PUBLIC void ACL_AclDestroy(NSErr_t *errp, ACLHandle_t *acl);
+NSAPI_PUBLIC int ACL_ExprAppend(NSErr_t *errp, ACLHandle_t *acl, ACLExprHandle_t *expr);
+NSAPI_PUBLIC const char *ACL_AclGetTag(ACLHandle_t *acl);
+
+/*********************************************************************
+ * ACL list manipulation
+ *********************************************************************/
+
+NSAPI_PUBLIC ACLListHandle_t * ACL_ListNew(NSErr_t *errp);
+NSAPI_PUBLIC int ACL_ListConcat(NSErr_t *errp, ACLListHandle_t *acl_list1, ACLListHandle_t *acl_list2, int flags);
+NSAPI_PUBLIC int ACL_ListAppend(NSErr_t *errp, ACLListHandle_t *acllist, ACLHandle_t *acl, int flags);
+NSAPI_PUBLIC void ACL_ListDestroy(NSErr_t *errp, ACLListHandle_t *acllist);
+NSAPI_PUBLIC ACLHandle_t * ACL_ListFind(NSErr_t *errp, ACLListHandle_t *acllist, char *aclname, int flags);
+NSAPI_PUBLIC int ACL_ListAclDelete(NSErr_t *errp, ACLListHandle_t *acl_list, char *acl_name, int flags);
+NSAPI_PUBLIC int ACL_ListGetNameList(NSErr_t *errp, ACLListHandle_t *acl_list, char ***name_list);
+NSAPI_PUBLIC int ACL_FileGetNameList(NSErr_t *errp, char * filename, char ***name_list);
+NSAPI_PUBLIC int ACL_NameListDestroy(NSErr_t *errp, char **name_list);
+NSAPI_PUBLIC ACLHandle_t *ACL_ListGetFirst(ACLListHandle_t *acl_list,
+                                           ACLListEnum_t *acl_enum);
+NSAPI_PUBLIC ACLHandle_t *ACL_ListGetNext(ACLListHandle_t *acl_list,
+                                           ACLListEnum_t *acl_enum);
+
+/* Only used for asserts.  Probably shouldn't be publicly advertized */
+extern int ACL_AssertAcllist( ACLListHandle_t *acllist );
+
+/* Need to be ACL_LIB_INTERNAL */
+NSAPI_PUBLIC int ACL_ListPostParseForAuth(NSErr_t *errp, ACLListHandle_t *acl_list);
+
+/*********************************************************************
+ * ACL evaluation 
+ *********************************************************************/
+
+NSAPI_PUBLIC int ACL_EvalTestRights(NSErr_t *errp, ACLEvalHandle_t *acleval, char **rights, char **map_generic, char **deny_type, char **deny_response, char **acl_tag, int *expr_num);
+NSAPI_PUBLIC int ACL_CachableAclList(ACLListHandle_t *acllist);
+NSAPI_PUBLIC ACLEvalHandle_t * ACL_EvalNew(NSErr_t *errp, pool_handle_t *pool);
+NSAPI_PUBLIC void ACL_EvalDestroy(NSErr_t *errp, pool_handle_t *pool, ACLEvalHandle_t *acleval);
+NSAPI_PUBLIC void ACL_EvalDestroyNoDecrement(NSErr_t *errp, pool_handle_t *pool, ACLEvalHandle_t *acleval);
+NSAPI_PUBLIC int ACL_ListDecrement(NSErr_t *errp, ACLListHandle_t *acllist);
+NSAPI_PUBLIC int ACL_EvalSetACL(NSErr_t *errp, ACLEvalHandle_t *acleval, ACLListHandle_t *acllist);
+NSAPI_PUBLIC PList_t ACL_EvalGetSubject(NSErr_t *errp, ACLEvalHandle_t *acleval);
+NSAPI_PUBLIC int ACL_EvalSetSubject(NSErr_t *errp, ACLEvalHandle_t *acleval, PList_t subject);
+NSAPI_PUBLIC PList_t ACL_EvalGetResource(NSErr_t *errp, ACLEvalHandle_t *acleval);
+NSAPI_PUBLIC int ACL_EvalSetResource(NSErr_t *errp, ACLEvalHandle_t *acleval, PList_t resource);
+
+/*
+ *	The following entities are only meant to be called by whole server
+ *	products that include libaccess.  E.g. the HTTP server, the Directory
+ *	server etc.  They should not be called by ACL callers, LASs etc.
+ */
+
+/*********************************************************************
+ * ACL misc routines 
+ *********************************************************************/
+
+NSAPI_PUBLIC int ACL_Init(void);
+NSAPI_PUBLIC int ACL_InitPostMagnus(void);
+NSAPI_PUBLIC int ACL_LateInitPostMagnus(void);
+NSAPI_PUBLIC void ACL_ListHashUpdate(ACLListHandle_t **acllistp);
+NSAPI_PUBLIC void ACL_GetPathAcls(char *path, ACLListHandle_t **acllist_p, char *prefix, ACLListHandle_t *masterlist);
+NSAPI_PUBLIC int ACL_ReadDbMapFile(NSErr_t *errp, const char *map_file, int default_only); 
+
+NSAPI_PUBLIC int ACL_MethodNamesGet(NSErr_t *errp, char ***names, int *count);
+NSAPI_PUBLIC int ACL_MethodNamesFree(NSErr_t *errp, char **names, int count);
+
+NSAPI_PUBLIC int ACL_DatabaseNamesGet(NSErr_t *errp, char ***names, int *count);
+NSAPI_PUBLIC int ACL_DatabaseNamesFree(NSErr_t *errp, char **names, int count);
+
+NSAPI_PUBLIC int ACL_InitAttr2Index(void);
+NSAPI_PUBLIC int ACL_Attr2Index(const char *attrname);
+
+/*********************************************************************
+ * ACL cache and flush utility 
+ *********************************************************************/
+
+NSAPI_PUBLIC int ACL_CacheCheck(char *uri, ACLListHandle_t **acllist_p);
+NSAPI_PUBLIC int ACL_CacheCheckGet(char *uri, ACLListHandle_t **acllist_p);
+NSAPI_PUBLIC void ACL_CacheEnter(char *uri, ACLListHandle_t **acllist_p);
+NSAPI_PUBLIC void ACL_CacheEnterGet(char *uri, ACLListHandle_t **acllist_p);
+NSAPI_PUBLIC int ACL_ListHashCheck(ACLListHandle_t **acllist_p);
+NSAPI_PUBLIC void ACL_ListHashEnter(ACLListHandle_t **acllist_p);
+NSAPI_PUBLIC int ACL_CacheFlush(void);
+NSAPI_PUBLIC void ACL_Restart(void *clntData);
+NSAPI_PUBLIC void ACL_CritEnter(void);
+NSAPI_PUBLIC void ACL_CritExit(void);
+
+/*********************************************************************
+ * ACL CGI routines
+ *********************************************************************/
+
+NSAPI_PUBLIC void ACL_OutputSelector(char *name, char **item);
+
+
+NSPR_END_EXTERN_C
+
+#endif /* INTNSACL */
+
+#endif
+
diff --git a/include/libaccess/aclstruct.h b/include/libaccess/aclstruct.h
new file mode 100644
index 00000000..71320b0f
--- /dev/null
+++ b/include/libaccess/aclstruct.h
@@ -0,0 +1,264 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef __aclstruct_h
+#define __aclstruct_h
+
+/*
+ * Description (aclstruct.h)
+ *
+ *	This file defines types and data structures used to construct
+ *	representations of Access Control Lists (ACLs) in memory.
+ */
+
+#include "base/systems.h"
+#include "base/file.h"
+#include "base/lexer.h"
+#include "nsauth.h"		/* authentication types */
+#include "symbols.h"		/* typed symbol support */
+#include "ipfstruct.h"		/* IP address filter structures */
+#include "dnfstruct.h"		/* DNS name filter structures */
+
+
+NSPR_BEGIN_EXTERN_C
+
+/* Forward type definitions */
+typedef struct ACL_s ACL_t;
+
+/*
+ * Description (InetHost_t)
+ *
+ *	This type defines a structure which represents a list of Internet
+ *	hosts by IP address and netmask, or by fully or partially
+ *	qualified DNS name.
+ */
+
+typedef struct InetHost_s InetHost_t;
+struct InetHost_s {
+    IPFilter_t inh_ipf;			/* reference to IP filter */
+    DNSFilter_t inh_dnf;		/* reference to DNS filter */
+};
+
+/*
+ * Description (HostSpec_t)
+ *
+ *	This type describes a named list of hosts.
+ */
+
+typedef struct HostSpec_s HostSpec_t;
+struct HostSpec_s {
+    Symbol_t hs_sym;			/* symbol name, type ACLSYMHOST */
+    InetHost_t hs_host;			/* host information */
+};
+
+/*
+ * Description (UidUser_t)
+ *
+ *	This type represents a list of users and groups using unique
+ *	integer identifiers.
+ */
+
+typedef struct UidUser_s UidUser_t;
+struct UidUser_s {
+    USIList_t uu_user;			/* list of user ids */
+    USIList_t uu_group;			/* list of group ids */
+};
+
+/*
+ * Description (UserSpec_t)
+ *
+ *	This type describes a named list of users and groups.
+ */
+
+typedef struct UserSpec_s UserSpec_t;
+struct UserSpec_s {
+    Symbol_t us_sym;			/* list name, type ACLSYMUSER */
+    int us_flags;			/* bit flags */
+#define ACL_USALL	0x1		/* any authenticated user */
+
+    UidUser_t us_user;			/* user list structure */
+};
+
+/*
+ * Description (ACClients_t)
+ *
+ *	This type defines the structure of action-specific information
+ *	for access control directives with action codes ACD_ALLOW and
+ *	ACD_DENY.  These directives specify access control constraints
+ *	on users/groups and hosts.
+ */
+
+typedef struct ACClients_s ACClients_t;
+struct ACClients_s {
+    ACClients_t * cl_next;		/* list link */
+    HostSpec_t * cl_host;		/* host specification pointer */
+    UserSpec_t * cl_user;		/* user list pointer */
+};
+
+/*
+ * Description (RealmSpec_t)
+ *
+ *	This type describes a named realm.
+ */
+
+typedef struct RealmSpec_s RealmSpec_t;
+struct RealmSpec_s {
+    Symbol_t rs_sym;			/* realm name, type ACLSYMREALM */
+    Realm_t rs_realm;			/* realm information */
+};
+
+/*
+ * Description (ACAuth_t)
+ *
+ *	This type defines the structure of action-specific information
+ *	for an access control directive with action code ACD_AUTH,
+ *	which specifies information about authentication requirements.
+ */
+
+typedef struct ACAuth_s ACAuth_t;
+struct ACAuth_s {
+    RealmSpec_t * au_realm;		/* pointer to realm information */
+};
+
+/*
+ * Description (ACDirective_t)
+ *
+ *	This type defines a structure which represents an access control
+ *	directive.  Each directive specifies an access control action
+ *	to be taken during ACL evaluation.  The ACDirective_t structure
+ *	begins an action-specific structure which contains the
+ *	parameters for an action.
+ */
+
+typedef struct ACDirective_s ACDirective_t;
+struct ACDirective_s {
+    ACDirective_t * acd_next;		/* next directive in ACL */
+    short acd_action;			/* directive action code */
+    short acd_flags;			/* action modifier flags */
+
+    /* Begin action-specific information */
+    union {
+	ACClients_t * acu_cl;		/* ACD_ALLOW, ACD_DENY */
+	ACAuth_t acu_auth;		/* ACD_AUTH */
+    } acd_u;
+};
+
+#define acd_cl		acd_u.acu_cl
+#define acd_auth	acd_u.acu_auth
+
+/* Define acd_action codes */
+#define ACD_ALLOW	1		/* allow access */
+#define ACD_DENY	2		/* deny access */
+#define ACD_AUTH	3		/* specify authentication realm */
+#define ACD_EXEC	4		/* execute (conditionally) */
+
+/* Define acd_flags values */
+#define ACD_ACTION	0xf		/* bits reserved for acd_action */
+#define ACD_FORCE	0x10		/* force of action */
+#define ACD_DEFAULT	0		/* default action */
+#define ACD_ALWAYS	ACD_FORCE	/* immediate action */
+#define ACD_EXALLOW	0x20		/* execute if allow */
+#define ACD_EXDENY	0x40		/* execute if deny */
+#define ACD_EXAUTH	0x80		/* execute if authenticate */
+
+/*
+ * Description (RightDef_t)
+ *
+ *	This type describes a named access right.  Each access right has
+ *	an associated unique integer id.  A list of all access rights
+ *	known in an ACL context is maintained, with its head in the
+ *	ACContext_t structure.
+ */
+
+typedef struct RightDef_s RightDef_t;
+struct RightDef_s {
+    Symbol_t rd_sym;			/* right name, type ACLSYMRIGHT */
+    RightDef_t * rd_next;		/* next on ACContext_t list */
+    USI_t rd_id;			/* unique id */
+};
+
+/*
+ * Description (RightSpec_t)
+ *
+ *	This type describes a named list of access rights.
+ */
+
+typedef struct RightSpec_s RightSpec_t;
+struct RightSpec_s {
+    Symbol_t rs_sym;			/* list name, type ACLSYMRDEF */
+    USIList_t rs_list;			/* list of right ids */
+};
+
+/*
+ * Description (ACContext_t)
+ *
+ *	This type defines a structure that defines a context for a set
+ *	of Access Control Lists.  This includes references to an
+ *	authentication database, if any, and a symbol table containing
+ *	access right definitions.  It also serves as a list head for the
+ *	ACLs which are defined in the specified context.
+ */
+
+typedef struct ACContext_s ACContext_t;
+struct ACContext_s {
+    void * acc_stp;			/* symbol table handle */
+    ACL_t * acc_acls;			/* list of ACLs */
+    RightDef_t * acc_rights;		/* list of access right definitions */
+    int acc_refcnt;			/* reference count */
+};
+
+/*
+ * Description (ACL_t)
+ *
+ *	This type defines the structure that represents an Access Control
+ *	List (ACL).  An ACL has a user-assigned name and an internally
+ *	assigned identifier (which is an index in an object directory).
+ *	It references a list of access rights which are to be allowed or
+ *	denied, according to the ACL specifications.  It references an
+ *	ordered list of ACL directives, which specify who has and who does
+ *	not have the associated access rights.
+ */
+
+struct ACL_s {
+    Symbol_t acl_sym;			/* ACL name, type ACLSYMACL */
+    ACL_t * acl_next;			/* next ACL on a list */
+    ACContext_t * acl_acc;		/* context for this ACL */
+    USI_t acl_id;			/* id of this ACL */
+    int acl_refcnt;			/* reference count */
+    RightSpec_t * acl_rights;		/* access rights list */
+    ACDirective_t * acl_dirf;		/* first directive pointer */
+    ACDirective_t * acl_dirl;		/* last directive pointer */
+};
+
+/* Define symbol type codes */
+#define ACLSYMACL	0		/* ACL */
+#define ACLSYMRIGHT	1		/* access right */
+#define ACLSYMRDEF	2		/* access rights list */
+#define ACLSYMREALM	3		/* realm name */
+#define ACLSYMHOST	4		/* host specifications */
+#define ACLSYMUSER	5		/* user/group list */
+
+/*
+ * Description (ACLFile_t)
+ *
+ *	This type describes a structure containing information about
+ *	an open ACL description file.
+ */
+
+typedef struct ACLFile_s ACLFile_t;
+struct ACLFile_s {
+    ACLFile_t * acf_next;		/* list link */
+    char * acf_filename;		/* pointer to filename string */
+    LEXStream_t * acf_lst;		/* LEX stream handle */
+    SYS_FILE acf_fd;			/* file descriptor */
+    int acf_flags;			/* bit flags (unused) */
+    int acf_lineno;			/* current line number */
+    void * acf_token;			/* LEX token handle */
+    int acf_ttype;			/* current token type */
+};
+
+NSPR_END_EXTERN_C
+
+#endif /* __aclstruct_h */
diff --git a/include/libaccess/attrec.h b/include/libaccess/attrec.h
new file mode 100644
index 00000000..267c32ff
--- /dev/null
+++ b/include/libaccess/attrec.h
@@ -0,0 +1,157 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef __attrec_h
+#define __attrec_h
+
+/*
+ * Description (attrec.h)
+ *
+ *	This file describes the encoding and decoding of attribute
+ *	records.  Attribute records consist of a sequence of items
+ *	of the form:
+ *
+ *		<tag><length><contents>
+ *
+ *	The <tag> is an integer code which identifies a particular
+ *	attribute.  The <length> is the integer length in bytes of
+ *	the <contents>.  The encoding of the contents is determined
+ *	by the <tag>, and is application-specific.
+ *
+ *	Primitive data types currently supported are unsigned
+ *	integers (USI) and null-terminated strings (NTS).  The
+ *	encoding of USI values less than 128 is simply an octet
+ *	containing the value.  For values 128 or greater, the first
+ *	octet is 0x80 plus the length of the value, in octets.
+ *	This octet is followed by the indicated number of octets,
+ *	containing the USI value, with the most significant bits in
+ *	the first octet, and the least significant bits in the last
+ *	octet.
+ *
+ *	Examples of USI encoding:
+ *
+ *		Value		Encoding (each value is an octet)
+ *		    4		0x04
+ *		  127		0x7f
+ *		   -1		(this is not a USI)
+ *		  128		0x81 0x80
+ *		 1023		0x82 0x03 0xff
+ *
+ *	The encoding of a null-terminated string (NTS) is simply the
+ *	sequence of octets which comprise the string, including the
+ *	terminating null (0x00) octet.  The terminating null octet is
+ *	the only null value in the string.  The character set used to
+ *	encode the other string octets is ASCII.
+ */
+
+#include "usi.h"
+
+NSPR_BEGIN_EXTERN_C
+
+/* Define a type to reference an attribute record */
+typedef unsigned char * ATR_t;
+
+/*
+ * Description (USILENGTH)
+ *
+ *	This macro returns the length of the USI encoding for a specified
+ *	unsigned integer value.  The length is the number of octets
+ *	required.  It will be greater than zero, and less than or equal
+ *	to USIALLOC().  This is a partial inline optimization of
+ *	USI_Length().
+ */
+
+#define USILENGTH(val)	(((USI_t)(val) <= 0x7f) ? 1 : USI_Length((USI_t)(val)))
+
+/*
+ * Description (USIALLOC)
+ *
+ *	This macro returns the maximum length of an unsigned integer
+ *	encoding.
+ */
+
+#define USIALLOC()	(5)
+
+/*
+ * Description (USIENCODE)
+ *
+ *	This macro encodes a USI value into a specified buffer.  It
+ *	returns a pointer to the first octet after the encoding.
+ *	This is a partial inline optimization for USI_Encode().
+ */
+
+#define USIENCODE(cp, val) (((USI_t)(val) <= 0x7f) ? (*(cp) = (val), (cp)+1) \
+						   : USI_Encode((cp), (val)))
+
+/*
+ * Description (USIINSERT)
+ *
+ *	This macro performs a variation of USIENCODE which always
+ *	generates the maximum-sized USI encoding, i.e. the number of
+ *	octets indicated by USIALLOC().
+ */
+
+#define USIINSERT(cp, val) USI_Insert((ATR_t)(cp), (USI_t)(val))
+
+/*
+ * Description (USIDECODE)
+ *
+ *	This macro decodes a USI value from a specified buffer.  It
+ *	returns a pointer to the first octet after the encoding.
+ *	This is a partial inline optimization for USI_Decode().
+ */
+
+#define USIDECODE(cp, pval) \
+	((*(cp) & 0x80) ? USI_Decode((cp), (pval)) \
+			: (((pval) ? (*(pval) = *(cp)) : 0), (cp)+1))
+
+/* Define a type to reference a null-terminated string */
+typedef unsigned char * NTS_t;
+
+/*
+ * Decription (NTSLENGTH)
+ *
+ *	Return the length, in octets, of a null-terminated string.
+ *	It includes the terminating null octet.
+ */
+
+#define NTSLENGTH(nts) ((nts) ? strlen((char *)(nts)) + 1 : 1)
+
+/*
+ * Description (NTSENCODE)
+ *
+ *	This macro copies a null-terminated string to a specified
+ *	attribute record buffer.  It returns a pointer to the octet
+ *	following the NTS in the buffer.
+ */
+
+#define NTSENCODE(cp, nts) \
+	((ATR_t)memccpy((void *)(cp), \
+			(void *)((nts) ? (NTS_t)(nts) : (NTS_t)""), \
+			0, NTSLENGTH(nts)))
+
+/*
+ * Description (NTSDECODE)
+ *
+ *	This macro decodes a null-terminated string in a specified
+ *	attribute record buffer into a dynamically allocated buffer.
+ *	It returns a pointer to the first octet after the NTS in the
+ *	attribute record buffer.
+ */
+
+#define NTSDECODE(cp, pnts) NTS_Decode((cp), (pnts))
+
+/* Functions in attrec.c */
+extern int NTS_Length(NTS_t ntsp);
+extern ATR_t NTS_Decode(ATR_t cp, NTS_t * pnts);
+extern ATR_t NTS_Encode(ATR_t cp, NTS_t nts);
+extern ATR_t USI_Decode(ATR_t cp, USI_t * pval);
+extern ATR_t USI_Encode(ATR_t cp, USI_t val);
+extern ATR_t USI_Insert(ATR_t cp, USI_t val);
+extern int USI_Length(USI_t val);
+
+NSPR_END_EXTERN_C
+
+#endif /* __attrec_h */
diff --git a/include/libaccess/authdb.h b/include/libaccess/authdb.h
new file mode 100644
index 00000000..952f0d07
--- /dev/null
+++ b/include/libaccess/authdb.h
@@ -0,0 +1,24 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef AUTHDB_H
+#define AUTHDB_H
+
+#include <base/plist.h>
+#include <libaccess/nserror.h>
+#include <libaccess/las.h>
+
+#define URL_PREFIX_LDAP		    "ldap"
+#define URL_PREFIX_LDAP_LEN	    4
+
+typedef struct {
+    char *dbname;
+    ACLDbType_t dbtype;
+    void *dbinfo;
+} AuthdbInfo_t;
+
+extern int acl_num_databases();
+
+#endif /* AUTHDB_H */
diff --git a/include/libaccess/ava.h b/include/libaccess/ava.h
new file mode 100644
index 00000000..c8570b90
--- /dev/null
+++ b/include/libaccess/ava.h
@@ -0,0 +1,40 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef _ava_h
+#define _ava_h
+
+#define ENTRIES_ALLOCSIZE 100
+#define ORGS_ALLOCSIZE    15
+
+
+#ifdef XP_WIN32
+#define NSAPI_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define NSAPI_PUBLIC
+#endif
+
+
+typedef struct {
+  char *email;
+  char *locality;
+  char *userid; 
+  char *state;
+  char *country;
+  char *company;
+  int numOrgs;
+  char **organizations;
+  char *CNEntry;
+} AVAEntry;
+
+typedef struct {
+  char *userdb;
+  int numEntries;
+  AVAEntry **enteredTable; 
+} AVATable;
+
+
+#endif
+
diff --git a/include/libaccess/avadb.h b/include/libaccess/avadb.h
new file mode 100644
index 00000000..bbb6c904
--- /dev/null
+++ b/include/libaccess/avadb.h
@@ -0,0 +1,15 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef _avadb_h_
+#define _avadb_h_
+
+#define USE_NSAPI 
+
+USE_NSAPI int   AddEntry    (char *key, char *value);
+USE_NSAPI int   DeleteEntry (char *key);
+USE_NSAPI char *GetValue    (char *key);
+
+#endif /*_avadb_h_*/
diff --git a/include/libaccess/avapfile.h b/include/libaccess/avapfile.h
new file mode 100644
index 00000000..4b60117c
--- /dev/null
+++ b/include/libaccess/avapfile.h
@@ -0,0 +1,59 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef _avaparsedfiles_h_
+#define _avaparsedfiles_h_
+
+#include "libaccess/ava.h"
+#include "frame/req.h"
+#include "base/session.h"
+
+#define AUTH_DB_FILE "AvaCertmap"
+#define AVADB_TAG    "avadb"
+#define AVA_DB_SEL   "ava_db_sel" /*Variable name used in
+				   *outputAVAdbs
+				   */
+
+
+extern void outputAVAdbs (char *chosen); /*Outputs the selector of auth databases
+					  *and makes it so that the form submits 
+					  *when onChange event occurs. 
+					  */
+
+
+/*For the following 3 functions, enter the full path of 
+ *ava database file includint tag and filename
+ */
+/*Before calling _getTable, initializa yy_sn and yy_rq.  Set to NULL if no
+ *Session* or Request* variables exist and an error will be reported with 
+ *function report_error(libamin.h).  Otherwise error will be logged into
+ *the server's error log
+ */
+extern AVATable *_getTable (char *avadbfile);
+extern AVATable *_wasParsed (char *avadbfile);/*Assumes a call to yyparse was just
+					       *completed
+					       */
+extern int _hasBeenParsed (char *avadbfile);/*Check if _getTable returns NULL or not*/
+
+extern AVAEntry* _getAVAEntry (char *groupid, AVATable *table);
+extern AVAEntry* _deleteAVAEntry (char *groupid, AVATable *table);
+extern void _addAVAtoTable (AVAEntry *entry, AVATable *table);
+extern void AVAEntry_Free (AVAEntry *entry);
+
+/*Functions for writing out files*/
+extern void PrintHeader (FILE *outfile);
+extern void writeOutFile (char *avadbfilename, AVATable *table);
+
+
+extern int yyparse();
+extern FILE *yyin;
+
+extern char *currFile;
+
+extern Session *yy_sn;
+extern Request *yy_rq;
+
+
+#endif /*_avaparsedfiles_h_*/
diff --git a/include/libaccess/dbtlibaccess.h b/include/libaccess/dbtlibaccess.h
new file mode 100644
index 00000000..f1eb420f
--- /dev/null
+++ b/include/libaccess/dbtlibaccess.h
@@ -0,0 +1,161 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#define LIBRARY_NAME "libaccess"
+
+static char dbtlibaccessid[] = "$DBT: libaccess referenced v1 $";
+
+#include "i18n.h"
+
+BEGIN_STR(libaccess)
+	ResDef( DBT_LibraryID_, -1, dbtlibaccessid )/* extracted from dbtlibaccess.h*/
+	ResDef( DBT_basicNcsa_, 1, "basic-ncsa" )/*extracted from userauth.cpp*/
+	ResDef( DBT_cannotOpenDatabaseS_, 2, "cannot open database %s" )/*extracted from userauth.cpp*/
+	ResDef( DBT_basicNcsa_1, 3, "basic-ncsa" )/*extracted from userauth.cpp*/
+	ResDef( DBT_userSPasswordDidNotMatchDatabase_, 4, "user %s password did not match database %s" )/*extracted from userauth.cpp*/
+	ResDef( DBT_basicNcsa_2, 5, "basic-ncsa" )/*extracted from userauth.cpp*/
+	ResDef( DBT_cannotOpenConnectionToLdapServer_, 6, "cannot open connection to LDAP server on %s:%d" )/*NOT USED - extracted from userauth.cpp*/
+	ResDef( DBT_basicNcsa_3, 7, "basic-ncsa" )/*extracted from userauth.cpp*/
+	ResDef( DBT_userSPasswordDidNotMatchLdapOnSD_, 8, "user %s password did not match LDAP on %s:%d" )/*NOT USED - extracted from userauth.cpp*/
+	ResDef( DBT_aclState_, 9, "acl-state" )/*extracted from userauth.cpp*/
+	ResDef( DBT_missingRealm_, 10, "missing realm" )/*extracted from userauth.cpp*/
+	ResDef( DBT_unableToAllocateAclListHashN_, 11, "Unable to allocate ACL List Hash\n" )/*extracted from cache.cpp*/
+	ResDef( DBT_aclevalbuildcontextUnableToPermM_, 12, "ACLEvalBuildContext unable to PERM_MALLOC cache structure\n" )/*extracted from eval.cpp*/
+	ResDef( DBT_aclevalbuildcontextUnableToCreat_, 13, "ACLEvalBuildContext unable to create hash table\n" )/*extracted from eval.cpp*/
+	ResDef( DBT_aclevalbuildcontextUnableToAlloc_, 14, "ACLEvalBuildContext unable to allocate ACE Entry\n" )/*extracted from eval.cpp*/
+	ResDef( DBT_aclevalbuildcontextUnableToAlloc_1, 15, "ACLEvalBuildContext unable to allocate ACE entry\n" )/*extracted from eval.cpp*/
+	ResDef( DBT_aclevalbuildcontextUnableToAlloc_2, 16, "ACLEvalBuildContext unable to allocate Boundary Entry\n" )/*extracted from eval.cpp*/
+	ResDef( DBT_aclevalbuildcontextFailedN_, 17, "ACLEvalBuildContext failed.\n" )/*extracted from eval.cpp*/
+	ResDef( DBT_aclEvaltestrightsAnInterimAbsolu_, 18, "ACL_EvalTestRights: an interim, absolute non-allow value was encountered. right=%s, value=%d\n" )/*NOT USED - extracted from eval.cpp*/
+	ResDef( DBT_lasdnsbuildUnableToAllocateHashT_, 19, "LASDnsBuild unable to allocate hash table header\n" )/*extracted from lasdns.cpp*/
+	ResDef( DBT_lasdnsbuildUnableToAddKeySN_, 20, "LASDnsBuild unable to add key %s\n" )/*extracted from lasdns.cpp*/
+	ResDef( DBT_lasdnsbuildUnableToAddKeySN_1, 21, "LASDnsBuild unable to add key %s\n" )/*extracted from lasdns.cpp*/
+	ResDef( DBT_lasdnsbuildUnableToAddKeySN_2, 22, "LASDnsBuild unable to add key %s\n" )/*extracted from lasdns.cpp*/
+	ResDef( DBT_lasdnsbuildUnableToAddKeySN_3, 23, "LASDnsBuild unable to add key %s\n" )/*extracted from lasdns.cpp*/
+	ResDef( DBT_lasdnsbuildUnableToAddKeySN_4, 24, "LASDnsBuild unable to add key %s\n" )/*extracted from lasdns.cpp*/
+	ResDef( DBT_lasDnsBuildReceivedRequestForAtt_, 25, "LAS DNS build received request for attribute %s\n" )/*extracted from lasdns.cpp*/
+	ResDef( DBT_lasdnsevalIllegalComparatorDN_, 26, "LASDnsEval - illegal comparator %s\n" )/*extracted from lasdns.cpp*/
+	ResDef( DBT_lasdnsevalUnableToAllocateContex_, 27, "LASDnsEval unable to allocate Context struct\n\n" )/*extracted from lasdns.cpp*/
+	ResDef( DBT_lasdnsevalUnableToGetSessionAddr_, 28, "LASDnsEval unable to get session address %d\n" )/*NOT USED - extracted from lasdns.cpp*/
+	ResDef( DBT_lasdnsevalUnableToGetDnsErrorDN_, 29, "LASDnsEval unable to get DNS - error=%s\n" )/*extracted from lasdns.cpp*/
+	ResDef( DBT_lasGroupEvalReceivedRequestForAt_, 30, "LAS Group Eval received request for attribute %s\n" )/*extracted from lasgroup.cpp*/
+	ResDef( DBT_lasgroupevalIllegalComparatorDN_, 31, "LASGroupEval - illegal comparator %s\n" )/*extracted from lasgroup.cpp*/
+	ResDef( DBT_lasgroupevalRanOutOfMemoryN_, 32, "LASGroupEval - ran out of memory\n" )/*extracted from lasgroup.cpp*/
+	ResDef( DBT_lasgroupevalUnableToGetSessionAd_, 33, "LASGroupEval unable to get session address %d\n" )/*NOT USED - extracted from lasgroup.cpp*/
+	ResDef( DBT_lasgroupevalUnableToGetSessionAd_1, 34, "LASGroupEval unable to get session address %d\n" )/*NOT USED - extracted from lasgroup.cpp*/
+	ResDef( DBT_lasgroupevalCouldnTLocateGetterF_, 35, "LASGroupEval - couldn't locate getter for auth-user\n" )/*extracted from lasgroup.cpp*/
+	ResDef( DBT_lasgroupevalAttributeGetterForAu_, 36, "LASGroupEval - Attribute getter for auth-user failed\n" )/*extracted from lasgroup.cpp*/
+	ResDef( DBT_lasgroupevalAttributeGetterDidnT_, 37, "LASGroupEval - Attribute getter didn't set auth-user\n" )/*extracted from lasgroup.cpp*/
+	ResDef( DBT_checkGroupMembershipOfUserSForGr_, 38, "Check group membership of user \"%s\" for group \"%s\"\n" )/*extracted from lasgroup.cpp*/
+	ResDef( DBT_ldapuSuccessForGroupSN_, 39, "LDAPU_SUCCESS for group \"%s\"\n" )/*extracted from lasgroup.cpp*/
+	ResDef( DBT_ldapuFailedForGroupSN_, 40, "LDAPU_FAILED for group \"%s\"\n" )/*extracted from lasgroup.cpp*/
+	ResDef( DBT_lasEvalFalseN_, 41, "LAS_EVAL_FALSE\n" )/*extracted from lasgroup.cpp*/
+	ResDef( DBT_lasEvalTrueN_, 42, "LAS_EVAL_TRUE\n" )/*extracted from lasgroup.cpp*/
+	ResDef( DBT_lasiptreeallocNoMemoryN_, 43, "LASIpTreeAlloc - no memory\n" )/*extracted from lasip.cpp*/
+	ResDef( DBT_ipLasUnableToAllocateTreeNodeN_, 44, "IP LAS unable to allocate tree node\n" )/*extracted from lasip.cpp*/
+	ResDef( DBT_ipLasUnableToAllocateTreeNodeN_1, 45, "IP LAS unable to allocate tree node\n" )/*extracted from lasip.cpp*/
+	ResDef( DBT_lasIpBuildReceivedRequestForAttr_, 46, "LAS IP build received request for attribute %s\n" )/*extracted from lasip.cpp*/
+	ResDef( DBT_lasipevalIllegalComparatorDN_, 47, "LASIpEval - illegal comparator %s\n" )/*extracted from lasip.cpp*/
+	ResDef( DBT_lasipevalUnableToGetSessionAddre_, 48, "LASIpEval unable to get session address - error=%s\n" )/*extracted from lasip.cpp*/
+	ResDef( DBT_lasipevalUnableToAllocateContext_, 49, "LASIpEval unable to allocate Context struct\n\n" )/*extracted from lasip.cpp*/
+	ResDef( DBT_lasipevalReach32BitsWithoutConcl_, 50, "LASIpEval - reach 32 bits without conclusion value=%s" )/*extracted from lasip.cpp*/
+	ResDef( DBT_lasProgramEvalReceivedRequestFor_, 51, "LAS Program Eval received request for attribute %s\n" )/*extracted from lasprogram.cpp*/
+	ResDef( DBT_lasprogramevalIllegalComparatorD_, 52, "LASProgramEval - illegal comparator %s\n" )/*extracted from lasprogram.cpp*/
+	ResDef( DBT_lasprogramUnableToGetSessionAddr_, 53, "LASProgram unable to get session address %d\n" )/*NOT USED - extracted from lasprogram.cpp*/
+	ResDef( DBT_bin_, 54, "bin" )/*extracted from lasprogram.cpp*/
+	ResDef( DBT_lasprogramevalRequestNotOfTypeAd_, 55, "LASProgramEval: request not of type admin or bin, passing.\n" )/*extracted from lasprogram.cpp*/
+	ResDef( DBT_lasprogramevalCheckIfProgramSMat_, 56, "LASProgramEval: check if program %s matches pattern %s.\n" )/*extracted from lasprogram.cpp*/
+	ResDef( DBT_lasprogramevalInvalidWildcardExp_, 57, "LASProgramEval: Invalid wildcard expression %s.\n" )/*extracted from lasprogram.cpp*/
+	ResDef( DBT_lasEvalFalseN_1, 58, "LAS_EVAL_FALSE\n" )/*extracted from lasprogram.cpp*/
+	ResDef( DBT_lasEvalTrueN_1, 59, "LAS_EVAL_TRUE\n" )/*extracted from lasprogram.cpp*/
+	ResDef( DBT_unexpectedAttributeInDayofweekSN_, 60, "Unexpected attribute in dayOfWeek - %s\n" )/*extracted from lastod.cpp*/
+	ResDef( DBT_illegalComparatorForDayofweekDN_, 61, "Illegal comparator for dayOfWeek - %s\n" )/*extracted from lastod.cpp*/
+	ResDef( DBT_unexpectedAttributeInTimeofdaySN_, 62, "Unexpected attribute in timeOfDay - %s\n" )/*extracted from lastod.cpp*/
+	ResDef( DBT_lasUserEvalReceivedRequestForAtt_, 63, "LAS User Eval received request for attribute %s\n" )/*extracted from lasuser.cpp*/
+	ResDef( DBT_lasuserevalIllegalComparatorDN_, 64, "LASUserEval - illegal comparator %s\n" )/*extracted from lasuser.cpp*/
+	ResDef( DBT_lasuserevalRanOutOfMemoryN_, 65, "LASUserEval - ran out of memory\n" )/*extracted from lasuser.cpp*/
+	ResDef( DBT_lasuserevalUnableToGetSessionAdd_, 66, "LASUserEval unable to get session address %d\n" )/*NOT USED - extracted from lasuser.cpp*/
+	ResDef( DBT_lasuserevalUnableToGetSessionAdd_1, 67, "LASUserEval unable to get session address %d\n" )/*NOT USED - extracted from lasuser.cpp*/
+	ResDef( DBT_lasgroupevalCouldnTLocateGetterF_1, 68, "LASGroupEval - couldn't locate getter for auth-user\n" )/*extracted from lasuser.cpp*/
+	ResDef( DBT_lasgroupevalAttributeGetterForAu_1, 69, "LASGroupEval - Attribute getter for auth-user failed\n" )/*extracted from lasuser.cpp*/
+	ResDef( DBT_lasgroupevalAttributeGetterDidnT_1, 70, "LASGroupEval - Attribute getter didn't set auth-user\n" )/*extracted from lasuser.cpp*/
+	ResDef( DBT_checkIfUidUserIECheckSSN_, 71, "Check if uid == user (i.e. check \"%s\" == \"%s)\"\n" )/*extracted from lasuser.cpp*/
+	ResDef( DBT_successForUserSN_, 72, "SUCCESS for user \"%s\"\n" )/*extracted from lasuser.cpp*/
+	ResDef( DBT_failedForUserSN_, 73, "FAILED for user \"%s\"\n" )/*extracted from lasuser.cpp*/
+	ResDef( DBT_lasEvalFalseN_2, 74, "LAS_EVAL_FALSE\n" )/*extracted from lasuser.cpp*/
+	ResDef( DBT_lasEvalTrueN_2, 75, "LAS_EVAL_TRUE\n" )/*extracted from lasuser.cpp*/
+	ResDef( DBT_Unused76, 76, "")
+	ResDef( DBT_lasProgramUnableToGetRequest_, 77, "LASProgram unable to get request address - error=%s" ) /*extracted from lasprogram.cpp*/
+	ResDef( DBT_lasProgramRejectingRequestForProgram_, 78, "LASProgram rejecting request for program %s from pattern %s" ) /*extracted from lasprogram.cpp*/
+	ResDef( DBT_aclcacheflushCannotParseFile, 79, "ACL_CacheFlush: unable to parse file \"%s\"\n" )
+	ResDef( DBT_aclcacheflushCannotConcatList, 80, "ACL_CacheFlush: unable to concatenate ACL list \"%s\"\n" )
+	ResDef( DBT_aclcacheflushCannotOpenMagnus, 81, "ACL_CacheFlush: unable to open and process the magnus file \"%s\"\n" )
+	ResDef( DBT_illegalComparatorForTimeOfDayDN_, 82, "Illegal comparator for timeOfDay - %s\n" )/*extracted from lastod.cpp*/
+	ResDef( DBT_EvalBuildContextUnableToCreateHash, 83, "ACL_EvalBuildContext unable to create hash table\n")
+	ResDef( DBT_EvalBuildContextUnableToAllocCache, 84, "ACL_EvalBuildContext unable to PERM_CALLOC cache structure\n")
+	ResDef( DBT_EvalBuildContextUnableToAllocAceEntry, 85, "ACL_EvalBuildContext unable to allocate ACE entry\n")
+	ResDef( DBT_EvalBuildContextUnableToAllocAuthPointerArray, 86, "ACL_EvalBuildContext unable to allocate auth pointer array\n")
+	ResDef( DBT_EvalBuildContextUnableToAllocAuthPlist, 87, "ACL_EvalBuildContext unable to allocate auth plist\n")
+	ResDef( DBT_EvalTestRightsInterimAbsoluteNonAllowValue, 88, "ACL_EvalTestRights: an interim, absolute non-allow value was encountered. right=%s, value=%s\n")
+	ResDef( DBT_EvalTestRightsEvalBuildContextFailed, 89, "ACL_INTEvalTestRights: call to ACL_EvalBuildContext returned failure status\n")
+	ResDef( DBT_ModuleRegisterModuleNameMissing, 90, "ACL_ModuleRegister: module name is missing\n")
+	ResDef( DBT_ModuleRegisterFailed, 91, "ACL_ModuleRegister: call to module init function returned a failed status\n")
+	ResDef( DBT_GetAttributeCouldntDetermineMethod, 92, "ACL_GetAttribute: couldn't determine method for %s\n")
+	ResDef( DBT_GetAttributeCouldntLocateGetter, 93,  "ACL_GetAttribute: couldn't locate getter for %s")
+	ResDef( DBT_GetAttributeDidntGetAttr, 94, "ACL_GetAttribute: attr getter failed to get %s")
+	ResDef( DBT_GetAttributeDidntSetAttr, 95, "ACL_GetAttribute: attr getter failed to get %s")
+	ResDef( DBT_GetAttributeAllGettersDeclined, 96, "ACL_GetAttribute: All attribute getters declined for attr %s")
+	ResDef( DBT_DbtypeNoteDefinedYet, 97, "ACL_DatabaseRegister: dbtype for database \"%s\" is not defined yet!")
+	ResDef( DBT_DatabaseRegisterDatabaseNameMissing, 98, "ACL_DatabaseRegister: database name is missing")
+	ResDef( DBT_ReadDbMapFileErrorReadingFile, 99,  "Error reading the DB Map File: %s. Reason: %s")
+	ResDef( DBT_ReadDbMapFileMissingUrl, 100, "URL is missing for database %s")
+	ResDef( DBT_ReadDbMapFileInvalidPropertyPair, 101,  "Invalid property value pair for database %s")
+	ResDef( DBT_ReadDbMapFileDefaultDatabaseNotLdap, 102,  "\"default\" database must be an LDAP database")
+	ResDef( DBT_ReadDbMapFileMultipleDefaultDatabases, 103, "Multiple \"default\" databases are being registered")
+	ResDef( DBT_ReadDbMapFileMissingDefaultDatabase, 104, "\"default\" LDAP database must be registered")
+	ResDef( DBT_lasGroupEvalUnableToGetDatabaseName, 105, "LASGroupEval unable to get database name - error= %s")
+	ResDef( DBT_lasProgramReceivedInvalidProgramExpression, 106, "received invalid program expression %s")
+	ResDef( DBT_ldapaclDatabaseUrlIsMissing, 107, "parse_ldap_url: database url is missing")
+	ResDef( DBT_ldapaclDatabaseNameIsMissing, 108, "parse_ldap_url: database name is missing")
+ 	ResDef( DBT_ldapaclErrorParsingLdapUrl, 109, "parse_ldap_url: error in parsing ldap url. Reason: %s")
+	ResDef( DBT_ldapaclUnableToGetDatabaseName, 110,  "ldap password check: unable to get database name - error=%s")
+	ResDef( DBT_ldapaclUnableToGetParsedDatabaseName, 111, "ldap password check: unable to get parsed database %s")
+	ResDef( DBT_ldapaclCoudlntInitializeConnectionToLdap, 112, "ldap password check: couldn't initialize connection to LDAP. Reason: %s")
+	ResDef( DBT_ldapaclPassworkCheckLdapError, 113, "ldap password check: LDAP error: \"%s\"")
+	ResDef( DBT_GetUserIsMemberLdapUnabelToGetDatabaseName, 114, "get_user_ismember_ldap unable to get database name - error=%s")
+	ResDef( DBT_GetUserIsMemberLdapUnableToGetParsedDatabaseName, 115, "get_user_ismember_ldap unable to get parsed database %s")
+	ResDef( DBT_GetUserIsMemberLdapCouldntInitializeConnectionToLdap, 116, "ldap password check: couldn't initialize connection to LDAP. Reason: %s")
+	ResDef( DBT_GetUserIsMemberLdapGroupDoesntExist, 117, "get_user_ismember_ldap: group %s does not exist")
+	ResDef( DBT_GetUserIsMemberLdapError, 118, "get_user_ismember_ldap: LDAP error: \"%s\"")
+	ResDef( DBT_LdapDatabaseHandleNotARegisteredDatabase, 119, "ACL_LDAPDatabaseHandle: %s is not a registered database")
+	ResDef( DBT_LdapDatabaseHandleNotAnLdapDatabase, 120, "ACL_LDAPDatabaseHandle: %s is not an LDAP database")
+	ResDef( DBT_LdapDatabaseHandleOutOfMemory, 121, "ACL_LDAPDatabaseHandle: out of memory")
+	ResDef( DBT_LdapDatabaseHandleCouldntInitializeConnectionToLdap, 122, "ACL_LDAPDatabaseHandle: couldn't initialize connection to LDAP. Reason: %s")
+	ResDef(  DBT_LdapDatabaseHandleCouldntBindToLdapServer, 123,  "ACL_LDAPDatabaseHandle: couldn't bind to LDAP server. Reason: %s")
+	ResDef( DBT_AclerrfmtAclerrnomem, 124, "insufficient dynamic memory")
+	ResDef( DBT_AclerrfmtAclerropen, 125, "error opening file, %s: %s")
+	ResDef( DBT_AclerrfmtAclerrdupsym1, 126, "duplicate definition of %s")
+	ResDef( DBT_AclerrfmtAclerrdupsym3, 127,  "file %s, line %s: duplicate definition of %s")
+	ResDef( DBT_AclerrfmtAclerrsyntax, 128, "file %s, line %s: syntax error")
+	ResDef( DBT_AclerrfmtAclerrundef, 129, "file %s, line %s: %s is undefined")
+	ResDef( DBT_AclerrfmtAclaclundef, 130, "in acl %s, %s %s is undefined")
+	ResDef( DBT_AclerrfmtAclerradb, 131, "database %s: error accessing %s")
+	ResDef( DBT_AclerrfmtAclerrparse1, 132, "%s")
+	ResDef( DBT_AclerrfmtAclerrparse2, 133, "file %s, line %s: invalid syntax")
+	ResDef( DBT_AclerrfmtAclerrparse3, 134, "file %s, line %s: syntax error at \"%s\"")
+	ResDef( DBT_AclerrfmtAclerrnorlm, 135, "realm %s is not defined")
+	ResDef( DBT_AclerrfmtUnknownerr, 136, "error code = %d")
+	ResDef( DBT_AclerrfmtAclerrinternal, 137, "internal ACL error")
+	ResDef( DBT_AclerrfmtAclerrinval, 138, "invalid argument")
+	ResDef( DBT_DbtypeNotDefinedYet, 139, "ACL_DatabaseRegister: dbtype for database \"%s\" is not defined yet!")
+	ResDef( DBT_ReadDbMapFileCouldntDetermineDbtype, 140, "couldn't determine dbtype from: %s")
+	ResDef( DBT_ReadDbMapFileRegisterDatabaseFailed, 141,  "Failed to register database %s")
+	ResDef( DBT_AclerrfmtAclerrfail, 142, "ACL call returned failed status")
+	ResDef( DBT_AclerrfmtAclerrio, 143, "file %s: ACL IO error - %s")
+	ResDef( DBT_AclUserExistsOutOfMemory, 144, "acl_user_exists: out of memory")
+	ResDef( DBT_AclUserExistsNot, 145, "acl_user_exists: user doesn't exist anymore")
+	ResDef( DBT_AclUserPlistError, 146, "acl_user_exists: plist error")
+END_STR(libaccess)
diff --git a/include/libaccess/dnfstruct.h b/include/libaccess/dnfstruct.h
new file mode 100644
index 00000000..d1ab28a3
--- /dev/null
+++ b/include/libaccess/dnfstruct.h
@@ -0,0 +1,51 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef __dnfstruct_h
+#define __dnfstruct_h
+
+/*
+ * Description (dnfstruct_h)
+ *
+ *	This file defines types and structures used to represent a DNS
+ *	name filter in memory.  A DNS name filter contains specifications
+ *	of fully or partially qualified DNS names.  Each of these
+ *	specifications can be associated with whatever information is
+ *	appropriate for a particular use of a DNS name filter.
+ */
+
+#include "nspr.h"
+#include "plhash.h"
+
+NSPR_BEGIN_EXTERN_C
+
+/*
+ * Description (DNSLeaf_t)
+ *
+ *	This type describes the structure of information associated with
+ *	an entry in a DNS filter.  The filter itself is implemented as a
+ *	hash table, keyed by the DNS name specification string.  The
+ *	value associated with a key is a pointer to a DNSLeaf_t structure.
+ */
+
+typedef struct DNSLeaf_s DNSLeaf_t;
+struct DNSLeaf_s {
+    PLHashEntry dnl_he;		/* NSPR hash table entry */
+};
+
+#define dnl_next dnl_he.next		/* hash table collision link */
+#define dnl_keyhash dnl_he.keyHash	/* symbol hash value */
+#define dnl_key dnl_he.key		/* pointer to Symbol_t structure */
+#define dnl_ref dnl_he.value		/* pointer to named structure */
+
+typedef struct DNSFilter_s DNSFilter_t;
+struct DNSFilter_s {
+    DNSFilter_t * dnf_next;	/* link to next filter */
+    void * dnf_hash;		/* pointer to constructed hash table */
+};
+
+NSPR_END_EXTERN_C
+
+#endif /* __dnfstruct_h */
diff --git a/include/libaccess/ipfstruct.h b/include/libaccess/ipfstruct.h
new file mode 100644
index 00000000..acb0349e
--- /dev/null
+++ b/include/libaccess/ipfstruct.h
@@ -0,0 +1,81 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef __ipfstruct_h
+#define __ipfstruct_h
+
+/*
+ * Description (ipfstruct.h)
+ *
+ *	This file defines types and structures used to represent an
+ *	IP address filter in memory.  An IP address filter contains
+ *	specifications of IP host and network addresses.  Each of
+ *	these specifications can be associated with whatever information
+ *	is appropriate for a particular use of an IP address filter.
+ */
+
+/* Define a scalar IP address value */
+#ifndef __IPADDR_T_
+#define __IPADDR_T_
+typedef unsigned long IPAddr_t;
+#endif /* __IPADDR_T_ */
+
+/*
+ * Description (IPNode_t)
+ *
+ * This type describes an internal node in the radix tree.  An internal
+ * node has a link up the tree to its parent, and up to three links
+ * down the tree to its descendants.  Each internal node is used to
+ * test a particular bit in a given IP address, and traverse down the
+ * tree in a direction which depends on whether the bit is set, clear,
+ * or masked out.  The descendants of an internal node may be internal
+ * nodes or leaf nodes (IPLeaf_t).
+ */
+
+/* Define indices of links in an IPNode_t */
+#define IPN_CLEAR	0	/* link to node with ipn_bit clear */
+#define IPN_SET		1	/* link to node with ipn_bit set */
+#define IPN_MASKED	2	/* link to node with ipn_bit masked out */
+#define IPN_NLINKS	3	/* number of links */
+
+typedef struct IPNode_s IPNode_t;
+struct IPNode_s {
+    char ipn_type;		/* node type */
+#define IPN_LEAF	0	/* leaf node */
+#define IPN_NODE	1	/* internal node */
+
+    char ipn_bit;		/* bit number (31-0) to test */
+    IPNode_t * ipn_parent;	/* link to parent node */
+    IPNode_t * ipn_links[IPN_NLINKS];	
+};
+
+/* Helper definitions */
+#define ipn_clear	ipn_links[IPN_CLEAR]
+#define ipn_set		ipn_links[IPN_SET]
+#define ipn_masked	ipn_links[IPN_MASKED]
+
+/*
+ * Description (IPLeaf_t)
+ *
+ * This type describes a leaf node in the radix tree.  A leaf node
+ * contains an IP host or network address, and a network mask.  A
+ * given IP address matches a leaf node if the IP address, when masked
+ * by ipl_netmask, equals ipl_ipaddr.
+ */
+
+typedef struct IPLeaf_s IPLeaf_t;
+struct IPLeaf_s {
+    char ipl_type;		/* see ipn_type in IPNode_t */
+    IPAddr_t ipl_netmask;	/* IP network mask */
+    IPAddr_t ipl_ipaddr;	/* IP address of host or network */
+};
+
+typedef struct IPFilter_s IPFilter_t;
+struct IPFilter_s {
+    IPFilter_t * ipf_next;	/* link to next filter */
+    IPNode_t * ipf_tree;	/* pointer to radix tree structure */
+};
+
+#endif /* __ipfstruct_h */
diff --git a/include/libaccess/las.h b/include/libaccess/las.h
new file mode 100644
index 00000000..252e3619
--- /dev/null
+++ b/include/libaccess/las.h
@@ -0,0 +1,184 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef ACL_LAS_HEADER
+#define ACL_LAS_HEADER
+
+#ifndef NOINTNSACL
+#define INTNSACL
+#endif /* !NOINTNSACL */
+
+/* #include <prhash.h>  */
+#include <plhash.h> 
+#include <prclist.h>
+
+#include <base/pblock.h>
+#include <base/plist.h>
+#include <libaccess/nserror.h>
+#include <libaccess/acl.h>
+
+#ifndef PUBLIC_NSACL_ACLDEF_H
+#include "public/nsacl/acldef.h"
+#endif /* !PUBLIC_NSACL_ACLDEF_H */
+
+#define	ACL_MAX_METHOD		32
+#define	ACL_MAX_DBTYPE		32
+
+struct ACLAttrGetter {
+	PRCList			list;	/* must be first */
+	ACLMethod_t		method;
+	ACLDbType_t		dbtype;
+	ACLAttrGetterFn_t	fn;
+	void			*arg;
+};
+
+NSPR_BEGIN_EXTERN_C
+
+NSAPI_PUBLIC extern int
+	ACL_LasRegister(NSErr_t *errp, char *attr_name, LASEvalFunc_t
+	eval_func, LASFlushFunc_t flush_func);
+NSAPI_PUBLIC extern int
+	ACL_LasFindEval(NSErr_t *errp, char *attr_name, LASEvalFunc_t
+	*eval_funcp);
+NSAPI_PUBLIC extern int
+	ACL_LasFindFlush(NSErr_t *errp, char *attr_name, LASFlushFunc_t
+	*flush_funcp);
+extern void
+	ACL_LasHashInit(void);
+extern void
+	ACL_LasHashDestroy(void);
+
+/*
+ *	Revised, normalized method/dbtype registration routines
+ */
+NSAPI_PUBLIC extern int
+	ACL_MethodRegister(NSErr_t *errp, const char *name, ACLMethod_t *t);
+NSAPI_PUBLIC extern int
+	ACL_MethodIsEqual(NSErr_t *errp, const ACLMethod_t t1, const ACLMethod_t t2);
+NSAPI_PUBLIC extern int
+	ACL_MethodNameIsEqual(NSErr_t *errp, const ACLMethod_t t, const char *name);
+NSAPI_PUBLIC extern int
+	ACL_MethodFind(NSErr_t *errp, const char *name, ACLMethod_t *t);
+NSAPI_PUBLIC extern ACLMethod_t
+	ACL_MethodGetDefault(NSErr_t *errp);
+NSAPI_PUBLIC extern int
+	ACL_MethodSetDefault(NSErr_t *errp, const ACLMethod_t t);
+NSAPI_PUBLIC extern int
+	ACL_AuthInfoGetMethod(NSErr_t *errp, PList_t auth_info, ACLMethod_t *t);
+NSAPI_PUBLIC extern int
+	ACL_AuthInfoSetMethod(NSErr_t *errp, PList_t auth_info, ACLMethod_t t);
+NSAPI_PUBLIC extern int
+	ACL_DbTypeRegister(NSErr_t *errp, const char *name, DbParseFn_t func, ACLDbType_t *t);
+NSAPI_PUBLIC extern int
+	ACL_DbTypeIsEqual(NSErr_t *errp, const ACLDbType_t t1, const ACLDbType_t t2);
+NSAPI_PUBLIC extern int
+	ACL_DbTypeNameIsEqual(NSErr_t *errp, const ACLDbType_t t, const char *name);
+NSAPI_PUBLIC extern int
+	ACL_DbTypeFind(NSErr_t *errp, const char *name, ACLDbType_t *t);
+NSAPI_PUBLIC extern ACLDbType_t
+	ACL_DbTypeGetDefault(NSErr_t *errp);
+NSAPI_PUBLIC extern const char *
+	ACL_DatabaseGetDefault(NSErr_t *errp);
+NSAPI_PUBLIC extern int
+	ACL_DatabaseSetDefault(NSErr_t *errp, const char *dbname);
+NSAPI_PUBLIC extern int
+	ACL_AuthInfoGetDbType(NSErr_t *errp, PList_t auth_info, ACLDbType_t *t);
+NSAPI_PUBLIC extern int
+	ACL_DbTypeIsRegistered(NSErr_t *errp, const ACLDbType_t dbtype);
+NSAPI_PUBLIC extern int
+	ACL_AttrGetterRegister(NSErr_t *errp, const char *attr,
+                               ACLAttrGetterFn_t fn, ACLMethod_t m,
+                               ACLDbType_t d, int position, void *arg);
+
+extern ACLDbType_t ACL_DbTypeLdap;
+
+NSAPI_PUBLIC extern int
+	ACL_DbTypeSetDefault(NSErr_t *errp, ACLDbType_t t);
+NSAPI_PUBLIC extern DbParseFn_t
+	ACL_DbTypeParseFn(NSErr_t *errp, const ACLDbType_t dbtype);
+NSAPI_PUBLIC extern int
+	ACL_AttrGetterFind(NSErr_t *errp, const char *attr,
+			   ACLAttrGetterList_t *getters);
+NSAPI_PUBLIC extern ACLAttrGetter_t *
+	ACL_AttrGetterFirst(ACLAttrGetterList_t *getters);
+NSAPI_PUBLIC extern ACLAttrGetter_t *
+	ACL_AttrGetterNext(ACLAttrGetterList_t *getters,
+			   ACLAttrGetter_t *last);
+
+/* typedef PRHashTable AttrGetterTable_t; */
+typedef PLHashTable AttrGetterTable_t;
+
+typedef struct {
+    char *method;
+    char *authtype;
+    char *dbtype;
+    AttrGetterTable_t *attrGetters;
+} MethodInfo_t;
+
+NSAPI_PUBLIC int ACL_ModuleRegister (NSErr_t *errp, const char *moduleName, AclModuleInitFunc func);
+
+NSAPI_PUBLIC int ACL_GetAttribute(NSErr_t *errp, const char *attr, void **val, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth);
+
+NSAPI_PUBLIC int ACL_DatabaseRegister(NSErr_t *errp, ACLDbType_t dbtype, const char *dbname, const char *url, PList_t plist);
+
+NSAPI_PUBLIC int ACL_RegisterDbFromACL(NSErr_t *errp, const char *url, ACLDbType_t *dbtype);
+NSAPI_PUBLIC int ACL_DatabaseFind(NSErr_t *errp, const char *dbname,
+				  ACLDbType_t *dbtype, void **db);
+NSAPI_PUBLIC int ACL_LDAPDatabaseHandle (NSErr_t *errp,
+                                         const char *dbname, LDAP **ld,
+					 char **basedn);
+NSAPI_PUBLIC int ACL_AuthInfoGetDbname (PList_t auth_info, char **dbname);
+NSAPI_PUBLIC int ACL_AuthInfoSetDbname (NSErr_t *errp, PList_t auth_info,
+					const char *dbname);
+NSAPI_PUBLIC int ACL_CacheFlushRegister(AclCacheFlushFunc_t func);
+NSAPI_PUBLIC int ACL_SetDefaultResult (NSErr_t *errp,
+				       ACLEvalHandle_t *acleval,
+				       int result);
+NSAPI_PUBLIC int ACL_GetDefaultResult (ACLEvalHandle_t *acleval);
+
+struct program_groups {
+	char *type;
+	char **groups;
+	char **programs;
+};
+
+extern int LASTimeOfDayEval(NSErr_t *errp, char *attribute, CmpOp_t comparator,
+			char *pattern, ACLCachable_t *cachable, void **las_cookie,
+			PList_t subject, PList_t resource, PList_t auth_info,
+			PList_t global_auth);
+extern int LASDayOfWeekEval(NSErr_t *errp, char *attribute, CmpOp_t comparator,
+			char *pattern, ACLCachable_t *cachable, void **las_cookie,
+			PList_t subject, PList_t resource, PList_t auth_info,
+			PList_t global_auth);
+extern int LASIpEval(NSErr_t *errp, char *attribute, CmpOp_t comparator,
+			char *pattern, ACLCachable_t *cachable, void **las_cookie,
+			PList_t subject, PList_t resource, PList_t auth_info,
+			PList_t global_auth);
+extern int LASDnsEval(NSErr_t *errp, char *attribute, CmpOp_t comparator,
+			char *pattern, ACLCachable_t *cachable, void **las_cookie,
+			PList_t subject, PList_t resource, PList_t auth_info,
+			PList_t global_auth);
+extern int LASGroupEval(NSErr_t *errp, char *attribute, CmpOp_t comparator,
+			char *pattern, ACLCachable_t *cachable, void **las_cookie,
+			PList_t subject, PList_t resource, PList_t auth_info,
+			PList_t global_auth);
+extern int LASUserEval(NSErr_t *errp, char *attribute, CmpOp_t comparator,
+			char *pattern, ACLCachable_t *cachable, void **las_cookie,
+			PList_t subject, PList_t resource, PList_t auth_info,
+			PList_t global_auth);
+extern int LASProgramEval(NSErr_t *errp, char *attribute, CmpOp_t comparator,
+			char *pattern, ACLCachable_t *cachable, void **las_cookie,
+			PList_t subject, PList_t resource, PList_t auth_info,
+			PList_t global_auth);
+
+extern void LASTimeOfDayFlush(void **cookie);
+extern void LASDayOfWeekFlush(void **cookie);
+extern void LASIpFlush(void **cookie);
+extern void LASDnsFlush(void **cookie);
+
+NSPR_END_EXTERN_C
+
+#endif	/* ACL_LAS_HEADER */
diff --git a/include/libaccess/ldapacl.h b/include/libaccess/ldapacl.h
new file mode 100644
index 00000000..94a00333
--- /dev/null
+++ b/include/libaccess/ldapacl.h
@@ -0,0 +1,62 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef ACL_AUTH_H
+#define ACL_AUTH_H
+
+#include <ldap.h>
+#include <base/plist.h>
+#include <ldaputil/ldapdb.h>
+#include <libaccess/nserror.h>
+
+NSPR_BEGIN_EXTERN_C
+
+extern void init_ldb_rwlock ();
+
+NSAPI_PUBLIC extern int parse_ldap_url (NSErr_t *errp, ACLDbType_t dbtype,
+					const char *name, const char *url,
+					PList_t plist, void **db);
+
+extern int get_is_valid_password_basic_ldap (NSErr_t *errp,
+					     PList_t subject,
+					     PList_t resource,
+					     PList_t auth_info,
+					     PList_t global_auth,
+					     void *arg);
+
+extern int get_user_ismember_ldap (NSErr_t *errp,
+				   PList_t subject,
+				   PList_t resource,
+				   PList_t auth_info,
+				   PList_t global_auth,
+				   void *arg);
+
+extern int get_userdn_ldap (NSErr_t *errp,
+			    PList_t subject,
+			    PList_t resource,
+			    PList_t auth_info,
+			    PList_t global_auth,
+			    void *arg);
+
+extern int ACL_NeedLDAPOverSSL();
+
+extern int acl_map_cert_to_user (NSErr_t *errp, const char *dbname,
+				 LDAPDatabase_t *ldb, void *cert,
+				 PList_t resource, pool_handle_t *pool,
+				 char **user, char **userdn);
+
+extern int get_user_exists_ldap (NSErr_t *errp, PList_t subject,
+				 PList_t resource, PList_t auth_info,
+				 PList_t global_auth, void *unused);
+
+NSAPI_PUBLIC extern int acl_user_exists (const char *user,
+					 const char *userdn,
+					 const char *dbname,
+					 const int logerr);
+
+NSPR_END_EXTERN_C
+
+#endif /* ACL_AUTH_H */
diff --git a/include/libaccess/nsadb.h b/include/libaccess/nsadb.h
new file mode 100644
index 00000000..07fb2ca2
--- /dev/null
+++ b/include/libaccess/nsadb.h
@@ -0,0 +1,87 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef __nsadb_h
+#define __nsadb_h
+
+/*
+ * Description (nsadb.h)
+ *
+ *	This file describes the interface for retrieving information
+ *	from a Netscape authentication database.  This facility is
+ *	built on top of the Netscape (server) database interface as
+ *	defined in nsdb.h.  It represents a subclass of a more general
+ *	authentication database interface defined in nsauth.h.
+ */
+
+#include "nserror.h"		/* error frame list support */
+#include "nsautherr.h"		/* authentication error codes */
+#include "nsauth.h"
+
+/* Begin private definitions */
+#ifdef __PRIVATE_NSADB
+
+#include "nsdb.h"
+
+#if defined(CLIENT_AUTH)
+#define ADBDBNAMES	3		/* number of named files */
+#else
+#define ADBDBNAMES	2		/* number of named files */
+#endif
+#define ADBUSERDBNAME	"Users"		/* name of user database */
+#define ADBGROUPDBNAME	"Groups"	/* name of group database */
+#if defined(CLIENT_AUTH)
+#define ADBCERTDBNAME	"Certs"		/* name of certificate mapping DB */
+#define ADBUMAPDBNAME	"Certs.nm"	/* name of mapped user names DB */
+#endif
+
+typedef struct AuthDB_s AuthDB_t;
+struct AuthDB_s {
+    char * adb_dbname;			/* database name */
+    void * adb_userdb;			/* handle for user database */
+    void * adb_groupdb;			/* handle for group database */
+#if defined(CLIENT_AUTH)
+    void * adb_certdb;			/* handle for cert mapping database */
+    void * adb_certlock;		/* lock for cert mapping database */
+    void * adb_certnm;			/* handle for username-to-certid DB */
+#endif
+    int adb_flags;			/* flags */
+};
+
+/* Definitions for adb_flags (also used on nsadbOpenXxxx() calls) */
+#define ADBF_NEW	0x1		/* newly created database */
+#define ADBF_UREAD	0x10		/* user database open for read */
+#define ADBF_UWRITE	0x20		/* user database open for write */
+#define ADBF_GREAD	0x100		/* group database open for read */
+#define ADBF_GWRITE	0x200		/* group database open for write */
+#define ADBF_CREAD	0x1000		/* cert database open for read */
+#define ADBF_CWRITE	0x2000		/* cert database open for write */
+#endif /* __PRIVATE_NSADB */
+
+NSPR_BEGIN_EXTERN_C
+
+/* Functions in nsadb.c */
+extern NSAPI_PUBLIC int nsadbOpen(NSErr_t * errp,
+				  char * adbname, int flags, void **rptr);
+extern NSAPI_PUBLIC void nsadbClose(void * authdb, int flags);
+extern NSAPI_PUBLIC int nsadbOpenUsers(NSErr_t * errp,
+				       void * authdb, int flags);
+extern NSAPI_PUBLIC int nsadbOpenGroups(NSErr_t * errp,
+					void * authdb, int flags);
+extern NSAPI_PUBLIC int nsadbIdToName(NSErr_t * errp, void * authdb,
+				      USI_t id, int flags, char **rptr);
+extern NSAPI_PUBLIC int nsadbFindByName(NSErr_t * errp, void * authdb,
+					char * name, int flags, void **rptr);
+
+#if defined(CLIENT_AUTH)
+#include "nscert.h"
+#endif
+
+/* Authentication database interface structure in nsadb.c */
+extern AuthIF_t NSADB_AuthIF;
+
+NSPR_END_EXTERN_C
+
+#endif /* __nsadb_h */
diff --git a/include/libaccess/nsamgmt.h b/include/libaccess/nsamgmt.h
new file mode 100644
index 00000000..c6b82ca4
--- /dev/null
+++ b/include/libaccess/nsamgmt.h
@@ -0,0 +1,122 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef __nsamgmt_h
+#define __nsamgmt_h
+
+/*
+ * Description (nsamgmt.h)
+ *
+ *	This file defines the interface for managing information in a
+ *	Netscape authentication database.  An authentication database
+ *	consists of a user database and a group database.  This
+ *	implementation of an authentication database based on Netscape
+ *	user and group databases defined in nsuser.h and nsgroup.h,
+ *	which in turn are based on the Netscape (server) database
+ *	implementation defined in nsdb.h.  The interface for retrieving
+ *	information from an authentication database is described
+ *	separately in nsadb.h.
+ */
+
+#include "nsadb.h"
+
+/* Flags used in enumeration call-back function return value */
+#define ADBF_KEEPOBJ	0x1		/* do not free user or group object */
+#define ADBF_STOPENUM	0x2		/* stop the enumeration */
+
+NSPR_BEGIN_EXTERN_C
+
+/* Functions in nsamgmt.c */
+NSAPI_PUBLIC extern int nsadbAddGroupToGroup(NSErr_t * errp, void * authdb,
+					     GroupObj_t * pgoptr,
+					     GroupObj_t * cgoptr);
+
+NSAPI_PUBLIC extern int nsadbAddUserToGroup(NSErr_t * errp, void * authdb,
+					    GroupObj_t * goptr,
+					    UserObj_t * uoptr);
+
+NSAPI_PUBLIC extern int nsadbCreateGroup(NSErr_t * errp,
+					 void * authdb, GroupObj_t * goptr);
+
+NSAPI_PUBLIC extern int nsadbCreateUser(NSErr_t * errp,
+					void * authdb, UserObj_t * uoptr);
+
+/*
+for ANSI C++ standard on SCO UDK must typedef fn in arg list, otherwise fn
+name is managled
+*/
+
+#ifdef UnixWare
+typedef int(*ArgFn_EnumUsers)(NSErr_t * ferrp, void * authdb, void * parg,
+                 UserObj_t * uoptr);
+
+NSAPI_PUBLIC extern int nsadbEnumerateUsers(NSErr_t * errp, void * authdb,
+					void * argp, ArgFn_EnumUsers);
+#else /* UnixWare */
+NSAPI_PUBLIC extern int nsadbEnumerateUsers(NSErr_t * errp, void * authdb,
+					    void * argp,
+					    int (*func)(NSErr_t * ferrp,
+							void * authdb,
+							void * parg,
+							UserObj_t * uoptr));
+#endif /* UnixWare */
+ 
+#ifdef UnixWare
+typedef int(*ArgFn_EnumGroups)(NSErr_t * ferrp, void * authdb, void * parg,
+                 GroupObj_t * goptr);
+NSAPI_PUBLIC extern int nsadbEnumerateGroups(NSErr_t * errp,
+						void * authdb, void * argp,
+                       				ArgFn_EnumGroups);
+#else /* UnixWare */
+NSAPI_PUBLIC extern int nsadbEnumerateGroups(NSErr_t * errp,
+                                             void * authdb, void * argp,
+					     int (*func)(NSErr_t * ferrp,
+							 void * authdb,
+							 void * parg,
+							 GroupObj_t * goptr));
+#endif /* UnixWare */
+
+NSAPI_PUBLIC extern int nsadbIsUserInGroup(NSErr_t * errp, void * authdb,
+					   USI_t uid, USI_t gid,
+					   int ngroups, USI_t * grplist);
+
+NSAPI_PUBLIC extern int nsadbModifyGroup(NSErr_t * errp,
+					 void * authdb, GroupObj_t * goptr);
+
+NSAPI_PUBLIC extern int nsadbModifyUser(NSErr_t * errp,
+					void * authdb, UserObj_t * uoptr);
+
+NSAPI_PUBLIC extern int nsadbRemoveGroup(NSErr_t * errp,
+					 void * authdb, char * name);
+
+NSAPI_PUBLIC extern int nsadbRemoveUser(NSErr_t * errp,
+					void * authdb, char * name);
+
+NSAPI_PUBLIC extern int nsadbRemGroupFromGroup(NSErr_t * errp, void * authdb,
+					       GroupObj_t * pgoptr,
+					       GroupObj_t * cgoptr);
+
+NSAPI_PUBLIC extern int nsadbRemUserFromGroup(NSErr_t * errp, void * authdb,
+					      GroupObj_t * goptr,
+					      UserObj_t * uoptr);
+
+NSAPI_PUBLIC extern int nsadbSuperGroups(NSErr_t * errp, void * authdb,
+					 GroupObj_t * goptr,
+					 USIList_t * gsuper);
+
+
+NSPR_END_EXTERN_C
+
+#if defined(CLIENT_AUTH)
+
+/* Removed for new ns security integration
+#include <sec.h>
+*/
+#include <key.h>
+#include <cert.h>
+
+#endif /* defined(CLIENT_AUTH) */
+
+#endif /* __nsamgmt_h */
diff --git a/include/libaccess/nsauth.h b/include/libaccess/nsauth.h
new file mode 100644
index 00000000..8f5ce877
--- /dev/null
+++ b/include/libaccess/nsauth.h
@@ -0,0 +1,288 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef __nsauth_h
+#define __nsauth_h
+
+/*
+ * Description (nsauth.h)
+ *
+ *	This file defines types and interfaces which pertain to client
+ *	authentication.  The key types are Realm_t, which describes a
+ *	context for authentication, and ClAuth_t, which is used to
+ *	pass authentication information about a particular client
+ *	into and out of authentication interface functions.
+ */
+
+#ifdef CLIENT_AUTH
+
+#include "ssl.h"
+
+#if 0
+/* Removed for new ns security */
+#include "sec.h"		/* SECCertificate */
+#endif
+#include "cert.h"               /* CERTCertificate for new ns security bin */
+#endif /* CLIENT_AUTH */
+
+#include "usi.h"		/* identifier list support */
+#include "attrec.h"		/* attribute record types */
+#include "nserror.h"		/* error frame list support */
+#include "nsautherr.h"		/* authentication error codes */
+
+/* Define a scalar IP address value */
+#ifndef __IPADDR_T_
+#define __IPADDR_T_
+typedef unsigned long IPAddr_t;
+#endif /* __IPADDR_T_ */
+
+/*
+ * Description (UserObj_t)
+ *
+ *	This type defines the structure of a user object.  A user object
+ *	contains information about a user which might be contained in
+ *	an authentication database, including user name, password, user id,
+ *	and group membership.
+ */
+
+typedef struct UserObj_s UserObj_t;
+struct UserObj_s {
+    NTS_t uo_name;		/* user account name */
+    NTS_t uo_pwd;		/* encrypted password */
+    USI_t uo_uid;		/* user id */
+    USI_t uo_flags;		/* bit flags */
+#define UOF_DBFLAGS	0x1f	/* mask for flags stored in DB file */
+#define UOF_ERROR	0x20	/* error on last operation */
+#define UOF_NEW		0x40	/* new user object */
+#define UOF_MODIFIED	0x80	/* internal object modified */
+#define UOF_DELPEND	0x100	/* delete pending */
+
+    NTS_t uo_rname;		/* real user name (gecos string) */
+    USIList_t uo_groups;	/* list of group ids containing user */
+};
+
+/*
+ * Description (GroupObj_t)
+ *
+ *	This type defines the structure of a group object.  A group object
+ *	contains information about a group which might be contained in
+ *	an authentication database, including group name, group id, and
+ *	relationships to other groups.
+ */
+
+typedef struct GroupObj_s GroupObj_t;
+struct GroupObj_s {
+    NTS_t go_name;		/* group name */
+    USI_t go_gid;		/* group id */
+    USI_t go_flags;		/* bit flags */
+#define GOF_DBFLAGS	0x3f	/* mask for flags stored in DB file */
+#define GOF_NEW		0x40	/* new group object */
+#define GOF_MODIFIED	0x80	/* internal object modified */
+#define GOF_DELPEND	0x100	/* delete pending */
+
+    NTS_t go_desc;		/* group description */
+    USIList_t go_users;		/* list of user members (uids) */
+    USIList_t go_groups;	/* list of group members (gids) */
+    USIList_t go_pgroups;	/* list of parent groups (gids) */
+};
+
+/*
+ * Description (AuthIF_t)
+ *
+ *	This type describes a structure containing pointers to functions
+ *	which provide a standard interface to an authentication database.
+ *	The functions are described below.
+ *
+ *   Description (aif_close)
+ *
+ *	The referenced function closes an authentication database which
+ *	was previously opened via the aif_open function.
+ *
+ *   Arguments:
+ *
+ *	authdb			- handle for database returned by aif_open
+ *	flags			- close flags (unused - must be zero)
+ *
+ *
+ *   Description (aif_findid)
+ *
+ *	The referenced function looks up a specified user or group id
+ *	in a given authentication database.  Flags can be specified to
+ *	search for only matching user ids, only matching group ids,
+ *	or both.  The result value for a successful search indicates
+ *	whether a matching user or group id was found, and a pointer to
+ *	a user or group object is returned accordingly.
+ *
+ *   Arguments:
+ *
+ *	authdb			- handle for database returned by aif_open
+ *	id			- user/group id value
+ *	flags			- bit flags to control search
+ *	rptr			- pointer to returned user or group object
+ *				  pointer (may be null)
+ *
+ *   Returns:
+ *
+ *	If successful, the result value is greater than zero, and contains
+ *	a subset of the search flags, indicating what was found, and a user
+ *	or group object pointer is returned through 'rptr' if it is non-null.
+ *	An unsuccessful search is indicated by a return value of zero.  An
+ *	error is indicated by a negative return value (defined in
+ *	nsautherr.h).
+ *
+ *
+ *   Description (aif_findname)
+ *
+ *	The referenced function looks up a specified user or group name
+ *	in a given authentication database.  Flags can be specified to
+ *	search for only matching user names, only matching group names,
+ *	or both.  The result value for a successful search indicates
+ *	whether a matching user or group was found, and a pointer to a
+ *	user or group object is returned accordingly.
+ *
+ *   Arguments:
+ *
+ *	authdb			- handle for database returned by aif_open
+ *	name			- user/group name string pointer
+ *	flags			- bit flags to control search
+ *	rptr			- pointer to returned user or group object
+ *				  pointer (may be null)
+ *
+ *   Returns:
+ *
+ *	If successful, the result value is greater than zero, and contains
+ *	a subset of the search flags, indicating what was found, and a user
+ *	or group object pointer is returned through 'rptr' if it is non-null.
+ *	An unsuccessful search is indicated by a return value of zero.  An
+ *	error is indicated by a negative return value (defined in
+ *	nsautherr.h).
+ *
+ *
+ *   Description (aif_idtoname)
+ *
+ *	The referenced function looks up a specified user or group id
+ *	in a given authentication database, and returns the associated
+ *	user or group name.  Flags can be specified to search for only
+ *	matching user ids, only matching group ids, or both.  The result
+ *	value for a successful search indicates whether a matching user
+ *	or group id was found, and a pointer to the user or group name
+ *	is returned accordingly.
+ *
+ *   Arguments:
+ *
+ *	authdb			- handle for database returned by aif_open
+ *	id			- user/group id value
+ *	flags			- bit flags to control search
+ *	rptr			- pointer to returned user or group name
+ *				  pointer (may be null)
+ *
+ *   Returns:
+ *
+ *	If successful, the result value is greater than zero, and contains
+ *	a subset of the search flags, indicating what was found, and a user
+ *	or group name pointer is returned through 'rptr' if it is non-null.
+ *	An unsuccessful search is indicated by a return value of zero.  An
+ *	error is indicated by a negative return value (defined in
+ *	nsautherr.h).
+ *
+ *
+ *   Description (aif_open)
+ *
+ *	The referenced function opens a named authentication database of
+ *	the type supported by this interface.  The actual effect of the
+ *	open function depends on the particular type of database, but a
+ *	call to the aif_open function should generally be followed by a
+ *	call to the aif_close function at some point.
+ *
+ *   Arguments:
+ *
+ *	adbname			- authentication database name string pointer
+ *	flags			- open flags (definitions below)
+ *	rptr			- pointer to returned handle for the database
+ *
+ *   Returns:
+ *
+ *	The return value is zero if the operation is successful, and a
+ *	handle for the authentication database is returned through 'rptr'.
+ *	An error is indicated by a negative return value (defined in
+ *	nsautherr.h).
+ */
+
+typedef struct AuthIF_s AuthIF_t;
+struct AuthIF_s {
+    int (*aif_findid)(NSErr_t * errp,
+		      void * authdb, USI_t id, int flags, void **rptr);
+    int (*aif_findname)(NSErr_t * errp,
+			void * authdb, char * name, int flags, void **rptr);
+    int (*aif_idtoname)(NSErr_t * errp,
+			void * authdb, USI_t id, int flags, char **rptr);
+    int (*aif_open)(NSErr_t * errp, char * adbname, int flags, void **rptr);
+    void (*aif_close)(void * authdb, int flags);
+    int (*aif_addmember)(void **pmlist, char * name, int flags);
+    int (*aif_ismember)(void * mlist, char * name, int flags);
+};
+
+/* Define flags for the aif_open function */
+#define AIF_CREATE	0x1		/* new database (create it) */
+
+/*
+ * Define bits for flags and return value of aif_findid, aif_findid,
+ * and aif_idtoname functions.
+ */
+#define AIF_NONE	0		/* no matching group or user name */
+#define AIF_GROUP	0x1		/* matching group name/id found */
+#define AIF_USER	0x2		/* matching user name/id found */
+
+/*
+ * Description (Realm_t)
+ *
+ *	This type defines a structure which represents an authentication
+ *	realm.  Each realm has a unique name, which is accessed through
+ *	a Symbol_t structure, which in turn references a Realm_t as the
+ *	symbol value.  This structure specifies an authentication
+ *	method and an authentication database.
+ */
+
+typedef struct Realm_s Realm_t;
+struct Realm_s {
+    int rlm_ameth;		/* authentication method type */
+    char * rlm_dbname;		/* authentication database name */
+    AuthIF_t * rlm_aif;		/* authentication interface pointer */
+    void * rlm_authdb;		/* authentication database handle */
+    char * rlm_prompt;		/* realm prompt string */
+};
+
+/* Define supported authentication method codes for rlm_ameth */
+#define AUTH_METHOD_BASIC	1	/* basic authentication */
+#define AUTH_METHOD_SSL		2	/* SSL client authentication */
+
+/*
+ * Description (ClAuth_t)
+ *
+ *	This type describes a structure containing information about a
+ *	particular client.  It is used to pass information into and out
+ *	of authentication support functions, as well as to other functions
+ *	needing access to client authentication information.
+ * FUTURE:
+ *	- add client certificate pointer
+ */
+
+typedef struct ClAuth_s ClAuth_t;
+struct ClAuth_s {
+    Realm_t * cla_realm;	/* authentication realm pointer */
+    IPAddr_t cla_ipaddr;	/* IP address */
+    char * cla_dns;		/* DNS name string pointer */
+    UserObj_t * cla_uoptr;	/* authenticated user object pointer */
+    GroupObj_t * cla_goptr;	/* pointer to list of group objects */
+#ifdef CLIENT_AUTH
+#if 0
+  /* Removed for new ns security  */
+    SECCertificate * cla_cert;	/* certificate from SSL client auth */
+#endif
+    CERTCertificate * cla_cert;	/* certificate from SSL client auth */
+#endif /* CLIENT_AUTH */
+};
+
+#endif /* __nsauth_h */
diff --git a/include/libaccess/nsautherr.h b/include/libaccess/nsautherr.h
new file mode 100644
index 00000000..02951b9f
--- /dev/null
+++ b/include/libaccess/nsautherr.h
@@ -0,0 +1,97 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef __nsautherr_h
+#define __nsautherr_h
+
+/* Define error id codes */
+
+/* Define error ids generated by nsumgmt.c */
+
+/* userRename() */
+#define NSAUERR1000	1000		/* insufficient dynamic memory */
+
+/* userStore() */
+#define NSAUERR1100	1100		/* insufficient dynamic memory */
+
+/* Define error ids generated by nsgmgmt.c */
+
+/* groupStore() */
+#define NSAUERR2000	2000		/* insufficient dynamic memory */
+
+/* Define error ids generated by nsadb.c */
+
+/* nsadbOpen() */
+#define NSAUERR3000	3000		/* invalid function argument */
+#define NSAUERR3020	3020		/* insufficient dynamic memory */
+#define NSAUERR3040	3040		/* create directory operation failed */
+#define NSAUERR3060	3060		/* open directory operation failed */
+
+/* nsadbOpenUsers() */
+#define NSAUERR3200	3200		/* invalid function argument */
+#define NSAUERR3220	3220		/* insufficient dynamic memory */
+#define NSAUERR3240	3240		/* error opening user database */
+
+/* nsadbOpenGroups() */
+#define NSAUERR3300	3300		/* invalid function argument */
+#define NSAUERR3320	3320		/* insufficient dynamic memory */
+#define NSAUERR3340	3340		/* error opening group database */
+
+#if defined(CLIENT_AUTH)
+/* nsadbOpenClients() */
+#define NSAUERR3400	3400		/* invalid function argument */
+#define NSAUERR3420	3420		/* insufficient dynamic memory */
+#define NSAUERR3430	3430		/* error initializing DB lock */
+#define NSAUERR3440	3440		/* error opening group database */
+
+/* nsadbPutUserByCert() */
+#define NSAUERR3500	3500		/* invalid username length */
+#define NSAUERR3520	3520		/* user-to-cert map already exists */
+
+/* nsadbOpenCertUsers() */
+#define NSAUERR3600	3600		/* error opening user-to-cert id DB */
+
+/* nsadbFindCertUser() */
+#define NSAUERR3700	3700		/* specified user name not found */
+
+/* nsadbAddCertUser() */
+#define NSAUERR3800	3800		/* error adding entry to database */
+
+/* nsadbRemoveCertUser() */
+#define NSAUERR3900	3900		/* error deleting entry in database */
+
+#endif /*  defined(CLIENT_AUTH) */
+
+/* Define error ids generated by nsamgmt.c */
+
+/* nsadbRemoveUser() */
+#define NSAUERR4000	4000		/* user name not found */
+
+/* nsadbRemoveGroup() */
+#define NSAUERR4100	4100		/* group name not found */
+
+/* Define error codes */
+#define NSAERRNOMEM	-1		/* insufficient dynamic memory */
+#define NSAERRINVAL	-2		/* invalid function argument */
+#define NSAERROPEN	-3		/* error opening database */
+#define NSAERRMKDIR	-4		/* error creating database directory */
+#define NSAERRNAME	-5		/* user or group name not found */
+#define NSAERRPUT	-6		/* error writing record to database */
+#define NSAERRCMAP	-7		/* certificate map already exists */
+#define NSAERRDEL	-8		/* error deleting database entry */
+#define NSAERRLOCK	-9		/* error initializing DB lock */
+
+NSPR_BEGIN_EXTERN_C
+
+/* Authentication facility name in nsuser.c */
+extern char * NSAuth_Program;
+
+    /* Functions in nsautherr.c */
+extern NSAPI_PUBLIC void nsadbErrorFmt(NSErr_t * errp,
+			  char * msgbuf, int maxlen, int maxdepth);
+
+NSPR_END_EXTERN_C
+
+#endif /* __nsautherr_h */
diff --git a/include/libaccess/nscert.h b/include/libaccess/nscert.h
new file mode 100644
index 00000000..b704bbdf
--- /dev/null
+++ b/include/libaccess/nscert.h
@@ -0,0 +1,102 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef __nscert_h
+#define __nscert_h
+
+/*
+ * Description (nscert.h)
+ *
+ *	This file describes the interface for accessing and storing
+ *	information in a Netscape client certificate to username
+ *	database.  This facility is built on top of the Netscape
+ *	(server) database interface as defined in nsdb.h.  
+ */
+
+#include <libaccess/nserror.h>		/* error frame list support */
+#include <libaccess/nsautherr.h>	/* authentication error codes */
+#include <libaccess/nsauth.h>
+
+#include <prtypes.h>
+/* Removed for new ns security integration
+#include <sec.h>
+*/
+#include <cert.h>
+
+#if defined(CLIENT_AUTH)
+
+/* Certificate to user record attribute tags */
+#define CAT_USERNAME	0x61		/* username associated with cert */
+#define CAT_CERTID	0x62		/* id assigned to cert */
+
+/* Attribute tags used in certificate key encoding */
+#define KAT_ISSUER	0x01		/* issuer DER */
+#define KAT_SUBJECT	0x02		/* subject DER */
+
+typedef struct CertObj_s CertObj_t;
+struct CertObj_s {
+    SECItem co_issuer;		/* issuing authority */
+    SECItem co_subject;		/* certicate's subject */
+    char * co_username;		/* the local name it mapps to */
+    USI_t co_certid;		/* internal id for this client certificate */
+};
+
+typedef int (*CertEnumCallback)(NSErr_t * ferrp, void * authdb,
+				void * argp, CertObj_t * coptr);
+    
+NSPR_BEGIN_EXTERN_C
+
+extern NSAPI_PUBLIC int nsadbCertInitialize(void);
+
+extern NSAPI_PUBLIC int nsadbDecodeCertKey(int keylen, char * keyptr,
+					   SECItem * issuer,
+					   SECItem * subject);
+
+extern NSAPI_PUBLIC int nsadbDecodeCertRec(int reclen, char * recptr,
+					   CertObj_t * coptr);
+
+extern NSAPI_PUBLIC int nsadbEncodeCertKey(SECItem * issuer, SECItem * subject,
+					   int * keylen, char **keyptr);
+
+extern NSAPI_PUBLIC int nsadbEnumerateCerts(NSErr_t * errp, void * authdb,
+					    void * argp,
+					    CertEnumCallback func);
+
+extern NSAPI_PUBLIC void nsadbFreeCertObj(CertObj_t * coptr);
+
+extern NSAPI_PUBLIC int nsadbGetCertById(NSErr_t * errp, void * authdb,
+					 USI_t certid, CertObj_t **coptr);
+
+extern NSAPI_PUBLIC int nsadbGetUserByCert(NSErr_t * errp, void * authdb,
+					   CERTCertificate * cert,
+					   char **username);
+
+extern NSAPI_PUBLIC int nsadbOpenCerts(NSErr_t * errp,
+				       void * authdb, int flags);
+
+extern NSAPI_PUBLIC int nsadbPutUserByCert(NSErr_t * errp, void * authdb,
+					   CERTCertificate * cert,
+					   const char * username);
+
+extern NSAPI_PUBLIC int nsadbRemoveCert(NSErr_t * errp, void * authdb,
+					void * username, CertObj_t * coptr);
+
+extern NSAPI_PUBLIC int nsadbRemoveUserCert(NSErr_t * errp, void * authdb,
+					    char * username);
+
+extern NSAPI_PUBLIC void nsadbCloseCerts(void * authdb, int flags);
+
+extern NSAPI_PUBLIC void nsadbCloseCertUsers(void * authdb, int flags);
+
+extern NSAPI_PUBLIC int nsadbFindCertUser(NSErr_t * errp, void * authdb,
+					  const char * username, USI_t * id);
+
+
+NSPR_END_EXTERN_C
+
+#endif /* CLIENT_AUTH */
+
+
+#endif /* __nscert_h */
diff --git a/include/libaccess/nsdb.h b/include/libaccess/nsdb.h
new file mode 100644
index 00000000..c5b39e1c
--- /dev/null
+++ b/include/libaccess/nsdb.h
@@ -0,0 +1,182 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef __nsdb_h
+#define __nsdb_h
+
+/*
+ * Description (nsdb.h)
+ *
+ *	This file describes the interface for retrieving information
+ *	from a Netscape (server) database.  A database is composed of
+ *	two (libdbm) DB files.  One of these (<dbname>.db) contains
+ *	records indexed by a string key.  These records contain the
+ *	primary information in the database.  A second DB file
+ *	(<dbname>.id) is used to map an integer id value to a string
+ *	key, which can then be used to locate a record in the first file.
+ *	The interface for managing information in a database is described
+ *	in nsdbmgmt.h.
+ */
+
+/* Begin private definitions */
+#ifdef __PRIVATE_NSDB
+
+#include "mcom_db.h"
+
+/*
+ * Description (NSDB_t)
+ *
+ *	This type describes the structure that used to represent a
+ *	Netscape server database.  It includes fields to reference
+ *	both the primary and id-to-name DB files, and information
+ *	about the current state of the database.
+ */
+
+typedef struct NSDB_s NSDB_t;
+struct NSDB_s {
+    char * ndb_pname;			/* primary DB file name pointer */
+    DB * ndb_pdb;			/* primary DB file handle */
+    char * ndb_iname;			/* id-to-name DB file name pointer */
+    DB * ndb_idb;			/* id-to-name DB file handle */
+    int ndb_flags;			/* bit flags */
+#define NDBF_RDNAME	0x1		/* primary DB open for read */
+#define NDBF_WRNAME	0x2		/* primary DB open for write */
+#define NDBF_NONAME	0x4		/* primary DB does not exist */
+#define NDBF_RDID	0x10		/* id-to-name DB open for read */
+#define NDBF_WRID	0x20		/* id-to-name DB open for write */
+#define NDBF_NOID	0x40		/* id-to-name DB does not exist */
+
+    int ndb_dbtype;			/* database type */
+    int ndb_version;			/* type-specific version number */
+};
+
+/* Define metadata record keys (must start with NDB_MDPREFIX) */
+#define NDB_DBTYPE	"?dbtype"	/* database type and version info */
+#define NDB_IDMAP	"?idmap"	/* id allocation bitmap */
+
+#endif /* __PRIVATE_NSDB */
+
+/* Begin public definitions */
+
+#include "nserror.h"		/* error frame list support */
+#include "nsdberr.h"		/* error codes for NSDB facility */
+
+/* Define the NSDB version number */
+#define NDB_VERSION		0x10	/* NSDB version 1.0 */
+
+/* Define reserved database type codes for ndb_dbtype */
+#define NDB_TYPE_USERDB		1	/* user database */
+#define NDB_TYPE_GROUPDB	2	/* group database */
+#define NDB_TYPE_CLIENTDB	3	/* client database */
+#define NDB_TYPE_ACLDB		4	/* access control list database */
+
+/*
+ * Define the metadata record key prefix character.  Normal data record
+ * keys (names) cannot begin with this character.
+ */
+#define NDB_MDPREFIX	'?'
+
+/* Define flags for ndbEnumerate() */
+#define NDBF_ENUMNORM	0x1		/* enumerate normal data records */
+#define NDBF_ENUMMETA	0x2		/* enumerate metadata records */
+
+/* Define return values for a user function called by ndbEnumerate */
+#define NDB_ENUMSTOP	-1		/* terminate enumeration */
+#define NDB_ENUMCONT	0		/* continue enumeration */
+#define NDB_ENUMRESET	1		/* restart enumeration at beginning */
+
+NSPR_BEGIN_EXTERN_C
+
+/* Functions for database information retrieval in nsdb.c */
+extern void ndbClose(void * ndb, int flags);
+
+/* for ANSI C++ standard on SCO UDK, otherwise fn name is mangled */
+#ifdef UnixWare
+typedef int (*ArgFn_ndbEnum)(NSErr_t * ferrp, void * parg, int namelen,
+                           char * name, int reclen, char * recptr);
+extern int ndbEnumerate(NSErr_t * errp, void * ndb, int flags, void * argp,
+                        ArgFn_ndbEnum);
+#else /* UnixWare */
+extern int ndbEnumerate(NSErr_t * errp, void * ndb, int flags, void * argp,
+			int (*func)(NSErr_t * ferrp, void * parg,
+				    int namelen, char * name,
+				    int reclen, char * recptr));
+#endif /* UnixWare */
+extern int ndbFindName(NSErr_t * errp, void * ndb, int namelen, char * name,
+		       int * reclen, char **recptr);
+extern int ndbIdToName(NSErr_t * errp,
+		       void * ndb, unsigned int id, int * plen, char **pname);
+extern int ndbInitPrimary(NSErr_t * errp, void * ndb);
+extern void * ndbOpen(NSErr_t * errp,
+		      char * dbname, int flags, int dbtype, int * version);
+extern int ndbReOpen(NSErr_t * errp, void * ndb, int flags);
+
+NSPR_END_EXTERN_C
+
+/* richm - 20020218 - these macros were added as part of the port to DBM 1.6
+ * apparently, these were exported for outside use from mcom_db.h in
+ * DBM 1.5x and earlier, but were made private in 1.6 - so I copied them
+ * here
+ */
+/*
+ * Little endian <==> big endian 32-bit swap macros.
+ *	M_32_SWAP	swap a memory location
+ *	P_32_SWAP	swap a referenced memory location
+ *	P_32_COPY	swap from one location to another
+ */
+#ifndef M_32_SWAP
+#define	M_32_SWAP(a) {							\
+	uint32 _tmp = a;						\
+	((char *)&a)[0] = ((char *)&_tmp)[3];				\
+	((char *)&a)[1] = ((char *)&_tmp)[2];				\
+	((char *)&a)[2] = ((char *)&_tmp)[1];				\
+	((char *)&a)[3] = ((char *)&_tmp)[0];				\
+}
+#endif
+#ifndef P_32_SWAP
+#define	P_32_SWAP(a) {							\
+	uint32 _tmp = *(uint32 *)a;				\
+	((char *)a)[0] = ((char *)&_tmp)[3];				\
+	((char *)a)[1] = ((char *)&_tmp)[2];				\
+	((char *)a)[2] = ((char *)&_tmp)[1];				\
+	((char *)a)[3] = ((char *)&_tmp)[0];				\
+}
+#endif
+#ifndef P_32_COPY
+#define	P_32_COPY(a, b) {						\
+	((char *)&(b))[0] = ((char *)&(a))[3];				\
+	((char *)&(b))[1] = ((char *)&(a))[2];				\
+	((char *)&(b))[2] = ((char *)&(a))[1];				\
+	((char *)&(b))[3] = ((char *)&(a))[0];				\
+}
+#endif
+/*
+ * Little endian <==> big endian 16-bit swap macros.
+ *	M_16_SWAP	swap a memory location
+ *	P_16_SWAP	swap a referenced memory location
+ *	P_16_COPY	swap from one location to another
+ */
+#ifndef M_16_SWAP
+#define	M_16_SWAP(a) {							\
+	uint16 _tmp = a;						\
+	((char *)&a)[0] = ((char *)&_tmp)[1];				\
+	((char *)&a)[1] = ((char *)&_tmp)[0];				\
+}
+#endif
+#ifndef P_16_SWAP
+#define	P_16_SWAP(a) {							\
+	uint16 _tmp = *(uint16 *)a;				\
+	((char *)a)[0] = ((char *)&_tmp)[1];				\
+	((char *)a)[1] = ((char *)&_tmp)[0];				\
+}
+#endif
+#ifndef P_16_COPY
+#define	P_16_COPY(a, b) {						\
+	((char *)&(b))[0] = ((char *)&(a))[1];				\
+	((char *)&(b))[1] = ((char *)&(a))[0];				\
+}
+#endif
+
+#endif /* __nsdb_h */
diff --git a/include/libaccess/nsdberr.h b/include/libaccess/nsdberr.h
new file mode 100644
index 00000000..224bd483
--- /dev/null
+++ b/include/libaccess/nsdberr.h
@@ -0,0 +1,92 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef __nsdberr_h
+#define __nsdberr_h
+
+/* NSDB facility name (defined in nsdb,c) */
+extern char * NSDB_Program;
+
+/* Define error identifiers for NSDB facility */
+
+/* Errors generated in nsdb.c */
+
+/* ndbFindName() */
+#define NSDBERR1000	1000	/* primary DB get operation failed */
+
+/* ndbIdToName() */
+#define NSDBERR1100	1100	/* id-to-name DB get operation failed */
+
+/* ndbInitPrimary() */
+#define NSDBERR1200	1200	/* primary database already exists */
+#define NSDBERR1220	1220	/* primary database open failed */
+#define NSDBERR1240	1240	/* primary DB put operation failed */
+#define NSDBERR1260	1260	/* primary DB put operation failed */
+
+/* ndbOpen() */
+#define NSDBERR1400	1400	/* insufficient dynamic memory */
+#define NSDBERR1420	1420	/* insufficient dynamic memory */
+#define NSDBERR1440	1440	/* insufficient dynamic memory */
+#define NSDBERR1460	1460	/* primary DB get metadata operation failed */
+#define NSDBERR1480	1480	/* metadata format error */
+#define NSDBERR1500	1500	/* unsupported database version number */
+#define NSDBERR1520	1520	/* wrong database type */
+
+/* ndbReOpen() */
+#define NSDBERR1600	1600	/* create primary DB failed */
+#define NSDBERR1620	1620	/* open primary/write failed */
+#define NSDBERR1640	1640	/* open primary/read failed */
+#define NSDBERR1660	1660	/* create id-to-name DB failed */
+#define NSDBERR1680	1680	/* open id-to-name DB for write failed */
+#define NSDBERR1700	1700	/* open id-to-name DB for read failed */
+
+/* Define error ids generated in nsdbmgmt.c */
+
+/* ndbAllocId() */
+#define NSDBERR2000	2000	/* bad DB name key */
+#define NSDBERR2020	2020	/* metadata get operation failed */
+#define NSDBERR2040	2040	/* no space to grow DB id bitmap */
+#define NSDBERR2060	2060	/* no space to copy DB id bitmap */
+#define NSDBERR2080	2080	/* put bitmap to DB operation failed */
+#define NSDBERR2100	2100	/* put id-to-name operation failed */
+
+/* ndbDeleteName() */
+#define NSDBERR2200	2200	/* error deleting record */
+
+/* ndbFreeId() */
+#define NSDBERR2300	2300	/* invalid id value */
+#define NSDBERR2320	2320	/* error deleting id-to-name record */
+#define NSDBERR2340	2340	/* error reading id bitmap from primary DB */
+#define NSDBERR2360	2360	/* invalid id value */
+#define NSDBERR2380	2380	/* insufficient dynamic memory */
+#define NSDBERR2400	2400	/* error writing id bitmap back to DB */
+
+/* ndbRenameId() */
+#define NSDBERR2500	2500	/* invalid new key name string */
+#define NSDBERR2520	2520	/* get id record operation failed */
+#define NSDBERR2540	2540	/* put id record operation failed */
+
+/* ndbStoreName() */
+#define NSDBERR2700	2700	/* database put operation failed */
+
+/* Define error return codes */
+#define NDBERRNOMEM	-1		/* insufficient dynamic memory */
+#define NDBERRNAME	-2		/* invalid key name string */
+#define NDBERROPEN	-3		/* database open error */
+#define NDBERRMDGET	-4		/* database metadata get failed */
+#define NDBERRMDPUT	-5		/* database metadata put failed */
+#define NDBERRIDPUT	-6		/* id-to-name record put failed */
+#define NDBERRNMDEL	-7		/* delete named record failed */
+#define NDBERRPINIT	-8		/* error creating primary DB file */
+#define NDBERRGET	-9		/* database get failed */
+#define NDBERREXIST	-10		/* DB already exists */
+#define NDBERRMDFMT	-11		/* invalid metadata format */
+#define NDBERRDBTYPE	-12		/* wrong DB type */
+#define NDBERRBADID	-13		/* invalid id value for name */
+#define NDBERRPUT	-14		/* database put operation failed */
+#define NDBERRVERS	-15		/* unsupported database version */
+#define NDBERRIDDEL	-16		/* delete id-to-name record failed */
+
+#endif /* __nsdberr_h */
diff --git a/include/libaccess/nsdbmgmt.h b/include/libaccess/nsdbmgmt.h
new file mode 100644
index 00000000..2977e6a2
--- /dev/null
+++ b/include/libaccess/nsdbmgmt.h
@@ -0,0 +1,52 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef __nsdbmgmt_h
+#define __nsdbmgmt_h
+
+/*
+ * Description (nsdbmgmt.h)
+ *
+ *	The file describes the interface for managing information in
+ *	a Netscape (server) database.  A database is composed of
+ *	two (libdbm) DB files.  One of these (<dbname>.db) contains
+ *	records indexed by a string key.  These records contain the
+ *	primary information in the database.  A second DB file
+ *	(<dbname>.id) is used to map an integer id value to a string
+ *	key, which can then be used to locate a record in the first file.
+ *	The interface for retrieving information from a database is
+ *	described in nsdb.h.
+ *
+ * FUTURE:
+ *	Normally the records in the primary DB file will contain the
+ *	id values which are used to key the id-to-name DB.  When this
+ *	is the case, it is possible to construct the id-to-name DB from
+ *	the primary DB file, and an interface is provided to facilitate
+ *	this.
+ */
+
+#include "nsdb.h"			/* database access */
+
+/* Define flags for ndbStoreName() */
+#define NDBF_NEWNAME	0x1		/* this is (should be) a new name */
+
+NSPR_BEGIN_EXTERN_C
+
+/* Functions for database management in nsdbmgmt.c */
+extern int ndbAllocId(NSErr_t * errp, void * ndb,
+		      int namelen, char * name, unsigned int * id);
+extern int ndbDeleteName(NSErr_t * errp,
+			 void * ndb, int flags, int namelen, char * name);
+extern int ndbFreeId(NSErr_t * errp,
+		     void * ndb, int namelen, char * name, unsigned int id);
+extern int ndbRenameId(NSErr_t * errp, void * ndb,
+		       int namelen, char * newname, unsigned int id);
+extern int ndbStoreName(NSErr_t * errp, void * ndb, int flags,
+			int namelen, char * name, int reclen, char * recptr);
+extern int ndbSync(NSErr_t * errp, void * ndb, int flags);
+
+NSPR_END_EXTERN_C
+
+#endif /* __nsdbmgmt_h */
diff --git a/include/libaccess/nserror.h b/include/libaccess/nserror.h
new file mode 100644
index 00000000..2a28c4f9
--- /dev/null
+++ b/include/libaccess/nserror.h
@@ -0,0 +1,47 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef __nserror_h
+#define __nserror_h
+
+#ifndef NOINTNSACL
+#define INTNSACL
+#endif /* !NOINTNSACL */
+
+/*
+ * Description (nserror.h)
+ *
+ *	This file describes the interface to an error handling mechanism
+ *	that is intended for general use.  This mechanism uses a data
+ *	structure known as an "error frame" to capture information about
+ *	an error.  Multiple error frames are used in nested function calls
+ *	to capture the interpretation of an error at the different levels
+ *	of a nested call.
+ */
+
+#include <stdarg.h>
+#include <prtypes.h>
+#include "public/nsacl/nserrdef.h"
+
+#ifdef INTNSACL
+
+NSPR_BEGIN_EXTERN_C
+
+/* Functions in nseframe.c */
+extern void nserrDispose(NSErr_t * errp);
+extern NSEFrame_t * nserrFAlloc(NSErr_t * errp);
+extern void nserrFFree(NSErr_t * errp, NSEFrame_t * efp);
+extern NSEFrame_t * nserrGenerate(NSErr_t * errp, long retcode, long errorid,
+				  char * program, int errc, ...);
+
+/* Functions in nserrmsg.c */
+extern char * nserrMessage(NSEFrame_t * efp, int flags);
+extern char * nserrRetrieve(NSEFrame_t * efp, int flags);
+
+NSPR_END_EXTERN_C
+
+#endif /* INTNSACL */
+
+#endif /* __nserror_h */
diff --git a/include/libaccess/nsgmgmt.h b/include/libaccess/nsgmgmt.h
new file mode 100644
index 00000000..8fc59e12
--- /dev/null
+++ b/include/libaccess/nsgmgmt.h
@@ -0,0 +1,35 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef __nsgmgmt_h
+#define __nsgmgmt_h
+
+/*
+ * Description (nsgmgmt.h)
+ *
+ *	This file defines the interface to group management facilities
+ *	implemented using a Netscape group database.  This interface
+ *	provides functions for adding, modifying, and removing group
+ *	entries in the database, using the group object (GroupObj_t)
+ *	structure to convey information across the interface.
+ */
+
+#define __PRIVATE_NSGROUP
+#include "nsgroup.h"		/* group object access */
+
+NSPR_BEGIN_EXTERN_C
+
+/* Group information management operations in nsgmgmt.c */
+extern NSAPI_PUBLIC int groupAddMember(GroupObj_t * goptr, int isgid, USI_t id);
+extern NSAPI_PUBLIC GroupObj_t * groupCreate(NTS_t name, NTS_t desc);
+extern NSAPI_PUBLIC int groupDeleteMember(GroupObj_t * goptr, int isgid, USI_t id);
+extern NSAPI_PUBLIC int groupEncode(GroupObj_t * goptr, int * ureclen, ATR_t * urecptr);
+extern NSAPI_PUBLIC int groupRemove(NSErr_t * errp, void * groupdb, int flags, NTS_t name);
+extern NSAPI_PUBLIC int groupStore(NSErr_t * errp,
+		      void * groupdb, int flags, GroupObj_t * goptr);
+
+NSPR_END_EXTERN_C
+
+#endif /* __nsgmgmt_h */
diff --git a/include/libaccess/nsgroup.h b/include/libaccess/nsgroup.h
new file mode 100644
index 00000000..8f4bf56a
--- /dev/null
+++ b/include/libaccess/nsgroup.h
@@ -0,0 +1,73 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef __nsgroup_h
+#define __nsgroup_h
+
+/*
+ * Description (nsgroup.h)
+ *
+ *	This file describes the interface to group information stored in
+ *	a Netscape group database.  Information about a group is provided
+ *	to the caller in the form of a group object (GroupObj_t), defined
+ *	in nsauth.h.  This interface provides only read access to group
+ *	information.  The interface for managing the group database is
+ *	described in nsgmgmt.h.
+ */
+
+#include "nserror.h"		/* error frame list support */
+#include "nsautherr.h"		/* authentication error codes */
+#include "nsauth.h"		/* authentication types */
+
+/* Begin private definitions */
+#ifdef __PRIVATE_NSGROUP
+
+#include "nsdb.h"
+
+/*
+ * Define structure used to communicate between groupEnumerate() and
+ * groupEnumHelp().
+ */
+
+typedef struct GroupEnumArgs_s GroupEnumArgs_t;
+struct GroupEnumArgs_s {
+    void * groupdb;			/* group database handle */
+    int flags;				/* groupEnumerate() flags */
+    int (*func)(NSErr_t * ferrp, void * parg,
+		GroupObj_t * goptr);	/* user function pointer */
+    void * user;			/* user's argp pointer */
+};
+
+/* Define attribute tags for group DB records */
+#define GAT_GID		0x50		/* group id (USI) */
+#define GAT_FLAGS	0x51		/* flags (USI) */
+#define GAT_DESCRIPT	0x52		/* group description (NTS) */
+#define GAT_USERS	0x53		/* list of users (USI...) */
+#define GAT_GROUPS	0x54		/* list of groups (USI...) */
+#define GAT_PGROUPS	0x55		/* list of paret groups (USI...) */
+
+#endif /* __PRIVATE_NSGROUP */
+
+/* Begin public definitions */
+
+/* Define flags for groupEnumerate() */
+#define GOF_ENUMKEEP	0x1		/* don't free group objects */
+
+NSPR_BEGIN_EXTERN_C
+
+    /* Operations on a group object (see nsgroup.c) */
+extern NSAPI_PUBLIC GroupObj_t * groupDecode(NTS_t name, int ureclen, ATR_t urecptr);
+extern NSAPI_PUBLIC int groupEnumerate(NSErr_t * errp,
+			  void * groupdb, int flags, void * argp,
+			  int (*func)(NSErr_t * ferrp,
+				     void * parg, GroupObj_t * goptr));
+extern NSAPI_PUBLIC GroupObj_t * groupFindByName(NSErr_t * errp,
+				    void * groupdb, NTS_t name);
+extern NSAPI_PUBLIC GroupObj_t * groupFindByGid(NSErr_t * errp, void * groupdb, USI_t gid);
+extern NSAPI_PUBLIC void groupFree(GroupObj_t * goptr);
+
+NSPR_END_EXTERN_C
+
+#endif /* __nsgroup_h */
diff --git a/include/libaccess/nslock.h b/include/libaccess/nslock.h
new file mode 100644
index 00000000..af205863
--- /dev/null
+++ b/include/libaccess/nslock.h
@@ -0,0 +1,74 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef __nslock_h
+#define __nslock_h
+
+/*
+ * Description (nslock.h)
+ *
+ *	This file defines to interface for a locking facility that
+ *	provides exclusive access to a resource across multiple
+ *	server processes.
+ */
+
+#include "nserror.h"
+#include "base/crit.h"
+
+#ifdef __PRIVATE_NSLOCK
+
+/*
+ * Description (NSLock_t)
+ *
+ *	This type represents a lock.  It includes a name which
+ *	uniquely identifies the lock, and a handle for referencing
+ *	the lock once it has been initialized.
+ */
+
+typedef struct NSLock_s NSLock_t;
+struct NSLock_s {
+    NSLock_t * nl_next;			/* next lock on NSLock_List */
+    char * nl_name;			/* name associate with lock */
+#if defined(FILE_UNIX)
+    CRITICAL nl_crit;			/* critical section for threads */
+    SYS_FILE nl_fd;			/* file descriptor */
+    int nl_cnt;				/* nsLockAcquire() count */
+#elif defined(XP_WIN32)
+#else
+#error "nslock.h needs work for this platform"
+#endif
+};
+
+#endif /* __PRIVATE_NSLOCK */
+
+/* Define error identifiers */
+
+/* nsLockOpen() */
+#define NSLERR1000	1000		/* insufficient dynamic memory */
+#define NSLERR1020	1020		/* error creating lock */
+#define NSLERR1040	1040		/* error accessing lock */
+
+/* nsLockAcquire() */
+#define NSLERR1100	1100		/* error acquiring lock */
+
+/* Define error return codes */
+
+#define NSLERRNOMEM	-1		/* insufficient dynamic memory */
+#define NSLERRCREATE	-2		/* error creating lock */
+#define NSLERROPEN	-3		/* error accessing lock */
+#define NSLERRLOCK	-4		/* error acquiring lock */
+
+NSPR_BEGIN_EXTERN_C
+
+/* Functions in nslock.c */
+extern NSAPI_PUBLIC int nsLockOpen(NSErr_t * errp,
+				   char * lockname, void **plock);
+extern NSAPI_PUBLIC int nsLockAcquire(NSErr_t * errp, void * lock);
+extern NSAPI_PUBLIC void nsLockRelease(void * lock);
+extern NSAPI_PUBLIC void nsLockClose(void * lock);
+
+NSPR_END_EXTERN_C
+
+#endif __nslock_h
diff --git a/include/libaccess/nsumgmt.h b/include/libaccess/nsumgmt.h
new file mode 100644
index 00000000..6d295a85
--- /dev/null
+++ b/include/libaccess/nsumgmt.h
@@ -0,0 +1,36 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef __nsumgmt_h
+#define __nsumgmt_h
+
+/*
+ * Description (nsumgmt.h)
+ *
+ *	This file defines the interface to user management facilities
+ *	implemented using a Netscape user database.  This interface
+ *	provides functions for adding, modifying, and removing user
+ *	entries in the database, using the user object (UserObj_t)
+ *	structure to convey information across the interface.
+ */
+
+#include "nsuser.h"		/* user object access */
+
+NSPR_BEGIN_EXTERN_C
+
+/* User information management operations in nsumgmt.c */
+extern int userAddGroup(UserObj_t * uoptr, USI_t gid);
+extern NSAPI_PUBLIC UserObj_t * userCreate(NTS_t name, NTS_t pwd, NTS_t rname);
+extern int userDeleteGroup(UserObj_t * uoptr, USI_t gid);
+extern int userEncode(UserObj_t * uoptr, int * ureclen, ATR_t * urecptr);
+extern NSAPI_PUBLIC int userRemove(NSErr_t * errp, void * userdb, int flags, NTS_t name);
+extern NSAPI_PUBLIC int userRename(NSErr_t * errp,
+		      void * userdb, UserObj_t * uoptr, NTS_t newname);
+extern NSAPI_PUBLIC int userStore(NSErr_t * errp,
+		     void * userdb, int flags, UserObj_t * uoptr);
+
+NSPR_END_EXTERN_C
+
+#endif /* __nsumgmt_h */
diff --git a/include/libaccess/nsuser.h b/include/libaccess/nsuser.h
new file mode 100644
index 00000000..fbc51ba3
--- /dev/null
+++ b/include/libaccess/nsuser.h
@@ -0,0 +1,70 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef __nsuser_h
+#define __nsuser_h
+
+/*
+ * Description (nsuser.h)
+ *
+ *	This file describes the interface to user information stored in
+ *	a Netscape user database.  Information about a user is provided
+ *	to the caller in the form of a user object (UserObj_t), defined
+ *	in nsauth.h.  This interface provides only read access to user
+ *	information.  The interface for managing the user database is
+ *	described in nsumgmt.h.
+ */
+
+#include "nserror.h"		/* error frame list support */
+#include "nsautherr.h"		/* authentication error codes */
+#include "nsauth.h"		/* authentication types */
+
+/* Begin private definitions */
+#ifdef __PRIVATE_NSUSER
+
+#include "nsdb.h"
+
+/*
+ * Define structure used to communicate between userEnumerate() and
+ * userEnumHelp().
+ */
+
+typedef struct UserEnumArgs_s UserEnumArgs_t;
+struct UserEnumArgs_s {
+    void * userdb;			/* user database handle */
+    int flags;				/* userEnumerate() flags */
+    int (*func)(NSErr_t * ferrp, void * parg,
+		UserObj_t * uoptr);	/* user function pointer */
+    void * user;			/* user's argp pointer */
+};
+
+/* Define attribute tags for user DB records */
+#define UAT_PASSWORD	0x40		/* password (NTS) */
+#define UAT_UID		0x41		/* user id (USI) */
+#define UAT_ACCFLAGS	0x42		/* account flags (USI) */
+#define UAT_REALNAME	0x43		/* real name (NTS) */
+#define UAT_GROUPS	0x44		/* list of groups (USI...) */
+
+#endif /* __PRIVATE_NSUSER */
+
+/* Begin public definitions */
+
+/* Define flags for userEnumerate() */
+#define UOF_ENUMKEEP	0x1		/* don't free user objects */
+
+NSPR_BEGIN_EXTERN_C
+
+/* User information retrieval operations in nsuser.c */
+extern UserObj_t * userDecode(NTS_t name, int ureclen, ATR_t urecptr);
+extern int userEnumerate(NSErr_t * errp, void * userdb, int flags, void * argp,
+			 int (*func)(NSErr_t * ferrp,
+				     void * parg, UserObj_t * uoptr));
+extern UserObj_t * userFindByName(NSErr_t * errp, void * userdb, NTS_t name);
+extern UserObj_t * userFindByUid(NSErr_t * errp, void * userdb, USI_t uid);
+NSAPI_PUBLIC extern void userFree(UserObj_t * uoptr);
+
+NSPR_END_EXTERN_C
+
+#endif /* __nsuser_h */
diff --git a/include/libaccess/register.h b/include/libaccess/register.h
new file mode 100644
index 00000000..9b5837e4
--- /dev/null
+++ b/include/libaccess/register.h
@@ -0,0 +1,215 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef ACL_REGISTER_HEADER
+#define ACL_REGISTER_HEADER
+
+#include <prhash.h>
+
+#include <ldap.h>
+#include <base/pblock.h>
+#include <base/plist.h>
+#include <libaccess/nserror.h>
+#include <libaccess/acl.h>
+
+typedef	void * ACLMethod_t;
+#define	ACL_METHOD_ANY		(ACLMethod_t)-1
+#define	ACL_METHOD_INVALID	(ACLMethod_t)-2
+extern ACLMethod_t ACL_METHOD_BASIC;
+
+typedef	void * ACLDbType_t;
+#define	ACL_DBTYPE_ANY		(ACLDbType_t)-1
+#define	ACL_DBTYPE_INVALID	(ACLDbType_t)-2
+extern ACLDbType_t ACL_ACL_DBTYPE_LDAP;
+
+typedef int (*AttrGetterFn)(NSErr_t *errp, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth, void *arg);
+typedef int (*AclModuleInitFunc)(pblock *pb, Session *sn, Request *rq);
+typedef int (*DbParseFn_t)(NSErr_t *errp, ACLDbType_t dbtype,
+			   const char *name, const char *url,
+			   PList_t plist, void **db);
+typedef int (*AclCacheFlushFunc_t)(void);
+
+#ifdef __cplusplus
+typedef int (*LASEvalFunc_t)(NSErr_t*, char*, CmpOp_t, char*, int*, void**, PList_t, PList_t, PList_t, PList_t);
+typedef void (*LASFlushFunc_t)(void **);
+#else
+typedef int (*LASEvalFunc_t)();
+typedef void (*LASFlushFunc_t)();
+#endif
+
+/* We need to hide ACLGetter_t */
+typedef struct ACLGetter_s {
+	ACLMethod_t	method;
+	ACLDbType_t	db;
+	AttrGetterFn	fn;
+	void 		*arg;
+} ACLGetter_t;
+typedef ACLGetter_t *ACLGetter_p;
+
+/*
+ *	Command values for the "position" argument to ACL_RegisterGetter
+ *	Any positive >0 value is the specific position in the list to insert
+ *	the new function.
+ */
+#define	ACL_AT_FRONT		0
+#define	ACL_AT_END		-1
+#define	ACL_REPLACE_ALL 	-2
+#define	ACL_REPLACE_MATCHING	-3
+
+#ifdef	ACL_LIB_INTERNAL
+#define	ACL_MAX_METHOD		32
+#define	ACL_MAX_DBTYPE		32
+#endif
+
+NSPR_BEGIN_EXTERN_C
+
+NSAPI_PUBLIC extern int
+	ACL_LasRegister( NSErr_t *errp, char *attr_name, LASEvalFunc_t
+	eval_func, LASFlushFunc_t flush_func );
+NSAPI_PUBLIC extern int
+	ACL_LasFindEval( NSErr_t *errp, char *attr_name, LASEvalFunc_t
+	*eval_funcp );
+NSAPI_PUBLIC extern int
+	ACL_LasFindFlush( NSErr_t *errp, char *attr_name, LASFlushFunc_t
+	*flush_funcp );
+extern void
+	ACL_LasHashInit( void );
+extern void
+	ACL_LasHashDestroy( void );
+
+/*
+ *	Revised, normalized method/dbtype registration routines
+ */
+NSAPI_PUBLIC extern int
+	ACL_MethodRegister(const char *name, ACLMethod_t *t);
+NSAPI_PUBLIC extern int
+	ACL_MethodIsEqual(const ACLMethod_t t1, const ACLMethod_t t2);
+NSAPI_PUBLIC extern int
+	ACL_MethodNameIsEqual(const ACLMethod_t t, const char *name);
+NSAPI_PUBLIC extern int
+	ACL_MethodFind(const char *name, ACLMethod_t *t);
+NSAPI_PUBLIC extern ACLMethod_t
+	ACL_MethodGetDefault();
+NSAPI_PUBLIC extern void
+	ACL_MethodSetDefault(const ACLMethod_t t);
+NSAPI_PUBLIC extern int
+	ACL_AuthInfoGetMethod(PList_t auth_info, ACLMethod_t *t);
+
+NSAPI_PUBLIC extern int
+	ACL_DbTypeRegister(const char *name, DbParseFn_t func, ACLDbType_t *t);
+NSAPI_PUBLIC extern int
+	ACL_DbTypeIsEqual(const ACLDbType_t t1, const ACLDbType_t t2);
+NSAPI_PUBLIC extern int
+	ACL_DbTypeNameIsEqual(const ACLDbType_t t, const char *name);
+NSAPI_PUBLIC extern int
+	ACL_DbTypeFind(const char *name, ACLDbType_t *t);
+NSAPI_PUBLIC extern const ACLDbType_t
+	ACL_DbTypeGetDefault();
+NSAPI_PUBLIC extern void
+	ACL_DbTypeSetDefault(ACLDbType_t t);
+NSAPI_PUBLIC extern int
+	ACL_AuthInfoGetDbType(PList_t auth_info, ACLDbType_t *t);
+NSAPI_PUBLIC extern int
+	ACL_DbTypeIsRegistered(const ACLDbType_t dbtype);
+NSAPI_PUBLIC extern DbParseFn_t
+	ACL_DbTypeParseFn(const ACLDbType_t dbtype);
+
+NSAPI_PUBLIC extern int
+	ACL_AttrGetterRegister(const char *attr, AttrGetterFn fn, ACLMethod_t m,
+	ACLDbType_t d, int position, void *arg);
+typedef ACLGetter_t *AttrGetterList; /* TEMPORARY */
+NSAPI_PUBLIC extern int
+	ACL_AttrGetterFind(PList_t auth_info, const char *attr,
+	AttrGetterList *getters);
+
+NSPR_END_EXTERN_C
+
+
+/* LAS return codes - Must all be negative numbers */
+#define	LAS_EVAL_TRUE		-1
+#define	LAS_EVAL_FALSE		-2
+#define	LAS_EVAL_DECLINE	-3
+#define	LAS_EVAL_FAIL		-4
+#define	LAS_EVAL_INVALID	-5
+#define	LAS_EVAL_NEED_MORE_INFO	-6
+
+#define ACL_ATTR_GROUP	    "group"
+#define ACL_ATTR_RAW_USER_LOGIN "user-login"
+#define ACL_ATTR_AUTH_USER	    "auth-user"
+#define ACL_ATTR_AUTH_TYPE	    "auth-type"
+#define ACL_ATTR_AUTH_DB	    "auth-db"
+#define ACL_ATTR_AUTH_PASSWORD  "auth-password"
+#define ACL_ATTR_USER	    "user"
+#define ACL_ATTR_PASSWORD	    "pw"
+#define ACL_ATTR_USERDN	    "userdn"
+#define ACL_ATTR_RAW_USER	    "raw-user"
+#define ACL_ATTR_RAW_PASSWORD   "raw-pw"
+#define ACL_ATTR_USER_ISMEMBER  "user-ismember"
+#define ACL_ATTR_DATABASE	    "database"
+#define ACL_ATTR_DBTYPE	    "dbtype"
+#define ACL_ATTR_DBNAME	    "dbname"
+#define ACL_ATTR_DATABASE_URL   "url"
+#define ACL_ATTR_METHOD	    "method"
+#define ACL_ATTR_AUTHTYPE	    "authtype"
+#define ACL_ATTR_AUTHORIZATION  "authorization"
+#define ACL_ATTR_PARSEFN	    "parsefn"
+#define ACL_ATTR_ATTRIBUTE	    "attr"
+#define ACL_ATTR_GETTERFN	    "getterfunc"
+#define ACL_ATTR_IP		    "ip"
+#define ACL_ATTR_DNS	    "dns"
+#define ACL_ATTR_MODULE	    "module"
+#define ACL_ATTR_MODULEFUNC	    "func"
+#define ACL_ATTR_GROUPS	    "groups"
+#define ACL_ATTR_IS_VALID_PASSWORD "isvalid-password"
+#define ACL_ATTR_CERT2USER	    "cert2user"
+#define ACL_ATTR_USER_CERT	    "cert"
+#define ACL_ATTR_PROMPT	    "prompt"
+#define ACL_ATTR_TIME	    "time"
+#define ACL_ATTR_USERS_GROUP    "users-group"
+
+#define ACL_DBTYPE_LDAP	    "ldap"
+
+#define METHOD_DEFAULT	    "default"
+
+typedef PRHashTable AttrGetterTable_t;
+
+typedef struct {
+    char *method;
+    char *authtype;
+    char *dbtype;
+    AttrGetterTable_t *attrGetters;
+} MethodInfo_t;
+
+NSPR_BEGIN_EXTERN_C
+
+NSAPI_PUBLIC int ACL_FindMethod (NSErr_t *errp, const char *method, MethodInfo_t **method_info_handle);
+NSAPI_PUBLIC int ACL_RegisterModule (NSErr_t *errp, const char *moduleName, AclModuleInitFunc func);
+NSAPI_PUBLIC int ACL_RegisterMethod (NSErr_t *errp, const char *method, const char *authtype, const char *dbtype, MethodInfo_t **method_info_handle);
+NSAPI_PUBLIC int ACL_RegisterAttrGetter (NSErr_t *errp, MethodInfo_t *method_info_handle, const char *attr, AttrGetterFn func);
+NSAPI_PUBLIC int ACL_UseAttrGettersFromMethod (NSErr_t *errp, const char *method, const char *usefrom);
+NSAPI_PUBLIC int ACL_GetAttribute(NSErr_t *errp, const char *attr, void **val, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth);
+NSAPI_PUBLIC int ACL_FindAttrGetter (NSErr_t *errp, const char *method, const char *attr, AttrGetterFn *func);
+NSAPI_PUBLIC int ACL_CallAttrGetter (NSErr_t *errp, const char *method, const char *attr, PList_t subject, PList_t resource, PList_t auth_info, PList_t global_auth);
+NSAPI_PUBLIC int ACL_RegisterDbType(NSErr_t *errp, const char *dbtype, DbParseFn_t func);
+NSAPI_PUBLIC int ACL_RegisterDbName(NSErr_t *errp, ACLDbType_t dbtype, const char *dbname, const char *url, PList_t plist);
+NSAPI_PUBLIC int ACL_RegisterDbFromACL(NSErr_t *errp, const char *url, ACLDbType_t *dbtype);
+NSAPI_PUBLIC int ACL_DatabaseFind(NSErr_t *errp, const char *dbname,
+				  ACLDbType_t *dbtype, void **db);
+NSAPI_PUBLIC int ACL_SetDefaultDatabase (NSErr_t *errp, const char *dbname);
+NSAPI_PUBLIC int ACL_SetDefaultMethod (NSErr_t *errp, const char *method);
+NSAPI_PUBLIC const char *ACL_DbnameGetDefault (NSErr_t *errp);
+NSAPI_PUBLIC int ACL_LDAPDatabaseHandle (NSErr_t *errp, const char *dbname, LDAP **ld);
+NSAPI_PUBLIC int ACL_AuthInfoGetDbname (NSErr_t *errp, PList_t auth_info, char **dbname);
+NSAPI_PUBLIC int ACL_CacheFlushRegister(AclCacheFlushFunc_t func);
+
+NSPR_END_EXTERN_C
+
+struct program_groups {
+	char **groups;
+	char **programs;
+};
+  
+#endif
diff --git a/include/libaccess/stubs.h b/include/libaccess/stubs.h
new file mode 100644
index 00000000..8efa0923
--- /dev/null
+++ b/include/libaccess/stubs.h
@@ -0,0 +1,6 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+typedef	void	PropList_t;
diff --git a/include/libaccess/symbols.h b/include/libaccess/symbols.h
new file mode 100644
index 00000000..c711f351
--- /dev/null
+++ b/include/libaccess/symbols.h
@@ -0,0 +1,99 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef __symbols_h
+#define __symbols_h
+
+/*
+ * Description (symbols.h)
+ *
+ *	This file describes the interface to an ACL symbol table
+ *	implementation.  The symbol table provides for storing symbols
+ *	keyed by name and type, creating a separate name space for
+ *	each symbol type.
+ */
+
+#ifdef __PRIVATE_SYMBOLS
+
+#include "plhash.h"
+#include "base/crit.h"
+
+/*
+ * Description (SymTable_t)
+ *
+ *	This type describes a symbols table.  It contains a pointer to
+ *	an NSPR hash table and a pointer to a monitor.  The monitor is
+ *	needed even for read access to the symbol table because NSPR
+ *	modifies the list for a hash bucket when a name is looked up.
+ */
+
+typedef struct SymTable_s SymTable_t;
+struct SymTable_s {
+    CRITICAL stb_crit;			/* monitor pointer */
+    PLHashTable * stb_ht;		/* hash table pointer */
+};
+
+
+/* Private functions defined in symbols.c */
+/*
+static PLHashEntry * symAllocEntry(void * pool, const void *unused);
+static void * symAllocTable(void * pool, PRSize size);
+static int symCmpName(const void * name1, const void * name2);
+static int symCmpValue(const void * value1, const void * value2);
+static PLHashNumber symHash(const void * symkey);
+static void symFreeEntry(void * pool, PLHashEntry * he, PRUintn flag);
+static void symFreeTable(void * pool, void * item);
+*/
+#endif /* __PRIVATE_SYMBOLS */
+
+/*
+ * Description (Symbol_t)
+ *
+ *	This type describes a symbol table entry.  A symbol is
+ *	identified by the combination of its name and type.  This
+ *	structure is normally embedded in a structure for a particular
+ *	symbol type, which will contain the symbol "value" information
+ *	as well.
+ */
+
+typedef struct Symbol_s Symbol_t;
+struct Symbol_s {
+    char * sym_name;			/* pointer to symbol name string */
+    int sym_type;			/* symbol type */
+    void *sym_data;			/* symbol data storage */
+};
+
+/* Define error return codes */
+#define SYMERRNOMEM	-1		/* insufficient dynamic memory */
+#define SYMERRDUPSYM	-2		/* duplicate symbol name and type */
+#define SYMERRNOSYM	-3		/* symbol name and type not found */
+
+/* Define return flags for symTableEnumerate() func() */
+#define SYMENUMSTOP	0x1		/* terminate enumeration */
+#define SYMENUMREMOVE	0x2		/* remove entry from symbol table */
+
+NSPR_BEGIN_EXTERN_C
+
+/* Public functions defined in symbols.c */
+extern int symTableAddSym(void * table, Symbol_t * newsym, void * symref);
+extern void symTableRemoveSym(void * table, Symbol_t * sym);
+extern void symTableDestroy(void * table, int flags);
+
+/* for ANSI C++ on SCO UDK, otherwise fn name is managled */
+#ifdef UnixWare
+typedef int (*ArgFn_symTableEnum)(Symbol_t * sym, void * parg);
+extern void symTableEnumerate(void * table, void * argp, ArgFn_symTableEnum);
+#else /* UnixWare */
+extern void symTableEnumerate(void * table, void * argp,
+                              int (*func)(Symbol_t * sym, void * parg));
+#endif /* UnixWare */
+
+extern int symTableFindSym(void * table, char * symname,
+			   int symtype, void **psymref);
+extern int symTableNew(void **ptable);
+
+NSPR_END_EXTERN_C
+
+#endif /* __symbols_h */
diff --git a/include/libaccess/userauth.h b/include/libaccess/userauth.h
new file mode 100644
index 00000000..84bf4d8a
--- /dev/null
+++ b/include/libaccess/userauth.h
@@ -0,0 +1,13 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef USERAUTH_H
+#define USERAUTH_H
+
+NSPR_BEGIN_EXTERN_C
+
+
+NSPR_END_EXTERN_C
+#endif
diff --git a/include/libaccess/usi.h b/include/libaccess/usi.h
new file mode 100644
index 00000000..7cbe7371
--- /dev/null
+++ b/include/libaccess/usi.h
@@ -0,0 +1,81 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef __usi_h
+#define __usi_h
+
+/*
+ * Description (usi.h)
+ *
+ *	This file defines the interface to an unsigned integer datatype.
+ *	Unsigned integers are used to represent object identifiers of
+ *	various sorts, including user ids and group ids.  Functions
+ *	for manipulating lists of USIs are also provided in this
+ *	interface.
+ */
+
+/* Define a type to contain an unsigned integer value */
+typedef unsigned int USI_t;
+
+/* Define a type to describe a list of USI_t values */
+typedef struct USIList_s USIList_t;
+struct USIList_s {
+    int uil_count;		/* number of active values in list */
+    int uil_size;		/* current size of list area in USI_t */
+    USI_t * uil_list;		/* pointer to array of values */
+};
+
+/* Define macro to initialize a USIList_t structure */
+#define UILINIT(uilptr) \
+	{ \
+	    (uilptr)->uil_count = 0; \
+	    (uilptr)->uil_size = 0; \
+	    (uilptr)->uil_list = 0; \
+	}
+
+/* Define a macro to replace the contents of one USIList_t with another's */
+#define UILREPLACE(dst, src) \
+	{ \
+	    if ((dst)->uil_size > 0) { \
+		FREE((dst)->uil_list); \
+	    } \
+	    (dst)->uil_count = (src)->uil_count; \
+	    (dst)->uil_size = (src)->uil_size; \
+	    (dst)->uil_list = (src)->uil_list; \
+	    (src)->uil_count = 0; \
+	    (src)->uil_size = 0; \
+	    (src)->uil_list = 0; \
+	}
+
+/* Define a variation of UILINIT() that frees any allocated space */
+#define UILFREE(uilptr) \
+	{ \
+	    if ((uilptr)->uil_size > 0) { \
+		FREE((uilptr)->uil_list); \
+	    } \
+	    (uilptr)->uil_count = 0; \
+	    (uilptr)->uil_size = 0; \
+	    (uilptr)->uil_list = 0; \
+	}
+
+/* Define a macro to extract the current number of items in a USIList_t */
+#define UILCOUNT(uilptr) ((uilptr)->uil_count)
+
+/* Define a macro to return a pointer to the array of values */
+#define UILLIST(uilptr) ((uilptr)->uil_list)
+
+NSPR_BEGIN_EXTERN_C
+
+/* Define functions in usi.c */
+extern USI_t * usiAlloc(USIList_t * uilptr, int count);
+extern int usiInsert(USIList_t * uilptr, USI_t usi);
+extern int usiPresent(USIList_t * uilptr, USI_t usi);
+extern int usiRemove(USIList_t * uilptr, USI_t usi);
+extern int uilDuplicate(USIList_t * dstptr, USIList_t * srcptr);
+extern int uilMerge(USIList_t * dstptr, USIList_t * srcptr);
+
+NSPR_END_EXTERN_C
+
+#endif /* __usi_h */
diff --git a/include/libaccess/usrcache.h b/include/libaccess/usrcache.h
new file mode 100644
index 00000000..646d1fd9
--- /dev/null
+++ b/include/libaccess/usrcache.h
@@ -0,0 +1,104 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef ACL_USER_CACHE_H
+#define ACL_USER_CACHE_H
+
+#ifdef NSPR20
+#include <plhash.h>
+#else
+#include <nspr/prhash.h>
+#endif
+
+#include <sys/types.h>
+#include <time.h>
+/* Removed for new ns security integration
+#include <sec.h>
+*/
+#include <key.h>
+#include <cert.h>
+#include <prclist.h>
+
+typedef struct {
+    PRCList list;		/* pointer to next & prev obj */
+    char *uid;			/* unique within a database */
+    char *userdn;		/* LDAP DN if using LDAP db */
+    char *passwd;		/* password */
+    SECItem *derCert;		/* raw certificate data */
+    char *group;		/* group recently checked for membership */
+    time_t time;		/* last time when the cache was validated */
+    PRHashTable *hashtable;	/* hash table where this obj is being used */
+} UserCacheObj;
+
+NSPR_BEGIN_EXTERN_C
+
+/* Set the number of seconds the cache is valid */
+extern int acl_usr_cache_set_timeout (const int nsec);
+
+/* Is the cache enabled? */
+extern int acl_usr_cache_enabled();
+
+/* initialize user cache */
+extern int acl_usr_cache_init ();
+
+/* Creates a new user obj entry */
+extern int acl_usr_cache_insert (const char *uid, const char *dbname,
+				 const char *dn, const char *passwd,
+				 const char *group, const SECItem *derCert,
+				 const time_t time);
+
+/* Add group to the user's cache obj. */
+extern int acl_usr_cache_set_group (const char *uid, const char *dbname,
+				    const char *group, const time_t time);
+
+/* Add userdn to the user's cache obj. */
+extern int acl_usr_cache_set_userdn (const char *uid, const char *dbname,
+				     const char *userdn, const time_t time);
+
+/* Returns LAS_EVAL_TRUE if the user's password matches -- also returns the dn */
+extern int acl_usr_cache_passwd_check (const char *uid, const char *dbname,
+				       const char *passwd,
+				       const time_t time, char **dn,
+				       pool_handle_t *pool);
+
+/* Returns LAS_EVAL_TRUE if the user is a member of the group */
+extern int acl_usr_cache_group_check (const char *uid, const char *dbname,
+				      const char *group, const time_t time);
+
+/* Returns LAS_EVAL_TRUE if the user is a member of the group */
+extern int acl_usr_cache_group_len_check (const char *uid, const char *dbname,
+					  const char *group,
+					  const int len,
+					  const time_t time);
+
+/* Returns LAS_EVAL_TRUE if the user's cache is valid and has a group */
+extern int acl_usr_cache_get_group (const char *uid, const char *dbname,
+				    const time_t time, char **group,
+				    pool_handle_t *pool);
+
+/* Returns LAS_EVAL_TRUE if the user is a member of the group */
+extern int acl_usr_cache_userdn_check (const char *uid, const char *dbname,
+				       const char *userdn, const time_t time);
+
+/* Returns LAS_EVAL_TRUE if the user's cache is valid and has userdn */
+extern int acl_usr_cache_get_userdn (const char *uid, const char *dbname,
+				     const time_t time, char **userdn,
+				     pool_handle_t *pool);
+
+/* Creates a new user obj entry for cert to user mapping */
+extern int acl_cert_cache_insert (void *cert, const char *dbname,
+				  const char *uid, const char *dn,
+				  const time_t time);
+
+/* Returns LAS_EVAL_TRUE if the user's cache is valid and returns uid */
+extern int acl_cert_cache_get_uid (void *cert, const char *dbname,
+				   const time_t time, char **uid,
+				   char **dn, pool_handle_t *pool);
+
+NSPR_END_EXTERN_C
+
+
+#endif /* ACL_USER_CACHE_H */
diff --git a/include/libadmin/dbtlibadmin.h b/include/libadmin/dbtlibadmin.h
new file mode 100644
index 00000000..aa828d71
--- /dev/null
+++ b/include/libadmin/dbtlibadmin.h
@@ -0,0 +1,20 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#define LIBRARY_NAME "libadmin"
+
+static char dbtlibadminid[] = "$DBT: libadmin referenced v1 $";
+
+#include "i18n.h"
+
+BEGIN_STR(libadmin)
+	ResDef( DBT_LibraryID_, -1, dbtlibadminid )/* extracted from dbtlibadmin.h*/
+	ResDef( DBT_help_, 1, "  Help  " )/*extracted from template.c*/
+	ResDef( DBT_ok_, 2, "   OK   " )/*extracted from template.c*/
+	ResDef( DBT_reset_, 3, " Reset " )/*extracted from template.c*/
+	ResDef( DBT_done_, 4, "  Done  " )/*extracted from template.c*/
+	ResDef( DBT_cancel_, 5, " Cancel " )/*extracted from template.c*/
+END_STR(libadmin)
diff --git a/include/libadmin/libadmin.h b/include/libadmin/libadmin.h
new file mode 100644
index 00000000..8fdd4fa2
--- /dev/null
+++ b/include/libadmin/libadmin.h
@@ -0,0 +1,1403 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+/* 
+ * libadmin.h - All functions contained in libadmin.a
+ *
+ * All blame goes to Mike McCool
+ */
+
+#ifndef	libadmin_h
+#define	libadmin_h
+
+#include <stdio.h>
+#include <limits.h>
+
+#include "base/systems.h"
+#include "base/systhr.h"
+#include "base/util.h"
+ 
+#include "frame/objset.h"
+#include "frame/req.h"
+
+#ifdef XP_UNIX
+#include <unistd.h>
+#else /* XP_WIN32 */
+#include <winsock.h>
+#endif /* XP_WIN32 */
+
+#include "prinit.h"
+#include "prthread.h"
+#include "prlong.h"
+
+#define NSPR_INIT(Program) (PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 8))
+
+#undef howmany
+
+#define ADM_CONF "admin.conf"
+#define MAGNUS_CONF "magnus.conf"
+#define OBJ_DATABASE "obj.conf"
+#define MIME_TYPES "mime.types"
+#define NSADMIN_CONF "ns-admin.conf"
+#define CERT_LOG "cert.log"
+
+#define SERVER_KEY_NAME "Server-Key"
+#define SERVER_CERT_NAME "Server-Cert"
+
+#define DBPW_USER "admin"
+#define DB_BAD_INPUT_CHARS "<>\""
+#define AUTHDB_ACL_FAIL -1
+#define AUTHDB_ACL_ODD_ACL -2
+#define AUTHDB_ACL_NOT_FOUND -3
+
+#define ACLNAME_READ_COOKIE "formgen-READ-ACL"
+#define ACLNAME_WRITE_COOKIE "formgen-WRITE-ACL"
+
+#define USERNAME_KEYWORD "USERNAME"
+
+typedef struct authInfo_s authInfo_t;
+struct authInfo_s {
+    char *type;
+    char *db_path;
+    char *prompt;
+};  
+
+/* Not defined in any nspr header file, why? */
+PRNetAddr *PR_CreateNetAddr(int PR_IpAddrNull, PRUint16 port);
+
+NSPR_BEGIN_EXTERN_C
+
+NSAPI_PUBLIC char *get_ip_and_mask(char *candidate);   
+NSAPI_PUBLIC int groupOrUser(char *dbname, char *name,
+			     int *is_user, int *is_group); 
+NSAPI_PUBLIC int is_readacl(char *name);
+NSAPI_PUBLIC int is_writeacl(char *name);
+NSAPI_PUBLIC char *get_acl_file(void); /* Full path to file used by server. */
+NSAPI_PUBLIC char *get_workacl_file(void); /* Full path to file updated by ACL forms. */
+NSAPI_PUBLIC int get_acl_names(char **readaclname,
+			       char **writeaclname, char *dir);
+NSAPI_PUBLIC int get_acl_info(char *acl_file, char *acl_name,
+			      void **acl_context, char ***hosts,
+			      authInfo_t **authinfo,
+			      char ***users, char ***userhosts,
+			      int *fdefaultallow);
+NSAPI_PUBLIC int set_acl_info(char *acl_file, char *acl_name, int prefix,
+			      void **pacl, char **rights,
+			      char **hosts, authInfo_t *authinfo,
+			      char **users, char **userhosts,
+			      int fdefaultallow);
+NSAPI_PUBLIC int delete_acl_by_name(char *acl_file, char *acl_name);
+
+NSAPI_PUBLIC int str_flag_to_int(char *str_flag); 
+NSAPI_PUBLIC int admin_is_ipaddr(char *p);
+NSAPI_PUBLIC void get_hostnames_and_ipaddrs(char **hosts,
+					    char **hostnames, char **ipaddrs);
+NSAPI_PUBLIC void load_host_array(char ***hosts,
+				  char *hostnames, char *ipaddrs);
+NSAPI_PUBLIC void load_users_array(char ***users,
+				   char *usernames, char *groups);
+NSAPI_PUBLIC void get_users_and_groups(char **users, char **usernames,
+				       char **groups, char *dbname);  
+NSAPI_PUBLIC char * str_unquote(char * str);
+
+extern NSAPI_PUBLIC char *acl_read_rights[];
+extern NSAPI_PUBLIC char *acl_write_rights[];
+
+#ifdef USE_ADMSERV
+#define CONFDIR(x) get_conf_dir(x)
+#define ACLDIR(x) get_acl_dir(x)
+#define COMMDEST(x) get_commit_dest(x)
+#define SERVER_NAMES getenv("SERVER_NAMES")
+#define ADMCONFDIR getenv("ADMSERV_ROOT")
+#else
+#define ACLDIR(x) "../../httpacl/"
+#define CONFDIR(x) "../config/"
+#define ADMCONFDIR "../config/"
+#endif
+
+#ifdef XP_UNIX
+#define FILE_PATHSEP '/'
+#define OPEN_MODE "r"
+#define QUOTE ""
+#define CONVERT_TO_NATIVE_FS(Filename)
+#define CONVERT_TO_HTTP_FORMAT(Filename)
+#define WSACleanup()
+
+#undef GET_QUERY_STRING
+#define GET_QUERY_STRING() (getenv("QUERY_STRING"))
+#define NOT_ABSOLUTE_PATH(str) (str[0] != '/')
+#define CREATE_DIRECTORY(Directory)
+#define FILE_LOCK_PATH (get_flock_path())
+
+#else /* XP_WIN32 */
+#define verify_adm_dbm
+#define add_user_dbm
+#define find_user_dbm
+#define list_users_dbm
+#define modify_user_dbm
+#define remove_user_dbm
+#define dbm_open
+#define dbm_close
+#define dbm_store
+#define lstat stat
+#define popen _popen
+#define pclose _pclose
+
+#define CONVERT_TO_NATIVE_FS(Filename) 	   \
+{									   	   \
+	register char *s;				   	   \
+	if (Filename)						   \
+		for (s = Filename; *s; s++) 	   \
+			if ( *s	== '/')				   \
+				*s = '\\';				   \
+}									 
+#define CONVERT_TO_HTTP_FORMAT(Filename) 	\
+{									   		\
+	register char *s;					   	\
+	if (Filename)				   			\
+	for (s = Filename; *s; s++) 	   		\
+		if ( *s	== '\\')				   	\
+			*s = '/';				   		\
+}									 
+#define FILE_PATHSEP '/'
+#define OPEN_MODE "r+b"
+#define QUOTE "\""
+
+
+#undef GET_QUERY_STRING
+#define GET_QUERY_STRING() (GetQueryNT())
+/* Defined in util.c */
+NSAPI_PUBLIC char *GetQueryNT(void);
+#define NOT_ABSOLUTE_PATH(str) \
+  ((str[0] != '/') && (str[0] != '\\') && (str[2] != '/') && (str[2] != '\\'))
+
+#define CREATE_DIRECTORY(Directory) CreateDirectory(Directory, NULL)
+#define FILE_LOCK_PATH (get_flock_path()) 
+
+#endif /* XP_WIN32 */
+
+
+/* error types */
+#define FILE_ERROR 0
+#define MEMORY_ERROR 1
+#define SYSTEM_ERROR 2
+#define INCORRECT_USAGE 3
+#define ELEM_MISSING 4
+#define REGISTRY_DATABASE_ERROR 5
+#define NETWORK_ERROR 6
+#define GENERAL_FAILURE 7
+#define WARNING 8
+
+/* The upper bound on error types */
+#define MAX_ERROR 9
+
+/* The default error type (in case something goes wrong */
+#define DEFAULT_ERROR 3
+
+/* The change types for admin logging */
+#define TO_MAGNUS "magnus.conf"
+#define TO_OBJCONF "obj.conf"
+#define TO_ACLFILE "generated.acl"
+#define TO_STATUS "status"
+#define TO_ADMIN "admserv"
+#define TO_USERDB "userdb"
+#define TO_SEC "security"
+#define TO_BACKUP "backup"
+#define TO_CACHE "cache"
+#define TO_BUCONF "bu.conf"
+#define TO_LDAP "ldap"
+
+/* The indexes for conf file backup purposes */ 
+#define BK_MAGNUS 0
+#define BK_OBJ 1
+#define BK_MIMETYPES 2
+#define BK_BU 3
+#define BK_ACLFILE 4     
+
+/* The extension for backup files to use.  Emacs weenies like "%s.~%d~" */
+/* But real vi men like this one */
+#define BACKUP_EXT "%s.v%d"
+/* Need also a way to identify the backup files when we're doing an ls */
+#define BACKUP_SHORT ".v"
+
+/* User database defines */
+#define IS_A_DBM 1
+#define IS_A_NCSA 2
+
+#define REMOVE_FROM_DB "-REMOVE_THIS_USER"
+#define DB_INC "inc"
+#define NCSA_EXT "pwf"
+
+/* We now use the client DB libs, so they're all '.db' with no second file. */
+#define DBM_EXT_1 "db"
+#define DBM_EXT_2 NULL
+
+/* Define the functions in a central place so that obj.conf viewer can get 
+ * to them */
+#ifdef MCC_PROXY
+#define BASIC_NCSA_FN   "proxy-auth"
+#define REQUIRE_AUTH_FN "require-proxy-auth"
+#define CHECK_ACL_FN  "check-acl"
+#else
+#define BASIC_NCSA_FN   "basic-ncsa"
+#define REQUIRE_AUTH_FN "require-auth"
+#define CHECK_ACL_FN  "check-acl"
+#endif
+
+
+/* Frame window names. */
+#define INDEX_NAME "index"
+#define MESSAGE_NAME "msgs"
+#define TOP_NAME "tabs"
+#define BOTTOM_NAME "category"
+#define OPTIONS_NAME "options"
+#define CONTENT_NAME "content"
+#define COPY_NAME "copy"
+
+#define INFO_IDX_NAME "infowin"
+#define INFO_TOPIC_NAME "infotopic"
+#define HELP_WIN_OPTIONS "'resizable=1,width=500,height=500'"
+
+
+/* pblock types, either it's a ppath, or it's a name. */
+#define PB_NAME 1
+#define PB_PATH 2
+
+/* Resource types */
+#define NAME "name"
+#define FILE_OR_DIR "path"
+#define TEMPLATE "tmpl"
+#define WILDCARD "wild"
+
+/* A really big form line */
+#define BIG_LINE 1024
+
+/* Max size for a pathname */
+#ifndef PATH_MAX
+#define PATH_MAX 256
+#endif
+
+
+/* Boundary string for uploading / downloading config files. */
+#define CF_BOUNDARY  "--Config_File_Boundary--"
+#define CF_NEWCONFIG "--NewConfigFile:"
+#define CF_MTIME "--LastMod:"
+#define CF_ERRSTR "--Error: "
+#define CFTRANS_BIN "bin/cftrans"
+#define CF_REMOTE_URL "#RemoteUrl "
+ 
+#define HTML_ERRCOLOR "#AA0000"
+
+#define MOCHA_NAME "JavaScript"
+
+/* Internationalization stuffs.  If we define MSG_RETURN, then create a 
+ * function which will return a string of the given identifier.  If we 
+ * define MSG_DBM, it creates a function you can call to create the DBM
+ * properly.  Finally, if nothing else, it will create a mapping from 
+ * the string's name to its proper ID number. */
+/* store_msg is in mkdbm.c, in the admin stuff */
+/* get_msg.c */
+NSAPI_PUBLIC char *get_msg(int msgid);
+NSAPI_PUBLIC void store_msg(int msgid, char *msg);
+ 
+#if defined(MSG_RETURN)
+#define BGN_MSG(arg) static char *(arg)(int i)  { switch(i)  {
+#define STR(name, id, msg) case (id): return(msg);
+#define END_MSG(arg) } return 0; }
+ 
+#elif defined(MSG_DBM)
+#define BGN_MSG(arg) void (arg)()  {
+#define STR(name, id, msg)  store_msg(id, msg);
+#define END_MSG(arg) }
+ 
+#else
+#define BGN_MSG(arg) enum {
+#define STR(name, id, msg)    name=id,
+#define END_MSG(arg) arg=0 };
+#endif
+ 
+/* The files where the messages are kept. */
+#define LA_BASE 1000
+#define LA_BASE_END 1999
+#define LA_DBM_LOC "./la_msgs"
+ 
+#define HADM_BASE 2000
+#define HADM_BASE_END 5999
+#define HADM_DBM_LOC "./hadm_msgs"
+ 
+#include "la_msgs.i"
+#include "hadm_msgs.i"
+ 
+/* Initialize libadmin.  Should be called by EVERY CGI. */
+/* util.c */
+NSAPI_PUBLIC int ADM_Init(void);
+
+/* Open a .html file to parse it.  Returns a file ptr (simple fn, really) */
+/* error one doesn't call report_error so we lose the infinite loop prob */
+/* form_get.c */
+NSAPI_PUBLIC FILE *open_html_file(char *filename);
+NSAPI_PUBLIC FILE *open_error_file(char *filename);
+
+/* Same as open_html_file, but opens the html file from the specified */
+/* language subdirectory, if available, else from the default language */
+/* subdirectory. */
+/* form_get.c */
+NSAPI_PUBLIC FILE* open_html_file_lang(char* filename,char* language);
+
+/* Parse an HTML file and return it to the client.  */
+/* form_get.c */
+NSAPI_PUBLIC void return_html_file(char *filename);
+
+/* Parse an HTML file, return it to the client, but don't set the referer */
+/* form_get.c */
+NSAPI_PUBLIC void return_html_noref(char *filename);
+
+/* Output an input of an arbitrary type.  Not really that flexible. */
+/* form_get.c */
+NSAPI_PUBLIC void output_input(char *type, char *name, char *value, char *other);
+
+/* Get the next line from the file.  Returns 0 when EOF is encountered. */
+/* form_get.c */
+NSAPI_PUBLIC int next_html_line(FILE *f, char *line);
+
+
+
+/* Get the referer from the config file */
+/* referer.c */
+NSAPI_PUBLIC char *get_referer(char **config);
+
+/* Set the referer and write out the config file */
+/* referer.c */
+NSAPI_PUBLIC void set_referer(char **config);
+
+/* Sets the referer to a script that's not you.  If new_ref is an absolute ref,
+ * it will cat that with SERVER_URL; if it's not, it will replace the
+ * current script name with new_ref. */
+/* referer.c */
+NSAPI_PUBLIC void set_fake_referer(char *new_ref);
+
+/* Redirect the person to the Referer, or give a short error message */
+/* referer.c */
+NSAPI_PUBLIC void redirect_to_referer(char *addition);
+
+/* Opens the referer in the content window using JavaScript */
+/* referer.c */
+NSAPI_PUBLIC void js_open_referer(void);
+
+/* Redirect to the given script. Assumes that SCRIPT_NAME is set to a script */
+/* referer.c */
+NSAPI_PUBLIC void redirect_to_script(char *script);
+
+
+/* Filter a line using templates, and spit the results to stdout */
+/* template.c */
+NSAPI_PUBLIC int parse_line(char *line, char **input);
+
+/* Since everyone seems to be doing this independently, at least centralize
+   the code.  Useful for onClicks and automatic help */
+NSAPI_PUBLIC char *helpJavaScript();
+NSAPI_PUBLIC char *helpJavaScriptForTopic( char *topic );
+
+/* Check to see if a directive the parser didn't know about is a given 
+ * directive */
+/* template.c */
+NSAPI_PUBLIC int directive_is(char *target, char *directive);
+
+/* Export the pageheader because sec-icrt uses it --MLM */
+/* template.c */
+NSAPI_PUBLIC void pageheader(char **vars, char **config);
+
+
+/* Report an error.  Takes 3 args: 1. Category of error 
+ *                                 2. Some more specific category info (opt)
+ *                                 3. A short explanation of the error. 
+ * 
+ * report_warning: same thing except doesn't exit when done whining
+ */
+/* error.c */
+NSAPI_PUBLIC void output_alert(int type, char *info, char *details, int wait);
+NSAPI_PUBLIC void report_error(int type, char *info, char *details);
+NSAPI_PUBLIC void report_warning(int type, char *info, char *details);
+
+/* Read the administrative config from the server admin root */
+/* Mult adm gets a particular adm config (for multiple server config) */
+/* admconf.c */
+NSAPI_PUBLIC char **get_adm_config(void);
+NSAPI_PUBLIC char **get_mult_adm_config(int whichone);
+
+/* Write the administrative config back to the file */
+/* Mult adm saves a particular adm config (for multiple server config) */
+/* admconf.c */
+NSAPI_PUBLIC int write_adm_config(char **config);
+NSAPI_PUBLIC int write_mult_adm_config(int whichone, char **config);
+
+/* An additional level of abstraction for resource grabbing.  Gets the current
+ * resource from the config set. */
+/* admconf.c */
+NSAPI_PUBLIC char *get_current_resource(char **config);
+
+/* Gets the string of the current resource type */
+/* admconf.c */
+NSAPI_PUBLIC char *get_current_typestr(char **config);
+
+/* Gets the pblock type of the current resource from the config set. */
+/* admconf.c */
+NSAPI_PUBLIC int get_current_restype(char **config);
+
+/* Sets the current resource given its type and its data. */
+/* admconf.c */
+NSAPI_PUBLIC void set_current_resource(char **config, char *nrestype, char *nres);
+
+
+/* Get the value of a particular variable in magnus.conf */
+/* get_num_mag_var: get only a particular server's value for it */
+/* magconf.c */
+NSAPI_PUBLIC char *get_mag_var(char *var);
+NSAPI_PUBLIC char *get_num_mag_var(int whichsrv, char *var);
+
+/* Set the value of a particular variable in magnus.conf */
+/* magconf.c */
+NSAPI_PUBLIC void set_mag_var(char *name, char *value);
+
+/* Get the value of a particular variable in cert.log */
+NSAPI_PUBLIC char *get_cert_var(char *var);
+NSAPI_PUBLIC char *get_num_cert_var(int whichsrv, char *var);
+
+/* Set the value of a particular variable in cert.log */
+NSAPI_PUBLIC void set_cert_var(char *name, char *value);
+
+/* Get the value of a particular variable in ns-admin.conf */
+/* admserv.c */
+NSAPI_PUBLIC char *get_nsadm_var(char *var);
+NSAPI_PUBLIC char **scan_server_instance(char *, char **);
+
+
+/* Set the value of a particular variable in ns-admin.conf */
+/* admserv.c */
+NSAPI_PUBLIC void set_nsadm_var(char *name, char *value);
+
+/* List all of the installed servers on the admin server.  */
+/* Takes 1 arg (string list of identifiers for servers, such as */
+/* httpd, https, proxy, news) */
+/* admserv.c */
+NSAPI_PUBLIC char **list_installed_servers(char **namelist);
+
+/* Reads in the list of servers installed on this machine.  Fills in 
+ * two string lists (one of names, one of descriptions.)  *servlist and
+ * *desclist will be allocated for you. */
+NSAPI_PUBLIC void read_server_lst(char ***namelist, char ***desclist);
+NSAPI_PUBLIC void read_keyalias_lst(char ***namelist);
+NSAPI_PUBLIC void read_certalias_lst(char ***namelist);
+NSAPI_PUBLIC void get_key_cert_files(char *alias, char **keyfile, char **certfile);
+NSAPI_PUBLIC void display_aliases(char *keyfile, char **aliaslist);
+
+/* Create a new object (i.e. empty "<Object name=foo></Object>" in the
+ * config files. */
+/* objconf.c */
+NSAPI_PUBLIC void add_object(int objtype, char *id);
+
+/* Destroy a given object and all its contents.  */
+/* objconf.c */
+NSAPI_PUBLIC void delete_object(int objtype, char *id);
+
+/* Grab a given object  */
+/* objconf.c */
+NSAPI_PUBLIC httpd_object *grab_object(int objtype, char *id);
+
+/* List all objects of the given type. */
+/* objconf.c */
+NSAPI_PUBLIC char **list_objects(int objtype);
+
+/* Count how many objects there are of the given type. */
+/* objconf.c */
+NSAPI_PUBLIC int count_objects(int objtype);
+
+/* Return the total number of objects in the configuration. */
+/* objconf.c */
+NSAPI_PUBLIC int total_object_count(void);
+
+/* Find a particular instance of a parameter in a particular object and a
+ * particular directive.  id_type and id_value are optional parameter 
+ * specifiers if you want not just the first instance of a function.
+ */
+/* objconf.c */
+NSAPI_PUBLIC pblock *grab_pblock(int objtype, char *object, char *directive, 
+                    char *function, char *id_type, char *id_value);
+
+/* Grab a pblock, but don't use the "fn" parameter.  Instead of "fn",
+ * use the string "fname" to identify the block. */
+/* objconf.c */
+NSAPI_PUBLIC pblock *grab_pblock_byid(int objtype, char *object, char *directive, 
+                         char *fname, char *function, char *id_type, 
+                         char *id_value);
+
+/* Add a new parameter block into the given object, of the given directive
+ * type, using the given function, and with the list of parameters given
+ * (should be called like this:)
+ *
+ * add_pblock(PB_NAME, "default", "NameTrans", "pfx2dir", 
+ *            4, "from", "/foo", "dir", "/bar");
+ * Returns the new pblock for posterity
+ */
+/* objconf.c */
+NSAPI_PUBLIC pblock *add_pblock(int objtype, char *object, char *directive, char *function,
+                int nargs, ...);
+
+/* Create a new pblock, but don't save it or anything. */
+/* objconf.c */
+NSAPI_PUBLIC pblock *new_pblock(char *function, int nargs, ...);
+
+/* Destroy a paramter block.  Same call patterns as grab_pblock. */
+/* objconf.c */
+NSAPI_PUBLIC void delete_pblock(int objtype, char *object, char *directive, char *function,
+                    char *id_type, char *id_value);
+
+/* Set the values of a given pblock to these new values.  Arg passing is same
+ * as for add_pblock()
+ */
+/* objconf.c */
+NSAPI_PUBLIC void set_pblock_vals(pblock *pb, int nargs, ...);
+
+/* List all the pblocks you can find with the given object, directive, and
+ *  function.  Returns a pointer to a list of pblock *'s just like a strlist.
+ */
+/* objconf.c */
+NSAPI_PUBLIC pblock **list_pblocks(int objtype, char *object, char *direct, char *function);
+
+/* Get the client pblock from a given directive, specified as above in 
+ * grab_pblock.
+ */
+/* objconf.c */
+NSAPI_PUBLIC pblock *grab_client(int objtype, char *object, char *directive, 
+                    char *function, char *id_type, char *id_value);
+
+/* Add a client pblock to a given object.  If you have a pblock, send it
+ * in oldpb, if not, send NULL and it will create one with a 
+ * "PathCheck fn=deny-existence" directive for you.
+ *
+ * Send the nargs just like above; assumedly there's only two: client and ip.
+ */
+/* objconf.c */
+NSAPI_PUBLIC void add_client(int objtype, char *object, char *direct, 
+                pblock *oldpb, int nargs, ...);
+
+/* List all the clients you can find with the given object, directive, and
+ *  function.  Returns a pointer to a list of directive *'s (struct with 
+ *  two pblock ptrs: param and client)
+ */
+/* objconf.c */
+NSAPI_PUBLIC directive **list_clients(int objtype, char *object, char *direct, 
+                         char *function);
+
+/* Delete a client, as identified by directive, path=blah in param part,
+ * dns=blah in client part, and ip=blah in client part. */
+/* objconf.c */
+NSAPI_PUBLIC void delete_client(int objtype, char *object, char *direct, char *path, 
+                   char *dns, char *ip);
+
+/* Gets the directive associated with a given pblock. */
+/* objconf.c */
+NSAPI_PUBLIC directive *get_pb_directive(int objtype, char *object, 
+                            char *directive, pblock *pb);
+NSAPI_PUBLIC directive *get_cl_directive(int objtype, char *object, 
+                            char *directive, pblock *cl);
+
+/* Delete a pblock by its pointer.  (Note: I should have done this function
+ * long ago.  Grr. */
+/* objconf.c */
+NSAPI_PUBLIC void delete_pblock_byptr(int objtype, char *object, 
+                         char *directive, pblock *pb);
+
+/* Init directives are now in obj.conf, deal with them there. */
+/* ---------------------------------------------------------- */
+ 
+/* Get the value of an init variable in pblock form. */
+/* objconf.c */
+NSAPI_PUBLIC pblock *get_mag_init(char *fn);
+ 
+/* Get only a particular mag init */
+/* objconf.c */
+NSAPI_PUBLIC pblock *get_specific_mag_init(char *fn, char *name, char *value);
+
+/* Get all instances of the same Init function as an array of pblock ptrs */
+/* objconf.c */
+NSAPI_PUBLIC pblock **get_all_mag_inits(char *fn);
+ 
+/* Set the value of an init variable.  If it exists, modify existing, if not,
+ * create it.
+ * If the key_nam and key_val are set, also the parameter named key_val
+ * will be used when matching against the specific directive.  This will
+ * allow multiple calls to the same Init function, with a specific parameter
+ * value together with the function name uniquely identifying the specific
+ * Init function call.
+ */
+/* objconf.c */
+NSAPI_PUBLIC void set_mag_init(char *fn, char *key_nam, char *key_val, int nargs, ...);
+ 
+/* Delete an instance of an Init variable. */
+/* objconf.c */
+NSAPI_PUBLIC void delete_mag_init(char *fn);
+NSAPI_PUBLIC void delete_specific_mag_init(char *fn, char *key_nam, char *key_val);
+ 
+
+/* Commit all outstanding config stuff from admin directory to the actual
+ * server.  Does not restart the server. */
+/* Argument authlist is a string list of authorization strings 
+ * (username:password) to send to remote servers (or NULL if it is a 
+ * local machine.) */
+/* commit.c */
+NSAPI_PUBLIC int do_commit(char **authlist);
+
+/* Back out from outstanding changes. Authlist same as above. */
+/* commit.c */
+NSAPI_PUBLIC int do_undo(char **authlist);
+
+/*  Prints outstanding changes to server to stdout. */
+/* commit.c */
+NSAPI_PUBLIC void output_uncommitted(void);
+
+/* Returns a flag saying whether there are outstanding changes that need to
+ * be committed.  If you've already read in admin.conf, send a pointer to 
+ * it here.  Or else send NULL, and it'll read it in.  */
+/* commit.c */
+NSAPI_PUBLIC int needs_commit(char **config);
+
+/* Sets the flag to say whether we need to commit or not.  1 means "yes,
+ * we need to commit."  0 means "No, I just committed the changes." 
+ * whichsrv is which server to set the bit in (if you're configuring 
+ * multiple servers.) */
+/* commit.c */
+NSAPI_PUBLIC void set_commit(int whichsrv, int needscommit);
+
+/* Returns an int for which backup number to use. 0=magnus, 1=obj*/
+/* index is which server among the list you want to use (mult config) */
+/* commit.c */
+NSAPI_PUBLIC int get_bknum(int which, int index);
+
+/* Sets the current backup number. */
+/* index is which server among the list you want to use. */
+/* commit.c */
+NSAPI_PUBLIC void set_bknum(int num, int which, int index);
+
+/* Backs up given file, using number in admconf. */
+/* commit.c */
+NSAPI_PUBLIC void conf_backup(char *whichfile, int index, int whichsrv);
+
+/* Gets the last known modification time for a config file.  
+ * When you do a commit, this is set to the mod time after you do
+ * the commit.  Later, when you want to see if the file you're about
+ * to upload has changed, you check this value. */
+/* commit.c */
+NSAPI_PUBLIC time_t get_org_mtime(int whichsrv, int whichfile);
+
+/* Gets and sets the three modification times as they were stored in 
+ * admin.conf. */
+/* Useful in remote transactions. */
+/* commit.c */
+NSAPI_PUBLIC char *get_mtime_str(int whichsrv);
+NSAPI_PUBLIC void set_mtime_str(int whichsrv, char *str);
+
+/* Sets that same value (see above) */
+/* commit.c */
+NSAPI_PUBLIC void set_org_mtime(int whichsrv, int whichfile, time_t mtime);
+
+/* Set the modification times for *all* of the files needing this check,
+ * assuming admin.conf got lost or hasn't been created yet. */
+/* When it doubt, set to zero. */
+NSAPI_PUBLIC void set_all_org_mtimes(void);
+
+
+/* Create an internal list of the servers which are being changed. */
+/* Returns the total number of servers in the list. */
+/* multconf.c */
+NSAPI_PUBLIC int make_conflist(void);
+
+/* Don't use this function.  It's a grotesque hack.  It's used by the admin
+ * page to fake the on/off buttons for the servers. */
+/* multconf.c */
+NSAPI_PUBLIC int fake_conflist(char *fakename);
+
+/* Get the current admin config directory.  Takes an int to say which one
+ * (of the list of servers to configure) you're interested in, so you can
+ * for loop through them.  Always use 0 if you want the first one. */
+/* multconf.c */
+NSAPI_PUBLIC char *get_conf_dir(int whichone);
+NSAPI_PUBLIC char *get_alias_dir(void);
+NSAPI_PUBLIC void read_alias_files(char ***aliasfiles);
+NSAPI_PUBLIC void read_aliases(char ***aliaslist);
+ 
+/* Return 1 if this server number whichone is a not on the local machine. */
+/* multconf.c */
+NSAPI_PUBLIC int is_remote_server(int whichone);
+
+/* Return 1 if we are configuring the admin server. */
+/* multconf.c */
+NSAPI_PUBLIC int is_admserv(void);
+
+/* Return 1 if there is a remote server in the list of servers to config. */
+/* Return 0 if not. */
+/* multconf.c */
+NSAPI_PUBLIC int remote_server_inlist(void);
+
+/* Get the ultimate destination for a particular config file set.  Same 
+ * arg as above function. */
+/* multconf.c */
+NSAPI_PUBLIC char *get_commit_dest(int whichone);
+
+/* Get the name of the indicated server (for logging purposes etc.) */
+/* Send -1 for a string with all of them. */
+/* multconf.c */
+NSAPI_PUBLIC char *get_srvname(int whichsrv);
+
+
+/* Some simple buffering tools */
+/* Keeps a buffer for network info, and a buffer for returning lines */
+/* httpcon.c */
+typedef struct bufstruct {
+    char *buf;
+    int bufsize;
+    int curpos;
+    int inbuf;
+    char *hbuf;
+    int hbufsize;
+    int hbufpos;
+} bufstruct;
+ 
+/* Make a new buffer.  Flush the rest of a buffer (leaving the contents
+ * unread.  Delete a buffer structure. */
+/* httpcon.c */
+NSAPI_PUBLIC bufstruct *new_buffer(int bufsize);
+NSAPI_PUBLIC void flush_buffer(bufstruct *buf);
+NSAPI_PUBLIC void delete_buffer(bufstruct *buf);
+
+/* stdio replacement for a network connection (so shoot me) */
+/* httpcon.c */
+NSAPI_PUBLIC char *get_line_from_fd(PRFileDesc *fd, bufstruct *buf);
+
+/* send a line to a remote server (equivalent to write()) */
+/* httpcon.c */
+NSAPI_PUBLIC int send_line_to_fd(PRFileDesc *fd, char *line, int linesize);
+
+/* Decompose a URL into protocol, server, port, and URI.  You needn't allocate
+ * the strings you're passing, will be done for you. */
+/* httpcon.c */
+NSAPI_PUBLIC int decompose_url(char *url, char **protocol, char **server, unsigned int *port, char **uri);
+
+/* Take a status line "HTTP/1.0 200 OK" or some such and produce a protocol
+ * status number. */
+/* httpcon.c */
+NSAPI_PUBLIC int parse_status_line(char *statusline);
+
+/* Returns whether the headers have now ended (with the line you give it) */
+/* httpcon.c */
+NSAPI_PUBLIC int is_end_of_headers(char *hline);
+
+/* Make an HTTP request to a given server, running on a given port, 
+ * with the given initial request.  Returns a FD that can be used 
+ * to read / write to the connection. */
+/* Note: Reports status to stdout in HTML form.  Bad?  Perhaps... */
+/* httpcon.c */
+NSAPI_PUBLIC PRFileDesc *make_http_request(char *protocol, char *server, unsigned int port, char *request, int *errcode);
+
+/* Terminate an HTTP request session (see above) */
+/* httpcon.c */
+NSAPI_PUBLIC void end_http_request(PRFileDesc *req_socket);
+
+/* Verify that given server is an admin server. */
+NSAPI_PUBLIC int verify_is_admin(char *protocol, char *server, int port);
+
+
+/* Log a change in the verbose admin log.  kind is a string representing
+ * what kind of change it was (see #defines at top of file, such as MAGNUS_LOG)
+ * Change is the text of the change, in printf format (so you can give args). */
+/* admlog.c */
+NSAPI_PUBLIC void log_change(char *kind, char *change, ...);
+
+/* Get a pretty string for the current resource for logging. */
+/* admlog.c */
+NSAPI_PUBLIC char *log_curres(char **config);
+
+
+/* List all the user databases (actually, all files) in a given path into a 
+ * strlist. */
+/* userdb.c */
+NSAPI_PUBLIC char **list_user_dbs(char *fullpath);
+
+NSAPI_PUBLIC char **list_auth_dbs(char *fullpath);
+
+/* Output the 1.x database selector.  Path is the path to the DB's, element is
+ * the desired SELECT name, current is the one that should currently be
+ * selected. */
+/* userdb.c */
+NSAPI_PUBLIC void output_db_selector(char *path, char *element, char *current);
+
+/* Output the 2.x database selector.  Path is the path to the DB's, element is
+ * the desired SELECT name, current is the one that should currently be
+ * selected. */
+NSAPI_PUBLIC void output_authdb_selector(char *path, char *element, char *current);
+
+/* Sets which DB is considered current. */
+/* userdb.c */
+NSAPI_PUBLIC void set_current_db(char *current); /* obsolete 1.x */
+
+/* Sets which DB is considered current (2.x version). */
+NSAPI_PUBLIC void set_current_authdb(char *current);
+NSAPI_PUBLIC char *get_current_authdb(void);
+
+/* Detect the type of the given database. */
+/* WARNING: REMOVES THE EXTENSION!!! */
+/* userdb.c */
+NSAPI_PUBLIC int detect_db_type(char *db_name);
+
+/* Find a user within an NCSA database, and return */
+/* userdb.c */
+NSAPI_PUBLIC char *find_user_ncsa(char *db, char *user);
+
+/* Add a user to an NCSA style database */
+/* userdb.c */
+NSAPI_PUBLIC void add_user_ncsa(char *db, char *user, char *password, int enc);
+
+/* List all the users in an NCSA style database */
+/* userdb.c */
+NSAPI_PUBLIC char **list_users_ncsa(char *db);
+
+/* Modify a user in an NCSA style database */
+/* userdb.c */
+NSAPI_PUBLIC int modify_user_ncsa(char *db, char *user, char *pw);
+
+/* Verify the admin password, or die.  Returns 1 if there is one, 0 if not */
+/* userdb.c */
+NSAPI_PUBLIC int verify_adm_ncsa(char *db, char *pw);
+
+/* Remove a user from an NCSA style database */
+/* userdb.c */
+NSAPI_PUBLIC int remove_user_ncsa(char *db, char *user);
+
+#ifdef XP_UNIX /* WIN32 has no DBM */
+/* Find a user within a DBM database, and return */
+/* userdb.c */
+char *find_user_dbm(char *db, char *user);
+
+/* Add a user to a DBM database */
+/* userdb.c */
+void add_user_dbm(char *db, char *user, char *password, int enc);
+
+/* List all the users in a DBM */
+/* userdb.c */
+char **list_users_dbm(char *db);
+
+/* Modify a user in a DBM database */
+/* userdb.c */
+int modify_user_dbm(char *db, char *user, char *pw);
+
+/* Verify the admin password, or die.  Returns 1 if there is one, 0 if not */
+/* userdb.c */
+int verify_adm_dbm(char *db, char *pw);
+
+/* Remove a user from a DBM */
+/* userdb.c */
+int remove_user_dbm(char *db, char *user);
+
+#endif /* WIN32 */
+
+
+/* Checks to see if server is running.  Doesn't work over network.  Returns 0
+ * if it's down, 1 if it's up, -1 if an error occurred. */
+/* pcontrol.c */
+NSAPI_PUBLIC int is_server_running(int whichsrv);
+
+/* Starts up the HTTP server. Puts the errors into /tmp/startup.[pid] */
+/* Returns 0 on success, 1 on failure */
+/* Restart restarts it, shutdown shuts it down */
+/* pcontrol.c */
+NSAPI_PUBLIC int startup_http(int, char*, char *);
+NSAPI_PUBLIC int restart_http(int, char*, char *);
+NSAPI_PUBLIC int shutdown_http(int, char*);
+
+/* As above, but for SNMP HTTP subagent */
+/* pcontrol.c */
+NSAPI_PUBLIC int startup_snmp();
+NSAPI_PUBLIC int restart_snmp();
+NSAPI_PUBLIC int shutdown_snmp();
+
+/* Performs the request rq, for server (in list) whichsrv, using auth as
+ * auth info.
+ * 
+ * successmsg is the prefix on lines that are returned from the remote
+ * server that indicate success. */
+/* pcontrol.c */
+NSAPI_PUBLIC int perform_request(char *req, int whichsrv, char *auth, char *successmsg);
+
+/* Escapes a shell command for system() calls.  NOTE: This string should
+ * be large enough to handle expansion!!!! */
+/* util.c */
+NSAPI_PUBLIC void escape_for_shell(char *cmd);
+
+/* Lists all files in a directory.  If dashA list .files except . and .. */
+/* util.c */
+NSAPI_PUBLIC char **list_directory(char *path, int dashA);
+
+/* Does a given file exist? */
+/* util.c */
+NSAPI_PUBLIC int file_exists(char *filename);
+
+/* What's the size of a given file? */
+/* util.c */
+NSAPI_PUBLIC int get_file_size(char *path);
+
+/* Create a directory path if it does not exist (mkdir -p) */
+/* util.c */
+NSAPI_PUBLIC int ADM_mkdir_p(char *dir, int mode);
+
+/* Copy a directory recursively. */
+/* util.c */
+NSAPI_PUBLIC int ADM_copy_directory(char *src_dir, char *dest_dir);
+
+/* Remove a directory recursively. Same as remove_directory except that
+   filenames arent printed on stdout */
+/* util.c */
+NSAPI_PUBLIC void ADM_remove_directory(char *path);
+
+#ifdef XP_UNIX
+/* Obtain Unix SuiteSpot user/group information */
+/* util.c */
+NSAPI_PUBLIC int ADM_GetUXSSid(char *, char **, char **);
+#endif
+
+/* Return: LastModificationTime(f1) < LastModificationTime(f2) ? */
+/* util.c */
+NSAPI_PUBLIC int mtime_is_earlier(char *file1, char *file2);
+
+/* Return: the last mod time of fn */
+/* util.c */
+NSAPI_PUBLIC time_t get_mtime(char *fn);
+
+/* Does this string have all numbers? */
+/* util.c */
+NSAPI_PUBLIC int all_numbers(char *target);
+/* Valid floating point number? */
+NSAPI_PUBLIC int all_numbers_float(char *target);
+
+/* Get the [ServerRoot]/config directory. */
+/* whichone is which server you're interested in.  */
+/* 0 if you want the first one.*/
+/* util.c */
+NSAPI_PUBLIC char *get_admcf_dir(int whichone);
+
+/* Get the admin server's [ServerRoot]/config directory */
+NSAPI_PUBLIC char *get_admservcf_dir(void);
+
+/* Get the admin/userdb directory. */
+/* util.c */
+NSAPI_PUBLIC char *get_userdb_dir(void);
+/* Get the V2.x admin/userdb directory. */
+/* util.c */
+NSAPI_PUBLIC char *get_authdb_dir(void);
+NSAPI_PUBLIC char *get_httpacl_dir(void);
+
+
+/* V2.x User admin functions.  They take a full path of
+   the directory where the databases live, and perform
+   various operations on the databases.  They open and
+   close the DBM, so they can not be called when the
+   database is already open.  The output_xxx ones spit
+   out various HTMLized admin data.
+*/
+NSAPI_PUBLIC int getfullname(char *dbname, char *user, char **fullname); 
+NSAPI_PUBLIC int setfullname(char *dbname, char *user, char *fullname);
+NSAPI_PUBLIC int setpw(char *dbname, char *user, char *pwd);
+NSAPI_PUBLIC int setdbpw(char *dbname, char *pwd);
+NSAPI_PUBLIC int checkdbpw(char *dbname, char *pwd);
+NSAPI_PUBLIC int addusertogroup(char *dbname, char *user, char *group);
+NSAPI_PUBLIC int remuserfromgroup(char *dbname, char *user, char *group);
+NSAPI_PUBLIC int addgrouptogroup(char *dbname, char *memgroup, char *group);
+NSAPI_PUBLIC int remgroupfromgroup(char *dbname, char *memgroup, char *group);
+NSAPI_PUBLIC int output_users_list(char *line, char *userfilter);
+NSAPI_PUBLIC int output_groups_list(char *dbname, char *groupfilter); 
+NSAPI_PUBLIC void output_group_membership(char *dbname, char *user);
+NSAPI_PUBLIC void output_nonmembership(char *dbname, char *user);
+NSAPI_PUBLIC void output_grpgroup_membership(char *dbname, char *group, char *filter);
+NSAPI_PUBLIC void output_user_membership(char *dbname, char *group, char *filter);
+NSAPI_PUBLIC void output_nongrpgroup_membership(char *dbname, char *group, char *filter);
+NSAPI_PUBLIC void output_nonuser_membership(char *dbname, char *group, char *filter);
+
+/* Set a user's login name */
+NSAPI_PUBLIC int setusername(char *db_path, char *user, char *newname);
+
+/* Output a selector box with name "name", an option "NONE" if none=1, 
+ *  and make it a multiple selector box if multiple=1.  If multiple != 1, 
+ *  then make it a pulldown list if the number of groups is less than 
+ *  SELECT_OVERFLOW. */
+/* If highlight is non-null, specifically highlight that entry. */
+/* If user is non-null, and it's a multiple box, correctly set the group
+ *  membership in the multiple list (Groups they're in are on, groups they're
+ *  not in are off. */
+/* If group_user is one, then the variable "user" refers to *group* members,
+ *  not *user* members. */
+/* If except is non-null, output all entries except the "except" item. */
+/* (note: this methodology is known as the "Garbage pail method", just 
+ *  keep adding parameters till it does everything you want) MLM */
+#define SELECT_OVERFLOW 25
+NSAPI_PUBLIC void output_group_selector(char *db_path, 
+                                        int group_user, char *user,
+                                        char *highlight, char *except,
+                                        char *name, int none, int multiple);
+
+/* Same as above, except output a list of users, highlighting those in a
+ * particular group.  MLM */
+NSAPI_PUBLIC void output_user_selector(char *db_path, char *group,
+                                       char *highlight, char *except,
+                                       char *name, int none, int multiple);
+
+/* Take a char ** null terminated list of group names, and change a user's
+ * memberships so those are the only groups he's in.   MLM */
+NSAPI_PUBLIC void change_user_membership(char *db_path, char *user,
+                                         char **new_groups);
+
+/* Take a char ** null terminated list of group names, and change a user's
+ * memberships so those are the only groups he's in.   MLM */
+/* If group_users is 1, then new_users are assumed to be groups. */
+NSAPI_PUBLIC void change_group_membership(char *db_path, char *group,
+                                          int group_users, char **new_users);
+
+
+/* Get the server's URL. */
+/* util.c */
+NSAPI_PUBLIC char *get_serv_url(void);
+
+/* Run a command and check the output */
+struct runcmd_s {
+    char *title;
+    char *msg;
+    char *arg;
+    int sysmsg;
+};
+/* util.c */
+NSAPI_PUBLIC int run_cmd(char *cmd, FILE *closeme, struct runcmd_s *rm);
+
+/* This is basically copy_file from the install section, with the error
+ * reporting changed to match the admin stuff.  Since some stuff depends
+ * on copy_file being the install version, I'll cheat and call this one
+ * cp_file. */
+/* util.c */
+NSAPI_PUBLIC void cp_file(char *sfile, char *dfile, int mode);
+
+/* Delete the file with the given path.  Returns positive value on failure.*/
+/* util.c */
+NSAPI_PUBLIC int delete_file(char *path);
+
+/* Delete the directory with the given path.  Returns positive value on failure.*/
+/* BEWARE! Be sure to verify you're not deleting things you */
+/* shouldn't.  Testing the directory with "util_uri_is_evil" */ 
+/* is often a good idea. */
+/* util.c */
+NSAPI_PUBLIC void remove_directory(char *path);
+
+/* Simply creates a directory that you give it.  Checks for errors and 
+ * all that. (Not to be confused with create_subdirs in install, since
+ * it relies on some installation stuff.) */
+/* util.c */
+NSAPI_PUBLIC void create_dir(char *dir, int mode);
+
+/* Open a file, with file locking.  Close a file, releasing the lock. */
+/* util.c */
+NSAPI_PUBLIC FILE *fopen_l(char *pathname, char *mode);
+NSAPI_PUBLIC void fclose_l(FILE *f);
+
+/* helper function to figure out where to put the lock */
+/* util.c */
+NSAPI_PUBLIC char *get_flock_path(void);
+
+/* uuencode a given buffer.  both src and dst need to be allocated.  dst
+ * should be 1 1/4 as big as src (i saved some math and just made it twice
+ * as big when I called it) */
+/* util.c */
+NSAPI_PUBLIC int do_uuencode(unsigned char *src, unsigned char *dst, int srclen);
+
+/* Word wrap a string to fit into a JavaScript alert box. */
+/* str is the string, width is the width to wrap to, linefeed is the string 
+ * to use as a linefeed. */
+/* util.c */
+#define WORD_WRAP_WIDTH 80
+NSAPI_PUBLIC char *alert_word_wrap(char *str, int width, char *linefeed);
+
+
+/* Writes the given object set as the current database */
+/* Takes an argument for which server in the list to dump to */
+/* ns-util.c */
+NSAPI_PUBLIC void dump_database(int whichsrv, httpd_objset *os);
+NSAPI_PUBLIC void dump_database_tofile(int whichsrv, char *fn, httpd_objset *os);
+
+/* Scans the given database and returns its object set. */
+/* ns-util.c */
+NSAPI_PUBLIC httpd_objset *read_config_from_file(char *objconf);
+
+/* Scans the current database and returns its object set. */
+/* Takes a number for which server in multiple list to read */
+/* ns-util.c */
+NSAPI_PUBLIC httpd_objset *read_config(int x);
+
+/* Inserts a new pfx2dir name translation into the object, making sure there
+ * are no name conflicts. Name conflict resolution is simple: Keep the longest
+ * from fields first in the file. */
+/* ns-util.c */
+NSAPI_PUBLIC void insert_ntrans(pblock *p, pblock *c, httpd_object *obj);
+
+/* Inserts a new assign-name and mkssi-version into the object, making sure 
+ * that they come first and are sorted. */
+NSAPI_PUBLIC void insert_ntrans_an(pblock *p, pblock *c, httpd_object *obj);
+
+/* Inserts a new mkssi-pcheck into the object, making sure that they come 
+ * first and are sorted. */
+NSAPI_PUBLIC void insert_pcheck_mp(pblock *p, pblock *c, httpd_object *obj);
+
+/* Inserts a new alias in the database (before all other entries) */
+/* ns-util.c */
+NSAPI_PUBLIC void insert_alias(pblock *p, pblock *c, httpd_object *obj);
+
+/* Scans a file and puts all of its lines into a char * array. Strips 
+ * trailing whitespace */
+/* ns-util.c */
+NSAPI_PUBLIC char **scan_tech(char *fn);
+
+/* Writes the lines to the given file */
+/* ns-util.c */
+NSAPI_PUBLIC int write_tech(char *fn, char **lines);
+
+/* Finds an object by its ppath */
+/* ns-util.c */
+NSAPI_PUBLIC httpd_object *findliteralppath(char *qs, httpd_objset *os);
+
+
+/* Compares two passwords, one plaintext and one encrypted. Returns strcmp()
+ * like integer (0 good, anything else bad) */
+/* password.c */
+NSAPI_PUBLIC int pw_cmp(char *pw, char *enc);
+
+/* Encrypts a plaintext password. */
+/* password.c */
+NSAPI_PUBLIC char *pw_enc(char *pw);
+
+
+/* Maintain what amounts to a handle to a list of strings */
+/* strlist.c */
+/* Moved to libadminutil, use libadminutil/admutil.h instead
+NSAPI_PUBLIC char **new_strlist(int size);
+NSAPI_PUBLIC char **grow_strlist(char **strlist, int newsize);
+NSAPI_PUBLIC void free_strlist(char **strlist);
+*/
+
+/* Handle INN config.data which are now called nsnews.conf files */
+/* nsnews.c */
+char *find_nsnews_var(char *var, char **lines);
+void set_nsnews_var(char *name, char *val, char **lines);
+int find_nsnews_line(char *var, char **lines);
+void remove_nsnews_var(char *name, char **lines);
+void replace_nsnews_prefix(char *opfx, char *npfx, char **lines);
+
+char **scan_nsnews_admin(char *filename);
+char **scan_nsnews_install(char *filename);
+void nsnews_file2path_admin(char *filename, char *path);
+void nsnews_file2path_install(char *filename, char *path);
+void write_nsnews_admin(char *filename, char **lines);
+void write_nsnews_install(char *filename, char **lines);
+
+void run_ctlinnd(char *cmd);
+char **nsnews_status(void);
+void set_moderator(char *group, char *email);
+char *find_moderator(char *group, char **lines);
+char **scan_active(char **nscnf);
+int find_active_group(char *grp, char **active);
+char *active_flags(char *line);
+int active_groupmatch(char *grppat, char *line);
+char **scan_expirectl(char *fn);
+void write_expirectl(char *fn, char **lines);
+void set_expire_remember(char *days, char **lines);
+void set_expire_default(char *def, char *keep, char *purge, char **lines);
+
+#define EXPREM_STRING "/remember/:"
+#define EXPREM_LEN 11
+#define EXPDEF_STRING "*:A:"
+#define EXPDEF_LEN 4
+
+#define find_expire_remember(lines) (find_expire_string(EXPREM_STRING, lines))
+#define find_expire_default(lines) (find_expire_string(EXPDEF_STRING, lines))
+char *find_expire_string(char *find, char **lines);
+
+typedef struct {
+    char *patterns;
+    char flag;
+    char *keep;
+    char *def;
+    char *purge;
+} expire_s;
+int expire_entry(char *line, expire_s *ret);
+expire_s *expire_entry_default(char **lines);
+expire_s *find_expire_entry(char *find, char **lines);
+void new_expire_entry(expire_s *ex, char **lines);
+void change_expire_entry(char *find, expire_s *ex, char **lines);
+void remove_expire_entry(char *find, char **lines);
+
+typedef struct {
+    char *grp;
+    char *hostpats;
+    char *flags;
+    char *userpat;
+} permission_s;
+char **scan_nsaccess(char *fn);
+void write_nsaccess(char *fn, char **lines);
+permission_s *find_nsaccess_default(char **lines);
+permission_s *find_nsaccess_entry(char *find, char **lines);
+void new_nsaccess_entry(permission_s *ps, char **lines);
+void change_nsaccess_entry(char *find, permission_s *ps, char **lines);
+void remove_nsaccess_entry(char *find, char **lines);
+
+/* Handle newsfeeds files */
+void feed_read_file();
+void feed_write_file();
+char *feed_get_ind_var(int *x);
+char *feed_get_host_var(char *host);
+char *feed_get_newsgroups(char *feedline);
+char *feed_get_param(char *feedline);
+void feed_split_newsgroups(char *ngroups, char **allow, char **deny);
+char *add_bangs(char *string);
+void compress_whitespace(char *source);
+char *feed_merge_newsgroups(char *allow_in, char *deny_in);
+void feed_set_groups(char *host, char *groups);
+void feed_set_entry(char *id, char *ngroups, char *feedtype, char *params);
+void feed_delete_host(char *host);
+void feed_dump_vars(char *feedtype, char *dest);
+ 
+void nnhost_add(char *hostname);
+void nnhost_delete(char *hostname);
+
+void nnctl_add(char *hostname);
+void nnctl_delete(char *hostname);
+
+int nsnews_running(char **nscnf);
+
+
+#ifdef MCC_PROXY
+
+extern long inst_cache_size_tbl[];
+extern long inst_cache_capacity_tbl[];
+extern long cache_size_tbl[];
+extern long cache_capacity_tbl[];
+extern float lm_factor_tbl[];
+extern long time_interval_tbl[];
+extern long timeout_tbl[];
+extern int percent_tbl[];
+
+char *mb_str(long mb);
+char *lm_str(float f);
+
+void output_interval_select(char *name, char *other, long selected, long *tbl);
+void output_mb_select(char *name, char *other, long selected, long *tbl);
+void output_lm_select(char *name, char *other, float selected, float *tbl);
+void output_percentage_select(char *name, char *other, int selected, int *tbl);
+
+#endif /* MCC_PROXY */
+
+#ifdef MCC_NEWS
+
+char * get_active_news_authdb(char **nscnf);
+void set_active_news_authdb(char *name, char **nscnf);
+void output_active_news_authdb(char **nscnf);
+
+#endif /* MCC_NEWS */
+
+#if 0 /* move cron_conf to libadminutil    */
+
+/* read and write to cron.conf, cron_conf.c */
+/* Alex Feygin, 3/22/96                     */
+typedef struct cron_conf_obj
+{
+  char *name;
+  char *command;
+  char *dir;
+  char *user;
+  char *start_time;
+  char *days;
+} 
+cron_conf_obj;
+ 
+typedef struct cron_conf_list
+{
+  char *name;
+  cron_conf_obj *obj;
+  struct cron_conf_list *next;
+} 
+cron_conf_list;
+ 
+/* Reads cron.conf to a null terminated list of cron_conf_objects; returns
+   0 if unable to do a read; 1 otherwise */
+NSAPI_PUBLIC int cron_conf_read();
+ 
+/* gets a cron object, NULL if it doesnt exist */
+NSAPI_PUBLIC cron_conf_obj *cron_conf_get(char *name);
+ 
+/* returns a NULL-terminated cron_conf_list of all the cron conf objects */
+NSAPI_PUBLIC cron_conf_list *cron_conf_get_list();
+ 
+/* Creates a cron conf object; all these args get STRDUP'd in the function
+   so make sure to free up the space later if need be */
+NSAPI_PUBLIC cron_conf_obj *cron_conf_create_obj(char *name, char *command,
+						 char *dir,  char *user, 
+						 char *start_time, char *days);
+ 
+/* Puts a cron conf object into list or updates it if it already in there.
+   Returns either the object passed or the object in there already;
+   cco may be FREE'd during this operation so if you need the object
+   back, call it like so:
+   
+   cco = cron_conf_set(cco->name, cco);  
+ 
+   calling cron_conf_set with a NULL cco will cause the 'name' object
+   to be deleted.
+*/
+NSAPI_PUBLIC cron_conf_obj *cron_conf_set(char *name, cron_conf_obj *cco);
+ 
+/* write out current list of cron_conf_objects to cron.conf file */
+NSAPI_PUBLIC void cron_conf_write();
+ 
+/* free all cron conf data structures */
+NSAPI_PUBLIC void cron_conf_free();
+
+
+#endif /* move cron_conf to libadminutil    */
+
+
+/**************************************************************************
+ * This is should really be in base/file.h, but we don't want to tread on
+ * toes.
+ * Implement fgets without the error complaints the util_getline has.  The
+ * calling function is smart enough to deal with partial lines.
+ * Also include a sleep that has the same functionality as Unix for NT.
+ *************************************************************************/
+
+NSAPI_PUBLIC char *system_gets( char *, int, filebuffer * );
+
+#ifdef XP_UNIX
+NSAPI_PUBLIC int system_zero( SYS_FILE );
+#else /* XP_WIN32 */
+#define system_zero( f ) \
+	SetFilePointer( PR_FileDesc2NativeHandle( f ), 0, NULL, FILE_BEGIN );\
+	SetEndOfFile( PR_FileDesc2NativeHandle( f ) )
+#define sleep( t )	Sleep( (t) * 1000 )
+#endif /* XP_WIN32 */
+
+NSAPI_PUBLIC char *cookieValue( char *, char * );
+
+NSAPI_PUBLIC void jsPWDialogSrc( int inScript, char *otherJS );
+
+NSAPI_PUBLIC int IsCurrentTemplateNSPlugin(char* templateName);
+
+/************************** Miscellaneous *************************/
+NSAPI_PUBLIC char * jsEscape(char *src);
+NSAPI_PUBLIC int read_AbbrDescType_file(char *path, char ***namelist, char ***desclist);
+
+NSPR_END_EXTERN_C
+
+#endif	/* libadmin_h */
diff --git a/include/netsite.h b/include/netsite.h
new file mode 100644
index 00000000..278b1d14
--- /dev/null
+++ b/include/netsite.h
@@ -0,0 +1,312 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef NETSITE_H
+#define NETSITE_H
+
+#ifndef NOINTNSAPI
+#define INTNSAPI
+#endif /* !NOINTNSAPI */
+
+/*
+ * Standard defs for NetSite servers.
+ */
+
+/*
+** Macro shorthands for conditional C++ extern block delimiters.
+** Don't redefine for compatability with NSPR.
+*/
+#ifndef NSPR_BEGIN_EXTERN_C
+#ifdef __cplusplus
+#define NSPR_BEGIN_EXTERN_C	extern "C" {
+#define NSPR_END_EXTERN_C	}
+#else
+#define NSPR_BEGIN_EXTERN_C
+#define NSPR_END_EXTERN_C
+#endif
+#endif /* NSPR_BEGIN_EXTERN_C */
+#ifdef __cplusplus
+#define EXTERNC extern "C"
+#else
+#define EXTERNC
+#endif
+
+#ifndef VERSION_H
+#include "version.h"
+#endif /* !VERSION_H */
+
+#ifndef BASE_SYSTEMS_H
+#include "base/systems.h"
+#endif /* !BASE_SYSTEMS_H */
+
+#undef MAGNUS_VERSION_STRING
+
+#ifdef MCC_PROXY
+#define MAGNUS_VERSION PROXY_VERSION_DEF
+#define MAGNUS_VERSION_STRING PROXY_VERSION_STRING
+
+#elif defined(NS_CMS)
+#define MAGNUS_VERSION CMS_VERSION_DEF
+#define MAGNUS_VERSION_STRING CMS_VERSION_STRING
+
+#elif defined(NS_DS)
+#define MAGNUS_VERSION DS_VERSION_DEF
+#define MAGNUS_VERSION_STRING DS_VERSION_STRING
+
+#elif defined(MCC_ADMSERV)
+#define MAGNUS_VERSION ADMSERV_VERSION_DEF
+#define MAGNUS_VERSION_STRING ADMSERV_VERSION_STRING
+
+#elif defined(NS_CATALOG)
+#define MAGNUS_VERSION CATALOG_VERSION_DEF
+#define MAGNUS_VERSION_STRING CATALOG_VERSION_STRING
+
+#elif defined(NS_RDS)
+#define MAGNUS_VERSION RDS_VERSION_DEF
+#define MAGNUS_VERSION_STRING RDS_VERSION_STRING
+
+#elif defined(MCC_HTTPD)
+
+#ifdef NS_PERSONAL
+#define MAGNUS_VERSION PERSONAL_VERSION_DEF
+#else
+#define MAGNUS_VERSION ENTERPRISE_VERSION_DEF
+#endif
+
+#if defined(XP_UNIX) || defined(USE_ADMSERV)
+#if defined(NS_DS)
+#define MAGNUS_VERSION_STRING DS_VERSION_STRING
+#elif defined(NS_PERSONAL)
+#define MAGNUS_VERSION_STRING PERSONAL_VERSION_STRING
+#elif defined(NS_CATALOG)
+#define MAGNUS_VERSION_STRING CATALOG_VERSION_STRING
+#elif defined(NS_RDS)
+#define MAGNUS_VERSION_STRING RDS_VERSION_STRING
+#elif defined(NS_CMS)
+#define MAGNUS_VERSION_STRING CMS_VERSION_STRING
+#else
+#define MAGNUS_VERSION_STRING ENTERPRISE_VERSION_STRING
+#endif
+#endif /* XP_UNIX */
+
+#elif defined(MCC_NEWS)
+#define MAGNUS_VERSION_STRING NEWS_VERSION_STRING
+
+#elif defined(NS_MAIL)
+#define MAGNUS_VERSION MAIL_VERSION_DEF
+#define MAGNUS_VERSION_STRING MAIL_VERSION_STRING
+
+#elif defined(MCC_BATMAN)
+#define MAGNUS_VERSION BATMAN_VERSION_DEF
+#define MAGNUS_VERSION_STRING BATMAN_VERSION_STRING
+
+#endif
+
+#ifndef VOID
+#define VOID void
+#endif
+
+#ifdef XP_UNIX
+/*
+ * Provide some typedefs that are commonly used on windows
+ *
+ * DO NOT USE THESE!  They will be deleted later!
+ *
+ */
+#define CONST const
+typedef unsigned long       DWORD;
+typedef int                 BOOL;
+typedef unsigned char       BYTE;
+typedef unsigned short      WORD;
+typedef float               FLOAT;
+typedef FLOAT               *PFLOAT;
+typedef BOOL                *PBOOL;
+typedef BOOL                *LPBOOL;
+typedef BYTE                *PBYTE;
+typedef BYTE                *LPBYTE;
+typedef int                 *PINT;
+typedef int                 *LPINT;
+typedef WORD                *PWORD;
+typedef WORD                *LPWORD;
+typedef long                *LPLONG;
+typedef DWORD               *PDWORD;
+typedef DWORD               *LPDWORD;
+typedef void                *LPVOID;
+
+#ifndef SNI
+#if !defined (boolean) && !defined (__GNUC__)
+typedef int                  boolean;
+#endif
+#endif
+
+#endif
+#define NS_TRUE              1
+#define NS_FALSE             0
+
+NSPR_BEGIN_EXTERN_C
+
+/* -------------------------- System version on NT------------------------- */
+
+/* Encode the server version as a number to be able to provide inexpensive
+ * dynamic checks on server version - this isn't added in yet. */
+
+#define ENTERPRISE_VERSION 1  
+#define PERSONAL_VERSION 2       
+#define CATALOG_VERSION 3      
+#define RDS_VERSION 4       
+#define CMS_VERSION 5
+#undef DS_VERSION
+#define DS_VERSION 6
+
+#define server_fasttrack (!strcmp(MAGNUS_VERSION_STRING, PERSONAL_VERSION_STRING))
+#define server_enterprise (!strcmp(MAGNUS_VERSION_STRING, ENTERPRISE_VERSION_STRING))
+
+/* This definition of MAGNUS_VERSION_STRING on NT should be used
+ * only when building the ns-http DLL */
+
+#if defined(MCC_HTTPD) && defined(XP_WIN32) && !defined(USE_ADMSERV) && !defined(MCC_ADMSERV)
+#undef MAGNUS_VERSION_STRING
+#define MAGNUS_VERSION_STRING INTsystem_version()
+#endif /* XP_WIN32 */
+
+/* Set server's version dynamically */
+NSAPI_PUBLIC void INTsystem_version_set(char *ptr);
+
+#ifndef APSTUDIO_READONLY_SYMBOLS
+
+/* Include the public netsite.h definitions */
+#ifndef PUBLIC_NETSITE_H
+#ifdef MALLOC_DEBUG
+#define NS_MALLOC_DEBUG
+#endif /* MALLOC_DEBUG */
+#include "public/netsite.h"
+#endif /* PUBLIC_NETSITE_H */
+
+#endif /* !APSTUDIO_READONLY_SYMBOLS */
+
+/*
+ * If NS_MALLOC_DEBUG is defined, declare the debug version of the memory
+ * allocation API.
+ */
+#ifdef NS_MALLOC_DEBUG
+#define PERM_MALLOC(size) INTsystem_malloc_perm(size, __LINE__, __FILE__)
+NSAPI_PUBLIC void *INTsystem_malloc_perm(int size, int line, char *file);
+
+#define PERM_CALLOC(size) INTsystem_calloc_perm(size, __LINE__, __FILE__)
+NSAPI_PUBLIC void *INTsystem_calloc_perm(int size, int line, char *file);
+
+#define PERM_REALLOC(ptr, size) INTsystem_realloc_perm(ptr, size, __LINE__, __FILE__)
+NSAPI_PUBLIC void *INTsystem_realloc_perm(void *ptr, int size, int line, char *file);
+
+#define PERM_FREE(ptr) INTsystem_free_perm((void *) ptr, __LINE__, __FILE__)
+NSAPI_PUBLIC void INTsystem_free_perm(void *ptr, int line, char *file);
+
+#define PERM_STRDUP(ptr) INTsystem_strdup_perm(ptr, __LINE__, __FILE__)
+NSAPI_PUBLIC char *INTsystem_strdup_perm(const char *ptr, int line, char *file);
+#endif /* NS_MALLOC_DEBUG */
+
+/*
+ * Only the mainline needs to set the malloc key.
+ */
+
+void setThreadMallocKey(int key);
+
+/* This probably belongs somewhere else, perhaps with a different name */
+NSAPI_PUBLIC char *INTdns_guess_domain(char * hname);
+
+/* --- Begin public functions --- */
+
+#ifdef INTNSAPI
+
+NSAPI_PUBLIC char *INTsystem_version();
+
+/*
+   Depending on the system, memory allocated via these macros may come from 
+   an arena. If these functions are called from within an Init function, they 
+   will be allocated from permanent storage. Otherwise, they will be freed 
+   when the current request is finished.
+ */
+
+#define MALLOC(size) INTsystem_malloc(size)
+NSAPI_PUBLIC void *INTsystem_malloc(int size);
+
+#define CALLOC(size) INTsystem_calloc(size)
+NSAPI_PUBLIC void *INTsystem_calloc(int size);
+
+#define REALLOC(ptr, size) INTsystem_realloc(ptr, size)
+NSAPI_PUBLIC void *INTsystem_realloc(void *ptr, int size);
+
+#define FREE(ptr) INTsystem_free((void *) ptr)
+NSAPI_PUBLIC void INTsystem_free(void *ptr);
+
+#define STRDUP(ptr) INTsystem_strdup(ptr)
+NSAPI_PUBLIC char *INTsystem_strdup(const char *ptr);
+
+/*
+   These macros always provide permanent storage, for use in global variables
+   and such. They are checked at runtime to prevent them from returning NULL.
+ */
+
+#ifndef NS_MALLOC_DEBUG
+
+#define PERM_MALLOC(size) INTsystem_malloc_perm(size)
+NSAPI_PUBLIC void *INTsystem_malloc_perm(int size);
+
+#define PERM_CALLOC(size) INTsystem_calloc_perm(size)
+NSAPI_PUBLIC void *INTsystem_calloc_perm(int size);
+
+#define PERM_REALLOC(ptr, size) INTsystem_realloc_perm(ptr, size)
+NSAPI_PUBLIC void *INTsystem_realloc_perm(void *ptr, int size);
+
+#define PERM_FREE(ptr) INTsystem_free_perm((void *) ptr)
+NSAPI_PUBLIC void INTsystem_free_perm(void *ptr);
+
+#define PERM_STRDUP(ptr) INTsystem_strdup_perm(ptr)
+NSAPI_PUBLIC char *INTsystem_strdup_perm(const char *ptr);
+
+#endif /* !NS_MALLOC_DEBUG */
+
+/* Thread-Private data key index for accessing the thread-private memory pool.
+ * Each thread creates its own pool for allocating data.  The MALLOC/FREE/etc
+ * macros have been defined to check the thread private data area with the
+ * thread_malloc_key index to find the address for the pool currently in use.
+ *
+ * If a thread wants to use a different pool, it must change the thread-local-
+ * storage[thread_malloc_key].
+ */
+
+NSAPI_PUBLIC int INTgetThreadMallocKey(void);
+
+/* Not sure where to put this. */
+NSAPI_PUBLIC void INTmagnus_atrestart(void (*fn)(void *), void *data);
+
+#endif /* INTNSAPI */
+
+/* --- End public functions --- */
+
+NSPR_END_EXTERN_C
+
+#define system_version_set INTsystem_version_set
+#define dns_guess_domain INTdns_guess_domain
+
+#ifdef INTNSAPI
+
+#define system_version INTsystem_version
+#define system_malloc INTsystem_malloc
+#define system_calloc INTsystem_calloc
+#define system_realloc INTsystem_realloc
+#define system_free INTsystem_free
+#define system_strdup INTsystem_strdup
+#define system_malloc_perm INTsystem_malloc_perm
+#define system_calloc_perm INTsystem_calloc_perm
+#define system_realloc_perm INTsystem_realloc_perm
+#define system_free_perm INTsystem_free_perm
+#define system_strdup_perm INTsystem_strdup_perm
+#define getThreadMallocKey INTgetThreadMallocKey
+#define magnus_atrestart INTmagnus_atrestart
+
+#endif /* INTNSAPI */
+
+#endif /* NETSITE_H */
diff --git a/include/nt/messages.h b/include/nt/messages.h
new file mode 100644
index 00000000..d47a9fa5
--- /dev/null
+++ b/include/nt/messages.h
@@ -0,0 +1,410 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+ /*
+ Microsoft Developer Support
+ Copyright (c) 1992 Microsoft Corporation
+
+ This file contains the message definitions for the Win32
+ messages.exe sample program.
+-------------------------------------------------------------------------
+ HEADER SECTION
+
+ The header section defines names and language identifiers for use
+ by the message definitions later in this file. The MessageIdTypedef,
+ SeverityNames, FacilityNames, and LanguageNames keywords are
+ optional and not required.
+
+
+
+ The MessageIdTypedef keyword gives a typedef name that is used in a
+ type cast for each message code in the generated include file. Each
+ message code appears in the include file with the format: #define
+ name ((type) 0xnnnnnnnn) The default value for type is empty, and no
+ type cast is generated. It is the programmer's responsibility to
+ specify a typedef statement in the application source code to define
+ the type. The type used in the typedef must be large enough to
+ accomodate the entire 32-bit message code.
+
+
+
+ The SeverityNames keyword defines the set of names that are allowed
+ as the value of the Severity keyword in the message definition. The
+ set is delimited by left and right parentheses. Associated with each
+ severity name is a number that, when shifted left by 30, gives the
+ bit pattern to logical-OR with the Facility value and MessageId
+ value to form the full 32-bit message code. The default value of
+ this keyword is:
+
+ SeverityNames=(
+   Success=0x0
+   Informational=0x1
+   Warning=0x2
+   Error=0x3
+   )
+
+ Severity values occupy the high two bits of a 32-bit message code.
+ Any severity value that does not fit in two bits is an error. The
+ severity codes can be given symbolic names by following each value
+ with :name
+
+
+
+ The FacilityNames keyword defines the set of names that are allowed
+ as the value of the Facility keyword in the message definition. The
+ set is delimited by left and right parentheses. Associated with each
+ facility name is a number that, when shift it left by 16 bits, gives
+ the bit pattern to logical-OR with the Severity value and MessageId
+ value to form the full 32-bit message code. The default value of
+ this keyword is:
+
+ FacilityNames=(
+   System=0x0FF
+   Application=0xFFF
+   )
+
+ Facility codes occupy the low order 12 bits of the high order
+ 16-bits of a 32-bit message code. Any facility code that does not
+ fit in 12 bits is an error. This allows for 4,096 facility codes.
+ The first 256 codes are reserved for use by the system software. The
+ facility codes can be given symbolic names by following each value
+ with :name
+
+
+ The LanguageNames keyword defines the set of names that are allowed
+ as the value of the Language keyword in the message definition. The
+ set is delimited by left and right parentheses. Associated with each
+ language name is a number and a file name that are used to name the
+ generated resource file that contains the messages for that
+ language. The number corresponds to the language identifier to use
+ in the resource table. The number is separated from the file name
+ with a colon. The initial value of LanguageNames is:
+
+ LanguageNames=(English=1:MSG00001)
+
+ Any new names in the source file which don't override the built-in
+ names are added to the list of valid languages. This allows an
+ application to support private languages with descriptive names.
+
+
+-------------------------------------------------------------------------
+ MESSAGE DEFINITION SECTION
+
+ Following the header section is the body of the Message Compiler
+ source file. The body consists of zero or more message definitions.
+ Each message definition begins with one or more of the following
+ statements:
+
+ MessageId = [number|+number]
+ Severity = severity_name
+ Facility = facility_name
+ SymbolicName = name
+
+ The MessageId statement marks the beginning of the message
+ definition. A MessageID statement is required for each message,
+ although the value is optional. If no value is specified, the value
+ used is the previous value for the facility plus one. If the value
+ is specified as +number then the value used is the previous value
+ for the facility, plus the number after the plus sign. Otherwise, if
+ a numeric value is given, that value is used. Any MessageId value
+ that does not fit in 16 bits is an error.
+
+ The Severity and Facility statements are optional. These statements
+ specify additional bits to OR into the final 32-bit message code. If
+ not specified they default to the value last specified for a message
+ definition. The initial values prior to processing the first message
+ definition are:
+
+ Severity=Success
+ Facility=Application
+
+ The value associated with Severity and Facility must match one of
+ the names given in the FacilityNames and SeverityNames statements in
+ the header section. The SymbolicName statement allows you to
+ associate a C/C++ symbolic constant with the final 32-bit message
+ code.
+ */
+//
+//  Values are 32 bit values layed out as follows:
+//
+//   3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1
+//   1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
+//  +---+-+-+-----------------------+-------------------------------+
+//  |Sev|C|R|     Facility          |               Code            |
+//  +---+-+-+-----------------------+-------------------------------+
+//
+//  where
+//
+//      Sev - is the severity code
+//
+//          00 - Success
+//          01 - Informational
+//          10 - Warning
+//          11 - Error
+//
+//      C - is the Customer code flag
+//
+//      R - is a reserved bit
+//
+//      Facility - is the facility code
+//
+//      Code - is the facility's status code
+//
+//
+// Define the facility codes
+//
+#define FACILITY_SYSTEM                  0x0
+#define FACILITY_STARTUP                 0x5
+#define FACILITY_RUNTIME                 0x1
+#define FACILITY_REGISTRY                0x7
+#define FACILITY_NETWORK                 0x4
+#define FACILITY_SERVICE                 0x3
+#define FACILITY_FILESYSTEM              0x6
+#define FACILITY_CGI                     0x2
+
+
+//
+// Define the severity codes
+//
+#define STATUS_SEVERITY_WARNING          0x2
+#define STATUS_SEVERITY_SUCCESS          0x0
+#define STATUS_SEVERITY_INFORMATIONAL    0x1
+#define STATUS_SEVERITY_ERROR            0x3
+
+
+//
+// MessageId: MSG_BAD_CONF_INIT
+//
+// MessageText:
+//
+//  Netsite:%1 %2
+//
+#define MSG_BAD_CONF_INIT                ((DWORD)0xC0050001L)
+
+//
+// MessageId: MSG_BAD_EREPORT_INIT
+//
+// MessageText:
+//
+//  Netsite:%1 %2
+//
+#define MSG_BAD_EREPORT_INIT             ((DWORD)0xC0050002L)
+
+//
+// MessageId: MSG_BAD_STARTUP
+//
+// MessageText:
+//
+//  Netsite:%1 %2
+//
+#define MSG_BAD_STARTUP                  ((DWORD)0xC0050003L)
+
+//
+// MessageId: MSG_BAD_WINSOCK_INIT
+//
+// MessageText:
+//
+//  Netsite Initialization:%1 %2
+//
+#define MSG_BAD_WINSOCK_INIT             ((DWORD)0xC0050004L)
+
+//
+// MessageId: MSG_BAD_CGISEM_CREATE
+//
+// MessageText:
+//
+//  Netsite Initialization:%1 %2
+//
+#define MSG_BAD_CGISEM_CREATE            ((DWORD)0xC0050005L)
+
+//
+// MessageId: MSG_BAD_PROCESSSEM_CREATE
+//
+// MessageText:
+//
+//  Netsite:Initialization:%1 %2
+//
+#define MSG_BAD_PROCESSSEM_CREATE        ((DWORD)0xC0050006L)
+
+//
+// MessageId: MSG_STARTUP_SUCCESSFUL
+//
+// MessageText:
+//
+//  Netsite:%1 %2
+//
+#define MSG_STARTUP_SUCCESSFUL           ((DWORD)0x00050007L)
+
+//
+// MessageId: MSG_BAD_REGISTRY_PARAMETER
+//
+// MessageText:
+//
+//  Netsite:%1 %2
+//
+#define MSG_BAD_REGISTRY_PARAMETER       ((DWORD)0x80050008L)
+
+//
+// MessageId: MSG_BAD_GENERAL_FUNCTION
+//
+// MessageText:
+//
+//  Netsite:Execution of Initialization Function failed %1 %2
+//
+#define MSG_BAD_GENERAL_FUNCTION         ((DWORD)0xC0050009L)
+
+//
+// MessageId: MSG_BAD_SETCIPHERS
+//
+// MessageText:
+//
+//  Netsite: %1 %2
+//
+#define MSG_BAD_SETCIPHERS               ((DWORD)0xC0050010L)
+
+//
+// MessageId: MSG_BAD_REGISTRY_KEY_OPEN
+//
+// MessageText:
+//
+//  Netsite Initialization:Open of %1 %2
+//
+#define MSG_BAD_REGISTRY_KEY_OPEN        ((DWORD)0xC0050011L)
+
+//
+// MessageId: MSG_BAD_REGISTRY_KEY_ENUM
+//
+// MessageText:
+//
+//  Netsite Initialization:Enumeration of %1 %2
+//
+#define MSG_BAD_REGISTRY_KEY_ENUM        ((DWORD)0xC0050012L)
+
+//
+// MessageId: MSG_BAD_REGISTRY_VALUE_ENUM
+//
+// MessageText:
+//
+//  Netsite Initialization:Enumeration of Values of %1 %2
+//
+#define MSG_BAD_REGISTRY_VALUE_ENUM      ((DWORD)0xC0050013L)
+
+//
+// MessageId: MSG_BAD_OBJECT_VALUE
+//
+// MessageText:
+//
+//  Netsite startup:Use Values "name" or "ppath" for object key.Incorrect Parameter %1 %2
+//
+#define MSG_BAD_OBJECT_VALUE             ((DWORD)0xC0050014L)
+
+//
+// MessageId: MSG_BAD_PBLOCK
+//
+// MessageText:
+//
+//  Netsite startup:Could not enter Parameter %1 %2
+//
+#define MSG_BAD_PBLOCK                   ((DWORD)0xC0050015L)
+
+//
+// MessageId: MSG_BAD_CLIENT_VALUE
+//
+// MessageText:
+//
+//  Netsite startup:Use Values "dns" or "ip" for client key.Incorrect Parameter	%1 %2
+//
+#define MSG_BAD_CLIENT_VALUE             ((DWORD)0xC0050016L)
+
+//
+// MessageId: MSG_BAD_DIRECTIVE
+//
+// MessageText:
+//
+//  Netsite startup:Incorrect Directive Value %1 %2
+//
+#define MSG_BAD_DIRECTIVE                ((DWORD)0xC0050017L)
+
+//
+// MessageId: MSG_BAD_PARAMETER
+//
+// MessageText:
+//
+//  Netsite startup:Incorrect Parameter	%1 %2
+//
+#define MSG_BAD_PARAMETER                ((DWORD)0xC0050018L)
+
+//
+// MessageId: MSG_WD_RESTART
+//
+// MessageText:
+//
+//  Web Server: %1
+//  The server terminated abnormally with error code %2.
+//  An attempt will be made to restart it.
+//
+#define MSG_WD_RESTART                   ((DWORD)0xC0050019L)
+
+//
+// MessageId: MSG_WD_STARTFAILED
+//
+// MessageText:
+//
+//  Web Server: %1
+//  The server could not be started.
+//  Command line used: %2
+//
+#define MSG_WD_STARTFAILED               ((DWORD)0xC005001AL)
+
+//
+// MessageId: MSG_WD_BADPASSWORD
+//
+// MessageText:
+//
+//  Web Server: %1
+//  Incorrect SSL password entered.
+//
+#define MSG_WD_BADPASSWORD               ((DWORD)0xC005001BL)
+
+//
+// MessageId: MSG_WD_BADCMDLINE
+//
+// MessageText:
+//
+//  Web Server: %1
+//  Invalid command line specified: %2
+//
+#define MSG_WD_BADCMDLINE                ((DWORD)0xC005001CL)
+
+//
+// MessageId: MSG_WD_STRING
+//
+// MessageText:
+//
+//  Web Server: %1
+//  %2
+//
+#define MSG_WD_STRING                    ((DWORD)0xC005001DL)
+
+//
+// MessageId: MSG_WD_REGISTRY
+//
+// MessageText:
+//
+//  Web Server: %1
+//  Could not open registry key: %2
+//
+#define MSG_WD_REGISTRY                  ((DWORD)0xC005001EL)
+
+//
+// MessageId: MSG_CRON_STARTFAILED
+//
+// MessageText:
+//
+//  Web Server: %1
+//  The scheduled job (%2) could not be started.
+//
+#define MSG_CRON_STARTFAILED             ((DWORD)0xC005001FL)
+
diff --git a/include/nt/nsapi.h b/include/nt/nsapi.h
new file mode 100644
index 00000000..f286dc1f
--- /dev/null
+++ b/include/nt/nsapi.h
@@ -0,0 +1,346 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+/*

+ * Aruna Victor

+ */

+

+#include <windows.h>

+#include <stdio.h>

+

+#include <base/buffer.h>

+#include <base/file.h>

+#include <base/daemon.h>

+#include <base/eventlog.h>

+#include <base/util.h>

+#include <base/shexp.h>

+#include <base/session.h>

+#include <base/sem.h>

+#include <base/pblock.h>

+#include <base/net.h>

+#include <base/ereport.h>

+#include <base/cinfo.h>

+#include <base/systhr.h>

+#include <base/shmem.h>

+#include <base/crit.h>

+#include <base/systhr.h>

+

+#include <frame/objset.h>

+#include <frame/conf.h>

+#include <frame/func.h>

+#include <frame/http.h>

+#include <frame/log.h>

+#include <frame/object.h>

+#include <frame/protocol.h>

+#include <frame/req.h>

+#include <frame/httpact.h>

+#include <frame/servact.h>

+

+#include <libmsgdisp/orb.h>

+#include <libmsgdisp/nsarray.h>

+#include <libmsgdisp/msgchnel.h>

+#include <libmsgdisp/mdbtree.h>

+#include <libmsgdisp/mdutil.h>

+

+#include <ssl.h>

+#include <nt/magnus.h>

+

+typedef void * (SafFunction)();

+SafFunction **SafTable;

+__declspec(dllexport) int InitSafTable(SafFunction *Table);

+

+/* Functions from ntbuffer.c */

+	

+#define FILEBUF_OPEN 1 

+#define NETBUF_OPEN 2 

+#define FILEBUF_OPEN_NOSTAT 3 

+

+#define PIPEBUF_OPEN 4 

+#define PIPEBUF_CLOSE 5 

+#define FILEBUF_NEXT 6 

+#define NETBUF_NEXT 7 

+

+#define PIPEBUF_NEXT 8 

+#define FILEBUF_CLOSE 9 

+#define NETBUF_CLOSE 10 

+#define FILEBUF_GRAB 11 

+#define NETBUF_GRAB 12 

+#define PIPEBUF_GRAB 13 

+#define NETBUF_BUF2SD 14 

+#define FILEBUF_BUF2SD 15 

+

+#define PIPEBUF_BUF2SD 16 

+#define PIPEBUF_NETBUF2SD 17 

+

+/* Functions from daemon.h */

+

+#define NTDAEMON_RUN 18 

+#define CHILD_STATUS 19 

+

+/* Functions from file.h */

+#define SYSTEM_FREAD 20

+#define SYSTEM_PREAD 21

+#define SYSTEM_FOPENRO 22

+#define SYSTEM_FOPENWA 23

+#define SYSTEM_FOPENRW 24

+#define SYSTEM_FCLOSE 25 

+#define SYSTEM_NOCOREDUMPS 26

+#define SYSTEM_FWRITE 27

+#define SYSTEM_FWRITE_ATOMIC 28

+#define SYSTEM_WINERR 29

+#define SYSTEM_WINSOCKERR 30

+#define FILE_NOTFOUND 31

+#define SYSTEM_STAT 32

+#define SYSTEM_INITLOCK 33 

+

+#define FILE_UNIX2LOCAL 34 

+#define DIR_OPEN 35

+#define DIR_READ 36 

+#define DIR_CLOSE 37 

+

+/* Functions from sem.h */

+#define SEM_INIT 40 

+#define SEM_TERMINATE 41

+#define SEM_GRAB 42

+#define SEM_TGRAB 43 

+#define SEM_RELEASE 44

+

+/* Functions from session.h */

+#define SESSION_CREATE 45 

+#define SESSION_FREE 46 

+#define SESSION_DNS_LOOKUP 47 

+

+/* Functions from cinfo.h */

+#define CINFO_INIT 70

+#define CINFO_TERMINATE 71

+#define CINFO_MERGE 72

+#define CINFO_FIND 73

+#define CINFO_LOOKUP 74 

+#define CINFO_DUMP_DATABASE 75 

+

+/* Functions from ereport.h */

+#define EREPORT 80

+#define EREPORT_INIT 81

+#define EREPORT_TERMINATE 82

+#define EREPORT_GETFD 83

+

+/* Functions from minissl.h */

+#define SSL_CLOSE 90

+#define SSL_SOCKET 91 

+#define SSL_GET_SOCKOPT 92 

+#define SSL_SET_SOCKOPT 93 

+#define SSL_BIND 94 

+#define SSL_LISTEN 95 

+#define SSL_ACCEPT 96

+#define SSL_READ 97

+#define SSL_WRITE 98

+#define SSL_GETPEERNAME 99

+

+/* Functions from net.h */

+#define NET_BIND 110 

+#define NET_READ 111 

+#define NET_WRITE 112

+

+#define NET_FIND_FQDN 113

+#define NET_IP2HOST 114

+#define NET_SENDMAIL 115

+

+/* Functions from pblock.h */

+#define PARAM_CREATE 120

+#define PARAM_FREE 121

+#define PBLOCK_CREATE 122 

+#define PBLOCK_FREE 123 

+#define PBLOCK_FINDVAL 124 

+#define PBLOCK_NVINSERT 125 

+#define PBLOCK_NNINSERT 126 

+#define PBLOCK_PINSERT 127 

+#define PBLOCK_STR2PBLOCK 128 

+#define PBLOCK_PBLOCK2STR 129 

+#define PBLOCK_COPY 130

+#define PBLOCK_PB2ENV 131

+#define PBLOCK_FR 132

+

+/* Functions from systhr.h */

+#define	SYSTHREAD_START 133

+#define SYSTHREAD_ATTACH 134

+#define SYSTHREAD_TERMINATE 135

+#define SYSTHREAD_SLEEP 136

+#define SYSTHREAD_INIT 137

+#define SYSTHREAD_NEWKEY 138

+#define SYSTHREAD_GETDATA 139

+#define SYSTHREAD_SETDATA 140

+

+/* Functions from shmem.h */

+#define	SHMEM_ALLOC 141

+#define SHMEM_FREE 142

+

+/* Functions from eventlog.h */

+#define INITIALIZE_ADMIN_LOGGING 143

+#define INITIALIZE_HTTPD_LOGGING 144

+#define INITIALIZE_HTTPS_LOGGING 145

+

+#define TERMINATE_ADMIN_LOGGING 146

+#define TERMINATE_HTTPD_LOGGING 147

+#define TERMINATE_HTTPS_LOGGING 148

+

+#define LOG_ERROR_EVENT 149

+

+/* Functions from shexp.h */

+#define SHEXP_VALID 160 

+#define SHEXP_MATCH 161

+#define SHEXP_CMP 162 

+#define SHEXP_CASECMP 163

+

+/* Functions from systems.h */

+#define UTIL_STRCASECMP 170

+#define UTIL_STRNCASECMP 171

+

+/* Functions from util.h */

+#define UTIL_GETLINE 180 

+#define UTIL_ENV_CREATE 181 

+#define UTIL_ENV_STR 182 

+#define NTUTIL_ENV_STR 183 

+#define UTIL_ENV_REPLACE 184 

+#define UTIL_ENV_FREE 185

+#define UTIL_ENV_FIND 186

+#define UTIL_HOSTNAME 187

+#define UTIL_CHDIR2PATH	188

+#define UTIL_IS_MOZILLA 189

+#define UTIL_IS_URL 190

+#define UTIL_LATER_THAN 191

+#define UTIL_URI_IS_EVIL 192

+#define UTIL_URI_PARSE 193

+#define UTIL_URI_UNESCAPE 194

+#define UTIL_URI_ESCAPE 195

+#define UTIL_URL_ESCAPE 196 

+#define UTIL_SH_ESCAPE 197

+#define UTIL_ITOA 198

+#define UTIL_VSPRINTF 199

+#define UTIL_SPRINTF 200

+#define UTIL_VSNPRINTF 201

+#define UTIL_SNPRINTF 202

+

+/* Functions from magnus.h */

+#define MAGNUS_ATRESTART 203

+

+/* Functions from conf.h */

+#define CONF_INIT 207

+#define CONF_TERMINATE 208

+#define CONF_GETGLOBALS 209

+#define CONF_VARS2DAEMON 210

+

+/* Functions from req.h */

+#define REQUEST_CREATE 211

+#define REQUEST_FREE 212 

+#define REQUEST_RESTART_INTERNAL 213 

+#define REQUEST_TRANSLATE_URI 214 

+#define REQUEST_HEADER 215 

+#define REQUEST_STAT_PATH 216

+#define REQUEST_URI2PATH 217 

+#define REQUEST_PATHCHECKS 218 

+#define REQUEST_FILEINFO 219

+#define REQUEST_HANDLE_PROCESSED 220

+#define REQUEST_SERVICE 221

+#define REQUEST_HANDLE 222

+

+/* Functions from object.h */

+#define DIRECTIVE_NAME2NUM 223

+#define DIRECTIVE_NUM2NAME 224

+#define OBJECT_CREATE 225 

+#define OBJECT_FREE 226 

+#define OBJECT_ADD_DIRECTIVE 227 

+#define OBJECT_EXECUTE 228 

+

+/* Functions from objset.h */

+#define OBJSET_SCAN_BUFFER 230

+#define OBJSET_CREATE 231 

+#define OBJSET_FREE 232 

+#define OBJSET_FREE_SETONLY 233 

+#define OBJSET_NEW_OBJECT 234 

+#define OBJSET_ADD_OBJECT 235 

+#define OBJSET_FINDBYNAME 236 

+#define OBJSET_FINDBYPPATH 237

+

+/* Functions from http.h */

+#define HTTP_PARSE_REQUEST 240

+#define HTTP_SCAN_HEADERS 241

+#define HTTP_START_RESPONSE 242

+#define HTTP_HDRS2_ENV 243

+#define HTTP_STATUS 244 

+#define HTTP_SET_FINFO 245 

+#define HTTP_DUMP822 246 

+#define HTTP_FINISH_REQUEST 247 

+#define HTTP_HANDLE_SESSION 248

+#define HTTP_URI2URL 249 

+

+/* Functions from func.h */

+#define FUNC_INIT 251 

+#define FUNC_FIND 252 

+#define FUNC_EXEC 253 

+#define FUNC_INSERT 254 

+

+/* Functions from log.h */

+#define LOG_ERROR 260 

+

+/* robm Functions added in 2.0 */

+#define SYSTEM_FOPENWT 261

+#define SYSTEM_MALLOC 262

+#define SYSTEM_FREE 263

+#define SYSTEM_REALLOC 264

+#define SYSTEM_STRDUP 265

+

+#define UPLOAD_FILE 266

+

+#define CRIT_INIT 267

+#define CRIT_ENTER 268

+#define CRIT_EXIT 269

+#define CRIT_TERMINATE 270

+#define SYSTHREAD_CURRENT 271

+

+#define NET_ACCEPT 272

+#define NET_CLOSE 273

+#define NET_CONNECT 274

+#define NET_IOCTL 275

+#define NET_LISTEN 276

+#define NET_SETSOCKOPT 277

+#define NET_SOCKET 278

+

+/* Daryoush Functions added in 3.0 */

+#define NSORB_INIT 279

+#define NSORB_INST_ID 280

+#define NSORB_GET_INST 281

+#define NSORB_REG_INT	282

+#define NSORB_FIND_OBJ	283

+#define NSORB_GET_INTERFACE 284

+

+#define ARR_NEW	285

+#define ARR_FREE 286

+#define ARR_GET_OBJ	288

+#define ARR_GET_LAST_OBJ 289

+#define ARR_NEW_OBJ 290

+#define ARR_GET_NUM_OBJ 291

+#define ARR_RESET 292

+#define ARR_REMOVEOBJ 293

+#define ARR_GET_OBJ_NUM 294

+

+#define CM_BT_NEW 295

+#define CM_BT_ADD_NODE 296

+#define CM_BT_FIND_NODE 297

+#define CM_BT_DEL_NODE 298

+#define CM_BT_DESTROY 299

+#define CM_BT_GET_NUM 300

+#define CM_BT_TRAVEL 301

+

+#define CM_STR_NEW 302

+#define CM_STR_ADD 303

+#define CM_STR_REL 304

+#define CM_STR_FREE 305

+#define CM_STR_GET 306

+#define CM_STR_SIZE 307

+#define CM_COPY_STR 308

+#define CM_MAKE_UID 309

+

+#define MS_NEW 310

+#define MS_CREATE 311

diff --git a/include/nt/ntos.h b/include/nt/ntos.h
new file mode 100644
index 00000000..dce0efa0
--- /dev/null
+++ b/include/nt/ntos.h
@@ -0,0 +1,155 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+/**********************************************************************
+ *  ntOS.h - functionality used bt NT Operating System
+ *
+ **********************************************************************/
+
+#ifndef _ntos_h
+#define _ntos_h
+
+
+#ifdef __cplusplus
+extern "C" {            /* Assume C declarations for C++ */
+#endif  /* __cplusplus */
+
+#ifdef ISHIELD_DLL
+#define NS_WINAPI WINAPI
+#else
+#define NS_WINAPI 
+#endif
+
+/* prototypes for info.c */
+typedef enum {
+    OS_WIN95,
+    OS_WINNT,
+    OS_WIN32S,
+    OS_UNKNOWN
+} OS_TYPE;
+
+typedef enum {
+    PROCESSOR_I386,
+    PROCESSOR_ALPHA,
+    PROCESSOR_MIPS,
+    PROCESSOR_PPC,
+    PROCESSOR_UNKNOWN
+} PROCESSOR_TYPE;
+    
+OS_TYPE NS_WINAPI INFO_GetOperatingSystem (); 
+DWORD NS_WINAPI INFO_GetOSMajorVersion (); 
+DWORD NS_WINAPI INFO_GetOSMinorVersion (); 
+void NS_WINAPI OS_GetComputerName  (LPTSTR computerName, int nComputerNameLength ); 
+PROCESSOR_TYPE NS_WINAPI OS_GetProcessor (); 
+DWORD NS_WINAPI INFO_GetOSServicePack (); 
+
+
+/* prototypes for path.c */
+DWORD NS_WINAPI PATH_RemoveRelative ( char * path );
+DWORD NS_WINAPI PATH_ConvertNtSlashesToUnix( LPCTSTR  lpszNtPath, LPSTR lpszUnixPath );
+DWORD NS_WINAPI PATH_GetNextFileInDirectory ( long hFile, char * path, char * lpFileName );
+DWORD NS_WINAPI PATH_GetNextSubDirectory( long hFile, char * path, char * lpSubDirectoryName, char * lpSubDirectoryPrefix );
+DWORD NS_WINAPI PATH_DeleteRecursively ( char * path );
+
+
+/* prototypes for registry.c */
+BOOL NS_WINAPI REG_CheckIfKeyExists( HKEY hKey, LPCTSTR registryKey );
+BOOL NS_WINAPI REG_CreateKey( HKEY hKey, LPCTSTR registryKey );
+BOOL NS_WINAPI REG_DeleteKey( HKEY hKey, LPCTSTR registryKey );
+BOOL NS_WINAPI REG_DeleteValue( HKEY hKey, LPCTSTR registryKey, LPCSTR valueName );
+		 	
+BOOL NS_WINAPI 
+REG_GetRegistryParameter(
+    HKEY hKey, 
+	LPCTSTR registryKey, 
+	LPTSTR QueryValueName,
+	LPDWORD ValueType,
+	LPBYTE ValueBuffer, 
+	LPDWORD ValueBufferSize
+	);
+		 	
+BOOL NS_WINAPI 
+REG_SetRegistryParameter(
+    HKEY hKey, 
+	LPCTSTR registryKey, 
+	LPTSTR valueName,
+	DWORD valueType,
+	LPCTSTR ValueString, 
+	DWORD valueStringLength
+	);
+
+BOOL NS_WINAPI 
+REG_GetSubKeysInfo( 
+    HKEY hKey, 
+    LPCTSTR registryKey, 
+    LPDWORD lpdwNumberOfSubKeys, 
+    LPDWORD lpdwMaxSubKeyLength 
+    );
+
+BOOL NS_WINAPI 
+REG_GetSubKey( HKEY hKey, 
+    LPCTSTR registryKey, 
+    DWORD nSubKeyIndex, 
+    LPTSTR registrySubKeyBuffer, 
+    DWORD subKeyBufferSize 
+    );
+
+/* prototypes for service.c */
+#define SERVRET_ERROR     0
+#define SERVRET_INSTALLED 1
+#define SERVRET_STARTING  2
+#define SERVRET_STARTED   3
+#define SERVRET_STOPPING  4
+#define SERVRET_REMOVED   5
+
+DWORD NS_WINAPI SERVICE_GetNTServiceStatus(LPCTSTR szServiceName, LPDWORD lpLastError );
+DWORD NS_WINAPI SERVICE_InstallNTService(LPCTSTR szServiceName, LPCTSTR szServiceDisplayName, LPCTSTR szServiceExe );
+DWORD NS_WINAPI SERVICE_ReinstallNTService(LPCTSTR szServiceName, LPCTSTR szServiceDisplayName, LPCTSTR szServiceExe );
+DWORD NS_WINAPI SERVICE_RemoveNTService(LPCTSTR szServiceName);
+DWORD NS_WINAPI SERVICE_StartNTService(LPCTSTR szServiceName);
+DWORD NS_WINAPI SERVICE_StartNTServiceAndWait(LPCTSTR szServiceName, LPDWORD lpdwLastError);
+DWORD NS_WINAPI SERVICE_StopNTService(LPCTSTR szServiceName);
+DWORD NS_WINAPI SERVICE_StopNTServiceAndWait(LPCTSTR szServiceName, LPDWORD lpdwLastError);
+
+
+/* prototypes for pmddeml.c */
+DWORD PMDDEML_Open ( void );
+BOOL PMDDEML_Close ( DWORD idInst );
+BOOL PMDDEML_CreateProgramManagerGroup ( DWORD idInst, LPCTSTR lpszGroupName );
+BOOL PMDDEML_DeleteProgramManagerGroup ( DWORD idInst, LPCTSTR lpszGroupName );
+BOOL PMDDEML_ShowProgramManagerGroup ( DWORD idInst, LPCTSTR lpszGroupName );
+BOOL PMDDEML_AddIconToProgramManagerGroup ( DWORD idInst, LPCTSTR lpszCmdLine,
+                 LPCTSTR lpszTitle, LPCTSTR lpszIconPath, LPCTSTR lpszWorkingDir,
+                 BOOL bReplace );
+BOOL PMDDEML_CreateProgramManagerCommonGroup ( DWORD idInst,
+											   LPCTSTR lpszGroupName );
+BOOL PMDDEML_DeleteProgramManagerCommonGroup ( DWORD idInst,
+											   LPCTSTR lpszGroupName );
+BOOL PMDDEML_ShowProgramManagerCommonGroup ( DWORD idInst,
+											 LPCTSTR lpszGroupName );
+BOOL PMDDEML_DeleteIconInProgramManagerGroup ( DWORD idInst, LPCTSTR lpszTitle );
+BOOL PMDDEML_GetProgramGroupInfo(DWORD idInst, LPSTR lpProgramGroup, char *szBuffer, DWORD cbBuffer);
+
+/* prototypes for tcpip.c */
+#define TCPIP_NO_ERROR     		0
+#define TCPIP_UNSUPPORTED_OS	1
+#define TCPIP_NO_WINSOCK_DLL	2
+#define TCPIP_NO_TCPIP          3
+#define TCPIP_NETWORK_DOWN      4   /*	The Windows Sockets implementation has detected that the network subsystem has failed. */
+#define TCPIP_NETWORK_ERROR     5
+#define TCPIP_HOST_NOT_FOUND    6   /*	Authoritative Answer Host not found. */
+#define TCPIP_HOST_SERVER_DOWN  7   /*	Non-Authoritative Host not found, or SERVERFAIL */
+#define TCPIP_HOST_VALID_NAME   8  /*	Valid name, no data record of requested type. */
+
+DWORD NS_WINAPI
+TCPIP_GetDefaultHostName( LPTSTR lpszFullHostName, LPTSTR lpszHostName, LPTSTR lpszDomainName );
+DWORD NS_WINAPI TCPIP_VerifyHostName( LPCTSTR lpszHostName );
+
+
+#ifdef __cplusplus
+}
+#endif  /* __cplusplus */
+
+#endif
diff --git a/include/nt/regparms.h b/include/nt/regparms.h
new file mode 100644
index 00000000..418e60b0
--- /dev/null
+++ b/include/nt/regparms.h
@@ -0,0 +1,586 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+//                                                                          //
+//  Name: regparms.h                                                        //
+//	Platforms: WIN32                                                        //
+//  ......................................................................  //
+//  This module contains registry key definations used throughout the       //
+//  server.                                                                 //
+//  ......................................................................  //
+//  Revision History:                                                       //
+//  01-12-95  Initial Version, Aruna Victor (aruna@netscape.com)            //
+//  12-19-96  3.0 registry changes, Andy Hakim (ahakim@netscape.com)        //
+//  07-24-97  3.5 registry changes, Ted Byrd (tbyrd@netscape.com)           //
+//  09-28-97  4.0 registry changes, Glen Beasley (gbeasley@netscape.com)    //
+//--------------------------------------------------------------------------//
+#define KEY_COMPANY             "Netscape"
+#define KEY_APP_PATH            "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths"
+#define KEY_RUN_ONCE            "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"
+#define KEY_SERVICES            "SYSTEM\\CurrentControlSet\\Services"
+#define KEY_SNMP_SERVICE        "SNMP\\Parameters\\ExtensionAgents"
+#define KEY_SNMP_CURRENTVERSION "SNMP\\CurrentVersion"
+#define KEY_EVENTLOG_MESSAGES   "EventLogMessages"
+#define KEY_EVENTLOG_APP	    "EventLog\\Application"
+#define KEY_SOFTWARE_NETSCAPE   "SOFTWARE\\Netscape"
+#define VALUE_IMAGE_PATH        "ImagePath"
+#define VALUE_CONFIG_PATH       "ConfigurationPath"
+#define VALUE_ROOT_PATH         "RootPath"
+#define VALUE_APP_PATH          "Pathname"
+#define PROGRAM_GROUP_NAME      "Netscape SuiteSpot"
+#define STR_PRODUCT_TYPE        "Server"
+#define STR_EXE                 ".exe"
+#define STR_COMPANY_PREFIX      "ns-"
+
+/* SuiteSpot IDs */
+#define NSS_NAME_SHORT         "SuiteSpot"
+#define NSS_VERSION            "6.0"
+#define NSS_NAME_VERSION       "SuiteSpot 6.0"
+#define NSS_NAME_FULL          "Netscape SuiteSpot"
+#define NSS_NAME_FULL_VERSION  "Netscape SuiteSpot 6.0"
+#define NSS_NAME_UNINSTALL     "Uninstall SuiteSpot 6.0"
+
+/* Admin IDs */
+#define ADM_ID_PRODUCT         "admin"
+#define ADM_NAME_SHORT         "Administration"
+#define ADM_VERSION            "6.0"
+#define ADM_NAME_VERSION       "Administration 6.0"
+#define ADM_NAME_SERVER        "Administration Server"
+#define ADM_NAME_FULL          "Netscape Administration Server"
+#define ADM_NAME_FULL_VERSION  "Netscape Administration Server 6.0"
+#define ADM_NAME_SERVICE       "Netscape Administration 6.0"
+#define ADM_EXE                "ns-admin.exe"
+#define ADM_EXE_START          "admin.exe"
+#define ADM_ID_SERVICE         "admin60"
+#define ADM_KEY_ROOT           "Administration\\6.0"
+#define ADM_SERVER_LST_NAME    "adm:Netscape Enterprise Server"
+#define ADM_DIR_ROOT           "admin"
+#define ADM_NAME_UNINSTALL     "Uninstall Administration Server 6.0"
+
+#if defined( NS_DS )
+#define ADMIN_SERVICE_NAME      "Admin Server" 
+#define ADMIN_ICON_NAME          "Administer Netscape Servers"
+#endif
+
+/* Enterprise IDs */
+#define ENT_ID_PRODUCT         "https"
+#define ENT_NAME_SHORT         "Enterprise"
+#define ENT_VERSION            "3.01"
+#define ENT_NAME_VERSION       "Enterprise 3.01"
+#define ENT_NAME_SERVER        "Enterprise Server"
+#define ENT_NAME_FULL          "Netscape Enterprise Server"
+#define ENT_NAME_FULL_VERSION  "Netscape Enterprise Server 3.01"
+#define ENT_NAME_SERVICE       "Netscape Enterprise 3.01"
+#define ENT_EXE                "ns-httpd.exe"
+#define ENT_EXE_START          "httpd.exe"
+#define ENT_ID_SERVICE         "https"
+#define ENT_KEY_ROOT           "Enterprise\\3.01"
+#define ENT_SERVER_LST_NAME    "https:Netscape Enterprise Server"
+#define ENT_DIR_ROOT           "https"
+#define ENT_NAME_UNINSTALL     "Uninstall Enterprise Server 3.01"
+
+/* Personal IDs */
+#define PERSONAL_APP_PATH_KEY           "ns-httpd.exe"
+#define PERSONAL_README_ICON_NAME       "FastTrack README"
+#define PERSONAL_REGISTRY_ROOT_KEY      "Httpd Server"
+#define PERSONAL_SERVER_LST_NAME        "httpd:Netscape FastTrack Server"
+#define PERSONAL_UNINSTALL_ICON_NAME    "Uninstall FastTrack"
+#define PERSONAL_UNINSTALL_KEY          "FastTrackV2.0"
+#define PERSONAL_SERVER_NAME            "Netscape FastTrack Server"
+
+
+
+
+#define PER_ID_PRODUCT         "httpd"
+#define PER_NAME_SHORT         "FastTrack"
+#define PER_VERSION            "3.01"
+#define PER_NAME_VERSION       "FastTrack 3.01"
+#define PER_NAME_SERVER        "FastTrack Server"
+#define PER_NAME_FULL          "Netscape FastTrack Server"
+#define PER_NAME_FULL_VERSION  "Netscape FastTrack Server 3.01"
+#define PER_NAME_SERVICE       "Netscape FastTrack 3.01"
+#define PER_EXE                "ns-httpd.exe"
+#define PER_EXE_START          "httpd.exe"
+#define PER_ID_SERVICE         "httpd"
+#define PER_KEY_ROOT           "FastTrack\\3.01"
+#define PER_SERVER_LST_NAME    "httpd:Netscape FastTrack Server"
+#define PER_DIR_ROOT           "httpd"
+#define PER_NAME_UNINSTALL     "Uninstall FastTrack Server 3.01"
+
+/* Proxy IDs */
+#define PRX_ID_PRODUCT         "proxy"
+#define PRX_NAME_SHORT         "Proxy"
+#define PRX_VERSION            "3.0"
+#define PRX_NAME_VERSION       "Proxy 3.0"
+#define PRX_NAME_SERVER        "Proxy Server"
+#define PRX_NAME_FULL          "Netscape Proxy Server"
+#define PRX_NAME_FULL_VERSION  "Netscape Proxy Server 3.0"
+#define PRX_NAME_SERVICE       "Netscape Proxy 3.0"
+#define PRX_EXE                "ns-proxy.exe"
+#define PRX_EXE_START          "proxy.exe"
+#define PRX_ID_SERVICE         "proxy30"
+#define PRX_KEY_ROOT           "Proxy\\3.0"
+#define PRX_SERVER_LST_NAME    "proxy:Netscape Proxy Server"
+#define PRX_DIR_ROOT           "proxy"
+#define PRX_NAME_UNINSTALL     "Uninstall Proxy Server 3.0"
+
+/* Catalog IDs */
+#define CATALOG_SHORT_NAME             "Catalog"
+#define CATALOG_SERVER_NAME            "Netscape Catalog Server"
+#define CATALOG_SERVER_VERSION         "1.0"
+#define CATALOG_SETUP_SHORT_NAME       "Catalog Server"
+#define CATALOG_SETUP_NAME             "Netscape Catalog Server 1.0"
+#define CATALOG_REGISTRY_ROOT_KEY      "Catalog Server"
+#define CATALOG_EXE                    "ns-httpd.exe"
+#define CATALOG_DIR_ROOT               "catalog"
+#define CATALOG_APP_PATH_KEY           "ns-catalog"
+#define CATALOG_UNINSTALL_KEY          "CatalogV1.0"
+#define CATALOG_SERVER_LST_NAME        "catalog:Netscape Catalog Server"
+#define CATALOG_SERVICE_PREFIX         "Netscape Catalog Server "
+#define CATALOG_README_ICON_NAME       "Catalog README"
+#define CATALOG_UNINSTALL_ICON_NAME    "Uninstall Catalog"
+#define CATALOG_PRODUCT_NAME           "catalog"
+
+/* RDS IDs */
+#define RDS_SHORT_NAME             "RDS"
+#define RDS_SERVER_NAME            "Netscape RDS Server"
+#define RDS_SERVER_VERSION         "1.0"
+#define RDS_SETUP_SHORT_NAME       "RDS Server"
+#define RDS_SETUP_NAME             "Netscape RDS Server 1.0"
+#define RDS_REGISTRY_ROOT_KEY      "RDS Server"
+#define RDS_EXE                    "ns-httpd.exe"
+#define RDS_DIR_ROOT               "rds"
+#define RDS_APP_PATH_KEY           "ns-rds"
+#define RDS_UNINSTALL_KEY          "RdsV1.0"
+#define RDS_SERVER_LST_NAME        "rds:Netscape RDS Server"
+#define RDS_SERVICE_PREFIX         "Netscape RDS Server "
+#define RDS_README_ICON_NAME       "Rds README"
+#define RDS_UNINSTALL_ICON_NAME    "Uninstall RDS"
+#define RDS_PRODUCT_NAME           "rds"
+
+/* News IDs */
+#define NEWS_SHORT_NAME           "News"
+/* Alpha #define NEWS_SERVER_NAME          "Netscape News Server (tm) " */
+/* Alpha #define NEWS_SETUP_NAME           "Netscape News Server (tm) " */
+/* Alpha #define NEWS_UNINSTALL_KEY        "NewsV1.2" */
+#define NEWS_SERVER_NAME          "Netscape News Server"
+#define NEWS_SERVER_VERSION       "2.0"
+#define NEWS_UNINSTALL_KEY        "NetscapeNewsV2.0"
+#define NEWS_SETUP_SHORT_NAME     "News Server"
+#define NEWS_SETUP_NAME           "Netscape News Server"
+#define NEWS_REGISTRY_ROOT_KEY    "News Server" // key under SW/Netscape
+#define NEWS_EXE                  "nnrpd.exe" // value for <No name>
+#define NEWS_DIR_ROOT             "news"     // mess.dll in Reg, and in .lst
+#define NEWS_APP_PATH_KEY         "innd.exe" // key under app paths
+#define NEWS_SERVER_LST_NAME      "news:Netscape News Server"
+#define NEWS_SERVICE_PREFIX       "Netscape News Server "
+#define NEWS_README_ICON_NAME     "News Readme"
+#define NEWS_UNINSTALL_ICON_NAME  "Uninstall News"
+
+/* Mail IDs */
+/* When we integrate the core & admin servers installation processes */
+/* we will use the code below instead of the section following it.   */
+
+/*
+#define MAIL_SHORT_NAME           "Mail"
+#define MAIL_SERVER_NAME          "Netscape Mail Server (tm)"
+#define MAIL_SERVER_VERSION       "2.0"
+#define MAIL_SETUP_SHORT_NAME     "Mail Server"
+#define MAIL_SETUP_NAME           "Netscape Mail Server (tm)"
+#define MAIL_REGISTRY_ROOT_KEY    "Mail Server"     // key under SW/Netscape
+#define MAIL_EXE                  "NetscapeMTA.exe" // value for <No name>
+#define MAIL_DIR_ROOT             "mail"            // mess.dll in Reg, and in .lst
+#define MAIL_APP_PATH_KEY         "NetscapeMTA.exe" // key under app paths
+#define MAIL_UNINSTALL_KEY        "MailV2.0"
+#define MAIL_SERVER_LST_NAME      "mail:Netscape Mail Server"
+#define MAIL_SERVICE_PREFIX       "Netscape Mail Server "
+#define MAIL_README_ICON_NAME     "Mail Readme"
+#define MAIL_UNINSTALL_ICON_NAME  "Uninstall Mail"
+*/
+
+#define MAIL_SHORT_NAME           "Admin"
+#define MAIL_SERVER_NAME          "Netscape Administration Server (tm)"
+#define MAIL_SERVER_VERSION       "2.0"
+#define MAIL_SETUP_SHORT_NAME     "Admin Server"
+#define MAIL_SETUP_NAME           "Netscape Administration Server (tm)"
+#define MAIL_REGISTRY_ROOT_KEY    "Mail Server"     // key under SW/Netscape
+#define MAIL_EXE                  "NetscapeMTA.exe" // value for <No name>
+#define MAIL_DIR_ROOT             "mail"            // mess.dll in Reg, and in .lst
+#define MAIL_APP_PATH_KEY         "NetscapeMTA.exe" // key under app paths
+#define MAIL_UNINSTALL_KEY        "MailV2.0"
+#define MAIL_SERVER_LST_NAME      "mail:Netscape Mail Server"
+#define MAIL_SERVICE_PREFIX       "Netscape Admin Server "
+#define MAIL_README_ICON_NAME     "Mail Readme"
+#define MAIL_UNINSTALL_ICON_NAME  "Uninstall Mail"
+
+/* Synchronization Service IDs */
+#define DSS_SHORT_NAME           "Directory Synchronization Service"
+#define DSS_SERVER_NAME          "Netscape Directory Synchronization Service"
+#define DSS_SERVER_VERSION       "7"
+#define DSS_SETUP_SHORT_NAME     "Netscape Synchronization Service"
+#define DSS_SETUP_NAME           "Netscape Directory Synchronization Service 7"
+#define DSS_REGISTRY_ROOT_KEY    "Directory Synchronization Service"
+#define DSS_EXE                  "dssynch.exe"
+#define DSS_DIR_ROOT             "dssynch"
+#define DSS_APP_PATH_KEY         "dssynch.exe"
+#define DSS_CONFIG_TOOL          "synchcfg.exe"
+#define DSS_UNINSTALL_KEY        "SynchronizationV7"
+#define DSS_SERVER_LST_NAME      "dssynch:Netscape Directory Synchronization Service"
+#define DSS_SERVICE_PREFIX       "Netscape Directory Synchronization Service "
+#define DSS_README_ICON_NAME     "Directory Synchronization Service README"
+#define DSS_CONFIG_ICON_NAME     "Directory Synchronization Service Config"
+#define DSS_UNINSTALL_ICON_NAME  "Uninstall Directory Synch Service"
+#define DSS_PRODUCT_NAME         "dssynch"
+#define DSS_ID_PRODUCT			 DSS_PRODUCT_NAME
+#define DS_COMPONENT             1
+
+/* IDs needed for Directory 102/30 synchservice */
+#define ADMIN_APP_PATH_KEY       "ns-admin.exe"
+#define ADMIN_EXE               "ns-admin.exe"
+#define ADMIN_REGISTRY_ROOT_KEY "admin.exe"
+#define ADMSERV_COMPRESSED_FILE	"admserv.z"
+#define APPBASE_DIR95           "Program Files"
+#define APPBASE_PATH            "Netscape"
+#define APP_PATH_KEY            "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths"
+#define BASE_REGISTRY95         "Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\"
+#define BASE_REGISTRYNT         "Software\\Microsoft\\Windows NT\\CurrentVersion\\App Paths\\"
+#define CMS_COMPRESSED_FILE     "certsvr.z"
+#define CMS_DIR_ROOT             "cms"
+#define CMS_SHORT_NAME          "Certificate Server"
+#define CMS_APP_PATH_KEY         "libcms.dll"
+#define CMS_UNINSTALL_KEY        "CertificateV1.0"
+#define CMS_UNINSTALL_ICON_NAME  "Uninstall CertServer"
+#define UPGRADE_VER_1_ICON_NAME "Upgrade 1.1x Servers"
+#define CMS_README_ICON_NAME     "CertServer README"
+#define CMS_REGISTRY_ROOT_KEY    "Certificate Server"
+#define CMS_SERVER_NAME          "Netscape Certificate Server"
+#define CMS_SERVER_LST_NAME      "cms:Netscape Certificate Server"
+#define COMPANY_NAME            "Netscape"
+#define DIR_HTTPD_SERVER         DSS_DIR_ROOT
+#define DSS_COMPRESSED_FILE     "dssynch.z"
+#define DSS_COMPRESSED_HELP_FILE "hdssynch.z"
+#define DS_COMPRESSED_FILE      "slapd.z"
+#define ENTERPRISE_APP_PATH_KEY         "ns-https.exe"
+#define ENTERPRISE_README_ICON_NAME     "Enterprise README"
+#define ENTERPRISE_REGISTRY_ROOT_KEY    "Https Server"
+#define ENTERPRISE_SERVER_LST_NAME      "https:Netscape Enterprise Server"
+#define ENTERPRISE_SERVER_NAME          "Netscape Enterprise Server"
+#define ENTERPRISE_UNINSTALL_KEY        "EnterpriseV2.0"
+#define ENTERPRISE_UNINSTALL_ICON_NAME  "Uninstall Enterprise"
+#define ENTERPRISE_DIR_ROOT     "https"
+#define ENTERPRISE_SHORT_NAME   "Enterprise"
+#define EXTRAS_COMPRESSED_FILE	"extras.z"
+#define HTTP_SERVER_NAME         DSS_DIR_ROOT 
+#define INSTALL_COMPRESSED_FILE	"install.z"
+#define LIVEWIRE_COMPRESSED_FILE "wire.z"
+#define NSAPI_COMPRESSED_FILE	 "nsapi.z"
+#define PERSONAL_DIR_ROOT        "httpd"
+#define PERSONAL_SHORT_NAME      "FastTrack"
+#define PLUGINS_COMPRESSED_FILE	 "plugins.z"
+#define REGISTRY_ROOT_PATH_KEY   "Path"
+#define SERVDLLS_COMPRESSED_FILE "servdlls.z"
+#define SERVER_APP_PATH_KEY      DSS_APP_PATH_KEY
+#define SERVER_COMPRESSED_FILE	"server.z"
+#define SERVER_EXE               DSS_EXE
+#define SERVER_LIST_NAME         DSS_SERVER_LST_NAME
+#define SERVER_PRODUCT_NAME      DSS_REGISTRY_ROOT_KEY
+#define SERVER_PRODUCT_VERSION   DSS_VERSION_DEF
+#define SERVER_README_ICON_NAME  DSS_README_ICON_NAME
+#define SERVER_UNINSTALL_ICON_NAME DSS_UNINSTALL_ICON_NAME
+#define SETUP_NAME               DSS_SETUP_NAME
+#define SETUP_SHORT_NAME         DSS_SHORT_NAME
+#define SETUP_TITLE_WIN95_BMP	"titleNTb.bmp"
+#define SETUP_TITLE_WINNT_BMP	"titledss.bmp"
+#define SOFTWARE_NETSCAPE_KEY   "SOFTWARE\\Netscape"
+#define NETSCAPE_WEB_KEY	"Netscape Web Servers"
+#define NETSCAPE_SERVICE_KEY	"SYSTEM\\CurrentControlSet\\Services"
+
+#define SYSDLLS_COMPRESSED_FILE	"ssdlls.z"
+#define UNINSTALL_KEY            DSS_UNINSTALL_KEY
+#define UNINSTALL_REGISTRY95    "Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\"
+// NT SNMP Extension Agent registry entries
+#define SNMP_SERVICE_KEY       "SYSTEM\\CurrentControlSet\\Services\\SNMP\\Parameters\\ExtensionAgents\\"
+#define SNMP_AGENT_KEY         "HTTP SNMP Agent"
+#define SNMP_CURRENT_VERSION   "CurrentVersion"
+#define SNMP_PATHNAME			 "Pathname"
+#define SNMP_DLL_PATH          "bin\\https\\httpsnmp.dll"
+#define SNMP_SERVICE_NAME      "SNMP"
+// end synch service
+
+#define LICENSE_TXT             "license.txt"
+
+#define UNINST_EXE              "unslapd.exe"
+#define DSS_UNINST_EXE          "unsynch.exe"
+
+#define DIR_ADMSERV_SERVER      "admserv"
+
+#define COPY_READMEFILES         "Copying readme files..."
+#define COPY_SYSDLLFILES         "Copying Shared System files..."
+#define COPY_SERVDLLFILES        "Copying Shared Server files..."
+#define COPY_SERVERFILES         "Copying web server files..."
+#define COPY_ADMINFILES          "Copying administration server files..."
+#define COPY_EXTRASFILES         "Copying CGI Example and Log Analyzer Files..."
+#define COPY_INSTALLFILES        "Copying Version 1.1x upgrade files..."
+#define COPY_NSAPIFILES          "Copying NSAPI Library and Examples Files..."
+#define COPY_PLUGINSFILES        "Copying Plug-in Files..."
+#define COPY_LIVEWIREFILES       "Copying LiveWire Files..."
+#define INSTALL_LIVEWIREFILES    "Installing LiveWire Server Extension files..."
+#define INSTALL_CMSFILES	 "Installing Certificate Server files..."
+#define INSTALL_DSFILES 	 "Installing Directory Server files..."
+#define INSTALL_DSSFILES 	 "Installing Directory Synchronization Service files..."
+#define INSTALL_DSSHELPFILES 	 "Installing Directory Synchronization Service Help files..."
+
+#define STR_DEFTAB              "            "
+/* end temp ds102 IDs */
+
+
+/* Directory IDs */
+/* NOTES:
+   dboreham: I have no idea what is going on below:
+   we seem to be using two completely different sets of defines.
+   This needs sorted out 
+   ryamaura: The first group is there only to ensure that 
+   nothing breaks. The second group conforms to the rest of
+   the SuiteSpot servers and should be the final form.
+*/
+#define DS_SHORT_NAME           "Directory Server"
+#define DS_SERVER_NAME          "Netscape Directory Server"
+#define DS_SERVER_VERSION       "7"
+#define DS_SETUP_SHORT_NAME     "Directory Server"
+#define DS_SETUP_NAME           "Netscape Directory Server 7"
+#define DS_REGISTRY_ROOT_KEY    "Directory Server"
+#define DS_APP_PATH_KEY         "ns-slapd.exe"
+#define DS_UNINSTALL_KEY        "DirectoryV7"
+#define DS_SERVICE_PREFIX       "Netscape Directory Server "
+#define DS_README_ICON_NAME     "Directory Server 7 README"
+#define DS_UNINSTALL_ICON_NAME  "Uninstall Directory Server 7"
+#define DS_PRODUCT_NAME         "slapd"
+
+#define DS_ID_PRODUCT           "slapd"
+#define DS_NAME_SHORT           "Directory"
+#define DS_VERSION_OLD          "3.0"
+#undef  DS_VERSION
+#define DS_VERSION              "7"
+#define DS_NAME_VERSION         "Directory 7"
+#define DS_NAME_SERVER          "Directory Server"
+#define DS_NAME_FULL            "Netscape Directory Server"
+#define DS_NAME_FULL_VERSION    "Netscape Directory Server 7"
+#define DS_NAME_SERVICE         "Netscape Directory 7"
+#define DS_EXE                  "ns-slapd.exe"
+#define DS_EXE_START            "slapd.exe"
+#define DS_ID_SERVICE           "slapd"
+#define DS_KEY_ROOT             "Directory\\7"
+#define DS_KEY_ROOT_OLD         "Directory\\3.0"
+#define DS_SERVER_LST_NAME      "slapd:Netscape Directory Server"
+#define DS_DIR_ROOT             "slapd"
+#define DS_NAME_UNINSTALL       "Uninstall Directory Server 7"
+#define DS_SNMP_PATH            "bin\\slapd\\server\\ns-ldapagt.dll"
+#define DS_OPTIONS              "Select the installation option from below"
+#define DS_OPTIONS_TITLE 		"Directory Server Installions Options"
+#define DS_GENERAL_OPTIONS       DS_NAME_SERVER 
+
+
+#ifndef DS_COMPONENT
+#define DS_COMPONENT          1
+#endif
+
+/* original definitions */
+// Upper-level registry parameters
+/* Note: the followin MCC_ are not defined when this file is included
+   for the NT setup.rul file. Beware of using the following definitions in NT
+   - nirmal
+*/
+#if defined(MCC_ADMSERV)
+
+#define SERVICE_NAME           ADM_ID_SERVICE
+#define EVENTLOG_APPNAME	   ADM_NAME_VERSION
+#define SERVICE_EXE            ADM_EXE
+#define SERVICE_PREFIX         ADM_NAME_VERSION
+#define SVR_ID_PRODUCT         ADM_ID_PRODUCT
+#define SVR_NAME_SHORT         ADM_NAME_SHORT
+#define SVR_VERSION            ADM_VERSION
+#define SVR_NAME_VERSION       ADM_NAME_VERSION
+#define SVR_NAME_SERVER        ADM_NAME_SERVER
+#define SVR_NAME_FULL          ADM_NAME_FULL
+#define SVR_NAME_FULL_VERSION  ADM_NAME_FULL_VERSION
+#define SVR_NAME_SERVICE       ADM_NAME_SERVICE
+#define SVR_EXE                ADM_EXE
+#define SVR_EXE_START          ADM_EXE_START
+#define SVR_ID_SERVICE         ADM_ID_SERVICE
+#define SVR_KEY_ROOT           ADM_KEY_ROOT
+#define SVR_SERVER_LST_NAME    ADM_SERVER_LST_NAME
+#define SVR_DIR_ROOT           ADM_DIR_ROOT
+#define SVR_NAME_UNINSTALL     ADM_NAME_UNINSTALL
+
+#elif defined(NS_ENTERPRISE)
+
+#define PRODUCT_KEY            ENT_KEY_ROOT
+#define PRODUCT_NAME           ENT_ID_PRODUCT
+#define EVENTLOG_APPNAME       ENT_NAME_VERSION
+#define SERVICE_PREFIX         ENT_NAME_VERSION
+#define SVR_ID_PRODUCT         ENT_ID_PRODUCT
+#define SVR_NAME_SHORT         ENT_NAME_SHORT
+#define SVR_VERSION            ENT_VERSION
+#define SVR_NAME_VERSION       ENT_NAME_VERSION
+#define SVR_NAME_SERVER        ENT_NAME_SERVER
+#define SVR_NAME_FULL          ENT_NAME_FULL
+#define SVR_NAME_FULL_VERSION  ENT_NAME_FULL_VERSION
+#define SVR_NAME_SERVICE       ENT_NAME_SERVICE
+#define SVR_EXE                ENT_EXE
+#define SVR_EXE_START          ENT_EXE_START
+#define SVR_ID_SERVICE         ENT_ID_SERVICE
+#define SVR_KEY_ROOT           ENT_KEY_ROOT
+#define SVR_SERVER_LST_NAME    ENT_SERVER_LST_NAME
+#define SVR_DIR_ROOT           ENT_DIR_ROOT
+#define SVR_NAME_UNINSTALL     ENT_NAME_UNINSTALL
+
+#elif defined(NS_PROXY)
+
+#define PRODUCT_KEY            PRX_KEY_ROOT
+#define PRODUCT_NAME           PRX_ID_PRODUCT
+#define EVENTLOG_APPNAME       PRX_NAME_VERSION
+#define SERVICE_PREFIX         PRX_NAME_VERSION
+#define SVR_ID_PRODUCT         PRX_ID_PRODUCT
+#define SVR_NAME_SHORT         PRX_NAME_SHORT
+#define SVR_VERSION            PRX_VERSION
+#define SVR_NAME_VERSION       PRX_NAME_VERSION
+#define SVR_NAME_SERVER        PRX_NAME_SERVER
+#define SVR_NAME_FULL          PRX_NAME_FULL
+#define SVR_NAME_FULL_VERSION  PRX_NAME_FULL_VERSION
+#define SVR_NAME_SERVICE       PRX_NAME_SERVICE
+#define SVR_EXE                PRX_EXE
+#define SVR_EXE_START          PRX_EXE_START
+#define SVR_ID_SERVICE         PRX_ID_SERVICE
+#define SVR_KEY_ROOT           PRX_KEY_ROOT
+#define SVR_SERVER_LST_NAME    PRX_SERVER_LST_NAME
+#define SVR_DIR_ROOT           PRX_DIR_ROOT
+#define SVR_NAME_UNINSTALL     PRX_NAME_UNINSTALL
+
+#elif defined(NS_CATALOG)
+
+#define PRODUCT_KEY         CATALOG_REGISTRY_ROOT_KEY // CKA (should use key above)
+#define PRODUCT_NAME        "catalog"
+#define EVENTLOG_APPNAME	"NetscapeCatalog"
+#define SERVICE_PREFIX      CATALOG_SERVICE_PREFIX
+
+#elif defined(NS_RDS)
+
+#define PRODUCT_KEY         RDS_REGISTRY_ROOT_KEY // CKA (should use key above)
+#define PRODUCT_NAME        "rds"
+#define EVENTLOG_APPNAME	"NetscapeRds"
+#define SERVICE_PREFIX      RDS_SERVICE_PREFIX
+
+#elif defined(NS_PERSONAL)
+
+#define PRODUCT_KEY            PER_KEY_ROOT
+#define PRODUCT_NAME           PER_ID_PRODUCT
+#define EVENTLOG_APPNAME       PER_NAME_VERSION
+#define SERVICE_PREFIX         PER_NAME_VERSION
+#define SVR_ID_PRODUCT         PER_ID_PRODUCT
+#define SVR_NAME_SHORT         PER_NAME_SHORT
+#define SVR_VERSION            PER_VERSION
+#define SVR_NAME_VERSION       PER_NAME_VERSION
+#define SVR_NAME_SERVER        PER_NAME_SERVER
+#define SVR_NAME_FULL          PER_NAME_FULL
+#define SVR_NAME_FULL_VERSION  PER_NAME_FULL_VERSION
+#define SVR_NAME_SERVICE       PER_NAME_SERVICE
+#define SVR_EXE                PER_EXE
+#define SVR_EXE_START          PER_EXE_START
+#define SVR_ID_SERVICE         PER_ID_SERVICE
+#define SVR_KEY_ROOT           PER_KEY_ROOT
+#define SVR_SERVER_LST_NAME    PER_SERVER_LST_NAME
+#define SVR_DIR_ROOT           PER_DIR_ROOT
+#define SVR_NAME_UNINSTALL     PER_NAME_UNINSTALL
+
+#elif defined(NS_DSS)
+
+#define PRODUCT_KEY         DSS_REGISTRY_ROOT_KEY // CKA (should use key above)
+#define PRODUCT_NAME        "dssynch"
+#define EVENTLOG_APPNAME	"NetscapeDirSynchService"
+#define SERVICE_PREFIX      DSS_SERVICE_PREFIX
+
+#elif defined(NS_DS)
+
+#define PRODUCT_BIN         "ns-slapd"
+#define SLAPD_EXE           "slapd.exe"
+#define SERVICE_EXE         SLAPD_EXE
+#define SLAPD_CONF          "slapd.conf"
+#define SLAPD_DONGLE_FILE   "password.dng"
+#define DONGLE_FILE_NAME    SLAPD_DONGLE_FILE
+
+#define PRODUCT_KEY            DS_REGISTRY_ROOT_KEY 
+#define PRODUCT_NAME           DS_ID_PRODUCT
+#define EVENTLOG_APPNAME           DS_NAME_VERSION
+#define SERVICE_PREFIX         DS_NAME_VERSION
+#define SVR_ID_PRODUCT         DS_ID_PRODUCT       
+#define SVR_NAME_SHORT         DS_NAME_SHORT       
+#define SVR_VERSION            DS_VERSION          
+#define SVR_VERSION_OLD        DS_VERSION_OLD
+#define SVR_NAME_VERSION       DS_NAME_VERSION     
+#define SVR_NAME_SERVER        DS_NAME_SERVER      
+#define SVR_NAME_FULL          DS_NAME_FULL        
+#define SVR_NAME_FULL_VERSION  DS_NAME_FULL_VERSION
+#define SVR_NAME_SERVICE       DS_NAME_SERVICE
+#define SVR_EXE                DS_EXE
+#define SVR_EXE_START          DS_EXE_START
+#define SVR_ID_SERVICE         DS_ID_SERVICE
+#define SVR_KEY_ROOT           DS_KEY_ROOT
+#define SVR_SERVER_LST_NAME    DS_SERVER_LST_NAME
+#define SVR_DIR_ROOT           DS_DIR_ROOT
+#define SVR_NAME_UNINSTALL     DS_NAME_UNINSTALL
+#define SNMP_PATH              DS_SNMP_PATH
+
+#elif defined(NS_SETUP)
+#else
+
+#error SERVER TYPE NOT DEFINED
+
+#endif /* MCC_ADMSERV */
+
+// Do not move this section. This has to come immediately after the
+//  ifdef section above - Nirmal
+//
+#if defined(MCC_NEWS)	// Nirmal : added for news 2/21/95.
+#define PRODUCT_BIN	    "innd"    // Redefine the generic ns-httpd.exe
+#define PRODUCT_KEY         NEWS_REGISTRY_ROOT_KEY // CKA (should use key above)
+#define PRODUCT_NAME        "news"
+#define EVENTLOG_APPNAME    "NetscapeNews"
+#define SERVICE_PREFIX      NEWS_SERVICE_PREFIX
+
+#endif
+
+
+#define VERSION_KEY "CurrentVersion"
+
+// Configuration Parameters
+
+#define SOFTWARE_KEY                    "Software"
+
+// NT Perfmon DLL entries
+#define KEY_PERFORMANCE     "Performance"
+#define PERF_MICROSOFT_KEY	"SOFTWARE\\Microsoft\\Windows NT\\Perflib\\009"
+#define PERF_COUNTER_KEY	"Counter"
+#define PERF_HELP_KEY		"Help"
+#define PERF_OPEN_FUNCTION	"OpenNSPerformanceData"
+#define PERF_COLLECT_FUNCTION	"CollectNSPerformanceData"
+#define PERF_CLOSE_FUNCTION	"CloseNSPerformanceData"
+#define PERF_CTR_INI		"nsctrs.ini"
+
+// this section used to be in confhttp.h.  TODO: convert to SVR_ format -ahakim
+#if defined(NS_CATALOG)
+#define SERVER_REGISTRY_ROOT_KEY    CATALOG_REGISTRY_ROOT_KEY
+#define SERVER_APP_PATH_KEY         CATALOG_APP_PATH_KEY
+#define SERVER_DIR_ROOT             CATALOG_DIR_ROOT
+#define SERVER_SETUP_NAME           CATALOG_SETUP_NAME
+#define SERVER_SHORT_NAME           CATALOG_SHORT_NAME
+
+#elif defined(NS_RDS)
+#define SERVER_REGISTRY_ROOT_KEY    RDS_REGISTRY_ROOT_KEY
+#define SERVER_APP_PATH_KEY         RDS_APP_PATH_KEY
+#define SERVER_DIR_ROOT             RDS_DIR_ROOT
+#define SERVER_SETUP_NAME           RDS_SETUP_NAME
+#define SERVER_SHORT_NAME           RDS_SHORT_NAME
+
+#endif
diff --git a/include/nt/resource.h b/include/nt/resource.h
new file mode 100644
index 00000000..905cbeb6
--- /dev/null
+++ b/include/nt/resource.h
@@ -0,0 +1,36 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+//{{NO_DEPENDENCIES}}
+// Microsoft Visual C++ generated include file.
+// Used by netsite.rc
+//
+#define IDB_BITMAP1                     101
+#define DLG_STARTUP_ERROR               101
+#define IDI_NETSITE                     102
+#define IDI_ICON1                       104
+#define DLG_GETPASSWORD                 106
+#define IDI_ICON2                       107
+#define IDD_PASSWORD                    108
+#define IDI_KEY                         109
+#define IDD_PIN                         110
+#define IDEDIT                          1000
+#define IDC_ERRORLOG                    1001
+#define ID_EXIT                         1001
+#define IDC_ERRORMSG                    1002
+#define IDC_STARTUP_ERROR               1003
+#define IDC_STATIC                      -1
+
+// Next default values for new objects
+// 
+#ifdef APSTUDIO_INVOKED
+#ifndef APSTUDIO_READONLY_SYMBOLS
+#define _APS_NEXT_RESOURCE_VALUE        110
+#define _APS_NEXT_COMMAND_VALUE         40001
+#define _APS_NEXT_CONTROL_VALUE         1002
+#define _APS_NEXT_SYMED_VALUE           101
+#endif
+#endif
+
diff --git a/include/public/Makefile b/include/public/Makefile
new file mode 100644
index 00000000..9d291cae
--- /dev/null
+++ b/include/public/Makefile
@@ -0,0 +1,59 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+# Makefile for netsite.h
+
+MCOM_ROOT = ../../..
+MODULE=netsiteInclude
+
+include ../../nsdefs.mk
+
+HDRDEST=$(OBJDIR)/include
+
+PREFIX=../copyrght.h
+
+
+NOSTDSTRIP=true
+NOSTDDEPEND=true
+
+HDRS=netsite.h nsapi.h
+
+BINS=$(addprefix $(HDRDEST)/,$(HDRS))
+
+all: stuff
+
+strip:
+depend:
+
+include ../../nsconfig.mk
+
+ifeq ($(NSAPI_CAPABLE), true)
+
+stuff: $(HDRDEST) $(BINS) sub-hdrs
+
+$(HDRDEST):
+	mkdir -p $(HDRDEST)
+
+ifeq ($(PRODUCT), "Netscape Proxy Server")
+sub-hdrs:
+	cd base; $(MAKE) $(MAKEFLAGS)
+	cd frame; $(MAKE) $(MAKEFLAGS)
+	cd libproxy; $(MAKE) $(MAKEFLAGS)
+else
+sub-hdrs:
+	cd base; $(MAKE) $(MAKEFLAGS) 
+	cd frame; $(MAKE) $(MAKEFLAGS) 
+	cd nsacl; $(MAKE) $(MAKEFLAGS) 
+endif
+
+$(HDRDEST)/%.h: %.h
+	cat $(PREFIX) $< > $(HDRDEST)/$*.h
+
+else
+stuff:
+
+endif
diff --git a/include/public/base/Makefile b/include/public/base/Makefile
new file mode 100644
index 00000000..15fa95e3
--- /dev/null
+++ b/include/public/base/Makefile
@@ -0,0 +1,40 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+# Makefile for netsite.h
+
+MCOM_ROOT = ../../../..
+MODULE=netsiteIncludeBase
+
+include ../../../nsdefs.mk
+
+HDRDEST=$(OBJDIR)/include/base
+
+PREFIX=../../copyrght.h
+
+
+NOSTDSTRIP=true
+NOSTDDEPEND=true
+
+#HDRS=$(wildcard *.h)
+HDRS=daemon.h cinfo.h crit.h ereport.h buffer.h net.h pblock.h sem.h session.h shexp.h shmem.h systhr.h util.h file.h pool.h regexp.h systems.h
+
+
+BINS=$(addprefix $(HDRDEST)/,$(HDRS))
+
+all: $(HDRDEST) $(BINS)
+
+$(HDRDEST):
+	mkdir -p $(HDRDEST)
+
+strip:
+depend:
+
+include ../../../nsconfig.mk
+
+$(HDRDEST)/%.h: %.h
+	cat $(PREFIX) $< > $(HDRDEST)/$*.h
diff --git a/include/public/base/crit.h b/include/public/base/crit.h
new file mode 100644
index 00000000..bca8c839
--- /dev/null
+++ b/include/public/base/crit.h
@@ -0,0 +1,21 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef PUBLIC_BASE_CRIT_H
+#define PUBLIC_BASE_CRIT_H
+
+/*
+ * File:        crit.h
+ *
+ * Description:
+ *
+ *      Deprecated include file.
+ */
+
+#ifndef PUBLIC_NSAPI_H
+#include "../nsapi.h"
+#endif /* !PUBLIC_NSAPI_H */
+
+#endif /* !PUBLIC_BASE_CRIT_H */
diff --git a/include/public/base/ereport.h b/include/public/base/ereport.h
new file mode 100644
index 00000000..742d77ea
--- /dev/null
+++ b/include/public/base/ereport.h
@@ -0,0 +1,21 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef PUBLIC_BASE_EREPORT_H
+#define PUBLIC_BASE_EREPORT_H
+
+/*
+ * File:        ereport.h
+ *
+ * Description:
+ *
+ *      Deprecated include file.
+ */
+
+#ifndef PUBLIC_NSAPI_H
+#include "../nsapi.h"
+#endif /* !PUBLIC_NSAPI_H */
+
+#endif /* !PUBLIC_BASE_EREPORT_H */
diff --git a/include/public/base/file.h b/include/public/base/file.h
new file mode 100644
index 00000000..73312bd2
--- /dev/null
+++ b/include/public/base/file.h
@@ -0,0 +1,21 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef PUBLIC_BASE_FILE_H
+#define PUBLIC_BASE_FILE_H
+
+/*
+ * File:        file.h
+ *
+ * Description:
+ *
+ *      Deprecated include file.
+ */
+
+#ifndef PUBLIC_NSAPI_H
+#include "../nsapi.h"
+#endif /* !PUBLIC_NSAPI_H */
+
+#endif /* !PUBLIC_BASE_FILE_H */
diff --git a/include/public/base/pool.h b/include/public/base/pool.h
new file mode 100644
index 00000000..9480d7c6
--- /dev/null
+++ b/include/public/base/pool.h
@@ -0,0 +1,22 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef PUBLIC_BASE_POOL_H
+#define PUBLIC_BASE_POOL_H
+
+/*
+ * File:        pool.h
+ *
+ * Description:
+ *
+ *      Deprecated include file.
+ */
+
+#ifndef PUBLIC_NSAPI_H
+#include "../nsapi.h"
+#endif /* !PUBLIC_NSAPI_H */
+
+#endif /* !PUBLIC_BASE_POOL_H */
+
diff --git a/include/public/base/shexp.h b/include/public/base/shexp.h
new file mode 100644
index 00000000..dd7acf9b
--- /dev/null
+++ b/include/public/base/shexp.h
@@ -0,0 +1,22 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef PUBLIC_BASE_SHEXP_H
+#define PUBLIC_BASE_SHEXP_H
+
+/*
+ * File:        shexp.h
+ *
+ * Description:
+ *
+ *      Deprecated include file.
+ */
+
+#ifndef PUBLIC_NSAPI_H
+#include "../nsapi.h"
+#endif /* !PUBLIC_NSAPI_H */
+
+#endif /* !PUBLIC_BASE_SHEXP_H */
+
diff --git a/include/public/base/systems.h b/include/public/base/systems.h
new file mode 100644
index 00000000..51be7bcd
--- /dev/null
+++ b/include/public/base/systems.h
@@ -0,0 +1,242 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef PUBLIC_BASE_SYSTEMS_H
+#define PUBLIC_BASE_SYSTEMS_H
+
+/*
+ * File:        systems.h
+ * 
+ * Description:
+ *
+ *      This file defines various platform-dependent symbols, which are
+ *      used to configure platform-dependent aspects of the API.
+ */
+
+/* --- Begin native platform configuration definitions --- */
+
+#if defined(AIX)
+
+#define FILE_UNIX
+#define FILE_UNIX_MMAP
+#define MALLOC_POOLS
+#define SEM_FLOCK
+#define SHMEM_UNIX_MMAP
+#define ZERO(ptr,len) memset(ptr,0,len)
+#define NEED_STRCASECMP
+#define NEED_STRNCASECMP
+#if OSVERSION > 4200
+#define TCPLEN_T size_t
+#endif /* OSVERSION > 4200 */
+
+#elif defined(BSDI)
+
+#define BSD_FLOCK
+#define FILE_UNIX
+#define FILE_UNIX_MMAP
+#define MALLOC_POOLS
+#define SEM_FLOCK
+#define SHMEM_UNIX_MMAP
+#define ZERO(ptr,len) memset(ptr,0,len)
+
+#elif defined(HPUX)
+
+#define FILE_UNIX
+#define FILE_UNIX_MMAP
+#define MALLOC_POOLS
+#define SEM_FLOCK
+/* warning: mmap doesn't work under 9.04 */
+#define SHMEM_UNIX_MMAP
+#define ZERO(ptr,len) memset(ptr,0,len)
+
+#elif defined (IRIX)
+
+#define FILE_UNIX
+#define FILE_UNIX_MMAP
+#define MALLOC_POOLS
+#define SEM_FLOCK
+#define SHMEM_UNIX_MMAP
+#define ZERO(ptr,len) memset(ptr,0,len)
+
+#elif defined(NCR)
+ 
+#define CASECMPARG_T unsigned
+#define FILE_UNIX
+#define FILE_UNIX_MMAP
+#define MALLOC_POOLS
+#define NEED_STRCASECMP
+#define NEED_STRNCASECMP
+#ifndef S_ISLNK
+#define S_ISLNK(m) (((m) & S_IFMT) == S_IFLNK)
+#endif
+#define SEM_FLOCK
+#define SHMEM_UNIX_MMAP
+#define ZERO(ptr,len) memset(ptr,0,len)
+
+#elif defined(NEC)
+
+#define FILE_UNIX
+#define FILE_UNIX_MMAP
+#define MALLOC_POOLS
+#define NEED_STRCASECMP
+#define NEED_STRNCASECMP
+#ifndef S_ISLNK
+#define S_ISLNK(m) (((m) & S_IFMT) == S_IFLNK)
+#endif
+#define SEM_FLOCK
+#define SHMEM_UNIX_MMAP
+#define ZERO(ptr,len) memset(ptr,0,len)
+
+#elif defined(OSF1)
+
+#undef BSD_FLOCK
+#define FILE_UNIX
+#define FILE_UNIX_MMAP
+#define MALLOC_POOLS
+#define SEM_FLOCK
+#define SHMEM_UNIX_MMAP
+#define ZERO(ptr,len) memset(ptr,0,len)
+
+#elif defined(SCO)
+
+#define FILE_UNIX
+#define FILE_UNIX_MMAP
+#define MALLOC_POOLS
+#define SEM_FLOCK
+#define SHMEM_UNIX_MMAP
+#define ZERO(ptr,len) memset(ptr,0,len)
+
+#elif defined(SNI)
+ 
+#define CASECMPARG_T const
+#define FILE_UNIX
+#define FILE_UNIX_MMAP
+#define MALLOC_POOLS
+#define NEED_STRCASECMP
+#define NEED_STRNCASECMP
+#define SEM_FLOCK
+#define SHMEM_UNIX_MMAP
+#if 0
+#define socketpair(a,b,c,d) pipe(d)
+#endif
+#define ZERO(ptr,len) memset(ptr,0,len)
+
+#elif defined(SOLARIS) || defined (SOLARISx86)
+
+#undef	FILE_UNIX	/* avoid redefinition message */
+#define FILE_UNIX
+#define FILE_UNIX_MMAP
+#define MALLOC_POOLS
+/* The Solaris routines return ENOSPC when too many semaphores are SEM_UNDO. */
+#define SEM_FLOCK
+#define SHMEM_UNIX_MMAP
+#define ZERO(ptr,len) memset(ptr,0,len)
+
+#elif defined (SONY)
+
+#define FILE_UNIX
+#define FILE_UNIX_MMAP
+#define NEED_STRCASECMP
+#define NEED_STRNCASECMP
+#define SEM_FLOCK
+#define SHMEM_UNIX_MMAP
+#define ZERO(ptr,len) memset(ptr,0,len)
+
+#elif defined(SUNOS4)
+
+#define BSD_FLOCK
+#define FILE_UNIX
+#define FILE_UNIX_MMAP
+#define MALLOC_POOLS
+#define SEM_FLOCK
+#define SHMEM_UNIX_MMAP
+#define ZERO(ptr,len) memset(ptr,0,len)
+
+#elif defined(UNIXWARE) || defined(UnixWare)
+ 
+#define CASECMPARG_T const
+#define FILE_UNIX
+#define FILE_UNIX_MMAP
+#define MALLOC_POOLS
+#define NEED_STRCASECMP
+#define NEED_STRNCASECMP
+#ifndef S_ISLNK
+#define S_ISLNK(m) (((m) & S_IFMT) == S_IFLNK)
+#endif
+#define SEM_FLOCK
+#define SHMEM_UNIX_MMAP
+#define ZERO(ptr,len) memset(ptr,0,len)
+#define TCPLEN_T size_t
+
+#elif defined(Linux)
+
+#define FILE_UNIX
+#define FILE_UNIX_MMAP
+#define MALLOC_POOLS
+#define SEM_FLOCK
+#define SHMEM_UNIX_MMAP
+#define ZERO(ptr,len) memset(ptr,0,len)
+
+#elif defined (XP_WIN32)      /* Windows NT */
+
+#include <wtypes.h>
+#include <winbase.h>
+
+typedef void* PASSWD;
+
+#define caddr_t PCHAR
+#define CASECMPARG_T const
+#define FILE_WIN32
+#define FILE_WIN32_MMAP
+#define MALLOC_POOLS
+#define NEED_STRCASECMP
+#define NEED_STRNCASECMP
+#define NET_WINSOCK
+#define NSAPI_PUBLIC __declspec(dllexport)
+/* The stat call under NT doesn't define these macros */
+#ifndef S_ISDIR
+#define S_ISDIR(mode)   ((mode&S_IFMT) == S_IFDIR)
+#endif
+#ifndef S_ISREG
+#define S_ISREG(mode)   ((mode&S_IFMT) == S_IFREG)                             
+#endif
+#ifndef S_ISLNK
+#define S_ISLNK(x) (0)
+#endif
+#define SEM_WIN32
+#define SHMEM_WIN32_MMAP
+#define ZERO(ptr, len) ZeroMemory(ptr, len)
+
+#else
+
+#error "Missing defines in ns/netsite/include/public/base/systems.h"
+
+#endif	/* Windows NT */
+
+#ifndef NSPR_BEGIN_EXTERN_C
+#ifdef __cplusplus
+#define NSPR_BEGIN_EXTERN_C	extern "C" {
+#define NSPR_END_EXTERN_C	}
+#else
+#define NSPR_BEGIN_EXTERN_C
+#define NSPR_END_EXTERN_C
+#endif /* __cplusplus */
+#endif /* !NSPR_BEGIN_EXTERN_C */
+
+#ifndef TCPLEN_T
+#define TCPLEN_T int
+#endif
+
+#ifndef NSAPI_PUBLIC
+#define NSAPI_PUBLIC
+#endif /* !NSAPI_PUBLIC */
+
+#if defined(NEED_STRCASECMP) || defined(NEED_STRNCASECMP)
+#ifndef CASECMPARG_T
+#define CASECMPARG_T const
+#endif /* !CASECMPARG_T */
+#endif /* NEED_STRCASECMP || NEED_STRNCASECMP */
+
+#endif /* PUBLIC_BASE_SYSTEMS_H */
diff --git a/include/public/base/systhr.h b/include/public/base/systhr.h
new file mode 100644
index 00000000..d312c3b2
--- /dev/null
+++ b/include/public/base/systhr.h
@@ -0,0 +1,21 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef PUBLIC_BASE_SYSTHR_H
+#define PUBLIC_BASE_SYSTHR_H
+
+/*
+ * File:        systhr.h
+ *
+ * Description:
+ *
+ *      Deprecated include file.
+ */
+
+#ifndef PUBLIC_NSAPI_H
+#include "../nsapi.h"
+#endif /* !PUBLIC_NSAPI_H */
+
+#endif /* !PUBLIC_BASE_SYSTHR_H */
diff --git a/include/public/base/util.h b/include/public/base/util.h
new file mode 100644
index 00000000..88897e5d
--- /dev/null
+++ b/include/public/base/util.h
@@ -0,0 +1,21 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef PUBLIC_BASE_UTIL_H
+#define PUBLIC_BASE_UTIL_H
+
+/*
+ * File:        util.h
+ *
+ * Description:
+ *
+ *      Deprecated include file.
+ */
+
+#ifndef PUBLIC_NSAPI_H
+#include "../nsapi.h"
+#endif /* !PUBLIC_NSAPI_H */
+
+#endif /* PUBLIC_BASE_UTIL_H */
diff --git a/include/public/netsite.h b/include/public/netsite.h
new file mode 100644
index 00000000..4f745cc7
--- /dev/null
+++ b/include/public/netsite.h
@@ -0,0 +1,21 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef PUBLIC_NETSITE_H
+#define PUBLIC_NETSITE_H
+
+/*
+ * File:        netsite.h
+ *
+ * Description:
+ *
+ *      Deprecated include file.
+ */
+
+#ifndef PUBLIC_NSAPI_H
+#include "nsapi.h"
+#endif /* !PUBLIC_NSAPI_H */
+
+#endif /* !PUBLIC_NETSITE_H */
diff --git a/include/public/nsacl/Makefile b/include/public/nsacl/Makefile
new file mode 100644
index 00000000..e55a0d9d
--- /dev/null
+++ b/include/public/nsacl/Makefile
@@ -0,0 +1,38 @@
+#
+# BEGIN COPYRIGHT BLOCK
+# Copyright 2001 Sun Microsystems, Inc.
+# Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+#
+# Makefile for include/public/nsacl public header files
+
+MCOM_ROOT = ../../../..
+MODULE=netsiteIncludeNsacl
+
+include ../../../nsdefs.mk
+
+HDRDEST=$(OBJDIR)/include/nsacl
+
+PREFIX=copyrght.h
+
+
+NOSTDSTRIP=true
+NOSTDDEPEND=true
+
+HDRS=$(wildcard *.h)
+
+BINS=$(addprefix $(HDRDEST)/,$(HDRS))
+
+all: $(HDRDEST) $(BINS)
+
+$(HDRDEST):
+	mkdir -p $(HDRDEST)
+
+strip:
+depend:
+
+include ../../../nsconfig.mk
+
+$(HDRDEST)/%.h: %.h
+	cat $(PREFIX) $< > $(HDRDEST)/$*.h
diff --git a/include/public/nsacl/aclapi.h b/include/public/nsacl/aclapi.h
new file mode 100644
index 00000000..09068f8a
--- /dev/null
+++ b/include/public/nsacl/aclapi.h
@@ -0,0 +1,396 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef PUBLIC_NSACL_ACLAPI_H
+#define PUBLIC_NSACL_ACLAPI_H
+
+/*
+ * File:        aclapi.h
+ *
+ * Description:
+ *
+ *      This file defines the functions available in the ACL API.
+ */
+
+#ifndef PUBLIC_NSACL_NSERRDEF_H
+#include "nserrdef.h"
+#endif /* !PUBLIC_NSACL_NSERRDEF_H */
+
+#ifndef PUBLIC_BASE_POOL_H
+#include "../base/pool.h"
+#endif /* !PUBLIC_BASE_POOL_H */
+
+#ifndef PUBLIC_NSACL_PLISTDEF_H
+#include "plistdef.h"
+#endif /* !PUBLIC_NSACL_PLISTDEF_H */
+
+#ifndef PUBLIC_NSACL_ACLDEF_H
+#include "acldef.h"
+#endif /* !PUBLIC_NSACL_ACLDEF_H */
+
+NSPR_BEGIN_EXTERN_C
+
+typedef struct ACLDispatchVector ACLDispatchVector_t;
+struct ACLDispatchVector {
+
+    /* Error frame stack support */
+
+    void (*f_nserrDispose)(NSErr_t * errp);
+    NSEFrame_t *(*f_nserrFAlloc)(NSErr_t * errp);
+    void (*f_nserrFFree)(NSErr_t * errp, NSEFrame_t * efp);
+    NSEFrame_t *(*f_nserrGenerate)(NSErr_t * errp, long retcode,
+                                   long errorid, char * program,
+                                   int errc, ...);
+
+    /* Property list support 
+     * The Property List facility makes extensive use of pointers to 
+     * opaque structures.  As such, PLists cannot be marshalled.  WAI-style
+     * ACL APIs in future releases will therefore not be using PLists.
+     * However the C API documented here may continue to be supported
+     * in future releases.
+     */
+
+    int (*f_PListAssignValue)(PList_t plist, const char *pname,
+                              const void *pvalue, PList_t ptype);
+    PList_t (*f_PListCreate)(pool_handle_t *mempool,
+                             int resvprop, int maxprop, int flags);
+    int (*f_PListDefProp)(PList_t plist, int pindex, 
+                          const char *pname, const int flags);
+    const void * (*f_PListDeleteProp)(PList_t plist, int pindex,
+                                      const char *pname);
+    int (*f_PListFindValue)(PList_t plist,
+                            const char *pname, void **pvalue, PList_t *type);
+    int (*f_PListInitProp)(PList_t plist, int pindex, const char *pname,
+                           const void *pvalue, PList_t ptype);
+    PList_t (*f_PListNew)(pool_handle_t *mempool);
+    void (*f_PListDestroy)(PList_t plist);
+    int (*f_PListGetValue)(PList_t plist,
+                           int pindex, void **pvalue, PList_t *type);
+    int (*f_PListNameProp)(PList_t plist, int pindex, const char *pname);
+    int (*f_PListSetType)(PList_t plist, int pindex, PList_t type);
+    int (*f_PListSetValue)(PList_t plist,
+                           int pindex, const void *pvalue, PList_t type);
+    void (*f_PListEnumerate)(PList_t plist, PListFunc_t *user_func, 
+                             void *user_data);
+    PList_t (*f_PListDuplicate)(PList_t plist,
+                                pool_handle_t *new_mempool, int flags);
+    pool_handle_t *(*f_PListGetPool)(PList_t plist);
+
+    /* ACL attribute handling */
+
+    int (*f_ACL_LasRegister)(NSErr_t *errp, char *attr_name,
+                             LASEvalFunc_t eval_func,
+                             LASFlushFunc_t flush_func);
+
+    /* method/dbtype registration routines */
+
+    int (*f_ACL_MethodRegister)(NSErr_t *errp, const char *name,
+                                ACLMethod_t *t);
+    int (*f_ACL_MethodIsEqual)(NSErr_t *errp,
+                               const ACLMethod_t t1, const ACLMethod_t t2);
+    int (*f_ACL_MethodNameIsEqual)(NSErr_t *errp,
+                                   const ACLMethod_t t, const char *name);
+    int (*f_ACL_MethodFind)(NSErr_t *errp, const char *name, ACLMethod_t *t);
+    ACLMethod_t (*f_ACL_MethodGetDefault)(NSErr_t *errp);
+    int (*f_ACL_MethodSetDefault)(NSErr_t *errp, const ACLMethod_t t);
+    int (*f_ACL_AuthInfoGetMethod)(NSErr_t *errp,
+                                   PList_t auth_info, ACLMethod_t *t);
+
+    int (*f_ACL_DbTypeRegister)(NSErr_t *errp, const char *name,
+                                DbParseFn_t func, ACLDbType_t *t);
+    int (*f_ACL_DbTypeIsEqual)(NSErr_t *errp,
+                               const ACLDbType_t t1, const ACLDbType_t t2);
+    int (*f_ACL_DbTypeNameIsEqual)(NSErr_t * errp,
+                                   const ACLDbType_t t, const char *name);
+    int (*f_ACL_DbTypeFind)(NSErr_t *errp, const char *name, ACLDbType_t *t);
+    ACLDbType_t (*f_ACL_DbTypeGetDefault)(NSErr_t *errp);
+    int (*f_ACL_AuthInfoGetDbType)(NSErr_t *errp,
+                                   PList_t auth_info, ACLDbType_t *t);
+    int (*f_ACL_DbTypeIsRegistered)(NSErr_t *errp, const ACLDbType_t dbtype);
+    DbParseFn_t (*f_ACL_DbTypeParseFn)(NSErr_t *errp,
+                                       const ACLDbType_t dbtype);
+
+    int (*f_ACL_AttrGetterRegister)(NSErr_t *errp,
+                                    const char *attr, ACLAttrGetterFn_t fn,
+                                    ACLMethod_t m, ACLDbType_t d,
+                                    int position, void *arg);
+
+    int (*f_ACL_ModuleRegister)(NSErr_t *errp, const char *moduleName,
+                                AclModuleInitFunc func);
+    int (*f_ACL_GetAttribute)(NSErr_t *errp, const char *attr, void **val,
+                              PList_t subject, PList_t resource,
+                              PList_t auth_info, PList_t global_auth);
+    int (*f_ACL_DatabaseRegister)(NSErr_t *errp, ACLDbType_t dbtype,
+                                const char *dbname, const char *url,
+                                PList_t plist);
+    int (*f_ACL_DatabaseFind)(NSErr_t *errp, const char *dbname,
+                              ACLDbType_t *dbtype, void **db);
+    int (*f_ACL_DatabaseSetDefault)(NSErr_t *errp, const char *dbname);
+    int (*f_ACL_LDAPDatabaseHandle )(NSErr_t *errp, const char *dbname,
+                                     LDAP **ld, char **basedn);
+    int (*f_ACL_AuthInfoGetDbname)(PList_t auth_info, char **dbname);
+    int (*f_ACL_CacheFlushRegister)(AclCacheFlushFunc_t func);
+    int (*f_ACL_CacheFlush)(void);
+
+    /*  ACL language and file interfaces */
+
+    ACLListHandle_t * (*f_ACL_ParseFile)(NSErr_t *errp, char *filename);
+    ACLListHandle_t * (*f_ACL_ParseString)(NSErr_t *errp, char *buffer);
+    int (*f_ACL_WriteString)(NSErr_t *errp, char **acl,
+                             ACLListHandle_t *acllist);
+    int (*f_ACL_WriteFile)(NSErr_t *errp, char *filename,
+                           ACLListHandle_t *acllist);
+    int (*f_ACL_FileRenameAcl)(NSErr_t *errp, char *filename,
+                               char *acl_name, char *new_acl_name, int flags);
+    int (*f_ACL_FileDeleteAcl)(NSErr_t *errp, char *filename,
+                               char *acl_name, int flags);
+    int (*f_ACL_FileGetAcl)(NSErr_t *errp, char *filename,
+                            char *acl_name, char **acl_text, int flags);
+    int (*f_ACL_FileSetAcl)(NSErr_t *errp, char *filename,
+                            char *acl_text, int flags);
+
+    /*  ACL Expression construction interfaces  
+     *  These are low-level interfaces that may be useful to those who are not
+     *  using the ONE ACL syntax, but want to use the ONE ACL evaluation
+     *  routines.  By their low-level nature, future support of these APIs
+     *  cannot be guaranteed.  Use ACL_ParseFile and ACL_ParseString wherever
+     *  possible.
+     */
+
+    ACLExprHandle_t *(*f_ACL_ExprNew)(const ACLExprType_t expr_type);
+    void (*f_ACL_ExprDestroy)(ACLExprHandle_t *expr);
+    int (*f_ACL_ExprSetPFlags)(NSErr_t *errp,
+                               ACLExprHandle_t *expr, PFlags_t flags);
+    int (*f_ACL_ExprClearPFlags)(NSErr_t *errp, ACLExprHandle_t *expr);
+    int (*f_ACL_ExprTerm)(NSErr_t *errp, ACLExprHandle_t *acl_expr,
+                          char *attr_name, CmpOp_t cmp, char *attr_pattern);
+    int (*f_ACL_ExprNot)(NSErr_t *errp, ACLExprHandle_t *acl_expr);
+    int (*f_ACL_ExprAnd)(NSErr_t *errp, ACLExprHandle_t *acl_expr);
+    int (*f_ACL_ExprOr)(NSErr_t *errp, ACLExprHandle_t *acl_expr);
+    int (*f_ACL_ExprAddAuthInfo)(ACLExprHandle_t *expr, PList_t auth_info);
+    int (*f_ACL_ExprAddArg)(NSErr_t *errp, ACLExprHandle_t *expr, char *arg);
+    int (*f_ACL_ExprSetDenyWith)(NSErr_t *errp, ACLExprHandle_t *expr,
+                                 char *deny_type, char *deny_response);
+    int (*f_ACL_ExprGetDenyWith)(NSErr_t *errp, ACLExprHandle_t *expr,
+                                 char **deny_type, char **deny_response);
+    int (*f_ACL_ExprAppend)(NSErr_t *errp,
+                            ACLHandle_t *acl, ACLExprHandle_t *expr);
+
+    /* ACL manipulation */
+
+    ACLHandle_t * (*f_ACL_AclNew)(NSErr_t *errp, char *tag);
+    void (*f_ACL_AclDestroy)(NSErr_t *errp, ACLHandle_t *acl);
+
+    /* ACL list manipulation */
+
+    ACLListHandle_t * (*f_ACL_ListNew)(NSErr_t *errp);
+    int (*f_ACL_ListConcat)(NSErr_t *errp, ACLListHandle_t *acl_list1,
+                            ACLListHandle_t *acl_list2, int flags);
+    int (*f_ACL_ListAppend)(NSErr_t *errp, ACLListHandle_t *acllist,
+                            ACLHandle_t *acl, int flags);
+    void (*f_ACL_ListDestroy)(NSErr_t *errp, ACLListHandle_t *acllist);
+    ACLHandle_t * (*f_ACL_ListFind)(NSErr_t *errp, ACLListHandle_t *acllist,
+                                    char *aclname, int flags);
+    int (*f_ACL_ListAclDelete)(NSErr_t *errp, ACLListHandle_t *acl_list,
+                           char *acl_name, int flags);
+    int (*f_ACL_ListGetNameList)(NSErr_t *errp, ACLListHandle_t *acl_list,
+                                 char ***name_list);
+    int (*f_ACL_NameListDestroy)(NSErr_t *errp, char **name_list);
+
+    /* ACL evaluation */
+
+    int (*f_ACL_EvalTestRights)(NSErr_t *errp, ACLEvalHandle_t *acleval,
+                                char **rights, char **map_generic,
+                                char **deny_type, char **deny_response,
+                                char **acl_tag, int *expr_num);
+    ACLEvalHandle_t * (*f_ACL_EvalNew)(NSErr_t *errp, pool_handle_t *pool);
+    void (*f_ACL_EvalDestroy)(NSErr_t *errp,
+                              pool_handle_t *pool, ACLEvalHandle_t *acleval);
+    int (*f_ACL_EvalSetACL)(NSErr_t *errp, ACLEvalHandle_t *acleval,
+                            ACLListHandle_t *acllist);
+    PList_t (*f_ACL_EvalGetSubject)(NSErr_t *errp, ACLEvalHandle_t *acleval);
+    int (*f_ACL_EvalSetSubject)(NSErr_t *errp,
+                                ACLEvalHandle_t *acleval, PList_t subject);
+    PList_t (*f_ACL_EvalGetResource)(NSErr_t *errp, ACLEvalHandle_t *acleval);
+    int (*f_ACL_EvalSetResource)(NSErr_t *errp,
+                                 ACLEvalHandle_t *acleval, PList_t resource);
+
+    /* Access to critical section for ACL cache */
+
+    void (*f_ACL_CritEnter)(void);
+    void (*f_ACL_CritExit)(void);
+
+    /* Miscellaneous functions */
+    const char * (*f_ACL_AclGetTag)(ACLHandle_t *acl);
+    ACLHandle_t * (*f_ACL_ListGetFirst)(ACLListHandle_t *acl_list,
+                                        ACLListEnum_t *acl_enum);
+    ACLHandle_t * (*f_ACL_ListGetNext)(ACLListHandle_t *acl_list,
+                                       ACLListEnum_t *acl_enum);
+
+    /* Functions added after ES 3.0 release */
+    const char * (*f_ACL_DatabaseGetDefault)(NSErr_t *errp);
+    int (*f_ACL_SetDefaultResult)(NSErr_t *errp, ACLEvalHandle_t *acleval,
+				  int result);
+    int (*f_ACL_GetDefaultResult)(ACLEvalHandle_t *acleval);
+};
+
+#ifdef XP_WIN32
+
+#ifdef INTNSACL
+NSAPI_PUBLIC extern ACLDispatchVector_t *__nsacl_table;
+#else
+__declspec(dllimport) ACLDispatchVector_t *__nsacl_table;
+#endif /* INTNSACL */
+
+#else /* !XP_WIN32 */
+
+NSAPI_PUBLIC extern ACLDispatchVector_t *__nsacl_table;
+
+#endif /* XP_WIN32 */
+
+#ifndef INTNSACL
+
+#define nserrDispose (*__nsacl_table->f_nserrDispose)
+#define nserrFAlloc (*__nsacl_table->f_nserrFAlloc)
+#define nserrFFree (*__nsacl_table->f_nserrFFree)
+#define nserrGenerate (*__nsacl_table->f_nserrGenerate)
+
+    /* Property list support 
+     * The Property List facility makes extensive use of pointers to 
+     * opaque structures.  As such, PLists cannot be marshalled.  WAI-style
+     * ACL APIs in future releases will therefore not be using PLists.
+     * However the C API documented here may continue to be supported
+     * in future releases.
+     */
+
+#define PListAssignValue (*__nsacl_table->f_PListAssignValue)
+#define PListCreate (*__nsacl_table->f_PListCreate)
+#define PListDefProp (*__nsacl_table->f_PListDefProp)
+#define PListDeleteProp (*__nsacl_table->f_PListDeleteProp)
+#define PListFindValue (*__nsacl_table->f_PListFindValue)
+#define PListInitProp (*__nsacl_table->f_PListInitProp)
+#define PListNew (*__nsacl_table->f_PListNew)
+#define PListDestroy (*__nsacl_table->f_PListDestroy)
+#define PListGetValue (*__nsacl_table->f_PListGetValue)
+#define PListNameProp (*__nsacl_table->f_PListNameProp)
+#define PListSetType (*__nsacl_table->f_PListSetType)
+#define PListSetValue (*__nsacl_table->f_PListSetValue)
+#define PListEnumerate (*__nsacl_table->f_PListEnumerate)
+#define PListDuplicate (*__nsacl_table->f_PListDuplicate)
+#define PListGetPool (*__nsacl_table->f_PListGetPool)
+
+    /* ACL attribute handling */
+
+#define ACL_LasRegister (*__nsacl_table->f_ACL_LasRegister)
+
+    /* method/dbtype registration routines */
+
+#define ACL_MethodRegister (*__nsacl_table->f_ACL_MethodRegister)
+#define ACL_MethodIsEqual (*__nsacl_table->f_ACL_MethodIsEqual)
+#define ACL_MethodNameIsEqual (*__nsacl_table->f_ACL_MethodNameIsEqual)
+#define ACL_MethodFind (*__nsacl_table->f_ACL_MethodFind)
+#define ACL_MethodGetDefault (*__nsacl_table->f_ACL_MethodGetDefault)
+#define ACL_MethodSetDefault (*__nsacl_table->f_ACL_MethodSetDefault)
+#define ACL_AuthInfoGetMethod (*__nsacl_table->f_ACL_AuthInfoGetMethod)
+#define ACL_DbTypeRegister (*__nsacl_table->f_ACL_DbTypeRegister)
+#define ACL_DbTypeIsEqual (*__nsacl_table->f_ACL_DbTypeIsEqual)
+#define ACL_DbTypeNameIsEqual (*__nsacl_table->f_ACL_DbTypeNameIsEqual)
+#define ACL_DbTypeFind (*__nsacl_table->f_ACL_DbTypeFind)
+#define ACL_DbTypeGetDefault (*__nsacl_table->f_ACL_DbTypeGetDefault)
+#define ACL_AuthInfoGetDbType (*__nsacl_table->f_ACL_AuthInfoGetDbType)
+#define ACL_DbTypeIsRegistered (*__nsacl_table->f_ACL_DbTypeIsRegistered)
+#define ACL_DbTypeParseFn (*__nsacl_table->f_ACL_DbTypeParseFn)
+#define ACL_AttrGetterRegister (*__nsacl_table->f_ACL_AttrGetterRegister)
+#define ACL_ModuleRegister (*__nsacl_table->f_ACL_ModuleRegister)
+#define ACL_GetAttribute (*__nsacl_table->f_ACL_GetAttribute)
+#define ACL_DatabaseRegister (*__nsacl_table->f_ACL_DatabaseRegister)
+#define ACL_DatabaseFind (*__nsacl_table->f_ACL_DatabaseFind)
+#define ACL_DatabaseSetDefault (*__nsacl_table->f_ACL_DatabaseSetDefault)
+#define ACL_LDAPDatabaseHandle  (*__nsacl_table->f_ACL_LDAPDatabaseHandle)
+#define ACL_AuthInfoGetDbname (*__nsacl_table->f_ACL_AuthInfoGetDbname)
+#define ACL_CacheFlushRegister (*__nsacl_table->f_ACL_CacheFlushRegister)
+#define ACL_CacheFlush (*__nsacl_table->f_ACL_CacheFlush)
+
+    /*  ACL language and file interfaces */
+
+#define ACL_ParseFile (*__nsacl_table->f_ACL_ParseFile)
+#define ACL_ParseString (*__nsacl_table->f_ACL_ParseString)
+#define ACL_WriteString (*__nsacl_table->f_ACL_WriteString)
+#define ACL_WriteFile (*__nsacl_table->f_ACL_WriteFile)
+#define ACL_FileRenameAcl (*__nsacl_table->f_ACL_FileRenameAcl)
+#define ACL_FileDeleteAcl (*__nsacl_table->f_ACL_FileDeleteAcl)
+#define ACL_FileGetAcl (*__nsacl_table->f_ACL_FileGetAcl)
+#define ACL_FileSetAcl (*__nsacl_table->f_ACL_FileSetAcl)
+
+    /*  ACL Expression construction interfaces  
+     *  These are low-level interfaces that may be useful to those who are not
+     *  using the ONE ACL syntax, but want to use the ONE ACL evaluation
+     *  routines.  By their low-level nature, future support of these APIs
+     *  cannot be guaranteed.  Use ACL_ParseFile and ACL_ParseString wherever
+     *  possible.
+     */
+
+#define ACL_ExprNew (*__nsacl_table->f_ACL_ExprNew)
+#define ACL_ExprDestroy (*__nsacl_table->f_ACL_ExprDestroy)
+#define ACL_ExprSetPFlags (*__nsacl_table->f_ACL_ExprSetPFlags)
+#define ACL_ExprClearPFlags (*__nsacl_table->f_ACL_ExprClearPFlags)
+#define ACL_ExprTerm (*__nsacl_table->f_ACL_ExprTerm)
+#define ACL_ExprNot (*__nsacl_table->f_ACL_ExprNot)
+#define ACL_ExprAnd (*__nsacl_table->f_ACL_ExprAnd)
+#define ACL_ExprOr (*__nsacl_table->f_ACL_ExprOr)
+#define ACL_ExprAddAuthInfo (*__nsacl_table->f_ACL_ExprAddAuthInfo)
+#define ACL_ExprAddArg (*__nsacl_table->f_ACL_ExprAddArg)
+#define ACL_ExprSetDenyWith (*__nsacl_table->f_ACL_ExprSetDenyWith)
+#define ACL_ExprGetDenyWith (*__nsacl_table->f_ACL_ExprGetDenyWith)
+#define ACL_ExprAppend (*__nsacl_table->f_ACL_ExprAppend)
+
+    /* ACL manipulation */
+
+#define ACL_AclNew (*__nsacl_table->f_ACL_AclNew)
+#define ACL_AclDestroy (*__nsacl_table->f_ACL_AclDestroy)
+
+    /* ACL list manipulation */
+
+#define ACL_ListNew (*__nsacl_table->f_ACL_ListNew)
+#define ACL_ListConcat (*__nsacl_table->f_ACL_ListConcat)
+#define ACL_ListAppend (*__nsacl_table->f_ACL_ListAppend)
+#define ACL_ListDestroy (*__nsacl_table->f_ACL_ListDestroy)
+#define ACL_ListFind (*__nsacl_table->f_ACL_ListFind)
+#define ACL_ListAclDelete (*__nsacl_table->f_ACL_ListAclDelete)
+#define ACL_ListGetNameList (*__nsacl_table->f_ACL_ListGetNameList)
+#define ACL_NameListDestroy (*__nsacl_table->f_ACL_NameListDestroy)
+
+    /* ACL evaluation */
+
+#define ACL_EvalTestRights (*__nsacl_table->f_ACL_EvalTestRights)
+#define ACL_EvalNew (*__nsacl_table->f_ACL_EvalNew)
+#define ACL_EvalDestroy (*__nsacl_table->f_ACL_EvalDestroy)
+#define ACL_EvalSetACL (*__nsacl_table->f_ACL_EvalSetACL)
+#define ACL_EvalGetSubject (*__nsacl_table->f_ACL_EvalGetSubject)
+#define ACL_EvalSetSubject (*__nsacl_table->f_ACL_EvalSetSubject)
+#define ACL_EvalGetResource (*__nsacl_table->f_ACL_EvalGetResource)
+#define ACL_EvalSetResource (*__nsacl_table->f_ACL_EvalSetResource)
+
+    /* Access to critical section for ACL cache */
+
+#define ACL_CritEnter (*__nsacl_table->f_ACL_CritEnter)
+#define ACL_CritExit (*__nsacl_table->f_ACL_CritExit)
+
+    /* Miscellaneous functions */
+
+#define ACL_AclGetTag (*__nsacl_table->f_ACL_AclGetTag)
+#define ACL_ListGetFirst (*__nsacl_table->f_ACL_ListGetFirst)
+#define ACL_ListGetNext (*__nsacl_table->f_ACL_ListGetNext)
+
+    /* Functions added after ES 3.0 release */
+#define ACL_DatabaseGetDefault (*__nsacl_table->f_ACL_DatabaseGetDefault)
+#define ACL_SetDefaultResult (*__nsacl_table->f_ACL_SetDefaultResult)
+#define ACL_GetDefaultResult (*__nsacl_table->f_ACL_GetDefaultResult)
+
+#endif /* !INTNSACL */
+
+NSPR_END_EXTERN_C
+
+#endif /* !PUBLIC_NSACL_ACLAPI_H */
diff --git a/include/public/nsacl/acldef.h b/include/public/nsacl/acldef.h
new file mode 100644
index 00000000..c5eb1d09
--- /dev/null
+++ b/include/public/nsacl/acldef.h
@@ -0,0 +1,465 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef PUBLIC_NSACL_ACLDEF_H
+#define PUBLIC_NSACL_ACLDEF_H
+
+/*
+ * File:        acldef.h
+ *
+ * Description:
+ *
+ *      This file contains constant and type definitions for the ACL API.
+ */
+
+#ifndef PUBLIC_NSACL_NSERRDEF_H
+#include "nserrdef.h"
+#endif /* !PUBLIC_NSACL_NSERRDEF_H */
+
+#ifndef PUBLIC_NSACL_PLISTDEF_H
+#include "plistdef.h"
+#endif /* !PUBLIC_NSACL_PLISTDEF_H */
+
+NSPR_BEGIN_EXTERN_C
+
+/*
+ * Type:        ACLCachable_t
+ *
+ * Description:
+ *
+ *      This type is used to specify whether and how long something
+ *      may be safely cached.  A value of zero (ACL_NOT_CACHABLE)
+ *      indicates that the item is not cachable.  Any other value is
+ *      a time, in seconds since 00:00:00 UTC, January 1, 1970, after
+ *      which the cached information should be discarded.
+ */
+
+typedef unsigned long ACLCachable_t;
+
+#define ACL_NOT_CACHABLE        0
+#define ACL_INDEF_CACHABLE      ((unsigned long)(-1))
+
+/*
+ * Type:        ACLListHandle_t
+ *
+ * Description:
+ *
+ *      This type represents a list of ACLs in their in-memory form.
+ */
+
+typedef struct ACLListHandle ACLListHandle_t;
+
+/* The object has been checked for ACLs and has none attached */
+#define	ACL_LIST_NO_ACLS	((ACLListHandle_t *)-1)
+
+/*
+ * Type:        ACLHandle_t
+ *
+ * Description:
+ *
+ *      This type represents the in-memory form of an ACL.
+ */
+
+typedef struct ACLHandle ACLHandle_t;
+
+/*
+ * Type:        ACLListEnum_t
+ *
+ * Description:
+ *
+ *      This type contains the state of an ACL list enumeration.
+ */
+
+typedef void *ACLListEnum_t;
+
+/*
+ * Type:        ACLExprHandle_t
+ *
+ * Description:
+ *
+ *      This type represents a single ACL entry, e.g. allow, deny, etc.
+ */
+
+typedef struct ACLExprHandle ACLExprHandle_t;
+
+/*
+ * Type:        ACLEvalHandle_t
+ *
+ * Description:
+ *
+ *      This type represents an ACL evaluation context, which includes
+ *      an ACL list and property lists for the subject and resource.
+ */
+
+typedef struct ACLEvalHandle ACLEvalHandle_t;
+
+/*
+ * Type:        PFlags_t
+ *
+ * Description:
+ *
+ *      This type represents a set of processing flags for an ACL entry.
+ */
+typedef int PFlags_t;
+
+#define ACL_PFLAG_ABSOLUTE  	0x1
+#define ACL_PFLAG_TERMINAL  	0x2
+#define ACL_PFLAG_CONTENT  	0x4
+
+#define IS_ABSOLUTE(x)		((x) & ACL_PFLAG_ABSOLUTE)
+#define IS_STATIC(x)		((x) & ACL_PFLAG_STATIC)
+#define IS_CONTENT(x)		((x) & ACL_PFLAG_CONTENT)
+
+/*
+ * Type:        CmpOp_t
+ *
+ * Description:
+ *
+ *      This type represents a comparison operator in an ACL attribute
+ *      expression.
+ */
+typedef enum	{
+		CMP_OP_EQ,
+		CMP_OP_NE,
+		CMP_OP_GT,
+		CMP_OP_LT,
+		CMP_OP_GE,
+		CMP_OP_LE
+		} CmpOp_t;
+
+/*
+ * Type:        ACLExprType_t
+ *
+ * Description:
+ *
+ *      This type represents the type of an ACL entry.
+ */
+typedef enum 	{
+		ACL_EXPR_TYPE_ALLOW,
+		ACL_EXPR_TYPE_DENY,
+		ACL_EXPR_TYPE_AUTH,
+		ACL_EXPR_TYPE_RESPONSE
+		} ACLExprType_t;
+
+/*
+ * Type:        ACLEvalRes_t
+ *
+ * Description:
+ *
+ *      This type represents the result of ACL evaluation.
+ */
+typedef enum	{
+		ACL_RES_ALLOW,
+		ACL_RES_DENY,
+		ACL_RES_FAIL,
+		ACL_RES_INVALID,
+		ACL_RES_NONE
+		} ACLEvalRes_t;
+
+/*
+ * Type:        ACLMethod_t
+ *
+ * Description:
+ *
+ *      This type represents a reference to an authentication method.
+ */
+typedef	void * ACLMethod_t;
+
+#define	ACL_METHOD_ANY		((ACLMethod_t)-1)
+#define	ACL_METHOD_INVALID	((ACLMethod_t)-2)
+
+/*
+ * Type:        ACLDbType_t
+ *
+ * Description:
+ *
+ *      This type represents a reference to a type of authentication
+ *      database.
+ */
+typedef	void * ACLDbType_t;
+
+#define	ACL_DBTYPE_ANY		((ACLDbType_t)-1)
+#define	ACL_DBTYPE_INVALID	((ACLDbType_t)-2)
+
+/*
+ * Type:        ACLAttrGetterFn_t
+ *
+ * Description:
+ *
+ *      This type describes a kind of callback function that obtains
+ *      a value for an ACL attribute and enters the attribute and value
+ *      into the subject property list.
+ */
+typedef int (*ACLAttrGetterFn_t)(NSErr_t *errp, PList_t subject,
+                                 PList_t resource, PList_t auth_info,
+                                 PList_t global_auth, void *arg);
+
+typedef struct ACLAttrGetter ACLAttrGetter_t;
+typedef void *ACLAttrGetterList_t;
+
+/*
+ * Type:        AclModuleInitFunc
+ *
+ * Description:
+ *
+ *      This type describes a kind of callback function that is
+ *      specified to ACL_ModuleRegister() and called from there.
+ *	The function should return 0 on success and non-zero on
+ *	failure.
+ */
+typedef int (*AclModuleInitFunc)(NSErr_t *errp);
+
+/*
+ * Type:        DbParseFn_t
+ *
+ * Description:
+ *
+ *      This type describes a kind of callback function that parses
+ *      a reference to an authentication database of a particular
+ *      database type.  It is called when ACL_DatabaseRegister() is
+ *      called for a database which is that database type.
+ *	The function should return 0 on success and non-zero on
+ *	failure.
+ */
+typedef int (*DbParseFn_t)(NSErr_t *errp, ACLDbType_t dbtype,
+			   const char *name, const char *url,
+			   PList_t plist, void **db);
+
+/*
+ * Type:        AclCacheFlushFunc_t
+ *
+ * Description:
+ *
+ *      This type describes a kind of callback function that is called
+ *      when ACL_CacheFlush() is called.
+ */
+typedef int (*AclCacheFlushFunc_t)(void);
+
+/*
+ * Type:        LASEvalFunc_t
+ *
+ * Description:
+ *
+ *      This type describes a kind of callback function that is called
+ *      to evaluate an attribute value expression in an ACL statement.
+ */
+typedef int (*LASEvalFunc_t)(NSErr_t *errp, char *attr_name,
+                             CmpOp_t comparator, char *attr_pattern,
+                             ACLCachable_t *cachable, void **cookie,
+                             PList_t subject, PList_t resource,
+                             PList_t auth_info, PList_t global_auth);
+
+/*
+ * Type:        LASFlushFunc_t
+ *
+ * Description:
+ *
+ *      This type describes a kind of callback function that is called
+ *      when a previously cached LAS cookie is being flushed from
+ *      the ACL cache.
+ */
+typedef void (*LASFlushFunc_t)(void **cookie);
+
+/*
+ * Type:        LDAP
+ *
+ * Description:
+ *
+ *      This is an opaque type that represents an open LDAP connection.
+ *      It is used mostly via the LDAP SDK API.
+ *	Include the <ldap.h> file before including this file if you wish to
+ *	use the function ACL_LDAPDatabaseHandle.
+ */
+#ifndef _LDAP_H
+typedef struct ldap LDAP;
+#endif /* _LDAP_H */
+
+
+/*  Flags to ACL_ListFind  */
+#define ACL_CASE_INSENSITIVE	 0x1
+#define ACL_CASE_SENSITIVE	 0x2
+
+#define	ACL_MAX_TEST_RIGHTS	32
+#define	ACL_MAX_GENERIC		32
+
+/*
+ * ACLERRFAIL -- Use this as an 'retcode' argument to nserrGenerate.
+ */
+#define ACLERRFAIL	-11
+
+
+/*
+ *	Command values for the "position" argument to ACL_RegisterGetter
+ *	Any positive >0 value is the specific position in the list to insert
+ *	the new function.
+ */
+#define	ACL_AT_FRONT		0
+#define	ACL_AT_END		-1
+#define	ACL_REPLACE_ALL 	-2
+#define	ACL_REPLACE_MATCHING	-3
+
+#define ACL_ATTR_GROUP          "group"
+#define ACL_ATTR_GROUP_INDEX		1
+#define ACL_ATTR_RAW_USER_LOGIN "user-login"
+#define ACL_ATTR_RAW_USER_LOGIN_INDEX	2
+#define ACL_ATTR_AUTH_USER	"auth-user"
+#define ACL_ATTR_AUTH_USER_INDEX	3
+#define ACL_ATTR_AUTH_TYPE	"auth-type"
+#define ACL_ATTR_AUTH_TYPE_INDEX	4
+#define ACL_ATTR_AUTH_DB	"auth-db"
+#define ACL_ATTR_AUTH_DB_INDEX		5
+#define ACL_ATTR_AUTH_PASSWORD  "auth-password"
+#define ACL_ATTR_AUTH_PASSWORD_INDEX	6
+#define ACL_ATTR_USER	        "user"
+#define ACL_ATTR_USER_INDEX		7
+#define ACL_ATTR_PASSWORD	"pw"
+#define ACL_ATTR_PASSWORD_INDEX		8
+#define ACL_ATTR_USERDN	        "userdn"
+#define ACL_ATTR_USERDN_INDEX		9
+#define ACL_ATTR_RAW_USER	"raw-user"
+#define ACL_ATTR_RAW_USER_INDEX		10
+#define ACL_ATTR_RAW_PASSWORD   "raw-pw"
+#define ACL_ATTR_RAW_PASSWORD_INDEX	11
+#define ACL_ATTR_USER_ISMEMBER  "user-ismember"
+#define ACL_ATTR_USER_ISMEMBER_INDEX	12
+#define ACL_ATTR_DATABASE	"database"
+#define ACL_ATTR_DATABASE_INDEX		13
+#define ACL_ATTR_DBTYPE	        "dbtype"
+#define ACL_ATTR_DBTYPE_INDEX		14
+#define ACL_ATTR_DBNAME	        "dbname"
+#define ACL_ATTR_DBNAME_INDEX		15
+#define ACL_ATTR_DATABASE_URL   "url"
+#define ACL_ATTR_DATABASE_URL_INDEX	16
+#define ACL_ATTR_METHOD	        "method"
+#define ACL_ATTR_METHOD_INDEX		17
+#define ACL_ATTR_AUTHTYPE	"authtype"
+#define ACL_ATTR_AUTHTYPE_INDEX		18
+#define ACL_ATTR_AUTHORIZATION  "authorization"
+#define ACL_ATTR_AUTHORIZATION_INDEX	19
+#define ACL_ATTR_PARSEFN	"parsefn"
+#define ACL_ATTR_PARSEFN_INDEX		20
+#define ACL_ATTR_ATTRIBUTE	"attr"
+#define ACL_ATTR_ATTRIBUTE_INDEX	21
+#define ACL_ATTR_GETTERFN	"getterfunc"
+#define ACL_ATTR_GETTERFN_INDEX		22
+#define ACL_ATTR_IP		"ip"
+#define ACL_ATTR_IP_INDEX		23
+#define ACL_ATTR_DNS	        "dns"
+#define ACL_ATTR_DNS_INDEX		24
+#define ACL_ATTR_MODULE	        "module"
+#define ACL_ATTR_MODULE_INDEX		25
+#define ACL_ATTR_MODULEFUNC	"func"
+#define ACL_ATTR_MODULEFUNC_INDEX	26
+#define ACL_ATTR_GROUPS	        "groups"
+#define ACL_ATTR_GROUPS_INDEX		27
+#define ACL_ATTR_IS_VALID_PASSWORD "isvalid-password"
+#define ACL_ATTR_IS_VALID_PASSWORD_INDEX	28
+#define ACL_ATTR_CERT2USER	"cert2user"
+#define ACL_ATTR_CERT2USER_INDEX	29
+#define ACL_ATTR_USER_CERT	"cert"
+#define ACL_ATTR_USER_CERT_INDEX	30
+#define ACL_ATTR_PROMPT	        "prompt"
+#define ACL_ATTR_PROMPT_INDEX		31
+#define ACL_ATTR_TIME	        "time"
+#define ACL_ATTR_TIME_INDEX		32
+#define ACL_ATTR_USERS_GROUP    "users-group"
+#define ACL_ATTR_USERS_GROUP_INDEX	33
+#define	ACL_ATTR_SESSION		"session"       /* subject property */
+#define ACL_ATTR_SESSION_INDEX		34
+#define	ACL_ATTR_REQUEST		"request"       /* resource property */
+#define ACL_ATTR_REQUEST_INDEX		35
+#define ACL_ATTR_ERROR		"error"
+#define	ACL_ATTR_ERROR_INDEX		36
+#define ACL_ATTR_PROGRAMS		"programs"      /* resource property */
+#define	ACL_ATTR_PROGRAMS_INDEX		37
+#define ACL_ATTR_ACCEL_AUTH		"accel-authorization"
+#define ACL_ATTR_ACCEL_AUTH_INDEX	38
+#define ACL_ATTR_WWW_AUTH_PROMPT	"www-auth-prompt"
+#define ACL_ATTR_WWW_AUTH_PROMPT_INDEX	39
+#define ACL_ATTR_OWNER			"owner"
+#define ACL_ATTR_OWNER_INDEX		40
+#define ACL_ATTR_IS_OWNER		"is-owner"
+#define ACL_ATTR_IS_OWNER_INDEX		41
+#define ACL_ATTR_CACHED_USER		"cached-user"
+#define ACL_ATTR_CACHED_USER_INDEX	42
+#define ACL_ATTR_USER_EXISTS		"user-exists"
+#define ACL_ATTR_USER_EXISTS_INDEX	43
+
+/*	Must be 1 larger than the highest index used	*/
+#define	ACL_ATTR_INDEX_MAX		44
+
+#ifdef	ALLOCATE_ATTR_TABLE
+/* Must be in the same order as the index numbers */
+char	*ACLAttrTable[] = {
+		 NULL,				/*  0 */
+/* Don't have one numbered 0 */
+		 ACL_ATTR_GROUP,		/*  1 */
+		 ACL_ATTR_RAW_USER_LOGIN,	/*  2 */
+		 ACL_ATTR_AUTH_USER,		/*  3 */
+		 ACL_ATTR_AUTH_TYPE,		/*  4 */
+		 ACL_ATTR_AUTH_DB,		/*  5 */
+		 ACL_ATTR_AUTH_PASSWORD,	/*  6 */
+		 ACL_ATTR_USER,			/*  7 */
+		 ACL_ATTR_PASSWORD,		/*  8 */
+		 ACL_ATTR_USERDN,		/*  9 */
+		 ACL_ATTR_RAW_USER,		/* 10 */
+		 ACL_ATTR_RAW_PASSWORD,		/* 11 */
+		 ACL_ATTR_USER_ISMEMBER,	/* 12 */
+		 ACL_ATTR_DATABASE,		/* 13 */
+		 ACL_ATTR_DBTYPE,		/* 14 */
+		 ACL_ATTR_DBNAME,		/* 15 */
+		 ACL_ATTR_DATABASE_URL,		/* 16 */
+		 ACL_ATTR_METHOD,		/* 17 */
+		 ACL_ATTR_AUTHTYPE,		/* 18 */
+		 ACL_ATTR_AUTHORIZATION,	/* 19 */
+		 ACL_ATTR_PARSEFN,		/* 20 */
+		 ACL_ATTR_ATTRIBUTE,		/* 21 */
+		 ACL_ATTR_GETTERFN,		/* 22 */
+		 ACL_ATTR_IP,			/* 23 */
+		 ACL_ATTR_DNS,			/* 24 */
+		 ACL_ATTR_MODULE,		/* 25 */
+		 ACL_ATTR_MODULEFUNC,		/* 26 */
+		 ACL_ATTR_GROUPS,		/* 27 */
+		 ACL_ATTR_IS_VALID_PASSWORD,	/* 28 */
+		 ACL_ATTR_CERT2USER,		/* 29 */
+		 ACL_ATTR_USER_CERT,		/* 30 */
+		 ACL_ATTR_PROMPT,		/* 31 */
+		 ACL_ATTR_TIME,			/* 32 */
+		 ACL_ATTR_USERS_GROUP,		/* 33 */
+		 ACL_ATTR_SESSION,		/* 34 */
+		 ACL_ATTR_REQUEST,		/* 35 */
+		 ACL_ATTR_ERROR,		/* 36 */
+		 ACL_ATTR_PROGRAMS,		/* 37 */
+		 ACL_ATTR_ACCEL_AUTH,		/* 38 */
+		 ACL_ATTR_WWW_AUTH_PROMPT,	/* 39 */
+		 ACL_ATTR_OWNER,		/* 40 */
+		 ACL_ATTR_IS_OWNER,		/* 41 */
+		 ACL_ATTR_CACHED_USER,		/* 42 */
+		 ACL_ATTR_USER_EXISTS		/* 43 */
+};
+#endif
+
+
+#define ACL_DBTYPE_LDAP         "ldap"
+
+#define METHOD_DEFAULT          "default"
+
+/*  Errors must be < 0 */
+#define ACL_RES_ERROR      	-1
+
+/* LAS return codes - Must all be negative numbers */
+#define	LAS_EVAL_TRUE		-1
+#define	LAS_EVAL_FALSE		-2
+#define	LAS_EVAL_DECLINE	-3
+#define	LAS_EVAL_FAIL		-4
+#define	LAS_EVAL_INVALID	-5
+#define	LAS_EVAL_NEED_MORE_INFO	-6
+
+/* Max pathlength.  Intended to match REQ_MAX_LEN */
+#define ACL_PATH_MAX	4096
+
+NSPR_END_EXTERN_C
+
+#endif /* !PUBLIC_NSACL_ACLDEF_H */
diff --git a/include/public/nsacl/copyrght.h b/include/public/nsacl/copyrght.h
new file mode 100644
index 00000000..4f8ec167
--- /dev/null
+++ b/include/public/nsacl/copyrght.h
@@ -0,0 +1,6 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
diff --git a/include/public/nsacl/nserrdef.h b/include/public/nsacl/nserrdef.h
new file mode 100644
index 00000000..81748227
--- /dev/null
+++ b/include/public/nsacl/nserrdef.h
@@ -0,0 +1,100 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef PUBLIC_NSACL_NSERRDEF_H
+#define PUBLIC_NSACL_NSERRDEF_H
+
+/*
+ * Type:        NSEFrame_t
+ *
+ * Description:
+ *
+ *	This type describes the structure of an error frame.  An error
+ *	frame contains the following items:
+ *
+ *	ef_retcode	- This is a copy of the traditional error code,
+ *			  as might be returned as a function value to
+ *			  indicate an error.  The purpose of the error
+ *			  code is to provide the caller of a function
+ *			  with sufficient information to determine how
+ *			  to process the error.  That is, it does not
+ *			  need to identify a specific error, but only
+ *			  has to distinguish between classes of errors
+ *			  as needed by the caller to respond differently.
+ *			  Usually this should be a small number of values.
+ *
+ *	ef_errorid	- This is an integer identifier which uniquely
+ *			  identifies errors in a module or library.
+ *			  That is, there should be only one place in
+ *			  the source code of the module or library which
+ *			  generates a particular error id.  The error id
+ *			  is used to select an error message in an error
+ *			  message file.
+ *
+ *	ef_program	- This is a pointer to a string which identifies
+ *			  the module or library context of ef_errorid.
+ *			  The string is used to construct the name of
+ *			  the message file in which an error message for
+ *			  ef_errorid can be found.
+ *
+ *	ef_errc		- This is the number of values stored in ef_errc[]
+ *			  for the current error id.
+ *
+ *	ef_errv		- This is an array of strings which are relevant
+ *			  to a particular error id.  These strings can
+ *			  be included in an error message retrieved from
+ *			  a message file.  The strings in a message file
+ *			  can contain "%s" sprintf() format codes.  The
+ *			  ef_errv[] strings are passed to sprintf() along
+ *			  with the error message string.
+ */
+
+#define NSERRMAXARG	8	/* size of ef_errv[] */
+
+typedef struct NSEFrame_s NSEFrame_t;
+struct NSEFrame_s {
+    NSEFrame_t * ef_next;	/* next error frame on NSErr_t list */
+    long ef_retcode;		/* error return code */
+    long ef_errorid;		/* error unique identifier */
+    char * ef_program;		/* context for ef_errorid */
+    int ef_errc;		/* number of strings in ef_errv[] */
+    char * ef_errv[NSERRMAXARG];/* arguments for formatting error message */
+};
+
+/*
+ * Description (NSErr_t)
+ *
+ *	This type describes the structure of a header for a list of
+ *	error frames.  The header contains a pointer to the first
+ *	and last error frames on the list.  The first error frame
+ *	is normally the one most recently generated, which usually
+ *	represents the highest-level interpretation available for an
+ *	error that is propogating upward in a call chain.  These
+ *	structures are generally allocated as automatic or static
+ *	variables.
+ */
+
+typedef struct NSErr_s NSErr_t;
+struct NSErr_s {
+    NSEFrame_t * err_first;			/* first error frame */
+    NSEFrame_t * err_last;			/* last error frame */
+    NSEFrame_t *(*err_falloc)(NSErr_t * errp);	/* error frame allocator */
+    void (*err_ffree)(NSErr_t * errp,
+		      NSEFrame_t * efp);	/* error frame deallocator */
+};
+
+/* Define an initializer for an NSErr_t */
+#define NSERRINIT	{ 0, 0, 0, 0 }
+
+#ifndef INTNSACL
+
+#define nserrDispose (*__nsacl_table->f_nserrDispose)
+#define nserrFAlloc (*__nsacl_table->f_nserrFAlloc)
+#define nserrFFree (*__nsacl_table->f_nserrFFree)
+#define nserrGenerate (*__nsacl_table->f_nserrGenerate)
+
+#endif /* !INTNSACL */
+
+#endif /* !PUBLIC_NSACL_NSERRDEF_H */
diff --git a/include/public/nsacl/plistdef.h b/include/public/nsacl/plistdef.h
new file mode 100644
index 00000000..f3e804ee
--- /dev/null
+++ b/include/public/nsacl/plistdef.h
@@ -0,0 +1,62 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef PUBLIC_NSACL_PLISTDEF_H
+#define PUBLIC_NSACL_PLISTDEF_H
+
+/*
+ * File:        plistdef.h
+ *
+ * Description:
+ *
+ *      This file defines the interface to property lists.  Property
+ *      lists are a generalization of parameter blocks (pblocks).
+ */
+
+#ifndef PUBLIC_BASE_POOL_H
+#include "../base/pool.h"
+#endif /* !PUBLIC_BASE_POOL_H */
+
+typedef struct PListStruct_s *PList_t;
+
+/* Define error codes returned from property list routines */
+
+#define ERRPLINVPI      -1      /* invalid property index */
+#define ERRPLEXIST      -2      /* property already exists */
+#define ERRPLFULL       -3      /* property list is full */
+#define ERRPLNOMEM      -4      /* insufficient dynamic memory */
+#define ERRPLUNDEF      -5      /* undefined property name */
+
+#define PLFLG_OLD_MPOOL	0	/* use the plist memory pool */
+#define PLFLG_NEW_MPOOL	1	/* use the input memory pool */
+#define PLFLG_IGN_RES	2	/* ignore the reserved properties */
+#define PLFLG_USE_RES	3	/* use the reserved properties */
+
+#ifdef __cplusplus
+typedef void (PListFunc_t)(char*, const void*, void*);
+#else
+typedef void (PListFunc_t)();
+#endif
+
+#ifndef INTNSACL
+#define PListAssignValue (*__nsacl_table->f_PListAssignValue)
+#define PListCreate (*__nsacl_table->f_PListCreate)
+#define PListDefProp (*__nsacl_table->f_PListDefProp)
+#define PListDeleteProp (*__nsacl_table->f_PListDeleteProp)
+#define PListFindValue (*__nsacl_table->f_PListFindValue)
+#define PListInitProp (*__nsacl_table->f_PListInitProp)
+#define PListNew (*__nsacl_table->f_PListNew)
+#define PListDestroy (*__nsacl_table->f_PListDestroy)
+#define PListGetValue (*__nsacl_table->f_PListGetValue)
+#define PListNameProp (*__nsacl_table->f_PListNameProp)
+#define PListSetType (*__nsacl_table->f_PListSetType)
+#define PListSetValue (*__nsacl_table->f_PListSetValue)
+#define PListEnumerate (*__nsacl_table->f_PListEnumerate)
+#define PListDuplicate (*__nsacl_table->f_PListDuplicate)
+#define PListGetPool (*__nsacl_table->f_PListGetPool)
+
+#endif /* !INTNSACL */
+
+#endif /* !PUBLIC_NSACL_PLISTDEF_H */
diff --git a/include/public/nsapi.h b/include/public/nsapi.h
new file mode 100644
index 00000000..3544fd20
--- /dev/null
+++ b/include/public/nsapi.h
@@ -0,0 +1,3481 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+#ifndef PUBLIC_NSAPI_H
+#define PUBLIC_NSAPI_H
+
+/*
+ * File:        nsapi.h
+ *
+ * Description:
+ *
+ *      This file defines an interface for extending the server with
+ *      in-process plug-ins.
+ */
+
+#include "base/systems.h"
+
+#if defined(FILE_UNIX_MMAP) || defined(FILE_WIN32_MMAP)
+#define FILE_MMAP
+#endif
+
+/* --- Begin miscellaneous definitions --- */
+
+/* Used in some places as a length limit on error messages */
+#define MAGNUS_ERROR_LEN 1024
+
+/* Carriage return and line feed */
+#define CR 13
+#define LF 10
+#ifdef XP_WIN32
+#define ENDLINE "\r\n"
+#else
+#define ENDLINE "\n"
+#endif
+
+/* mime.types file identification line */
+#define NCC_MT_MAGIC "#--Netscape Communications Corporation MIME Information"
+#define NCC_MT_MAGIC_LEN 55
+
+/* Deprecated */
+#define MCC_MT_MAGIC "#--Mosaic Communications Corporation MIME Information"
+#define MCC_MT_MAGIC_LEN 53
+
+/* The character which separates extensions with cinfo_find */
+#define CINFO_SEPARATOR '.'
+
+/* The maximum length of a line in a mime.types file */
+#define CINFO_MAX_LEN 1024
+
+/*
+ * The maximum length of an error message. NOT RUN-TIME CHECKED
+ */
+
+#define MAX_ERROR_LEN 1024
+
+/* A warning is a minor mishap, such as a 404 being issued. */
+#define LOG_WARN 0
+
+/* 
+ * A misconfig is when there is a syntax error or permission violation in
+ * a config. file.
+ */
+#define LOG_MISCONFIG 1
+
+/* 
+ * Security warnings are issued when authentication fails, or a host is
+ * given a 403 return code.
+ */
+#define LOG_SECURITY 2
+
+/*
+ * A failure is when a request could not be fulfilled due to an internal
+ * problem, such as a CGI script exiting prematurely, or a filesystem 
+ * permissions problem.
+ */
+#define LOG_FAILURE 3
+
+/*
+ * A catastrophe is a fatal server error such as running out of
+ * memory or processes, or a system call failing, or even a server crash. 
+ * The server child cannot recover from a catastrophe.
+ */
+#define LOG_CATASTROPHE 4
+
+/*
+ * Informational message, of no concern.
+ */
+#define LOG_INFORM 5
+
+/*
+ * Internal log messages to be logged.  Internal use only.
+ * Enable with "LogVerbose on" in magnus.conf
+ */
+#define LOG_VERBOSE 6
+
+/*
+ * The time format to use in the error log
+ */
+
+#define ERR_TIMEFMT "[%d/%b/%Y:%H:%M:%S]"
+
+
+/* The fd you will get if you are reporting errors to SYSLOG */
+
+#define ERRORS_TO_SYSLOG -1
+
+/* Return codes from file I/O routines */
+#define IO_OKAY 1
+#define IO_ERROR -1
+#define IO_EOF 0
+#define NETBUF_EOF	-1
+#define NETBUF_ERROR	-2
+
+/* The disk page size on this machine. */
+#define FILE_BUFFERSIZE 4096
+
+#ifdef XP_UNIX
+
+#define FILE_PATHSEP '/'
+#define FILE_PARENT "../"
+
+#elif defined(XP_WIN32)
+
+#define FILE_PATHSEP '/'
+#define FILE_PARENT "..\\"
+
+#endif /* XP_WIN32 */
+
+#define NET_INFINITE_TIMEOUT 0
+#define NET_ZERO_TIMEOUT -1
+
+
+/*
+ * The following macros allow code to be written to use either the
+ * shell expression API defined here, or the regular expression
+ * pattern matching API defined in regexp.h.  Regular expressions
+ * have a more complicated syntax, but also are more powerful.
+ * Define the symbol, USE_REGEX to use regular expressions.  You
+ * can include either or both of shexp.h and regexp.h, regardless
+ * of whether USE_REGEX is defined or not, and the WILDPAT macros
+ * will be defined appropriately.
+ */
+
+#ifdef USE_REGEX
+
+#define WILDPAT_VALID(exp)              regexp_valid(exp)
+#define WILDPAT_MATCH(str, exp)         regexp_match(str, exp)
+#define WILDPAT_CMP(str, exp)           regexp_cmp(str, exp)
+#define WILDPAT_CASECMP(str, exp)       regexp_casecmp(str, exp)
+#define WILDPAT_USES_REGEXP             1
+
+/* Define return codes from WILDPAT_VALID */
+#define NON_WILDPAT     -1              /* exp is ordinary string */
+#define INVALID_WILDPAT -2              /* exp is an invalid pattern */
+#define VALID_WILDPAT   1               /* exp is a valid pattern */
+
+#else
+
+/* WILDPAT uses shell expressions */
+#define WILDPAT_VALID(exp)              shexp_valid(exp)
+#define WILDPAT_MATCH(str, exp)         shexp_match(str, exp)
+#define WILDPAT_CMP(str, exp)           shexp_cmp(str, exp)
+#define WILDPAT_CASECMP(str, exp)       shexp_casecmp(str, exp)
+#define WILDPAT_USES_SHEXP              1
+
+/* Define return codes from WILDPAT_VALID */
+#define NON_WILDPAT     -1              /* exp is ordinary string */
+#define INVALID_WILDPAT -2              /* exp is an invalid pattern */
+#define VALID_WILDPAT   1               /* exp is a valid pattern */
+
+#endif /* USE_REGEX */
+
+/* Define return codes from regexp_valid and shexp_valid */
+#define NON_SXP         NON_WILDPAT     /* exp is an ordinary string */
+#define INVALID_SXP     INVALID_WILDPAT /* exp is an invalid shell exp */
+#define VALID_SXP       VALID_WILDPAT   /* exp is a valid shell exp */
+
+#ifdef USE_REGEX
+/* and regexp versions */
+#define NON_REGEXP      NON_SXP
+#define INVALID_REGEXP  INVALID_SXP
+#define VALID_REGEXP    VALID_SXP
+#endif
+
+#define SYSTHREAD_DEFAULT_PRIORITY 16
+
+/* The longest line in the configuration file */
+#define CONF_MAXLEN 16384
+
+#define HTTP_DATE_LEN 128
+#ifdef XP_UNIX
+#define HTTP_DATE_FMT "%A, %d-%b-%y %T GMT"
+#else /* XP_WIN32 */
+#define HTTP_DATE_FMT "%A, %d-%b-%y %H:%M:%S GMT"
+#endif /* XP_WIN32 */
+
+/* HTTP status codes */
+#define PROTOCOL_CONTINUE 100		/* HTTP/1.1 */
+#define PROTOCOL_SWITCHING 101		/* HTTP/1.1 */
+#define PROTOCOL_OK 200
+#define PROTOCOL_CREATED 201
+#define PROTOCOL_NO_RESPONSE 204
+#define PROTOCOL_PARTIAL_CONTENT 206
+#define PROTOCOL_REDIRECT 302
+#define PROTOCOL_NOT_MODIFIED 304
+#define PROTOCOL_BAD_REQUEST 400
+#define PROTOCOL_UNAUTHORIZED 401
+#define PROTOCOL_FORBIDDEN 403
+#define PROTOCOL_NOT_FOUND 404
+#define PROTOCOL_METHOD_NOT_ALLOWED 405	/*HTTP/1.1 */
+#define PROTOCOL_PROXY_UNAUTHORIZED 407
+#define PROTOCOL_CONFLICT 409			/* HTTP/1.1 */
+#define PROTOCOL_LENGTH_REQUIRED 411	/*HTTP/1.1 */
+#define PROTOCOL_PRECONDITION_FAIL 412 	/*HTTP/1.1 */
+#define PROTOCOL_ENTITY_TOO_LARGE 413	/*HTTP/1.1 */
+#define PROTOCOL_URI_TOO_LARGE 414		/*HTTP/1.1 */
+#define PROTOCOL_SERVER_ERROR 500
+#define PROTOCOL_NOT_IMPLEMENTED 501
+#define PROTOCOL_VERSION_NOT_SUPPORTED 505 /*HTTP/1.1 */
+
+#define CURRENT_PROTOCOL_VERSION 101
+
+/* Definitions for HTTP over SSL */
+#define HTTPS_PORT 443
+#define HTTPS_URL "https"
+
+/* Definitions for HTTP over TCP */
+#define HTTP_PORT 80
+#define HTTP_URL "http"
+
+
+#define REQ_MAX_LINE 4096
+    
+/*
+ * The REQ_ return codes. These codes are used to determine what the server
+ * should do after a particular module completes its task.
+ *
+ * Func type functions return these as do many internal functions.
+ */
+
+/* The function performed its task, proceed with the request */
+#define REQ_PROCEED 0
+/* The entire request should be aborted: An error occurred */
+#define REQ_ABORTED -1
+/* The function performed no task, but proceed anyway. */
+#define REQ_NOACTION -2
+/* Tear down the session and exit */
+#define REQ_EXIT -3
+/* Restart the entire request-response process */
+#define REQ_RESTART -4
+
+/* --- End miscellaneous definitions --- */
+
+/* --- Begin native platform includes --- */
+
+#if defined(FILE_UNIX) || defined(FILE_UNIX_MMAP)
+#include <sys/types.h>                  /* caddr_t */
+#include <sys/file.h>
+#include <fcntl.h>
+#include <unistd.h>
+#endif
+
+#ifdef FILE_WIN32
+#include <direct.h>
+#endif /* FILE_WIN32 */
+
+#ifdef NET_WINSOCK
+#include <winsock.h>
+struct iovec {
+	char		*iov_base;
+    unsigned	iov_len;
+};
+#else
+#if !defined(SUNOS4) && !defined(HPUX) && !defined(LINUX)
+#include <sys/select.h>
+#endif
+#include <sys/time.h>    /* struct timeval */
+#include <sys/socket.h>
+#include <netinet/in.h> /* sockaddr and in_addr */
+#include <sys/uio.h>
+#endif /* NET_WINSOCK */
+
+#include <sys/stat.h>
+
+#include <ctype.h>  /* isspace */
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <time.h>
+
+#ifdef XP_UNIX
+#include <dirent.h>
+#include <pwd.h>                /* struct passwd */
+#endif /* XP_UNIX */
+#include "libadminutil/psetc.h"
+
+/* --- End native platform includes --- */
+
+/* --- Begin type definitions --- */
+
+#ifndef SYS_FILE_T
+typedef void *SYS_FILE;
+#define SYS_FILE_T void *
+#endif /* !SYS_FILE_T */
+
+#define SYS_ERROR_FD ((SYS_FILE)-1)
+
+#ifndef SYS_NETFD_T
+typedef void *SYS_NETFD;
+#define SYS_NETFD_T void *
+#endif /* !SYS_NETFD_T */
+
+/* Error value for a SYS_NETFD */
+#ifndef SYS_NET_ERRORFD
+#define SYS_NET_ERRORFD ((SYS_NETFD)-1)
+#endif /* !SYS_NET_ERRORFD */
+
+/*
+ * Type:        filebuffer, filebuf_t
+ *
+ * Description:
+ *
+ *      This structure is used to represent a buffered file.  On some
+ *      systems the file may be memory-mapped.  A filebuffer is created
+ *      by filebuf_open(), and destroyed by filebuf_close().
+ *
+ * Notes:
+ *
+ *      Direct access to the members of this structure, not using
+ *      macros defined here, is discouraged.
+ *
+ *      The filebuf alias that used to be defined for this type was
+ *      found to conflict with a C++ class of the same name, so it
+ *      has been renamed to filebuf_t.
+ *
+ *      The inbuf field used to be (char *), but is now (unsigned char *)
+ *      to simplify handling of 8-bit data.  The value returned by the
+ *      filebuf_getc() macro is the (unsigned char) casted to (int), or
+ *      an error code.  Unfortunately, IO_EOF cannot be distinguished
+ *      from a zero byte, but a new function, filebuf_iseof(), is
+ *      provided that will indicate definitively whether EOF has been
+ *      reached.
+ */
+
+#ifdef FILE_MMAP
+
+/* Version of filebuffer when memory-mapped files are supported */
+typedef struct {
+    SYS_FILE fd;
+#ifdef FILE_UNIX_MMAP
+    caddr_t fp;
+#else /* FILE_WIN32_MMAP */
+    HANDLE fdmap;
+    char *fp;
+#endif /* FILE_UNIX_MMAP */
+    int len;
+
+    unsigned char *inbuf;   /* for buffer_grab */
+    int cursize;
+
+    int pos;
+    char *errmsg;
+} filebuffer;
+
+/* Return next character or IO_EOF */
+#define filebuf_getc(b) ((b)->pos == (b)->len ? IO_EOF : (int)((unsigned char *)(b)->fp)[(b)->pos++])
+
+#define filebuf_iseof(b) ((b)->pos == (b)->len)
+
+#else
+
+/* Version of filebuffer with no memory-mapped file support */
+typedef struct {
+    SYS_FILE fd;
+
+    int pos, cursize, maxsize;
+    unsigned char *inbuf;
+    char *errmsg;
+} filebuffer;
+
+/* Return next character, IO_EOF, or IO_ERROR */
+#define filebuf_getc(b) \
+ ((b)->pos != (b)->cursize ? (int)((b)->inbuf[(b)->pos++]) : filebuf_next(b,1))
+
+#endif /* FILE_MMAP */
+
+/* C++ streamio defines a filebuf class. */
+typedef filebuffer filebuf_t;
+
+#ifdef XP_WIN32
+/* Use a filebuffer to read data from a pipe */
+#define pipebuf_getc(b) \
+ ((b)->pos != (b)->cursize ? (int)((b)->inbuf[(b)->pos++]) : pipebuf_next(b,1))
+#endif /* XP_WIN32 */
+
+/*
+ * Type:        netbuf
+ *
+ * Description:
+ *
+ *      This structure is used to represent a buffered network socket.
+ *      It is created by netbuf_open(), and destroyed by netbuf_close().
+ *
+ * Notes:
+ *
+ *      Direct access to the members of this structure, not using
+ *      macros defined here, is discouraged.
+ *
+ *      The inbuf field used to be (unsigned char *), but is now
+ *      simply (char *).  The value returned by the netbuf_getc()
+ *      macro is (int).
+ */
+
+typedef struct {
+    SYS_NETFD sd;
+
+    int pos, cursize, maxsize, rdtimeout;
+#ifdef XP_WIN32
+    CHAR address[64];
+#endif /* XP_WIN32 */
+    unsigned char *inbuf;
+    char *errmsg;
+#ifndef XP_WIN32
+    char address[64];
+#endif /* !XP_WIN32 */
+} netbuf;
+
+/*
+ * netbuf_getc gets a character from the given network buffer and returns 
+ * it. (as an integer).
+ * 
+ * It will return (int) IO_ERROR for an error and (int) IO_EOF for
+ * an error condition or EOF respectively.
+ */
+
+#define netbuf_getc(b) \
+ ((b)->pos != (b)->cursize ? (int)((b)->inbuf[(b)->pos++]) : netbuf_next(b,1))
+
+/*
+ * buffer_error returns the last error that occurred with buffer. Don't use
+ * this unless you know an error occurred. Independent of network/file type.
+ */
+
+#define buffer_error(b) ((b)->errmsg)
+
+/*
+ * Type:        cinfo
+ *
+ * Description:
+ *
+ *      This is a structure that captures the information in the name/value
+ *      pairs on one line of a mime.types file.  A cinfo structure is
+ *      stored in the memory-resident database, indexed by each of the
+ *      file extensions specified in the "exts" name/value pair.  It
+ *      defines various attributes of resources with names containing
+ *      the specified file extensions.
+ *
+ * Notes:
+ *
+ *      Pointers to cinfo structures returned by this API may or may not
+ *      need to freed by the caller.  See the individual function
+ *      descriptions.
+ *
+ *      The strings referenced by the fields of cinfo structures returned
+ *      by this API should be considered read-only, and do not need to be
+ *      freed by the caller, even when the cinfo structure does.
+ */
+
+typedef struct {
+    char *type;
+    char *encoding;
+    char *language;
+} cinfo;
+
+
+typedef void* CONDVAR;
+typedef void *COUNTING_SEMAPHORE;
+typedef void* CRITICAL;
+
+#ifdef XP_UNIX
+typedef struct passwd *PASSWD;
+typedef DIR* SYS_DIR;
+typedef struct dirent SYS_DIRENT;
+#endif /* XP_UNIX */
+
+#ifdef XP_WIN32
+
+typedef struct {
+    char *d_name;
+} dirent_s;
+
+typedef struct {
+    HANDLE dp;
+    WIN32_FIND_DATA fdata;
+    dirent_s de;
+} dir_s;
+
+typedef dir_s* SYS_DIR;
+typedef dirent_s SYS_DIRENT;
+
+#endif /* XP_WIN32 */
+
+typedef struct {
+    char *name,*value;
+} pb_param;
+
+struct pb_entry {
+    pb_param *param;
+    struct pb_entry *next;
+};
+
+typedef struct {
+    int hsize;
+    struct pb_entry **ht;
+} pblock;
+
+#ifndef POOL_HANDLE_T
+#define POOL_HANDLE_T
+typedef void *pool_handle_t;
+#endif
+
+#ifndef SEMAPHORE_T
+typedef void *SEMAPHORE;
+#define SEMAPHORE_T void *
+#endif /* !SEMAPHORE_T */
+
+#define SESSION_HASHSIZE 5
+
+typedef struct PListStruct_s PListStruct_s;
+typedef struct ACLListHandle ACLListHandle;
+
+typedef struct Session {
+    /* Client-specific information */
+    pblock *client;
+
+    SYS_NETFD csd;
+    netbuf *inbuf;
+    int csd_open;
+
+    struct in_addr iaddr;
+
+#ifdef MCC_PROXY
+    int req_cnt;
+#endif
+
+#ifdef MALLOC_POOLS
+    pool_handle_t *pool;
+#endif /* MALLOC_POOLS */
+
+    void *clauth;		/* ACL client authentication information */
+    struct Session *next;
+	int fill;
+    struct sockaddr_in local_addr;   /* local addr for this session*/
+
+    PListStruct_s *subject;
+} Session;
+
+#if defined (SHMEM_UNIX_MMAP) || defined (SHMEM_WIN32_MMAP)
+typedef struct {
+    void *data;   /* the data */
+#ifdef SHMEM_WIN32_MMAP
+    HANDLE fdmap;
+#endif /* SHMEM_WIN32_MMAP */
+    int size;     /* the maximum length of the data */
+
+    char *name;   /* internal use: filename to unlink if exposed */
+    SYS_FILE fd;  /* internal use: file descriptor for region */
+} shmem_s;
+#endif  /* SHMEM_UNIX_MMAP || SHMEM_WIN32_MMAP */
+
+
+/* Define a handle for a thread */
+typedef void* SYS_THREAD;
+
+/* Define an error value for the thread handle */
+#define SYS_THREAD_ERROR NULL
+
+/*
+ * Hierarchy of httpd_object
+ *
+ * An object contains dtables. 
+ * 
+ * Each dtable is a table of directives that were entered of a certain type.
+ * There is one dtable for each unique type of directive.
+ *
+ * Each dtable contains an array of directives, each of which is equivalent
+ * to one directive that occurred in a config. file.
+ *
+ * It is up to the caller to determine how many dtables will be allocated
+ * and to keep track of which of their directive types maps to which dtable
+ * number.
+ */
+
+
+/*
+ * directive is a structure containing the protection and parameters to an
+ * instance of a directive within an httpd_object.
+ *
+ * param is the parameters, client is the protection.
+ */
+
+typedef struct {
+    pblock *param;
+    pblock *client;
+} directive;
+
+/*
+ * dtable is a structure for creating tables of directives
+ */
+
+typedef struct {
+    int ni;
+    directive *inst;
+} dtable;
+
+/*
+ * The httpd_object structure.
+ *
+ * The name pblock array contains the names for this object, such as its
+ * virtual location, its physical location, or its identifier.
+ * 
+ * tmpl contains any templates allocated to this object.
+ */
+
+typedef struct {
+    pblock *name;
+
+    int nd;
+    dtable *dt;
+} httpd_object;
+
+/*
+ * httpd_objset is a container for a bunch of objects. obj is a 
+ * NULL-terminated array of objects. pos points to the entry after the last
+ * one in the array. You should not mess with pos, but can read it to find
+ * the last entry.
+ *
+ * The initfns array is a NULL-terminated array of the Init functions 
+ * associated with this object set. If there are no Init functions associated
+ * with this object set, initfns can be NULL. Each pblock specifies the
+ * parameters which are passed to the function when it's executed.
+ */
+
+typedef struct {
+    int pos;
+    httpd_object **obj;
+
+    pblock **initfns;
+} httpd_objset;
+
+
+typedef struct {
+
+    /* What port we listen to */
+    int Vport;
+#define server_portnum conf_getglobals()->Vport
+
+    /* What address to bind to */
+    char *Vaddr;
+
+    /* User to run as */
+#define user_pw conf_getglobals()->Vuserpw
+    struct passwd *Vuserpw;
+
+    /* Directory to chroot to */
+    char *Vchr;
+
+    /* Where to log our pid to */
+    char *Vpidfn;
+
+#define pool_max conf_getglobals()->Vpool_max
+    int Vpool_max;                              /* OBSOLETE */
+#define pool_min conf_getglobals()->Vpool_min
+    int Vpool_min;                              /* OBSOLETE */
+#define pool_life conf_getglobals()->Vpool_life
+    int Vpool_life;                             /* OBSOLETE */
+
+    /* For multiprocess UNIX servers, the maximum threads per process */
+#define pool_maxthreads conf_getglobals()->Vpool_maxthreads
+    int Vpool_maxthreads;
+
+#define pool_minthreads conf_getglobals()->Vpool_minthreads
+    int Vpool_minthreads;                       /* OBSOLETE */
+
+    char *Vsecure_keyfn;
+    char *Vsecure_certfn;
+
+#define security_active conf_getglobals()->Vsecurity_active
+    int Vsecurity_active;
+#define ssl3_active conf_getglobals()->Vssl3_active
+    int Vssl3_active;
+#define ssl2_active conf_getglobals()->Vssl2_active
+    int Vssl2_active;
+    int Vsecure_auth;
+#define security_session_timeout conf_getglobals()->Vsecurity_session_timeout
+    int Vsecurity_session_timeout;
+#define ssl3_session_timeout conf_getglobals()->Vssl3_session_timeout
+    long Vssl3_session_timeout;
+
+    /* The server's hostname as should be reported in self-ref URLs */
+#define server_hostname conf_getglobals()->Vserver_hostname
+    char *Vserver_hostname;
+
+    /* The main object from which all are derived */
+#define root_object conf_getglobals()->Vroot_object
+    char *Vroot_object;
+
+    /* The object set the administrator has asked us to load */
+#define std_os conf_getglobals()->Vstd_os
+    httpd_objset *Vstd_os;
+
+    /* The root of ACL data structures */
+    void *Vacl_root;
+#define acl_root conf_getglobals()->Vacl_root
+
+    /* The main error log, where all errors are logged */
+#define master_error_log conf_getglobals()->Vmaster_error_log
+    char *Vmaster_error_log;
+
+    /* The server root ( in which the server sits while executing ) */
+#define server_root conf_getglobals()->Vserver_root
+    char *Vserver_root;
+
+    /* This server's id */
+#define server_id conf_getglobals()->Vserver_id
+    char *Vserver_id;
+
+    int single_accept;		/* daemon mode  Internal use only */
+    int num_keep_alives;	/* number of KA threads Internal use only */
+    int log_verbose;		/* Flag to log LOG_VERBOSE messages */
+    int mmap_flags;		/* mmap flags for file cache mmaping - internal use only */
+    int mmap_prots;		/* mmap prots for file cache mmaping - internal use only */
+    int unused1;
+    int unused2;
+
+    /* Begin Enterprise 3.0 fields */
+    int accept_language;       /* turn accept-language on/off */
+
+    char *mtahost;              /* Hostname of the Mail Transport Agent :
+				 * typically "localhost" for the Unix boxes,
+				 * or the hostname of a POP server otherwise.
+				 * Needed by the Agents subsystem.
+				 */
+    char *nntphost;              /* NNTP server -> for Agents */
+
+    /* The root of ACL data structures */
+    void *Vacl_root_30;
+#define acl_root_30 conf_getglobals()->Vacl_root_30
+
+    /* This is for the agent subsystem */
+    /* The name of tha configuration parameter is: "AgentsFilePath" */
+    char*	agentFilePath; /* path to agent.conf */
+#define AgentFilePath (conf_getglobals()->agentFilePath)
+
+    /* Default allowed methods - */
+    int Allowed;
+#define AllowedMethods (conf_getglobals()->Allowed)
+
+    pblock *genericGlobals;    /* See conf_api.h for details on accessing 
+                                * these 
+                                */
+
+    /*Agents ACL file */
+    char* agentsACLFile;
+    int wait_for_cgi;
+    int cgiwatch_timeout;
+
+#ifdef FORTEZZA
+    uint32 fortezza_card_mask;
+    char *fortezza_personality;
+    char *krlname;
+#endif
+} conf_global_vars_s;
+
+typedef struct {
+    /* Server working variables */
+    pblock *vars;
+
+    /* The method, URI, and protocol revision of this request */
+    pblock *reqpb;
+    /* Protocol specific headers */
+    int loadhdrs;
+    pblock *headers;
+
+    /* Server's response headers */
+    int senthdrs;
+    pblock *srvhdrs;
+
+    /* The object set constructed to fulfill this request */
+    httpd_objset *os;
+    /* Array of objects that were created from .nsconfig files */
+    httpd_objset *tmpos;
+
+    /* The stat last returned by request_stat_path */
+    char *statpath;
+    char *staterr;
+    struct stat *finfo;
+
+    /* access control state */
+    int aclstate;		/* ACL decision state */
+    int acldirno;		/* deciding ACL directive number */
+    char * aclname;		/* name of deciding ACL */
+    pblock * aclpb;		/* parameter block for ACL PathCheck */
+    /* 3.0 ACL list pointer */
+    ACLListHandle *acllist;
+
+#ifdef MCC_PROXY
+    struct hostent *hp;	/* proxy NSAPI: DNS resolution result */
+    char * host;	/* proxy NSAPI: host to resolve/connect to */
+    int    port;	/* proxy NSAPI: port to connect to */
+
+    void * socks_rq;	/* SOCKS request data */
+#endif
+
+    int request_is_cacheable;  /* default TRUE */
+    int directive_is_cacheable; /* default FALSE */
+
+    char *cached_headers;
+    int cached_headers_len;	/* length of the valid headers */
+    char *unused;
+
+	/* HTTP/1.1 features */
+	time_t	req_start;	/* Time request arrived - used for determining weak or*/
+						/* strong cache validation */
+#define REQ_TIME(x)		(x)->req_start
+	short protv_num;		/* Protocol Version number */
+	short method_num;		/* Method number */
+	struct rq_attr {
+#ifdef AIX
+		unsigned abs_uri:1;	/* 1=Absolute URI was used */
+		unsigned chunked:1;	/* chunked transfer-coding */
+		unsigned keep_alive:1;	/* connection keek-alive */
+		unsigned pipelined:1;	/* request packet is pipelined */
+		unsigned reserved:28;	/* If you add a bit flag, make */
+						/* sure to subtract one from this */
+#else
+		unsigned long abs_uri:1;	/* 1=Absolute URI was used */
+		unsigned long chunked:1;	/* chunked transfer-coding */
+		unsigned long keep_alive:1;	/* connection keek-alive */
+		unsigned pipelined:1;	    /* request packet is pipelined */
+		unsigned long reserved:28;	/* If you add a bit flag, make */
+						/* sure to subtract one from this */
+#endif
+	}rq_attr;
+	char * hostname;			/* Not NULL if abs_uri */
+	int allowed;				/* Allowed METHODs for this server */
+	int byterange;				/* number of byte ranges */
+	short status_num;			/* Status code */
+
+    int staterrno; /* used for rqstat */
+} Request;
+
+/* Request attribute macros */
+#define ABS_URI(x) 		(x)->rq_attr.abs_uri
+#define CHUNKED(x) 		(x)->rq_attr.chunked
+#define KEEP_ALIVE(x) 	(x)->rq_attr.keep_alive 
+#define PIPELINED(x) 	(x)->rq_attr.pipelined 
+
+/* Define METHODS for HTTP/1.1 */
+#define METHOD_HEAD		0
+#define METHOD_GET 		1
+#define METHOD_PUT		2
+#define METHOD_POST 	3
+#define	METHOD_DELETE	4
+#define METHOD_TRACE	5
+#define METHOD_OPTIONS	6
+/* The following methods are Netscape method extensions */
+#define	METHOD_MOVE		7
+#define METHOD_INDEX	8
+#define METHOD_MKDIR	9
+#define METHOD_RMDIR	10
+#define METHOD_COPY		11
+#define	METHOD_MAX		12	/* Number of methods available on this server */
+
+#define ISMGET(r)		((r)->method_num == METHOD_GET)
+#define ISMHEAD(r)		((r)->method_num == METHOD_HEAD)
+#define ISMPUT(r)		((r)->method_num == METHOD_PUT)
+#define ISMPOST(r)		((r)->method_num == METHOD_POST)
+#define ISMDELETE(r)	((r)->method_num == METHOD_DELETE)
+#define ISMMOVE(r)		((r)->method_num == METHOD_MOVE)
+#define ISMINDEX(r)		((r)->method_num == METHOD_INDEX)
+#define ISMMKDIR(r)		((r)->method_num == METHOD_MKDIR)
+#define ISMRMDIR(r)		((r)->method_num == METHOD_RMDIR)
+#define ISMCOPY(r)		((r)->method_num == METHOD_COPY)
+#define ISMTRACE(r)     ((r)->method_num == METHOD_TRACE)
+#define ISMOPTIONS(r)   ((r)->method_num == METHOD_OPTIONS)
+
+/*
+ * FuncPtr is a pointer to our kind of functions
+ */
+
+#ifdef XP_UNIX
+typedef int Func(pblock *, Session *, Request *);
+#else /* XP_WIN32 */
+typedef int _cdecl Func(pblock *, Session *, Request *);
+#endif /* XP_WIN32 */
+
+typedef Func *FuncPtr;
+
+/*
+ * FuncStruct is a structure used in the static declaration of the 
+ * functions. This static declaration is parsed into a hash table at 
+ * startup. You should initialize the next entry to NULL.
+ */
+
+struct FuncStruct {
+    char *name;
+    FuncPtr func;
+    struct FuncStruct *next;
+    int flags;
+};
+
+/* --- End type definitions --- */
+
+/* --- Begin dispatch vector table definition --- */
+
+typedef struct nsapi_dispatch_s nsapi_dispatch_t;
+struct nsapi_dispatch_s {
+    char *(*f_system_version)();
+    void *(*f_system_malloc)(int size);
+    void *(*f_system_calloc)(int size);
+    void *(*f_system_realloc)(void *ptr, int size);
+    void (*f_system_free)(void *ptr);
+    char *(*f_system_strdup)(const char *ptr);
+    void *(*f_system_malloc_perm)(int size);
+    void *(*f_system_calloc_perm)(int size);
+    void *(*f_system_realloc_perm)(void *ptr, int size);
+    void (*f_system_free_perm)(void *ptr);
+    char *(*f_system_strdup_perm)(const char *ptr);
+    int (*f_getThreadMallocKey)(void);
+    void (*f_magnus_atrestart)(void (*fn)(void *), void *data);
+    filebuf_t *(*f_filebuf_open)(SYS_FILE fd, int sz);
+    netbuf *(*f_netbuf_open)(SYS_NETFD sd, int sz);
+    filebuf_t *(*f_filebuf_create)(SYS_FILE fd, caddr_t mmap_ptr,
+                                   int mmap_len, int bufsz);
+    void (*f_filebuf_close_buffer)(filebuf_t *buf, int clean_mmap);
+#ifdef FILE_MMAP
+    filebuf_t *(*f_filebuf_open_nostat)(SYS_FILE fd, int sz,
+                                        struct stat *finfo);
+#else
+    void *(*f_filebuf_open_nostat)(void);
+#endif
+#ifdef XP_WIN32
+    filebuf_t *(*f_pipebuf_open)(SYS_FILE fd, int sz, struct stat *finfo);
+#else
+    void *(*f_pipebuf_open)(void);
+#endif /* XP_WIN32 */
+#ifndef FILE_MMAP
+    int (*f_filebuf_next)(filebuf_t *buf, int advance);
+#else
+    int (*f_filebuf_next)(void);
+#endif /* !FILE_MMAP */
+    int (*f_netbuf_next)(netbuf *buf, int advance);
+#ifdef XP_WIN32 
+    int (*f_pipebuf_next)(filebuf_t *buf, int advance);
+#else
+    int (*f_pipebuf_next)(void);
+#endif /* XP_WIN32 */
+    void (*f_filebuf_close)(filebuf_t *buf);
+    void (*f_netbuf_close)(netbuf *buf);
+#ifdef XP_WIN32
+    void	(*f_pipebuf_close)(filebuf_t *buf);
+#else
+    void (*f_pipebuf_close)(void);
+#endif /* XP_WIN32 */
+    int (*f_filebuf_grab)(filebuf_t *buf, int sz);
+    int (*f_netbuf_grab)(netbuf *buf, int sz);
+#ifdef XP_WIN32
+    int (*f_pipebuf_grab)(filebuf_t *buf, int sz);
+#else
+    int (*f_pipebuf_grab)(void);
+#endif /* XP_WIN32 */
+    int (*f_netbuf_buf2sd)(netbuf *buf, SYS_NETFD sd, int len);
+    int (*f_filebuf_buf2sd)(filebuf_t *buf, SYS_NETFD sd);
+#ifdef XP_WIN32
+    int (*f_pipebuf_buf2sd)(filebuf_t *buf, SYS_NETFD sd, int len);
+    int (*f_pipebuf_netbuf2sd)(netbuf *buf, SYS_FILE sd, int len);
+    int (*f_pipebuf_netbuf2pipe)(netbuf *buf, SYS_NETFD sd, int len);
+#else
+    int (*f_pipebuf_buf2sd)(void);
+    int (*f_pipebuf_netbuf2sd)(void);
+    int (*f_pipebuf_netbuf2pipe)(void);
+#endif /* XP_WIN32 */
+    void (*f_cinfo_init)(void);
+    void (*f_cinfo_terminate)(void);
+    char *(*f_cinfo_merge)(char *fn);
+    cinfo *(*f_cinfo_find)(char *uri);
+    cinfo *(*f_cinfo_lookup)(char *type);
+    void (*f_cinfo_dump_database)(FILE *dump);
+    CRITICAL (*f_crit_init)(void);
+    void (*f_crit_enter)(CRITICAL id);
+    void (*f_crit_exit)(CRITICAL id);
+    void (*f_crit_terminate)(CRITICAL id);
+    CONDVAR (*f_condvar_init)(CRITICAL id);
+    void (*f_condvar_wait)(CONDVAR cv);
+    void (*f_condvar_notify)(CONDVAR cv);
+    void (*f_condvar_notifyAll)(CONDVAR cv);
+    void (*f_condvar_terminate)(CONDVAR cv);
+    COUNTING_SEMAPHORE (*f_cs_init)(int initial_count);
+    void (*f_cs_terminate)(COUNTING_SEMAPHORE csp);
+    int (*f_cs_wait)(COUNTING_SEMAPHORE csp);
+    int (*f_cs_trywait)(COUNTING_SEMAPHORE csp);
+    int (*f_cs_release)(COUNTING_SEMAPHORE csp);
+    void (*f_daemon_atrestart)(void (*fn)(void *), void *data);
+#ifdef FORTEZZA
+    /* THIS IS BOGUS... WHO Decided to export servssl_init!!! It should not
+     * be a public function. 
+     */
+    void (*f_servssl_init)(void);
+#else
+    void (*f_servssl_init)(PsetHndl pset, PRFileDesc *fd, char *admRoot);
+#endif
+    int (*f_ereport)(int degree, char *fmt, ...);
+    int (*f_ereport_v)(int degree, char *fmt, va_list args);
+    char *(*f_ereport_init)(char *err_fn, char *email,
+                            PASSWD pwuser, char *version);
+    void (*f_ereport_terminate)(void);
+    SYS_FILE (*f_ereport_getfd)(void);
+    SYS_FILE (*f_system_fopenRO)(char *path);
+    SYS_FILE (*f_system_fopenWA)(char *path);
+    SYS_FILE (*f_system_fopenRW)(char *path);
+    SYS_FILE (*f_system_fopenWT)(char *path);
+    int (*f_system_fread)(SYS_FILE fd, char *buf, int sz);
+    int (*f_system_fwrite)(SYS_FILE fd,char *buf,int sz);
+    int (*f_system_fwrite_atomic)(SYS_FILE fd, char *buf, int sz);
+    int (*f_system_lseek)(SYS_FILE fd, int off, int wh);
+    int (*f_system_fclose)(SYS_FILE fd);
+    int (*f_system_stat)(char *name, struct stat *finfo);
+    int (*f_system_rename)(char *oldpath, char *newpath);
+    int (*f_system_unlink)(char *path);
+    int (*f_system_tlock)(SYS_FILE fd);
+    int (*f_system_flock)(SYS_FILE fd);
+    int (*f_system_ulock)(SYS_FILE fd);
+#ifdef XP_WIN32
+    SYS_DIR (*f_dir_open)(char *path);
+    SYS_DIRENT *(*f_dir_read)(SYS_DIR ds);
+    void (*f_dir_close)(SYS_DIR ds);
+#else
+    void *(*f_dir_open)(void);
+    void *(*f_dir_read)(void);
+    void (*f_dir_close)(void);
+#endif /* XP_WIN32 */
+    int (*f_dir_create_all)(char *dir);
+#ifdef XP_WIN32
+    char *(*f_system_winsockerr)(void);
+    char *(*f_system_winerr)(void);
+    int (*f_system_pread)(SYS_FILE fd, char *buf, int sz);
+    int (*f_system_pwrite)(SYS_FILE fd, char *buf, int sz);
+    void (*f_file_unix2local)(char *path, char *p2);
+#else
+    void *(*f_system_winsockerr)(void);
+    void *(*f_system_winerr)(void);
+    int (*f_system_pread)(void);
+    int (*f_system_pwrite)(void);
+    void (*f_file_unix2local)(void);
+#endif /* XP_WIN32 */
+    int (*f_system_nocoredumps)(void);
+    int (*f_file_setinherit)(SYS_FILE fd, int value);
+    int (*f_file_notfound)(void);
+    char *(*f_system_errmsg)(void);
+    int (*f_system_errmsg_fn)(char **buff, size_t maxlen);
+    SYS_NETFD (*f_net_socket)(int domain, int type, int protocol);
+    int (*f_net_listen)(SYS_NETFD s, int backlog);
+    SYS_NETFD (*f_net_create_listener)(char *ipaddr, int port);
+    int (*f_net_connect)(SYS_NETFD s, const void *sockaddr, int namelen);
+    int (*f_net_getpeername)(SYS_NETFD s, struct sockaddr *name, int *namelen);
+    int (*f_net_close)(SYS_NETFD s);
+    int (*f_net_bind)(SYS_NETFD s, const struct sockaddr *name, int namelen);
+    SYS_NETFD (*f_net_accept)(SYS_NETFD s, struct sockaddr *addr, int *addrlen);
+    int (*f_net_read)(SYS_NETFD sd, char *buf, int sz, int timeout);
+    int (*f_net_write)(SYS_NETFD sd, char *buf, int sz);
+    int (*f_net_writev)(SYS_NETFD sd, struct iovec *iov, int iovlen);
+    int (*f_net_isalive)(SYS_NETFD sd);
+    char *(*f_net_ip2host)(char *ip, int verify);
+    int (*f_net_getsockopt)(SYS_NETFD s, int level, int optname,
+                            void *optval, int *optlen);
+    int (*f_net_setsockopt)(SYS_NETFD s, int level, int optname,
+                            const void *optval, int optlen);
+    int (*f_net_select)(int nfds, fd_set *r, fd_set *w, fd_set *e, 
+                        struct timeval *timeout);
+    int (*f_net_ioctl)(SYS_NETFD s, int tag, void *result);
+    pb_param *(*f_param_create)(char *name, char *value);
+    int (*f_param_free)(pb_param *pp);
+    pblock *(*f_pblock_create)(int n);
+    void (*f_pblock_free)(pblock *pb);
+    char *(*f_pblock_findval)(const char *name, pblock *pb);
+    pb_param *(*f_pblock_nvinsert)(const char *name, const char *value, pblock *pb);
+    pb_param *(*f_pblock_nninsert)(const char *name, int value, pblock *pb);
+    void (*f_pblock_pinsert)(pb_param *pp, pblock *pb);
+    int (*f_pblock_str2pblock)(const char *str, pblock *pb);
+    char *(*f_pblock_pblock2str)(pblock *pb, char *str);
+    void (*f_pblock_copy)(pblock *src, pblock *dst);
+    pblock *(*f_pblock_dup)(pblock *src);
+    char **(*f_pblock_pb2env)(pblock *pb, char **env);
+    pb_param *(*f_pblock_fr)(const char *name, pblock *pb, int remove);
+    char * (*f_pblock_replace)(const char *name,char * new_value,pblock *pb);
+    pool_handle_t *(*f_pool_create)(void);
+    void (*f_pool_destroy)(pool_handle_t *pool_handle);
+    int (*f_pool_enabled)(void);
+    void *(*f_pool_malloc)(pool_handle_t *pool_handle, size_t size );
+    void (*f_pool_free)(pool_handle_t *pool_handle, void *ptr );
+    void *(*f_pool_calloc)(pool_handle_t *pool_handle, size_t nelem, size_t elsize);
+    void *(*f_pool_realloc)(pool_handle_t *pool_handle, void *ptr, size_t size );
+    char *(*f_pool_strdup)(pool_handle_t *pool_handle, const char *orig_str );
+#if defined(MCC_PROXY) && defined(USE_REGEX)
+    int (*f_regexp_valid)(char *exp);
+    int (*f_regexp_match)(char *str, char *exp);
+    int (*f_regexp_cmp)(char *str, char *exp);
+    int (*f_regexp_casecmp)(char *str, char *exp);
+#else
+    int (*f_regexp_valid)(void);
+    int (*f_regexp_match)(void);
+    int (*f_regexp_cmp)(void);
+    int (*f_regexp_casecmp)(void);
+#endif
+    SEMAPHORE (*f_sem_init)(char *name, int number);
+    void (*f_sem_terminate)(SEMAPHORE id);
+    int (*f_sem_grab)(SEMAPHORE id);
+    int (*f_sem_tgrab)(SEMAPHORE id);
+    int (*f_sem_release)(SEMAPHORE id);
+    Session *(*f_session_alloc)(SYS_NETFD csd, struct sockaddr_in *sac); /* internal */
+    Session *(*f_session_fill)(Session *sn); /* internal */
+    Session *(*f_session_create)(SYS_NETFD csd, struct sockaddr_in *sac);
+    void (*f_session_free)(Session *sn);
+    char *(*f_session_dns_lookup)(Session *sn, int verify);
+    int (*f_shexp_valid)(char *exp);
+    int (*f_shexp_match)(char *str, char *exp);
+    int (*f_shexp_cmp)(char *str, char *exp);
+    int (*f_shexp_casecmp)(char *str, char *exp);
+#if defined (SHMEM_UNIX_MMAP) || defined (SHMEM_WIN32_MMAP)
+    shmem_s *(*f_shmem_alloc)(char *name, int size, int expose);
+    void (*f_shmem_free)(shmem_s *region);
+#else
+    void *(*f_shmem_alloc)(void);
+    void (*f_shmem_free)(void);
+#endif  /* SHMEM_UNIX_MMAP || SHMEM_WIN32_MMAP */
+    SYS_THREAD (*f_systhread_start)(int prio, int stksz, void (*fn)(void *), void *arg);
+    SYS_THREAD (*f_systhread_current)(void);
+    void (*f_systhread_yield)(void);
+    SYS_THREAD (*f_systhread_attach)(void);
+    void (*f_systhread_detach)(SYS_THREAD thr);
+    void (*f_systhread_terminate)(SYS_THREAD thr);
+    void (*f_systhread_sleep)(int milliseconds);
+    void (*f_systhread_init)(char *name);
+    void (*f_systhread_timerset)(int usec);
+    int (*f_systhread_newkey)(void);
+    void *(*f_systhread_getdata)(int key);
+    void (*f_systhread_setdata)(int key, void *data);
+    void (*f_systhread_set_default_stacksize)(unsigned long size);
+    int (*f_util_getline)(filebuffer *buf, int lineno, int maxlen, char *l);
+    char **(*f_util_env_create)(char **env, int n, int *pos);
+    char *(*f_util_env_str)(char *name, char *value);
+    void (*f_util_env_replace)(char **env, char *name, char *value);
+    void (*f_util_env_free)(char **env);
+    char **(*f_util_env_copy)(char **src, char **dst);
+    char *(*f_util_env_find)(char **env, char *name);
+    char *(*f_util_hostname)(void);
+    int (*f_util_chdir2path)(char *path);
+    int (*f_util_is_mozilla)(char *ua, char *major, char *minor);
+    int (*f_util_is_url)(char *url);
+    int (*f_util_later_than)(struct tm *lms, char *ims);
+    int (*f_util_time_equal)(struct tm *lms, char *ims);
+    int (*f_util_str_time_equal)(char *t1, char *t2);
+    int (*f_util_uri_is_evil)(char *t);
+    void (*f_util_uri_parse)(char *uri);
+    void (*f_util_uri_unescape)(char *s);
+    char *(*f_util_uri_escape)(char *d, char *s);
+    char *(*f_util_url_escape)(char *d, char *s);
+    char *(*f_util_sh_escape)(char *s);
+    int (*f_util_mime_separator)(char *sep);
+    int (*f_util_itoa)(int i, char *a);
+    int (*f_util_vsprintf)(char *s, register const char *fmt, va_list args);
+    int (*f_util_sprintf)(char *s, const char *fmt, ...);
+    int (*f_util_vsnprintf)(char *s, int n, register const char *fmt, 
+                            va_list args);
+    int (*f_util_snprintf)(char *s, int n, const char *fmt, ...);
+    int (*f_util_strftime)(char *s, const char *format, const struct tm *t);
+    char *(*f_util_strtok)(char *s1, const char *s2, char **lasts);
+    struct tm *(*f_util_localtime)(const time_t *clock, struct tm *res);
+    char *(*f_util_ctime)(const time_t *clock, char *buf, int buflen);
+    char *(*f_util_strerror)(int errnum, char *msg, int buflen);
+    struct tm *(*f_util_gmtime)(const time_t *clock, struct tm *res);
+    char *(*f_util_asctime)(const struct tm *tm,char *buf, int buflen);
+#ifdef NEED_STRCASECMP
+    int (*f_util_strcasecmp)(CASECMPARG_T char *one, CASECMPARG_T char *two);
+#else
+    int (*f_util_strcasecmp)(void);
+#endif /* NEED_STRCASECMP */
+#ifdef NEED_STRNCASECMP
+    int (*f_util_strncasecmp)(CASECMPARG_T char *one, CASECMPARG_T char *two, int n);
+#else
+    int (*f_util_strncasecmp)(void);
+#endif /* NEED_STRNCASECMP */
+#ifdef XP_UNIX
+    int (*f_util_can_exec)(struct stat *finfo, uid_t uid, gid_t gid);
+    struct passwd *(*f_util_getpwnam)(const char *name, struct passwd
+                                      *result, char *buffer,  int buflen);
+    pid_t (*f_util_waitpid)(pid_t pid, int *statptr, int options);
+#else
+    int (*f_util_can_exec)(void);
+    void *(*f_util_getpwnam)(void);
+    int (*f_util_waitpid)(void);
+#endif /* XP_UNIX */
+#ifdef XP_WIN32
+    VOID (*f_util_delete_directory)(char *FileName, BOOL delete_directory);
+#else
+    void (*f_util_delete_directory)(void);
+#endif /* XP_WIN32 */
+    char *(*f_conf_init)(char *cfn);
+    char *(*f_conf_run_init_functions)(void);
+    void (*f_conf_terminate)(void);
+    conf_global_vars_s *(*f_conf_getglobals)(void);
+    void (*f_func_init)(struct FuncStruct *func_standard);
+    FuncPtr (*f_func_find)(char *name);
+    int (*f_func_exec)(pblock *pb, Session *sn, Request *rq);
+    struct FuncStruct *(*f_func_insert)(char *name, FuncPtr fn);
+    int (*f_object_execute)(directive *inst, Session *sn, void *rq);
+    Request *(*f_http_find_request)(netbuf *buf, Session *sn, int *reply);
+    int (*f_http_parse_request)(char *t, Request *rq, Session *sn);
+    int (*f_http_scan_headers)(Session *sn, netbuf *buf, char *t,
+                               pblock *headers);
+    int (*f_http_start_response)(Session *sn, Request *rq);
+    char **(*f_http_hdrs2env)(pblock *pb);
+    void (*f_http_status)(Session *sn, Request *rq, int n, char *r);
+    int (*f_http_set_finfo)(Session *sn, Request *rq, struct stat *finfo);
+    char *(*f_http_dump822)(pblock *pb, char *t, int *pos, int tsz);
+    void (*f_http_finish_request)(Session *sn, Request *rq);
+    void (*f_http_handle_session)(Session *sn);
+    char *(*f_http_uri2url)(const char *prefix, const char *suffix);
+    char *(*f_http_uri2url_dynamic)(const char *prefix, const char *suffix,
+                                    Session *sn, Request *rq);
+    void (*f_http_set_keepalive_timeout)(int secs);
+    int (*f_log_error_v)(int degree, char *func, Session *sn, Request *rq,
+                         char *fmt, va_list args);
+    int (*f_log_error)(int degree, char *func, Session *sn, Request *rq,
+                       char *fmt, ...);
+    int (*f_log_ereport_v)(int degree, char *fmt, va_list args);
+    int (*f_log_ereport)(int degree, char *fmt, ...);
+    httpd_object *(*f_object_create)(int nd, pblock *name);
+    void (*f_object_free)(httpd_object *obj);
+    void (*f_object_add_directive)(int dc, pblock *p, pblock *c,
+                                   httpd_object *obj);
+    httpd_objset *(*f_objset_scan_buffer)(filebuffer *buf, char *errstr,
+                                          httpd_objset *os);
+    httpd_objset *(*f_objset_create)(void);
+    void (*f_objset_free)(httpd_objset *os);
+    void (*f_objset_free_setonly)(httpd_objset *os);
+    httpd_object *(*f_objset_new_object)(pblock *name, httpd_objset *os);
+    void (*f_objset_add_object)(httpd_object *obj, httpd_objset *os);
+    void (*f_objset_add_init)(pblock *initfn, httpd_objset *os);
+    httpd_object *(*f_objset_findbyname)(char *name, httpd_objset *ign,
+                                         httpd_objset *os);
+    httpd_object *(*f_objset_findbyppath)(char *ppath, httpd_objset *ign,
+                                          httpd_objset *os);
+    Request *(*f_request_create)(void);
+    void (*f_request_free)(Request *req);
+    Request *(*f_request_restart_internal)(char *uri, Request *rq);
+    int (*f_request_header)(char *name, char **value, Session *sn,
+                            Request *rq);
+    struct stat *(*f_request_stat_path)(char *path, Request *rq);
+    char *(*f_conf_getServerString)(void);
+    FuncPtr (*f_func_replace)(char *funcname, FuncPtr fn);
+    int (*f_net_socketpair)(SYS_NETFD *pair);
+#ifdef XP_UNIX
+    SYS_NETFD (*f_net_dup2)(SYS_NETFD prfd, int osfd);
+    int (*f_net_is_STDOUT)(SYS_NETFD prfd);
+    int (*f_net_is_STDIN)(SYS_NETFD prfd);
+#else
+    void *(*f_net_dup2)(void);
+    int (*f_net_is_STDOUT)(void);
+    int (*f_net_is_STDIN)(void);
+#endif /* XP_UNIX */
+    int (*f_func_set_native_thread_flag)(char *name, int flags);
+    void *(*f_random_create)(void);
+    void (*f_random_update)(void *rctx, unsigned char *inbuf, int length);
+    void (*f_random_generate)(void *rctx, unsigned char *outbuf, int length);
+    void (*f_random_destroy)(void *rctx);
+    void *(*f_md5hash_create)(void);
+    void *(*f_md5hash_copy)(void *hctx);
+    void (*f_md5hash_begin)(void *hctx);
+    void (*f_md5hash_update)(void *hctx, unsigned char *inbuf, int length);
+    void (*f_md5hash_end)(void *hctx, unsigned char *outbuf);
+    void (*f_md5hash_destroy)(void *hctx);
+    void (*f_md5hash_data)(unsigned char *outbuf, unsigned char *src, int length);
+    int (*f_ACL_SetupEval)(struct ACLListHandle *acllist, Session *sn, Request *rq, char **rights, char **map_generic, const char *user);
+    int (*f_netbuf_getbytes)(netbuf *buf, char *buffer, int size);
+    char *(*f_servact_translate_uri)(char *uri, Session *sn);
+    
+};
+
+/* --- End dispatch vector table definition --- */
+
+/* --- Begin API macro definitions --- */
+
+#ifndef INTNSAPI
+
+#define system_version (*__nsapi30_table->f_system_version)
+
+/*
+   Depending on the system, memory allocated via these macros may come from 
+   an arena. If these functions are called from within an Init function, they 
+   will be allocated from permanent storage. Otherwise, they will be freed 
+   when the current request is finished.
+ */
+
+#define MALLOC (*__nsapi30_table->f_system_malloc)
+#define system_malloc (*__nsapi30_table->f_system_malloc)
+
+#define CALLOC (*__nsapi30_table->f_system_calloc)
+#define system_calloc (*__nsapi30_table->f_system_calloc)
+
+#define REALLOC (*__nsapi30_table->f_system_realloc)
+#define system_realloc (*__nsapi30_table->f_system_realloc)
+
+#define FREE (*__nsapi30_table->f_system_free)
+#define system_free (*__nsapi30_table->f_system_free)
+
+#define STRDUP (*__nsapi30_table->f_system_strdup)
+#define system_strdup (*__nsapi30_table->f_system_strdup)
+
+#ifndef NS_MALLOC_DEBUG
+
+/*
+   These macros always provide permanent storage, for use in global variables
+   and such. They are checked at runtime to prevent them from returning NULL.
+ */
+
+#define PERM_MALLOC (*__nsapi30_table->f_system_malloc_perm)
+#define system_malloc_perm (*__nsapi30_table->f_system_malloc_perm)
+
+#define PERM_CALLOC (*__nsapi30_table->f_system_calloc_perm)
+#define system_calloc_perm (*__nsapi30_table->f_system_calloc_perm)
+
+#define PERM_REALLOC (*__nsapi30_table->f_system_realloc_perm)
+#define system_realloc_perm (*__nsapi30_table->f_system_realloc_perm)
+
+#define PERM_FREE (*__nsapi30_table->f_system_free_perm)
+#define system_free_perm (*__nsapi30_table->f_system_free_perm)
+
+#define PERM_STRDUP (*__nsapi30_table->f_system_strdup_perm)
+#define system_strdup_perm (*__nsapi30_table->f_system_strdup_perm)
+
+#endif /* !NS_MALLOC_DEBUG */
+
+/* Thread-Private data key index for accessing the thread-private memory pool.
+ * Each thread creates its own pool for allocating data.  The MALLOC/FREE/etc
+ * macros have been defined to check the thread private data area with the
+ * thread_malloc_key index to find the address for the pool currently in use.
+ *
+ * If a thread wants to use a different pool, it must change the thread-local-
+ * storage[thread_malloc_key].
+ */
+
+#define getThreadMallocKey (*__nsapi30_table->f_getThreadMallocKey)
+
+#define magnus_atrestart (*__nsapi30_table->f_magnus_atrestart)
+
+/*
+ * buffer_open opens a new buffer reading the specified file, with an I/O
+ * buffer of size sz, and returns a new buffer structure which will hold
+ * the data.
+ *
+ * If FILE_UNIX_MMAP is defined, this may return NULL. If it does, check 
+ * system_errmsg to get a message about the error.
+ */
+
+#define filebuf_open (*__nsapi30_table->f_filebuf_open)
+#define netbuf_open (*__nsapi30_table->f_netbuf_open)
+
+/*
+ * filebuf_open_nostat is a convenience function for mmap() buffer opens,
+ * if you happen to have the stat structure already.
+ */
+
+#ifdef FILE_MMAP
+#define filebuf_open_nostat (*__nsapi30_table->f_filebuf_open_nostat)
+#endif /* FILE_MMAP */
+
+/*
+ * filebuf_create is a convenience function if the file is already open
+ * or mmap'd.  It creates a new filebuf for use with the mmap'd file.
+ * If mmap_ptr is NULL, or MMAP is not supported on this system, it 
+ * creates a buffer with buffer size bufsz.
+ */
+
+#define filebuf_create (*__nsapi30_table->f_filebuf_create)
+
+/* 
+ * filebuf_close_buffer is provided to cleanup a filebuf without closing
+ * the underlying file.  If clean_mmap is 1, and the file is memory mapped,
+ * the file will be unmapped.  If clean_mmap is 0, the file will not
+ * be unmapped.
+ */
+#define filebuf_close_buffer (*__nsapi30_table->f_filebuf_close_buffer)
+
+#ifdef FILE_MMAP
+#define filebuf_open_nostat (*__nsapi30_table->f_filebuf_open_nostat)
+#endif
+
+#ifdef XP_WIN32
+#define pipebuf_open (*__nsapi30_table->f_pipebuf_open)
+#endif /* XP_WIN32 */
+
+/*
+ * buffer_next loads size more bytes into the given buffer and returns the
+ * first one, or BUFFER_EOF on EOF and BUFFER_ERROR on error.
+ */
+
+#ifndef FILE_MMAP
+#define filebuf_next (*__nsapi30_table->f_filebuf_next)
+#endif /* !FILE_MMAP */
+#define netbuf_next (*__nsapi30_table->f_netbuf_next)
+#ifdef XP_WIN32 
+#define pipebuf_next (*__nsapi30_table->f_pipebuf_next)
+#endif /* XP_WIN32 */
+
+/*
+ * buffer_close deallocates a buffer and closes its associated files
+ * (does not close a network socket).
+ */
+
+#define filebuf_close (*__nsapi30_table->f_filebuf_close)
+#define netbuf_close (*__nsapi30_table->f_netbuf_close)
+#ifdef XP_WIN32
+#define pipebuf_close (*__nsapi30_table->f_pipebuf_close)
+#endif /* XP_WIN32 */
+
+/*
+ * buffer_grab will set the buffer's inbuf array to an array of sz bytes 
+ * from the buffer's associated object. It returns the number of bytes 
+ * actually read (between 1 and sz). It returns IO_EOF upon EOF or IO_ERROR
+ * upon error. The cursize entry of the structure will reflect the size
+ * of the iobuf array.
+ * 
+ * The buffer will take care of allocation and deallocation of this array.
+ */
+
+#define filebuf_grab (*__nsapi30_table->f_filebuf_grab)
+#define netbuf_grab (*__nsapi30_table->f_netbuf_grab)
+#ifdef XP_WIN32
+#define pipebuf_grab (*__nsapi30_table->f_pipebuf_grab)
+#endif /* XP_WIN32 */
+
+/*
+ * netbuf_getbytes will read bytes from the netbuf into the user
+ * supplied buffer.  Up to size bytes will be read.
+ * If the call is successful, the number of bytes read is returned.  
+ * NETBUF_EOF is returned when no more data will arrive on the socket,
+ * and NETBUF_ERROR is returned in the event of an error.
+ *
+ */
+#define netbuf_getbytes (*__nsapi30_table->f_netbuf_getbytes)
+
+
+/*
+ * netbuf_buf2sd will send n bytes from the (probably previously read)
+ * buffer and send them to sd. If sd is -1, they are discarded. If n is
+ * -1, it will continue until EOF is recieved. Returns IO_ERROR on error
+ * and the number of bytes sent any other time.
+ */
+
+#define netbuf_buf2sd (*__nsapi30_table->f_netbuf_buf2sd)
+
+/*
+ * filebuf_buf2sd assumes that nothing has been read from the filebuf, 
+ * and just sends the file out to the given socket. Returns IO_ERROR on error
+ * and the number of bytes sent otherwise.
+ *
+ * Does not currently support you having read from the buffer previously. This
+ * can be changed transparently.
+ */
+
+#define filebuf_buf2sd (*__nsapi30_table->f_filebuf_buf2sd)
+
+#ifdef XP_WIN32
+
+/*
+ * NT pipe version of filebuf_buf2sd.
+ */
+#define pipebuf_buf2sd (*__nsapi30_table->f_pipebuf_buf2sd)
+
+/*
+ * NT pipe version of netbuf_buf2sd.
+ */
+
+#define pipebuf_netbuf2sd (*__nsapi30_table->f_pipebuf_netbuf2sd)
+#define pipebuf_netbuf2pipe (*__nsapi30_table->f_pipebuf_netbuf2pipe)
+#endif /* XP_WIN32 */
+
+/*
+ * Notes:
+ *
+ *      Format of a mime.types file
+ *
+ *          A mime.types file passed to cinfo_merge() should begin with
+ *          a line containing NCC_MT_MAGIC as defined below (MCC_MT_MAGIC
+ *          is also still supported).  Lines containing only whitespace
+ *          and lines beginning with "#" are ignored.  Other lines contain
+ *          one or more name/value pairs, separated by whitespace.  The
+ *          format of each of these is NAME=VALUE, where NAME is one of:
+ *
+ *              type - VALUE is a mime type, e.g. text/html
+ *              exts - VALUE is a list of file extensions, e.g. htm,html
+ *              enc - VALUE specifies a content encoding, e.g. x-gzip
+ *              lang - VALUE specifies a content language, e.g. en-US
+ *                      (see RFC1766)
+ *
+ *         The VALUE may be enclosed in quotes (" "), and should be if it
+ *         contains whitespace.
+ *
+ *         Each line in the file that contains at least one name/value
+ *         pair causes a cinfo structure to be created, containing the
+ *         specified information.  These structures are kept in memory
+ *         and can be queried using cinfo_find().
+ *
+ *      Related information
+ *
+ *          See the NSAPI "load-types" function.
+ */
+
+/*
+ * Function:    cinfo_init
+ *
+ * Description:
+ *
+ *      This function initializes the memory resident content information
+ *      database to be empty.
+ *
+ * Notes:
+ *
+ *      This function is called by the NSAPI "load-types" function,
+ *      which also sets up a call to cinfo_terminate() on server restart.
+ *      If "load-types" is used, it should be unnecessary to call this
+ *      function.
+ */
+
+#define cinfo_init (*__nsapi30_table->f_cinfo_init)
+
+/*
+ * Function:    cinfo_terminate
+ *
+ * Description:
+ *
+ *      This function frees all dynamic memory associated with the
+ *      memory resident content information database, and leaves the
+ *      database empty.  cinfo_init() should be called before using
+ *      the database again.
+ */
+
+#define cinfo_terminate (*__nsapi30_table->f_cinfo_terminate)
+
+/*
+ * Function:    cinfo_merge
+ *
+ * Description:
+ *
+ *      This function reads a mime.types formatted file of the specified
+ *      name.  Content information in the file is merged into the
+ *      memory resident content information database.
+ *
+ * Arguments:
+ *
+ *      fn              - name of mime.types formatted file
+ *
+ * Returns:
+ *
+ *      If successful, NULL is returned.  If an error occurs, the return
+ *      value is a pointer to a descriptive error string, which should
+ *      be freed by the caller (using FREE()).  Information processed
+ *      prior to the error will still be added to the database.
+ */
+
+#define cinfo_merge (*__nsapi30_table->f_cinfo_merge)
+
+
+/*
+ * Function:    cinfo_find
+ *
+ * Description:
+ *
+ *      This function is used to retrieve content information based on
+ *      a file extension contained in the argument string, which might
+ *      be either a URI or a file name.  It ignores any text up to and
+ *      including the last FILE_PATHSEP character in the argument
+ *      string.  It looks for one or more file extensions in the
+ *      remaining string, each one starting with a CINFO_SEPARATOR
+ *      character.  Each file extension is looked up in the database
+ *      and any information found there is used to build a composite
+ *      cinfo structure, containing information derived from each of
+ *      the file extensions.  If more than one file extensions present
+ *      have a particular piece of information associated with them
+ *      in the database (e.g. type or language), the value returned in
+ *      the composite cinfo structure is taken from the data for the
+ *      last file extension to provide that attribute.
+ *
+ * Arguments:
+ *
+ *      uri             - pointer to the argument string
+ *
+ * Returns:
+ *
+ *      If successful, a pointer to the composite cinfo structure is
+ *      returned.  The fields of this structure reference values of
+ *      those fields in one or more cinfo structures in the database,
+ *      so these values should be copied if they are going to be
+ *      modified.  The cinfo structure itself should be freed by the
+ *      caller using FREE().  If an error occurs, a null pointer is
+ *      returned.  If no information is found for any of the extensions,
+ *      a null pointer is returned, although this is not necessarily
+ *      an error.
+ *
+ * Notes:
+ *
+ *      The matching of extensions in the argument string to extensions
+ *      in the database is case-insensitive.
+ *
+ *      The argument string is modified during parsing, but only
+ *      temporarily.  It should be intact on return.
+ */
+
+#define cinfo_find (*__nsapi30_table->f_cinfo_find)
+
+/*
+ * Function:    cinfo_lookup
+ *
+ * Description:
+ *
+ *      This function returns a pointer to the last cinfo structure
+ *      added to the database for a specified mime type.  Unlike
+ *      cinfo_find(), the returned pointer references a cinfo structure
+ *      that is part of the database, and corresponds to a single line
+ *      in a mime.types file.  This structure should be considered
+ *      read-only, and should not be freed by the caller.
+ *
+ * Arguments:
+ *
+ *      type            - a pointer to a mime type string
+ *
+ * Returns:
+ *
+ *      If the specified type is found, a pointer to the cinfo structure
+ *      returned.  Otherwise a null pointer is returned.
+ *
+ * Notes:
+ *
+ *      The search for the type is case-insensitive.
+ */
+
+#define cinfo_lookup (*__nsapi30_table->f_cinfo_lookup)
+
+/*
+ * Function:    cinfo_dump_database
+ *
+ * Description:
+ *
+ *      This function outputs, to a specified file, formatted text
+ *      describing the contents of the content information database.
+ *      This is intended for debugging purposes.  It is not in mime.types
+ *      format.
+ *
+ * Arguments:
+ *
+ *      dump            - handle for already open output file
+ */
+
+#define cinfo_dump_database (*__nsapi30_table->f_cinfo_dump_database)
+
+/*
+ *      Critical section abstraction. Used in threaded servers to protect
+ *      areas where two threads can interfere with each other.
+ *
+ *      Condvars are condition variables that are used for thread-thread 
+ *      synchronization.
+ */
+
+/*
+ * crit_init creates and returns a new critical section variable. At the 
+ * time of creation no one has entered it.
+ */
+#define crit_init (*__nsapi30_table->f_crit_init)
+
+/*
+ * crit_enter enters a critical section. If someone is already in the
+ * section, the calling thread is blocked until that thread exits.
+ */
+#define crit_enter (*__nsapi30_table->f_crit_enter)
+
+/*
+ * crit_exit exits a critical section. If another thread is blocked waiting
+ * to enter, it will be unblocked and given ownership of the section.
+ */
+#define crit_exit (*__nsapi30_table->f_crit_exit)
+
+/*
+ * crit_terminate removes a previously allocated critical section variable.
+ */
+#define crit_terminate (*__nsapi30_table->f_crit_terminate)
+
+/*
+ * condvar_init initializes and returns a new condition variable. You 
+ * must provide a critical section to be associated with this condition 
+ * variable.
+ */
+#define condvar_init (*__nsapi30_table->f_condvar_init)
+
+/*
+ * condvar_wait blocks on the given condition variable. The calling thread
+ * will be blocked until another thread calls condvar_notify on this variable.
+ * The caller must have entered the critical section associated with this
+ * condition variable prior to waiting for it.
+ */
+#define condvar_wait (*__nsapi30_table->f_condvar_wait)
+
+/*
+ * condvar_notify awakens any threads blocked on the given condition
+ * variable. The caller must have entered the critical section associated
+ * with this variable first.
+ */
+#define condvar_notify (*__nsapi30_table->f_condvar_notify)
+
+/*
+ * condvar_notify awakens all threads blocked on the given condition
+ * variable. The caller must have entered the critical section associated
+ * with this variable first.
+ */
+#define condvar_notifyAll (*__nsapi30_table->f_condvar_notifyAll)
+
+/*
+ * condvar_terminate frees the given previously allocated condition variable
+ */
+#define condvar_terminate (*__nsapi30_table->f_condvar_terminate)
+
+/*
+ * Create a counting semaphore.  
+ * Return non-zero on success, 0 on failure.
+ */
+#define cs_init (*__nsapi30_table->f_cs_init)
+
+/*
+ * Destroy a counting semaphore 
+ */
+#define cs_terminate (*__nsapi30_table->f_cs_terminate)
+
+/*
+ * Wait to "enter" the semaphore.
+ * Return 0 on success, -1 on failure.
+ */
+#define cs_wait (*__nsapi30_table->f_cs_wait)
+
+/*
+ * Enter the semaphore if the count is > 0.  Otherwise return -1.
+ *
+ */
+#define cs_trywait (*__nsapi30_table->f_cs_trywait)
+
+/*
+ * Release the semaphore- allowing a thread to enter.
+ * Return 0 on success, -1 on failure.
+ */
+#define cs_release (*__nsapi30_table->f_cs_release)
+
+/*
+ * daemon_atrestart registers a function to be called fn, with the given
+ * void pointer as an argument, when the server is restarted.
+ */
+#define daemon_atrestart (*__nsapi30_table->f_daemon_atrestart)
+
+#define servssl_init (*__nsapi30_table->f_servssl_init)
+
+/*
+ * ereport logs an error of the given degree and formats the arguments with 
+ * the printf() style fmt. Returns whether the log was successful. Records 
+ * the current date.
+ */
+
+#define ereport (*__nsapi30_table->f_ereport)
+#define ereport_v (*__nsapi30_table->f_ereport_v)
+
+/*
+ * ereport_init initializes the error logging subsystem and opens the static
+ * file descriptors. It returns NULL upon success and an error string upon
+ * error. If a userpw is given, the logs will be chowned to that user.
+ * 
+ * email is the address of a person to mail upon catastrophic error. It
+ * can be NULL if no e-mail is desired. ereport_init will not duplicate
+ * its own copy of this string; you must make sure it stays around and free
+ * it when you shut down the server.
+ */
+
+#define ereport_init (*__nsapi30_table->f_ereport_init)
+
+/*
+ * log_terminate closes the error and common log file descriptors.
+ */
+#define ereport_terminate (*__nsapi30_table->f_ereport_terminate)
+
+/* For restarts */
+#define ereport_getfd (*__nsapi30_table->f_ereport_getfd)
+
+/* FUNCTION: system_fopenXX
+ * DESCRIPTION:
+ *    system_fopenRO - Open a disk file for read-only access.
+ *    system_fopenWA - Open a disk file for write and append access.
+ *    system_fopenRW - Open a disk file for read-write access.
+ *    system_fopenWT - Open a disk file for write and truncate access.
+ * INPUTS:
+ *    path- the name of the file
+ * OUTPUTS:
+ *    none
+ * RETURNS:
+ *    SYS_ERRORFD on failure
+ *    A opaque file handle on success
+ * RESTRICTIONS:
+ *    The return from this function should not be interpreted as a native
+ *    file handle.  It may only be used in other calls to system_xxx().
+ *
+ *    Note for unix programmers: Although this routine is called 
+ *      "system_fopen" do not consider it to be equivalent to the unix 
+ *      "fopen" call, which opens a buffered-IO file.
+ */
+#define system_fopenRO (*__nsapi30_table->f_system_fopenRO)
+#define system_fopenWA (*__nsapi30_table->f_system_fopenWA)
+#define system_fopenRW (*__nsapi30_table->f_system_fopenRW)
+#define system_fopenWT (*__nsapi30_table->f_system_fopenWT)
+
+/* FUNCTION: system_fread
+ * DESCRIPTION:
+ *    Read from a file
+ * INPUTS:
+ *    fd- an open file handle to read from
+ *    buf- a buffer to receive data
+ *    sz- the number of bytes to read from the file
+ * OUTPUTS:
+ *    none
+ * RETURNS:
+ *    less-than-zero on failure
+ *    0 for end-of-file
+ *    positive for number of bytes read
+ * RESTRICTIONS:
+ */
+#define system_fread (*__nsapi30_table->f_system_fread)
+
+/* FUNCTION: system_write
+ * DESCRIPTION:
+ *    Writes sz bytes from buf to file fd.  
+ * INPUTS:
+ *    fd- the file to write to
+ *    buf- the buffer containing data to be written
+ *    sz-  the size of data to write.
+ * OUTPUTS:
+ *    none
+ * RETURNS:
+ *    IO_OKAY on success
+ *    IO_ERROR on failure
+ * RESTRICTIONS:
+ *    There is no way to determine if bytes were written when this call fails.
+ *    For more specific information, use PR_WRITE().
+ */
+#define system_fwrite (*__nsapi30_table->f_system_fwrite)
+
+/* FUNCTION: system_fwrite_atomic
+ * DESCRIPTION:
+ *    system_fwrite_atomic locks the given fd before writing to it. This
+ *    avoids interference between simultaneous writes.
+ * INPUTS:
+ *    fd- the file to write to
+ *    buf- the buffer containing data to be written
+ *    sz-  the size of data to write.
+ * OUTPUTS:
+ *    none
+ * RETURNS:
+ *    IO_OKAY on success
+ *    IO_ERROR on failure
+ * RESTRICTIONS:
+ */
+#define system_fwrite_atomic (*__nsapi30_table->f_system_fwrite_atomic)
+
+/* FUNCTION:  system_lseek
+ * DESCRIPTION:
+ *    Seek to a position in a file
+ * INPUTS:
+ *    fd-  an open file handle
+ *    off
+ *    wh
+ * OUTPUTS:
+ * RETURNS:
+ * RESTRICTIONS:
+ */
+#define system_lseek (*__nsapi30_table->f_system_lseek)
+
+/* FUNCTION: system_fclose
+ * DESCRIPTION:
+ *    Close a file.
+ * INPUTS:
+ *    fd- an open file handle from a previous system_fopenXX call.
+ * OUTPUTS:
+ *    none
+ * RETURNS:
+ *    IO_OKAY on success
+ *    IO_ERROR on failure
+ * RESTRICTIONS:
+ */
+#define system_fclose (*__nsapi30_table->f_system_fclose)
+
+/* FUNCTION: system_stat
+ * DESCRIPTION: 
+ *    Get information about a file on disk
+ * INPUTS:
+ *    name-    the name of the file to be queried
+ * OUTPUTS:
+ *    finfo-   a buffer to receive the file information.
+ * RETURN:
+ *    less-than-zero on failure.
+ *    0 on success.
+ * RESTRICTIONS:
+ *    Within the stat structure, this routine is only guaranteed to return
+ *    st_mode, st_size, st_ctime, and st_mtime. Other stat fields are 
+ *    undefined.
+ */
+#define system_stat (*__nsapi30_table->f_system_stat)
+
+/* --- File manipulation --------------------------------------------- */
+
+/* FUNCTION:  system_rename
+ * DESCRIPTION:
+ *    Rename a file on disk.
+ * INPUTS:
+ *    oldpath- old file name
+ *    newpath- new file name
+ * OUTPUTS:
+ *    none
+ * RETURNS:
+ *    less-than-zero on failure
+ *    0 on success
+ * RESTRICTIONS:
+ *    Not guaranteed to work portably on files which are in use.
+ */
+#define system_rename (*__nsapi30_table->f_system_rename)
+
+/* FUNCTION: system_unlink
+ * DESCRIPTION:
+ *    Remove a file from disk.
+ * INPUTS:
+ *    path- the file to delete
+ * OUTPUTS:
+ *    none
+ * RETURNS:
+ *    less-than-zero on failure
+ *    0 on success
+ * RESTRICTIONS:
+ *    Not guaranteed to work portably on files which are in use.
+ */
+#define system_unlink (*__nsapi30_table->f_system_unlink)
+
+/* --- File locking -------------------------------------------------- */
+
+#define system_initlock(fd) (0)
+
+/* FUNCTION: system_tlock
+ * DESCRIPTION:
+ *    Test for a file lock and grab it if it is available
+ * INPUTS:
+ *    fd- the file to lock
+ * OUTPUTS:
+ *    none
+ * RETURNS:
+ *    0 - if we now hold the lock
+ *    less-than-zero if the lock is held by someone else
+ * RESTRICTIONS:
+ *    1. file locking is process based.  Two threads in the same process
+ *    requesting exclusive access will both be allowed to access the file
+ *    at the same time.
+ */
+#define system_tlock (*__nsapi30_table->f_system_tlock)
+
+/* FUNCTION:  system_flock
+ * DESCRIPTION:
+ *    Wait for exclusive access to a file
+ * INPUTS:
+ *    fd- the file to lock
+ * OUTPUTS:
+ *    none
+ * RETURNS:
+ *    0 - if we now hold the lock
+ *    less-than-zero if an error occurred
+ * RESTRICTIONS:
+ *    1. file locking is process based.  Two threads in the same process
+ *    requesting exclusive access will both be allowed to access the file
+ *    at the same time.
+ */
+#define system_flock (*__nsapi30_table->f_system_flock)
+
+/* FUNCTION: system_ulock
+ * DESCRIPTION:
+ *    Release exclusive access to a file
+ * INPUTS:
+ *    fd- the file to lock
+ * OUTPUTS:
+ *    none
+ * RETURNS:
+ *    0 - if we released the lock
+ *    less-than-zero if an error occurred
+ * RESTRICTIONS:
+ *    1. file locking is process based.  Two threads in the same process
+ *    requesting exclusive access will both be allowed to access the file
+ *    at the same time.
+ */
+#define system_ulock (*__nsapi30_table->f_system_ulock)
+
+/* --- Directory manipulation routines ---------------------------------- */
+
+#ifdef XP_WIN32
+#define dir_open (*__nsapi30_table->f_dir_open)
+#define dir_read (*__nsapi30_table->f_dir_read)
+#define dir_close (*__nsapi30_table->f_dir_close)
+#endif /* XP_WIN32 */
+
+/*
+ * create a directory and any of its parents
+ */
+#define dir_create_all (*__nsapi30_table->f_dir_create_all)
+
+#ifdef XP_WIN32
+#define system_winsockerr (*__nsapi30_table->f_system_winsockerr)
+#define system_winerr (*__nsapi30_table->f_system_winerr)
+#define system_pread (*__nsapi30_table->f_system_pread)
+#define system_pwrite (*__nsapi30_table->f_system_pwrite)
+#define file_unix2local (*__nsapi30_table->f_file_unix2local)
+#endif /* XP_WIN32 */
+
+#define system_nocoredumps (*__nsapi30_table->f_system_nocoredumps)
+#define file_setinherit (*__nsapi30_table->f_file_setinherit)
+#define file_notfound (*__nsapi30_table->f_file_notfound)
+#define system_errmsg (*__nsapi30_table->f_system_errmsg)
+#define system_errmsg_fn (*__nsapi30_table->f_system_errmsg_fn)
+
+/* FUNCTION: net_socket
+ * DESCRIPTION:
+ *    Create a new socket.
+ * INPUTS:
+ *    domain-   only supported type is AF_INET
+ *    type-     only supported type is SOCK_STREAM
+ *    protocol- only supported value is 0
+ * OUTPUTS:
+ *    none
+ * RETURNS:
+ *    SYS_NET_ERRORFD on errro
+ *    a valid SYS_NETFD on success
+ * RESTRICTIONS:
+ */
+#define net_socket (*__nsapi30_table->f_net_socket)
+
+/* FUNCTION: net_listen
+ * DESCRIPTION:
+ *   Set listen backlog for a socket.
+ * INPUTS:
+ *   s- the socket
+ *   backlog- value of backlog to set
+ * OUTPUTS:
+ * RETURNS:
+ *   0 on success
+ *   less-than-zero on failure
+ * RESTRICTIONS:
+ *   Some systems do not return errors even when the requested backlog
+ *   cannot be set (it is too high).  Consult your system manual for 
+ *   details on the maximum value of the backlog.
+ */
+#define net_listen (*__nsapi30_table->f_net_listen)
+
+/* FUNCTION: net_create_listener
+ * DESCRIPTION:
+ *   Creates a socket for accepting new connection.
+ * INPUTS:
+ * OUTPUTS:
+ * RETURNS:
+ *   SYS_NET_ERRORFD on error.
+ * RESTRICTIONS:
+ *   This is a convenience routine which creates a socket, binds to
+ *   an IP address and port, and sets the listen backlog to 
+ *   net_listenqsize.
+ */
+#define net_create_listener (*__nsapi30_table->f_net_create_listener)
+
+/* FUNCTION: net_connect
+ * DESCRIPTION:
+ *    Connect a socket to a remote listener
+ * INPUTS:
+ * OUTPUTS:
+ * RETURNS:
+ *    0 on success
+ *    less-than-zero on error
+ * RESTRICTIONS:
+ */
+#define net_connect (*__nsapi30_table->f_net_connect)
+
+/* FUNCTION: net_getpeername
+ * DESCRIPTION:
+ *    Get the socket address (IP address/port) of the remote host.
+ * INPUTS:
+ *    s-     the socket
+ *    name - the socket address of the remote
+ * OUTPUTS:
+ * RETURNS:
+ * RESTRICTIONS:
+ */
+#define net_getpeername (*__nsapi30_table->f_net_getpeername)
+
+/* FUNCTION: net_close
+ * DESCRIPTION:
+ *    Close an open socket
+ * INPUTS:
+ *    s- the socket to close
+ * OUTPUTS:
+ *    none
+ * RETURNS:
+ *    0 on success
+ *    less-than-zero on failure
+ * RESTRICTIONS:
+ */
+#define net_close (*__nsapi30_table->f_net_close)
+
+/* FUNCTION: net_bind
+ * DESCRIPTION:
+ *    Bind to a socket address
+ * INPUTS:
+ *    s-
+ *    name-
+ *    namelen-
+ * OUTPUTS:
+ * RETURNS:
+ * RESTRICTIONS:
+ */
+#define net_bind (*__nsapi30_table->f_net_bind)
+
+/* FUNCTION: net_accept
+ * DESCRIPTION:
+ *    Accept a connection on a listener socket.
+ * INPUTS:
+ *    s
+ *    addr
+ * OUTPUTS:
+ *    addrlen
+ * RETURNS:
+ * RESTRICTIONS:
+ */
+#define net_accept (*__nsapi30_table->f_net_accept)
+
+/* FUNCTION: net_read
+ * DESCRIPTION:
+ *    sd
+ *    buf
+ *    sz
+ *    timeout
+ * INPUTS:
+ * OUTPUTS:
+ * RETURNS:
+ *    IO_ERROR on error
+ *    0 if the remote closes the socket
+ *    positive representing the number of bytes successfully read
+ * RESTRICTIONS:
+ *    timeout must be NET_ZERO_TIMEOUT, NET_INFINITE_TIMEOUT, or a positive
+ *    value in seconds
+ */
+#define net_read (*__nsapi30_table->f_net_read)
+
+/* FUNCTION: net_write
+ * DESCRIPTION:
+ *    Write data to a socket.
+ * INPUTS:
+ *    sd
+ *    buf
+ *    sz
+ * OUTPUTS:
+ * RETURNS:
+ * RESTRICTIONS:
+ *    net_write() is unbuffered.  Specifying many calls to net_write() for 
+ *    small amounts of data is inefficient.
+ */
+#define net_write (*__nsapi30_table->f_net_write)
+
+/* FUNCTION: net_writev
+ * DESCRIPTION:
+ *    Write vectored data to the socket.
+ * INPUTS:
+ * OUTPUTS:
+ * RETURNS:
+ * RESTRICTIONS:
+ *    net_writev() is unbuffered.  Specifying many calls to net_writev() for 
+ *    small amounts of data is inefficient.
+ */
+#define net_writev (*__nsapi30_table->f_net_writev)
+
+/* FUNCTION: net_isalive
+ * DESCRIPTION:
+ *    Checks to see if the given socket is still connected to a remote
+ *    host.  The remote host does not see any side effects from this call.
+ * INPUTS:
+ *    sd - the socket
+ * OUTPUTS:
+ *    none
+ * RETURNS:
+ *    0 if the socket is no longer connected
+ *    1 if the socket is still connected.
+ * RESTRICTIONS:
+ */
+#define net_isalive (*__nsapi30_table->f_net_isalive)
+
+/* FUNCTION: net_ip2host
+ * DESCRIPTION:
+ *    Transforms the given textual IP number into a fully qualified domain
+ *    name (FQDN).   This is similar to calling gethostbyaddr().
+ * INPUTS:
+ *    verify- If 1, specifies that the function should verify the hostname
+ *            returned from the lookup.  This is similar to calling 
+ *            gethostbyname() on the result of the call to gethostbyaddr().
+ * OUTPUTS:
+ * RETURNS:
+ *    The fully qualified domain name, or whatever it can find.
+ *    If it cannot resolve the name at all, returns NULL.
+ * RESTRICTIONS:
+ *    This function is governed by the use of the Server DNS cache. If caching
+ *    is enabled it can take as long as 20 minutes before this function 
+ *    does the lookup again.
+ */
+#define net_ip2host (*__nsapi30_table->f_net_ip2host)
+
+
+/* --- OBSOLETE ----------------------------------------------------------
+ * The following macros/functions are obsolete and are only maintained for
+ * compatibility.  Do not use them.
+ * -----------------------------------------------------------------------
+ */
+
+/* FUNCTION: net_getsockopt
+ * DESCRIPTION:
+ *    Get socket options
+ * INPUTS:
+ * OUTPUTS:
+ * RETURNS:
+ * RESTRICTIONS:
+ *    Because this function is not portable (not all systems support the
+ *    same options), it should be used with caution.
+ */
+#define net_getsockopt (*__nsapi30_table->f_net_getsockopt)
+
+/* FUNCTION: net_setsockopt
+ * DESCRIPTION:
+ *    Set socket options
+ * INPUTS:
+ * OUTPUTS:
+ * RETURNS:
+ * RESTRICTIONS:
+ *    Because this function is not portable (not all systems support the
+ *    same options), it should be used with caution.
+ */
+#define net_setsockopt (*__nsapi30_table->f_net_setsockopt)
+
+/* FUNCTION: net_select
+ * DESCRIPTION:
+ *    Wait for IO on a set of sockets.
+ * INPUTS:
+ * OUTPUTS:
+ * RETURNS:
+ *    -1 on error
+ *     0 on timeout
+ *    positive value representing the number of IOs ready
+ * RESTRICTIONS:
+ *    Because this function is not portable (not all systems support the
+ *    same options), it should be used with caution.
+ */
+#define net_select (*__nsapi30_table->f_net_select)
+
+/* FUNCTION: net_ioctl
+ * DESCRIPTION:
+ *    Set socket options.
+ * INPUTS:
+ * OUTPUTS:
+ * RETURNS:
+ * RESTRICTIONS:
+ *    Because this function is not portable (not all systems support the
+ *    same options), it should be used with caution.
+ */
+#define net_ioctl (*__nsapi30_table->f_net_ioctl)
+
+/* FUNCTION: net_socketpair
+ * DESCRIPTION:
+ *    Creates a TCP socketpair.
+ * INPUTS:
+ * OUTPUTS:
+ * RETURNS:
+ *    0 on success
+ *   -1 on failure
+ * RESTRICTIONS:
+ *    Because this function is not portable (not all systems support the
+ *    same options), it should be used with caution.
+ */
+#define net_socketpair (*__nsapi30_table->f_net_socketpair)
+
+#ifdef XP_UNIX
+/* FUNCTION: net_dup2
+ * DESCRIPTION:
+ *    Duplicates a socket to a specific file descriptor
+ * INPUTS:
+ * OUTPUTS:
+ * RETURNS:
+ * RESTRICTIONS:
+ *    Because this function is not portable (not all systems support the
+ *    same options), it should be used with caution.
+ */
+#define net_dup2 (*__nsapi30_table->f_net_dup2)
+
+/* FUNCTION: net_is_STDOUT
+ * DESCRIPTION:
+ *    Checks if the underlying OS file descriptor for the given 
+ *    SYS_NETFD is the STDOUT filedescriptor
+ * INPUTS:
+ * OUTPUTS:
+ * RETURNS:
+ *    1 if it is STDOUT (1)
+ *    0 otherwise
+ * RESTRICTIONS:
+ *    Because this function is not portable (not all systems support the
+ *    same options), it should be used with caution.
+ */
+#define net_is_STDOUT (*__nsapi30_table->f_net_is_STDOUT)
+
+/* FUNCTION: net_is_STDIN
+ * DESCRIPTION:
+ *    Checks if the underlying OS file descriptor for the given 
+ *    SYS_NETFD is the STDIN filedescriptor
+ * INPUTS:
+ * OUTPUTS:
+ * RETURNS:
+ *    1 if it is STDIN (0)
+ *    0 otherwise
+ * RESTRICTIONS:
+ *    Because this function is not portable (not all systems support the
+ *    same options), it should be used with caution.
+ */
+#define net_is_STDIN (*__nsapi30_table->f_net_is_STDIN)
+#endif /* XP_UNIX */
+
+/*
+ * A parameter block is a set of name=value pairs which are generally used 
+ * as parameters, but can be anything. They are kept in a hash table for 
+ * reasonable speed, but if you are doing any intensive modification or
+ * access of them you should probably make a local copy of each parameter
+ * while working.
+ *
+ * When creating a pblock, you specify the hash table size for that pblock.
+ * You should set this size larger if you know that many items will be in 
+ * that pblock, and smaller if only a few will be used or if speed is not
+ * a concern.
+ */
+
+/*
+ * param_create creates a parameter with the given name and value. If name
+ * and value are non-NULL, they are copied and placed into the new pb_param
+ * struct.
+ */
+
+#define param_create (*__nsapi30_table->f_param_create)
+
+/*
+ * param_free frees a given parameter if it's non-NULL, and returns 1 if
+ * p was non-NULL, and 0 if p was NULL.
+ * 
+ * Useful for error checking pblock_remove.
+ */
+
+#define param_free (*__nsapi30_table->f_param_free)
+
+/* 
+ * pblock_create creates a new pblock with hash table size n.
+ * 
+ * It returns the newly allocated pblock.
+ */
+
+#define pblock_create (*__nsapi30_table->f_pblock_create)
+
+/*
+ * pblock_free frees the given pblock and any entries inside it.
+ * 
+ * If you want to save anything in a pblock, remove its entities with 
+ * pblock_remove first and save the pointers you get.
+ */
+
+#define pblock_free (*__nsapi30_table->f_pblock_free)
+
+/*
+ * pblock_findval finds the entry with the given name in pblock pb, and
+ * returns its value, otherwise returns NULL.
+ */
+
+#define pblock_findval (*__nsapi30_table->f_pblock_findval)
+
+/*
+ * pblock_nvinsert creates a new parameter with the given name and value
+ * and inserts it into pblock pb. The name and value in the parameter are
+ * also newly allocated. Returns the pb_param it allocated (in case you 
+ * need it).
+ *
+ * pblock_nninsert inserts a numerical value.
+ */
+
+#define pblock_nvinsert (*__nsapi30_table->f_pblock_nvinsert)
+#define pblock_nninsert (*__nsapi30_table->f_pblock_nninsert)
+
+/*
+ * pblock_pinsert inserts a pb_param into a pblock.
+ */
+
+#define pblock_pinsert (*__nsapi30_table->f_pblock_pinsert)
+
+/*
+ * pblock_str2pblock scans the given string str for parameter pairs
+ * name=value, or name="value". Any \ must be followed by a literal 
+ * character. If a string value is found, with no unescaped = signs, it
+ * will be added with the name 1, 2, 3, etc. depending on whether it was
+ * first, second, third, etc. in the stream (zero doesn't count).
+ * 
+ * Returns the number of parameters added to the table, or -1 upon error.
+ */
+
+#define pblock_str2pblock (*__nsapi30_table->f_pblock_str2pblock)
+
+/*
+ * pblock_pblock2str places all of the parameters in the given pblock 
+ * into the given string (NULL if it needs creation). It will re-allocate
+ * more space for the string. Each parameter is separated by a space and of
+ * the form name="value"
+ */
+
+#define pblock_pblock2str (*__nsapi30_table->f_pblock_pblock2str)
+
+/*
+ * pblock_copy copies the entries in the given source pblock to the 
+ * destination one. The entries are newly allocated so that the original
+ * pblock may be freed or the new one changed without affecting the other.
+ */
+
+#define pblock_copy (*__nsapi30_table->f_pblock_copy)
+
+/*
+ * pblock_dup creates a new pblock and copies the given source pblock
+ * into it.  The entries are newly allocated so that the original pblock
+ * may be freed or the new one changed without affecting the other.
+ */
+
+#define pblock_dup (*__nsapi30_table->f_pblock_dup)
+
+/*
+ * pblock_pb2env copies the given pblock into the given environment, with
+ * one new env entry for each name/value pair in the pblock.
+ */
+
+#define pblock_pb2env (*__nsapi30_table->f_pblock_pb2env)
+
+/* --------------------------- Internal things ---------------------------- */
+#define pblock_fr (*__nsapi30_table->f_pblock_fr)
+#define pblock_replace (*__nsapi30_table->f_pblock_replace)
+
+/* pool_create()
+ * Function to create a new pool.
+ * Returns non-NULL on success, NULL on failure.
+ */
+#define pool_create (*__nsapi30_table->f_pool_create)
+
+/* pool_destroy()
+ * Frees all memory associated with a pool and destroys the pool.
+ */
+#define pool_destroy (*__nsapi30_table->f_pool_destroy)
+
+/* pool_enabled()
+ * Check if the pools are enabled and a pool is currently set
+ * for this thread.  Return 1 if enabled, 0 if not enabled.
+ */
+#define pool_enabled (*__nsapi30_table->f_pool_enabled)
+
+#define pool_malloc (*__nsapi30_table->f_pool_malloc)
+#define pool_free (*__nsapi30_table->f_pool_free)
+#define pool_calloc (*__nsapi30_table->f_pool_calloc)
+#define pool_realloc (*__nsapi30_table->f_pool_realloc)
+#define pool_strdup (*__nsapi30_table->f_pool_strdup)
+
+/*
+ * regexp_valid takes a regular expression exp as input. It returns:
+ * 
+ *  NON_REGEXP      if exp is a standard string
+ *                  (above not used -- always returns VALID_REGEXP!!)
+ *  INVALID_REGEXP  if exp is a regular expression, but invalid
+ *  VALID_REGEXP    if exp is a valid regular expression
+ */
+
+#define regexp_valid (*__nsapi30_table->f_regexp_valid)
+
+/*
+ * regexp_match 
+ * 
+ * Takes a prevalidated shell expression exp, and a string str.
+ *
+ * Returns 0 on match and 1 on non-match.
+ */
+
+#define regexp_match (*__nsapi30_table->f_regexp_match)
+
+/*
+ * regexp_cmp
+ * 
+ * Same as above, but validates the exp first. 0 on match, 1 on non-match,
+ * -1 on invalid exp. regexp_casecmp does the same thing but is case 
+ * insensitive.
+ */
+
+#define regexp_cmp (*__nsapi30_table->f_regexp_cmp)
+#define regexp_casecmp (*__nsapi30_table->f_regexp_casecmp)
+
+/*
+ * sem_init creates a semaphore using the given name and unique 
+ * identification number. filename should be a file accessible to the 
+ * process. Returns SEM_ERROR on error.
+ */
+
+#define sem_init (*__nsapi30_table->f_sem_init)
+
+/*
+ * sem_terminate de-allocates the given semaphore.
+ */
+
+#define sem_terminate (*__nsapi30_table->f_sem_terminate)
+
+/*
+ * sem_grab attempts to gain exclusive access to the given semaphore. If
+ * it can't get it, the caller will block. Returns -1 on error.
+ */
+
+#define sem_grab (*__nsapi30_table->f_sem_grab)
+#define sem_tgrab (*__nsapi30_table->f_sem_tgrab)
+
+/*
+ * sem_release releases this process's exclusive control over the given
+ * semaphore. Returns -1 on error.
+ */
+
+#define sem_release (*__nsapi30_table->f_sem_release)
+
+/*
+ * session_create creates a new request structure for the client with the
+ * given socket descriptor and sockaddr.
+ */
+
+#define session_alloc (*__nsapi30_table->f_session_alloc)
+#define session_fill (*__nsapi30_table->f_session_fill)
+#define session_create (*__nsapi30_table->f_session_create)
+
+/*
+ * session_free frees the given session
+ */
+
+#define session_free (*__nsapi30_table->f_session_free)
+
+#define session_dns_lookup (*__nsapi30_table->f_session_dns_lookup)
+
+/*
+ *      This describes the API for matching a string with a "shell expression".
+ *      The expressions accepted are based loosely on the expressions accepted
+ *      by zsh.  A shell expression is a string pattern made up of ordinary
+ *      characters and any of the types of pattern sequences listed below.
+ *
+ *      Pattern                 Matches
+ *      *                       zero or more characters
+ *      ?                       exactly one character
+ *      $                       matches the end of string
+ *      [abc]                   matches one instance of any of the characters
+ *                              enclosed in []
+ *      [a-z]                   matches one instance of any character in the
+ *                              specified range of characters
+ *      [^abc]                  matches one instance of any character not
+ *                              in the enclosed set
+ *
+ *      Backslash (\) is used to quote a character that would otherwise be
+ *      considered part of a pattern sequence, e.g. "2\*2=4".
+ *
+ *      The following composite shell expression structures are also
+ *      recognized:
+ *
+ *      shexp1~shexp2           matches any string that matches shexp1,
+ *                              unless the string also matches shexp2
+ *
+ *              Example:  "*~*.netscape.com" matches any string that does
+ *                              not end with ".netscape.com"
+ *
+ *      (shexp1|...|shexpN)     matches any string that matches any one of
+ *                              the ()-enclosed, |-separated shell
+ *                              expressions.
+ */
+
+/* Determine whether exp is a valid shell expression */
+#define shexp_valid (*__nsapi30_table->f_shexp_valid)
+
+/*
+ * shexp_match 
+ * 
+ * Takes a prevalidated shell expression exp, and a string str.
+ *
+ * Returns 0 on match and 1 on non-match.
+ */
+
+#define shexp_match (*__nsapi30_table->f_shexp_match)
+
+
+/*
+ * shexp_cmp
+ * 
+ * Same as above, but validates the exp first. 0 on match, 1 on non-match,
+ * -1 on invalid exp. shexp_casecmp does the same thing but is case 
+ * insensitive.
+ */
+
+#define shexp_cmp (*__nsapi30_table->f_shexp_cmp)
+#define shexp_casecmp (*__nsapi30_table->f_shexp_casecmp)
+
+/*
+ * Regular expression API - Analogous to shell expression API 
+ */
+
+#define regexp_valid (*__nsapi30_table->f_regexp_valid)
+#define regexp_match (*__nsapi30_table->f_regexp_match)
+#define regexp_cmp (*__nsapi30_table->f_regexp_cmp)
+#define regexp_casecmp (*__nsapi30_table->f_regexp_casecmp)
+
+
+#if defined (SHMEM_UNIX_MMAP) || defined (SHMEM_WIN32_MMAP)
+
+/*
+ * shmem_alloc allocates a region of shared memory of the given size, using
+ * the given name to avoid conflicts between multiple regions within the
+ * program. The region will not be automatically grown if its boundaries 
+ * are over-run, use shmem_realloc for that. 
+ *
+ * If expose is non-zero and the underlying system supports it, the
+ * file used to create the shared region will be visible to other processes
+ * running on the system.
+ *
+ * name should be unique to the program which calls this routine, otherwise
+ * conflicts will arise.
+ *
+ * Returns a new shared memory region, with the data element being a 
+ * pointer to the shared memory. This function must be called before any
+ * daemon workers are spawned, in order for the handle to the shared region
+ * to be inherited by the children.
+ *
+ * Because of the requirement that the region must be inherited by the
+ * children, the region cannot be re-allocated with a larger size when
+ * necessary.
+ */
+#define shmem_alloc (*__nsapi30_table->f_shmem_alloc)
+
+/*
+ * shmem_free de-allocates the specified region of shared memory.
+ */
+#define shmem_free (*__nsapi30_table->f_shmem_free)
+
+#endif  /* SHMEM_UNIX_MMAP || SHMEM_WIN32_MMAP */
+
+/*
+ * systhread_start creates a thread with the given priority, will allocate
+ * a stack of stksz bytes, and calls fn with arg as its argument. stksz
+ * of zero will allocate a default stack size. 
+ * 
+ * Returns a new SYS_THREAD pointer on success, SYS_THREAD_ERROR on failure.
+ * XXX Priorities are system dependent
+ */
+
+#define systhread_start (*__nsapi30_table->f_systhread_start)
+
+/* 
+ * systhread_current returns a handle for the current thread.
+ */
+
+#define systhread_current (*__nsapi30_table->f_systhread_current)
+
+/*
+ * systhread_yield yields the processor to another thread
+ */
+
+#define systhread_yield (*__nsapi30_table->f_systhread_yield)
+
+/*
+ * systhread_attach makes an existing thread an NSPR thread.
+ */
+#define systhread_attach (*__nsapi30_table->f_systhread_attach)
+
+/*
+ * Detaches a thread that was attached.
+ */
+
+#define systhread_detach (*__nsapi30_table->f_systhread_detach)
+
+/* 
+ * systhread_terminate terminates the thread that is passed in.
+ */
+#define systhread_terminate (*__nsapi30_table->f_systhread_terminate)
+
+/*
+ * systhread_sleep puts the calling thread to sleep for the given number
+ * of milliseconds.
+ */
+#define systhread_sleep (*__nsapi30_table->f_systhread_sleep)
+
+/*
+ * systhread_init initializes the threading system. name is a name for the
+ * program for debugging.
+ */
+
+#define systhread_init (*__nsapi30_table->f_systhread_init)
+
+/*
+ * systhread_timerset starts or re-sets the interrupt timer for a thread
+ * system. This should be considered a suggestion as most systems don't allow
+ * the timer interval to be changed.
+ */
+
+#define systhread_timerset (*__nsapi30_table->f_systhread_timerset)
+
+/*
+ * newkey allocates a new integer id for thread-private data. Use this
+ * key to identify a variable which you want to appear differently 
+ * between threads, and then use setdata to associate a value with this
+ * key for each thread.
+ */
+#define systhread_newkey (*__nsapi30_table->f_systhread_newkey)
+
+/*
+ * Get data that has been previously associated with key in this thread.
+ * Returns NULL if setkey has not been called with this key by this 
+ * thread previously, or the data that was previously used with setkey
+ * by this thread with this key.
+ */
+#define systhread_getdata (*__nsapi30_table->f_systhread_getdata)
+
+/*
+ * Associate data with the given key number in this thread.
+ */
+#define systhread_setdata (*__nsapi30_table->f_systhread_setdata)
+
+/*
+ * Set the default stack size for threads created via systhr_start
+ */
+#define systhread_set_default_stacksize (*__nsapi30_table->f_systhread_set_default_stacksize)
+
+/*
+ *      A hodge podge of utility functions and standard functions which 
+ *      are unavailable on certain systems
+ */
+
+/*
+ * getline scans in buf until it finds a LF or CRLF, storing the string in
+ * l. It will terminate the string and return:
+ * 
+ *  0 when done, with the scanned line (minus CR or LF) in l
+ *  1 upon EOF, with the scanned line (minus CR or LF) in l
+ * -1 on error with the error description in l (uses lineno for information)
+ */
+
+#define util_getline (*__nsapi30_table->f_util_getline)
+
+/*
+ * env_create creates a new environment with the given env, with n new
+ * entries, and places the current position that you should add your
+ * entries with at pos.
+ * 
+ * If env is NULL, it will allocate a new one. If not, it will reallocate
+ * that one.
+ */
+
+#define util_env_create (*__nsapi30_table->f_util_env_create)
+
+/*
+ * util_env_str allocates a string from the given name and value and
+ * returns it. It does not check for things like = signs in name.
+ */
+
+#define util_env_str (*__nsapi30_table->f_util_env_str)
+
+/*
+ * env_replace replaces the occurrence of the given variable with the 
+ * value you give.
+ */
+
+#define util_env_replace (*__nsapi30_table->f_util_env_replace)
+
+/*
+ * util_env_free frees an environment.
+ */
+
+#define util_env_free (*__nsapi30_table->f_util_env_free)
+
+/*
+ * util_env_copy copies an env
+ */
+#define util_env_copy (*__nsapi30_table->f_util_env_copy)
+
+/*
+ * util_env_find looks through env for the named string. Returns the
+ * corresponding value if the named string is found, or NULL if not.
+ */
+#define util_env_find (*__nsapi30_table->f_util_env_find)
+
+/*
+ * hostname gets the local hostname. Returns NULL if it can't find a FQDN.
+ * You are free to realloc or free this string.
+ */
+
+#define util_hostname (*__nsapi30_table->f_util_hostname)
+
+/*
+ * chdir2path changes the current directory to the one that the file
+ * path is in. path should point to a file. Caveat: path must be a writable
+ * string. It won't get modified permanently.
+ */
+
+#define util_chdir2path (*__nsapi30_table->f_util_chdir2path)
+
+/*
+ * is_mozilla checks if the given user-agent is mozilla, of at least
+ * the given major and minor revisions. These are strings to avoid 
+ * ambiguities like 1.56 > 1.5
+ */
+
+#define util_is_mozilla (*__nsapi30_table->f_util_is_mozilla)
+
+/*
+ * is_url will return 1 if the given string seems to be a URL, or will 
+ * return 0 otherwise. 
+ * 
+ * Because of stupid news URLs, this will return 1 if the string has 
+ * all alphabetic characters up to the first colon and will not check for 
+ * the double slash.
+ */
+
+#define util_is_url (*__nsapi30_table->f_util_is_url)
+
+/*
+ * util_later_than checks the date in the string ims, and if that date is 
+ * later than or equal to the one in the tm struct lms, then it returns 1.
+ *
+ * util_time_equal is above, but checks for exact equality.
+ *
+ * Handles RFC 822, 850, and ctime formats.
+ */
+
+#define util_later_than (*__nsapi30_table->f_util_later_than)
+#define util_time_equal (*__nsapi30_table->f_util_time_equal)
+
+/* 
+ * util_str_time_equal checks the character-string dates are equal.
+ * Supports rfc1123 and rfc850 formats.  t1 must be rfc1123
+ * Returns 0 if equal, -1 otherwise
+ */
+#define util_str_time_equal (*__nsapi30_table->f_util_str_time_equal)
+
+/*
+ * util_uri_is_evil returns 1 if a URL has ../ or // in it.
+ */
+#define util_uri_is_evil (*__nsapi30_table->f_util_uri_is_evil)
+
+/*
+ * util_uri_parse gets rid of /../, /./, and //.
+ * 
+ * Assumes that either the string starts with a /, or the string will
+ * not .. right off of its beginning.  As such, ../foo.gif will
+ * not be changed, although /../foo.gif will become /foo.gif.
+ */
+
+#define util_uri_parse (*__nsapi30_table->f_util_uri_parse)
+
+/*
+ * util_uri_unescape unescapes the given URI in place (% conversions only).
+ */
+
+#define util_uri_unescape (*__nsapi30_table->f_util_uri_unescape)
+
+/*
+ * util_uri_escape escapes any nasty chars in s and copies the string into d.
+ * If d is NULL, it will allocate and return a properly sized string.
+ * Warning: does not check bounds on a given d.
+ *
+ * util_url_escape does the same thing but does it for a url, i.e. ?:+ is 
+ * not escaped.
+ */
+
+#define util_uri_escape (*__nsapi30_table->f_util_uri_escape)
+#define util_url_escape (*__nsapi30_table->f_util_url_escape)
+
+/*
+ * util_sh_escape places a \ in front of any shell-special characters.
+ * Returns a newly-allocated copy of the string.
+ */
+
+#define util_sh_escape (*__nsapi30_table->f_util_sh_escape)
+
+/*
+ * util_mime_separator generates a new MIME separator into the given buffer.
+ * The buffer should be more than 4 + 3*10 + 1 bytes long. A CRLF is prepended
+ * to the beginning of the string, along with two dashes. The string is null
+ * terminated, with no CRLF. The intent is that you create your content-type
+ * header by accessing &sep[4], and afterwards print sep followed by CRLF
+ * for message boundaries.
+ *
+ * Returns the length of the string.
+ */
+#define util_mime_separator (*__nsapi30_table->f_util_mime_separator)
+
+/*
+ * util_itoa converts the given integer to a string into a.
+ */
+
+#define util_itoa (*__nsapi30_table->f_util_itoa)
+
+/*
+ * util_vsprintf and util_sprintf are simplified clones of the System V 
+ * vsprintf and sprintf routines.
+ * 
+ * Returns the number of characters printed. Only handles %d and %s,
+ * does not handle any width or precision.
+ */
+
+#define util_vsprintf (*__nsapi30_table->f_util_vsprintf)
+#define util_sprintf (*__nsapi30_table->f_util_sprintf)
+
+/* These routines perform bounds checks. */
+#define util_vsnprintf (*__nsapi30_table->f_util_vsnprintf)
+#define util_snprintf (*__nsapi30_table->f_util_snprintf)
+
+/* util_strftime()
+ * Thread safe version of strftime.
+ * No bounds checking is done s.  t must be a valid tm structure.
+ */
+#define util_strftime (*__nsapi30_table->f_util_strftime)
+
+/* Various thread safe routines. */
+
+#define util_strtok (*__nsapi30_table->f_util_strtok)
+#define util_localtime (*__nsapi30_table->f_util_localtime)
+#define util_ctime (*__nsapi30_table->f_util_ctime)
+#define util_strerror (*__nsapi30_table->f_util_strerror)
+#define util_gmtime (*__nsapi30_table->f_util_gmtime)
+#define util_asctime (*__nsapi30_table->f_util_asctime)
+
+#ifdef NEED_STRCASECMP
+#define util_strcasecmp (*__nsapi30_table->f_util_strcasecmp)
+#define strcasecmp(s1, s2) util_strcasecmp(s1, s2)
+#endif /* NEED_STRCASECMP */
+
+#ifdef NEED_STRNCASECMP
+#define util_strncasecmp (*__nsapi30_table->f_util_strncasecmp)
+#define strncasecmp(s1, s2, n) util_strncasecmp(s1, s2, n)
+#endif /* NEED_STRNCASECMP */
+
+#ifdef XP_UNIX
+
+/*
+ * can_exec returns 1 if you can execute the file described by finfo, and 
+ * 0 if you can't.
+ */
+
+#define util_can_exec (*__nsapi30_table->f_util_can_exec)
+
+/*
+ * Thread safe getpwnam
+ */
+#define util_getpwnam (*__nsapi30_table->f_util_getpwnam)
+
+#define util_waitpid (*__nsapi30_table->f_util_waitpid)
+
+#endif /* XP_UNIX */
+
+#ifdef XP_WIN32
+
+/* util_delete_directory()
+ * This routine deletes all the files in a directory.  If delete_directory is
+ * TRUE it will also delete the directory itself.
+ */
+#define util_delete_directory (*__nsapi30_table->f_util_delete_directory)
+
+#endif /* XP_WIN32 */
+
+/*
+ * conf_init reads the given configuration file and sets any non-default
+ * parameters to their given setting.
+ */
+#define conf_init (*__nsapi30_table->f_conf_init)
+#define conf_run_init_functions (*__nsapi30_table->f_conf_run_init_functions)
+
+/*
+ * conf_terminate frees any data the conf routines may be holding.
+ */
+#define conf_terminate (*__nsapi30_table->f_conf_terminate)
+
+/*
+ * conf_getServerString returns the Server ID string
+ */
+#define conf_getServerString (*__nsapi30_table->f_conf_getServerString)
+
+/*
+ * Get a structure with the global variables for this server.
+ */
+#define conf_getglobals (*__nsapi30_table->f_conf_getglobals)
+
+/*
+ * func_init reads the static FuncStruct arrays and creates the global 
+ * function table from them.
+ *
+ * func_init will only read from the static arrays defined in func.c.
+ */
+#define func_init (*__nsapi30_table->f_func_init)
+
+/*
+ * func_find returns a pointer to the function named name, or NULL if none
+ * exists.
+ */
+#define func_find (*__nsapi30_table->f_func_find)
+
+/* DO NOT USE this function.
+ */
+#define func_set_native_thread_flag (*__nsapi30_table->f_func_set_native_thread_flag)
+
+/*
+ * func_exec will try to execute the function whose name is the "fn" entry
+ * in the given pblock. If name is not found, it will log a misconfig of
+ * missing fn parameter. If it can't find it, it will log that. In these
+ * cases it will return REQ_ABORTED. Otherwise, it will return what the 
+ * function being executed returns.
+ */
+#define func_exec (*__nsapi30_table->f_func_exec)
+
+/*
+ * func_replace will replace a function in the server's function table with
+ * another.  Returns the FuncPtr to the old function if it replaces the 
+ * function, otherwise it returns 0.
+ */
+#define func_replace (*__nsapi30_table->f_func_replace)
+
+/*
+ * func_insert dynamically inserts a named function into the server's
+ * table of functions. Returns the FuncStruct it keeps in internal 
+ * databases, because on server restart you are responsible for freeing 
+ * (or not) its contents.
+ */
+#define func_insert (*__nsapi30_table->f_func_insert)
+#define object_execute (*__nsapi30_table->f_object_execute)
+
+/*
+ * gets the first line of an HTTP request
+ */
+#define http_find_request (*__nsapi30_table->f_http_find_request)
+
+/*
+ * parses the first line of an HTTP request
+ */
+#define http_parse_request (*__nsapi30_table->f_http_parse_request)
+
+/*
+ * Scans HTTP headers from the given netbuf, and places them in headers.
+ * If netbuf is NULL, the session's inbuf is used.
+ * 
+ * Folded lines are joined and the linefeed removed (but not the whitespace).
+ * If there are any repeat headers they are joined and the two field bodies
+ * separated by a comma and space.
+ *
+ * t should be a string of length REQ_MAX_LINE. This is a convenience to
+ * req.c so that we don't use too much runtime stack.
+ *
+ * Session is an optional parameter. Use NULL if you wish. It's used for
+ * error logs.
+ */
+#define http_scan_headers (*__nsapi30_table->f_http_scan_headers)
+
+/*
+ * Starts the HTTP response. If HTTP/0.9, does nothing. If 1.0, sends header.
+ * If this returns REQ_NOACTION, the method was head and no body should be
+ * sent. Otherwise, it will return REQ_PROCEED.
+ */
+#define http_start_response (*__nsapi30_table->f_http_start_response)
+
+/*
+ * http_hdrs2env takes the entries from the given pblock and converts them
+ * to an environment. 
+ *
+ * Each name entry will be made uppercase, prefixed with HTTP_ and any
+ * occurrence of - will be converted to _.
+ */
+#define http_hdrs2env (*__nsapi30_table->f_http_hdrs2env)
+
+/*
+ * http_status sets status to the code n, with reason string r. If r is
+ * NULL, the server will attempt to find one for the given status code.
+ * If it finds none, it will give "Because I felt like it."
+ */
+#define http_status (*__nsapi30_table->f_http_status)
+
+/*
+ * http_set_finfo sets content-length and last-modified
+ */
+
+#define http_set_finfo (*__nsapi30_table->f_http_set_finfo)
+
+/*
+ * Takes the given pblock and prints headers into the given buffer at 
+ * position pos. Returns the buffer, reallocated if needed. Modifies pos.
+ */
+#define http_dump822 (*__nsapi30_table->f_http_dump822)
+
+/*
+ * Finishes a request. For HTTP, this just closes the socket.
+ */
+#define http_finish_request (*__nsapi30_table->f_http_finish_request)
+
+/*
+ * http_handle_session processes each request generated by Session
+ */
+#define http_handle_session (*__nsapi30_table->f_http_handle_session)
+
+/*
+ * http_uri2url takes the give URI prefix and URI suffix and creates a 
+ * newly-allocated full URL from them of the form
+ * http://(server):(port)(prefix)(suffix)
+ * 
+ * If you want either prefix or suffix to be skipped, use "" instead of NULL.
+ *
+ * Normally, the server hostname is taken from the ServerName parameter in
+ * magnus.conf. The newer function http_uri2url_dynamic should be used when 
+ * a Session and Request structure are available, to ensure that the browser
+ * gets redirected to the exact host they were originally referencing.
+ */
+
+#define http_uri2url (*__nsapi30_table->f_http_uri2url)
+#define http_uri2url_dynamic (*__nsapi30_table->f_http_uri2url_dynamic)
+
+/*
+ * http_set_keepalive_timeout sets the number of seconds to wait for a new
+ * request to come from a persistent connection. Returns nothing. Intended
+ * to be called at server startup only.
+ *
+ * Specifying a timeout of zero will disable persistent connections and allow
+ * browsers to request only one file per connection.
+ */
+#define http_set_keepalive_timeout (*__nsapi30_table->f_http_set_keepalive_timeout)
+
+/*
+ * log_error logs an error of the given degree from the function func
+ * and formats the arguments with the printf() style fmt. Returns whether the
+ * log was successful. Records the current date.
+ *
+ * sn and rq are optional parameters. If given, information about the client
+ * will be reported.
+ */
+#define log_error_v (*__nsapi30_table->f_log_error_v)
+#define log_error (*__nsapi30_table->f_log_error)
+
+/*
+ *  Internal use only 
+ */
+#define log_ereport_v (*__nsapi30_table->f_log_ereport_v)
+#define log_ereport (*__nsapi30_table->f_log_ereport)
+
+/*
+ * object_create will create a new object and return a pointer to it.
+ * It will allocate space for nd directive types and set name accordingly.
+ */
+#define object_create (*__nsapi30_table->f_object_create)
+
+/*
+ * object_free will free an object and any data associated with it.
+ */
+#define object_free (*__nsapi30_table->f_object_free)
+
+/*
+ * object_add_directive will add a new directive to the dtable for 
+ * the directive class at position dc.
+ */
+#define object_add_directive (*__nsapi30_table->f_object_add_directive)
+
+/*
+ * Executes the directive specified by inst within the context of the
+ * given session and request structures. Returns what the executed function
+ * returned (one of the REQ_* codes defined in req.h).
+ *
+ * This prototype uses void * for Request * in order to avoid including
+ * all of req.h. 
+ *
+ */
+
+/*
+ * objset_scan_buffer will scan through buffer, looking for object 
+ * configuration information, and adding them to the object set os if it 
+ * finds any. If os is NULL it will allocate a new object set.
+ *
+ * If any error occurs (syntax error, premature EOF) this function will
+ * free os, print an error message into errstr, and return NULL.
+ * This is because a config. file error is viewed as a catastrophic error
+ * from which httpd should not try to recover. If httpd were to continue
+ * after an error, it would not behave as the admin. expected and he/she
+ * may not notice until it's too late.
+ *
+ * Upon EOF the file will not be closed.
+ */
+#define objset_scan_buffer (*__nsapi30_table->f_objset_scan_buffer)
+
+/*
+ * objset_create creates a new object set and returns a pointer to it.
+ */
+#define objset_create (*__nsapi30_table->f_objset_create)
+
+/*
+ * objset_free will free an object set, any associated objects, and any
+ * associated Init functions.
+ */
+#define objset_free (*__nsapi30_table->f_objset_free)
+
+/*
+ * objset_free_setonly frees only the object set, and not the associated
+ * objects or init functions.
+ */
+#define objset_free_setonly (*__nsapi30_table->f_objset_free_setonly)
+
+/*
+ * objset_new_object will add a new object to objset with the specified
+ * name. It returns a pointer to the new object (which may be anywhere in 
+ * the objset).
+ */
+#define objset_new_object (*__nsapi30_table->f_objset_new_object)
+
+/*
+ * objset_add_object will add the existing object to os.
+ */
+#define objset_add_object (*__nsapi30_table->f_objset_add_object)
+
+/*
+ * objset_add_init will add the initialization function specified by 
+ * initfn to the given object set. Modifies os->initfns.
+ */
+#define objset_add_init (*__nsapi30_table->f_objset_add_init)
+
+/*
+ * objset_findbyname will find the object in objset having the given name,
+ * and return the object if found, and NULL otherwise.
+ * ign is a set of objects to ignore.
+ */
+#define objset_findbyname (*__nsapi30_table->f_objset_findbyname)
+
+/*
+ * objset_findbyppath will find the object in objset having the given 
+ * partial path entry. Returns object if found, NULL otherwise.
+ * ign is a set of objects to ignore.
+ */
+#define objset_findbyppath (*__nsapi30_table->f_objset_findbyppath)
+
+/*
+ * request_create creates a new request structure.
+ */
+#define request_create (*__nsapi30_table->f_request_create)
+
+/*
+ * request_free destroys a request structure.
+ */
+#define request_free (*__nsapi30_table->f_request_free)
+
+/*
+ * Restarts a request for a given URI internally. If rq is non-NULL, the
+ * function will keep the old request's headers and protocol, but with a new 
+ * URI and method of GET. If the previous method was HEAD, this is preserved.
+ * Any other method becomes GET. You may assume that if you give it a request
+ * structure that it will use the same structure.
+ *
+ * Once you have this new Request, you must then do what you want with
+ * it (e.g. send the object back, perform uri2path translation, etc.)
+ */
+#define request_restart_internal (*__nsapi30_table->f_request_restart_internal)
+
+/*
+ * request_header finds the named header depending on the requesting 
+ * protocol. If possible, it will not load headers until the first is 
+ * requested. You have to watch out because this can return REQ_ABORTED.
+ */
+#define request_header (*__nsapi30_table->f_request_header)
+
+/*
+ * request_loadheaders just makes sure the headers have been loaded.
+ */
+#define request_loadheaders (*__nsapi30_table->f_request_loadheaders)
+
+/*
+ * request_stat_path tries to stat path. If path is NULL, it will look in
+ * the vars pblock for "path". If the stat is successful, it returns the stat 
+ * structure. If not, returns NULL and leaves a message in rq->staterr. If a 
+ * previous call to this function was successful, and path is the same, the 
+ * function will simply return the previously found value.
+ *
+ * User functions should not free this structure.
+ */
+
+#define request_stat_path (*__nsapi30_table->f_request_stat_path)
+
+/*
+ * Random number generation
+ *
+ *      random_create - create a new random number context
+ *      random_update - update a context with random data
+ *      random_generate - generate random bytes
+ *      random_destroy - destroy a random number context
+ */
+
+#define random_create (*__nsapi30_table->f_random_create)
+#define random_update (*__nsapi30_table->f_random_update)
+#define random_generate (*__nsapi30_table->f_random_generate)
+#define random_destroy (*__nsapi30_table->f_random_destroy)
+
+/*
+ * MD5 hash routines
+ *
+ *      md5hash_create - create an MD5 hash context
+ *      md5hash_copy - make a copy of an MD5 hash context
+ *      md5hash_begin - initialize an MD5 hash context
+ *      md5hash_update - update MD5 hash with more input data
+ *      md5hash_end - finalize MD5 hash and get result
+ *      md5hash_destroy - destroy an MD5 hash context
+ *      md5hash_data - compute MD5 hash of data in one step
+ */
+
+#define md5hash_create (*__nsapi30_table->f_md5hash_create)
+#define md5hash_copy (*__nsapi30_table->f_md5hash_copy)
+#define md5hash_begin (*__nsapi30_table->f_md5hash_begin)
+#define md5hash_update (*__nsapi30_table->f_md5hash_update)
+#define md5hash_end (*__nsapi30_table->f_md5hash_end)
+#define md5hash_destroy (*__nsapi30_table->f_md5hash_destroy)
+#define md5hash_data (*__nsapi30_table->f_md5hash_data)
+
+/*
+ * ACL_SetupEval -
+ *  Setup environment and call ACL_EvalTestRights.
+ */
+#define ACL_SetupEval (*__nsapi30_table->f_ACL_SetupEval)
+
+/*
+ * servact_translate_uri
+ * Returns the translated path (filename) for the given uri, NULL otherwise.
+ * If authentication is required for the given uri, nothing is returned even
+ * if the current user has authenticated to that area.
+ */
+#define servact_translate_uri (*__nsapi30_table->f_servact_translate_uri)
+
+#endif /* !INTNSAPI */
+
+#ifndef FILE_MMAP
+#define filebuf_open_nostat(fd,sz,finfo) filebuf_open(fd,sz)
+#endif
+
+#ifdef XP_UNIX
+#define dir_open opendir
+#define dir_read readdir
+#define dir_close closedir
+#define dir_create(path) mkdir(path, 0755)
+#define dir_remove rmdir
+#define system_chdir chdir
+#define file_unix2local(path,p2) strcpy(p2,path)
+#endif /* XP_UNIX */
+
+#ifdef XP_WIN32
+#define dir_create _mkdir
+#define dir_remove _rmdir
+#define system_chdir SetCurrentDirectory
+#endif /* XP_WIN32 */
+
+/*
+ * Thread-safe variants of localtime and gmtime
+ */
+#define system_localtime(curtime, ret) util_localtime(curtime, ret)
+#define system_gmtime(curtime, ret) util_gmtime(curtime, ret)
+
+/* 
+ * pblock_find finds the entry with the given name in pblock pb.
+ *
+ * If it is successful, it returns the param block. If not, it returns NULL.
+ */
+
+#define pblock_find(name, pb) (pblock_fr(name,pb,0))
+
+/*
+ * pblock_remove behaves exactly like pblock_find, but removes the given
+ * entry from pb.
+ */
+
+#define pblock_remove(name, pb) (pblock_fr(name,pb,1))
+
+/*
+ * session_dns returns the DNS hostname of the client of this session,
+ * and inserts it into the client pblock. Returns NULL if unavailable.
+ */
+
+#define session_dns(sn) session_dns_lookup(sn, 0)
+
+/*
+ * session_maxdns looks up a hostname from an IP address, and then verifies 
+ * that the host is really who they claim to be. 
+ */
+
+#define session_maxdns(sn) session_dns_lookup(sn, 1)
+
+#define protocol_find_request http_find_request
+#define protocol_parse_request http_parse_request
+#define protocol_scan_headers http_scan_headers
+#define protocol_start_response http_start_response
+#define protocol_status http_status
+#define protocol_set_finfo http_set_finfo
+#define protocol_finish_request http_finish_request
+#define protocol_handle_session http_handle_session
+#define protocol_uri2url http_uri2url
+#define protocol_uri2url_dynamic http_uri2url_dynamic
+#define protocol_set_keepalive_timeout http_set_keepalive_timeout
+
+/* XXXrobm temporary compatibility */
+#define request_uri2path servact_uri2path
+#define request_pathchecks servact_pathchecks
+#define request_fileinfo servact_fileinfo
+#define request_service servact_service
+
+#define request_handle_processed servact_handle_processed
+#define request_translate_uri servact_translate_uri
+#define request_finderror servact_finderror
+
+/* --- OBSOLETE ----------------------------------------------------------
+ * The following macros/functions are obsolete and are only maintained for
+ * compatibility.  Do not use them. 11-19-96
+ * -----------------------------------------------------------------------
+ */
+
+#define SYS_STDERR STDERR_FILENO
+
+#ifdef XP_WIN32
+
+typedef HANDLE pid_t;
+
+#define ERROR_PIPE \
+	(ERROR_BROKEN_PIPE | ERROR_BAD_PIPE |\
+	 ERROR_PIPE_BUSY | ERROR_PIPE_LISTENING | ERROR_PIPE_NOT_CONNECTED)
+#define CONVERT_TO_PRINTABLE_FORMAT(Filename) 	\
+{									   		\
+	register char *s;					   	\
+	if (Filename)				   			\
+	for (s = Filename; *s; s++) 	   		\
+		if ( *s	== '\\')				   	\
+			*s = '/';				   		\
+}
+#define CONVERT_TO_NATIVE_FS(Filename) 	   \
+{									   	   \
+	register char *s;				   	   \
+	if (Filename)						   \
+		for (s = Filename; *s; s++) 	   \
+			if ( *s	== '/')				   \
+				*s = '\\';				   \
+}									 
+
+#ifdef INTNSAPI
+NSAPI_PUBLIC extern nsapi_dispatch_t *__nsapi30_table;
+#else
+__declspec(dllimport) nsapi_dispatch_t *__nsapi30_table;
+#endif /* INTNSAPI */
+
+#else /* !XP_WIN32 */
+
+NSAPI_PUBLIC extern nsapi_dispatch_t *__nsapi30_table;
+
+#endif /* XP_WIN32 */
+
+#endif /* !PUBLIC_NSAPI_H */
diff --git a/include/version.h b/include/version.h
new file mode 100644
index 00000000..a1116466
--- /dev/null
+++ b/include/version.h
@@ -0,0 +1,53 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Copyright 2001 Sun Microsystems, Inc.
+ * Portions copyright 1999, 2001-2003 Netscape Communications Corporation.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+/*
+   This file is included from both C source and the NT installation compiler.
+   Because of that, no ifdefs are allowed, and strings must be simple strings
+   (not concatenated).
+
+   Because macros called PERSONAL_VERSION and ENTERPRISE_VERSION already
+   exist, the PRODUCT_VERSION define has _DEF appended.
+ */
+
+#define DIRECTORY_VERSION_DEF "7.0"
+#define DIRECTORY_COMPATIBLE "3.0"
+#define DIRECTORY_VERSION_STRING "Netscape-DirServer/7.0"
+
+#define DS_VERSION_DEF DIRECTORY_VERSION_DEF
+#define DS_VERSION_STRING DIRECTORY_VERSION_STRING
+
+#define DSS_VERSION_DEF DIRECTORY_VERSION_DEF
+#define DSS_VERSION_STRING "Netscape-DirSynchService/7.0"
+
+#define PROXY_VERSION_DEF "2.0"
+#define PROXY_VERSION_STRING "Netscape-Proxy/2.0"
+
+#define ADMSERV_VERSION_DEF "4.0b1"
+#define ADMSERV_VERSION_STRING "Netscape-Administrator/4.0b1"
+/* supposedly the trunk is currently the home of 3.x development */
+
+#define PERSONAL_VERSION_DEF "3.01b1"
+#define PERSONAL_VERSION_STRING "Netscape-FastTrack/3.01b1"
+
+#define CATALOG_VERSION_DEF "1.0b2"
+#define CATALOG_VERSION_STRING "Netscape-Catalog/1.0b2"
+
+#define RDS_VERSION_DEF "1.0b2"
+#define RDS_VERSION_STRING "Netscape-RDS/1.0b2"
+
+#define ENTERPRISE_VERSION_DEF "3.01"
+#define ENTERPRISE_VERSION_STRING "Netscape-Enterprise/3.01"
+
+#define MAIL_VERSION_DEF "3.0a0"
+#define MAIL_VERSION_STRING "Netscape-Mail/3.0a0"
+
+#define NEWS_VERSION_STRING "Netscape 1.1"
+
+#define BATMAN_VERSION_DEF "1.0a1"
+#define BATMAN_VERSION_STRING "Batman/1.0a1"
+
+#define VI_COMPANYNAME "Netscape Communications Corporation\0"
+#define VI_COPYRIGHT   "Copyright 2001 Sun Microsystems, Inc.  Portions copyright 1999, 2001-2003 Netscape Communications Corporation.  All rights reserved.\0"