As submitted by Openvision Technologies:

To: tytso@MIT.EDU
Subject: gssapi
Date: Fri, 17 Dec 1993 17:55:06 -0500
From: Marc Horowitz <marc@security.ov.com>

This is named in my RCS tree as MIT931217.  The copyright notice
included is (hopefully) final.  Good luck!

		Marc

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@3205 dc483132-0cff-0310-8789-dd5450dbe970

16 files changed, 1702 insertions, 0 deletions

diff --git a/src/lib/gssapi/generic/Makefile b/src/lib/gssapi/generic/Makefile
new file mode 100644
index 000000000..6fa6194d2
--- /dev/null
+++ b/src/lib/gssapi/generic/Makefile
@@ -0,0 +1,74 @@
+# 
+# Copyright 1993 by OpenVision Technologies, Inc.
+# 
+# Permission to use, copy, modify, distribute, and sell this software
+# and its documentation for any purpose is hereby granted without fee,
+# provided that the above copyright notice appears in all copies and
+# that both that copyright notice and this permission notice appear in
+# supporting documentation, and that the name of OpenVision not be used
+# in advertising or publicity pertaining to distribution of the software
+# without specific, written prior permission. OpenVision makes no
+# representations about the suitability of this software for any
+# purpose.  It is provided "as is" without express or implied warranty.
+# 
+# OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+# INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+# EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+# CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+# USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+# OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+# 
+
+# $Id$
+
+TOP = ../../..
+include $(TOP)/config.mk/template
+
+CCSRCS = \
+	display_major_status.c \
+	display_com_err_status.c \
+	gssapi_generic.c \
+	release_buffer.c \
+	release_oid_set.c \
+	util_buffer.c \
+	util_canonhost.c \
+	util_dup.c \
+	util_oid.c \
+	util_token.c \
+	util_validate.c
+CCOBJS = $(addsuffix .o,$(basename $(CCSRCS)))
+
+ETSRCS = gssapi_generic_err.et
+ETCS = $(addsuffix .c,$(basename $(ETSRCS)))
+ETHS = $(addsuffix .h,$(basename $(ETSRCS)))
+ETOBJS = $(addsuffix .o,$(basename $(ETSRCS)))
+
+OBJS = $(CCOBJS)
+
+CFLAGS := -I. $(CFLAGS)
+
+all::
+
+all:: $(ETCS) $(ETHS)
+
+listobjs:
+	@echo $(CCOBJS) $(ETOBJS)
+
+SRCS = $(CCSRCS)
+DEPENDS = $(ETHS)
+expand Depend
+
+ETABLES = $(ETSRCS)
+expand ErrorTables
+
+stage:: $(CCOBJS) $(ETOBJS)
+
+all:: $(CCOBJS) $(ETOBJS)
+
+SRCS = $(CCSRCS)
+expand Saber
+
+HDRS = gssapi.h gssapi_generic.h
+HDRS_DIR = gssapi
+expand InstallIncludes
diff --git a/src/lib/gssapi/generic/display_com_err_status.c b/src/lib/gssapi/generic/display_com_err_status.c
new file mode 100644
index 000000000..0a36f91b4
--- /dev/null
+++ b/src/lib/gssapi/generic/display_com_err_status.c
@@ -0,0 +1,68 @@
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ * 
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ * 
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * $Id$
+ */
+
+#include "gssapiP_generic.h"
+#include <com_err.h>
+
+/* XXXX internationalization!! */
+
+/**/
+
+static int init_et = 0;
+static const char * const no_error = "No error";
+
+/**/
+
+/* if status_type == GSS_C_GSS_CODE, return up to three error messages,
+     for routine errors, call error, and status, in that order.
+     message_context == 0 : print the routine error
+     message_context == 1 : print the calling error
+     message_context > 2  : print supplementary info bit (message_context-2)
+   if status_type == GSS_C_MECH_CODE, return the output from error_message()
+   */
+
+OM_uint32
+g_display_com_err_status(OM_uint32 *minor_status,
+			 OM_uint32 status_value,
+			 gss_buffer_t status_string)
+{
+   status_string->length = 0;
+   status_string->value = NULL;
+
+   if (!init_et) {
+      initialize_ggss_error_table();
+      init_et = 1;
+   }
+
+   if (! g_make_string_buffer(((status_value == 0)?no_error:
+			       error_message(status_value)),
+			      status_string)) {
+      *minor_status = ENOMEM;
+      return(GSS_S_FAILURE);
+   }
+   *minor_status = 0;
+   return(GSS_S_COMPLETE);
+}
diff --git a/src/lib/gssapi/generic/display_major_status.c b/src/lib/gssapi/generic/display_major_status.c
new file mode 100644
index 000000000..0216cf116
--- /dev/null
+++ b/src/lib/gssapi/generic/display_major_status.c
@@ -0,0 +1,304 @@
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ * 
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ * 
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "gssapiP_generic.h"
+
+/*
+ * $Id$
+ */
+
+/* This code has knowledge of the min and max errors of each type
+   within the gssapi major status */
+
+#define GSS_ERROR_STR(value, array, select, min, max, num) \
+   (((select(value) < (min)) || (select(value) > (max))) ? NULL : \
+    (array)[num(value)])
+
+/**/
+
+static const char * const calling_error_string[] = {
+   NULL,
+   "A required input parameter could not be read",
+   "A required input parameter could not be written",
+   "A parameter was malformed",
+};
+ 
+static const char * const calling_error = "calling error";
+
+#define GSS_CALLING_ERROR_STR(x) \
+   GSS_ERROR_STR((x), calling_error_string, GSS_CALLING_ERROR, \
+		 GSS_S_CALL_INACCESSIBLE_READ, GSS_S_CALL_BAD_STRUCTURE, \
+		 GSS_CALLING_ERROR_FIELD)
+
+/**/
+
+static const char * const routine_error_string[] = {
+   NULL,
+   "An unsupported mechanism was requested",
+   "An invalid name was supplied",
+   "A supplied name was of an unsupported type",
+   "Incorrect channel bindings were supplied",
+   "An invalid status code was supplied",
+   "A token had an invalid signature",
+   "No credentials were supplied",
+   "No context has been established",
+   "A token was invalid",
+   "A credential was invalid",
+   "The referenced credentials have expired",
+   "The context has expired",
+   "Miscellaneous failure",   
+};   
+
+static const char * const routine_error = "routine error";
+
+#define GSS_ROUTINE_ERROR_STR(x) \
+   GSS_ERROR_STR((x), routine_error_string, GSS_ROUTINE_ERROR, \
+		 GSS_S_BAD_MECH, GSS_S_FAILURE, \
+		 GSS_ROUTINE_ERROR_FIELD)
+
+/**/
+
+/* this becomes overly gross after about 4 strings */
+
+static const char * const sinfo_string[] = {
+   "The routine must be called again to complete its function",
+   "The token was a duplicate of an earlier token",
+   "The token's validity period has expired",
+   "A later token has already been processed",
+};
+
+static const char * const sinfo_code = "supplementary info code";
+
+#define LSBGET(x) ((((x)^((x)-1))+1)>>1)
+#define LSBMASK(n) ((1<<(n))^((1<<(n))-1))
+
+#define GSS_SINFO_STR(x) \
+   ((((1<<(x)) < GSS_S_CONTINUE_NEEDED) || ((1<<(x)) > GSS_S_UNSEQ_TOKEN)) ? \
+    /**/NULL:sinfo_string[(x)])
+
+/**/
+
+static const char * const no_error = "No error";
+static const char * const unknown_error = "Unknown %s (field = %d)";
+
+/**/
+
+int display_unknown(const char *kind, OM_uint32 value,
+		gss_buffer_t buffer)
+{
+   int len;
+   char *str;
+
+   if ((str =
+	(char *) xmalloc(len = strlen(unknown_error)+strlen(kind)+7)) == NULL)
+      return(0);
+
+   sprintf(str, unknown_error, kind, value);
+
+   buffer->length = len;
+   buffer->value = str;
+
+   return(1);
+}
+
+/* code should be set to the calling error field */
+
+static OM_uint32
+   display_calling(OM_uint32 *minor_status,
+		   OM_uint32 code,
+		   gss_buffer_t status_string)
+{
+   const char *str;
+
+   if (str = GSS_CALLING_ERROR_STR(code)) {
+      if (! g_make_string_buffer(str, status_string)) {
+	 *minor_status = ENOMEM;
+	 return(GSS_S_FAILURE);
+      }
+   } else {
+      if (! display_unknown(calling_error, GSS_CALLING_ERROR_FIELD(code),
+			    status_string)) {
+	 *minor_status = ENOMEM;
+	 return(GSS_S_FAILURE);
+      }
+   }
+   *minor_status = 0;
+   return(GSS_S_COMPLETE);
+}
+
+/* code should be set to the routine error field */
+
+static OM_uint32
+   display_routine(OM_uint32 *minor_status,
+		   OM_uint32 code,
+		   gss_buffer_t status_string)
+{
+   const char *str;
+
+   if (str = GSS_ROUTINE_ERROR_STR(code)) {
+      if (! g_make_string_buffer(str, status_string)) {
+	 *minor_status = ENOMEM;
+	 return(GSS_S_FAILURE);
+      }
+   } else {
+      if (! display_unknown(routine_error, GSS_ROUTINE_ERROR_FIELD(code),
+			    status_string)) {
+	 *minor_status = ENOMEM;
+	 return(GSS_S_FAILURE);
+      }
+   }
+   *minor_status = 0;
+   return(GSS_S_COMPLETE);
+}
+
+/* code should be set to the bit offset (log_2) of a supplementary info bit */
+
+static OM_uint32
+   display_bit(OM_uint32 *minor_status,
+	       OM_uint32 code,
+	       gss_buffer_t status_string)
+{
+   const char *str;
+
+   if (str = GSS_SINFO_STR(code)) {
+      if (! g_make_string_buffer(str, status_string)) {
+	 *minor_status = ENOMEM;
+	 return(GSS_S_FAILURE);
+      }
+   } else {
+      if (! display_unknown(sinfo_code, 1<<code, status_string)) {
+	 *minor_status = ENOMEM;
+	 return(GSS_S_FAILURE);
+      }
+   }
+   *minor_status = 0;
+   return(GSS_S_COMPLETE);
+}
+
+/**/
+
+/* return error messages, for routine errors, call error, and status,
+   in that order.
+     message_context == 0 : print the routine error
+     message_context == 1 : print the calling error
+     message_context > 2  : print supplementary info bit (message_context-2)
+     */
+
+OM_uint32
+g_display_major_status(OM_uint32 *minor_status,
+		       OM_uint32 status_value,
+		       int *message_context,
+		       gss_buffer_t status_string)
+{
+   OM_uint32 ret, tmp;
+   int bit;
+
+   /*** deal with no error at all specially */
+
+   if (status_value == 0) {
+      if (! g_make_string_buffer(no_error, status_string)) {
+	 *minor_status = ENOMEM;
+	 return(GSS_S_FAILURE);
+      }
+      *message_context = 0;
+      *minor_status = 0;
+      return(GSS_S_COMPLETE);
+   }
+
+   /*** do routine error */
+
+   if (*message_context == 0) {
+      if (tmp = GSS_ROUTINE_ERROR(status_value)) {
+	 status_value -= tmp;
+	 if (ret = display_routine(minor_status, tmp, status_string))
+	    return(ret);
+	 *minor_status = 0;
+	 if (status_value) {
+	    (*message_context)++;
+	    return(GSS_S_CONTINUE_NEEDED);
+	 } else {
+	    *message_context = 0;
+	    return(GSS_S_COMPLETE);
+	 }
+      } else {
+	 (*message_context)++;
+      }
+   } else {
+      status_value -= GSS_ROUTINE_ERROR(status_value);
+   }
+
+   /*** do calling error */
+
+   if (*message_context == 1) {
+      if (tmp = GSS_CALLING_ERROR(status_value)) {
+	 status_value -= tmp;
+	 if (ret = display_calling(minor_status, tmp, status_string))
+	    return(ret);
+	 *minor_status = 0;
+	 if (status_value) {
+	    (*message_context)++;
+	    return(GSS_S_CONTINUE_NEEDED);
+	 } else {
+	    *message_context = 0;
+	    return(GSS_S_COMPLETE);
+	 }
+      } else {
+	 (*message_context)++;
+      }
+   } else {
+      status_value -= GSS_CALLING_ERROR(status_value);
+   }
+
+   /*** do sinfo bits (*message_context == 2 + number of bits done) */
+
+   tmp = GSS_SUPPLEMENTARY_INFO_FIELD(status_value);
+   /* mask off the bits which have been done */
+   if (*message_context > 2) {
+      tmp &= ~LSBMASK(*message_context-3);
+      status_value &= ~LSBMASK(*message_context-3);
+   }
+
+   if (!tmp) {
+      /* bogon input - there should be something left */
+      *minor_status = G_BAD_MSG_CTX;
+      return(GSS_S_FAILURE);
+   }
+
+   /* compute the bit offset */
+   /*SUPPRESS 570*/
+   for (bit=0; (1<<bit) != LSBGET(tmp); bit++) ;
+
+   /* print it */
+   if (ret = display_bit(minor_status, bit, status_string))
+      return(ret);
+
+   /* compute the new status_value/message_context */
+   status_value -= 1<<bit;
+
+   if (status_value) {
+      *message_context = bit+3;
+      return(GSS_S_CONTINUE_NEEDED);
+   } else {
+      *message_context = 0;
+      return(GSS_S_COMPLETE);
+   }
+}
diff --git a/src/lib/gssapi/generic/gssapi.h b/src/lib/gssapi/generic/gssapi.h
new file mode 100644
index 000000000..c2a9af05f
--- /dev/null
+++ b/src/lib/gssapi/generic/gssapi.h
@@ -0,0 +1,404 @@
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ * 
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ * 
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _GSSAPI_H_
+#define _GSSAPI_H_
+
+#include <stdlib.h>
+#include <stdio.h>
+
+/*
+ * $Id$
+ */
+
+/*
+ * First, define the platform-dependent types.
+ */
+typedef unsigned int OM_uint32;
+typedef void * gss_name_t;
+typedef void * gss_cred_id_t;
+typedef void * gss_ctx_id_t;
+
+/*
+ * Note that a platform supporting the xom.h X/Open header file
+ * may make use of that header for the definitions of OM_uint32
+ * and the structure to which gss_OID_desc equates.
+ */
+
+typedef struct gss_OID_desc_struct {
+      OM_uint32 length;
+      void      *elements;
+} gss_OID_desc, *gss_OID;
+
+typedef const gss_OID_desc * const const_gss_OID;
+
+typedef struct gss_OID_set_desc_struct  {
+      int     count;
+      gss_OID elements;
+} gss_OID_set_desc, *gss_OID_set;
+
+typedef struct gss_buffer_desc_struct {
+      size_t length;
+      void *value;
+} gss_buffer_desc, *gss_buffer_t;
+
+typedef struct gss_channel_bindings_struct {
+      OM_uint32 initiator_addrtype;
+      gss_buffer_desc initiator_address;
+      OM_uint32 acceptor_addrtype;
+      gss_buffer_desc acceptor_address;
+      gss_buffer_desc application_data;
+} *gss_channel_bindings_t;
+
+
+/*
+ * Six independent flags each of which indicates that a context
+ * supports a specific service option.
+ */
+#define GSS_C_DELEG_FLAG 1
+#define GSS_C_MUTUAL_FLAG 2
+#define GSS_C_REPLAY_FLAG 4
+#define GSS_C_SEQUENCE_FLAG 8
+#define GSS_C_CONF_FLAG 16
+#define GSS_C_INTEG_FLAG 32
+
+
+/*
+ * Credential usage options
+ */
+#define GSS_C_BOTH 0
+#define GSS_C_INITIATE 1
+#define GSS_C_ACCEPT 2
+
+/*
+ * Status code types for gss_display_status
+ */
+#define GSS_C_GSS_CODE 1
+#define GSS_C_MECH_CODE 2
+
+/*
+ * The constant definitions for channel-bindings address families
+ */
+#define GSS_C_AF_UNSPEC     0
+#define GSS_C_AF_LOCAL      1
+#define GSS_C_AF_INET       2
+#define GSS_C_AF_IMPLINK    3
+#define GSS_C_AF_PUP        4
+#define GSS_C_AF_CHAOS      5
+#define GSS_C_AF_NS         6
+#define GSS_C_AF_NBS        7
+#define GSS_C_AF_ECMA       8
+#define GSS_C_AF_DATAKIT    9
+#define GSS_C_AF_CCITT      10
+#define GSS_C_AF_SNA        11
+#define GSS_C_AF_DECnet     12
+#define GSS_C_AF_DLI        13
+#define GSS_C_AF_LAT        14
+#define GSS_C_AF_HYLINK     15
+#define GSS_C_AF_APPLETALK  16
+#define GSS_C_AF_BSC        17
+#define GSS_C_AF_DSS        18
+#define GSS_C_AF_OSI        19
+#define GSS_C_AF_X25        21
+
+#define GSS_C_AF_NULLADDR   255
+
+#define GSS_C_NO_BUFFER ((gss_buffer_t) 0)
+#define GSS_C_NULL_OID ((gss_OID) 0)
+#define GSS_C_NULL_OID_SET ((gss_OID_set) 0)
+#define GSS_C_NO_NAME ((gss_name_t) 0)
+#define GSS_C_NO_CONTEXT ((gss_ctx_id_t) 0)
+#define GSS_C_NO_CREDENTIAL ((gss_cred_id_t) 0)
+#define GSS_C_NO_CHANNEL_BINDINGS ((gss_channel_bindings_t) 0)
+#define GSS_C_EMPTY_BUFFER {0, NULL}
+
+/*
+ * Define the default Quality of Protection for per-message
+ * services.  Note that an implementation that offers multiple
+ * levels of QOP may either reserve a value (for example zero,
+ * as assumed here) to mean "default protection", or alternatively
+ * may simply equate GSS_C_QOP_DEFAULT to a specific explicit QOP
+ * value.
+ */
+#define GSS_C_QOP_DEFAULT 0
+
+/*
+ * Expiration time of 2^32-1 seconds means infinite lifetime for a
+ * credential or security context
+ */
+#define GSS_C_INDEFINITE 0xffffffffu
+
+
+/* Major status codes */
+
+#define GSS_S_COMPLETE 0
+
+/*
+ * Some "helper" definitions to make the status code macros obvious.
+ */
+#define GSS_C_CALLING_ERROR_OFFSET 24
+#define GSS_C_ROUTINE_ERROR_OFFSET 16
+#define GSS_C_SUPPLEMENTARY_OFFSET 0
+#define GSS_C_CALLING_ERROR_MASK 0377
+#define GSS_C_ROUTINE_ERROR_MASK 0377
+#define GSS_C_SUPPLEMENTARY_MASK 0177777
+
+/*
+ * The macros that test status codes for error conditions
+ */
+#define GSS_CALLING_ERROR(x) \
+  ((x) & (GSS_C_CALLING_ERROR_MASK << GSS_C_CALLING_ERROR_OFFSET))
+#define GSS_ROUTINE_ERROR(x) \
+  ((x) & (GSS_C_ROUTINE_ERROR_MASK << GSS_C_ROUTINE_ERROR_OFFSET))
+#define GSS_SUPPLEMENTARY_INFO(x) \
+  ((x) & (GSS_C_SUPPLEMENTARY_MASK << GSS_C_SUPPLEMENTARY_OFFSET))
+#define GSS_ERROR(x) \
+  ((GSS_CALLING_ERROR(x) != 0) || (GSS_ROUTINE_ERROR(x) != 0))
+
+/* XXXX these are not part of the GSSAPI C bindings!  (but should be) */
+
+#define GSS_CALLING_ERROR_FIELD(x) \
+   (((x) >> GSS_C_CALLING_ERROR_OFFSET) & GSS_C_CALLING_ERROR_MASK)
+#define GSS_ROUTINE_ERROR_FIELD(x) \
+   (((x) >> GSS_C_ROUTINE_ERROR_OFFSET) & GSS_C_ROUTINE_ERROR_MASK)
+#define GSS_SUPPLEMENTARY_INFO_FIELD(x) \
+   (((x) >> GSS_C_SUPPLEMENTARY_OFFSET) & GSS_C_SUPPLEMENTARY_MASK)
+
+/*
+ * Now the actual status code definitions
+ */
+
+/*
+ * Calling errors:
+ */
+#define GSS_S_CALL_INACCESSIBLE_READ \
+                             (1 << GSS_C_CALLING_ERROR_OFFSET)
+#define GSS_S_CALL_INACCESSIBLE_WRITE \
+                             (2 << GSS_C_CALLING_ERROR_OFFSET)
+#define GSS_S_CALL_BAD_STRUCTURE \
+                             (3 << GSS_C_CALLING_ERROR_OFFSET)
+
+/*
+ * Routine errors:
+ */
+#define GSS_S_BAD_MECH (1 << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_BAD_NAME (2 << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_BAD_NAMETYPE (3 << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_BAD_BINDINGS (4 << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_BAD_STATUS (5 << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_BAD_SIG (6 << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_NO_CRED (7 << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_NO_CONTEXT (8 << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_DEFECTIVE_TOKEN (9 << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_DEFECTIVE_CREDENTIAL (10 << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_CREDENTIALS_EXPIRED (11 << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_CONTEXT_EXPIRED (12 << GSS_C_ROUTINE_ERROR_OFFSET)
+#define GSS_S_FAILURE (13 << GSS_C_ROUTINE_ERROR_OFFSET)
+/* XXXX This is a necessary evil until the spec is fixed */
+#define GSS_S_CRED_UNAVAIL GSS_S_FAILURE
+
+/*
+ * Supplementary info bits:
+ */
+#define GSS_S_CONTINUE_NEEDED (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 0))
+#define GSS_S_DUPLICATE_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 1))
+#define GSS_S_OLD_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 2))
+#define GSS_S_UNSEQ_TOKEN (1 << (GSS_C_SUPPLEMENTARY_OFFSET + 3))
+
+
+/*
+ * Finally, function prototypes for the GSSAPI routines.
+ */
+
+OM_uint32 gss_acquire_cred
+           (OM_uint32*,       /* minor_status */
+            gss_name_t,       /* desired_name */
+            OM_uint32,        /* time_req */
+            gss_OID_set,      /* desired_mechs */
+            int,              /* cred_usage */
+            gss_cred_id_t*,   /* output_cred_handle */
+            gss_OID_set*,     /* actual_mechs */
+            OM_uint32*        /* time_rec */
+           );
+
+OM_uint32 gss_release_cred
+           (OM_uint32*,       /* minor_status */
+            gss_cred_id_t*    /* cred_handle */
+           );
+
+OM_uint32 gss_init_sec_context
+           (OM_uint32*,       /* minor_status */
+            gss_cred_id_t,    /* claimant_cred_handle */
+            gss_ctx_id_t*,    /* context_handle */
+            gss_name_t,       /* target_name */
+            const_gss_OID,    /* mech_type */
+            int,              /* req_flags */
+            OM_uint32,        /* time_req */
+            gss_channel_bindings_t,
+                              /* input_chan_bindings */
+            gss_buffer_t,     /* input_token */
+            gss_OID*,         /* actual_mech_type */
+            gss_buffer_t,     /* output_token */
+            int*,             /* ret_flags */
+            OM_uint32*        /* time_rec */
+           );
+
+OM_uint32 gss_accept_sec_context
+           (OM_uint32*,       /* minor_status */
+            gss_ctx_id_t*,    /* context_handle */
+            gss_cred_id_t,    /* verifier_cred_handle */
+            gss_buffer_t,     /* input_token_buffer */
+            gss_channel_bindings_t,
+                              /* input_chan_bindings */
+            gss_name_t*,      /* src_name */
+            gss_OID*,         /* mech_type */
+            gss_buffer_t,     /* output_token */
+            int*,             /* ret_flags */
+            OM_uint32*,       /* time_rec */
+            gss_cred_id_t*    /* delegated_cred_handle */
+           );
+
+OM_uint32 gss_process_context_token
+           (OM_uint32*,       /* minor_status */
+            gss_ctx_id_t,     /* context_handle */
+            gss_buffer_t      /* token_buffer */
+           );
+
+OM_uint32 gss_delete_sec_context
+           (OM_uint32*,       /* minor_status */
+            gss_ctx_id_t*,    /* context_handle */
+            gss_buffer_t      /* output_token */
+           );
+
+OM_uint32 gss_context_time
+           (OM_uint32*,       /* minor_status */
+            gss_ctx_id_t,     /* context_handle */
+            OM_uint32*        /* time_rec */
+           );
+
+OM_uint32 gss_sign
+           (OM_uint32*,       /* minor_status */
+            gss_ctx_id_t,     /* context_handle */
+            int,              /* qop_req */
+            gss_buffer_t,     /* message_buffer */
+            gss_buffer_t      /* message_token */
+           );
+
+OM_uint32 gss_verify
+           (OM_uint32*,       /* minor_status */
+            gss_ctx_id_t,     /* context_handle */
+            gss_buffer_t,     /* message_buffer */
+            gss_buffer_t,     /* token_buffer */
+            int*              /* qop_state */
+           );
+
+OM_uint32 gss_seal
+           (OM_uint32*,       /* minor_status */
+            gss_ctx_id_t,     /* context_handle */
+            int,              /* conf_req_flag */
+            int,              /* qop_req */
+            gss_buffer_t,     /* input_message_buffer */
+            int*,             /* conf_state */
+            gss_buffer_t      /* output_message_buffer */
+           );
+
+OM_uint32 gss_unseal
+           (OM_uint32*,       /* minor_status */
+            gss_ctx_id_t,     /* context_handle */
+            gss_buffer_t,     /* input_message_buffer */
+            gss_buffer_t,     /* output_message_buffer */
+            int*,             /* conf_state */
+            int*              /* qop_state */
+           );
+
+OM_uint32 gss_display_status
+           (OM_uint32*,       /* minor_status */
+            OM_uint32,        /* status_value */
+            int,              /* status_type */
+            const_gss_OID,    /* mech_type */
+            int*,             /* message_context */
+            gss_buffer_t      /* status_string */
+           );
+
+OM_uint32 gss_indicate_mechs
+           (OM_uint32*,       /* minor_status */
+            gss_OID_set*      /* mech_set */
+           );
+
+OM_uint32 gss_compare_name
+           (OM_uint32*,       /* minor_status */
+            gss_name_t,       /* name1 */
+            gss_name_t,       /* name2 */
+            int*              /* name_equal */
+           );
+
+OM_uint32 gss_display_name
+           (OM_uint32*,      /* minor_status */
+            gss_name_t,      /* input_name */
+            gss_buffer_t,     /* output_name_buffer */
+            gss_OID*         /* output_name_type */
+           );
+
+OM_uint32 gss_import_name
+           (OM_uint32*,       /* minor_status */
+            gss_buffer_t,     /* input_name_buffer */
+            const_gss_OID,    /* input_name_type */
+            gss_name_t*       /* output_name */
+           );
+
+OM_uint32 gss_release_name
+           (OM_uint32*,       /* minor_status */
+            gss_name_t*       /* input_name */
+           );
+
+OM_uint32 gss_release_buffer
+           (OM_uint32*,       /* minor_status */
+            gss_buffer_t      /* buffer */
+           );
+
+OM_uint32 gss_release_oid_set
+           (OM_uint32*,       /* minor_status */
+            gss_OID_set*      /* set */
+           );
+
+OM_uint32 gss_inquire_cred
+           (OM_uint32 *,      /* minor_status */
+            gss_cred_id_t,    /* cred_handle */
+            gss_name_t *,     /* name */
+            OM_uint32 *,      /* lifetime */
+            int *,            /* cred_usage */
+            gss_OID_set *     /* mechanisms */
+           );
+
+OM_uint32 gss_inquire_context
+	   (OM_uint32*,       /* minor_status */
+	    gss_ctx_id_t,     /* context_handle */
+	    gss_name_t*,      /* initiator_name */
+	    gss_name_t*,      /* acceptor_name */
+	    OM_uint32*,       /* lifetime_rec */
+	    gss_OID*,         /* mech_type */
+	    int*,             /* ret_flags */
+	    int*              /* locally_initiated */
+	   );
+
+
+#endif /* _GSSAPI_H_ */
diff --git a/src/lib/gssapi/generic/gssapiP_generic.h b/src/lib/gssapi/generic/gssapiP_generic.h
new file mode 100644
index 000000000..5d8275568
--- /dev/null
+++ b/src/lib/gssapi/generic/gssapiP_generic.h
@@ -0,0 +1,123 @@
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ * 
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ * 
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _GSSAPIP_GENERIC_H_
+#define _GSSAPIP_GENERIC_H_
+
+/*
+ * $Id$
+ */
+
+#include "gssapi.h"
+
+#include "gssapi_generic_err.h"
+#include <errno.h>
+
+/** helper macros **/
+
+#define g_OID_equal(o1,o2) \
+   (((o1)->length == (o2)->length) && \
+    (memcmp((o1)->elements,(o2)->elements,(o1)->length) == 0))
+
+#define TWRITE_INT(ptr, tmp, num) \
+   (tmp) = htonl(num); \
+   memcpy(ptr, (char *) &(tmp), sizeof(tmp)); \
+   (ptr) += sizeof(tmp);
+	     
+#define TREAD_INT(ptr, num) \
+   memcpy((char *) &(num), (char *) (ptr), sizeof(num)); \
+   (num) = ntohl(num); \
+   (ptr) += sizeof(num);
+
+#define TWRITE_STR(ptr, str, len) \
+   memcpy((ptr), (char *) (str), (len)); \
+   (ptr) += (len);
+
+#define TREAD_STR(ptr, str, len) \
+   (str) = (ptr); \
+   (ptr) += (len);
+
+#define TWRITE_BUF(ptr, tmp, buf) \
+   TWRITE_INT((ptr), (tmp), (buf).length); \
+   TWRITE_STR((ptr), (buf).value, (buf).length);
+
+/** malloc wrappers; these may actually do something later */
+
+#define xmalloc(n) malloc(n)
+#define xrealloc(p,n) realloc(p,n)
+#ifdef xfree
+#undef xfree
+#endif
+#define xfree(p) free(p)
+
+/** helper functions **/
+
+int g_save_name(void **vdb, gss_name_t *name);
+int g_save_cred_id(void **vdb, gss_cred_id_t *cred);
+int g_save_ctx_id(void **vdb, gss_ctx_id_t *ctx);
+
+int g_validate_name(void **vdb, gss_name_t *name);
+int g_validate_cred_id(void **vdb, gss_cred_id_t *cred);
+int g_validate_ctx_id(void **vdb, gss_ctx_id_t *ctx);
+
+int g_delete_name(void **vdb, gss_name_t *name);
+int g_delete_cred_id(void **vdb, gss_cred_id_t *cred);
+int g_delete_ctx_id(void **vdb, gss_ctx_id_t *ctx);
+
+int g_make_string_buffer(const char *str, gss_buffer_t buffer);
+
+int g_copy_OID_set(const gss_OID_set_desc * const in, gss_OID_set *out);
+
+int g_token_size(const_gss_OID mech, unsigned int body_size);
+
+void g_make_token_header(const_gss_OID mech, int body_size,
+			  unsigned char **buf, int tok_type);
+
+int g_verify_token_header(const_gss_OID mech, int *body_size,
+			  unsigned char **buf, int tok_type, int toksize);
+
+OM_uint32 g_display_major_status(OM_uint32 *minor_status,
+				 OM_uint32 status_value,
+				 int *message_context,
+				 gss_buffer_t status_string);
+
+OM_uint32 g_display_com_err_status(OM_uint32 *minor_status,
+				   OM_uint32 status_value,
+				   gss_buffer_t status_string);
+
+char *g_canonicalize_host(char *hostname);
+
+char *g_strdup(char *str);
+
+/** declarations of internal name mechanism functions **/
+
+OM_uint32 generic_gss_release_buffer
+           (OM_uint32*,       /* minor_status */
+            gss_buffer_t      /* buffer */
+           );
+
+OM_uint32 generic_gss_release_oid_set
+           (OM_uint32*,       /* minor_status */
+            gss_OID_set*      /* set */
+           );
+
+#endif /* _GSSAPIP_GENERIC_H_ */
diff --git a/src/lib/gssapi/generic/gssapi_generic.c b/src/lib/gssapi/generic/gssapi_generic.c
new file mode 100644
index 000000000..26d7eebf6
--- /dev/null
+++ b/src/lib/gssapi/generic/gssapi_generic.c
@@ -0,0 +1,39 @@
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ * 
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ * 
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * $Id$
+ */
+
+#include "gssapiP_generic.h"
+
+static const gss_OID_desc oids[] = {
+   {2, "\001\001"},
+   {2, "\001\002"},
+   {2, "\001\003"},
+   {2, "\001\004"},
+};
+
+const_gss_OID gss_nt_user_name = oids+0;
+const_gss_OID gss_nt_machine_uid_name = oids+1;
+const_gss_OID gss_nt_string_uid_name = oids+2;
+const_gss_OID gss_nt_service_name = oids+3;
diff --git a/src/lib/gssapi/generic/gssapi_generic.h b/src/lib/gssapi/generic/gssapi_generic.h
new file mode 100644
index 000000000..8d934dda5
--- /dev/null
+++ b/src/lib/gssapi/generic/gssapi_generic.h
@@ -0,0 +1,37 @@
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ * 
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ * 
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef _GSSAPI_GENERIC_H_
+#define _GSSAPI_GENERIC_H_
+
+/*
+ * $Id$
+ */
+
+#include <gssapi/gssapi.h>
+
+extern const gss_OID_desc * const gss_nt_user_name;
+extern const gss_OID_desc * const gss_nt_machine_uid_name;
+extern const gss_OID_desc * const gss_nt_string_uid_name;
+extern const gss_OID_desc * const gss_nt_service_name;
+
+#endif /* _GSSAPI_GENERIC_H_ */
diff --git a/src/lib/gssapi/generic/gssapi_generic_err.et b/src/lib/gssapi/generic/gssapi_generic_err.et
new file mode 100644
index 000000000..fed788c29
--- /dev/null
+++ b/src/lib/gssapi/generic/gssapi_generic_err.et
@@ -0,0 +1,38 @@
+# 
+# Copyright 1993 by OpenVision Technologies, Inc.
+# 
+# Permission to use, copy, modify, distribute, and sell this software
+# and its documentation for any purpose is hereby granted without fee,
+# provided that the above copyright notice appears in all copies and
+# that both that copyright notice and this permission notice appear in
+# supporting documentation, and that the name of OpenVision not be used
+# in advertising or publicity pertaining to distribution of the software
+# without specific, written prior permission. OpenVision makes no
+# representations about the suitability of this software for any
+# purpose.  It is provided "as is" without express or implied warranty.
+# 
+# OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+# INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+# EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+# CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+# USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+# OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+# 
+
+#
+# $Id$
+#
+
+error_table ggss
+
+error_code G_BAD_SERVICE_NAME, "No @ in SERVICE-NAME name string"
+error_code G_BAD_STRING_UID, "STRING-UID-NAME contains nondigits"
+error_code G_NOUSER, "UID does not resolve to username"
+error_code G_VALIDATE_FAILED, "Validation error"
+error_code G_BUFFER_ALLOC, "Couldn't allocate gss_buffer_t data"
+error_code G_BAD_MSG_CTX, "Message context invalid"
+error_code G_WRONG_SIZE, "Buffer is the wrong size"
+error_code G_BAD_USAGE, "Credential usage type is unknown"
+error_code G_UNKNOWN_QOP, "Unknown quality of protection specified"
+end
diff --git a/src/lib/gssapi/generic/release_buffer.c b/src/lib/gssapi/generic/release_buffer.c
new file mode 100644
index 000000000..ecb8eab08
--- /dev/null
+++ b/src/lib/gssapi/generic/release_buffer.c
@@ -0,0 +1,42 @@
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ * 
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ * 
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * $Id$
+ */
+
+#include "gssapiP_generic.h"
+
+OM_uint32
+generic_gss_release_buffer(OM_uint32 *minor_status,
+			   gss_buffer_t buffer)
+{
+   if ((buffer->length) &&
+       (buffer->value)) {
+      xfree(buffer->value);
+      buffer->length = 0;
+      buffer->value = NULL;
+   }
+
+   *minor_status = 0;
+   return(GSS_S_COMPLETE);
+}
diff --git a/src/lib/gssapi/generic/release_oid_set.c b/src/lib/gssapi/generic/release_oid_set.c
new file mode 100644
index 000000000..e821e6eec
--- /dev/null
+++ b/src/lib/gssapi/generic/release_oid_set.c
@@ -0,0 +1,44 @@
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ * 
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ * 
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "gssapiP_generic.h"
+
+/*
+ * $Id$
+ */
+
+OM_uint32
+generic_gss_release_oid_set(OM_uint32 *minor_status,
+			    gss_OID_set *set)
+{
+   *minor_status = 0;
+
+   if (*set == GSS_C_NULL_OID_SET)
+      return(GSS_S_COMPLETE);
+
+   xfree((*set)->elements);
+   xfree(*set);
+
+   *set = GSS_C_NULL_OID_SET;
+
+   return(GSS_S_COMPLETE);
+}
diff --git a/src/lib/gssapi/generic/util_buffer.c b/src/lib/gssapi/generic/util_buffer.c
new file mode 100644
index 000000000..63c10522e
--- /dev/null
+++ b/src/lib/gssapi/generic/util_buffer.c
@@ -0,0 +1,46 @@
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ * 
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ * 
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * $Id$
+ */
+
+#include "gssapiP_generic.h"
+#include <string.h>
+
+/* return nonzero on success, 0 on failure
+   make sure that buffer is consistent (release'able) when this
+   function exits, no matter what the exit value */
+
+int g_make_string_buffer(const char *str, gss_buffer_t buffer)
+{
+   buffer->length = strlen(str)+1;
+
+   if ((buffer->value = (void *) xmalloc(buffer->length)) == NULL) {
+      buffer->length = 0;
+      return(0);
+   }
+
+   strcpy(buffer->value, str);
+
+   return(1);
+}
diff --git a/src/lib/gssapi/generic/util_canonhost.c b/src/lib/gssapi/generic/util_canonhost.c
new file mode 100644
index 000000000..8fb7a03fe
--- /dev/null
+++ b/src/lib/gssapi/generic/util_canonhost.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ * 
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ * 
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * $Id$
+ */
+
+/* This file could be OS specific */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netdb.h>
+#include <string.h>
+
+#include "gssapiP_generic.h"
+
+char *g_canonicalize_host(char *hostname)
+{
+   struct hostent *hent;
+   char *canon, *str;
+
+   if ((hent = gethostbyname(hostname)) == NULL)
+      return(NULL);
+
+   if ((canon = xmalloc(strlen(hent->h_name)+1)) == NULL)
+      return(NULL);
+
+   strcpy(canon, hent->h_name);
+
+   for (str = canon; *str; str++)
+      if (isupper(*str)) *str = tolower(*str);
+
+   return(canon);
+}
diff --git a/src/lib/gssapi/generic/util_dup.c b/src/lib/gssapi/generic/util_dup.c
new file mode 100644
index 000000000..4da654719
--- /dev/null
+++ b/src/lib/gssapi/generic/util_dup.c
@@ -0,0 +1,40 @@
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ * 
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ * 
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * $Id$
+ */
+
+#include "gssapiP_generic.h"
+#include <string.h>
+
+char *g_strdup(char *str)
+{
+   char *ret;
+
+   if ((ret = (char *) xmalloc(strlen(str)+1)) == NULL)
+      return(NULL);
+
+   strcpy(ret, str);
+
+   return(ret);
+}
diff --git a/src/lib/gssapi/generic/util_oid.c b/src/lib/gssapi/generic/util_oid.c
new file mode 100644
index 000000000..40f730a36
--- /dev/null
+++ b/src/lib/gssapi/generic/util_oid.c
@@ -0,0 +1,54 @@
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ * 
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ * 
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "gssapiP_generic.h"
+
+/*
+ * $Id$
+ */
+
+int
+g_copy_OID_set(const gss_OID_set_desc * const in, gss_OID_set *out)
+{
+   gss_OID_set copy;
+   int i;
+
+   *out = NULL;
+
+   if ((copy =
+	(gss_OID_set_desc *) xmalloc(sizeof(gss_OID_set_desc))) == NULL)
+      return(0);
+
+   copy->count = in->count;
+
+   if ((copy->elements = 
+	(gss_OID_desc *) xmalloc(sizeof(gss_OID_desc)*copy->count)) == NULL) {
+      xfree(copy);
+      return(0);
+   }
+
+   for (i=0; i<in->count; i++)
+      copy->elements[i] = in->elements[i];
+
+   *out = copy;
+   return(1);
+}
diff --git a/src/lib/gssapi/generic/util_token.c b/src/lib/gssapi/generic/util_token.c
new file mode 100644
index 000000000..3fad4b9e5
--- /dev/null
+++ b/src/lib/gssapi/generic/util_token.c
@@ -0,0 +1,183 @@
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ * 
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ * 
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "gssapiP_generic.h"
+#include <memory.h>
+
+/*
+ * $Id$
+ */
+
+/* XXXX this code currently makes the assumption that a mech oid will
+   never be longer than 127 bytes.  This assumption is not inherent in
+   the interfaces, so the code can be fixed if the OSI namespace
+   balloons unexpectedly. */
+
+/* Each token looks like this:
+
+0x60				tag for APPLICATION 0, SEQUENCE
+					(constructed, definite-length)
+	<length>		possible multiple bytes, need to parse/generate
+	0x06			tag for OBJECT IDENTIFIER
+		<moid_length>	compile-time constant string (assume 1 byte)
+		<moid_bytes>	compile-time constant string
+	<inner_bytes>		the ANY containing the application token
+					bytes 0,1 are the token type
+					bytes 2,n are the token data
+
+For the purposes of this abstraction, the token "header" consists of
+the sequence tag and length octets, the mech OID DER encoding, and the
+first two inner bytes, which indicate the token type.  The token
+"body" consists of everything else.
+
+*/
+
+static int der_length_size(int length)
+{
+   if (length < (1<<7))
+      return(1);
+   else if (length < (1<<8))
+      return(2);
+   else if (length < (1<<16))
+      return(3);
+   else if (length < (1<<24))
+      return(4);
+   else
+      return(5);
+}
+
+static void der_write_length(unsigned char **buf, int length)
+{
+   if (length < (1<<7)) {
+      *(*buf)++ = (unsigned char) length;
+   } else {
+      *(*buf)++ = (unsigned char) (der_length_size(length)+127);
+      if (length >= (1<<24))
+	 *(*buf)++ = (unsigned char) (length>>24);
+      if (length >= (1<<16))
+	 *(*buf)++ = (unsigned char) ((length>>16)&0xff);
+      if (length >= (1<<8))
+	 *(*buf)++ = (unsigned char) ((length>>8)&0xff);
+      *(*buf)++ = (unsigned char) (length&0xff);
+   }
+}
+
+/* returns decoded length, or < 0 on failure.  Advances buf and
+   decrements bufsize */
+
+static int der_read_length(unsigned char **buf, int *bufsize)
+{
+   unsigned char sf;
+   int ret;
+
+   if (*bufsize < 1)
+      return(-1);
+   sf = *(*buf)++;
+   (*bufsize)--;
+   if (sf & 0x80) {
+      if ((sf &= 0x7f) > ((*bufsize)-1))
+	 return(-1);
+      ret = 0;
+      for (; sf; sf--) {
+	 ret = (ret<<8) + (*(*buf)++);
+	 (*bufsize)--;
+      }
+   } else {
+      ret = sf;
+   }
+
+   return(ret);
+}
+
+/* returns the length of a token, given the mech oid and the body size */
+
+int g_token_size(const_gss_OID mech, unsigned int body_size)
+{
+   /* set body_size to sequence contents size */
+   body_size += 4 + mech->length;
+   return(1 + der_length_size(body_size) + body_size);
+}
+
+/* fills in a buffer with the token header.  The buffer is assumed to
+   be the right size.  buf is advanced past the token header */
+
+void g_make_token_header(const_gss_OID mech, int body_size,
+			  unsigned char **buf, int tok_type)
+{
+   *(*buf)++ = 0x60;
+   der_write_length(buf, 4 + mech->length + body_size);
+   *(*buf)++ = 0x06;
+   *(*buf)++ = (unsigned char) mech->length;
+   TWRITE_STR(*buf, mech->elements, mech->length);
+   *(*buf)++ = (unsigned char) ((tok_type>>8)&0xff);
+   *(*buf)++ = (unsigned char) (tok_type&0xff);
+}
+
+/* given a buffer containing a token, reads and verifies the token,
+   leaving buf advanced past the token header, and setting body_size
+   to the number of remaining bytes */
+
+int g_verify_token_header(const_gss_OID mech, int *body_size,
+			  unsigned char **buf, int tok_type, int toksize)
+{
+   int seqsize;
+   gss_OID_desc toid;
+
+   if ((toksize-=1) < 0)
+      return(0);
+   if (*(*buf)++ != 0x60)
+      return(0);
+
+   if ((seqsize = der_read_length(buf, &toksize)) < 0)
+      return(0);
+
+   if (seqsize != toksize)
+      return(0);
+
+   if ((toksize-=1) < 0)
+      return(0);
+   if (*(*buf)++ != 0x06)
+      return(0);
+ 
+   if ((toksize-=1) < 0)
+      return(0);
+   toid.length = *(*buf)++;
+
+   if ((toksize-=toid.length) < 0)
+      return(0);
+   toid.elements = *buf;
+   (*buf)+=toid.length;
+
+   if (! g_OID_equal(&toid, mech))
+      return(0);
+ 
+   if ((toksize-=2) < 0)
+      return(0);
+
+   if ((*(*buf)++ != ((tok_type>>8)&0xff)) ||
+       (*(*buf)++ != (tok_type&0xff)))
+      return(0);
+
+   *body_size = toksize;
+
+   return(1);
+}
diff --git a/src/lib/gssapi/generic/util_validate.c b/src/lib/gssapi/generic/util_validate.c
new file mode 100644
index 000000000..0c25c2644
--- /dev/null
+++ b/src/lib/gssapi/generic/util_validate.c
@@ -0,0 +1,153 @@
+/*
+ * Copyright 1993 by OpenVision Technologies, Inc.
+ * 
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without fee,
+ * provided that the above copyright notice appears in all copies and
+ * that both that copyright notice and this permission notice appear in
+ * supporting documentation, and that the name of OpenVision not be used
+ * in advertising or publicity pertaining to distribution of the software
+ * without specific, written prior permission. OpenVision makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied warranty.
+ * 
+ * OPENVISION DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS, IN NO
+ * EVENT SHALL OPENVISION BE LIABLE FOR ANY SPECIAL, INDIRECT OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * $Id$
+ */
+
+/*
+ * functions to validate name, credential, and context handles
+ */
+
+#include "gssapiP_generic.h"
+
+#include <sys/types.h>
+#include <sys/file.h>
+#include <limits.h>
+#include <db.h>
+
+#define V_NAME		1
+#define V_CRED_ID	2
+#define V_CTX_ID	3
+
+typedef struct _vkey {
+   int type;
+   void *ptr;
+} vkey;
+
+static const int one = 1;
+static const DBT dbtone = { (void *) &one, sizeof(one) };
+
+/* All these functions return 0 on failure, and non-zero on success */
+
+static int g_save(DB **vdb, int type, void *ptr)
+{
+   vkey vk;
+   DBT key;
+
+   if (!*vdb)
+      *vdb = dbopen(NULL, O_CREAT|O_RDWR, O_CREAT|O_RDWR, DB_HASH, NULL);
+
+   vk.type = type;
+   vk.ptr = ptr;
+
+   key.data = &vk;
+   key.size = sizeof(vk);
+
+   return((*((*vdb)->put))(*vdb, &key, &dbtone, 0) == 0);
+}
+
+static int g_validate(DB **vdb, int type, void *ptr)
+{
+   vkey vk;
+   DBT key, value;
+
+   if (!*vdb)
+      return(0);
+
+   vk.type = type;
+   vk.ptr = ptr;
+
+   key.data = &vk;
+   key.size = sizeof(vk);
+
+   if ((*((*vdb)->get))(*vdb, &key, &value, 0))
+      return(0);
+
+   return((value.size == sizeof(one)) &&
+	  (*((int *) value.data) == one));
+}
+
+static int g_delete(DB **vdb, int type, void *ptr)
+{
+   vkey vk;
+   DBT key;
+
+   if (!*vdb)
+      return(0);
+
+   vk.type = type;
+   vk.ptr = ptr;
+
+   key.data = &vk;
+   key.size = sizeof(vk);
+
+   return((*((*vdb)->del))(*vdb, &key, 0) == 0);
+}
+
+/* functions for each type */
+
+/* save */
+
+int g_save_name(void **vdb, gss_name_t *name)
+{
+   return(g_save((DB **) vdb, V_NAME, (void *) name));
+}
+int g_save_cred_id(void **vdb, gss_cred_id_t *cred)
+{
+   return(g_save((DB **) vdb, V_CRED_ID, (void *) cred));
+}
+int g_save_ctx_id(void **vdb, gss_ctx_id_t *ctx)
+{
+   return(g_save((DB **) vdb, V_CTX_ID, (void *) ctx));
+}
+
+/* validate */
+
+int g_validate_name(void **vdb, gss_name_t *name)
+{
+   return(g_validate((DB **) vdb, V_NAME, (void *) name));
+}
+int g_validate_cred_id(void **vdb, gss_cred_id_t *cred)
+{
+   return(g_validate((DB **) vdb, V_CRED_ID, (void *) cred));
+}
+int g_validate_ctx_id(void **vdb, gss_ctx_id_t *ctx)
+{
+   return(g_validate((DB **) vdb, V_CTX_ID, (void *) ctx));
+}
+
+/* delete */
+
+int g_delete_name(void **vdb, gss_name_t *name)
+{
+   return(g_delete((DB **) vdb, V_NAME, (void *) name));
+}
+int g_delete_cred_id(void **vdb, gss_cred_id_t *cred)
+{
+   return(g_delete((DB **) vdb, V_CRED_ID, (void *) cred));
+}
+int g_delete_ctx_id(void **vdb, gss_ctx_id_t *ctx)
+{
+   return(g_delete((DB **) vdb, V_CTX_ID, (void *) ctx));
+}
+