Merge in last changes from Asanka for the win32 port

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
2009-12-23 14:17:43 +01:00
parent 4182a61eba be73fa4687
commit e35864d267
73 changed files with 2722 additions and 2095 deletions
--- a/appl/dceutils/k5dce.h
+++ b/appl/dceutils/k5dce.h
@@ -55,7 +55,7 @@ typedef unsigned char   krb5_octet;
 typedef krb5_octet      krb5_boolean;
 typedef krb5short       krb5_keytype; /* in k5.2 it's a short */
 typedef krb5_int32      krb5_flags;
-typedef krb5_int32  krb5_timestamp;
+typedef krb5_int32  krb5_timestamp; /* is a time_t in krb5.h */
 typedef char * krb5_pointer;  /* pointer to unexposed data */
--- a/autogen.sh
+++ b/autogen.sh
--- a/configure.ac
+++ b/configure.ac
@@ -167,7 +167,7 @@ AM_CONDITIONAL(SQLITE3,  test "X$with_sqlite3" = Xyes)
 AC_ARG_ENABLE(sqlite-cache, 
 	AS_HELP_STRING([--disable-sqlite-cache],[if you want support for cache in sqlite]))
 if test "$enable_sqlite_cache" != no; then
-    AC_DEFINE(HAVE_SCC, 1, [Define if you want support for DCE/DFS PAG's.])
+    AC_DEFINE(HAVE_SCC, 1, [Define if you want support for cache in sqlite.])
 fi
 AM_CONDITIONAL(have_scc, test "$enable_sqlite_cache" != no)
--- a/include/NTMakefile
+++ b/include/NTMakefile
@@ -43,19 +43,12 @@ INCFILES=			\
 	$(INCDIR)\krb5-types.h	\
 	$(INCDIR)\version.h
-MAKECRYPTO=$(OBJ)\make_crypto.exe
+$(INCDIR)\krb5-types.h: $(OBJ)\bits.exe
 	$(OBJ)\bits.exe $(INCDIR)\krb5-types.h
-$(MAKECRYPTO): $(OBJ)\make_crypto.obj
+$(OBJ)\bits.exe: $(OBJ)\bits.obj
 	$(EXECONLINK)
-	$(_VC_MANIFEST_EMBED_EXE)
+	$(EXEPREP_NODIST)
 	$(_VC_MANIFEST_CLEAN)
 	$(_CODESIGN)
 $(INCDIR)\krb5-types.h: krb5-types.h.w32
 	$(CP) $** $@
 $(INCDIR)\crypto-headers.h: $(MAKECRYPTO)
 	$(MAKECRYPTO) $@
 $(INCDIR)\config.h: config.h.w32 ..\windows\NTMakefile.config NTMakefile
 	$(PERL) << < config.h.w32 > $@
@@ -79,14 +72,16 @@ while(<>) {
    if ("$(HAVE_PTHREAD_H)") { print "#define HAVE_PTHREAD_H 1\n"; }
    if ("$(ENV_HACK)") { print "#define ENV_HACK 1\n"; }
    if ("$(HAVE_KCM)") { print "#define HAVE_KCM 1\n"; }
-    if ("$(DIR_hdbdir)") { print "#define HDB_DB_DIR \"$(DIR_hdbdir)\"\n"; }
+    if ("$(HAVE_SCC)") { print "#define HAVE_SCC 1\n"; }
    if ("$(DIR_hdbdir)") { print "#define HDB_DB_DIR \"".'$(DIR_hdbdir)'."\"\n"; }
  } elsif (m/\@VERSION_OPTDEFS\@/) {
    if ("$(VER_PRERELEASE)") { print "#define VER_PRERELEASE 1\n"; }
-    if ("$(VER_PRIVATE)") { print "#define VER_PRIVATE \"$(VER_PRIVATE)\""; }
+    if ("$(VER_PRIVATE)") { print "#define VER_PRIVATE \"$(VER_PRIVATE)\"\n"; }
-    if ("$(VER_SPECIAL)") { print "#define VER_SPECIAL \"$(VER_SPECIAL)\""; }
+    if ("$(VER_SPECIAL)") { print "#define VER_SPECIAL \"$(VER_SPECIAL)\"\n"; }
    if ("$(BUILD)" =~ "dbg") { print "#define VER_DEBUG 1\n"; }
    print "#define HOST \"$(COMPUTERNAME)\"\n";
  } else {
--- a/include/bits.c
+++ b/include/bits.c
@@ -39,6 +39,9 @@ RCSID("$Id$");
 #include <string.h>
 #include <stdlib.h>
 #include <ctype.h>
 #ifdef WIN32
 #include <ws2tcpip.h>
 #endif
 #define BITSIZE(TYPE)						\
 {								\
@@ -157,7 +160,11 @@ int main(int argc, char **argv)
    fprintf(f, "#include <netinet/in6_machtypes.h>\n");
 #endif
 #ifdef HAVE_SOCKLEN_T
 #ifndef WIN32
    fprintf(f, "#include <sys/socket.h>\n");
 #else
    fprintf(f, "#include <ws2tcpip.h>\n");
 #endif
 #endif
    fprintf(f, "\n");
@@ -236,7 +243,6 @@ int main(int argc, char **argv)
    fprintf(f, "\n");
 #if defined(_WIN32)
    #include <ws2tcpip.h>
    fprintf(f, "typedef SOCKET krb5_socket_t;\n");
 #else
    fprintf(f, "typedef int krb5_socket_t;\n");
--- a/include/kadm5/Makefile.am
+++ b/include/kadm5/Makefile.am
@@ -2,4 +2,5 @@
 include $(top_srcdir)/Makefile.am.common
-CLEANFILES = admin.h kadm5_err.h private.h kadm5-private.h kadm5-protos.h
+CLEANFILES = admin.h kadm5_err.h private.h
 CLEANFILES += kadm5-private.h kadm5-protos.h kadm5-pwcheck.h
--- a/kadmin/kadm_conn.c
+++ b/kadmin/kadm_conn.c
@@ -124,15 +124,15 @@ spawn_child(krb5_context context, int *socks,
    struct sockaddr_storage __ss;
    struct sockaddr *sa = (struct sockaddr *)&__ss;
    socklen_t sa_size = sizeof(__ss);
-    int s;
+    krb5_socket_t s;
    pid_t pid;
    krb5_address addr;
    char buf[128];
    size_t buf_len;
    s = accept(socks[this_sock], sa, &sa_size);
-    if(s < 0) {
+    if(rk_IS_BAD_SOCKET(s)) {
-	krb5_warn(context, errno, "accept");
+	krb5_warn(context, rk_SOCK_ERRNO, "accept");
 	return 1;
    }
    e = krb5_sockaddr2address(context, sa, &addr);
@@ -151,21 +151,21 @@ spawn_child(krb5_context context, int *socks,
    pid = fork();
    if(pid == 0) {
 	for(i = 0; i < num_socks; i++)
-	    close(socks[i]);
+	    rk_closesocket(socks[i]);
 	dup2(s, STDIN_FILENO);
 	dup2(s, STDOUT_FILENO);
 	if(s != STDIN_FILENO && s != STDOUT_FILENO)
-	    close(s);
+	    rk_closesocket(s);
 	return 0;
    } else {
-	close(s);
+	rk_closesocket(s);
    }
    return 1;
 }
 static int
 wait_for_connection(krb5_context context,
-		    int *socks, unsigned int num_socks)
+		    krb5_socket_t *socks, unsigned int num_socks)
 {
    unsigned int i;
    int e;
@@ -195,9 +195,9 @@ wait_for_connection(krb5_context context,
    while (term_flag == 0) {
 	read_set = orig_read_set;
 	e = select(max_fd + 1, &read_set, NULL, NULL, NULL);
-	if(e < 0) {
+	if(rk_IS_SOCKET_ERROR(e)) {
-	    if(errno != EINTR)
+	    if(rk_SOCK_ERRNO != EINTR)
-		krb5_warn(context, errno, "select");
+		krb5_warn(context, rk_SOCK_ERRNO, "select");
 	} else if(e == 0)
 	    krb5_warnx(context, "select returned 0");
 	else {
@@ -226,7 +226,7 @@ start_server(krb5_context context)
    int e;
    struct kadm_port *p;
-    int *socks = NULL, *tmp;
+    krb5_socket_t *socks = NULL, *tmp;
    unsigned int num_socks = 0;
    int i;
@@ -259,23 +259,23 @@ start_server(krb5_context context)
 	}
 	socks = tmp;
 	for(ap = ai; ap; ap = ap->ai_next) {
-	    int s = socket(ap->ai_family, ap->ai_socktype, ap->ai_protocol);
+	    krb5_socket_t s = socket(ap->ai_family, ap->ai_socktype, ap->ai_protocol);
-	    if(s < 0) {
+	    if(rk_IS_BAD_SOCKET(s)) {
-		krb5_warn(context, errno, "socket");
+		krb5_warn(context, rk_SOCK_ERRNO, "socket");
 		continue;
 	    }
 	    socket_set_reuseaddr(s, 1);
 	    socket_set_ipv6only(s, 1);
-	    if (bind (s, ap->ai_addr, ap->ai_addrlen) < 0) {
+	    if (rk_IS_SOCKET_ERROR(bind (s, ap->ai_addr, ap->ai_addrlen))) {
-		krb5_warn(context, errno, "bind");
+		krb5_warn(context, rk_SOCK_ERRNO, "bind");
-		close(s);
+		rk_closesocket(s);
 		continue;
 	    }
-	    if (listen (s, SOMAXCONN) < 0) {
+	    if (rk_IS_SOCKET_ERROR(listen (s, SOMAXCONN))) {
-		krb5_warn(context, errno, "listen");
+		krb5_warn(context, rk_SOCK_ERRNO, "listen");
-		close(s);
+		rk_closesocket(s);
 		continue;
 	    }
 	    socks[num_socks++] = s;
@@ -284,5 +284,6 @@ start_server(krb5_context context)
    }
    if(num_socks == 0)
 	krb5_errx(context, 1, "no sockets to listen to - exiting");
    return wait_for_connection(context, socks, num_socks);
 }
--- a/kadmin/kadmind.c
+++ b/kadmin/kadmind.c
@@ -95,6 +95,7 @@ main(int argc, char **argv)
    int i;
    krb5_log_facility *logfacility;
    krb5_keytab keytab;
    krb5_socket_t sfd = rk_INVALID_SOCKET;
    setprogname(argv[0]);
@@ -168,8 +169,9 @@ main(int argc, char **argv)
 					     "tcp", 749);
 	else
 	    debug_port = htons(atoi(port_str));
-	mini_inetd(debug_port, NULL);
+	mini_inetd(debug_port, &sfd);
    } else {
 #ifndef NO_INETD
 	struct sockaddr_storage __ss;
 	struct sockaddr *sa = (struct sockaddr *)&__ss;
 	socklen_t sa_size = sizeof(__ss);
@@ -180,17 +182,22 @@ main(int argc, char **argv)
 	 */
 	if(roken_getsockname(STDIN_FILENO, sa, &sa_size) < 0 &&
-	       errno == ENOTSOCK) {
+	   SOCK_ERRNO == ENOTSOCK) {
 #endif
 	    parse_ports(context, port_str ? port_str : "+");
 	    pidfile(NULL);
-	    start_server(context);
+	    start_server(context, &sfd);
 #ifndef NO_INETD
 	} else {
 	    sfd = STDIN_FILENO;
 	}
 #endif
    }
    if(realm)
 	krb5_set_default_realm(context, realm); /* XXX */
-    kadmind_loop(context, keytab, STDIN_FILENO);
+    kadmind_loop(context, keytab, sfd);
    return 0;
 }
--- a/kadmin/rpc.c
+++ b/kadmin/rpc.c
@@ -1091,13 +1091,13 @@ process_stream(krb5_context context,
 int
-handle_mit(krb5_context context, void *buf, size_t len, int fd)
+handle_mit(krb5_context context, void *buf, size_t len, krb5_socket_t sock)
 {
    krb5_storage *sp;
    dcontext = context;
-    sp = krb5_storage_from_fd(fd);
+    sp = krb5_storage_from_fd(sock);
    INSIST(sp != NULL);
    process_stream(context, buf, len, sp);
--- a/kadmin/server.c
+++ b/kadmin/server.c
@@ -440,7 +440,7 @@ v5_loop (krb5_context context,
 	 krb5_auth_context ac,
 	 krb5_boolean initial,
 	 void *kadm_handle,
-	 int fd)
+	 krb5_socket_t fd)
 {
    krb5_error_code ret;
    krb5_data in, out;
@@ -476,7 +476,7 @@ match_appl_version(const void *data, const char *appl_version)
 static void
 handle_v5(krb5_context context,
 	  krb5_keytab keytab,
-	  int fd)
+	  krb5_socket_t fd)
 {
    krb5_error_code ret;
    krb5_ticket *ticket;
@@ -539,13 +539,13 @@ handle_v5(krb5_context context,
 krb5_error_code
 kadmind_loop(krb5_context context,
 	     krb5_keytab keytab,
-	     int fd)
+	     krb5_socket_t sock)
 {
    u_char buf[sizeof(KRB5_SENDAUTH_VERSION) + 4];
    ssize_t n;
    unsigned long len;
-    n = krb5_net_read(context, &fd, buf, 4);
+    n = krb5_net_read(context, &sock, buf, 4);
    if(n == 0)
 	exit(0);
    if(n < 0)
@@ -554,21 +554,21 @@ kadmind_loop(krb5_context context,
    if (len == sizeof(KRB5_SENDAUTH_VERSION)) {
-	n = krb5_net_read(context, &fd, buf + 4, len);
+	n = krb5_net_read(context, &sock, buf + 4, len);
 	if (n < 0)
 	    krb5_err (context, 1, errno, "reading sendauth version");
 	if (n == 0)
 	    krb5_errx (context, 1, "EOF reading sendauth version");
 	if(memcmp(buf + 4, KRB5_SENDAUTH_VERSION, len) == 0) {
-	    handle_v5(context, keytab, fd);
+	    handle_v5(context, keytab, sock);
 	    return 0;
 	}
 	len += 4;
    } else
 	len = 4;
-    handle_mit(context, buf, len, fd);
+    handle_mit(context, buf, len, sock);
    return 0;
 }
--- a/kadmin/stash.c
+++ b/kadmin/stash.c
@@ -128,12 +128,18 @@ stash(struct stash_options *opt, int argc, char **argv)
 	    unlink(new);
 	else {
 	    unlink(old);
 #ifndef NO_POSIX_LINKS
 	    if(link(opt->key_file_string, old) < 0 && errno != ENOENT) {
 		ret = errno;
 		unlink(new);
-	    } else if(rename(new, opt->key_file_string) < 0) {
+	    } else {
-		ret = errno;
+#endif
 		if(rename(new, opt->key_file_string) < 0) {
 		    ret = errno;
 		}
 #ifndef NO_POSIX_LINKS
 	    }
 #endif
 	}
    out:
 	free(old);
--- a/kdc/NTMakefile
+++ b/kdc/NTMakefile
@@ -37,7 +37,11 @@ BINPROGRAMS=$(BINDIR)\string2key.exe
 SBINPROGRAMS=$(SBINDIR)\kstash.exe
-LIBEXECPROGRAMS=$(LIBEXECDIR)\hprop.exe $(LIBEXECDIR)\hpropd.exe $(LIBEXECDIR)\kdc.exe
+LIBEXECPROGRAMS= \
 	$(LIBEXECDIR)\hprop.exe \
 	$(LIBEXECDIR)\hpropd.exe \
 	$(LIBEXECDIR)\kdc.exe \
 #	$(LIBEXECDIR)\digest-service.exe
 NOINST_PROGRAMS=$(OBJ)\kdc-replay.exe
@@ -90,7 +94,14 @@ $(BINDIR)\string2key.exe: $(OBJ)\string2key.obj $(BIN_LIBS)
 	$(_VC_MANIFEST_CLEAN)
 	$(_CODESIGN)
-$(LIBEXECDIR)\kdc.exe: $(OBJ)\connect.obj $(OBJ)\config.obj $(OBJ)\main.obj $(LIBKDC) $(BIN_LIBS)
+$(BINDIR)\digest-service.exe: $(OBJ)\digest-service.obj $(BIN_LIBS)
 	$(EXECONLINK)
 	$(_VC_MANIFEST_EMBED_EXE)
 	$(_VC_MANIFEST_CLEAN)
 	$(_CODESIGN)
 $(LIBEXECDIR)\kdc.exe: \
 $(OBJ)\connect.obj $(OBJ)\config.obj $(OBJ)\announce.obj $(OBJ)\main.obj $(LIBKDC) $(BIN_LIBS)
 	$(EXECONLINK)
 	$(_VC_MANIFEST_EMBED_EXE)
 	$(_VC_MANIFEST_CLEAN)
--- a/kdc/connect.c
+++ b/kdc/connect.c
@@ -877,11 +877,13 @@ loop(krb5_context context,
 		    clear_descr(&d[i]);
 		    continue;
 		}
 #ifndef NO_LIMIT_FD_SETSIZE
 		if(max_fd < d[i].s)
 		    max_fd = d[i].s;
 #ifdef FD_SETSIZE
 		if (max_fd >= FD_SETSIZE)
 		    krb5_errx(context, 1, "fd too large");
 #endif
 #endif
 		FD_SET(d[i].s, &fds);
 	    } else if(min_free < 0 || i < min_free)
--- a/kdc/kerberos5.c
+++ b/kdc/kerberos5.c
@@ -286,8 +286,9 @@ _kdc_encode_reply(krb5_context context,
    ret = krb5_crypto_init(context, skey, etype, &crypto);
    if (ret) {
        const char *msg;
 	free(buf);
-	const char *msg = krb5_get_error_message(context, ret);
+	msg = krb5_get_error_message(context, ret);
 	kdc_log(context, config, 0, "krb5_crypto_init failed: %s", msg);
 	krb5_free_error_message(context, msg);
 	return ret;
--- a/kdc/libkdc-exports.def
+++ b/kdc/libkdc-exports.def
@@ -10,3 +10,4 @@ EXPORTS
 	krb5_kdc_process_request
 	krb5_kdc_save_request
 	krb5_kdc_update_time
 	krb5_kdc_pk_initialize
--- a/lib/asn1/NTMakefile
+++ b/lib/asn1/NTMakefile
@@ -37,8 +37,8 @@ gen_files_k5 =						    \
 	$(OBJ)\asn1_AD_AND_OR.x				    \
 	$(OBJ)\asn1_AD_IF_RELEVANT.x			    \
 	$(OBJ)\asn1_AD_KDCIssued.x			    \
 	$(OBJ)\asn1_AD_MANDATORY_FOR_KDC.x		    \
 	$(OBJ)\asn1_AD_LoginAlias.x			    \
 	$(OBJ)\asn1_AD_MANDATORY_FOR_KDC.x		    \
 	$(OBJ)\asn1_APOptions.x				    \
 	$(OBJ)\asn1_AP_REP.x				    \
 	$(OBJ)\asn1_AP_REQ.x				    \
@@ -66,12 +66,15 @@ gen_files_k5 =						    \
 	$(OBJ)\asn1_EncryptedData.x			    \
 	$(OBJ)\asn1_EncryptionKey.x			    \
 	$(OBJ)\asn1_EtypeList.x				    \
 	$(OBJ)\asn1_FastOptions.x			    \
 	$(OBJ)\asn1_HostAddress.x			    \
 	$(OBJ)\asn1_HostAddresses.x			    \
 	$(OBJ)\asn1_KDCOptions.x			    \
 	$(OBJ)\asn1_KDC_REP.x				    \
 	$(OBJ)\asn1_KDC_REQ.x				    \
 	$(OBJ)\asn1_KDC_REQ_BODY.x			    \
 	$(OBJ)\asn1_KRB5SignedPath.x			    \
 	$(OBJ)\asn1_KRB5SignedPathData.x		    \
 	$(OBJ)\asn1_KRB_CRED.x				    \
 	$(OBJ)\asn1_KRB_ERROR.x				    \
 	$(OBJ)\asn1_KRB_PRIV.x				    \
@@ -80,27 +83,35 @@ gen_files_k5 =						    \
 	$(OBJ)\asn1_KerberosString.x			    \
 	$(OBJ)\asn1_KerberosTime.x			    \
 	$(OBJ)\asn1_KrbCredInfo.x			    \
 	$(OBJ)\asn1_KrbFastArmor.x			    \
 	$(OBJ)\asn1_KrbFastArmoredRep.x			    \
 	$(OBJ)\asn1_KrbFastArmoredReq.x			    \
 	$(OBJ)\asn1_KrbFastFinished.x			    \
 	$(OBJ)\asn1_KrbFastReq.x			    \
 	$(OBJ)\asn1_KrbFastResponse.x			    \
 	$(OBJ)\asn1_LR_TYPE.x				    \
 	$(OBJ)\asn1_LastReq.x				    \
 	$(OBJ)\asn1_MESSAGE_TYPE.x			    \
 	$(OBJ)\asn1_METHOD_DATA.x			    \
 	$(OBJ)\asn1_NAME_TYPE.x				    \
 	$(OBJ)\asn1_PA_FX_FAST_REPLY.x			    \
 	$(OBJ)\asn1_PA_FX_FAST_REQUEST.x		    \
 	$(OBJ)\asn1_PADATA_TYPE.x			    \
 	$(OBJ)\asn1_PA_ClientCanonicalized.x		    \
 	$(OBJ)\asn1_PA_ClientCanonicalizedNames.x	    \
 	$(OBJ)\asn1_PA_DATA.x				    \
-	$(OBJ)\asn1_PA_ENC_SAM_RESPONSE_ENC.x         	    \
+	$(OBJ)\asn1_PA_ENC_SAM_RESPONSE_ENC.x		    \
 	$(OBJ)\asn1_PA_ENC_TS_ENC.x			    \
 	$(OBJ)\asn1_PA_PAC_REQUEST.x			    \
 	$(OBJ)\asn1_PA_S4U2Self.x			    \
 	$(OBJ)\asn1_PA_SAM_CHALLENGE_2.x		    \
-	$(OBJ)\asn1_PA_SAM_CHALLENGE_2_BODY.x 		    \
+	$(OBJ)\asn1_PA_SAM_CHALLENGE_2_BODY.x		    \
 	$(OBJ)\asn1_PA_SAM_REDIRECT.x			    \
 	$(OBJ)\asn1_PA_SAM_RESPONSE_2.x			    \
 	$(OBJ)\asn1_PA_SAM_TYPE.x			    \
 	$(OBJ)\asn1_PA_ClientCanonicalized.x		    \
 	$(OBJ)\asn1_PA_ClientCanonicalizedNames.x	    \
 	$(OBJ)\asn1_PA_SvrReferralData.x		    \
 	$(OBJ)\asn1_PA_ServerReferralData.x		    \
 	$(OBJ)\asn1_PA_SERVER_REFERRAL_DATA.x		    \
 	$(OBJ)\asn1_PA_ServerReferralData.x		    \
 	$(OBJ)\asn1_PA_SvrReferralData.x		    \
 	$(OBJ)\asn1_PROV_SRV_LOCATION.x			    \
 	$(OBJ)\asn1_Principal.x				    \
 	$(OBJ)\asn1_PrincipalName.x			    \
@@ -115,9 +126,7 @@ gen_files_k5 =						    \
 	$(OBJ)\asn1_TransitedEncoding.x			    \
 	$(OBJ)\asn1_TypedData.x				    \
 	$(OBJ)\asn1_krb5int32.x				    \
-	$(OBJ)\asn1_krb5uint32.x			    \
+	$(OBJ)\asn1_krb5uint32.x
 	$(OBJ)\asn1_KRB5SignedPathData.x		    \
 	$(OBJ)\asn1_KRB5SignedPath.x
 gen_files_cms =						    \
 	$(OBJ)\asn1_CMSAttributes.x			    \
@@ -215,7 +224,6 @@ gen_files_rfc2459 =					    \
 	$(OBJ)\asn1_SubjectPublicKeyInfo.x		    \
 	$(OBJ)\asn1_TBSCRLCertList.x			    \
 	$(OBJ)\asn1_TBSCertificate.x			    \
 	$(OBJ)\asn1_TeletexStringx.x			    \
 	$(OBJ)\asn1_Time.x				    \
 	$(OBJ)\asn1_UniqueIdentifier.x			    \
 	$(OBJ)\asn1_ValidationParms.x			    \
@@ -426,8 +434,10 @@ gen_files_pkcs9 =					    \
 	$(OBJ)\asn1_PKCS9_friendlyName.x
 gen_files_test =					    \
 	$(OBJ)\asn1_TESTOptional.x			    \
 	$(OBJ)\asn1_TESTAlloc.x				    \
 	$(OBJ)\asn1_TESTAllocInner.x			    \
 	$(OBJ)\asn1_TESTBitString.x			    \
 	$(OBJ)\asn1_TESTCONTAINING.x			    \
 	$(OBJ)\asn1_TESTCONTAININGENCODEDBY.x		    \
 	$(OBJ)\asn1_TESTCONTAININGENCODEDBY2.x		    \
@@ -441,14 +451,21 @@ gen_files_test =					    \
 	$(OBJ)\asn1_TESTInteger2.x			    \
 	$(OBJ)\asn1_TESTInteger3.x			    \
 	$(OBJ)\asn1_TESTLargeTag.x			    \
 	$(OBJ)\asn1_TESTSeq.x				    \
 	$(OBJ)\asn1_TESTUSERCONSTRAINED.x		    \
 	$(OBJ)\asn1_TESTSeqOf.x				    \
 	$(OBJ)\asn1_TESTOSSize1.x			    \
 	$(OBJ)\asn1_TESTPreserve.x			    \
 	$(OBJ)\asn1_TESTSeq.x				    \
 	$(OBJ)\asn1_TESTSeqOf.x				    \
 	$(OBJ)\asn1_TESTSeqOf2.x			    \
 	$(OBJ)\asn1_TESTSeqOf3.x			    \
 	$(OBJ)\asn1_TESTSeqOfSeq.x			    \
 	$(OBJ)\asn1_TESTSeqOfSeq2.x			    \
 	$(OBJ)\asn1_TESTSeqOfSeq3.x			    \
 	$(OBJ)\asn1_TESTSeqSizeOf1.x			    \
 	$(OBJ)\asn1_TESTSeqSizeOf2.x			    \
 	$(OBJ)\asn1_TESTSeqSizeOf3.x			    \
-	$(OBJ)\asn1_TESTSeqSizeOf4.x
+	$(OBJ)\asn1_TESTSeqSizeOf4.x			    \
 	$(OBJ)\asn1_TESTUSERCONSTRAINED.x		    \
 	$(OBJ)\asn1_TESTuint32.x
 gen_files_digest =					    \
 	$(OBJ)\asn1_DigestError.x			    \
@@ -464,18 +481,22 @@ gen_files_digest =					    \
 	$(OBJ)\asn1_NTLMInit.x				    \
 	$(OBJ)\asn1_NTLMInitReply.x			    \
 	$(OBJ)\asn1_NTLMRequest.x			    \
-	$(OBJ)\asn1_NTLMResponse.x
+	$(OBJ)\asn1_NTLMRequest2.x			    \
 	$(OBJ)\asn1_NTLMResponse.x			    \
 	$(OBJ)\asn1_NTLMReply.x
 gen_files_kx509 =					    \
 	$(OBJ)\asn1_Kx509Response.x			    \
 	$(OBJ)\asn1_KX509_ERROR_CODE.x			    \
 	$(OBJ)\asn1_Kx509Request.x
 ASN1_BINARIES =						    \
-	$(BINDIR)\asn1_compile.exe			    \
+	$(LIBEXECDIR)\asn1_compile.exe			    \
-	$(BINDIR)\asn1_print.exe			    \
+	$(LIBEXECDIR)\asn1_print.exe			    \
 	$(BINDIR)\asn1_gen.exe
 $(BINDIR)\asn1_compile.exe:				    \
 	$(OBJ)\asn1parse.obj				    \
 	$(OBJ)\gen.obj					    \
 	$(OBJ)\gen_copy.obj				    \
 	$(OBJ)\gen_decode.obj				    \
@@ -484,10 +505,10 @@ $(BINDIR)\asn1_compile.exe:				    \
 	$(OBJ)\gen_glue.obj				    \
 	$(OBJ)\gen_length.obj				    \
 	$(OBJ)\gen_seq.obj				    \
 	$(OBJ)\gen_template.obj				    \
 	$(OBJ)\hash.obj					    \
 	$(OBJ)\lex.obj					    \
 	$(OBJ)\main.obj					    \
 	$(OBJ)\asn1parse.obj				    \
 	$(OBJ)\symbol.obj
 	$(EXECONLINK) $(LIBROKEN) $(LIBVERS)
 	$(_VC_MANIFEST_EMBED_EXE)
@@ -675,25 +696,41 @@ $(gen_files_test) $(OBJ)\test_asn1.hx: $(BINDIR)\asn1_compile.exe test.asn1
 	|| ($(RM) $(OBJ)\test_asn1.h ; exit /b 1)
 	cd $(SRCDIR)
-INCFILES=$(INCDIR)\der.h $(INCDIR)\heim_asn1.h $(INCDIR)\der-protos.h \
+INCFILES=			    \
 	$(INCDIR)\der.h		    \
 	$(INCDIR)\heim_asn1.h	    \
 	$(INCDIR)\der-protos.h	    \
 	$(INCDIR)\der-private.h	    \
 	$(INCDIR)\asn1-common.h	    \
 	$(INCDIR)\asn1-template.h   \
 	$(OBJ)\asn1_err.h
 $(INCDIR)\der-protos.h: $(OBJ)\der-protos.h
-GENINCFILES=	\
+GENINCFILES=			    \
-	$(INCDIR)\asn1_err.h	\
+	$(INCDIR)\asn1_err.h	    \
-	$(INCDIR)\cms_asn1.h	\
+	$(INCDIR)\cms_asn1.h	    \
-	$(INCDIR)\digest_asn1.h	\
+	$(INCDIR)\digest_asn1.h	    \
-	$(INCDIR)\krb5_asn1.h	\
+	$(INCDIR)\krb5_asn1.h	    \
-	$(INCDIR)\kx509_asn1.h	\
+	$(INCDIR)\kx509_asn1.h	    \
-	$(INCDIR)\pkcs12_asn1.h	\
+	$(INCDIR)\pkcs12_asn1.h	    \
-	$(INCDIR)\pkcs8_asn1.h	\
+	$(INCDIR)\pkcs8_asn1.h	    \
-	$(INCDIR)\pkcs9_asn1.h	\
+	$(INCDIR)\pkcs9_asn1.h	    \
-	$(INCDIR)\pkinit_asn1.h	\
+	$(INCDIR)\pkinit_asn1.h	    \
-	$(INCDIR)\rfc2459_asn1.h
+	$(INCDIR)\rfc2459_asn1.h    \
 	$(OBJ)\krb5_asn1-priv.h	    \
 	$(OBJ)\pkinit_asn1-priv.h   \
 	$(OBJ)\cms_asn1-priv.h	    \
 	$(OBJ)\rfc2459_asn1-priv.h  \
 	$(OBJ)\pkcs8_asn1-priv.h    \
 	$(OBJ)\pkcs9_asn1-priv.h    \
 	$(OBJ)\pkcs12_asn1-priv.h   \
 	$(OBJ)\digest_asn1-priv.h   \
 	$(OBJ)\kx509_asn1-priv.h    \
 	$(OBJ)\test_asn1.h	    \
 	$(OBJ)\test_asn1-priv.h
 libasn1_SOURCES=	\
 	der-protos.h 	\
 	der_locl.h 	\
 	der.c		\
 	der.h		\
@@ -708,9 +745,12 @@ libasn1_SOURCES=	\
 	extra.c		\
 	timegm.c
-$(OBJ)\der-protos.h: $(libasn1_SOURCES:der-protos.h=)
+$(OBJ)\der-protos.h: $(libasn1_SOURCES)
 	$(PERL) ..\..\cf\make-proto.pl -q -P remove -o $(OBJ)\der-protos.h $(libasn1_SOURCES) || $(RM) $(OBJ)\der-protos.h
 $(OBJ)\der-private.h: $(libasn1_SOURCES)
 	$(PERL) ..\..\cf\make-proto.pl -q -P remove -p $(OBJ)\der-private.h $(libasn1_SOURCES) || $(RM) $(OBJ)\der-private.h
 clean::
 	-$(RM) $(INCDIR)\der-protos.h
--- a/lib/asn1/gen.c
+++ b/lib/asn1/gen.c
@@ -739,7 +739,7 @@ define_type (int level, const char *name, const char *basename, Type *t, int typ
 		/* pad unused */
 		while (pos < m->val) {
-		    asprintf (&n, "_unused%d:1;", pos);
+		    asprintf (&n, "_unused%d:1", pos);
 		    define_type (level + 1, n, newbasename, &i, FALSE, FALSE);
 		    free(n);
 		    pos++;
@@ -755,7 +755,7 @@ define_type (int level, const char *name, const char *basename, Type *t, int typ
 	    /* pad to 32 elements */
 	    while (pos < 32) {
 		char *n;
-		asprintf (&n, "_unused%d:1;", pos);
+		asprintf (&n, "_unused%d:1", pos);
 		define_type (level + 1, n, newbasename, &i, FALSE, FALSE);
 		free(n);
 		pos++;
--- a/lib/asn1/libasn1-exports.def
+++ b/lib/asn1/libasn1-exports.def
--- a/lib/com_err/libcom_err-exports.def
+++ b/lib/com_err/libcom_err-exports.def
@@ -1,5 +1,6 @@
 EXPORTS
 	com_right
        com_right_r
 	free_error_table
 	initialize_error_table_r
 	add_to_error_table
@@ -10,3 +11,4 @@ EXPORTS
 	init_error_table
 	reset_com_err_hook
 	set_com_err_hook
        _et_list            DATA
--- a/lib/gssapi/NTMakefile
+++ b/lib/gssapi/NTMakefile
@@ -42,6 +42,7 @@ krb5src = \
 	krb5/aeap.c \
 	krb5/arcfour.c \
 	krb5/canonicalize_name.c \
 	krb5/creds.c \
 	krb5/ccache_name.c \
 	krb5/cfx.c \
 	krb5/cfx.h \
@@ -101,6 +102,7 @@ mechsrc = \
 	mech/gss_compare_name.c \
 	mech/gss_context_time.c \
 	mech/gss_create_empty_oid_set.c \
 	mech/gss_cred.c \
 	mech/gss_decapsulate_token.c \
 	mech/gss_delete_sec_context.c \
 	mech/gss_display_name.c \
@@ -219,19 +221,15 @@ $(gssapi_files:.x=.c): $$(@R).x
 $(spnego_files:.x=.c): $$(@R).x
-$(OBJ)\gssapi\gssapi_asn1.h: $(OBJ)\gssapi\gssapi_asn1.hx
+$(gssapi_files) $(OBJ)\gssapi\gssapi_asn1.hx $(OBJ)\gssapi\gssapi_asn1-priv.hx: \
-	$(CP) $** $@
+$(BINDIR)\asn1_compile.exe mech\gssapi.asn1
 $(OBJ)\spnego\spnego_asn1.h: $(OBJ)\spnego\spnego_asn1.hx
 	$(CP) $** $@
 $(gssapi_files) $(OBJ)\gssapi\gssapi_asn1.hx: $(BINDIR)\asn1_compile.exe mech\gssapi.asn1
 	cd $(OBJ)\gssapi
 	$(BINDIR)\asn1_compile.exe $(SRCDIR)\mech\gssapi.asn1 gssapi_asn1 \
 	|| ( $(RM) $(OBJ)\gssapi\gssapi_asn1.h ; exit /b 1 )
 	cd $(SRCDIR)
-$(spnego_files) $(OBJ)\spnego\spnego_asn1.hx: $(BINDIR)\asn1_compile.exe spnego\spnego.asn1
+$(spnego_files) $(OBJ)\spnego\spnego_asn1.hx $(OBJ)\spnego\spnego_asn1-priv.hx: \
 $(BINDIR)\asn1_compile.exe spnego\spnego.asn1
 	cd $(OBJ)\spnego
 	$(BINDIR)\asn1_compile --sequence=MechTypeList $(SRCDIR)\spnego\spnego.asn1 spnego_asn1 \
 	|| ( $(RM) $(OBJ)\spnego\spnego_asn1.h ; exit /b 1 )
@@ -242,164 +240,168 @@ $(OBJ)\gkrb5_err.c $(OBJ)\gkrb5_err.h: krb5\gkrb5_err.et
 	$(BINDIR)\compile_et.exe $(SRCDIR)\krb5\gkrb5_err.et
 	cd $(SRCDIR)
-INCFILES=	\
+INCFILES=				\
-	$(INCDIR)\gssapi.h	\
+    $(INCDIR)\gssapi.h			\
-	$(INCDIR)\gssapi\gssapi.h	\
+    $(INCDIR)\gssapi\gssapi.h		\
-	$(INCDIR)\gssapi\gssapi_krb5.h	\
+    $(INCDIR)\gssapi\gssapi_krb5.h	\
-	$(INCDIR)\gssapi\gssapi_ntlm.h	\
+    $(INCDIR)\gssapi\gssapi_ntlm.h	\
-	$(INCDIR)\gssapi\gssapi_spnego.h \
+    $(INCDIR)\gssapi\gssapi_spnego.h	\
-	$(OBJ)\ntlm\ntlm-private.h	\
+    $(OBJ)\ntlm\ntlm-private.h		\
-	$(OBJ)\spnego\spnego-private.h	\
+    $(OBJ)\spnego\spnego-private.h	\
-	$(OBJ)\krb5\gsskrb5-private.h	\
+    $(OBJ)\krb5\gsskrb5-private.h	\
-	$(OBJ)\gkrb5_err.h	\
+    $(OBJ)\gkrb5_err.h			\
-	$(OBJ)\gssapi\gssapi_asn1.h	\
+    $(OBJ)\gssapi\gssapi_asn1.h		\
-	$(OBJ)\spnego\spnego_asn1.h
+    $(OBJ)\gssapi\gssapi_asn1-priv.h	\
    $(OBJ)\spnego\spnego_asn1.h		\
    $(OBJ)\spnego\spnego_asn1-priv.h
 all:: $(INCFILES)
-libgssapi_OBJs= \
+libgssapi_OBJs = \
-	$(OBJ)\krb5\8003.obj \
+	$(OBJ)\krb5/8003.obj \
-	$(OBJ)\krb5\accept_sec_context.obj \
+	$(OBJ)\krb5/accept_sec_context.obj \
-	$(OBJ)\krb5\acquire_cred.obj \
+	$(OBJ)\krb5/acquire_cred.obj \
-	$(OBJ)\krb5\add_cred.obj \
+	$(OBJ)\krb5/add_cred.obj \
-	$(OBJ)\krb5\address_to_krb5addr.obj \
+	$(OBJ)\krb5/address_to_krb5addr.obj \
-	$(OBJ)\krb5\aeap.obj \
+	$(OBJ)\krb5/aeap.obj \
-	$(OBJ)\krb5\arcfour.obj \
+	$(OBJ)\krb5/arcfour.obj \
-	$(OBJ)\krb5\canonicalize_name.obj \
+	$(OBJ)\krb5/canonicalize_name.obj \
-	$(OBJ)\krb5\ccache_name.obj \
+	$(OBJ)\krb5/creds.obj \
-	$(OBJ)\krb5\cfx.obj \
+	$(OBJ)\krb5/ccache_name.obj \
-	$(OBJ)\krb5\compare_name.obj \
+	$(OBJ)\krb5/cfx.obj \
-	$(OBJ)\krb5\compat.obj \
+	$(OBJ)\krb5/compare_name.obj \
-	$(OBJ)\krb5\context_time.obj \
+	$(OBJ)\krb5/compat.obj \
-	$(OBJ)\krb5\copy_ccache.obj \
+	$(OBJ)\krb5/context_time.obj \
-	$(OBJ)\krb5\decapsulate.obj \
+	$(OBJ)\krb5/copy_ccache.obj \
-	$(OBJ)\krb5\delete_sec_context.obj \
+	$(OBJ)\krb5/decapsulate.obj \
-	$(OBJ)\krb5\display_name.obj \
+	$(OBJ)\krb5/delete_sec_context.obj \
-	$(OBJ)\krb5\display_status.obj \
+	$(OBJ)\krb5/display_name.obj \
-	$(OBJ)\krb5\duplicate_name.obj \
+	$(OBJ)\krb5/display_status.obj \
-	$(OBJ)\krb5\encapsulate.obj \
+	$(OBJ)\krb5/duplicate_name.obj \
-	$(OBJ)\krb5\export_name.obj \
+	$(OBJ)\krb5/encapsulate.obj \
-	$(OBJ)\krb5\export_sec_context.obj \
+	$(OBJ)\krb5/export_name.obj \
-	$(OBJ)\krb5\external.obj \
+	$(OBJ)\krb5/export_sec_context.obj \
-	$(OBJ)\krb5\get_mic.obj \
+	$(OBJ)\krb5/external.obj \
-	$(OBJ)\krb5\import_name.obj \
+	$(OBJ)\krb5/get_mic.obj \
-	$(OBJ)\krb5\import_sec_context.obj \
+	$(OBJ)\krb5/import_name.obj \
-	$(OBJ)\krb5\indicate_mechs.obj \
+	$(OBJ)\krb5/import_sec_context.obj \
-	$(OBJ)\krb5\init.obj \
+	$(OBJ)\krb5/indicate_mechs.obj \
-	$(OBJ)\krb5\init_sec_context.obj \
+	$(OBJ)\krb5/init.obj \
-	$(OBJ)\krb5\inquire_context.obj \
+	$(OBJ)\krb5/init_sec_context.obj \
-	$(OBJ)\krb5\inquire_cred.obj \
+	$(OBJ)\krb5/inquire_context.obj \
-	$(OBJ)\krb5\inquire_cred_by_mech.obj \
+	$(OBJ)\krb5/inquire_cred.obj \
-	$(OBJ)\krb5\inquire_cred_by_oid.obj \
+	$(OBJ)\krb5/inquire_cred_by_mech.obj \
-	$(OBJ)\krb5\inquire_mechs_for_name.obj \
+	$(OBJ)\krb5/inquire_cred_by_oid.obj \
-	$(OBJ)\krb5\inquire_names_for_mech.obj \
+	$(OBJ)\krb5/inquire_mechs_for_name.obj \
-	$(OBJ)\krb5\inquire_sec_context_by_oid.obj \
+	$(OBJ)\krb5/inquire_names_for_mech.obj \
-	$(OBJ)\krb5\process_context_token.obj \
+	$(OBJ)\krb5/inquire_sec_context_by_oid.obj \
-	$(OBJ)\krb5\prf.obj \
+	$(OBJ)\krb5/process_context_token.obj \
-	$(OBJ)\krb5\release_buffer.obj \
+	$(OBJ)\krb5/prf.obj \
-	$(OBJ)\krb5\release_cred.obj \
+	$(OBJ)\krb5/release_buffer.obj \
-	$(OBJ)\krb5\release_name.obj \
+	$(OBJ)\krb5/release_cred.obj \
-	$(OBJ)\krb5\sequence.obj \
+	$(OBJ)\krb5/release_name.obj \
-	$(OBJ)\krb5\store_cred.obj \
+	$(OBJ)\krb5/sequence.obj \
-	$(OBJ)\krb5\set_cred_option.obj \
+	$(OBJ)\krb5/store_cred.obj \
-	$(OBJ)\krb5\set_sec_context_option.obj \
+	$(OBJ)\krb5/set_cred_option.obj \
-	$(OBJ)\krb5\ticket_flags.obj \
+	$(OBJ)\krb5/set_sec_context_option.obj \
-	$(OBJ)\krb5\unwrap.obj \
+	$(OBJ)\krb5/ticket_flags.obj \
-	$(OBJ)\krb5\verify_mic.obj \
+	$(OBJ)\krb5/unwrap.obj \
-	$(OBJ)\krb5\wrap.obj \
+	$(OBJ)\krb5/verify_mic.obj \
-	$(OBJ)\mech\context.obj \
+	$(OBJ)\krb5/wrap.obj \
-	$(OBJ)\mech\doxygen.obj \
+	$(OBJ)\mech/context.obj \
-	$(OBJ)\mech\gss_accept_sec_context.obj \
+	$(OBJ)\mech/doxygen.obj \
-	$(OBJ)\mech\gss_acquire_cred.obj \
+	$(OBJ)\mech/gss_accept_sec_context.obj \
-	$(OBJ)\mech\gss_add_cred.obj \
+	$(OBJ)\mech/gss_acquire_cred.obj \
-	$(OBJ)\mech\gss_add_oid_set_member.obj \
+	$(OBJ)\mech/gss_add_cred.obj \
-	$(OBJ)\mech\gss_aeap.obj \
+	$(OBJ)\mech/gss_add_oid_set_member.obj \
-	$(OBJ)\mech\gss_buffer_set.obj \
+	$(OBJ)\mech/gss_aeap.obj \
-	$(OBJ)\mech\gss_canonicalize_name.obj \
+	$(OBJ)\mech/gss_buffer_set.obj \
-	$(OBJ)\mech\gss_compare_name.obj \
+	$(OBJ)\mech/gss_canonicalize_name.obj \
-	$(OBJ)\mech\gss_context_time.obj \
+	$(OBJ)\mech/gss_compare_name.obj \
-	$(OBJ)\mech\gss_create_empty_oid_set.obj \
+	$(OBJ)\mech/gss_context_time.obj \
-	$(OBJ)\mech\gss_decapsulate_token.obj \
+	$(OBJ)\mech/gss_create_empty_oid_set.obj \
-	$(OBJ)\mech\gss_delete_sec_context.obj \
+	$(OBJ)\mech/gss_cred.obj \
-	$(OBJ)\mech\gss_display_name.obj \
+	$(OBJ)\mech/gss_decapsulate_token.obj \
-	$(OBJ)\mech\gss_display_status.obj \
+	$(OBJ)\mech/gss_delete_sec_context.obj \
-	$(OBJ)\mech\gss_duplicate_name.obj \
+	$(OBJ)\mech/gss_display_name.obj \
-	$(OBJ)\mech\gss_duplicate_oid.obj \
+	$(OBJ)\mech/gss_display_status.obj \
-	$(OBJ)\mech\gss_encapsulate_token.obj \
+	$(OBJ)\mech/gss_duplicate_name.obj \
-	$(OBJ)\mech\gss_export_name.obj \
+	$(OBJ)\mech/gss_duplicate_oid.obj \
-	$(OBJ)\mech\gss_export_sec_context.obj \
+	$(OBJ)\mech/gss_encapsulate_token.obj \
-	$(OBJ)\mech\gss_get_mic.obj \
+	$(OBJ)\mech/gss_export_name.obj \
-	$(OBJ)\mech\gss_import_name.obj \
+	$(OBJ)\mech/gss_export_sec_context.obj \
-	$(OBJ)\mech\gss_import_sec_context.obj \
+	$(OBJ)\mech/gss_get_mic.obj \
-	$(OBJ)\mech\gss_indicate_mechs.obj \
+	$(OBJ)\mech/gss_import_name.obj \
-	$(OBJ)\mech\gss_init_sec_context.obj \
+	$(OBJ)\mech/gss_import_sec_context.obj \
-	$(OBJ)\mech\gss_inquire_context.obj \
+	$(OBJ)\mech/gss_indicate_mechs.obj \
-	$(OBJ)\mech\gss_inquire_cred.obj \
+	$(OBJ)\mech/gss_init_sec_context.obj \
-	$(OBJ)\mech\gss_inquire_cred_by_mech.obj \
+	$(OBJ)\mech/gss_inquire_context.obj \
-	$(OBJ)\mech\gss_inquire_cred_by_oid.obj \
+	$(OBJ)\mech/gss_inquire_cred.obj \
-	$(OBJ)\mech\gss_inquire_mechs_for_name.obj \
+	$(OBJ)\mech/gss_inquire_cred_by_mech.obj \
-	$(OBJ)\mech\gss_inquire_names_for_mech.obj \
+	$(OBJ)\mech/gss_inquire_cred_by_oid.obj \
-	$(OBJ)\mech\gss_krb5.obj \
+	$(OBJ)\mech/gss_inquire_mechs_for_name.obj \
-	$(OBJ)\mech\gss_mech_switch.obj \
+	$(OBJ)\mech/gss_inquire_names_for_mech.obj \
-	$(OBJ)\mech\gss_names.obj \
+	$(OBJ)\mech/gss_krb5.obj \
-	$(OBJ)\mech\gss_oid_equal.obj \
+	$(OBJ)\mech/gss_mech_switch.obj \
-	$(OBJ)\mech\gss_oid_to_str.obj \
+	$(OBJ)\mech/gss_names.obj \
-	$(OBJ)\mech\gss_process_context_token.obj \
+	$(OBJ)\mech/gss_oid_equal.obj \
-	$(OBJ)\mech\gss_pseudo_random.obj \
+	$(OBJ)\mech/gss_oid_to_str.obj \
-	$(OBJ)\mech\gss_release_buffer.obj \
+	$(OBJ)\mech/gss_process_context_token.obj \
-	$(OBJ)\mech\gss_release_cred.obj \
+	$(OBJ)\mech/gss_pseudo_random.obj \
-	$(OBJ)\mech\gss_release_name.obj \
+	$(OBJ)\mech/gss_release_buffer.obj \
-	$(OBJ)\mech\gss_release_oid.obj \
+	$(OBJ)\mech/gss_release_cred.obj \
-	$(OBJ)\mech\gss_release_oid_set.obj \
+	$(OBJ)\mech/gss_release_name.obj \
-	$(OBJ)\mech\gss_seal.obj \
+	$(OBJ)\mech/gss_release_oid.obj \
-	$(OBJ)\mech\gss_set_cred_option.obj \
+	$(OBJ)\mech/gss_release_oid_set.obj \
-	$(OBJ)\mech\gss_set_sec_context_option.obj \
+	$(OBJ)\mech/gss_seal.obj \
-	$(OBJ)\mech\gss_sign.obj \
+	$(OBJ)\mech/gss_set_cred_option.obj \
-	$(OBJ)\mech\gss_store_cred.obj \
+	$(OBJ)\mech/gss_set_sec_context_option.obj \
-	$(OBJ)\mech\gss_test_oid_set_member.obj \
+	$(OBJ)\mech/gss_sign.obj \
-	$(OBJ)\mech\gss_unseal.obj \
+	$(OBJ)\mech/gss_store_cred.obj \
-	$(OBJ)\mech\gss_unwrap.obj \
+	$(OBJ)\mech/gss_test_oid_set_member.obj \
-	$(OBJ)\mech\gss_utils.obj \
+	$(OBJ)\mech/gss_unseal.obj \
-	$(OBJ)\mech\gss_verify.obj \
+	$(OBJ)\mech/gss_unwrap.obj \
-	$(OBJ)\mech\gss_verify_mic.obj \
+	$(OBJ)\mech/gss_utils.obj \
-	$(OBJ)\mech\gss_wrap.obj \
+	$(OBJ)\mech/gss_verify.obj \
-	$(OBJ)\mech\gss_wrap_size_limit.obj \
+	$(OBJ)\mech/gss_verify_mic.obj \
-	$(OBJ)\mech\gss_inquire_sec_context_by_oid.obj \
+	$(OBJ)\mech/gss_wrap.obj \
-	$(OBJ)\ntlm\accept_sec_context.obj \
+	$(OBJ)\mech/gss_wrap_size_limit.obj \
-	$(OBJ)\ntlm\acquire_cred.obj \
+	$(OBJ)\mech/gss_inquire_sec_context_by_oid.obj \
-	$(OBJ)\ntlm\add_cred.obj \
+	$(OBJ)\spnego/accept_sec_context.obj \
-	$(OBJ)\ntlm\canonicalize_name.obj \
+	$(OBJ)\spnego/compat.obj \
-	$(OBJ)\ntlm\compare_name.obj \
+	$(OBJ)\spnego/context_stubs.obj \
-	$(OBJ)\ntlm\context_time.obj \
+	$(OBJ)\spnego/cred_stubs.obj \
-	$(OBJ)\ntlm\crypto.obj \
+	$(OBJ)\spnego/external.obj \
-	$(OBJ)\ntlm\delete_sec_context.obj \
+	$(OBJ)\spnego/init_sec_context.obj \
-	$(OBJ)\ntlm\display_name.obj \
+	$(OBJ)\ntlm/accept_sec_context.obj \
-	$(OBJ)\ntlm\display_status.obj \
+	$(OBJ)\ntlm/acquire_cred.obj \
-	$(OBJ)\ntlm\duplicate_name.obj \
+	$(OBJ)\ntlm/add_cred.obj \
-	$(OBJ)\ntlm\export_name.obj \
+	$(OBJ)\ntlm/canonicalize_name.obj \
-	$(OBJ)\ntlm\export_sec_context.obj \
+	$(OBJ)\ntlm/compare_name.obj \
-	$(OBJ)\ntlm\external.obj \
+	$(OBJ)\ntlm/context_time.obj \
-	$(OBJ)\ntlm\import_name.obj \
+	$(OBJ)\ntlm/crypto.obj \
-	$(OBJ)\ntlm\import_sec_context.obj \
+	$(OBJ)\ntlm/delete_sec_context.obj \
-	$(OBJ)\ntlm\indicate_mechs.obj \
+	$(OBJ)\ntlm/display_name.obj \
-	$(OBJ)\ntlm\init_sec_context.obj \
+	$(OBJ)\ntlm/display_status.obj \
-	$(OBJ)\ntlm\inquire_context.obj \
+	$(OBJ)\ntlm/duplicate_name.obj \
-	$(OBJ)\ntlm\inquire_cred.obj \
+	$(OBJ)\ntlm/export_name.obj \
-	$(OBJ)\ntlm\inquire_cred_by_mech.obj \
+	$(OBJ)\ntlm/export_sec_context.obj \
-	$(OBJ)\ntlm\inquire_mechs_for_name.obj \
+	$(OBJ)\ntlm/external.obj \
-	$(OBJ)\ntlm\inquire_names_for_mech.obj \
+	$(OBJ)\ntlm/import_name.obj \
-	$(OBJ)\ntlm\process_context_token.obj \
+	$(OBJ)\ntlm/import_sec_context.obj \
-	$(OBJ)\ntlm\release_cred.obj \
+	$(OBJ)\ntlm/indicate_mechs.obj \
-	$(OBJ)\ntlm\release_name.obj \
+	$(OBJ)\ntlm/init_sec_context.obj \
-	$(OBJ)\ntlm\kdc.obj \
+	$(OBJ)\ntlm/inquire_context.obj \
-	$(OBJ)\spnego\accept_sec_context.obj \
+	$(OBJ)\ntlm/inquire_cred.obj \
-	$(OBJ)\spnego\compat.obj \
+	$(OBJ)\ntlm/inquire_cred_by_mech.obj \
-	$(OBJ)\spnego\context_stubs.obj \
+	$(OBJ)\ntlm/inquire_mechs_for_name.obj \
-	$(OBJ)\spnego\cred_stubs.obj \
+	$(OBJ)\ntlm/inquire_names_for_mech.obj \
-	$(OBJ)\spnego\external.obj \
+	$(OBJ)\ntlm/process_context_token.obj \
-	$(OBJ)\spnego\init_sec_context.obj \
+	$(OBJ)\ntlm/release_cred.obj \
 	$(OBJ)\ntlm/release_name.obj \
 	$(OBJ)\ntlm/kdc.obj \
 	$(OBJ)\gkrb5_err.obj \
-	$(spnego_files:.x=.obj)	\
+	$(spnego_files:.x=.obj) \
 	$(gssapi_files:.x=.obj)
 GCOPTS=-I$(SRCDIR) -I$(OBJ) -Igssapi -DBUILD_GSSAPI_LIB
@@ -446,6 +448,12 @@ GCOPTS=-I$(SRCDIR) -I$(OBJ) -Igssapi -DBUILD_GSSAPI_LIB
 {gssapi}.h{$(INCDIR)\gssapi}.h:
 	$(CP) $** $@
 {$(OBJ)\gssapi}.hx{$(OBJ)\gssapi}.h:
 	$(CP) $** $@
 {$(OBJ)\spnego}.hx{$(OBJ)\spnego}.h:
 	$(CP) $** $@
 LIBGSSAPI_LIBS=\
 	$(LIBROKEN)	\
 	$(LIBASN1)	\
@@ -516,3 +524,14 @@ clean::
 	-$(RM) $(OBJ)\spnego\*.*
 	-$(RM) $(OBJ)\mech\*.*
 	-$(RM) $(OBJ)\gssapi\*.*
 !ifdef ELISP
 # This macro invocation is used to update the libgssapi_OBJs
 # definition below (generate-obj-macro is defined in maint.el):
 (generate-obj-macro "libgssapi_OBJs"
 	            (concat "\t$(OBJ)\\gkrb5_err.obj \\\n"
                            "\t$(spnego_files:.x=.obj) \\\n"
                            "\t$(gssapi_files:.x=.obj)")
                    "krb5src" "mechsrc" "spnegosrc" "ntlmsrc")
 !endif
--- a/lib/gssapi/gssapi/gssapi.h
+++ b/lib/gssapi/gssapi/gssapi.h
@@ -45,10 +45,12 @@
 #ifndef BUILD_GSSAPI_LIB
 #if defined(_WIN32)
-#define GSSAPI_LIB_FUNCTION _stdcall __declspec(dllimport)
+#define GSSAPI_LIB_FUNCTION __declspec(dllimport)
 #define GSSAPI_LIB_CALL     __stdcall
 #define GSSAPI_LIB_VARIABLE __declspec(dllimport)
 #else
 #define GSSAPI_LIB_FUNCTION
 #define GSSAPI_LIB_CALL
 #define GSSAPI_LIB_VARIABLE
 #endif
 #endif
--- a/lib/gssapi/gssapi/gssapi_krb5.h
+++ b/lib/gssapi/gssapi/gssapi_krb5.h
@@ -106,27 +106,27 @@ gss_krb5_ccache_name(OM_uint32 * /*minor_status*/,
 		     const char ** /*out_name */);
 OM_uint32 GSSAPI_LIB_FUNCTION gsskrb5_register_acceptor_identity
-        (const char */*identity*/);
+        (const char * /*identity*/);
 OM_uint32 GSSAPI_LIB_FUNCTION krb5_gss_register_acceptor_identity
-	(const char */*identity*/);
+	(const char * /*identity*/);
 OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_copy_ccache
-	(OM_uint32 */*minor*/,
+	(OM_uint32 * /*minor*/,
 	 gss_cred_id_t /*cred*/,
-	 struct krb5_ccache_data */*out*/);
+	 struct krb5_ccache_data * /*out*/);
 OM_uint32 GSSAPI_LIB_FUNCTION
-gss_krb5_import_cred(OM_uint32 */*minor*/,
+gss_krb5_import_cred(OM_uint32 * /*minor*/,
 		     struct krb5_ccache_data * /*in*/,
 		     struct Principal * /*keytab_principal*/,
 		     struct krb5_keytab_data * /*keytab*/,
-		     gss_cred_id_t */*out*/);
+		     gss_cred_id_t * /*out*/);
 OM_uint32 GSSAPI_LIB_FUNCTION gss_krb5_get_tkt_flags
-	(OM_uint32 */*minor*/,
+	(OM_uint32 * /*minor*/,
 	 gss_ctx_id_t /*context_handle*/,
-	 OM_uint32 */*tkt_flags*/);
+	 OM_uint32 * /*tkt_flags*/);
 OM_uint32 GSSAPI_LIB_FUNCTION
 gsskrb5_extract_authz_data_from_sec_context
--- a/lib/gssapi/libgssapi-exports.def
+++ b/lib/gssapi/libgssapi-exports.def
@@ -0,0 +1,100 @@
 EXPORTS
 	GSS_KRB5_MECHANISM
 	GSS_NTLM_MECHANISM
 	GSS_SPNEGO_MECHANISM
 	GSS_SASL_DIGEST_MD5_MECHANISM
 	GSS_C_NT_ANONYMOUS
 	GSS_C_NT_EXPORT_NAME
 	GSS_C_NT_HOSTBASED_SERVICE
 	GSS_C_NT_HOSTBASED_SERVICE_X
 	GSS_C_NT_MACHINE_UID_NAME
 	GSS_C_NT_STRING_UID_NAME
 	GSS_C_NT_USER_NAME
 	GSS_KRB5_NT_PRINCIPAL_NAME
 	GSS_KRB5_NT_USER_NAME
 	GSS_KRB5_NT_MACHINE_UID_NAME
 	GSS_KRB5_NT_STRING_UID_NAME
 	gss_accept_sec_context
 	gss_acquire_cred
 	gss_add_buffer_set_member
 	gss_add_cred
 	gss_add_oid_set_member
 	gss_canonicalize_name
 	gss_compare_name
 	gss_context_query_attributes
 	gss_context_time
 	gss_create_empty_buffer_set
 	gss_create_empty_oid_set
 	gss_decapsulate_token
 	gss_delete_sec_context
 	gss_display_name
 	gss_display_status
 	gss_duplicate_name
 	gss_duplicate_oid
 	gss_encapsulate_token
 	gss_export_name
 	gss_export_sec_context
 	gss_get_mic
 	gss_import_name
 	gss_import_sec_context
 	gss_indicate_mechs
 	gss_init_sec_context
 	gss_inquire_context
 	gss_inquire_cred
 	gss_inquire_cred_by_mech
 	gss_inquire_cred_by_oid
 	gss_inquire_mechs_for_name
 	gss_inquire_names_for_mech
 	gss_inquire_sec_context_by_oid
 	gss_inquire_sec_context_by_oid
 	gss_krb5_ccache_name
 	gss_krb5_copy_ccache
 	gss_krb5_export_lucid_sec_context
 	gss_krb5_free_lucid_sec_context
 	gss_krb5_get_tkt_flags
 	gss_krb5_import_cred
 	gss_krb5_set_allowable_enctypes
 	gss_mg_collect_error
 	gss_oid_equal
 	gss_oid_to_str
 	gss_process_context_token
 	gss_pseudo_random
 	gss_release_buffer
 	gss_release_buffer_set
 	gss_release_cred
 	gss_release_iov_buffer
 	gss_release_name
 	gss_release_oid
 	gss_release_oid_set
 	gss_seal
 	gss_set_cred_option
 	gss_set_sec_context_option
 	gss_sign
 	gss_test_oid_set_member
 	gss_unseal
 	gss_unwrap
 	gss_unwrap_iov
 	gss_verify
 	gss_verify_mic
 	gss_wrap
 	gss_wrap_iov
 	gss_wrap_iov_length
 	gss_wrap_size_limit
 	gsskrb5_extract_authtime_from_sec_context
 	gsskrb5_extract_authz_data_from_sec_context
 	gsskrb5_extract_service_keyblock
 	gsskrb5_get_initiator_subkey
 	gsskrb5_get_subkey
 	gsskrb5_get_time_offset
 	gsskrb5_register_acceptor_identity
 	gsskrb5_set_default_realm
 	gsskrb5_set_dns_canonicalize
 	gsskrb5_set_send_to_kdc
 	gsskrb5_set_time_offset
 	krb5_gss_register_acceptor_identity
 ; _gsskrb5cfx_ are really internal symbols, but export
 ; then now to make testing easier.
 	_gsskrb5cfx_wrap_length_cfx
 	_gssapi_wrap_size_cfx
--- a/lib/gssapi/ntlm/accept_sec_context.c
+++ b/lib/gssapi/ntlm/accept_sec_context.c
@@ -41,17 +41,17 @@ OM_uint32
 _gss_ntlm_allocate_ctx(OM_uint32 *minor_status, ntlm_ctx *ctx)
 {
    OM_uint32 maj_stat;
-    struct ntlm_server_interface *interface = NULL;
+    struct ntlm_server_interface *ns_interface = NULL;
 #ifdef DIGEST
-    interface = &ntlmsspi_kdc_digest;
+    ns_interface = &ntlmsspi_kdc_digest;
 #endif
-    if (interface == NULL)
+    if (ns_interface == NULL)
 	return GSS_S_FAILURE;
    *ctx = calloc(1, sizeof(**ctx));
-    (*ctx)->server = interface;
+    (*ctx)->server = ns_interface;
    maj_stat = (*(*ctx)->server->nsi_init)(minor_status, &(*ctx)->ictx);
    if (maj_stat != GSS_S_COMPLETE)
--- a/lib/gssapi/ntlm/ntlm.h
+++ b/lib/gssapi/ntlm/ntlm.h
@@ -44,12 +44,13 @@
 #include <string.h>
 #include <errno.h>
 #include <roken.h>
 #include <gssapi.h>
 #include <gssapi_ntlm.h>
 #include <gssapi_mech.h>
 #include <krb5.h>
 #include <roken.h>
 #include <heim_threads.h>
 #include <heimntlm.h>
--- a/lib/gssapi/spnego/spnego_locl.h
+++ b/lib/gssapi/spnego/spnego_locl.h
@@ -44,6 +44,8 @@
 #include <sys/param.h>
 #endif
 #include <roken.h>
 #ifdef HAVE_PTHREAD_H
 #include <pthread.h>
 #endif
@@ -69,8 +71,6 @@
 #include "utils.h"
 #include <der.h>
 #include <roken.h>
 #define ALLOC(X, N) (X) = calloc((N), sizeof(*(X)))
 typedef struct {
--- a/lib/hcrypto/NTMakefile
+++ b/lib/hcrypto/NTMakefile
@@ -31,7 +31,7 @@
 RELDIR=lib\hcrypto
-AUXCFLAGS=$(AUXCFLAGS) -DKRB5 -I$(INCDIR)\hcrypto
+AUXCFLAGS=$(AUXCFLAGS) -DKRB5 -I$(HCRYPTOINCLUDEDIR)
 !include ../../windows/NTMakefile.w32
@@ -45,8 +45,13 @@ INCFILES=	\
 	$(HCRYPTOINCLUDEDIR)\des.h	\
 	$(HCRYPTOINCLUDEDIR)\dh.h	\
 	$(HCRYPTOINCLUDEDIR)\dsa.h	\
 	$(HCRYPTOINCLUDEDIR)\ec.h	\
 	$(HCRYPTOINCLUDEDIR)\ecdh.h	\
 	$(HCRYPTOINCLUDEDIR)\ecdsa.h	\
 	$(HCRYPTOINCLUDEDIR)\engine.h	\
 	$(HCRYPTOINCLUDEDIR)\evp.h	\
 	$(HCRYPTOINCLUDEDIR)\evp-hcrypto.h	\
 	$(HCRYPTOINCLUDEDIR)\evp-cc.h	\
 	$(HCRYPTOINCLUDEDIR)\hmac.h	\
 	$(HCRYPTOINCLUDEDIR)\md2.h	\
 	$(HCRYPTOINCLUDEDIR)\md4.h	\
@@ -74,8 +79,8 @@ all:: $(INCFILES)
 # libhcrypto
-libhcrypt_OBJs = \
+libhcrypto_OBJs = \
-	$(OBJ)\imath.obj		\
+	$(OBJ)\imath.obj	\
 	$(OBJ)\iprime.obj	\
 	$(OBJ)\aes.obj		\
 	$(OBJ)\bn.obj		\
@@ -87,16 +92,14 @@ libhcrypt_OBJs = \
 	$(OBJ)\dsa.obj		\
 	$(OBJ)\evp.obj		\
 	$(OBJ)\evp-hcrypto.obj	\
 	$(OBJ)\evp-aes-cts.obj	\
 	$(OBJ)\engine.obj	\
 	$(OBJ)\hmac.obj		\
 	$(OBJ)\md2.obj		\
 	$(OBJ)\md4.obj		\
 	$(OBJ)\md5.obj		\
-	$(OBJ)\pkcs5.obj		\
+	$(OBJ)\pkcs5.obj	\
 	$(OBJ)\pkcs12.obj	\
-	$(OBJ)\rand-fortuna.obj	\
+	$(OBJ)\rand-w32.obj	\
 	$(OBJ)\rand-timer.obj	\
 	$(OBJ)\rand.obj		\
 	$(OBJ)\rc2.obj		\
 	$(OBJ)\rc4.obj		\
@@ -113,13 +116,13 @@ libhcrypt_OBJs = \
 $(LIBHCRYPTO): $(BINDIR)\libhcrypto.dll
-$(BINDIR)\libhcrypto.dll: $(libhcrypt_OBJs) $(LIBROKEN) $(LIBASN1)
+$(BINDIR)\libhcrypto.dll: $(libhcrypto_OBJs) $(LIBROKEN) $(LIBASN1)
 	$(DLLGUILINK) -def:libhcrypto-exports.def -implib:$(LIBHCRYPTO)
 	$(DLLPREP)
 !else
-$(LIBHCRYPTO): $(libhcrypt_OBJs)
+$(LIBHCRYPTO): $(libhcrypto_OBJs)
 	$(LIBCON)
 !endif
@@ -136,27 +139,28 @@ clean::
 TESTLIB=$(OBJ)\libhctest.lib
-$(TESTLIB): \
+$(TESTLIB):		    \
-	$(OBJ)\imath.obj	\
+	$(OBJ)\imath.obj    \
-	$(OBJ)\des.obj	\
+	$(OBJ)\des.obj	    \
 	$(OBJ)\ui.obj
 	$(LIBCON)
-test-binaries:	\
+test-binaries:				\
-	$(OBJ)\destest.exe \
+	$(OBJ)\destest.exe		\
-	$(OBJ)\mdtest.exe \
+	$(OBJ)\example_evp_cipher.exe	\
-	$(OBJ)\rc2test.exe  \
+	$(OBJ)\mdtest.exe		\
-	$(OBJ)\rctest.exe \
+	$(OBJ)\rc2test.exe		\
-	$(OBJ)\test_bn.exe \
+	$(OBJ)\rctest.exe		\
-	$(OBJ)\test_cipher.exe \
+	$(OBJ)\test_bn.exe		\
-	$(OBJ)\test_engine_dso.exe \
+	$(OBJ)\test_cipher.exe		\
-	$(OBJ)\test_hmac.exe \
+	$(OBJ)\test_engine_dso.exe	\
-	$(OBJ)\test_imath.exe \
+	$(OBJ)\test_hmac.exe		\
-	$(OBJ)\test_pkcs5.exe \
+	$(OBJ)\test_imath.exe		\
-	$(OBJ)\test_pkcs12.exe	\
+	$(OBJ)\test_pkcs5.exe		\
-	$(OBJ)\test_rsa.exe	\
+	$(OBJ)\test_pkcs12.exe		\
-	$(OBJ)\test_dh.exe	\
+	$(OBJ)\test_rsa.exe		\
-	$(OBJ)\test_rand.exe	\
+	$(OBJ)\test_dh.exe		\
 	$(OBJ)\test_rand.exe		\
 	$(OBJ)\test_crypto.sh
 $(OBJ)\destest.exe: $(OBJ)\destest.obj $(TESTLIB) $(LIBROKEN)
--- a/lib/hcrypto/libhcrypto-exports.def
+++ b/lib/hcrypto/libhcrypto-exports.def
@@ -138,14 +138,6 @@ EXPORTS
 	hc_EVP_aes_128_cbc
 	hc_EVP_aes_192_cbc
 	hc_EVP_aes_256_cbc
 	hc_EVP_hcrypto_aes_128_cbc
 	hc_EVP_hcrypto_aes_192_cbc
 	hc_EVP_hcrypto_aes_256_cbc
 	hc_EVP_hcrypto_aes_128_cts
 	hc_EVP_hcrypto_aes_256_cts
 ;	hc_EVP_hcrypto_aes_cts_128_cbc
 ;	hc_EVP_hcrypto_aes_cts_192_cbc
 ;	hc_EVP_hcrypto_aes_cts_256_cbc
 	hc_EVP_des_cbc
 	hc_EVP_des_ede3_cbc
 	hc_EVP_camellia_128_cbc
@@ -165,6 +157,33 @@ EXPORTS
 	hc_EVP_sha
 	hc_EVP_sha1
 	hc_EVP_sha256
 ;	hc_EVP_cc_md2
 ;	hc_EVP_cc_md4
 ;	hc_EVP_cc_md5
 ;	hc_EVP_cc_sha1
 ;	hc_EVP_cc_sha256
 ;	hc_EVP_cc_des_ede3_cbc
 ;	hc_EVP_cc_aes_128_cbc
 ;	hc_EVP_cc_aes_192_cbc
 ;	hc_EVP_cc_aes_256_cbc
 	hc_EVP_hcrypto_md2
 	hc_EVP_hcrypto_md4
 	hc_EVP_hcrypto_md5
 	hc_EVP_hcrypto_sha1
 	hc_EVP_hcrypto_sha256
 	hc_EVP_hcrypto_des_ede3_cbc
 	hc_EVP_hcrypto_aes_128_cbc
 	hc_EVP_hcrypto_aes_192_cbc
 	hc_EVP_hcrypto_aes_256_cbc
 	hc_EVP_hcrypto_rc4
 	hc_EVP_hcrypto_rc4_40
 ;	hc_EVP_hcrypto_aes_128_cts
 ;	hc_EVP_hcrypto_aes_192_cts
 ;	hc_EVP_hcrypto_aes_256_cts
 	hc_HMAC
 	hc_HMAC_CTX_cleanup
 	hc_HMAC_CTX_init
@@ -193,7 +212,7 @@ EXPORTS
 ;	hc_RAND_egd_bytes
 ;	hc_RAND_egd_method
 	hc_RAND_file_name
-	hc_RAND_fortuna_method
+;	hc_RAND_fortuna_method
 	hc_RAND_get_rand_method
 	hc_RAND_load_file
 	hc_RAND_pseudo_bytes
@@ -203,6 +222,7 @@ EXPORTS
 	hc_RAND_status
 ;	hc_RAND_unix_method
 ;	hc_RAND_timer_method
        hc_RAND_w32crypto_method
 	hc_RAND_write_file
 	hc_RC2_cbc_encrypt
 	hc_RC2_decryptc
@@ -242,5 +262,12 @@ EXPORTS
 	hc_d2i_RSAPrivateKey
 	hc_i2d_RSAPrivateKey
 	hc_i2d_RSAPublicKey
 	hc_d2i_RSAPublicKey
 	hc_EVP_CIPHER_CTX_ctrl
 	hc_EVP_CIPHER_CTX_rand_key
 	hc_EVP_CIPHER_CTX_set_key_length
 	hc_EVP_hcrypto_rc2_40_cbc
 	hc_EVP_hcrypto_camellia_128_cbc
 	hc_EVP_CipherUpdate
 	hc_EVP_CipherFinal_ex
--- a/lib/hcrypto/rand-w32.c
+++ b/lib/hcrypto/rand-w32.c
@@ -0,0 +1,134 @@
 /*
 * Copyright (c) 2006 Kungliga Tekniska Högskolan
 * (Royal Institute of Technology, Stockholm, Sweden).
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * 3. Neither the name of the Institute nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */
 #include <config.h>
 #include <roken.h>
 #include <wincrypt.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <rand.h>
 #include <heim_threads.h>
 #include "randi.h"
 volatile static HCRYPTPROV g_cryptprovider = 0;
 static HCRYPTPROV
 _hc_CryptProvider(void)
 {
    BOOL res;
    HCRYPTPROV cryptprovider = 0;
    if (g_cryptprovider != 0)
 	return g_cryptprovider;
    res = CryptAcquireContext(&cryptprovider, NULL,
 			      MS_ENHANCED_PROV, PROV_RSA_FULL,
 			      0);
    if (GetLastError() == NTE_BAD_KEYSET) {
        if(!res)
            res = CryptAcquireContext(&cryptprovider, NULL,
                                      MS_ENHANCED_PROV, PROV_RSA_FULL,
                                      CRYPT_NEWKEYSET);
    }
    if (res &&
        InterlockedCompareExchange(&g_cryptprovider, cryptprovider, 0) != 0) {
        CryptReleaseContext(cryptprovider, 0);
        cryptprovider = g_cryptprovider;
    }
    return cryptprovider;
 }
 /*
 *
 */
 static void
 w32crypto_seed(const void *indata, int size)
 {
 }
 static int
 w32crypto_bytes(unsigned char *outdata, int size)
 {
    if (CryptGenRandom(_hc_CryptProvider(), size, outdata))
 	return 0;
    return 1;
 }
 static void
 w32crypto_cleanup(void)
 {
 }
 static void
 w32crypto_add(const void *indata, int size, double entropi)
 {
 }
 static int
 w32crypto_pseudorand(unsigned char *outdata, int size)
 {
    return 1;
 }
 static int
 w32crypto_status(void)
 {
    if (_hc_CryptProvider() == 0)
 	return 0;
    return 1;
 }
 const RAND_METHOD hc_rand_w32crypto_method = {
    w32crypto_seed,
    w32crypto_bytes,
    w32crypto_cleanup,
    w32crypto_add,
    w32crypto_pseudorand,
    w32crypto_status
 };
 const RAND_METHOD *
 RAND_w32crypto_method(void)
 {
    return &hc_rand_w32crypto_method;
 }
--- a/lib/hcrypto/rand.c
+++ b/lib/hcrypto/rand.c
@@ -60,7 +60,9 @@ init_method(void)
 {
    if (selected_meth != NULL)
 	return;
-#ifdef __APPLE__
+#if defined(_WIN32)
    selected_meth = &hc_rand_w32crypto_method;
 #elif defined(__APPLE__)
    selected_meth = &hc_rand_unix_method;
 #else
    selected_meth = &hc_rand_fortuna_method;
--- a/lib/hcrypto/rand.h
+++ b/lib/hcrypto/rand.h
@@ -62,6 +62,7 @@ typedef struct RAND_METHOD RAND_METHOD;
 #define RAND_fortuna_method hc_RAND_fortuna_method
 #define RAND_egd_method hc_RAND_egd_method
 #define RAND_unix_method hc_RAND_unix_method
 #define RAND_w32crypto_method hc_RAND_w32crypto_method
 /*
 *
--- a/lib/hcrypto/randi.h
+++ b/lib/hcrypto/randi.h
@@ -42,6 +42,7 @@ extern const RAND_METHOD hc_rand_fortuna_method;
 extern const RAND_METHOD hc_rand_unix_method;
 extern const RAND_METHOD hc_rand_egd_method;
 extern const RAND_METHOD hc_rand_timer_method;
 extern const RAND_METHOD hc_rand_w32crypto_method;
 const RAND_METHOD * RAND_timer_method(void);
--- a/lib/hdb/NTMakefile
+++ b/lib/hdb/NTMakefile
@@ -52,7 +52,7 @@ gen_files_hdb = \
 	$(OBJ)\asn1_hdb_entry_alias.x \
 	$(OBJ)\asn1_hdb_keyset.x
-$(gen_files_hdb) $(OBJ)\hdb_asn1.hx: $(BINDIR)\asn1_compile.exe hdb.asn1
+$(gen_files_hdb) $(OBJ)\hdb_asn1.hx $(OBJ)\hdb_asn1-priv.hx: $(BINDIR)\asn1_compile.exe hdb.asn1
 	cd $(OBJ)
 	$(BINDIR)\asn1_compile.exe $(SRCDIR)\hdb.asn1 hdb_asn1
 	cd $(SRCDIR)
@@ -90,6 +90,8 @@ dist_libhdb_la_SOURCES =			\
 	$(ldap_c)				\
 	hdb.c					\
 	hdb-sqlite.c				\
 	hdb-keytab.c				\
 	hdb-mitdb.c				\
 	hdb_locl.h				\
 	keys.c					\
 	keytab.c				\
@@ -98,7 +100,7 @@ dist_libhdb_la_SOURCES =			\
 	ndbm.c					\
 	print.c
-libhdb_OBJs= \
+libhdb_OBJs = \
 	$(OBJ)\common.obj	\
 	$(OBJ)\db.obj		\
 	$(OBJ)\db3.obj		\
@@ -106,6 +108,8 @@ libhdb_OBJs= \
 	$(ldap)			\
 	$(OBJ)\hdb.obj		\
 	$(OBJ)\hdb-sqlite.obj	\
 	$(OBJ)\hdb-keytab.obj	\
 	$(OBJ)\hdb-mitdb.obj	\
 	$(OBJ)\keys.obj		\
 	$(OBJ)\keytab.obj	\
 	$(OBJ)\dbinfo.obj	\
@@ -128,12 +132,13 @@ $(OBJ)\hdb-private.h: $(dist_libhdb_la_SOURCES)
 	$(PERL) ../../cf/make-proto.pl -q -P remote -p $@ $(dist_libhdb_la_SOURCES) \
 		|| $(RM) $@
-INCFILES=\
+INCFILES=			\
-	$(INCDIR)\hdb.h \
+	$(INCDIR)\hdb.h		\
-	$(INCDIR)\hdb-protos.h \
+	$(INCDIR)\hdb-protos.h	\
 	$(OBJ)\hdb-private.h	\
-	$(INCDIR)\hdb_err.h \
+	$(INCDIR)\hdb_err.h	\
-	$(INCDIR)\hdb_asn1.h
+	$(INCDIR)\hdb_asn1.h	\
 	$(INCDIR)\hdb_asn1-priv.h
 !ifndef STATICLIBS
--- a/lib/hx509/NTMakefile
+++ b/lib/hx509/NTMakefile
@@ -191,7 +191,10 @@ INCFILES=			    \
 	$(INCDIR)\hx509_err.h	    \
 	$(INCDIR)\ocsp_asn1.h	    \
 	$(INCDIR)\pkcs10_asn1.h	    \
-	$(INCDIR)\crmf_asn1.h
+	$(INCDIR)\crmf_asn1.h	    \
 	$(OBJ)\ocsp_asn1-priv.h	    \
 	$(OBJ)\pkcs10_asn1-priv.h   \
 	$(OBJ)\crmf_asn1-priv.h
 hxtool.c: $(OBJ)\hxtool-commands.h
@@ -240,4 +243,3 @@ all:: $(INCFILES) $(LIBHX509) $(BINDIR)\hxtool.exe
 clean::
 	-$(RM) $(BINDIR)\hxtool.exe
--- a/lib/hx509/ks_dir.c
+++ b/lib/hx509/ks_dir.c
@@ -113,9 +113,7 @@ dir_iter_start(hx509_context context,
 	free(d);
 	return errno;
    }
-#ifndef _WIN32
+    rk_cloexec_dir(d->dir);
    rk_cloexec(dirfd(d->dir));
 #endif
    d->certs = NULL;
    d->iter = NULL;
--- a/lib/hx509/libhx509-exports.def
+++ b/lib/hx509/libhx509-exports.def
@@ -81,12 +81,14 @@ EXPORTS
 	hx509_certs_add
 	hx509_certs_append
 	hx509_certs_end_seq
 	hx509_certs_ref
 	hx509_certs_filter
 	hx509_certs_find
 	hx509_certs_free
 	hx509_certs_info
 	hx509_certs_init
-	hx509_certs_iter
+;	hx509_certs_iter
 	hx509_certs_iter_f
 	hx509_certs_merge
 	hx509_certs_next_cert
 	hx509_certs_start_seq
@@ -176,6 +178,7 @@ EXPORTS
 	hx509_pem_read
 	hx509_pem_write
 	hx509_print_stdout
 	hx509_print_cert
 	hx509_prompt_hidden
 	hx509_query_alloc
 	hx509_query_free
--- a/lib/kadm5/context_s.c
+++ b/lib/kadm5/context_s.c
@@ -53,6 +53,8 @@ set_funcs(kadm5_server_context *c)
    SET(c, rename_principal);
 }
 #ifndef NO_UNIX_SOCKETS
 static void
 set_socket_name(krb5_context context, struct sockaddr_un *un)
 {
@@ -61,7 +63,17 @@ set_socket_name(krb5_context context, struct sockaddr_un *un)
    memset(un, 0, sizeof(*un));
    un->sun_family = AF_UNIX;
    strlcpy (un->sun_path, fn, sizeof(un->sun_path));
 }
 #else
 static void
 set_socket_info(krb5_context context, struct addrinfo **info)
 {
    kadm5_log_signal_socket_info(context, 0, info);
 }
 #endif
 static kadm5_ret_t
 find_db_spec(kadm5_server_context *ctx)
@@ -115,7 +127,11 @@ find_db_spec(kadm5_server_context *ctx)
    if (ctx->log_context.log_file == NULL)
 	asprintf(&ctx->log_context.log_file, "%s/log", hdb_db_dir(context));
 #ifndef NO_UNIX_SOCKETS
    set_socket_name(context, &ctx->log_context.socket_name);
 #else
    set_socket_info(context, &ctx->log_context.socket_info);
 #endif
    return 0;
 }
--- a/lib/kadm5/destroy_s.c
+++ b/lib/kadm5/destroy_s.c
@@ -56,7 +56,13 @@ static void
 destroy_kadm5_log_context (kadm5_log_context *c)
 {
    free (c->log_file);
-    close (c->socket_fd);
+    rk_closesocket (c->socket_fd);
 #ifndef NO_UNIX_SOCKETS
    if (c->socket_info) {
 	freeaddrinfo(c->socket_info);
 	c->socket_info = NULL;
    }
 #endif
 }
 /*
--- a/lib/kadm5/get_s.c
+++ b/lib/kadm5/get_s.c
@@ -61,7 +61,7 @@ add_tl_data(kadm5_principal_ent_t ent, int16_t type,
    return 0;
 }
-krb5_ssize_t KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_ssize_t KRB5_LIB_CALL
 _krb5_put_int(void *buffer, unsigned long value, size_t size); /* XXX */
 kadm5_ret_t
--- a/lib/kadm5/init_c.c
+++ b/lib/kadm5/init_c.c
@@ -33,9 +33,15 @@
 #include "kadm5_locl.h"
 #include <sys/types.h>
 #ifdef HAVE_SYS_SOCKET_H
 #include <sys/socket.h>
 #endif
 #ifdef HAVE_NETINET_IN_H
 #include <netinet/in.h>
 #endif
 #ifdef HAVE_NETDB_H
 #include <netdb.h>
 #endif
 RCSID("$Id$");
--- a/lib/kadm5/init_s.c
+++ b/lib/kadm5/init_s.c
@@ -55,7 +55,11 @@ kadm5_s_init_with_context(krb5_context context,
    assert(ctx->config.stash_file != NULL);
    assert(ctx->config.acl_file != NULL);
    assert(ctx->log_context.log_file != NULL);
 #ifndef NO_UNIX_SOCKETS
    assert(ctx->log_context.socket_name.sun_path[0] != '\0');
 #else
    assert(ctx->log_context.socket_info != NULL);
 #endif
    ret = hdb_create(ctx->context, &ctx->db, ctx->config.dbname);
    if(ret)
@@ -67,7 +71,13 @@ kadm5_s_init_with_context(krb5_context context,
    ctx->log_context.log_fd   = -1;
 #ifndef NO_UNIX_SOCKETS
    ctx->log_context.socket_fd = socket (AF_UNIX, SOCK_DGRAM, 0);
 #else
    ctx->log_context.socket_fd = socket (ctx->log_context.socket_info->ai_family,
 					 ctx->log_context.socket_info->ai_socktype,
 					 ctx->log_context.socket_info->ai_protocol);
 #endif
    ret = krb5_parse_name(ctx->context, client_name, &ctx->caller);
    if(ret)
--- a/lib/kadm5/ipropd_common.c
+++ b/lib/kadm5/ipropd_common.c
@@ -63,7 +63,11 @@ setup_signal(void)
 #else
    signal(SIGINT, sigterm);
    signal(SIGTERM, sigterm);
 #ifndef NO_SIGXCPU
    signal(SIGXCPU, sigterm);
 #endif
 #ifndef NO_SIGPIPE
    signal(SIGPIPE, SIG_IGN);
 #endif
 #endif
 }
--- a/lib/kadm5/ipropd_master.c
+++ b/lib/kadm5/ipropd_master.c
@@ -45,12 +45,13 @@ static int time_before_gone;
 const char *master_hostname;
-static int
+static krb5_socket_t
 make_signal_socket (krb5_context context)
 {
 #ifndef NO_UNIX_SOCKETS
    struct sockaddr_un addr;
    const char *fn;
-    int fd;
+    krb5_socket_t fd;
    fn = kadm5_log_signal_socket(context);
@@ -64,18 +65,32 @@ make_signal_socket (krb5_context context)
    if (bind (fd, (struct sockaddr *)&addr, sizeof(addr)) < 0)
 	krb5_err (context, 1, errno, "bind %s", addr.sun_path);
    return fd;
 #else
    struct addrinfo *ai = NULL;
    krb5_socket_t fd;
    kadm5_log_signal_socket_info(context, 1, &ai);
    fd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
    if (rk_IS_BAD_SOCKET(fd))
 	krb5_err (context, 1, rk_SOCK_ERRNO, "socket AF=%d", ai->ai_family);
    if (rk_IS_SOCKET_ERROR( bind (fd, ai->ai_addr, ai->ai_addrlen) ))
 	krb5_err (context, 1, rk_SOCK_ERRNO, "bind");
    return fd;
 #endif
 }
-static int
+static krb5_socket_t
 make_listen_socket (krb5_context context, const char *port_str)
 {
-    int fd;
+    krb5_socket_t fd;
    int one = 1;
    struct sockaddr_in addr;
    fd = socket (AF_INET, SOCK_STREAM, 0);
-    if (fd < 0)
+    if (rk_IS_BAD_SOCKET(fd))
-	krb5_err (context, 1, errno, "socket AF_INET");
+	krb5_err (context, 1, rk_SOCK_ERRNO, "socket AF_INET");
    setsockopt (fd, SOL_SOCKET, SO_REUSEADDR, (void *)&one, sizeof(one));
    memset (&addr, 0, sizeof(addr));
    addr.sin_family = AF_INET;
@@ -105,7 +120,7 @@ make_listen_socket (krb5_context context, const char *port_str)
 }
 struct slave {
-    int fd;
+    krb5_socket_t fd;
    struct sockaddr_in addr;
    char *name;
    krb5_auth_context ac;
@@ -180,9 +195,9 @@ slave_dead(krb5_context context, slave *s)
 {
    krb5_warnx(context, "slave %s dead", s->name);
-    if (s->fd >= 0) {
+    if (!rk_IS_BAD_SOCKET(s->fd)) {
-	close (s->fd);
+	rk_closesocket (s->fd);
-	s->fd = -1;
+	s->fd = rk_INVALID_SOCKET;
    }
    s->flags |= SLAVE_F_DEAD;
    slave_seen(s);
@@ -193,8 +208,8 @@ remove_slave (krb5_context context, slave *s, slave **root)
 {
    slave **p;
-    if (s->fd >= 0)
+    if (!rk_IS_BAD_SOCKET(s->fd))
-	close (s->fd);
+	rk_closesocket (s->fd);
    if (s->name)
 	free (s->name);
    if (s->ac)
@@ -209,7 +224,8 @@ remove_slave (krb5_context context, slave *s, slave **root)
 }
 static void
-add_slave (krb5_context context, krb5_keytab keytab, slave **root, int fd)
+add_slave (krb5_context context, krb5_keytab keytab, slave **root,
 	   krb5_socket_t fd)
 {
    krb5_principal server;
    krb5_error_code ret;
@@ -228,8 +244,8 @@ add_slave (krb5_context context, krb5_keytab keytab, slave **root, int fd)
    addr_len = sizeof(s->addr);
    s->fd = accept (fd, (struct sockaddr *)&s->addr, &addr_len);
-    if (s->fd < 0) {
+    if (rk_IS_BAD_SOCKET(s->fd)) {
-	krb5_warn (context, errno, "accept");
+	krb5_warn (context, rk_SOCK_ERRNO, "accept");
 	goto error;
    }
    if (master_hostname)
@@ -294,7 +310,7 @@ error:
 struct prop_context {
    krb5_auth_context auth_context;
-    int fd;
+    krb5_socket_t fd;
 };
 static int
@@ -744,7 +760,7 @@ main(int argc, char **argv)
    void *kadm_handle;
    kadm5_server_context *server_context;
    kadm5_config_params conf;
-    int signal_fd, listen_fd;
+    krb5_socket_t signal_fd, listen_fd;
    int log_fd;
    slave *slaves = NULL;
    uint32_t current_version = 0, old_version = 0;
@@ -837,8 +853,10 @@ main(int argc, char **argv)
 	struct timeval to = {30, 0};
 	uint32_t vers;
 #ifndef NO_LIMIT_FD_SETSIZE
 	if (signal_fd >= FD_SETSIZE || listen_fd >= FD_SETSIZE)
 	    krb5_errx (context, 1, "fd too large");
 #endif
 	FD_ZERO(&readset);
 	FD_SET(signal_fd, &readset);
@@ -880,7 +898,11 @@ main(int argc, char **argv)
 	}
 	if (ret && FD_ISSET(signal_fd, &readset)) {
 #ifndef NO_UNIX_SOCKETS
 	    struct sockaddr_un peer_addr;
 #else
 	    struct sockaddr_storage peer_addr;
 #endif
 	    socklen_t peer_len = sizeof(peer_addr);
 	    if(recvfrom(signal_fd, (void *)&vers, sizeof(vers), 0,
@@ -931,8 +953,11 @@ main(int argc, char **argv)
 	write_stats(context, slaves, current_version);
    }
-    if(exit_flag == SIGXCPU)
+    if (0) ;
 #ifndef NO_SIGXCPU
    else if(exit_flag == SIGXCPU)
 	krb5_warnx(context, "%s CPU time limit exceeded", getprogname());
 #endif
    else if(exit_flag == SIGINT || exit_flag == SIGTERM)
 	krb5_warnx(context, "%s terminated", getprogname());
    else
--- a/lib/kadm5/ipropd_slave.c
+++ b/lib/kadm5/ipropd_slave.c
@@ -657,8 +657,10 @@ main(int argc, char **argv)
 	    fd_set readset;
 	    struct timeval to;
 #ifndef NO_LIMIT_FD_SETSIZE
 	    if (master_fd >= FD_SETSIZE)
 		krb5_errx (context, 1, "fd too large");
 #endif
 	    FD_ZERO(&readset);
 	    FD_SET(master_fd, &readset);
@@ -730,8 +732,11 @@ main(int argc, char **argv)
 	    reconnect = reconnect_max;
    }
-    if(exit_flag == SIGXCPU)
+    if (0);
 #ifndef NO_SIGXCPU
    else if(exit_flag == SIGXCPU)
 	krb5_warnx(context, "%s CPU time limit exceeded", getprogname());
 #endif
    else if(exit_flag == SIGINT || exit_flag == SIGTERM)
 	krb5_warnx(context, "%s terminated", getprogname());
    else
--- a/lib/kadm5/kadm5_locl.h
+++ b/lib/kadm5/kadm5_locl.h
@@ -37,6 +37,7 @@
 #define __KADM5_LOCL_H__
 #include <config.h>
 #include <roken.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -76,7 +77,6 @@
 #include "kadm5_err.h"
 #include <hdb.h>
 #include <der.h>
 #include <roken.h>
 #include <parse_units.h>
 #include "private.h"
--- a/lib/kadm5/libkadm5srv-exports.def
+++ b/lib/kadm5/libkadm5srv-exports.def
@@ -0,0 +1,61 @@
 EXPORTS
 ;	kadm5_ad_init_with_password
 ;	kadm5_ad_init_with_password_ctx
 	kadm5_add_passwd_quality_verifier
 	kadm5_check_password_quality
 	kadm5_chpass_principal
 	kadm5_chpass_principal_with_key
 	kadm5_create_principal
 	kadm5_delete_principal
 	kadm5_destroy
 	kadm5_flush
 	kadm5_free_key_data
 	kadm5_free_name_list
 	kadm5_free_principal_ent
 	kadm5_get_principal
 	kadm5_get_principals
 	kadm5_get_privs
 	kadm5_init_with_creds
 	kadm5_init_with_creds_ctx
 	kadm5_init_with_password
 	kadm5_init_with_password_ctx
 	kadm5_init_with_skey
 	kadm5_init_with_skey_ctx
 	kadm5_modify_principal
 	kadm5_randkey_principal
 	kadm5_rename_principal
 	kadm5_ret_key_data
 	kadm5_ret_principal_ent
 	kadm5_ret_principal_ent_mask
 	kadm5_ret_tl_data
 	kadm5_setup_passwd_quality_check
 	kadm5_store_key_data
 	kadm5_store_principal_ent
 	kadm5_store_principal_ent_mask
 	kadm5_store_tl_data
 	kadm5_s_init_with_password_ctx
 	kadm5_s_init_with_password
 	kadm5_s_init_with_skey_ctx
 	kadm5_s_init_with_skey
 	kadm5_s_init_with_creds_ctx
 	kadm5_s_init_with_creds
 	kadm5_s_chpass_principal_cond
 	kadm5_log_set_version
 ;	kadm5_log_signal_socket
 	kadm5_log_signal_socket_info
 	kadm5_log_previous
 	kadm5_log_goto_end
 	kadm5_log_foreach
 	kadm5_log_get_version_fd
 	kadm5_log_get_version
 	kadm5_log_replay
 	kadm5_log_end
 	kadm5_log_reinit
 	kadm5_log_init
 	kadm5_log_nop
 	kadm5_log_truncate
 	kadm5_log_modify
 	_kadm5_acl_check_permission
 	_kadm5_unmarshal_params
 	_kadm5_s_get_db
 	_kadm5_privs_to_string
--- a/lib/kadm5/log.c
+++ b/lib/kadm5/log.c
@@ -206,15 +206,25 @@ kadm5_log_flush (kadm5_log_context *log_context,
 	krb5_data_free(&data);
 	return errno;
    }
    /*
     * Try to send a signal to any running `ipropd-master'
     */
 #ifndef NO_UNIX_SOCKETS
    sendto (log_context->socket_fd,
 	    (void *)&log_context->version,
 	    sizeof(log_context->version),
 	    0,
 	    (struct sockaddr *)&log_context->socket_name,
 	    sizeof(log_context->socket_name));
 #else
    sendto (log_context->socket_fd,
 	    (void *)&log_context->version,
 	    sizeof(log_context->version),
 	    0,
 	    log_context->socket_info->ai_addr,
 	    log_context->socket_info->ai_addrlen);
 #endif
    krb5_data_free(&data);
    return 0;
@@ -970,6 +980,8 @@ kadm5_log_truncate (kadm5_server_context *server_context)
 }
 #ifndef NO_UNIX_SOCKETS
 static char *default_signal = NULL;
 static HEIMDAL_MUTEX signal_mutex = HEIMDAL_MUTEX_INITIALIZER;
@@ -988,3 +1000,55 @@ kadm5_log_signal_socket(krb5_context context)
 					  "signal_socket",
 					  NULL);
 }
 #else  /* NO_UNIX_SOCKETS */
 #define SIGNAL_SOCKET_HOST "127.0.0.1"
 #define SIGNAL_SOCKET_PORT "12701"
 kadm5_ret_t
 kadm5_log_signal_socket_info(krb5_context context,
 			     int server_end,
 			     struct addrinfo **ret_addrs)
 {
    struct addrinfo hints;
    struct addrinfo *addrs = NULL;
    kadm5_ret_t ret = KADM5_FAILURE;
    int wsret;
    memset(&hints, 0, sizeof(hints));
    hints.ai_flags = AI_NUMERICHOST;
    if (server_end)
 	hints.ai_flags |= AI_PASSIVE;
    hints.ai_family = AF_INET;
    hints.ai_socktype = SOCK_STREAM;
    hints.ai_protocol = IPPROTO_TCP;
    wsret = getaddrinfo(SIGNAL_SOCKET_HOST,
 			SIGNAL_SOCKET_PORT,
 			&hints, &addrs);
    if (wsret != 0) {
 	krb5_set_error_message(context, KADM5_FAILURE,
 			       "%s", gai_strerror(wsret));
 	goto done;
    }
    if (addrs == NULL) {
 	krb5_set_error_message(context, KADM5_FAILURE,
 			       "getaddrinfo() failed to return address list");
 	goto done;
    }
    *ret_addrs = addrs;
    addrs = NULL;
    ret = 0;
 done:
    if (addrs)
 	freeaddrinfo(addrs);
    return ret;
 }
 #endif
--- a/lib/kadm5/password_quality.c
+++ b/lib/kadm5/password_quality.c
@@ -199,7 +199,7 @@ external_passwd_quality (krb5_context context,
 	fclose(out);
 	fclose(error);
-	waitpid(child, &status, 0);
+	wait_for_process(child);
 	return 1;
    }
    reply[strcspn(reply, "\n")] = '\0';
@@ -207,12 +207,9 @@ external_passwd_quality (krb5_context context,
    fclose(out);
    fclose(error);
-    if (waitpid(child, &status, 0) < 0) {
+    status = wait_for_process(child);
-	snprintf(message, length, "external program failed: %s", reply);
+
-	free(p);
+    if (SE_IS_ERROR(status) || SE_PROCSTATUS(status) != 0) {
 	return 1;
    }
    if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
 	snprintf(message, length, "external program failed: %s", reply);
 	free(p);
 	return 1;
--- a/lib/kadm5/private.h
+++ b/lib/kadm5/private.h
@@ -74,8 +74,12 @@ typedef struct kadm5_log_context {
    char *log_file;
    int log_fd;
    uint32_t version;
 #ifndef NO_UNIX_SOCKETS
    struct sockaddr_un socket_name;
-    int socket_fd;
+#else
    struct addrinfo *socket_info;
 #endif
    krb5_socket_t socket_fd;
 } kadm5_log_context;
 typedef struct kadm5_server_context {
--- a/lib/krb5/auth_context.c
+++ b/lib/krb5/auth_context.c
@@ -425,7 +425,7 @@ krb5_auth_con_setlocalseqnumber (krb5_context context,
  return 0;
 }
-KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_FUNCTION
+KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL
 krb5_auth_con_getremoteseqnumber(krb5_context context,
 				 krb5_auth_context auth_context,
 				 int32_t *seqnumber)
--- a/lib/krb5/config_file.c
+++ b/lib/krb5/config_file.c
@@ -473,6 +473,21 @@ krb5_config_parse_file_multi (krb5_context context,
 	return ENOENT;
 #endif
    } else {
 #ifdef KRB5_USE_PATH_TOKENS
 	char * exp_fname = NULL;
 	ret = _krb5_expand_path_tokens(context, fname, &exp_fname);
 	if (ret) {
 	    if (newfname)
 		free(newfname);
 	    return ret;
 	}
 	if (newfname)
 	    free(newfname);
 	fname = newfname = exp_fname;
 #endif
 	f.f = fopen(fname, "r");
 	f.s = NULL;
 	if(f.f == NULL) {
@@ -494,8 +509,6 @@ krb5_config_parse_file_multi (krb5_context context,
 	    return ret;
 	}
    }
    if (newfname)
 	free(newfname);
    return 0;
 }
@@ -1236,10 +1249,11 @@ krb5_config_get_int (krb5_context context,
 * @ingroup krb5_deprecated
 */
 KRB5_DEPRECATED
 krb5_error_code KRB5_LIB_FUNCTION
 krb5_config_parse_string_multi(krb5_context context,
 			       const char *string,
-			       krb5_config_section **res) KRB5_DEPRECATED
+			       krb5_config_section **res)
 {
    const char *str;
    unsigned lineno = 0;
--- a/lib/krb5/context.c
+++ b/lib/krb5/context.c
@@ -245,22 +245,25 @@ cc_ops_register(krb5_context context)
 static krb5_error_code
 cc_ops_copy(krb5_context context, const krb5_context src_context)
 {
    krb5_cc_ops **cc_ops;
    context->cc_ops = NULL;
    context->num_cc_ops = 0;
    if (src_context->num_cc_ops == 0)
 	return 0;
-    context->cc_ops = malloc(sizeof(context->cc_ops[0]) * src_context->num_cc_ops);
+    cc_ops = malloc(sizeof(cc_ops[0]) * src_context->num_cc_ops);
-    if (context->cc_ops == NULL) {
+    if (cc_ops == NULL) {
 	krb5_set_error_message(context, KRB5_CC_NOMEM,
 			       N_("malloc: out of memory", ""));
 	return KRB5_CC_NOMEM;
    }
    memcpy(cc_ops, src_context->cc_ops,
 	   sizeof(cc_ops[0]) * src_context->num_cc_ops);
    context->cc_ops = cc_ops;
    context->num_cc_ops = src_context->num_cc_ops;
    memcpy(context->cc_ops, src_context->cc_ops,
 	   sizeof(context->cc_ops[0]) * src_context->num_cc_ops);
    return 0;
 }
@@ -363,10 +366,8 @@ krb5_init_context(krb5_context *context)
    if (ret)
 	goto out;
 #endif	
-#ifdef NEED_SOCK_INIT
+    if (rk_SOCK_INIT())
    if (SOCK_INIT)
 	p->flags |= KRB5_CTX_F_SOCKETS_INITIALIZED;
 #endif
 out:
    if(ret) {
@@ -539,11 +540,9 @@ krb5_free_context(krb5_context context)
    HEIMDAL_MUTEX_destroy(context->mutex);
    free(context->mutex);
 #ifdef NEED_SOCK_INIT
    if (context->flags & KRB5_CTX_F_SOCKETS_INITIALIZED) {
- 	SOCK_EXIT;
+ 	rk_SOCK_EXIT();
    }
 #endif
    memset(context, 0, sizeof(*context));
    free(context);
--- a/lib/krb5/deprecated.c
+++ b/lib/krb5/deprecated.c
@@ -631,8 +631,9 @@ krb5_get_cred_from_kdc(krb5_context context,
 * @ingroup krb5_deprecated
 */
 KRB5_DEPRECATED
 void KRB5_LIB_FUNCTION
-krb5_free_unparsed_name(krb5_context context, char *str) KRB5_DEPRECATED
+krb5_free_unparsed_name(krb5_context context, char *str)
 {
    krb5_xfree(str);
 }
@@ -643,10 +644,11 @@ krb5_free_unparsed_name(krb5_context context, char *str) KRB5_DEPRECATED
 * @ingroup krb5_deprecated
 */
 KRB5_DEPRECATED
 krb5_error_code KRB5_LIB_FUNCTION
 krb5_generate_subkey(krb5_context context,
 		     const krb5_keyblock *key,
-		     krb5_keyblock **subkey) KRB5_DEPRECATED
+		     krb5_keyblock **subkey)
 {
    return krb5_generate_subkey_extended(context, key, ETYPE_NULL, subkey);
 }
@@ -657,10 +659,11 @@ krb5_generate_subkey(krb5_context context,
 * @ingroup krb5_deprecated
 */
 KRB5_DEPRECATED
 krb5_error_code KRB5_LIB_FUNCTION
 krb5_auth_getremoteseqnumber(krb5_context context,
 			     krb5_auth_context auth_context,
-			     int32_t *seqnumber) KRB5_DEPRECATED
+			     int32_t *seqnumber)
 {
  *seqnumber = auth_context->remote_seqnumber;
  return 0;
--- a/lib/krb5/error_string.c
+++ b/lib/krb5/error_string.c
@@ -279,8 +279,9 @@ krb5_free_error_message(krb5_context context, const char *msg)
 * @ingroup krb5
 */
 KRB5_DEPRECATED
 KRB5_LIB_FUNCTION const char* KRB5_LIB_CALL
-krb5_get_err_text(krb5_context context, krb5_error_code code) KRB5_DEPRECATED
+krb5_get_err_text(krb5_context context, krb5_error_code code)
 {
    const char *p = NULL;
    if(context != NULL)
--- a/lib/krb5/kuserok.c
+++ b/lib/krb5/kuserok.c
@@ -242,6 +242,8 @@ krb5_kuserok (krb5_context context,
    char *buf;
    size_t buflen;
    struct passwd *pwd = NULL;
    char *profile_dir = NULL;
    krb5_boolean free_profile_dir = FALSE;
    krb5_error_code ret;
    krb5_boolean result = FALSE;
@@ -258,14 +260,15 @@ krb5_kuserok (krb5_context context,
 #endif
    if (pwd == NULL)
 	return FALSE;
    profile_dir = pwd->pw_dir;
 #define KLOGIN "/.k5login"
-    buflen = strlen(pwd->pw_dir) + sizeof(KLOGIN) + 2; /* 2 for .d */
+    buflen = strlen(profile_dir) + sizeof(KLOGIN) + 2; /* 2 for .d */
    buf = malloc(buflen);
    if(buf == NULL)
 	return FALSE;
    /* check user's ~/.k5login */
-    strlcpy(buf, pwd->pw_dir, buflen);
+    strlcpy(buf, profile_dir, buflen);
    strlcat(buf, KLOGIN, buflen);
    ret = check_one_file(context, buf, pwd, principal, &result);
--- a/lib/krb5/libkrb5-exports.def.in
+++ b/lib/krb5/libkrb5-exports.def.in
@@ -57,7 +57,6 @@ EXPORTS
 	krb5_auth_con_setuserkey
 	krb5_auth_getremoteseqnumber
 	krb5_build_ap_req
 	krb5_build_authenticator
 	krb5_build_principal
 	krb5_build_principal_ext
 	krb5_build_principal_va
@@ -96,6 +95,7 @@ EXPORTS
 	krb5_cc_get_config
 	krb5_cc_get_friendly_name
 	krb5_cc_get_full_name
 	krb5_cc_get_kdc_offset
 	krb5_cc_get_lifetime
 	krb5_cc_get_name
 	krb5_cc_get_ops
@@ -115,8 +115,10 @@ EXPORTS
 	krb5_cc_set_config
 	krb5_cc_set_default_name
 	krb5_cc_set_flags
 	krb5_cc_set_kdc_offset
 	krb5_cc_start_seq_get
 	krb5_cc_store_cred
 	krb5_cc_support_switch
 	krb5_cc_switch
 	krb5_cc_set_friendly_name
 	krb5_change_password
@@ -135,13 +137,13 @@ EXPORTS
 	krb5_compare_creds
 	krb5_config_file_free
 	krb5_config_free_strings
-	krb5_config_get
+        _krb5_config_get
 	krb5_config_get_bool
 	krb5_config_get_bool_default
 	krb5_config_get_int
 	krb5_config_get_int_default
 	krb5_config_get_list
-	krb5_config_get_next
+	_krb5_config_get_next
 	krb5_config_get_string
 	krb5_config_get_string_default
 	krb5_config_get_strings
@@ -150,13 +152,13 @@ EXPORTS
 	krb5_config_parse_file
 	krb5_config_parse_file_multi
 	krb5_config_parse_string_multi
-	krb5_config_vget
+	_krb5_config_vget
 	krb5_config_vget_bool
 	krb5_config_vget_bool_default
 	krb5_config_vget_int
 	krb5_config_vget_int_default
 	krb5_config_vget_list
-	krb5_config_vget_next
+	_krb5_config_vget_next
 	krb5_config_vget_string
 	krb5_config_vget_string_default
 	krb5_config_vget_strings
@@ -176,6 +178,7 @@ EXPORTS
 	krb5_create_checksum
 	krb5_create_checksum_iov
 	krb5_crypto_destroy
 	krb5_crypto_fx_cf2
 	krb5_crypto_get_checksum_type
 	krb5_crypto_getblocksize
 	krb5_crypto_getconfoundersize
@@ -293,6 +296,7 @@ EXPORTS
 	krb5_free_principal
 	krb5_free_salt
 	krb5_free_ticket
 	krb5_free_unparsed_name
 	krb5_fwd_tgt_creds
 	krb5_generate_random_block
 	krb5_generate_random_keyblock
@@ -328,6 +332,7 @@ EXPORTS
 	krb5_get_host_realm
 	krb5_get_ignore_addresses
 	krb5_get_in_cred
 	krb5_cccol_last_change_time
 	krb5_get_in_tkt
 	krb5_get_in_tkt_with_keytab
 	krb5_get_in_tkt_with_password
@@ -380,8 +385,8 @@ EXPORTS
 	krb5_init_ets
 	krb5_init_etype
 	krb5_initlog
 	krb5_is_thread_safe
 	krb5_is_config_principal
 	krb5_is_thread_safe
 	krb5_kerberos_enctypes
 	krb5_keyblock_get_enctype
 	krb5_keyblock_init
@@ -403,10 +408,10 @@ EXPORTS
 	krb5_kt_close
 	krb5_kt_compare
 	krb5_kt_copy_entry_contents
 	krb5_kt_destroy
 	krb5_kt_default
 	krb5_kt_default_modify_name
 	krb5_kt_default_name
 	krb5_kt_destroy
 	krb5_kt_end_seq_get
 	krb5_kt_free_entry
 	krb5_kt_get_entry
@@ -471,6 +476,7 @@ EXPORTS
 	krb5_plugin_register
 	krb5_prepend_config_files
 	krb5_prepend_config_files_default
 	krb5_prepend_error_message
 	krb5_princ_realm
 	krb5_princ_set_realm
 	krb5_principal_compare
@@ -554,15 +560,15 @@ EXPORTS
 	krb5_sendto_ctx_set_type
 	krb5_sendto_kdc
 	krb5_sendto_kdc_flags
 	krb5_set_home_dir_access
 	krb5_set_config_files
 	krb5_set_default_in_tkt_etypes
 	krb5_set_default_realm
 	krb5_set_dns_canonicalize_hostname
 	krb5_set_error_string
 	krb5_set_error_message
 	krb5_set_error_string
 	krb5_set_extra_addresses
 	krb5_set_fcache_version
 	krb5_set_home_dir_access
 	krb5_set_ignore_addresses
 	krb5_set_kdc_sec_offset
 	krb5_set_max_time_skew
@@ -662,8 +668,9 @@ EXPORTS
 	krb5_verrx
 	krb5_vlog
 	krb5_vlog_msg
-	krb5_vset_error_string
+	krb5_vprepend_error_message
 	krb5_vset_error_message
 	krb5_vset_error_string
 	krb5_vwarn
 	krb5_vwarnx
 	krb5_warn
@@ -687,36 +694,40 @@ EXPORTS
 	initialize_k524_error_table_r
 	initialize_k524_error_table
-	; variables
+        ; variables
-	krb5_mcc_ops		DATA
+	krb5_mcc_ops            DATA
-	krb5_acc_ops		DATA
+	krb5_acc_ops            DATA
-	krb5_fcc_ops		DATA
+	krb5_fcc_ops            DATA
-	krb5_scc_ops		DATA
+#ifdef HAVE_SCC
 	krb5_scc_ops            DATA
 #endif
 #ifdef HAVE_KCM
-	krb5_kcm_ops		DATA
+	krb5_kcm_ops            DATA
 #endif
-#ifdef KRB4
+#ifdef HAVE_KRB4
-;	krb4_fkt_ops		DATA
+	krb4_fkt_ops            DATA
 #endif
-	krb5_wrfkt_ops		DATA
+	krb5_wrfkt_ops          DATA
-	krb5_mkt_ops		DATA
+	krb5_mkt_ops            DATA
-	krb5_akf_ops		DATA
+	krb5_akf_ops            DATA
-	krb5_any_ops		DATA
+	krb5_any_ops            DATA
-	__heimdal_version	DATA
+	heimdal_version         DATA
-	__heimdal_long_version	DATA
+	heimdal_long_version    DATA
-	krb5_config_file	DATA
+	krb5_config_file        DATA
-	krb5_defkeyname		DATA
+	krb5_defkeyname         DATA
-	krb5_cc_type_api	DATA
+	krb5_cc_type_api        DATA
-	krb5_cc_type_file	DATA
+	krb5_cc_type_file       DATA
-	krb5_cc_type_memory	DATA
+	krb5_cc_type_memory     DATA
-	krb5_cc_type_kcm	DATA
+	krb5_cc_type_kcm        DATA
-	krb5_cc_type_scc	DATA
+	krb5_cc_type_scc        DATA
-	; Shared with GSSAPI krb5
+        ; Shared with GSSAPI krb5
-	_krb5_crc_init_table;	
+	_krb5_crc_init_table
-	_krb5_crc_update;	
+	_krb5_crc_update
 	_krb5_get_krbtgt
 	_krb5_build_authenticator
-	; V4 compat glue
+        ; V4 compat glue
 	_krb5_krb_tf_setup
 	_krb5_krb_dest_tkt
 	_krb5_krb_life_to_time
@@ -737,7 +748,6 @@ EXPORTS
 	_krb5_get_int
 	_krb5_pac_sign
 	_krb5_parse_moduli
 	_krb5_pk_enterprise_cert
 	_krb5_pk_kdf
 	_krb5_pk_load_id
 	_krb5_pk_mk_ContentInfo
@@ -752,6 +762,10 @@ EXPORTS
 	_krb5_s4u2self_to_checksumdata
 	_krb5_expand_path_tokens
        ; kinit helper
 	_krb5_get_init_creds_opt_set_pkinit_user_certs
 	_krb5_pk_enterprise_cert
 	; testing
 ;	_krb5_aes_cts_encrypt
 	_krb5_n_fold
--- a/lib/krb5/pkinit.c
+++ b/lib/krb5/pkinit.c
@@ -1959,7 +1959,6 @@ _krb5_pk_load_id(krb5_context context,
 	hx509_certs_free(&id->anchors);
 	hx509_certs_free(&id->certpool);
 	hx509_revoke_free(&id->revokectx);
 	hx509_context_free(&context->hx509ctx);
 	free(id);
    } else
 	*ret_id = id;
--- a/lib/krb5/plugin.c
+++ b/lib/krb5/plugin.c
@@ -205,9 +205,7 @@ load_plugins(krb5_context context)
 	d = opendir(*di);
 	if (d == NULL)
 	    continue;
-#ifdef HAVE_DIRFD
+	rk_cloexec_dir(d);
 	rk_cloexec(dirfd(d));
 #endif
 	while ((entry = readdir(d)) != NULL) {
 	    char *n = entry->d_name;
--- a/lib/ntlm/libheimntlm-exports.def
+++ b/lib/ntlm/libheimntlm-exports.def
@@ -0,0 +1,21 @@
 EXPORTS
 	heim_ntlm_build_ntlm1_master
 	heim_ntlm_calculate_ntlm1
 	heim_ntlm_calculate_ntlm2
 	heim_ntlm_calculate_ntlm2_sess
 	heim_ntlm_decode_targetinfo
 	heim_ntlm_decode_type1
 	heim_ntlm_decode_type2
 	heim_ntlm_decode_type3
 	heim_ntlm_encode_targetinfo
 	heim_ntlm_encode_type1
 	heim_ntlm_encode_type2
 	heim_ntlm_encode_type3
 	heim_ntlm_free_buf
 	heim_ntlm_free_targetinfo
 	heim_ntlm_free_type1
 	heim_ntlm_free_type2
 	heim_ntlm_free_type3
 	heim_ntlm_nt_key
 	heim_ntlm_ntlmv2_key
 	heim_ntlm_verify_ntlm2
--- a/lib/ntlm/ntlm.c
+++ b/lib/ntlm/ntlm.c
@@ -41,8 +41,8 @@
 #include <errno.h>
 #include <limits.h>
 #include <krb5.h>
 #include <roken.h>
 #include <krb5.h>
 #define HC_DEPRECATED_CRYPTO
--- a/lib/roken/NTMakefile
+++ b/lib/roken/NTMakefile
@@ -38,6 +38,7 @@ libroken_la_OBJS =			\
 	$(OBJ)\bswap.obj		\
 	$(OBJ)\concat.obj		\
 	$(OBJ)\cloexec.obj		\
 	$(OBJ)\ct.obj			\
 	$(OBJ)\dirent.obj		\
 	$(OBJ)\dlfcn_w32.obj		\
 	$(OBJ)\dumpdata.obj		\
@@ -88,6 +89,7 @@ libroken_la_OBJS =			\
 	$(OBJ)\socket.obj		\
 	$(OBJ)\sockstartup_w32.obj	\
 	$(OBJ)\strcollect.obj		\
 	$(OBJ)\strerror_r.obj		\
 	$(OBJ)\strlcat.obj		\
 	$(OBJ)\strlcpy.obj		\
 	$(OBJ)\strpool.obj		\
--- a/lib/roken/cloexec.c
+++ b/lib/roken/cloexec.c
@@ -56,3 +56,11 @@ rk_cloexec_file(FILE *f)
    rk_cloexec(fileno(f));
 #endif
 }
 void ROKEN_LIB_FUNCTION
 rk_cloexec_dir(DIR * d)
 {
 #ifdef HAVE_DIRFD
    rk_cloexec(dirfd(d));
 #endif
 }
--- a/include/krb5-types.h.w32
+++ b/include/krb5-types.h.w32
@@ -29,33 +29,38 @@
 *
 **********************************************************************/
-#ifndef __krb5_types_h__
+#ifndef __DIRENT_H__
-#define __krb5_types_h__
+#define __DIRENT_H__
-#ifndef __BIT_TYPES_DEFINED__
+#ifndef ROKEN_LIB_FUNCTION
-#define __BIT_TYPES_DEFINED__
+#ifdef _WIN32
-
+#define ROKEN_LIB_FUNCTION
-typedef __int8             int8_t;
+#define ROKEN_LIB_CALL     __cdecl
 typedef __int16            int16_t;
 typedef __int32            int32_t;
 typedef __int64            int64_t;
 typedef unsigned __int8    uint8_t;
 typedef unsigned __int16   uint16_t;
 typedef unsigned __int32   uint32_t;
 typedef unsigned __int64   uint64_t;
 typedef uint8_t            u_int8_t;
 typedef uint16_t           u_int16_t;
 typedef uint32_t           u_int32_t;
 typedef uint64_t           u_int64_t;
 #endif  /* __BIT_TYPES_DEFINED__ */
 typedef int                krb5_socklen_t;
 #ifdef _WIN64
 typedef __int64            krb5_ssize_t;
 #else
-typedef int                krb5_ssize_t;
+#define ROKEN_LIB_FUNCTION
 #define ROKEN_LIB_CALL
 #endif
 #endif
-#endif  /* __krb5_types_h__ */
+#include<sys/types.h>
 struct dirent {
    ino_t   d_ino;
    char    d_name[1];
 };
 typedef struct _dirent_dirinfo DIR;
 ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL closedir(DIR *);
 ROKEN_LIB_FUNCTION DIR * ROKEN_LIB_CALL opendir(const char *);
 ROKEN_LIB_FUNCTION struct dirent * ROKEN_LIB_CALL readdir(DIR *);
 ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL rewinddir(DIR *);
 ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL seekdir(DIR *, long);
 ROKEN_LIB_FUNCTION long ROKEN_LIB_CALL telldir(DIR *);
 #endif
--- a/lib/roken/flock.c
+++ b/lib/roken/flock.c
@@ -41,7 +41,7 @@
 ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
-fk_flock(int fd, int operation)
+rk_flock(int fd, int operation)
 {
 #if defined(HAVE_FCNTL) && defined(F_SETLK)
  struct flock arg;
--- a/lib/roken/roken-common.h
+++ b/lib/roken/roken-common.h
@@ -480,6 +480,9 @@ rk_cloexec(int);
 ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
 rk_cloexec_file(FILE *);
 ROKEN_LIB_FUNCTION void ROKEN_LIB_CALL
 rk_cloexec_dir(DIR *);
 ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL
 ct_memcmp(const void *, const void *, size_t);
--- a/lib/roken/roken.h.in
+++ b/lib/roken/roken.h.in
@@ -63,6 +63,8 @@
 typedef SOCKET rk_socket_t;
 #define rk_closesocket(x) closesocket(x)
 #define rk_INVALID_SOCKET INVALID_SOCKET
 #define rk_IS_BAD_SOCKET(s) ((s) == INVALID_SOCKET)
 #define rk_IS_SOCKET_ERROR(rv) ((rv) == SOCKET_ERROR)
 #define rk_SOCK_ERRNO WSAGetLastError()
@@ -72,8 +74,8 @@ typedef SOCKET rk_socket_t;
 #define EWOULDBLOCK             WSAEWOULDBLOCK
 #define ENOTSOCK		WSAENOTSOCK
-#define rk_SOCK_INIT rk_WSAStartup()
+#define rk_SOCK_INIT() rk_WSAStartup()
-#define rk_SOCK_EXIT rk_WSACleanup()
+#define rk_SOCK_EXIT() rk_WSACleanup()
 ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_WSAStartup(void);
 ROKEN_LIB_FUNCTION int ROKEN_LIB_CALL rk_WSACleanup(void);
@@ -220,6 +222,14 @@ struct sockaddr_dl;
 #include <paths.h>
 #endif
 #ifdef HAVE_DIRENT_H
 #include <dirent.h>
 #endif
 #ifdef BACKSLASH_PATH_DELIM
 #define rk_PATH_DELIM '\\'
 #endif
 #ifndef HAVE_SSIZE_T
 #ifdef _WIN64
 typedef __int64 ssize_t;
@@ -303,7 +313,7 @@ rk_vsnprintf (char *str, size_t sz, const char *format, va_list args);
 S_ISBLK(m)
 */
-#endif
+#endif  /* _MSC_VER */
 #ifndef HAVE_PUTENV
 #define putenv rk_putenv
@@ -827,8 +837,10 @@ struct msghdr {
    int             msg_flags;
 };
 #define sendmsg sendmsg_w32
 ROKEN_LIB_FUNCTION ssize_t ROKEN_LIB_CALL
-sendmsg(rk_socket_t s, const struct msghdr * msg, int flags);
+sendmsg_w32(rk_socket_t s, const struct msghdr * msg, int flags);
 #endif
--- a/lib/roken/sendmsg.c
+++ b/lib/roken/sendmsg.c
@@ -100,7 +100,7 @@ sendmsg(rk_socket_t s, const struct msghdr *msg, int flags)
 * 
 **********************************************************************/
-/*
+/**
 * Implementation of sendmsg() for WIN32
 *
 * We are using a contrived definition of msghdr which actually uses
--- a/lib/roken/strerror_r.c
+++ b/lib/roken/strerror_r.c
@@ -39,6 +39,25 @@
 #include <string.h>
 #include <errno.h>
 #ifdef _MSC_VER
 int ROKEN_LIB_FUNCTION
 rk_strerror_r(int eno, char * strerrbuf, size_t buflen)
 {
    errno_t err;
    err = strerror_s(strerrbuf, buflen, eno);
    if (err != 0) {
        int code;
        code = sprintf_s(strerrbuf, buflen, "Error % occurred.", eno);
        err = ((code != 0)? errno : 0);
    }
    return err;
 }
 #else  /* _MSC_VER */
 #ifndef HAVE_STRERROR_R
 extern int sys_nerr;
 extern char *sys_errlist[];
@@ -68,4 +87,6 @@ rk_strerror_r(int eno, char *strerrbuf, size_t buflen)
 #endif
 }
 #endif  /* !_MSC_VER */
 #endif
--- a/lib/roken/test-mini_inetd.c
+++ b/lib/roken/test-mini_inetd.c
@@ -82,7 +82,7 @@ get_connected_socket(rk_socket_t * s_ret)
 	goto done;
    *s_ret = s;
-    s = INVALID_SOCKET;
+    s = rk_INVALID_SOCKET;
    rv = 0;
 done:
@@ -105,7 +105,7 @@ const char * test_strings[] = {
 static int
 test_simple_echo_client(void)
 {
-    rk_socket_t s = INVALID_SOCKET;
+    rk_socket_t s = rk_INVALID_SOCKET;
    int rv;
    char buf[81];
    int i;
@@ -165,7 +165,7 @@ test_simple_echo_socket(void)
 	return test_simple_echo_client();
    } else {
-	rk_socket_t s = INVALID_SOCKET;
+	rk_socket_t s = rk_INVALID_SOCKET;
 	fprintf (stderr, "[%s] Listening for connections...\n", prog);
 	mini_inetd(htons(PORT), &s);
--- a/lib/roken/version-script.map
+++ b/lib/roken/version-script.map
@@ -42,6 +42,7 @@ HEIMDAL_ROKEN_1.0 {
 		rk_cgetstr;
 		rk_cloexec;
 		rk_cloexec_file;
                rk_cloexec_dir;
 		rk_closefrom;
 		rk_copyhostent;
 		rk_dns_free_data;
--- a/windows/NTMakefile.config
+++ b/windows/NTMakefile.config
@@ -91,4 +91,7 @@ ENABLE_PTHREAD_SUPPORT=1
 # Use the Kerberos Credentials Manager
 # HAVE_KCM=1
-DIR_hdbdir=%{COMMON_APPDATA}\heimdal\hdb
+# Use the sqlite backend
 HAVE_SCC=1
 DIR_hdbdir=%{COMMON_APPDATA}/heimdal/hdb
--- a/windows/NTMakefile.w32
+++ b/windows/NTMakefile.w32
@@ -277,6 +277,9 @@ prep:: show-cmds
 {$(OBJ)}.hx{$(INCDIR)}.h:
 	$(CP) $< $@
 {$(OBJ)}.hx{$(OBJ)}.h:
 	$(CP) $< $@
 {}.rc{$(OBJ)}.res:
 	$(RC2RES)
@@ -444,6 +447,8 @@ LIBHCRYPTO  =$(LIBDIR)\libhcrypto.lib
 LIBHX509    =$(LIBDIR)\libhx509.lib
 LIBKRB5	    =$(LIBDIR)\libkrb5.lib
 LIBHEIMNTLM =$(LIBDIR)\libheimntlm.lib
 LIBHEIMIPCC =$(LIBDIR)\libheim-ipcc.lib
 LIBHEIMIPCS =$(LIBDIR)\libheim-ipcs.lib
 LIBGSSAPI   =$(LIBDIR)\libgssapi.lib
 LIBHDB	    =$(LIBDIR)\libhdb.lib
 LIBKADM5SRV =$(LIBDIR)\libkadm5srv.lib
--- a/windows/maint.el
+++ b/windows/maint.el
@@ -0,0 +1,34 @@
 (defun generate-obj-macro (mname &optional postfix &rest slist)
  "Generates a macro definition for an OBJs dependency based on a list of source definitions"
  (let*
      ((replist (apply 'append (mapcar (lambda (sdef)
                                         (goto-char 0)
                                         (let*
                                             ((def (buffer-substring-no-properties
                                                    (search-forward (concat sdef " = \\\n") nil t)
                                                    (search-forward "\n\n" nil t)))
                                              (st (split-string
                                                   (replace-regexp-in-string "^.*\\.h.*\n" "" def)
                                                   "\\s-+\\\\?\\|\n" t)))
                                           st)) slist)))
       (def-start (search-forward (concat mname " = \\\n") nil t))
       (def-end (search-forward "\n\n" nil t))
       (repl (mapconcat
              (lambda (s)
                (concat "\t"
                        (replace-regexp-in-string
                         "\\(\\s-*\\)\\(.*\\)\\.c" "\\1$(OBJ)\\\\\\2.obj" s)
                        " \\"))
              replist "\n"))
       (erepl (if postfix
                  (concat repl "\n" postfix "\n\n")
                (concat repl "\n\n")))
       )
    (delete-region def-start def-end)
    (insert erepl))
  )