diff -r de23f8881e9f -r 1fb26aca5093 libidav/resource.c
--- a/libidav/resource.c	Mon Mar 14 11:54:55 2016 +0100
+++ b/libidav/resource.c	Mon Mar 14 17:18:33 2016 +0100
@@ -557,7 +557,10 @@
     DavResourceData *data = res->data;
     
     util_set_url(sn, dav_resource_get_href(res));
-      
+    
+    DavLock *lock = dav_get_lock(sn, res->path);
+    char *locktoken = lock ? lock->token : NULL;
+    
     // store content
     if(data->content) {
         int encryption = DAV_ENCRYPT_CONTENT(sn) && sn->key;
@@ -575,10 +578,11 @@
                         buf,
                         (dav_read_func)ucx_buffer_read);
             }
-            
+              
             // put resource
             ret = do_put_request(
                     sn->handle,
+                    locktoken,
                     enc,
                     (dav_read_func)aes_read,
                     0);
@@ -604,6 +608,7 @@
         } else {
             ret = do_put_request(
                     sn->handle,
+                    locktoken,
                     data->content,
                     data->read,
                     data->length);
@@ -632,7 +637,7 @@
         UcxBuffer *response = ucx_buffer_new(NULL, 1024, UCX_BUFFER_AUTOEXTEND);
         //printf("request:\n%.*s\n\n", request->pos, request->space);
 
-        CURLcode ret = do_proppatch_request(sn->handle, request, response);
+        CURLcode ret = do_proppatch_request(sn->handle, locktoken, request, response);
         long status = 0;
         curl_easy_getinfo (sn->handle, CURLINFO_RESPONSE_CODE, &status);
         if(ret == CURLE_OK && status == 207) {
@@ -745,8 +750,11 @@
     CURL *handle = res->session->handle;
     util_set_url(res->session, dav_resource_get_href(res));
     
+    DavLock *lock = dav_get_lock(res->session, res->path);
+    char *locktoken = lock ? lock->token : NULL;
+    
     UcxBuffer *response = ucx_buffer_new(NULL, 4096, UCX_BUFFER_AUTOEXTEND);
-    CURLcode ret = do_delete_request(handle, response);
+    CURLcode ret = do_delete_request(handle, locktoken, response);
     long status = 0;
     curl_easy_getinfo (handle, CURLINFO_RESPONSE_CODE, &status);
     if(ret == CURLE_OK && (status >= 200 && status < 300)) {
@@ -765,6 +773,10 @@
 static int create_ancestors(DavSession *sn, char *href, char *path) {
     CURL *handle = sn->handle;
     CURLcode code;
+    
+    DavLock *lock = dav_get_lock(sn, path);
+    char *locktoken = lock ? lock->token : NULL;
+    
     long status = 0;
     int ret = 0;
     
@@ -777,7 +789,7 @@
     
     for(int i=0;i<2;i++) {
         util_set_url(sn, h);
-        code = do_mkcol_request(handle);
+        code = do_mkcol_request(handle, locktoken);
         curl_easy_getinfo(handle, CURLINFO_RESPONSE_CODE, &status);
         if(status == 201) {
             // resource successfully created
@@ -816,11 +828,14 @@
     CURL *handle = sn->handle;
     util_set_url(sn, dav_resource_get_href(res));
     
+    DavLock *lock = dav_get_lock(res->session, res->path);
+    char *locktoken = lock ? lock->token : NULL;
+    
     CURLcode code;
     if(res->iscollection) {
-        code = do_mkcol_request(handle);
+        code = do_mkcol_request(handle, locktoken);
     } else {
-        code = do_put_request(handle, "", NULL, 0); 
+        code = do_put_request(handle, locktoken, "", NULL, 0); 
     }
     long s = 0;
     curl_easy_getinfo(handle, CURLINFO_RESPONSE_CODE, &s);
@@ -925,7 +940,7 @@
     return dav_cp_mv_url(res, url, false, override);
 }
 
-char* dav_lock(DavResource *res) {
+int dav_lock(DavResource *res) {
     DavSession *sn = res->session;
     CURL *handle = sn->handle;
     util_set_url(sn, dav_resource_get_href(res));
@@ -944,26 +959,50 @@
         LockDiscovery lock;
         if(parse_lock_response(sn, response, &lock)) {
             sn->error = DAV_ERROR;
-            return NULL;
+            return -1;
         }
         
+        DavLock *l = dav_create_lock(sn, lock.locktoken, lock.timeout);
+        free(lock.locktoken);
         free(lock.timeout);
-        return lock.locktoken;
+        
+        int r = 0;
+        if(res->iscollection) {
+            r = dav_add_collection_lock(sn, res->path, l);
+        } else {
+            r = dav_add_resource_lock(sn, res->path, l);
+        }
+        
+        if(r == 0) {
+            return 0;
+        } else {
+            (void)dav_unlock(res);
+            sn->error = DAV_ERROR;
+            dav_destroy_lock(sn, l);
+            return -1;
+        }
     } else {
         dav_session_set_error(sn, ret, status);
-        return NULL;
+        return -1;
     }
 }
 
-int dav_unlock(DavResource *res, char *locktoken) {
+int dav_unlock(DavResource *res) {
     DavSession *sn = res->session;
     CURL *handle = sn->handle;
     util_set_url(sn, dav_resource_get_href(res));
     
-    CURLcode ret = do_unlock_request(handle, locktoken);
+    DavLock *lock = dav_get_lock(res->session, res->path);
+    if(!lock) {
+        sn->error = DAV_ERROR;
+        return -1;
+    }
+    
+    CURLcode ret = do_unlock_request(handle, lock->token);
     long status = 0;
     curl_easy_getinfo (handle, CURLINFO_RESPONSE_CODE, &status);
     if(ret == CURLE_OK && (status >= 200 && status < 300)) {
+        dav_remove_lock(sn, res->path, lock);
         return 0;
     } else {
         dav_session_set_error(sn, ret, status);
@@ -983,7 +1022,8 @@
     UcxBuffer *response = ucx_buffer_new(NULL, 1024, UCX_BUFFER_AUTOEXTEND);
     
     util_set_url(sn, href);
-    CURLcode ret = do_proppatch_request(sn->handle, request, response);
+    // TODO: lock
+    CURLcode ret = do_proppatch_request(sn->handle, NULL, request, response);
     ucx_buffer_free(request);
     long status = 0;
     curl_easy_getinfo (sn->handle, CURLINFO_RESPONSE_CODE, &status);