From 540caf7ea691874436ddfaf440f4b0714e592dce Mon Sep 17 00:00:00 2001
From: Stefan Metzmacher <metze@samba.org>
Date: Sat, 15 Sep 2007 20:09:29 +0000
Subject: r25181: sync winbind client code with samba3

NOTE: wbinfo.c isn't fully merged here

metze
(This used to be commit eee5327dc2f79c052c2db0ca89f23cc9d2ce355d)
---
 source4/auth/auth_winbind.c                |   2 +-
 source4/nsswitch/wb_common.c               | 242 ++++++++++++++++---------
 source4/nsswitch/wbinfo.c                  |  58 +++---
 source4/nsswitch/winbind_client.h          |  29 +--
 source4/nsswitch/winbind_nss.h             |  10 +-
 source4/nsswitch/winbind_nss_config.h      |  47 -----
 source4/nsswitch/winbind_nss_irix.h        |   4 -
 source4/nsswitch/winbind_nss_linux.c       | 277 ++++++++++++++---------------
 source4/nsswitch/winbind_nss_solaris.h     |  26 +++
 source4/nsswitch/winbind_struct_protocol.h | 160 ++++++++---------
 10 files changed, 458 insertions(+), 397 deletions(-)

(limited to 'source4')

diff --git a/source4/auth/auth_winbind.c b/source4/auth/auth_winbind.c
index 95636d7843..2ec0dc7a56 100644
--- a/source4/auth/auth_winbind.c
+++ b/source4/auth/auth_winbind.c
@@ -109,7 +109,7 @@ static NTSTATUS winbind_check_password_samba3(struct auth_method_context *ctx,
 	memcpy(request.data.auth_crap.nt_resp, user_info->password.response.nt.data,
 	       request.data.auth_crap.nt_resp_len);
 
-	result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response);
+	result = winbindd_request_response(WINBINDD_PAM_AUTH_CRAP, &request, &response);
 
 	nt_status = NT_STATUS(response.data.auth.nt_status);
 	NT_STATUS_NOT_OK_RETURN(nt_status);
diff --git a/source4/nsswitch/wb_common.c b/source4/nsswitch/wb_common.c
index 101659380c..2ae85dcb1e 100644
--- a/source4/nsswitch/wb_common.c
+++ b/source4/nsswitch/wb_common.c
@@ -22,16 +22,16 @@
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-#include "includes.h"
-#include "nsswitch/winbind_client.h"
+#include "winbind_client.h"
 
 /* Global variables.  These are effectively the client state information */
 
 int winbindd_fd = -1;           /* fd for winbindd socket */
+static int is_privileged = 0;
 
 /* Free a response structure */
 
-void free_response(struct winbindd_response *response)
+void winbindd_free_response(struct winbindd_response *response)
 {
 	/* Free any allocated extra_data */
 
@@ -41,7 +41,7 @@ void free_response(struct winbindd_response *response)
 
 /* Initialise a request structure */
 
-void init_request(struct winbindd_request *request, int request_type)
+void winbindd_init_request(struct winbindd_request *request, int request_type)
 {
 	request->length = sizeof(struct winbindd_request);
 
@@ -52,7 +52,7 @@ void init_request(struct winbindd_request *request, int request_type)
 
 /* Initialise a response structure */
 
-void init_response(struct winbindd_response *response)
+static void init_response(struct winbindd_response *response)
 {
 	/* Initialise return value */
 
@@ -61,7 +61,7 @@ void init_response(struct winbindd_response *response)
 
 /* Close established socket */
 
-void close_sock(void)
+void winbind_close_sock(void)
 {
 	if (winbindd_fd != -1) {
 		close(winbindd_fd);
@@ -70,10 +70,6 @@ void close_sock(void)
 }
 
 #define CONNECT_TIMEOUT 30
-#if 0 /* unused */
-#define WRITE_TIMEOUT CONNECT_TIMEOUT
-#define READ_TIMEOUT CONNECT_TIMEOUT
-#endif
 
 /* Make sure socket handle isn't stdin, stdout or stderr */
 #define RECURSION_LIMIT 3
@@ -172,7 +168,7 @@ static int winbind_named_pipe_sock(const char *dir)
 {
 	struct sockaddr_un sunaddr;
 	struct stat st;
-	char *path;
+	pstring path;
 	int fd;
 	int wait_time;
 	int slept;
@@ -189,8 +185,16 @@ static int winbind_named_pipe_sock(const char *dir)
 	}
 	
 	/* Connect to socket */
-
-	asprintf(&path, "%s%s", dir, "/" WINBINDD_SOCKET_NAME);
+	
+	strncpy(path, dir, sizeof(path) - 1);
+	path[sizeof(path) - 1] = '\0';
+	
+	strncat(path, "/", sizeof(path) - 1 - strlen(path));
+	path[sizeof(path) - 1] = '\0';
+	
+	strncat(path, WINBINDD_SOCKET_NAME, sizeof(path) - 1 - strlen(path));
+	path[sizeof(path) - 1] = '\0';
+	
 	ZERO_STRUCT(sunaddr);
 	sunaddr.sun_family = AF_UNIX;
 	strncpy(sunaddr.sun_path, path, sizeof(sunaddr.sun_path) - 1);
@@ -200,11 +204,8 @@ static int winbind_named_pipe_sock(const char *dir)
 	   the winbindd daemon is not running. */
 
 	if (lstat(path, &st) == -1) {
-		SAFE_FREE(path);
 		return -1;
 	}
-
-	SAFE_FREE(path);
 	
 	/* Check permissions on unix socket file */
 	
@@ -277,72 +278,80 @@ static int winbind_named_pipe_sock(const char *dir)
 
 	close(fd);
 	return -1;
+}
 
-	if (connect(fd, (struct sockaddr *)&sunaddr, 
-		    sizeof(sunaddr)) == -1) {
-		close(fd);
-		return -1;
+static const char *winbindd_socket_dir(void)
+{
+#ifdef SOCKET_WRAPPER
+	const char *env_dir;
+
+	env_dir = getenv(WINBINDD_SOCKET_DIR_ENVVAR);
+	if (env_dir) {
+		return env_dir;
 	}
-        
-	return fd;
+#endif
+
+	return WINBINDD_SOCKET_DIR;
 }
 
 /* Connect to winbindd socket */
 
-int winbind_open_pipe_sock(void)
+static int winbind_open_pipe_sock(int recursing, int need_priv)
 {
 #ifdef HAVE_UNIXSOCKET
 	static pid_t our_pid;
 	struct winbindd_request request;
 	struct winbindd_response response;
-	const char *winbindd_socket_dir_env;
 	ZERO_STRUCT(request);
 	ZERO_STRUCT(response);
 
 	if (our_pid != getpid()) {
-		close_sock();
+		winbind_close_sock();
 		our_pid = getpid();
 	}
+
+	if ((need_priv != 0) && (is_privileged == 0)) {
+		winbind_close_sock();
+	}
 	
 	if (winbindd_fd != -1) {
 		return winbindd_fd;
 	}
 
-#ifdef SOCKET_WRAPPER
-	winbindd_socket_dir_env = getenv(WINBINDD_SOCKET_DIR_ENV);
-
-	if (!winbindd_socket_dir_env)
-	{
-		winbindd_socket_dir_env = WINBINDD_SOCKET_DIR;
+	if (recursing) {
+		return -1;
 	}
-#else
-	winbindd_socket_dir_env = WINBINDD_SOCKET_DIR;
-#endif
-
-	winbindd_fd = winbind_named_pipe_sock(winbindd_socket_dir_env);
 
-	if (winbindd_fd == -1)
-	{
+	if ((winbindd_fd = winbind_named_pipe_sock(winbindd_socket_dir())) == -1) {
 		return -1;
 	}
 
+	is_privileged = 0;
+
 	/* version-check the socket */
 
-	if ((winbindd_request(WINBINDD_INTERFACE_VERSION, &request, &response) != NSS_STATUS_SUCCESS) || (response.data.interface_version != WINBIND_INTERFACE_VERSION)) {
-		close_sock();
+	request.wb_flags = WBFLAG_RECURSE;
+	if ((winbindd_request_response(WINBINDD_INTERFACE_VERSION, &request, &response) != NSS_STATUS_SUCCESS) || (response.data.interface_version != WINBIND_INTERFACE_VERSION)) {
+		winbind_close_sock();
 		return -1;
 	}
 
 	/* try and get priv pipe */
 
-	if (winbindd_request(WINBINDD_PRIV_PIPE_DIR, &request, &response) == NSS_STATUS_SUCCESS) {
+	request.wb_flags = WBFLAG_RECURSE;
+	if (winbindd_request_response(WINBINDD_PRIV_PIPE_DIR, &request, &response) == NSS_STATUS_SUCCESS) {
 		int fd;
-		if ((fd = winbind_named_pipe_sock(response.extra_data.data)) != -1) {
+		if ((fd = winbind_named_pipe_sock((char *)response.extra_data.data)) != -1) {
 			close(winbindd_fd);
 			winbindd_fd = fd;
+			is_privileged = 1;
 		}
 	}
 
+	if ((need_priv != 0) && (is_privileged == 0)) {
+		return -1;
+	}
+
 	SAFE_FREE(response.extra_data.data);
 
 	return winbindd_fd;
@@ -353,7 +362,7 @@ int winbind_open_pipe_sock(void)
 
 /* Write data to winbindd socket */
 
-int write_sock(void *buffer, int count)
+int winbind_write_sock(void *buffer, int count, int recursing, int need_priv)
 {
 	int result, nwritten;
 	
@@ -361,7 +370,7 @@ int write_sock(void *buffer, int count)
 	
  restart:
 	
-	if (winbind_open_pipe_sock() == -1) {
+	if (winbind_open_pipe_sock(recursing, need_priv) == -1) {
 		return -1;
 	}
 	
@@ -381,7 +390,7 @@ int write_sock(void *buffer, int count)
 		ZERO_STRUCT(tv);
 		
 		if (select(winbindd_fd + 1, &r_fds, NULL, NULL, &tv) == -1) {
-			close_sock();
+			winbind_close_sock();
 			return -1;                   /* Select error */
 		}
 		
@@ -399,7 +408,7 @@ int write_sock(void *buffer, int count)
 				
 				/* Write failed */
 				
-				close_sock();
+				winbind_close_sock();
 				return -1;
 			}
 			
@@ -409,7 +418,7 @@ int write_sock(void *buffer, int count)
 			
 			/* Pipe has closed on remote end */
 			
-			close_sock();
+			winbind_close_sock();
 			goto restart;
 		}
 	}
@@ -419,11 +428,15 @@ int write_sock(void *buffer, int count)
 
 /* Read data from winbindd socket */
 
-static int read_sock(void *buffer, int count)
+int winbind_read_sock(void *buffer, int count)
 {
 	int nread = 0;
 	int total_time = 0, selret;
 
+	if (winbindd_fd == -1) {
+		return -1;
+	}
+
 	/* Read data from socket */
 	while(nread < count) {
 		struct timeval tv;
@@ -439,7 +452,7 @@ static int read_sock(void *buffer, int count)
 		tv.tv_sec = 5;
 
 		if ((selret = select(winbindd_fd + 1, &r_fds, NULL, NULL, &tv)) == -1) {
-			close_sock();
+			winbind_close_sock();
 			return -1;                   /* Select error */
 		}
 		
@@ -447,7 +460,7 @@ static int read_sock(void *buffer, int count)
 			/* Not ready for read yet... */
 			if (total_time >= 30) {
 				/* Timeout */
-				close_sock();
+				winbind_close_sock();
 				return -1;
 			}
 			total_time += 5;
@@ -467,7 +480,7 @@ static int read_sock(void *buffer, int count)
 				   can do here is just return -1 and fail since the
 				   transaction has failed half way through. */
 			
-				close_sock();
+				winbind_close_sock();
 				return -1;
 			}
 			
@@ -481,7 +494,7 @@ static int read_sock(void *buffer, int count)
 
 /* Read reply */
 
-int read_reply(struct winbindd_response *response)
+int winbindd_read_reply(struct winbindd_response *response)
 {
 	int result1, result2 = 0;
 
@@ -491,9 +504,9 @@ int read_reply(struct winbindd_response *response)
 	
 	/* Read fixed length response */
 	
-	if ((result1 = read_sock(response, sizeof(struct winbindd_response)))
-	    == -1) {
-		
+	result1 = winbind_read_sock(response,
+				    sizeof(struct winbindd_response));
+	if (result1 == -1) {
 		return -1;
 	}
 	
@@ -515,9 +528,10 @@ int read_reply(struct winbindd_response *response)
 			return -1;
 		}
 		
-		if ((result2 = read_sock(response->extra_data.data, extra_data_len))
-		    == -1) {
-			free_response(response);
+		result2 = winbind_read_sock(response->extra_data.data,
+					    extra_data_len);
+		if (result2 == -1) {
+			winbindd_free_response(response);
 			return -1;
 		}
 	}
@@ -527,22 +541,31 @@ int read_reply(struct winbindd_response *response)
 	return result1 + result2;
 }
 
+bool winbind_env_set(void)
+{
+	char *env;
+	
+	if ((env=getenv(WINBINDD_DONT_ENV)) != NULL) {
+		if(strcmp(env, "1") == 0) {
+			return true;
+		}
+	}
+	return false;
+}
+
 /* 
  * send simple types of requests 
  */
 
-NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request)
+NSS_STATUS winbindd_send_request(int req_type, int need_priv,
+				 struct winbindd_request *request)
 {
 	struct winbindd_request lrequest;
-	char *env;
-	int  value;
-	
+
 	/* Check for our tricky environment variable */
 
-	if ( (env = getenv(WINBINDD_DONT_ENV)) != NULL ) {
-		value = atoi(env);
-		if ( value == 1 )
-			return NSS_STATUS_NOTFOUND;
+	if (winbind_env_set()) {
+		return NSS_STATUS_NOTFOUND;
 	}
 
 	if (!request) {
@@ -552,9 +575,19 @@ NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request)
 	
 	/* Fill in request and send down pipe */
 
-	init_request(request, req_type);
+	winbindd_init_request(request, req_type);
 	
-	if (write_sock(request, sizeof(*request)) == -1) {
+	if (winbind_write_sock(request, sizeof(*request),
+			       request->wb_flags & WBFLAG_RECURSE,
+			       need_priv) == -1) {
+		return NSS_STATUS_UNAVAIL;
+	}
+
+	if ((request->extra_len != 0) &&
+	    (winbind_write_sock(request->extra_data.data,
+	    			request->extra_len,
+				request->wb_flags & WBFLAG_RECURSE,
+				need_priv) == -1)) {
 		return NSS_STATUS_UNAVAIL;
 	}
 	
@@ -577,13 +610,13 @@ NSS_STATUS winbindd_get_response(struct winbindd_response *response)
 	init_response(response);
 
 	/* Wait for reply */
-	if (read_reply(response) == -1) {
+	if (winbindd_read_reply(response) == -1) {
 		return NSS_STATUS_UNAVAIL;
 	}
 
 	/* Throw away extra data if client didn't request it */
 	if (response == &lresponse) {
-		free_response(response);
+		winbindd_free_response(response);
 	}
 
 	/* Copy reply data from socket */
@@ -596,16 +629,40 @@ NSS_STATUS winbindd_get_response(struct winbindd_response *response)
 
 /* Handle simple types of requests */
 
-NSS_STATUS winbindd_request(int req_type, 
+NSS_STATUS winbindd_request_response(int req_type, 
 			    struct winbindd_request *request,
 			    struct winbindd_response *response)
 {
-	NSS_STATUS status;
+	NSS_STATUS status = NSS_STATUS_UNAVAIL;
+	int count = 0;
 
-	status = winbindd_send_request(req_type, request);
-	if (status != NSS_STATUS_SUCCESS) 
-		return(status);
-	return winbindd_get_response(response);
+	while ((status == NSS_STATUS_UNAVAIL) && (count < 10)) {
+		status = winbindd_send_request(req_type, 0, request);
+		if (status != NSS_STATUS_SUCCESS) 
+			return(status);
+		status = winbindd_get_response(response);
+		count += 1;
+	}
+
+	return status;
+}
+
+NSS_STATUS winbindd_priv_request_response(int req_type, 
+					  struct winbindd_request *request,
+					  struct winbindd_response *response)
+{
+	NSS_STATUS status = NSS_STATUS_UNAVAIL;
+	int count = 0;
+
+	while ((status == NSS_STATUS_UNAVAIL) && (count < 10)) {
+		status = winbindd_send_request(req_type, 1, request);
+		if (status != NSS_STATUS_SUCCESS) 
+			return(status);
+		status = winbindd_get_response(response);
+		count += 1;
+	}
+
+	return status;
 }
 
 /*************************************************************************
@@ -613,14 +670,35 @@ NSS_STATUS winbindd_request(int req_type,
  enable them
  ************************************************************************/
  
-bool winbind_off( void )
+bool winbind_off(void)
 {
-	setenv(WINBINDD_DONT_ENV, "1", 1);
-	return True;
+	return setenv(WINBINDD_DONT_ENV, "1", 1) != -1;
 }
 
-bool winbind_on( void )
+bool winbind_on(void)
 {
-	setenv(WINBINDD_DONT_ENV, "0", 1);
-	return True;
+	return setenv(WINBINDD_DONT_ENV, "0", 1) != -1;
+}
+
+/*************************************************************************
+ ************************************************************************/
+
+const char *nss_err_str(NSS_STATUS ret)
+{
+	switch (ret) {
+		case NSS_STATUS_TRYAGAIN:
+			return "NSS_STATUS_TRYAGAIN";
+		case NSS_STATUS_SUCCESS:
+			return "NSS_STATUS_SUCCESS";
+		case NSS_STATUS_NOTFOUND:
+			return "NSS_STATUS_NOTFOUND";
+		case NSS_STATUS_UNAVAIL:
+			return "NSS_STATUS_UNAVAIL";
+#ifdef NSS_STATUS_RETURN
+		case NSS_STATUS_RETURN:
+			return "NSS_STATUS_RETURN";
+#endif
+		default:
+			return "UNKNOWN RETURN CODE!!!!!!!";
+	}
 }
diff --git a/source4/nsswitch/wbinfo.c b/source4/nsswitch/wbinfo.c
index a67b0512a2..46e4668dbe 100644
--- a/source4/nsswitch/wbinfo.c
+++ b/source4/nsswitch/wbinfo.c
@@ -45,7 +45,7 @@ static char winbind_separator_int(BOOL strict)
 
 	/* Send off request */
 
-	if (winbindd_request(WINBINDD_INFO, NULL, &response) !=
+	if (winbindd_request_response(WINBINDD_INFO, NULL, &response) !=
 	    NSS_STATUS_SUCCESS) {
 		d_fprintf(stderr, "could not obtain winbind separator!\n");
 		if (strict) {
@@ -84,7 +84,7 @@ static const char *get_winbind_domain(void)
 
 	/* Send off request */
 
-	if (winbindd_request(WINBINDD_DOMAIN_NAME, NULL, &response) !=
+	if (winbindd_request_response(WINBINDD_DOMAIN_NAME, NULL, &response) !=
 	    NSS_STATUS_SUCCESS) {
 		d_fprintf(stderr, "could not obtain winbind domain name!\n");
 		
@@ -136,7 +136,7 @@ static BOOL wbinfo_get_userinfo(char *user)
 	
 	fstrcpy(request.data.username, user);
 
-	result = winbindd_request(WINBINDD_GETPWNAM, &request, &response);
+	result = winbindd_request_response(WINBINDD_GETPWNAM, &request, &response);
 	
 	if (result != NSS_STATUS_SUCCESS)
 		return False;
@@ -165,7 +165,7 @@ static BOOL wbinfo_get_uidinfo(int uid)
 
 	request.data.uid = uid;
 
-	result = winbindd_request(WINBINDD_GETPWUID, &request, &response);
+	result = winbindd_request_response(WINBINDD_GETPWUID, &request, &response);
 
 	if (result != NSS_STATUS_SUCCESS)
 		return False;
@@ -196,7 +196,7 @@ static BOOL wbinfo_get_groupinfo(char *group)
 
 	fstrcpy(request.data.groupname, group);
 
-	result = winbindd_request(WINBINDD_GETGRNAM, &request,
+	result = winbindd_request_response(WINBINDD_GETGRNAM, &request,
 				  &response);
 
 	if ( result != NSS_STATUS_SUCCESS)
@@ -226,7 +226,7 @@ static BOOL wbinfo_get_usergroups(char *user)
 
 	fstrcpy(request.data.username, user);
 
-	result = winbindd_request(WINBINDD_GETGROUPS, &request, &response);
+	result = winbindd_request_response(WINBINDD_GETGROUPS, &request, &response);
 
 	if (result != NSS_STATUS_SUCCESS)
 		return False;
@@ -255,7 +255,7 @@ static BOOL wbinfo_get_usersids(char *user_sid)
 	/* Send request */
 	fstrcpy(request.data.sid, user_sid);
 
-	result = winbindd_request(WINBINDD_GETUSERSIDS, &request, &response);
+	result = winbindd_request_response(WINBINDD_GETUSERSIDS, &request, &response);
 
 	if (result != NSS_STATUS_SUCCESS)
 		return False;
@@ -283,7 +283,7 @@ static BOOL wbinfo_get_userdomgroups(const char *user_sid)
 	/* Send request */
 	fstrcpy(request.data.sid, user_sid);
 
-	result = winbindd_request(WINBINDD_GETUSERDOMGROUPS, &request,
+	result = winbindd_request_response(WINBINDD_GETUSERDOMGROUPS, &request,
 				  &response);
 
 	if (result != NSS_STATUS_SUCCESS)
@@ -311,7 +311,7 @@ static BOOL wbinfo_wins_byname(char *name)
 
 	fstrcpy(request.data.winsreq, name);
 
-	if (winbindd_request(WINBINDD_WINS_BYNAME, &request, &response) !=
+	if (winbindd_request_response(WINBINDD_WINS_BYNAME, &request, &response) !=
 	    NSS_STATUS_SUCCESS) {
 		return False;
 	}
@@ -337,7 +337,7 @@ static BOOL wbinfo_wins_byip(char *ip)
 
 	fstrcpy(request.data.winsreq, ip);
 
-	if (winbindd_request(WINBINDD_WINS_BYIP, &request, &response) !=
+	if (winbindd_request_response(WINBINDD_WINS_BYIP, &request, &response) !=
 	    NSS_STATUS_SUCCESS) {
 		return False;
 	}
@@ -363,7 +363,7 @@ static BOOL wbinfo_list_domains(BOOL list_all_domains)
 
 	request.data.list_all_domains = list_all_domains;
 
-	if (winbindd_request(WINBINDD_LIST_TRUSTDOM, &request, &response) !=
+	if (winbindd_request_response(WINBINDD_LIST_TRUSTDOM, &request, &response) !=
 	    NSS_STATUS_SUCCESS)
 		return False;
 
@@ -414,7 +414,7 @@ static BOOL wbinfo_show_sequence(const char *domain)
 
 	/* Send request */
 
-	if (winbindd_request(WINBINDD_SHOW_SEQUENCE, &request, &response) !=
+	if (winbindd_request_response(WINBINDD_SHOW_SEQUENCE, &request, &response) !=
 	    NSS_STATUS_SUCCESS)
 		return False;
 
@@ -446,7 +446,7 @@ static BOOL wbinfo_domain_info(const char *domain_name)
 
 	/* Send request */
 
-	if (winbindd_request(WINBINDD_DOMAIN_INFO, &request, &response) !=
+	if (winbindd_request_response(WINBINDD_DOMAIN_INFO, &request, &response) !=
 	    NSS_STATUS_SUCCESS)
 		return False;
 
@@ -483,7 +483,7 @@ static BOOL wbinfo_getdcname(const char *domain_name)
 
 	/* Send request */
 
-	if (winbindd_request(WINBINDD_GETDCNAME, &request, &response) !=
+	if (winbindd_request_response(WINBINDD_GETDCNAME, &request, &response) !=
 	    NSS_STATUS_SUCCESS) {
 		d_fprintf(stderr, "Could not get dc name for %s\n", domain_name);
 		return False;
@@ -505,7 +505,7 @@ static BOOL wbinfo_check_secret(void)
 
         ZERO_STRUCT(response);
 
-        result = winbindd_request(WINBINDD_CHECK_MACHACC, NULL, &response);
+        result = winbindd_request_response(WINBINDD_CHECK_MACHACC, NULL, &response);
 		
 	d_printf("checking the trust secret via RPC calls %s\n", 
 		 (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
@@ -532,7 +532,7 @@ static BOOL wbinfo_uid_to_sid(uid_t uid)
 
 	request.data.uid = uid;
 
-	if (winbindd_request(WINBINDD_UID_TO_SID, &request, &response) !=
+	if (winbindd_request_response(WINBINDD_UID_TO_SID, &request, &response) !=
 	    NSS_STATUS_SUCCESS)
 		return False;
 
@@ -557,7 +557,7 @@ static BOOL wbinfo_gid_to_sid(gid_t gid)
 
 	request.data.gid = gid;
 
-	if (winbindd_request(WINBINDD_GID_TO_SID, &request, &response) !=
+	if (winbindd_request_response(WINBINDD_GID_TO_SID, &request, &response) !=
 	    NSS_STATUS_SUCCESS)
 		return False;
 
@@ -582,7 +582,7 @@ static BOOL wbinfo_sid_to_uid(char *sid)
 
 	fstrcpy(request.data.sid, sid);
 
-	if (winbindd_request(WINBINDD_SID_TO_UID, &request, &response) !=
+	if (winbindd_request_response(WINBINDD_SID_TO_UID, &request, &response) !=
 	    NSS_STATUS_SUCCESS)
 		return False;
 
@@ -605,7 +605,7 @@ static BOOL wbinfo_sid_to_gid(char *sid)
 
 	fstrcpy(request.data.sid, sid);
 
-	if (winbindd_request(WINBINDD_SID_TO_GID, &request, &response) !=
+	if (winbindd_request_response(WINBINDD_SID_TO_GID, &request, &response) !=
 	    NSS_STATUS_SUCCESS)
 		return False;
 
@@ -630,7 +630,7 @@ static BOOL wbinfo_lookupsid(char *sid)
 
 	fstrcpy(request.data.sid, sid);
 
-	if (winbindd_request(WINBINDD_LOOKUPSID, &request, &response) !=
+	if (winbindd_request_response(WINBINDD_LOOKUPSID, &request, &response) !=
 	    NSS_STATUS_SUCCESS)
 		return False;
 
@@ -674,7 +674,7 @@ static BOOL wbinfo_lookupname(char *name)
 	parse_wbinfo_domain_user(name, request.data.name.dom_name, 
 				 request.data.name.name);
 
-	if (winbindd_request(WINBINDD_LOOKUPNAME, &request, &response) !=
+	if (winbindd_request_response(WINBINDD_LOOKUPNAME, &request, &response) !=
 	    NSS_STATUS_SUCCESS)
 		return False;
 
@@ -687,7 +687,7 @@ static BOOL wbinfo_lookupname(char *name)
 
 /* Authenticate a user with a plaintext password */
 
-static BOOL wbinfo_auth_krb5(char *username, const char *cctype, uint32 flags)
+static BOOL wbinfo_auth_krb5(char *username, const char *cctype, uint32_t flags)
 {
 	struct winbindd_request request;
 	struct winbindd_response response;
@@ -715,7 +715,7 @@ static BOOL wbinfo_auth_krb5(char *username, const char *cctype, uint32 flags)
 
 	request.data.auth.uid = geteuid();
 
-	result = winbindd_request(WINBINDD_PAM_AUTH, &request, &response);
+	result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response);
 
 	/* Display response */
 
@@ -770,7 +770,7 @@ static BOOL wbinfo_auth(char *username)
         } else
                 fstrcpy(request.data.auth.user, username);
 
-	result = winbindd_request(WINBINDD_PAM_AUTH, &request, &response);
+	result = winbindd_request_response(WINBINDD_PAM_AUTH, &request, &response);
 
 	/* Display response */
 
@@ -877,7 +877,7 @@ static BOOL wbinfo_auth_crap(char *username)
 		request.data.auth_crap.nt_resp_len = 24;
 	}
 
-	result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response);
+	result = winbindd_request_response(WINBINDD_PAM_AUTH_CRAP, &request, &response);
 
 	/* Display response */
 
@@ -915,7 +915,7 @@ static BOOL print_domain_users(const char *domain)
 			fstrcpy( request.domain_name, domain );
 	}
 
-	if (winbindd_request(WINBINDD_LIST_USERS, &request, &response) !=
+	if (winbindd_request_response(WINBINDD_LIST_USERS, &request, &response) !=
 	    NSS_STATUS_SUCCESS)
 		return False;
 
@@ -953,7 +953,7 @@ static BOOL print_domain_groups(const char *domain)
 			fstrcpy( request.domain_name, domain );
 	}
 
-	if (winbindd_request(WINBINDD_LIST_GROUPS, &request, &response) !=
+	if (winbindd_request_response(WINBINDD_LIST_GROUPS, &request, &response) !=
 	    NSS_STATUS_SUCCESS)
 		return False;
 
@@ -976,7 +976,7 @@ static BOOL wbinfo_ping(void)
 {
         NSS_STATUS result;
 
-	result = winbindd_request(WINBINDD_PING, NULL, NULL);
+	result = winbindd_request_response(WINBINDD_PING, NULL, NULL);
 
 	/* Display response */
 
@@ -1231,7 +1231,7 @@ int main(int argc, char **argv, char **envp)
 				break;
 			}
 		case 'K': {
-				uint32 flags =  WBFLAG_PAM_KRB5 |
+				uint32_t flags =  WBFLAG_PAM_KRB5 |
 						WBFLAG_PAM_CACHED_LOGIN |
 						WBFLAG_PAM_FALLBACK_AFTER_KRB5 |
 						WBFLAG_PAM_INFO3_TEXT;
diff --git a/source4/nsswitch/winbind_client.h b/source4/nsswitch/winbind_client.h
index 6fafe6a7e3..2a3956e1fd 100644
--- a/source4/nsswitch/winbind_client.h
+++ b/source4/nsswitch/winbind_client.h
@@ -1,16 +1,25 @@
-#include "nsswitch/winbind_nss_config.h"
-#include "nsswitch/winbind_struct_protocol.h"
+#include "winbind_nss_config.h"
+#include "winbind_struct_protocol.h"
 
-void init_request(struct winbindd_request *req,int rq_type);
-NSS_STATUS winbindd_send_request(int req_type,
+void winbindd_init_request(struct winbindd_request *req,int rq_type);
+void winbindd_free_response(struct winbindd_response *response);
+NSS_STATUS winbindd_send_request(int req_type, int need_priv,
 				 struct winbindd_request *request);
 NSS_STATUS winbindd_get_response(struct winbindd_response *response);
-NSS_STATUS winbindd_request(int req_type, 
+NSS_STATUS winbindd_request_response(int req_type, 
 			    struct winbindd_request *request,
 			    struct winbindd_response *response);
-int winbind_open_pipe_sock(void);
-int write_sock(void *buffer, int count);
-int read_reply(struct winbindd_response *response);
-void close_sock(void);
-void free_response(struct winbindd_response *response);
+NSS_STATUS winbindd_priv_request_response(int req_type, 
+					  struct winbindd_request *request,
+					  struct winbindd_response *response);
+int winbindd_read_reply(struct winbindd_response *response);
 
+bool winbind_env_set(void);
+bool winbind_off(void);
+bool winbind_on(void);
+
+int winbind_write_sock(void *buffer, int count, int recursing, int need_priv);
+int winbind_read_sock(void *buffer, int count);
+void winbind_close_sock(void);
+
+const char *nss_err_str(NSS_STATUS ret);
diff --git a/source4/nsswitch/winbind_nss.h b/source4/nsswitch/winbind_nss.h
index c4b2951643..0a3bc7cefa 100644
--- a/source4/nsswitch/winbind_nss.h
+++ b/source4/nsswitch/winbind_nss.h
@@ -53,7 +53,15 @@
 
 #include "nsswitch/winbind_nss_hpux.h"
 
-#else /* Nothing's defined. Neither gnu nor sun nor hp */
+#elif defined(__NetBSD__) && defined(HAVE_GETPWENT_R)
+
+/*
+ * NetBSD 3 and newer
+ */
+
+#include "nsswitch/winbind_nss_netbsd.h"
+
+#else /* Nothing's defined. Neither gnu nor netbsd nor sun nor hp */
 
 typedef enum
 {
diff --git a/source4/nsswitch/winbind_nss_config.h b/source4/nsswitch/winbind_nss_config.h
index 9ab3f8ab0c..e0828dc905 100644
--- a/source4/nsswitch/winbind_nss_config.h
+++ b/source4/nsswitch/winbind_nss_config.h
@@ -51,48 +51,6 @@ typedef char pstring[PSTRING_LEN];
 typedef char fstring[FSTRING_LEN];
 #endif
 
-#if !defined(uint32)
-#if (SIZEOF_INT == 4)
-#define uint32 unsigned int
-#elif (SIZEOF_LONG == 4)
-#define uint32 unsigned long
-#elif (SIZEOF_SHORT == 4)
-#define uint32 unsigned short
-#endif
-#endif
-
-#if !defined(uint16)
-#if (SIZEOF_SHORT == 4)
-#define uint16 __ERROR___CANNOT_DETERMINE_TYPE_FOR_INT16;
-#else /* SIZEOF_SHORT != 4 */
-#define uint16 unsigned short
-#endif /* SIZEOF_SHORT != 4 */
-#endif
-
-#ifndef uint8
-#define uint8 unsigned char
-#endif
-
-/*
- * check for 8 byte long long
- */
-
-#if !defined(uint64)
-#if (SIZEOF_LONG == 8)
-#define uint64 unsigned long
-#elif (SIZEOF_LONG_LONG == 8)
-#define uint64 unsigned long long
-#endif  /* don't lie.  If we don't have it, then don't use it */
-#endif
-
-#if !defined(int64)
-#if (SIZEOF_LONG == 8)
-#define int64 long
-#elif (SIZEOF_LONG_LONG == 8)
-#define int64 long long
-#endif  /* don't lie.  If we don't have it, then don't use it */
-#endif
-
 /* Some systems (SCO) treat UNIX domain sockets as FIFOs */
 
 #ifndef S_IFSOCK
@@ -103,9 +61,4 @@ typedef char fstring[FSTRING_LEN];
 #define S_ISSOCK(mode)  ((mode & S_IFSOCK) == S_IFSOCK)
 #endif
 
-#ifndef HAVE_SOCKLEN_T
-#define HAVE_SOCKLEN_T
-typedef int socklen_t;
-#endif
-
 #endif
diff --git a/source4/nsswitch/winbind_nss_irix.h b/source4/nsswitch/winbind_nss_irix.h
index 9752267c0e..b40b14b0b0 100644
--- a/source4/nsswitch/winbind_nss_irix.h
+++ b/source4/nsswitch/winbind_nss_irix.h
@@ -39,8 +39,4 @@ typedef enum
   NSS_STATUS_TRYAGAIN=NS_TRYAGAIN
 } NSS_STATUS;
 
-#define NSD_MEM_STATIC 0
-#define NSD_MEM_VOLATILE 1
-#define NSD_MEM_DYNAMIC 2
-
 #endif /* _WINBIND_NSS_IRIX_H */
diff --git a/source4/nsswitch/winbind_nss_linux.c b/source4/nsswitch/winbind_nss_linux.c
index 52254b984d..ac53979ced 100644
--- a/source4/nsswitch/winbind_nss_linux.c
+++ b/source4/nsswitch/winbind_nss_linux.c
@@ -19,7 +19,6 @@
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-#include "includes.h"
 #include "winbind_client.h"
 
 /* Maximum number of users to pass back over the unix domain socket
@@ -29,64 +28,45 @@
 #define MAX_GETPWENT_USERS 250
 #define MAX_GETGRENT_USERS 250
 
-_PUBLIC_ NSS_STATUS _nss_winbind_setpwent(void);
-_PUBLIC_ NSS_STATUS _nss_winbind_endpwent(void);
-_PUBLIC_ NSS_STATUS _nss_winbind_getpwent_r(struct passwd *result, char *buffer, 
+NSS_STATUS _nss_winbind_setpwent(void);
+NSS_STATUS _nss_winbind_endpwent(void);
+NSS_STATUS _nss_winbind_getpwent_r(struct passwd *result, char *buffer, 
 				   size_t buflen, int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result, 
+NSS_STATUS _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result, 
 				   char *buffer, size_t buflen, int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_getpwnam_r(const char *name, struct passwd *result, 
+NSS_STATUS _nss_winbind_getpwnam_r(const char *name, struct passwd *result, 
 				   char *buffer, size_t buflen, int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_setgrent(void);
-_PUBLIC_ NSS_STATUS _nss_winbind_endgrent(void);
-_PUBLIC_ NSS_STATUS _nss_winbind_getgrent_r(struct group *result, char *buffer, 
+NSS_STATUS _nss_winbind_setgrent(void);
+NSS_STATUS _nss_winbind_endgrent(void);
+NSS_STATUS _nss_winbind_getgrent_r(struct group *result, char *buffer, 
 				   size_t buflen, int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_getgrlst_r(struct group *result, char *buffer, 
+NSS_STATUS _nss_winbind_getgrlst_r(struct group *result, char *buffer, 
 				   size_t buflen, int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_getgrnam_r(const char *name, struct group *result, 
+NSS_STATUS _nss_winbind_getgrnam_r(const char *name, struct group *result, 
 				   char *buffer, size_t buflen, int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid, struct group *result, char *buffer, 
+NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid, struct group *result, char *buffer, 
 				   size_t buflen, int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start, 
+NSS_STATUS _nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start, 
 				       long int *size, gid_t **groups, 
 				       long int limit, int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_getusersids(const char *user_sid, char **group_sids, 
+NSS_STATUS _nss_winbind_getusersids(const char *user_sid, char **group_sids, 
 				    int *num_groups, char *buffer, size_t buf_size, 
 				    int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_nametosid(const char *name, char **sid, char *buffer,
+NSS_STATUS _nss_winbind_nametosid(const char *name, char **sid, char *buffer,
 				  size_t buflen, int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_sidtoname(const char *sid, char **name, char *buffer, 
+NSS_STATUS _nss_winbind_sidtoname(const char *sid, char **name, char *buffer, 
 				  size_t buflen, int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_sidtouid(const char *sid, uid_t *uid, int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_sidtogid(const char *sid, gid_t *gid, int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_uidtosid(uid_t uid, char **sid, char *buffer, 
+NSS_STATUS _nss_winbind_sidtouid(const char *sid, uid_t *uid, int *errnop);
+NSS_STATUS _nss_winbind_sidtogid(const char *sid, gid_t *gid, int *errnop);
+NSS_STATUS _nss_winbind_uidtosid(uid_t uid, char **sid, char *buffer, 
 				 size_t buflen, int *errnop);
-_PUBLIC_ NSS_STATUS _nss_winbind_gidtosid(gid_t gid, char **sid, char *buffer, 
+NSS_STATUS _nss_winbind_gidtosid(gid_t gid, char **sid, char *buffer, 
 				 size_t buflen, int *errnop);
 
 /* Prototypes from wb_common.c */
 
 extern int winbindd_fd;
 
-#ifdef DEBUG_NSS
-static const char *nss_err_str(NSS_STATUS ret) {
-	switch (ret) {
-		case NSS_STATUS_TRYAGAIN:
-			return "NSS_STATUS_TRYAGAIN";
-		case NSS_STATUS_SUCCESS:
-			return "NSS_STATUS_SUCCESS";
-		case NSS_STATUS_NOTFOUND:
-			return "NSS_STATUS_NOTFOUND";
-		case NSS_STATUS_UNAVAIL:
-			return "NSS_STATUS_UNAVAIL";
-		case NSS_STATUS_RETURN:
-			return "NSS_STATUS_RETURN";
-		default:
-			return "UNKNOWN RETURN CODE!!!!!!!";
-	}
-}
-#endif
-
 /* Allocate some space from the nss static buffer.  The buffer and buflen
    are the pointers passed in by the C library to the _nss_ntdom_*
    functions. */
@@ -115,13 +95,13 @@ static char *get_static(char **buffer, size_t *buflen, size_t len)
    lib/util_str.c as I really don't want to have to link in any other
    objects if I can possibly avoid it. */
 
-static BOOL next_tok(char **ptr,char *buff,const char *sep, size_t bufsize)
+static bool next_token(char **ptr,char *buff,const char *sep, size_t bufsize)
 {
 	char *s;
-	BOOL quoted;
+	bool quoted;
 	size_t len=1;
 
-	if (!ptr) return(False);
+	if (!ptr) return false;
 
 	s = *ptr;
 
@@ -132,10 +112,10 @@ static BOOL next_tok(char **ptr,char *buff,const char *sep, size_t bufsize)
 	while (*s && strchr(sep,*s)) s++;
 	
 	/* nothing left? */
-	if (! *s) return(False);
+	if (! *s) return false;
 	
 	/* copy over the token */
-	for (quoted = False; len < bufsize && *s && (quoted || !strchr(sep,*s)); s++) {
+	for (quoted = false; len < bufsize && *s && (quoted || !strchr(sep,*s)); s++) {
 		if (*s == '\"') {
 			quoted = !quoted;
 		} else {
@@ -147,7 +127,7 @@ static BOOL next_tok(char **ptr,char *buff,const char *sep, size_t bufsize)
 	*ptr = (*s) ? s+1 : s;  
 	*buff = 0;
 	
-	return(True);
+	return true;
 }
 
 
@@ -169,7 +149,7 @@ static NSS_STATUS fill_pwent(struct passwd *result,
 		return NSS_STATUS_TRYAGAIN;
 	}
 
-	strlcpy(result->pw_name, pw->pw_name, strlen(pw->pw_name) + 1);
+	strcpy(result->pw_name, pw->pw_name);
 
 	/* Password */
 
@@ -181,7 +161,7 @@ static NSS_STATUS fill_pwent(struct passwd *result,
 		return NSS_STATUS_TRYAGAIN;
 	}
 
-	strlcpy(result->pw_passwd, pw->pw_passwd, strlen(pw->pw_passwd) + 1);
+	strcpy(result->pw_passwd, pw->pw_passwd);
         
 	/* [ug]id */
 
@@ -198,7 +178,7 @@ static NSS_STATUS fill_pwent(struct passwd *result,
 		return NSS_STATUS_TRYAGAIN;
 	}
 
-	strlcpy(result->pw_gecos, pw->pw_gecos, strlen(pw->pw_gecos) + 1);
+	strcpy(result->pw_gecos, pw->pw_gecos);
 	
 	/* Home directory */
 	
@@ -210,7 +190,7 @@ static NSS_STATUS fill_pwent(struct passwd *result,
 		return NSS_STATUS_TRYAGAIN;
 	}
 
-	strlcpy(result->pw_dir, pw->pw_dir, strlen(pw->pw_dir) + 1);
+	strcpy(result->pw_dir, pw->pw_dir);
 
 	/* Logon shell */
 	
@@ -222,7 +202,7 @@ static NSS_STATUS fill_pwent(struct passwd *result,
 		return NSS_STATUS_TRYAGAIN;
 	}
 
-	strlcpy(result->pw_shell, pw->pw_shell, strlen(pw->pw_shell) + 1);
+	strcpy(result->pw_shell, pw->pw_shell);
 
 	/* The struct passwd for Solaris has some extra fields which must
 	   be initialised or nscd crashes. */
@@ -259,7 +239,7 @@ static NSS_STATUS fill_grent(struct group *result, struct winbindd_gr *gr,
 		return NSS_STATUS_TRYAGAIN;
 	}
 
-	strlcpy(result->gr_name, gr->gr_name, strlen(gr->gr_name) + 1);
+	strcpy(result->gr_name, gr->gr_name);
 
 	/* Password */
 
@@ -271,7 +251,7 @@ static NSS_STATUS fill_grent(struct group *result, struct winbindd_gr *gr,
 		return NSS_STATUS_TRYAGAIN;
 	}
 
-	strlcpy(result->gr_passwd, gr->gr_passwd, strlen(gr->gr_passwd) + 1);
+	strcpy(result->gr_passwd, gr->gr_passwd);
 
 	/* gid */
 
@@ -310,7 +290,7 @@ static NSS_STATUS fill_grent(struct group *result, struct winbindd_gr *gr,
 
 	i = 0;
 
-	while(next_tok((char **)&gr_mem, name, ",", sizeof(fstring))) {
+	while(next_token((char **)&gr_mem, name, ",", sizeof(fstring))) {
         
 		/* Allocate space for member */
         
@@ -322,7 +302,7 @@ static NSS_STATUS fill_grent(struct group *result, struct winbindd_gr *gr,
 			return NSS_STATUS_TRYAGAIN;
 		}        
         
-		strlcpy((result->gr_mem)[i], name, strlen(name) + 1);
+		strcpy((result->gr_mem)[i], name);
 		i++;
 	}
 
@@ -344,7 +324,8 @@ static int num_pw_cache;                 /* Current size of pwd cache */
 
 /* Rewind "file pointer" to start of ntdom password database */
 
-_PUBLIC_ NSS_STATUS _nss_winbind_setpwent(void)
+NSS_STATUS
+_nss_winbind_setpwent(void)
 {
 	NSS_STATUS ret;
 #ifdef DEBUG_NSS
@@ -353,10 +334,10 @@ _PUBLIC_ NSS_STATUS _nss_winbind_setpwent(void)
 
 	if (num_pw_cache > 0) {
 		ndx_pw_cache = num_pw_cache = 0;
-		free_response(&getpwent_response);
+		winbindd_free_response(&getpwent_response);
 	}
 
-	ret = winbindd_request(WINBINDD_SETPWENT, NULL, NULL);
+	ret = winbindd_request_response(WINBINDD_SETPWENT, NULL, NULL);
 #ifdef DEBUG_NSS
 	fprintf(stderr, "[%5d]: setpwent returns %s (%d)\n", getpid(),
 		nss_err_str(ret), ret);
@@ -366,7 +347,8 @@ _PUBLIC_ NSS_STATUS _nss_winbind_setpwent(void)
 
 /* Close ntdom password database "file pointer" */
 
-_PUBLIC_ NSS_STATUS _nss_winbind_endpwent(void)
+NSS_STATUS
+_nss_winbind_endpwent(void)
 {
 	NSS_STATUS ret;
 #ifdef DEBUG_NSS
@@ -375,10 +357,10 @@ _PUBLIC_ NSS_STATUS _nss_winbind_endpwent(void)
 
 	if (num_pw_cache > 0) {
 		ndx_pw_cache = num_pw_cache = 0;
-		free_response(&getpwent_response);
+		winbindd_free_response(&getpwent_response);
 	}
 
-	ret = winbindd_request(WINBINDD_ENDPWENT, NULL, NULL);
+	ret = winbindd_request_response(WINBINDD_ENDPWENT, NULL, NULL);
 #ifdef DEBUG_NSS
 	fprintf(stderr, "[%5d]: endpwent returns %s (%d)\n", getpid(),
 		nss_err_str(ret), ret);
@@ -388,8 +370,9 @@ _PUBLIC_ NSS_STATUS _nss_winbind_endpwent(void)
 
 /* Fetch the next password entry from ntdom password database */
 
-_PUBLIC_ NSS_STATUS _nss_winbind_getpwent_r(struct passwd *result,
-		char *buffer, size_t buflen, int *errnop)
+NSS_STATUS
+_nss_winbind_getpwent_r(struct passwd *result, char *buffer, 
+			size_t buflen, int *errnop)
 {
 	NSS_STATUS ret;
 	struct winbindd_request request;
@@ -409,7 +392,7 @@ _PUBLIC_ NSS_STATUS _nss_winbind_getpwent_r(struct passwd *result,
 	/* Else call winbindd to get a bunch of entries */
 	
 	if (num_pw_cache > 0) {
-		free_response(&getpwent_response);
+		winbindd_free_response(&getpwent_response);
 	}
 
 	ZERO_STRUCT(request);
@@ -417,7 +400,7 @@ _PUBLIC_ NSS_STATUS _nss_winbind_getpwent_r(struct passwd *result,
 
 	request.data.num_entries = MAX_GETPWENT_USERS;
 
-	ret = winbindd_request(WINBINDD_GETPWENT, &request, 
+	ret = winbindd_request_response(WINBINDD_GETPWENT, &request, 
 			       &getpwent_response);
 
 	if (ret == NSS_STATUS_SUCCESS) {
@@ -448,20 +431,20 @@ _PUBLIC_ NSS_STATUS _nss_winbind_getpwent_r(struct passwd *result,
 		/* Out of memory - try again */
 
 		if (ret == NSS_STATUS_TRYAGAIN) {
-			called_again = True;
+			called_again = true;
 			*errnop = errno = ERANGE;
 			goto done;
 		}
 
 		*errnop = errno = 0;
-		called_again = False;
+		called_again = false;
 		ndx_pw_cache++;
 
 		/* If we've finished with this lot of results free cache */
 
 		if (ndx_pw_cache == num_pw_cache) {
 			ndx_pw_cache = num_pw_cache = 0;
-			free_response(&getpwent_response);
+			winbindd_free_response(&getpwent_response);
 		}
 	}
 	done:
@@ -474,8 +457,9 @@ _PUBLIC_ NSS_STATUS _nss_winbind_getpwent_r(struct passwd *result,
 
 /* Return passwd struct from uid */
 
-_PUBLIC_ NSS_STATUS _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result,
-		char *buffer, size_t buflen, int *errnop)
+NSS_STATUS
+_nss_winbind_getpwuid_r(uid_t uid, struct passwd *result, char *buffer,
+			size_t buflen, int *errnop)
 {
 	NSS_STATUS ret;
 	static struct winbindd_response response;
@@ -496,14 +480,14 @@ _PUBLIC_ NSS_STATUS _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result,
 
 		request.data.uid = uid;
 
-		ret = winbindd_request(WINBINDD_GETPWUID, &request, &response);
+		ret = winbindd_request_response(WINBINDD_GETPWUID, &request, &response);
 
 		if (ret == NSS_STATUS_SUCCESS) {
 			ret = fill_pwent(result, &response.data.pw, 
 					 &buffer, &buflen);
 
 			if (ret == NSS_STATUS_TRYAGAIN) {
-				keep_response = True;
+				keep_response = true;
 				*errnop = errno = ERANGE;
 				goto done;
 			}
@@ -516,16 +500,16 @@ _PUBLIC_ NSS_STATUS _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result,
 		ret = fill_pwent(result, &response.data.pw, &buffer, &buflen);
 
 		if (ret == NSS_STATUS_TRYAGAIN) {
-			keep_response = True;
+			keep_response = true;
 			*errnop = errno = ERANGE;
 			goto done;
 		}
 
-		keep_response = False;
+		keep_response = false;
 		*errnop = errno = 0;
 	}
 
-	free_response(&response);
+	winbindd_free_response(&response);
 	done:
 
 #ifdef DEBUG_NSS
@@ -536,8 +520,9 @@ _PUBLIC_ NSS_STATUS _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result,
 }
 
 /* Return passwd struct from username */
-_PUBLIC_ NSS_STATUS _nss_winbind_getpwnam_r(const char *name,
-	    struct passwd *result, char *buffer, size_t buflen, int *errnop)
+NSS_STATUS
+_nss_winbind_getpwnam_r(const char *name, struct passwd *result, char *buffer,
+			size_t buflen, int *errnop)
 {
 	NSS_STATUS ret;
 	static struct winbindd_response response;
@@ -562,14 +547,14 @@ _PUBLIC_ NSS_STATUS _nss_winbind_getpwnam_r(const char *name,
 		request.data.username
 			[sizeof(request.data.username) - 1] = '\0';
 
-		ret = winbindd_request(WINBINDD_GETPWNAM, &request, &response);
+		ret = winbindd_request_response(WINBINDD_GETPWNAM, &request, &response);
 
 		if (ret == NSS_STATUS_SUCCESS) {
 			ret = fill_pwent(result, &response.data.pw, &buffer,
 					 &buflen);
 
 			if (ret == NSS_STATUS_TRYAGAIN) {
-				keep_response = True;
+				keep_response = true;
 				*errnop = errno = ERANGE;
 				goto done;
 			}
@@ -582,16 +567,16 @@ _PUBLIC_ NSS_STATUS _nss_winbind_getpwnam_r(const char *name,
 		ret = fill_pwent(result, &response.data.pw, &buffer, &buflen);
 
 		if (ret == NSS_STATUS_TRYAGAIN) {
-			keep_response = True;
+			keep_response = true;
 			*errnop = errno = ERANGE;
 			goto done;
 		}
 
-		keep_response = False;
+		keep_response = false;
 		*errnop = errno = 0;
 	}
 
-	free_response(&response);
+	winbindd_free_response(&response);
 	done:
 #ifdef DEBUG_NSS
 	fprintf(stderr, "[%5d]: getpwnam %s returns %s (%d)\n", getpid(),
@@ -611,7 +596,8 @@ static int num_gr_cache;                 /* Current size of grp cache */
 
 /* Rewind "file pointer" to start of ntdom group database */
 
-_PUBLIC_ NSS_STATUS _nss_winbind_setgrent(void)
+NSS_STATUS
+_nss_winbind_setgrent(void)
 {
 	NSS_STATUS ret;
 #ifdef DEBUG_NSS
@@ -620,10 +606,10 @@ _PUBLIC_ NSS_STATUS _nss_winbind_setgrent(void)
 
 	if (num_gr_cache > 0) {
 		ndx_gr_cache = num_gr_cache = 0;
-		free_response(&getgrent_response);
+		winbindd_free_response(&getgrent_response);
 	}
 
-	ret = winbindd_request(WINBINDD_SETGRENT, NULL, NULL);
+	ret = winbindd_request_response(WINBINDD_SETGRENT, NULL, NULL);
 #ifdef DEBUG_NSS
 	fprintf(stderr, "[%5d]: setgrent returns %s (%d)\n", getpid(),
 		nss_err_str(ret), ret);
@@ -633,7 +619,8 @@ _PUBLIC_ NSS_STATUS _nss_winbind_setgrent(void)
 
 /* Close "file pointer" for ntdom group database */
 
-_PUBLIC_ NSS_STATUS _nss_winbind_endgrent(void)
+NSS_STATUS
+_nss_winbind_endgrent(void)
 {
 	NSS_STATUS ret;
 #ifdef DEBUG_NSS
@@ -642,10 +629,10 @@ _PUBLIC_ NSS_STATUS _nss_winbind_endgrent(void)
 
 	if (num_gr_cache > 0) {
 		ndx_gr_cache = num_gr_cache = 0;
-		free_response(&getgrent_response);
+		winbindd_free_response(&getgrent_response);
 	}
 
-	ret = winbindd_request(WINBINDD_ENDGRENT, NULL, NULL);
+	ret = winbindd_request_response(WINBINDD_ENDGRENT, NULL, NULL);
 #ifdef DEBUG_NSS
 	fprintf(stderr, "[%5d]: endgrent returns %s (%d)\n", getpid(),
 		nss_err_str(ret), ret);
@@ -679,7 +666,7 @@ winbind_getgrent(enum winbindd_cmd cmd,
 	/* Else call winbindd to get a bunch of entries */
 	
 	if (num_gr_cache > 0) {
-		free_response(&getgrent_response);
+		winbindd_free_response(&getgrent_response);
 	}
 
 	ZERO_STRUCT(request);
@@ -687,7 +674,7 @@ winbind_getgrent(enum winbindd_cmd cmd,
 
 	request.data.num_entries = MAX_GETGRENT_USERS;
 
-	ret = winbindd_request(cmd, &request, 
+	ret = winbindd_request_response(cmd, &request, 
 			       &getgrent_response);
 
 	if (ret == NSS_STATUS_SUCCESS) {
@@ -727,20 +714,20 @@ winbind_getgrent(enum winbindd_cmd cmd,
 		/* Out of memory - try again */
 
 		if (ret == NSS_STATUS_TRYAGAIN) {
-			called_again = True;
+			called_again = true;
 			*errnop = errno = ERANGE;
 			goto done;
 		}
 
 		*errnop = 0;
-		called_again = False;
+		called_again = false;
 		ndx_gr_cache++;
 
 		/* If we've finished with this lot of results free cache */
 
 		if (ndx_gr_cache == num_gr_cache) {
 			ndx_gr_cache = num_gr_cache = 0;
-			free_response(&getgrent_response);
+			winbindd_free_response(&getgrent_response);
 		}
 	}
 	done:
@@ -752,13 +739,15 @@ winbind_getgrent(enum winbindd_cmd cmd,
 }
 
 
-_PUBLIC_ NSS_STATUS _nss_winbind_getgrent_r(struct group *result,
+NSS_STATUS
+_nss_winbind_getgrent_r(struct group *result,
 			char *buffer, size_t buflen, int *errnop)
 {
 	return winbind_getgrent(WINBINDD_GETGRENT, result, buffer, buflen, errnop);
 }
 
-_PUBLIC_ NSS_STATUS _nss_winbind_getgrlst_r(struct group *result,
+NSS_STATUS
+_nss_winbind_getgrlst_r(struct group *result,
 			char *buffer, size_t buflen, int *errnop)
 {
 	return winbind_getgrent(WINBINDD_GETGRLST, result, buffer, buflen, errnop);
@@ -766,7 +755,8 @@ _PUBLIC_ NSS_STATUS _nss_winbind_getgrlst_r(struct group *result,
 
 /* Return group struct from group name */
 
-_PUBLIC_ NSS_STATUS _nss_winbind_getgrnam_r(const char *name,
+NSS_STATUS
+_nss_winbind_getgrnam_r(const char *name,
 			struct group *result, char *buffer,
 			size_t buflen, int *errnop)
 {
@@ -793,7 +783,7 @@ _PUBLIC_ NSS_STATUS _nss_winbind_getgrnam_r(const char *name,
 		request.data.groupname
 			[sizeof(request.data.groupname) - 1] = '\0';
 
-		ret = winbindd_request(WINBINDD_GETGRNAM, &request, &response);
+		ret = winbindd_request_response(WINBINDD_GETGRNAM, &request, &response);
 
 		if (ret == NSS_STATUS_SUCCESS) {
 			ret = fill_grent(result, &response.data.gr, 
@@ -801,7 +791,7 @@ _PUBLIC_ NSS_STATUS _nss_winbind_getgrnam_r(const char *name,
 					 &buffer, &buflen);
 
 			if (ret == NSS_STATUS_TRYAGAIN) {
-				keep_response = True;
+				keep_response = true;
 				*errnop = errno = ERANGE;
 				goto done;
 			}
@@ -816,16 +806,16 @@ _PUBLIC_ NSS_STATUS _nss_winbind_getgrnam_r(const char *name,
 				 &buflen);
 		
 		if (ret == NSS_STATUS_TRYAGAIN) {
-			keep_response = True;
+			keep_response = true;
 			*errnop = errno = ERANGE;
 			goto done;
 		}
 
-		keep_response = False;
+		keep_response = false;
 		*errnop = 0;
 	}
 
-	free_response(&response);
+	winbindd_free_response(&response);
 	done:
 #ifdef DEBUG_NSS
 	fprintf(stderr, "[%5d]: getgrnam %s returns %s (%d)\n", getpid(),
@@ -836,7 +826,8 @@ _PUBLIC_ NSS_STATUS _nss_winbind_getgrnam_r(const char *name,
 
 /* Return group struct from gid */
 
-_PUBLIC_ NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid,
+NSS_STATUS
+_nss_winbind_getgrgid_r(gid_t gid,
 			struct group *result, char *buffer,
 			size_t buflen, int *errnop)
 {
@@ -860,7 +851,7 @@ _PUBLIC_ NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid,
 
 		request.data.gid = gid;
 
-		ret = winbindd_request(WINBINDD_GETGRGID, &request, &response);
+		ret = winbindd_request_response(WINBINDD_GETGRGID, &request, &response);
 
 		if (ret == NSS_STATUS_SUCCESS) {
 
@@ -869,7 +860,7 @@ _PUBLIC_ NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid,
 					 &buffer, &buflen);
 
 			if (ret == NSS_STATUS_TRYAGAIN) {
-				keep_response = True;
+				keep_response = true;
 				*errnop = errno = ERANGE;
 				goto done;
 			}
@@ -884,16 +875,16 @@ _PUBLIC_ NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid,
 				 &buflen);
 
 		if (ret == NSS_STATUS_TRYAGAIN) {
-			keep_response = True;
+			keep_response = true;
 			*errnop = errno = ERANGE;
 			goto done;
 		}
 
-		keep_response = False;
+		keep_response = false;
 		*errnop = 0;
 	}
 
-	free_response(&response);
+	winbindd_free_response(&response);
 	done:
 #ifdef DEBUG_NSS
 	fprintf(stderr, "[%5d]: getgrgid %d returns %s (%d)\n", getpid(),
@@ -904,9 +895,10 @@ _PUBLIC_ NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid,
 
 /* Initialise supplementary groups */
 
-_PUBLIC_ NSS_STATUS _nss_winbind_initgroups_dyn(char *user, gid_t group,
-			long int *start, long int *size, gid_t **groups,
-			long int limit, int *errnop)
+NSS_STATUS
+_nss_winbind_initgroups_dyn(char *user, gid_t group, long int *start,
+			    long int *size, gid_t **groups, long int limit,
+			    int *errnop)
 {
 	NSS_STATUS ret;
 	struct winbindd_request request;
@@ -924,7 +916,7 @@ _PUBLIC_ NSS_STATUS _nss_winbind_initgroups_dyn(char *user, gid_t group,
 	strncpy(request.data.username, user,
 		sizeof(request.data.username) - 1);
 
-	ret = winbindd_request(WINBINDD_GETGROUPS, &request, &response);
+	ret = winbindd_request_response(WINBINDD_GETGROUPS, &request, &response);
 
 	if (ret == NSS_STATUS_SUCCESS) {
 		int num_gids = response.data.num_entries;
@@ -1003,9 +995,10 @@ _PUBLIC_ NSS_STATUS _nss_winbind_initgroups_dyn(char *user, gid_t group,
 
 
 /* return a list of group SIDs for a user SID */
-_PUBLIC_ NSS_STATUS _nss_winbind_getusersids(const char *user_sid,
-			char **group_sids, int *num_groups,
-			char *buffer, size_t buf_size, int *errnop)
+NSS_STATUS
+_nss_winbind_getusersids(const char *user_sid, char **group_sids,
+			 int *num_groups,
+			 char *buffer, size_t buf_size, int *errnop)
 {
 	NSS_STATUS ret;
 	struct winbindd_request request;
@@ -1021,7 +1014,7 @@ _PUBLIC_ NSS_STATUS _nss_winbind_getusersids(const char *user_sid,
 	strncpy(request.data.sid, user_sid,sizeof(request.data.sid) - 1);
 	request.data.sid[sizeof(request.data.sid) - 1] = '\0';
 
-	ret = winbindd_request(WINBINDD_GETUSERSIDS, &request, &response);
+	ret = winbindd_request_response(WINBINDD_GETUSERSIDS, &request, &response);
 
 	if (ret != NSS_STATUS_SUCCESS) {
 		goto done;
@@ -1039,14 +1032,15 @@ _PUBLIC_ NSS_STATUS _nss_winbind_getusersids(const char *user_sid,
 	errno = *errnop = 0;
 	
  done:
-	free_response(&response);
+	winbindd_free_response(&response);
 	return ret;
 }
 
 
 /* map a user or group name to a SID string */
-_PUBLIC_ NSS_STATUS _nss_winbind_nametosid(const char *name, char **sid,
-			char *buffer, size_t buflen, int *errnop)
+NSS_STATUS
+_nss_winbind_nametosid(const char *name, char **sid, char *buffer,
+		       size_t buflen, int *errnop)
 {
 	NSS_STATUS ret;
 	struct winbindd_response response;
@@ -1063,7 +1057,7 @@ _PUBLIC_ NSS_STATUS _nss_winbind_nametosid(const char *name, char **sid,
 		sizeof(request.data.name.name) - 1);
 	request.data.name.name[sizeof(request.data.name.name) - 1] = '\0';
 
-	ret = winbindd_request(WINBINDD_LOOKUPNAME, &request, &response);
+	ret = winbindd_request_response(WINBINDD_LOOKUPNAME, &request, &response);
 	if (ret != NSS_STATUS_SUCCESS) {
 		*errnop = errno = EINVAL;
 		goto failed;
@@ -1077,16 +1071,17 @@ _PUBLIC_ NSS_STATUS _nss_winbind_nametosid(const char *name, char **sid,
 
 	*errnop = errno = 0;
 	*sid = buffer;
-	strlcpy(*sid, response.data.sid.sid, strlen(response.data.sid.sid) + 1);
+	strcpy(*sid, response.data.sid.sid);
 
 failed:
-	free_response(&response);
+	winbindd_free_response(&response);
 	return ret;
 }
 
 /* map a sid string to a user or group name */
-_PUBLIC_ NSS_STATUS _nss_winbind_sidtoname(const char *sid, char **name,
-			char *buffer, size_t buflen, int *errnop)
+NSS_STATUS
+_nss_winbind_sidtoname(const char *sid, char **name, char *buffer,
+		       size_t buflen, int *errnop)
 {
 	NSS_STATUS ret;
 	struct winbindd_response response;
@@ -1103,14 +1098,14 @@ _PUBLIC_ NSS_STATUS _nss_winbind_sidtoname(const char *sid, char **name,
 
 	/* we need to fetch the separator first time through */
 	if (!sep_char) {
-		ret = winbindd_request(WINBINDD_INFO, &request, &response);
+		ret = winbindd_request_response(WINBINDD_INFO, &request, &response);
 		if (ret != NSS_STATUS_SUCCESS) {
 			*errnop = errno = EINVAL;
 			goto failed;
 		}
 
 		sep_char = response.data.info.winbind_separator;
-		free_response(&response);
+		winbindd_free_response(&response);
 	}
 
 
@@ -1118,7 +1113,7 @@ _PUBLIC_ NSS_STATUS _nss_winbind_sidtoname(const char *sid, char **name,
 		sizeof(request.data.sid) - 1);
 	request.data.sid[sizeof(request.data.sid) - 1] = '\0';
 
-	ret = winbindd_request(WINBINDD_LOOKUPSID, &request, &response);
+	ret = winbindd_request_response(WINBINDD_LOOKUPSID, &request, &response);
 	if (ret != NSS_STATUS_SUCCESS) {
 		*errnop = errno = EINVAL;
 		goto failed;
@@ -1143,13 +1138,13 @@ _PUBLIC_ NSS_STATUS _nss_winbind_sidtoname(const char *sid, char **name,
 	*errnop = errno = 0;
 
 failed:
-	free_response(&response);
+	winbindd_free_response(&response);
 	return ret;
 }
 
 /* map a sid to a uid */
-_PUBLIC_ NSS_STATUS _nss_winbind_sidtouid(const char *sid, uid_t *uid,
-				int *errnop)
+NSS_STATUS
+_nss_winbind_sidtouid(const char *sid, uid_t *uid, int *errnop)
 {
 	NSS_STATUS ret;
 	struct winbindd_response response;
@@ -1165,7 +1160,7 @@ _PUBLIC_ NSS_STATUS _nss_winbind_sidtouid(const char *sid, uid_t *uid,
 	strncpy(request.data.sid, sid, sizeof(request.data.sid) - 1);
 	request.data.sid[sizeof(request.data.sid) - 1] = '\0';
 
-	ret = winbindd_request(WINBINDD_SID_TO_UID, &request, &response);
+	ret = winbindd_request_response(WINBINDD_SID_TO_UID, &request, &response);
 	if (ret != NSS_STATUS_SUCCESS) {
 		*errnop = errno = EINVAL;
 		goto failed;
@@ -1178,8 +1173,8 @@ failed:
 }
 
 /* map a sid to a gid */
-_PUBLIC_ NSS_STATUS _nss_winbind_sidtogid(const char *sid, gid_t *gid,
-				int *errnop)
+NSS_STATUS
+_nss_winbind_sidtogid(const char *sid, gid_t *gid, int *errnop)
 {
 	NSS_STATUS ret;
 	struct winbindd_response response;
@@ -1195,7 +1190,7 @@ _PUBLIC_ NSS_STATUS _nss_winbind_sidtogid(const char *sid, gid_t *gid,
 	strncpy(request.data.sid, sid, sizeof(request.data.sid) - 1);
 	request.data.sid[sizeof(request.data.sid) - 1] = '\0';
 
-	ret = winbindd_request(WINBINDD_SID_TO_GID, &request, &response);
+	ret = winbindd_request_response(WINBINDD_SID_TO_GID, &request, &response);
 	if (ret != NSS_STATUS_SUCCESS) {
 		*errnop = errno = EINVAL;
 		goto failed;
@@ -1208,7 +1203,8 @@ failed:
 }
 
 /* map a uid to a SID string */
-_PUBLIC_ NSS_STATUS _nss_winbind_uidtosid(uid_t uid, char **sid, char *buffer,
+NSS_STATUS
+_nss_winbind_uidtosid(uid_t uid, char **sid, char *buffer,
 		      size_t buflen, int *errnop)
 {
 	NSS_STATUS ret;
@@ -1224,7 +1220,7 @@ _PUBLIC_ NSS_STATUS _nss_winbind_uidtosid(uid_t uid, char **sid, char *buffer,
 
 	request.data.uid = uid;
 
-	ret = winbindd_request(WINBINDD_UID_TO_SID, &request, &response);
+	ret = winbindd_request_response(WINBINDD_UID_TO_SID, &request, &response);
 	if (ret != NSS_STATUS_SUCCESS) {
 		*errnop = errno = EINVAL;
 		goto failed;
@@ -1238,15 +1234,16 @@ _PUBLIC_ NSS_STATUS _nss_winbind_uidtosid(uid_t uid, char **sid, char *buffer,
 
 	*errnop = errno = 0;
 	*sid = buffer;
-	strlcpy(*sid, response.data.sid.sid, strlen(response.data.sid.sid) + 1);
+	strcpy(*sid, response.data.sid.sid);
 
 failed:
-	free_response(&response);
+	winbindd_free_response(&response);
 	return ret;
 }
 
 /* map a gid to a SID string */
-_PUBLIC_ NSS_STATUS _nss_winbind_gidtosid(gid_t gid, char **sid, char *buffer,
+NSS_STATUS
+_nss_winbind_gidtosid(gid_t gid, char **sid, char *buffer,
 		      size_t buflen, int *errnop)
 {
 	NSS_STATUS ret;
@@ -1262,7 +1259,7 @@ _PUBLIC_ NSS_STATUS _nss_winbind_gidtosid(gid_t gid, char **sid, char *buffer,
 
 	request.data.gid = gid;
 
-	ret = winbindd_request(WINBINDD_GID_TO_SID, &request, &response);
+	ret = winbindd_request_response(WINBINDD_GID_TO_SID, &request, &response);
 	if (ret != NSS_STATUS_SUCCESS) {
 		*errnop = errno = EINVAL;
 		goto failed;
@@ -1276,9 +1273,9 @@ _PUBLIC_ NSS_STATUS _nss_winbind_gidtosid(gid_t gid, char **sid, char *buffer,
 
 	*errnop = errno = 0;
 	*sid = buffer;
-	strlcpy(*sid, response.data.sid.sid, strlen(response.data.sid.sid) + 1);
+	strcpy(*sid, response.data.sid.sid);
 
 failed:
-	free_response(&response);
+	winbindd_free_response(&response);
 	return ret;
 }
diff --git a/source4/nsswitch/winbind_nss_solaris.h b/source4/nsswitch/winbind_nss_solaris.h
index 1c694394d3..84062dbab4 100644
--- a/source4/nsswitch/winbind_nss_solaris.h
+++ b/source4/nsswitch/winbind_nss_solaris.h
@@ -22,7 +22,33 @@
 #ifndef _WINBIND_NSS_SOLARIS_H
 #define _WINBIND_NSS_SOLARIS_H
 
+/* Solaris has a broken nss_common header file containing C++ reserved names. */
+#ifndef __cplusplus
+#undef class
+#undef private
+#undef public
+#undef protected
+#undef template
+#undef this
+#undef new
+#undef delete
+#undef friend
+#endif
+
 #include <nss_common.h>
+
+#ifndef __cplusplus
+#define class #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
+#define private #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
+#define public #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
+#define protected #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
+#define template #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
+#define this #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
+#define new #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
+#define delete #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
+#define friend #error DONT_USE_CPLUSPLUS_RESERVED_NAMES
+#endif
+
 #include <nss_dbdefs.h>
 #include <nsswitch.h>
 
diff --git a/source4/nsswitch/winbind_struct_protocol.h b/source4/nsswitch/winbind_struct_protocol.h
index 724b830604..645534b836 100644
--- a/source4/nsswitch/winbind_struct_protocol.h
+++ b/source4/nsswitch/winbind_struct_protocol.h
@@ -11,15 +11,6 @@
    products. You do not need to give any attribution.  
 */
 
-
-#ifndef CONST_DISCARD
-#define CONST_DISCARD(type, ptr)      ((type) ((void *) (ptr)))
-#endif
-
-#ifndef CONST_ADD
-#define CONST_ADD(type, ptr)          ((type) ((const void *) (ptr)))
-#endif
-
 #ifndef SAFE_FREE
 #define SAFE_FREE(x) do { if(x) {free(x); x=NULL;} } while(0)
 #endif
@@ -36,28 +27,28 @@
 #define WINBINDD_SOCKET_DIR  "/tmp/.winbindd"  /* Name of PF_UNIX dir */
 #endif
 
+/*
+ * when compiled with socket_wrapper support
+ * the location of the WINBINDD_SOCKET_DIR
+ * can be overwritten via an environment variable
+ */
+#define WINBINDD_SOCKET_DIR_ENVVAR "WINBINDD_SOCKET_DIR"
+
 #define WINBINDD_PRIV_SOCKET_SUBDIR "winbindd_privileged" /* name of subdirectory of lp_lockdir() to hold the 'privileged' pipe */
 #define WINBINDD_DOMAIN_ENV  "WINBINDD_DOMAIN" /* Environment variables */
 #define WINBINDD_DONT_ENV    "_NO_WINBINDD"
-
-#ifdef SOCKET_WRAPPER
-#define WINBINDD_SOCKET_DIR_ENV "WINBINDD_SOCKET_DIR"
-#endif
+#define WINBINDD_LOCATOR_KDC_ADDRESS "WINBINDD_LOCATOR_KDC_ADDRESS"
 
 /* Update this when you change the interface.  */
 
-#define WINBIND_INTERFACE_VERSION 18
+#define WINBIND_INTERFACE_VERSION 19
 
 /* Have to deal with time_t being 4 or 8 bytes due to structure alignment.
    On a 64bit Linux box, we have to support a constant structure size
    between /lib/libnss_winbind.so.2 and /li64/libnss_winbind.so.2.
    The easiest way to do this is to always use 8byte values for time_t. */
 
-#if defined(int64)
-#  define SMB_TIME_T int64
-#else
-#  define SMB_TIME_T time_t
-#endif
+#define SMB_TIME_T int64_t
 
 /* Socket commands */
 
@@ -104,7 +95,7 @@ enum winbindd_cmd {
 
 	/* Lookup functions */
 
-	WINBINDD_SID_TO_UID,
+	WINBINDD_SID_TO_UID,       
 	WINBINDD_SID_TO_GID,
 	WINBINDD_SIDS_TO_XIDS,
 	WINBINDD_UID_TO_SID,
@@ -127,6 +118,7 @@ enum winbindd_cmd {
 	WINBINDD_DOMAIN_INFO,	/* Most of what we know from
 				   struct winbindd_domain */
 	WINBINDD_GETDCNAME,	/* Issue a GetDCName Request */
+	WINBINDD_DSGETDCNAME,	/* Issue a DsGetDCName Request */
 
 	WINBINDD_SHOW_SEQUENCE, /* display sequence numbers of domains */
 
@@ -194,30 +186,31 @@ typedef struct winbindd_gr {
 	fstring gr_name;
 	fstring gr_passwd;
 	gid_t gr_gid;
-	uint32 num_gr_mem;
-	uint32 gr_mem_ofs;   /* offset to group membership */
+	uint32_t num_gr_mem;
+	uint32_t gr_mem_ofs;   /* offset to group membership */
 } WINBINDD_GR;
 
-
-#define WBFLAG_PAM_INFO3_NDR  		0x0001
-#define WBFLAG_PAM_INFO3_TEXT 		0x0002
-#define WBFLAG_PAM_USER_SESSION_KEY     0x0004
-#define WBFLAG_PAM_LMKEY      		0x0008
-#define WBFLAG_PAM_CONTACT_TRUSTDOM 	0x0010
-#define WBFLAG_QUERY_ONLY		0x0020
-#define WBFLAG_PAM_UNIX_NAME            0x0080
-#define WBFLAG_PAM_AFS_TOKEN            0x0100
-#define WBFLAG_PAM_NT_STATUS_SQUASH     0x0200
-
+/* PAM specific request flags */
+#define WBFLAG_PAM_INFO3_NDR		0x00000001
+#define WBFLAG_PAM_INFO3_TEXT		0x00000002
+#define WBFLAG_PAM_USER_SESSION_KEY	0x00000004
+#define WBFLAG_PAM_LMKEY		0x00000008
+#define WBFLAG_PAM_CONTACT_TRUSTDOM	0x00000010
+#define WBFLAG_PAM_UNIX_NAME		0x00000080
+#define WBFLAG_PAM_AFS_TOKEN		0x00000100
+#define WBFLAG_PAM_NT_STATUS_SQUASH	0x00000200
+#define WBFLAG_PAM_KRB5			0x00001000
+#define WBFLAG_PAM_FALLBACK_AFTER_KRB5	0x00002000
+#define WBFLAG_PAM_CACHED_LOGIN		0x00004000
+#define WBFLAG_PAM_GET_PWD_POLICY	0x00008000	/* not used */
+
+/* generic request flags */
+#define WBFLAG_QUERY_ONLY		0x00000020	/* not used */
 /* This is a flag that can only be sent from parent to child */
-#define WBFLAG_IS_PRIVILEGED            0x0400
+#define WBFLAG_IS_PRIVILEGED		0x00000400	/* not used */
 /* Flag to say this is a winbindd internal send - don't recurse. */
-#define WBFLAG_RECURSE			0x0800
+#define WBFLAG_RECURSE			0x00000800
 
-#define WBFLAG_PAM_KRB5			0x1000
-#define WBFLAG_PAM_FALLBACK_AFTER_KRB5	0x2000
-#define WBFLAG_PAM_CACHED_LOGIN		0x4000
-#define WBFLAG_PAM_GET_PWD_POLICY	0x8000	/* not used */
 
 #define WINBINDD_MAX_EXTRA_DATA (128*1024)
 
@@ -232,12 +225,13 @@ typedef struct winbindd_gr {
  ******************************************************************************/
 
 struct winbindd_request {
-	uint32 length;
+	uint32_t length;
 	enum winbindd_cmd cmd;   /* Winbindd command to execute */
 	enum winbindd_cmd original_cmd;   /* Original Winbindd command
 					     issued to parent process */
 	pid_t pid;               /* pid of calling process */
-	uint32 flags;            /* flags relavant to a given request */
+	uint32_t wb_flags;       /* generic flags */
+	uint32_t flags;          /* flags relevant *only* to a given request */
 	fstring domain_name;	/* name of domain for which the request applies */
 
 	union {
@@ -257,14 +251,14 @@ struct winbindd_request {
 			uid_t uid;
 		} auth;              /* pam_winbind auth module */
                 struct {
-                        unsigned char chal[8];
-			uint32 logon_parameters;
+                        uint8_t chal[8];
+			uint32_t logon_parameters;
                         fstring user;
                         fstring domain;
                         fstring lm_resp;
-                        uint32 lm_resp_len;
+                        uint32_t lm_resp_len;
                         fstring nt_resp;
-                        uint32 nt_resp_len;
+                        uint32_t nt_resp_len;
 			fstring workstation;
 		        fstring require_membership_of_sid;
                 } auth_crap;
@@ -276,14 +270,14 @@ struct winbindd_request {
 		struct {
 			fstring user;
 			fstring domain;
-			unsigned char new_nt_pswd[516];
-			uint16	new_nt_pswd_len;
-			unsigned char old_nt_hash_enc[16];
-			uint16 	old_nt_hash_enc_len;
-			unsigned char new_lm_pswd[516];
-			uint16	new_lm_pswd_len;
-			unsigned char old_lm_hash_enc[16];
-			uint16	old_lm_hash_enc_len;
+			uint8_t new_nt_pswd[516];
+			uint16_t new_nt_pswd_len;
+			uint8_t old_nt_hash_enc[16];
+			uint16_t old_nt_hash_enc_len;
+			uint8_t new_lm_pswd[516];
+			uint16_t new_lm_pswd_len;
+			uint8_t old_lm_hash_enc[16];
+			uint16_t old_lm_hash_enc_len;
 		} chng_pswd_auth_crap;/* pam_winbind passwd module */
 		struct {
 			fstring user;
@@ -295,7 +289,7 @@ struct winbindd_request {
 			fstring dom_name;       /* lookupname */
 			fstring name;       
 		} name;
-		uint32 num_entries;  /* getpwent, getgrent */
+		uint32_t num_entries;  /* getpwent, getgrent */
 		struct {
 			fstring username;
 			fstring groupname;
@@ -310,8 +304,8 @@ struct winbindd_request {
 		} dual_sid2id;
 		struct {
 			fstring sid;
-			uint32 type;
-			uint32 id;
+			uint32_t type;
+			uint32_t id;
 		} dual_idmapset;
 		bool list_all_domains;
 
@@ -324,8 +318,8 @@ struct winbindd_request {
 			   produce an actual challenge response. It merely
 			   succeeds if there are cached credentials available
 			   that could be used. */
-			uint32 initial_blob_len; /* blobs in extra_data */
-			uint32 challenge_blob_len;
+			uint32_t initial_blob_len; /* blobs in extra_data */
+			uint32_t challenge_blob_len;
 		} ccache_ntlm_auth;
 
 		/* padding -- needed to fix alignment between 32bit and 64bit libs.
@@ -338,7 +332,7 @@ struct winbindd_request {
 		SMB_TIME_T padding;
 		char *data;
 	} extra_data;
-	uint32 extra_len;
+	uint32_t extra_len;
 	char null_term;
 };
 
@@ -364,7 +358,7 @@ struct winbindd_response {
     
 	/* Header information */
 
-	uint32 length;                        /* Length of response */
+	uint32_t length;                      /* Length of response */
 	enum winbindd_result result;          /* Result code */
 
 	/* Fixed length return data */
@@ -382,14 +376,14 @@ struct winbindd_response {
 
 		struct winbindd_gr gr;
 
-		uint32 num_entries; /* getpwent, getgrent */
+		uint32_t num_entries; /* getpwent, getgrent */
 		struct winbindd_sid {
 			fstring sid;        /* lookupname, [ug]id_to_sid */
 			int type;
 		} sid;
 		struct winbindd_name {
 			fstring dom_name;       /* lookupsid */
-			fstring name;
+			fstring name;       
 			int type;
 		} name;
 		uid_t uid;          /* sid_to_uid */
@@ -403,20 +397,20 @@ struct winbindd_response {
 		fstring dc_name;
 
 		struct auth_reply {
-			uint32 nt_status;
+			uint32_t nt_status;
 			fstring nt_status_string;
 			fstring error_string;
 			int pam_error;
 			char user_session_key[16];
 			char first_8_lm_hash[8];
 			fstring krb5ccname;
-			uint32 reject_reason;
-			uint32 padding;
+			uint32_t reject_reason;
+			uint32_t padding;
 			struct policy_settings {
-				uint32 min_length_password;
-				uint32 password_history;
-				uint32 password_properties;
-				uint32 padding;
+				uint32_t min_length_password;
+				uint32_t password_history;
+				uint32_t password_properties;
+				uint32_t padding;
 				SMB_TIME_T expire;
 				SMB_TIME_T min_passwordage;
 			} policy;
@@ -427,14 +421,14 @@ struct winbindd_response {
 				SMB_TIME_T pass_last_set_time;
 				SMB_TIME_T pass_can_change_time;
 				SMB_TIME_T pass_must_change_time;
-				uint32 logon_count;
-				uint32 bad_pw_count;
-				uint32 user_rid;
-				uint32 group_rid;
-				uint32 num_groups;
-				uint32 user_flgs;
-				uint32 acct_flags;
-				uint32 num_other_sids;
+				uint32_t logon_count;
+				uint32_t bad_pw_count;
+				uint32_t user_rid;
+				uint32_t group_rid;
+				uint32_t num_groups;
+				uint32_t user_flgs;
+				uint32_t acct_flags;
+				uint32_t num_other_sids;
 				fstring dom_sid;
 				fstring user_name;
 				fstring full_name;
@@ -453,18 +447,18 @@ struct winbindd_response {
 			bool native_mode;
 			bool active_directory;
 			bool primary;
-			uint32 sequence_number;
+			uint32_t sequence_number;
 		} domain_info;
 		struct {
 			fstring acct_name;
 			fstring full_name;
 			fstring homedir;
 			fstring shell;
-			uint32 primary_gid;			
-			uint32 group_rid;
+			uint32_t primary_gid;
+			uint32_t group_rid;
 		} user_info;
 		struct {
-			uint32 auth_blob_len; /* blob in extra_data */
+			uint32_t auth_blob_len; /* blob in extra_data */
 		} ccache_ntlm_auth;
 	} data;
 
@@ -482,8 +476,8 @@ struct WINBINDD_MEMORY_CREDS {
 	uid_t uid;
 	int ref_count;
 	size_t len;
-	unsigned char *nt_hash; /* Base pointer for the following 2 */
-	unsigned char *lm_hash;
+	uint8_t *nt_hash; /* Base pointer for the following 2 */
+	uint8_t *lm_hash;
 	char *pass;
 };
 
-- 
cgit