Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

22 files changed, 10693 insertions, 0 deletions

diff --git a/nsswitch/libwbclient/ABI/wbclient-0.10.sigs b/nsswitch/libwbclient/ABI/wbclient-0.10.sigs
new file mode 100644
index 0000000..eda96f4
--- /dev/null
+++ b/nsswitch/libwbclient/ABI/wbclient-0.10.sigs
@@ -0,0 +1,76 @@
+wbcAddNamedBlob: wbcErr (size_t *, struct wbcNamedBlob **, const char *, uint32_t, uint8_t *, size_t)
+wbcAllocateGid: wbcErr (gid_t *)
+wbcAllocateMemory: void *(size_t, size_t, void (*)(void *))
+wbcAllocateStringArray: const char **(int)
+wbcAllocateUid: wbcErr (uid_t *)
+wbcAuthenticateUser: wbcErr (const char *, const char *)
+wbcAuthenticateUserEx: wbcErr (const struct wbcAuthUserParams *, struct wbcAuthUserInfo **, struct wbcAuthErrorInfo **)
+wbcChangeTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **)
+wbcChangeUserPassword: wbcErr (const char *, const char *, const char *)
+wbcChangeUserPasswordEx: wbcErr (const struct wbcChangePasswordParams *, struct wbcAuthErrorInfo **, enum wbcPasswordChangeRejectReason *, struct wbcUserPasswordPolicyInfo **)
+wbcCheckTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **)
+wbcCredentialCache: wbcErr (struct wbcCredentialCacheParams *, struct wbcCredentialCacheInfo **, struct wbcAuthErrorInfo **)
+wbcCredentialSave: wbcErr (const char *, const char *)
+wbcDcInfo: wbcErr (const char *, size_t *, const char ***, const char ***)
+wbcDomainInfo: wbcErr (const char *, struct wbcDomainInfo **)
+wbcEndgrent: wbcErr (void)
+wbcEndpwent: wbcErr (void)
+wbcErrorString: const char *(wbcErr)
+wbcFreeMemory: void (void *)
+wbcGetDisplayName: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *)
+wbcGetGroups: wbcErr (const char *, uint32_t *, gid_t **)
+wbcGetSidAliases: wbcErr (const struct wbcDomainSid *, struct wbcDomainSid *, uint32_t, uint32_t **, uint32_t *)
+wbcGetgrent: wbcErr (struct group **)
+wbcGetgrgid: wbcErr (gid_t, struct group **)
+wbcGetgrlist: wbcErr (struct group **)
+wbcGetgrnam: wbcErr (const char *, struct group **)
+wbcGetpwent: wbcErr (struct passwd **)
+wbcGetpwnam: wbcErr (const char *, struct passwd **)
+wbcGetpwsid: wbcErr (struct wbcDomainSid *, struct passwd **)
+wbcGetpwuid: wbcErr (uid_t, struct passwd **)
+wbcGidToSid: wbcErr (gid_t, struct wbcDomainSid *)
+wbcGuidToString: wbcErr (const struct wbcGuid *, char **)
+wbcInterfaceDetails: wbcErr (struct wbcInterfaceDetails **)
+wbcLibraryDetails: wbcErr (struct wbcLibraryDetails **)
+wbcListGroups: wbcErr (const char *, uint32_t *, const char ***)
+wbcListTrusts: wbcErr (struct wbcDomainInfo **, size_t *)
+wbcListUsers: wbcErr (const char *, uint32_t *, const char ***)
+wbcLogoffUser: wbcErr (const char *, uid_t, const char *)
+wbcLogoffUserEx: wbcErr (const struct wbcLogoffUserParams *, struct wbcAuthErrorInfo **)
+wbcLogonUser: wbcErr (const struct wbcLogonUserParams *, struct wbcLogonUserInfo **, struct wbcAuthErrorInfo **, struct wbcUserPasswordPolicyInfo **)
+wbcLookupDomainController: wbcErr (const char *, uint32_t, struct wbcDomainControllerInfo **)
+wbcLookupDomainControllerEx: wbcErr (const char *, struct wbcGuid *, const char *, uint32_t, struct wbcDomainControllerInfoEx **)
+wbcLookupName: wbcErr (const char *, const char *, struct wbcDomainSid *, enum wbcSidType *)
+wbcLookupRids: wbcErr (struct wbcDomainSid *, int, uint32_t *, const char **, const char ***, enum wbcSidType **)
+wbcLookupSid: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *)
+wbcLookupSids: wbcErr (const struct wbcDomainSid *, int, struct wbcDomainInfo **, int *, struct wbcTranslatedName **)
+wbcLookupUserSids: wbcErr (const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **)
+wbcPing: wbcErr (void)
+wbcPingDc: wbcErr (const char *, struct wbcAuthErrorInfo **)
+wbcPingDc2: wbcErr (const char *, struct wbcAuthErrorInfo **, char **)
+wbcQueryGidToSid: wbcErr (gid_t, struct wbcDomainSid *)
+wbcQuerySidToGid: wbcErr (const struct wbcDomainSid *, gid_t *)
+wbcQuerySidToUid: wbcErr (const struct wbcDomainSid *, uid_t *)
+wbcQueryUidToSid: wbcErr (uid_t, struct wbcDomainSid *)
+wbcRemoveGidMapping: wbcErr (gid_t, const struct wbcDomainSid *)
+wbcRemoveUidMapping: wbcErr (uid_t, const struct wbcDomainSid *)
+wbcRequestResponse: wbcErr (int, struct winbindd_request *, struct winbindd_response *)
+wbcRequestResponsePriv: wbcErr (int, struct winbindd_request *, struct winbindd_response *)
+wbcResolveWinsByIP: wbcErr (const char *, char **)
+wbcResolveWinsByName: wbcErr (const char *, char **)
+wbcSetGidHwm: wbcErr (gid_t)
+wbcSetGidMapping: wbcErr (gid_t, const struct wbcDomainSid *)
+wbcSetUidHwm: wbcErr (uid_t)
+wbcSetUidMapping: wbcErr (uid_t, const struct wbcDomainSid *)
+wbcSetgrent: wbcErr (void)
+wbcSetpwent: wbcErr (void)
+wbcSidToGid: wbcErr (const struct wbcDomainSid *, gid_t *)
+wbcSidToString: wbcErr (const struct wbcDomainSid *, char **)
+wbcSidToStringBuf: int (const struct wbcDomainSid *, char *, int)
+wbcSidToUid: wbcErr (const struct wbcDomainSid *, uid_t *)
+wbcSidTypeString: const char *(enum wbcSidType)
+wbcSidsToUnixIds: wbcErr (const struct wbcDomainSid *, uint32_t, struct wbcUnixId *)
+wbcStrDup: char *(const char *)
+wbcStringToGuid: wbcErr (const char *, struct wbcGuid *)
+wbcStringToSid: wbcErr (const char *, struct wbcDomainSid *)
+wbcUidToSid: wbcErr (uid_t, struct wbcDomainSid *)
diff --git a/nsswitch/libwbclient/ABI/wbclient-0.11.sigs b/nsswitch/libwbclient/ABI/wbclient-0.11.sigs
new file mode 100644
index 0000000..eda96f4
--- /dev/null
+++ b/nsswitch/libwbclient/ABI/wbclient-0.11.sigs
@@ -0,0 +1,76 @@
+wbcAddNamedBlob: wbcErr (size_t *, struct wbcNamedBlob **, const char *, uint32_t, uint8_t *, size_t)
+wbcAllocateGid: wbcErr (gid_t *)
+wbcAllocateMemory: void *(size_t, size_t, void (*)(void *))
+wbcAllocateStringArray: const char **(int)
+wbcAllocateUid: wbcErr (uid_t *)
+wbcAuthenticateUser: wbcErr (const char *, const char *)
+wbcAuthenticateUserEx: wbcErr (const struct wbcAuthUserParams *, struct wbcAuthUserInfo **, struct wbcAuthErrorInfo **)
+wbcChangeTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **)
+wbcChangeUserPassword: wbcErr (const char *, const char *, const char *)
+wbcChangeUserPasswordEx: wbcErr (const struct wbcChangePasswordParams *, struct wbcAuthErrorInfo **, enum wbcPasswordChangeRejectReason *, struct wbcUserPasswordPolicyInfo **)
+wbcCheckTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **)
+wbcCredentialCache: wbcErr (struct wbcCredentialCacheParams *, struct wbcCredentialCacheInfo **, struct wbcAuthErrorInfo **)
+wbcCredentialSave: wbcErr (const char *, const char *)
+wbcDcInfo: wbcErr (const char *, size_t *, const char ***, const char ***)
+wbcDomainInfo: wbcErr (const char *, struct wbcDomainInfo **)
+wbcEndgrent: wbcErr (void)
+wbcEndpwent: wbcErr (void)
+wbcErrorString: const char *(wbcErr)
+wbcFreeMemory: void (void *)
+wbcGetDisplayName: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *)
+wbcGetGroups: wbcErr (const char *, uint32_t *, gid_t **)
+wbcGetSidAliases: wbcErr (const struct wbcDomainSid *, struct wbcDomainSid *, uint32_t, uint32_t **, uint32_t *)
+wbcGetgrent: wbcErr (struct group **)
+wbcGetgrgid: wbcErr (gid_t, struct group **)
+wbcGetgrlist: wbcErr (struct group **)
+wbcGetgrnam: wbcErr (const char *, struct group **)
+wbcGetpwent: wbcErr (struct passwd **)
+wbcGetpwnam: wbcErr (const char *, struct passwd **)
+wbcGetpwsid: wbcErr (struct wbcDomainSid *, struct passwd **)
+wbcGetpwuid: wbcErr (uid_t, struct passwd **)
+wbcGidToSid: wbcErr (gid_t, struct wbcDomainSid *)
+wbcGuidToString: wbcErr (const struct wbcGuid *, char **)
+wbcInterfaceDetails: wbcErr (struct wbcInterfaceDetails **)
+wbcLibraryDetails: wbcErr (struct wbcLibraryDetails **)
+wbcListGroups: wbcErr (const char *, uint32_t *, const char ***)
+wbcListTrusts: wbcErr (struct wbcDomainInfo **, size_t *)
+wbcListUsers: wbcErr (const char *, uint32_t *, const char ***)
+wbcLogoffUser: wbcErr (const char *, uid_t, const char *)
+wbcLogoffUserEx: wbcErr (const struct wbcLogoffUserParams *, struct wbcAuthErrorInfo **)
+wbcLogonUser: wbcErr (const struct wbcLogonUserParams *, struct wbcLogonUserInfo **, struct wbcAuthErrorInfo **, struct wbcUserPasswordPolicyInfo **)
+wbcLookupDomainController: wbcErr (const char *, uint32_t, struct wbcDomainControllerInfo **)
+wbcLookupDomainControllerEx: wbcErr (const char *, struct wbcGuid *, const char *, uint32_t, struct wbcDomainControllerInfoEx **)
+wbcLookupName: wbcErr (const char *, const char *, struct wbcDomainSid *, enum wbcSidType *)
+wbcLookupRids: wbcErr (struct wbcDomainSid *, int, uint32_t *, const char **, const char ***, enum wbcSidType **)
+wbcLookupSid: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *)
+wbcLookupSids: wbcErr (const struct wbcDomainSid *, int, struct wbcDomainInfo **, int *, struct wbcTranslatedName **)
+wbcLookupUserSids: wbcErr (const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **)
+wbcPing: wbcErr (void)
+wbcPingDc: wbcErr (const char *, struct wbcAuthErrorInfo **)
+wbcPingDc2: wbcErr (const char *, struct wbcAuthErrorInfo **, char **)
+wbcQueryGidToSid: wbcErr (gid_t, struct wbcDomainSid *)
+wbcQuerySidToGid: wbcErr (const struct wbcDomainSid *, gid_t *)
+wbcQuerySidToUid: wbcErr (const struct wbcDomainSid *, uid_t *)
+wbcQueryUidToSid: wbcErr (uid_t, struct wbcDomainSid *)
+wbcRemoveGidMapping: wbcErr (gid_t, const struct wbcDomainSid *)
+wbcRemoveUidMapping: wbcErr (uid_t, const struct wbcDomainSid *)
+wbcRequestResponse: wbcErr (int, struct winbindd_request *, struct winbindd_response *)
+wbcRequestResponsePriv: wbcErr (int, struct winbindd_request *, struct winbindd_response *)
+wbcResolveWinsByIP: wbcErr (const char *, char **)
+wbcResolveWinsByName: wbcErr (const char *, char **)
+wbcSetGidHwm: wbcErr (gid_t)
+wbcSetGidMapping: wbcErr (gid_t, const struct wbcDomainSid *)
+wbcSetUidHwm: wbcErr (uid_t)
+wbcSetUidMapping: wbcErr (uid_t, const struct wbcDomainSid *)
+wbcSetgrent: wbcErr (void)
+wbcSetpwent: wbcErr (void)
+wbcSidToGid: wbcErr (const struct wbcDomainSid *, gid_t *)
+wbcSidToString: wbcErr (const struct wbcDomainSid *, char **)
+wbcSidToStringBuf: int (const struct wbcDomainSid *, char *, int)
+wbcSidToUid: wbcErr (const struct wbcDomainSid *, uid_t *)
+wbcSidTypeString: const char *(enum wbcSidType)
+wbcSidsToUnixIds: wbcErr (const struct wbcDomainSid *, uint32_t, struct wbcUnixId *)
+wbcStrDup: char *(const char *)
+wbcStringToGuid: wbcErr (const char *, struct wbcGuid *)
+wbcStringToSid: wbcErr (const char *, struct wbcDomainSid *)
+wbcUidToSid: wbcErr (uid_t, struct wbcDomainSid *)
diff --git a/nsswitch/libwbclient/ABI/wbclient-0.12.sigs b/nsswitch/libwbclient/ABI/wbclient-0.12.sigs
new file mode 100644
index 0000000..3b71917
--- /dev/null
+++ b/nsswitch/libwbclient/ABI/wbclient-0.12.sigs
@@ -0,0 +1,130 @@
+wbcAddNamedBlob: wbcErr (size_t *, struct wbcNamedBlob **, const char *, uint32_t, uint8_t *, size_t)
+wbcAllocateGid: wbcErr (gid_t *)
+wbcAllocateMemory: void *(size_t, size_t, void (*)(void *))
+wbcAllocateStringArray: const char **(int)
+wbcAllocateUid: wbcErr (uid_t *)
+wbcAuthenticateUser: wbcErr (const char *, const char *)
+wbcAuthenticateUserEx: wbcErr (const struct wbcAuthUserParams *, struct wbcAuthUserInfo **, struct wbcAuthErrorInfo **)
+wbcChangeTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **)
+wbcChangeUserPassword: wbcErr (const char *, const char *, const char *)
+wbcChangeUserPasswordEx: wbcErr (const struct wbcChangePasswordParams *, struct wbcAuthErrorInfo **, enum wbcPasswordChangeRejectReason *, struct wbcUserPasswordPolicyInfo **)
+wbcCheckTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **)
+wbcCredentialCache: wbcErr (struct wbcCredentialCacheParams *, struct wbcCredentialCacheInfo **, struct wbcAuthErrorInfo **)
+wbcCredentialSave: wbcErr (const char *, const char *)
+wbcCtxAllocateGid: wbcErr (struct wbcContext *, gid_t *)
+wbcCtxAllocateUid: wbcErr (struct wbcContext *, uid_t *)
+wbcCtxAuthenticateUser: wbcErr (struct wbcContext *, const char *, const char *)
+wbcCtxAuthenticateUserEx: wbcErr (struct wbcContext *, const struct wbcAuthUserParams *, struct wbcAuthUserInfo **, struct wbcAuthErrorInfo **)
+wbcCtxChangeTrustCredentials: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **)
+wbcCtxChangeUserPassword: wbcErr (struct wbcContext *, const char *, const char *, const char *)
+wbcCtxChangeUserPasswordEx: wbcErr (struct wbcContext *, const struct wbcChangePasswordParams *, struct wbcAuthErrorInfo **, enum wbcPasswordChangeRejectReason *, struct wbcUserPasswordPolicyInfo **)
+wbcCtxCheckTrustCredentials: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **)
+wbcCtxCreate: struct wbcContext *(void)
+wbcCtxCredentialCache: wbcErr (struct wbcContext *, struct wbcCredentialCacheParams *, struct wbcCredentialCacheInfo **, struct wbcAuthErrorInfo **)
+wbcCtxCredentialSave: wbcErr (struct wbcContext *, const char *, const char *)
+wbcCtxDcInfo: wbcErr (struct wbcContext *, const char *, size_t *, const char ***, const char ***)
+wbcCtxDomainInfo: wbcErr (struct wbcContext *, const char *, struct wbcDomainInfo **)
+wbcCtxEndgrent: wbcErr (struct wbcContext *)
+wbcCtxEndpwent: wbcErr (struct wbcContext *)
+wbcCtxFree: void (struct wbcContext *)
+wbcCtxGetDisplayName: wbcErr (struct wbcContext *, const struct wbcDomainSid *, char **, char **, enum wbcSidType *)
+wbcCtxGetGroups: wbcErr (struct wbcContext *, const char *, uint32_t *, gid_t **)
+wbcCtxGetSidAliases: wbcErr (struct wbcContext *, const struct wbcDomainSid *, struct wbcDomainSid *, uint32_t, uint32_t **, uint32_t *)
+wbcCtxGetgrent: wbcErr (struct wbcContext *, struct group **)
+wbcCtxGetgrgid: wbcErr (struct wbcContext *, gid_t, struct group **)
+wbcCtxGetgrlist: wbcErr (struct wbcContext *, struct group **)
+wbcCtxGetgrnam: wbcErr (struct wbcContext *, const char *, struct group **)
+wbcCtxGetpwent: wbcErr (struct wbcContext *, struct passwd **)
+wbcCtxGetpwnam: wbcErr (struct wbcContext *, const char *, struct passwd **)
+wbcCtxGetpwsid: wbcErr (struct wbcContext *, struct wbcDomainSid *, struct passwd **)
+wbcCtxGetpwuid: wbcErr (struct wbcContext *, uid_t, struct passwd **)
+wbcCtxGidToSid: wbcErr (struct wbcContext *, gid_t, struct wbcDomainSid *)
+wbcCtxInterfaceDetails: wbcErr (struct wbcContext *, struct wbcInterfaceDetails **)
+wbcCtxListGroups: wbcErr (struct wbcContext *, const char *, uint32_t *, const char ***)
+wbcCtxListTrusts: wbcErr (struct wbcContext *, struct wbcDomainInfo **, size_t *)
+wbcCtxListUsers: wbcErr (struct wbcContext *, const char *, uint32_t *, const char ***)
+wbcCtxLogoffUser: wbcErr (struct wbcContext *, const char *, uid_t, const char *)
+wbcCtxLogoffUserEx: wbcErr (struct wbcContext *, const struct wbcLogoffUserParams *, struct wbcAuthErrorInfo **)
+wbcCtxLogonUser: wbcErr (struct wbcContext *, const struct wbcLogonUserParams *, struct wbcLogonUserInfo **, struct wbcAuthErrorInfo **, struct wbcUserPasswordPolicyInfo **)
+wbcCtxLookupDomainController: wbcErr (struct wbcContext *, const char *, uint32_t, struct wbcDomainControllerInfo **)
+wbcCtxLookupDomainControllerEx: wbcErr (struct wbcContext *, const char *, struct wbcGuid *, const char *, uint32_t, struct wbcDomainControllerInfoEx **)
+wbcCtxLookupName: wbcErr (struct wbcContext *, const char *, const char *, struct wbcDomainSid *, enum wbcSidType *)
+wbcCtxLookupRids: wbcErr (struct wbcContext *, struct wbcDomainSid *, int, uint32_t *, const char **, const char ***, enum wbcSidType **)
+wbcCtxLookupSid: wbcErr (struct wbcContext *, const struct wbcDomainSid *, char **, char **, enum wbcSidType *)
+wbcCtxLookupSids: wbcErr (struct wbcContext *, const struct wbcDomainSid *, int, struct wbcDomainInfo **, int *, struct wbcTranslatedName **)
+wbcCtxLookupUserSids: wbcErr (struct wbcContext *, const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **)
+wbcCtxPing: wbcErr (struct wbcContext *)
+wbcCtxPingDc: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **)
+wbcCtxPingDc2: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **, char **)
+wbcCtxResolveWinsByIP: wbcErr (struct wbcContext *, const char *, char **)
+wbcCtxResolveWinsByName: wbcErr (struct wbcContext *, const char *, char **)
+wbcCtxSetgrent: wbcErr (struct wbcContext *)
+wbcCtxSetpwent: wbcErr (struct wbcContext *)
+wbcCtxSidToGid: wbcErr (struct wbcContext *, const struct wbcDomainSid *, gid_t *)
+wbcCtxSidToUid: wbcErr (struct wbcContext *, const struct wbcDomainSid *, uid_t *)
+wbcCtxSidsToUnixIds: wbcErr (struct wbcContext *, const struct wbcDomainSid *, uint32_t, struct wbcUnixId *)
+wbcCtxUidToSid: wbcErr (struct wbcContext *, uid_t, struct wbcDomainSid *)
+wbcDcInfo: wbcErr (const char *, size_t *, const char ***, const char ***)
+wbcDomainInfo: wbcErr (const char *, struct wbcDomainInfo **)
+wbcEndgrent: wbcErr (void)
+wbcEndpwent: wbcErr (void)
+wbcErrorString: const char *(wbcErr)
+wbcFreeMemory: void (void *)
+wbcGetDisplayName: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *)
+wbcGetGlobalCtx: struct wbcContext *(void)
+wbcGetGroups: wbcErr (const char *, uint32_t *, gid_t **)
+wbcGetSidAliases: wbcErr (const struct wbcDomainSid *, struct wbcDomainSid *, uint32_t, uint32_t **, uint32_t *)
+wbcGetgrent: wbcErr (struct group **)
+wbcGetgrgid: wbcErr (gid_t, struct group **)
+wbcGetgrlist: wbcErr (struct group **)
+wbcGetgrnam: wbcErr (const char *, struct group **)
+wbcGetpwent: wbcErr (struct passwd **)
+wbcGetpwnam: wbcErr (const char *, struct passwd **)
+wbcGetpwsid: wbcErr (struct wbcDomainSid *, struct passwd **)
+wbcGetpwuid: wbcErr (uid_t, struct passwd **)
+wbcGidToSid: wbcErr (gid_t, struct wbcDomainSid *)
+wbcGuidToString: wbcErr (const struct wbcGuid *, char **)
+wbcInterfaceDetails: wbcErr (struct wbcInterfaceDetails **)
+wbcLibraryDetails: wbcErr (struct wbcLibraryDetails **)
+wbcListGroups: wbcErr (const char *, uint32_t *, const char ***)
+wbcListTrusts: wbcErr (struct wbcDomainInfo **, size_t *)
+wbcListUsers: wbcErr (const char *, uint32_t *, const char ***)
+wbcLogoffUser: wbcErr (const char *, uid_t, const char *)
+wbcLogoffUserEx: wbcErr (const struct wbcLogoffUserParams *, struct wbcAuthErrorInfo **)
+wbcLogonUser: wbcErr (const struct wbcLogonUserParams *, struct wbcLogonUserInfo **, struct wbcAuthErrorInfo **, struct wbcUserPasswordPolicyInfo **)
+wbcLookupDomainController: wbcErr (const char *, uint32_t, struct wbcDomainControllerInfo **)
+wbcLookupDomainControllerEx: wbcErr (const char *, struct wbcGuid *, const char *, uint32_t, struct wbcDomainControllerInfoEx **)
+wbcLookupName: wbcErr (const char *, const char *, struct wbcDomainSid *, enum wbcSidType *)
+wbcLookupRids: wbcErr (struct wbcDomainSid *, int, uint32_t *, const char **, const char ***, enum wbcSidType **)
+wbcLookupSid: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *)
+wbcLookupSids: wbcErr (const struct wbcDomainSid *, int, struct wbcDomainInfo **, int *, struct wbcTranslatedName **)
+wbcLookupUserSids: wbcErr (const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **)
+wbcPing: wbcErr (void)
+wbcPingDc: wbcErr (const char *, struct wbcAuthErrorInfo **)
+wbcPingDc2: wbcErr (const char *, struct wbcAuthErrorInfo **, char **)
+wbcQueryGidToSid: wbcErr (gid_t, struct wbcDomainSid *)
+wbcQuerySidToGid: wbcErr (const struct wbcDomainSid *, gid_t *)
+wbcQuerySidToUid: wbcErr (const struct wbcDomainSid *, uid_t *)
+wbcQueryUidToSid: wbcErr (uid_t, struct wbcDomainSid *)
+wbcRemoveGidMapping: wbcErr (gid_t, const struct wbcDomainSid *)
+wbcRemoveUidMapping: wbcErr (uid_t, const struct wbcDomainSid *)
+wbcRequestResponse: wbcErr (struct wbcContext *, int, struct winbindd_request *, struct winbindd_response *)
+wbcRequestResponsePriv: wbcErr (struct wbcContext *, int, struct winbindd_request *, struct winbindd_response *)
+wbcResolveWinsByIP: wbcErr (const char *, char **)
+wbcResolveWinsByName: wbcErr (const char *, char **)
+wbcSetGidHwm: wbcErr (gid_t)
+wbcSetGidMapping: wbcErr (gid_t, const struct wbcDomainSid *)
+wbcSetUidHwm: wbcErr (uid_t)
+wbcSetUidMapping: wbcErr (uid_t, const struct wbcDomainSid *)
+wbcSetgrent: wbcErr (void)
+wbcSetpwent: wbcErr (void)
+wbcSidToGid: wbcErr (const struct wbcDomainSid *, gid_t *)
+wbcSidToString: wbcErr (const struct wbcDomainSid *, char **)
+wbcSidToStringBuf: int (const struct wbcDomainSid *, char *, int)
+wbcSidToUid: wbcErr (const struct wbcDomainSid *, uid_t *)
+wbcSidTypeString: const char *(enum wbcSidType)
+wbcSidsToUnixIds: wbcErr (const struct wbcDomainSid *, uint32_t, struct wbcUnixId *)
+wbcStrDup: char *(const char *)
+wbcStringToGuid: wbcErr (const char *, struct wbcGuid *)
+wbcStringToSid: wbcErr (const char *, struct wbcDomainSid *)
+wbcUidToSid: wbcErr (uid_t, struct wbcDomainSid *)
diff --git a/nsswitch/libwbclient/ABI/wbclient-0.13.sigs b/nsswitch/libwbclient/ABI/wbclient-0.13.sigs
new file mode 100644
index 0000000..b07a6a8
--- /dev/null
+++ b/nsswitch/libwbclient/ABI/wbclient-0.13.sigs
@@ -0,0 +1,132 @@
+wbcAddNamedBlob: wbcErr (size_t *, struct wbcNamedBlob **, const char *, uint32_t, uint8_t *, size_t)
+wbcAllocateGid: wbcErr (gid_t *)
+wbcAllocateMemory: void *(size_t, size_t, void (*)(void *))
+wbcAllocateStringArray: const char **(int)
+wbcAllocateUid: wbcErr (uid_t *)
+wbcAuthenticateUser: wbcErr (const char *, const char *)
+wbcAuthenticateUserEx: wbcErr (const struct wbcAuthUserParams *, struct wbcAuthUserInfo **, struct wbcAuthErrorInfo **)
+wbcChangeTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **)
+wbcChangeUserPassword: wbcErr (const char *, const char *, const char *)
+wbcChangeUserPasswordEx: wbcErr (const struct wbcChangePasswordParams *, struct wbcAuthErrorInfo **, enum wbcPasswordChangeRejectReason *, struct wbcUserPasswordPolicyInfo **)
+wbcCheckTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **)
+wbcCredentialCache: wbcErr (struct wbcCredentialCacheParams *, struct wbcCredentialCacheInfo **, struct wbcAuthErrorInfo **)
+wbcCredentialSave: wbcErr (const char *, const char *)
+wbcCtxAllocateGid: wbcErr (struct wbcContext *, gid_t *)
+wbcCtxAllocateUid: wbcErr (struct wbcContext *, uid_t *)
+wbcCtxAuthenticateUser: wbcErr (struct wbcContext *, const char *, const char *)
+wbcCtxAuthenticateUserEx: wbcErr (struct wbcContext *, const struct wbcAuthUserParams *, struct wbcAuthUserInfo **, struct wbcAuthErrorInfo **)
+wbcCtxChangeTrustCredentials: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **)
+wbcCtxChangeUserPassword: wbcErr (struct wbcContext *, const char *, const char *, const char *)
+wbcCtxChangeUserPasswordEx: wbcErr (struct wbcContext *, const struct wbcChangePasswordParams *, struct wbcAuthErrorInfo **, enum wbcPasswordChangeRejectReason *, struct wbcUserPasswordPolicyInfo **)
+wbcCtxCheckTrustCredentials: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **)
+wbcCtxCreate: struct wbcContext *(void)
+wbcCtxCredentialCache: wbcErr (struct wbcContext *, struct wbcCredentialCacheParams *, struct wbcCredentialCacheInfo **, struct wbcAuthErrorInfo **)
+wbcCtxCredentialSave: wbcErr (struct wbcContext *, const char *, const char *)
+wbcCtxDcInfo: wbcErr (struct wbcContext *, const char *, size_t *, const char ***, const char ***)
+wbcCtxDomainInfo: wbcErr (struct wbcContext *, const char *, struct wbcDomainInfo **)
+wbcCtxEndgrent: wbcErr (struct wbcContext *)
+wbcCtxEndpwent: wbcErr (struct wbcContext *)
+wbcCtxFree: void (struct wbcContext *)
+wbcCtxGetDisplayName: wbcErr (struct wbcContext *, const struct wbcDomainSid *, char **, char **, enum wbcSidType *)
+wbcCtxGetGroups: wbcErr (struct wbcContext *, const char *, uint32_t *, gid_t **)
+wbcCtxGetSidAliases: wbcErr (struct wbcContext *, const struct wbcDomainSid *, struct wbcDomainSid *, uint32_t, uint32_t **, uint32_t *)
+wbcCtxGetgrent: wbcErr (struct wbcContext *, struct group **)
+wbcCtxGetgrgid: wbcErr (struct wbcContext *, gid_t, struct group **)
+wbcCtxGetgrlist: wbcErr (struct wbcContext *, struct group **)
+wbcCtxGetgrnam: wbcErr (struct wbcContext *, const char *, struct group **)
+wbcCtxGetpwent: wbcErr (struct wbcContext *, struct passwd **)
+wbcCtxGetpwnam: wbcErr (struct wbcContext *, const char *, struct passwd **)
+wbcCtxGetpwsid: wbcErr (struct wbcContext *, struct wbcDomainSid *, struct passwd **)
+wbcCtxGetpwuid: wbcErr (struct wbcContext *, uid_t, struct passwd **)
+wbcCtxGidToSid: wbcErr (struct wbcContext *, gid_t, struct wbcDomainSid *)
+wbcCtxInterfaceDetails: wbcErr (struct wbcContext *, struct wbcInterfaceDetails **)
+wbcCtxListGroups: wbcErr (struct wbcContext *, const char *, uint32_t *, const char ***)
+wbcCtxListTrusts: wbcErr (struct wbcContext *, struct wbcDomainInfo **, size_t *)
+wbcCtxListUsers: wbcErr (struct wbcContext *, const char *, uint32_t *, const char ***)
+wbcCtxLogoffUser: wbcErr (struct wbcContext *, const char *, uid_t, const char *)
+wbcCtxLogoffUserEx: wbcErr (struct wbcContext *, const struct wbcLogoffUserParams *, struct wbcAuthErrorInfo **)
+wbcCtxLogonUser: wbcErr (struct wbcContext *, const struct wbcLogonUserParams *, struct wbcLogonUserInfo **, struct wbcAuthErrorInfo **, struct wbcUserPasswordPolicyInfo **)
+wbcCtxLookupDomainController: wbcErr (struct wbcContext *, const char *, uint32_t, struct wbcDomainControllerInfo **)
+wbcCtxLookupDomainControllerEx: wbcErr (struct wbcContext *, const char *, struct wbcGuid *, const char *, uint32_t, struct wbcDomainControllerInfoEx **)
+wbcCtxLookupName: wbcErr (struct wbcContext *, const char *, const char *, struct wbcDomainSid *, enum wbcSidType *)
+wbcCtxLookupRids: wbcErr (struct wbcContext *, struct wbcDomainSid *, int, uint32_t *, const char **, const char ***, enum wbcSidType **)
+wbcCtxLookupSid: wbcErr (struct wbcContext *, const struct wbcDomainSid *, char **, char **, enum wbcSidType *)
+wbcCtxLookupSids: wbcErr (struct wbcContext *, const struct wbcDomainSid *, int, struct wbcDomainInfo **, int *, struct wbcTranslatedName **)
+wbcCtxLookupUserSids: wbcErr (struct wbcContext *, const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **)
+wbcCtxPing: wbcErr (struct wbcContext *)
+wbcCtxPingDc: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **)
+wbcCtxPingDc2: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **, char **)
+wbcCtxResolveWinsByIP: wbcErr (struct wbcContext *, const char *, char **)
+wbcCtxResolveWinsByName: wbcErr (struct wbcContext *, const char *, char **)
+wbcCtxSetgrent: wbcErr (struct wbcContext *)
+wbcCtxSetpwent: wbcErr (struct wbcContext *)
+wbcCtxSidToGid: wbcErr (struct wbcContext *, const struct wbcDomainSid *, gid_t *)
+wbcCtxSidToUid: wbcErr (struct wbcContext *, const struct wbcDomainSid *, uid_t *)
+wbcCtxSidsToUnixIds: wbcErr (struct wbcContext *, const struct wbcDomainSid *, uint32_t, struct wbcUnixId *)
+wbcCtxUidToSid: wbcErr (struct wbcContext *, uid_t, struct wbcDomainSid *)
+wbcCtxUnixIdsToSids: wbcErr (struct wbcContext *, const struct wbcUnixId *, uint32_t, struct wbcDomainSid *)
+wbcDcInfo: wbcErr (const char *, size_t *, const char ***, const char ***)
+wbcDomainInfo: wbcErr (const char *, struct wbcDomainInfo **)
+wbcEndgrent: wbcErr (void)
+wbcEndpwent: wbcErr (void)
+wbcErrorString: const char *(wbcErr)
+wbcFreeMemory: void (void *)
+wbcGetDisplayName: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *)
+wbcGetGlobalCtx: struct wbcContext *(void)
+wbcGetGroups: wbcErr (const char *, uint32_t *, gid_t **)
+wbcGetSidAliases: wbcErr (const struct wbcDomainSid *, struct wbcDomainSid *, uint32_t, uint32_t **, uint32_t *)
+wbcGetgrent: wbcErr (struct group **)
+wbcGetgrgid: wbcErr (gid_t, struct group **)
+wbcGetgrlist: wbcErr (struct group **)
+wbcGetgrnam: wbcErr (const char *, struct group **)
+wbcGetpwent: wbcErr (struct passwd **)
+wbcGetpwnam: wbcErr (const char *, struct passwd **)
+wbcGetpwsid: wbcErr (struct wbcDomainSid *, struct passwd **)
+wbcGetpwuid: wbcErr (uid_t, struct passwd **)
+wbcGidToSid: wbcErr (gid_t, struct wbcDomainSid *)
+wbcGuidToString: wbcErr (const struct wbcGuid *, char **)
+wbcInterfaceDetails: wbcErr (struct wbcInterfaceDetails **)
+wbcLibraryDetails: wbcErr (struct wbcLibraryDetails **)
+wbcListGroups: wbcErr (const char *, uint32_t *, const char ***)
+wbcListTrusts: wbcErr (struct wbcDomainInfo **, size_t *)
+wbcListUsers: wbcErr (const char *, uint32_t *, const char ***)
+wbcLogoffUser: wbcErr (const char *, uid_t, const char *)
+wbcLogoffUserEx: wbcErr (const struct wbcLogoffUserParams *, struct wbcAuthErrorInfo **)
+wbcLogonUser: wbcErr (const struct wbcLogonUserParams *, struct wbcLogonUserInfo **, struct wbcAuthErrorInfo **, struct wbcUserPasswordPolicyInfo **)
+wbcLookupDomainController: wbcErr (const char *, uint32_t, struct wbcDomainControllerInfo **)
+wbcLookupDomainControllerEx: wbcErr (const char *, struct wbcGuid *, const char *, uint32_t, struct wbcDomainControllerInfoEx **)
+wbcLookupName: wbcErr (const char *, const char *, struct wbcDomainSid *, enum wbcSidType *)
+wbcLookupRids: wbcErr (struct wbcDomainSid *, int, uint32_t *, const char **, const char ***, enum wbcSidType **)
+wbcLookupSid: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *)
+wbcLookupSids: wbcErr (const struct wbcDomainSid *, int, struct wbcDomainInfo **, int *, struct wbcTranslatedName **)
+wbcLookupUserSids: wbcErr (const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **)
+wbcPing: wbcErr (void)
+wbcPingDc: wbcErr (const char *, struct wbcAuthErrorInfo **)
+wbcPingDc2: wbcErr (const char *, struct wbcAuthErrorInfo **, char **)
+wbcQueryGidToSid: wbcErr (gid_t, struct wbcDomainSid *)
+wbcQuerySidToGid: wbcErr (const struct wbcDomainSid *, gid_t *)
+wbcQuerySidToUid: wbcErr (const struct wbcDomainSid *, uid_t *)
+wbcQueryUidToSid: wbcErr (uid_t, struct wbcDomainSid *)
+wbcRemoveGidMapping: wbcErr (gid_t, const struct wbcDomainSid *)
+wbcRemoveUidMapping: wbcErr (uid_t, const struct wbcDomainSid *)
+wbcRequestResponse: wbcErr (struct wbcContext *, int, struct winbindd_request *, struct winbindd_response *)
+wbcRequestResponsePriv: wbcErr (struct wbcContext *, int, struct winbindd_request *, struct winbindd_response *)
+wbcResolveWinsByIP: wbcErr (const char *, char **)
+wbcResolveWinsByName: wbcErr (const char *, char **)
+wbcSetGidHwm: wbcErr (gid_t)
+wbcSetGidMapping: wbcErr (gid_t, const struct wbcDomainSid *)
+wbcSetUidHwm: wbcErr (uid_t)
+wbcSetUidMapping: wbcErr (uid_t, const struct wbcDomainSid *)
+wbcSetgrent: wbcErr (void)
+wbcSetpwent: wbcErr (void)
+wbcSidToGid: wbcErr (const struct wbcDomainSid *, gid_t *)
+wbcSidToString: wbcErr (const struct wbcDomainSid *, char **)
+wbcSidToStringBuf: int (const struct wbcDomainSid *, char *, int)
+wbcSidToUid: wbcErr (const struct wbcDomainSid *, uid_t *)
+wbcSidTypeString: const char *(enum wbcSidType)
+wbcSidsToUnixIds: wbcErr (const struct wbcDomainSid *, uint32_t, struct wbcUnixId *)
+wbcStrDup: char *(const char *)
+wbcStringToGuid: wbcErr (const char *, struct wbcGuid *)
+wbcStringToSid: wbcErr (const char *, struct wbcDomainSid *)
+wbcUidToSid: wbcErr (uid_t, struct wbcDomainSid *)
+wbcUnixIdsToSids: wbcErr (const struct wbcUnixId *, uint32_t, struct wbcDomainSid *)
diff --git a/nsswitch/libwbclient/ABI/wbclient-0.14.sigs b/nsswitch/libwbclient/ABI/wbclient-0.14.sigs
new file mode 100644
index 0000000..b07a6a8
--- /dev/null
+++ b/nsswitch/libwbclient/ABI/wbclient-0.14.sigs
@@ -0,0 +1,132 @@
+wbcAddNamedBlob: wbcErr (size_t *, struct wbcNamedBlob **, const char *, uint32_t, uint8_t *, size_t)
+wbcAllocateGid: wbcErr (gid_t *)
+wbcAllocateMemory: void *(size_t, size_t, void (*)(void *))
+wbcAllocateStringArray: const char **(int)
+wbcAllocateUid: wbcErr (uid_t *)
+wbcAuthenticateUser: wbcErr (const char *, const char *)
+wbcAuthenticateUserEx: wbcErr (const struct wbcAuthUserParams *, struct wbcAuthUserInfo **, struct wbcAuthErrorInfo **)
+wbcChangeTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **)
+wbcChangeUserPassword: wbcErr (const char *, const char *, const char *)
+wbcChangeUserPasswordEx: wbcErr (const struct wbcChangePasswordParams *, struct wbcAuthErrorInfo **, enum wbcPasswordChangeRejectReason *, struct wbcUserPasswordPolicyInfo **)
+wbcCheckTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **)
+wbcCredentialCache: wbcErr (struct wbcCredentialCacheParams *, struct wbcCredentialCacheInfo **, struct wbcAuthErrorInfo **)
+wbcCredentialSave: wbcErr (const char *, const char *)
+wbcCtxAllocateGid: wbcErr (struct wbcContext *, gid_t *)
+wbcCtxAllocateUid: wbcErr (struct wbcContext *, uid_t *)
+wbcCtxAuthenticateUser: wbcErr (struct wbcContext *, const char *, const char *)
+wbcCtxAuthenticateUserEx: wbcErr (struct wbcContext *, const struct wbcAuthUserParams *, struct wbcAuthUserInfo **, struct wbcAuthErrorInfo **)
+wbcCtxChangeTrustCredentials: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **)
+wbcCtxChangeUserPassword: wbcErr (struct wbcContext *, const char *, const char *, const char *)
+wbcCtxChangeUserPasswordEx: wbcErr (struct wbcContext *, const struct wbcChangePasswordParams *, struct wbcAuthErrorInfo **, enum wbcPasswordChangeRejectReason *, struct wbcUserPasswordPolicyInfo **)
+wbcCtxCheckTrustCredentials: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **)
+wbcCtxCreate: struct wbcContext *(void)
+wbcCtxCredentialCache: wbcErr (struct wbcContext *, struct wbcCredentialCacheParams *, struct wbcCredentialCacheInfo **, struct wbcAuthErrorInfo **)
+wbcCtxCredentialSave: wbcErr (struct wbcContext *, const char *, const char *)
+wbcCtxDcInfo: wbcErr (struct wbcContext *, const char *, size_t *, const char ***, const char ***)
+wbcCtxDomainInfo: wbcErr (struct wbcContext *, const char *, struct wbcDomainInfo **)
+wbcCtxEndgrent: wbcErr (struct wbcContext *)
+wbcCtxEndpwent: wbcErr (struct wbcContext *)
+wbcCtxFree: void (struct wbcContext *)
+wbcCtxGetDisplayName: wbcErr (struct wbcContext *, const struct wbcDomainSid *, char **, char **, enum wbcSidType *)
+wbcCtxGetGroups: wbcErr (struct wbcContext *, const char *, uint32_t *, gid_t **)
+wbcCtxGetSidAliases: wbcErr (struct wbcContext *, const struct wbcDomainSid *, struct wbcDomainSid *, uint32_t, uint32_t **, uint32_t *)
+wbcCtxGetgrent: wbcErr (struct wbcContext *, struct group **)
+wbcCtxGetgrgid: wbcErr (struct wbcContext *, gid_t, struct group **)
+wbcCtxGetgrlist: wbcErr (struct wbcContext *, struct group **)
+wbcCtxGetgrnam: wbcErr (struct wbcContext *, const char *, struct group **)
+wbcCtxGetpwent: wbcErr (struct wbcContext *, struct passwd **)
+wbcCtxGetpwnam: wbcErr (struct wbcContext *, const char *, struct passwd **)
+wbcCtxGetpwsid: wbcErr (struct wbcContext *, struct wbcDomainSid *, struct passwd **)
+wbcCtxGetpwuid: wbcErr (struct wbcContext *, uid_t, struct passwd **)
+wbcCtxGidToSid: wbcErr (struct wbcContext *, gid_t, struct wbcDomainSid *)
+wbcCtxInterfaceDetails: wbcErr (struct wbcContext *, struct wbcInterfaceDetails **)
+wbcCtxListGroups: wbcErr (struct wbcContext *, const char *, uint32_t *, const char ***)
+wbcCtxListTrusts: wbcErr (struct wbcContext *, struct wbcDomainInfo **, size_t *)
+wbcCtxListUsers: wbcErr (struct wbcContext *, const char *, uint32_t *, const char ***)
+wbcCtxLogoffUser: wbcErr (struct wbcContext *, const char *, uid_t, const char *)
+wbcCtxLogoffUserEx: wbcErr (struct wbcContext *, const struct wbcLogoffUserParams *, struct wbcAuthErrorInfo **)
+wbcCtxLogonUser: wbcErr (struct wbcContext *, const struct wbcLogonUserParams *, struct wbcLogonUserInfo **, struct wbcAuthErrorInfo **, struct wbcUserPasswordPolicyInfo **)
+wbcCtxLookupDomainController: wbcErr (struct wbcContext *, const char *, uint32_t, struct wbcDomainControllerInfo **)
+wbcCtxLookupDomainControllerEx: wbcErr (struct wbcContext *, const char *, struct wbcGuid *, const char *, uint32_t, struct wbcDomainControllerInfoEx **)
+wbcCtxLookupName: wbcErr (struct wbcContext *, const char *, const char *, struct wbcDomainSid *, enum wbcSidType *)
+wbcCtxLookupRids: wbcErr (struct wbcContext *, struct wbcDomainSid *, int, uint32_t *, const char **, const char ***, enum wbcSidType **)
+wbcCtxLookupSid: wbcErr (struct wbcContext *, const struct wbcDomainSid *, char **, char **, enum wbcSidType *)
+wbcCtxLookupSids: wbcErr (struct wbcContext *, const struct wbcDomainSid *, int, struct wbcDomainInfo **, int *, struct wbcTranslatedName **)
+wbcCtxLookupUserSids: wbcErr (struct wbcContext *, const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **)
+wbcCtxPing: wbcErr (struct wbcContext *)
+wbcCtxPingDc: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **)
+wbcCtxPingDc2: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **, char **)
+wbcCtxResolveWinsByIP: wbcErr (struct wbcContext *, const char *, char **)
+wbcCtxResolveWinsByName: wbcErr (struct wbcContext *, const char *, char **)
+wbcCtxSetgrent: wbcErr (struct wbcContext *)
+wbcCtxSetpwent: wbcErr (struct wbcContext *)
+wbcCtxSidToGid: wbcErr (struct wbcContext *, const struct wbcDomainSid *, gid_t *)
+wbcCtxSidToUid: wbcErr (struct wbcContext *, const struct wbcDomainSid *, uid_t *)
+wbcCtxSidsToUnixIds: wbcErr (struct wbcContext *, const struct wbcDomainSid *, uint32_t, struct wbcUnixId *)
+wbcCtxUidToSid: wbcErr (struct wbcContext *, uid_t, struct wbcDomainSid *)
+wbcCtxUnixIdsToSids: wbcErr (struct wbcContext *, const struct wbcUnixId *, uint32_t, struct wbcDomainSid *)
+wbcDcInfo: wbcErr (const char *, size_t *, const char ***, const char ***)
+wbcDomainInfo: wbcErr (const char *, struct wbcDomainInfo **)
+wbcEndgrent: wbcErr (void)
+wbcEndpwent: wbcErr (void)
+wbcErrorString: const char *(wbcErr)
+wbcFreeMemory: void (void *)
+wbcGetDisplayName: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *)
+wbcGetGlobalCtx: struct wbcContext *(void)
+wbcGetGroups: wbcErr (const char *, uint32_t *, gid_t **)
+wbcGetSidAliases: wbcErr (const struct wbcDomainSid *, struct wbcDomainSid *, uint32_t, uint32_t **, uint32_t *)
+wbcGetgrent: wbcErr (struct group **)
+wbcGetgrgid: wbcErr (gid_t, struct group **)
+wbcGetgrlist: wbcErr (struct group **)
+wbcGetgrnam: wbcErr (const char *, struct group **)
+wbcGetpwent: wbcErr (struct passwd **)
+wbcGetpwnam: wbcErr (const char *, struct passwd **)
+wbcGetpwsid: wbcErr (struct wbcDomainSid *, struct passwd **)
+wbcGetpwuid: wbcErr (uid_t, struct passwd **)
+wbcGidToSid: wbcErr (gid_t, struct wbcDomainSid *)
+wbcGuidToString: wbcErr (const struct wbcGuid *, char **)
+wbcInterfaceDetails: wbcErr (struct wbcInterfaceDetails **)
+wbcLibraryDetails: wbcErr (struct wbcLibraryDetails **)
+wbcListGroups: wbcErr (const char *, uint32_t *, const char ***)
+wbcListTrusts: wbcErr (struct wbcDomainInfo **, size_t *)
+wbcListUsers: wbcErr (const char *, uint32_t *, const char ***)
+wbcLogoffUser: wbcErr (const char *, uid_t, const char *)
+wbcLogoffUserEx: wbcErr (const struct wbcLogoffUserParams *, struct wbcAuthErrorInfo **)
+wbcLogonUser: wbcErr (const struct wbcLogonUserParams *, struct wbcLogonUserInfo **, struct wbcAuthErrorInfo **, struct wbcUserPasswordPolicyInfo **)
+wbcLookupDomainController: wbcErr (const char *, uint32_t, struct wbcDomainControllerInfo **)
+wbcLookupDomainControllerEx: wbcErr (const char *, struct wbcGuid *, const char *, uint32_t, struct wbcDomainControllerInfoEx **)
+wbcLookupName: wbcErr (const char *, const char *, struct wbcDomainSid *, enum wbcSidType *)
+wbcLookupRids: wbcErr (struct wbcDomainSid *, int, uint32_t *, const char **, const char ***, enum wbcSidType **)
+wbcLookupSid: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *)
+wbcLookupSids: wbcErr (const struct wbcDomainSid *, int, struct wbcDomainInfo **, int *, struct wbcTranslatedName **)
+wbcLookupUserSids: wbcErr (const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **)
+wbcPing: wbcErr (void)
+wbcPingDc: wbcErr (const char *, struct wbcAuthErrorInfo **)
+wbcPingDc2: wbcErr (const char *, struct wbcAuthErrorInfo **, char **)
+wbcQueryGidToSid: wbcErr (gid_t, struct wbcDomainSid *)
+wbcQuerySidToGid: wbcErr (const struct wbcDomainSid *, gid_t *)
+wbcQuerySidToUid: wbcErr (const struct wbcDomainSid *, uid_t *)
+wbcQueryUidToSid: wbcErr (uid_t, struct wbcDomainSid *)
+wbcRemoveGidMapping: wbcErr (gid_t, const struct wbcDomainSid *)
+wbcRemoveUidMapping: wbcErr (uid_t, const struct wbcDomainSid *)
+wbcRequestResponse: wbcErr (struct wbcContext *, int, struct winbindd_request *, struct winbindd_response *)
+wbcRequestResponsePriv: wbcErr (struct wbcContext *, int, struct winbindd_request *, struct winbindd_response *)
+wbcResolveWinsByIP: wbcErr (const char *, char **)
+wbcResolveWinsByName: wbcErr (const char *, char **)
+wbcSetGidHwm: wbcErr (gid_t)
+wbcSetGidMapping: wbcErr (gid_t, const struct wbcDomainSid *)
+wbcSetUidHwm: wbcErr (uid_t)
+wbcSetUidMapping: wbcErr (uid_t, const struct wbcDomainSid *)
+wbcSetgrent: wbcErr (void)
+wbcSetpwent: wbcErr (void)
+wbcSidToGid: wbcErr (const struct wbcDomainSid *, gid_t *)
+wbcSidToString: wbcErr (const struct wbcDomainSid *, char **)
+wbcSidToStringBuf: int (const struct wbcDomainSid *, char *, int)
+wbcSidToUid: wbcErr (const struct wbcDomainSid *, uid_t *)
+wbcSidTypeString: const char *(enum wbcSidType)
+wbcSidsToUnixIds: wbcErr (const struct wbcDomainSid *, uint32_t, struct wbcUnixId *)
+wbcStrDup: char *(const char *)
+wbcStringToGuid: wbcErr (const char *, struct wbcGuid *)
+wbcStringToSid: wbcErr (const char *, struct wbcDomainSid *)
+wbcUidToSid: wbcErr (uid_t, struct wbcDomainSid *)
+wbcUnixIdsToSids: wbcErr (const struct wbcUnixId *, uint32_t, struct wbcDomainSid *)
diff --git a/nsswitch/libwbclient/ABI/wbclient-0.15.sigs b/nsswitch/libwbclient/ABI/wbclient-0.15.sigs
new file mode 100644
index 0000000..a3019b5
--- /dev/null
+++ b/nsswitch/libwbclient/ABI/wbclient-0.15.sigs
@@ -0,0 +1,133 @@
+wbcAddNamedBlob: wbcErr (size_t *, struct wbcNamedBlob **, const char *, uint32_t, uint8_t *, size_t)
+wbcAllocateGid: wbcErr (gid_t *)
+wbcAllocateMemory: void *(size_t, size_t, void (*)(void *))
+wbcAllocateStringArray: const char **(int)
+wbcAllocateUid: wbcErr (uid_t *)
+wbcAuthenticateUser: wbcErr (const char *, const char *)
+wbcAuthenticateUserEx: wbcErr (const struct wbcAuthUserParams *, struct wbcAuthUserInfo **, struct wbcAuthErrorInfo **)
+wbcChangeTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **)
+wbcChangeUserPassword: wbcErr (const char *, const char *, const char *)
+wbcChangeUserPasswordEx: wbcErr (const struct wbcChangePasswordParams *, struct wbcAuthErrorInfo **, enum wbcPasswordChangeRejectReason *, struct wbcUserPasswordPolicyInfo **)
+wbcCheckTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **)
+wbcCredentialCache: wbcErr (struct wbcCredentialCacheParams *, struct wbcCredentialCacheInfo **, struct wbcAuthErrorInfo **)
+wbcCredentialSave: wbcErr (const char *, const char *)
+wbcCtxAllocateGid: wbcErr (struct wbcContext *, gid_t *)
+wbcCtxAllocateUid: wbcErr (struct wbcContext *, uid_t *)
+wbcCtxAuthenticateUser: wbcErr (struct wbcContext *, const char *, const char *)
+wbcCtxAuthenticateUserEx: wbcErr (struct wbcContext *, const struct wbcAuthUserParams *, struct wbcAuthUserInfo **, struct wbcAuthErrorInfo **)
+wbcCtxChangeTrustCredentials: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **)
+wbcCtxChangeUserPassword: wbcErr (struct wbcContext *, const char *, const char *, const char *)
+wbcCtxChangeUserPasswordEx: wbcErr (struct wbcContext *, const struct wbcChangePasswordParams *, struct wbcAuthErrorInfo **, enum wbcPasswordChangeRejectReason *, struct wbcUserPasswordPolicyInfo **)
+wbcCtxCheckTrustCredentials: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **)
+wbcCtxCreate: struct wbcContext *(void)
+wbcCtxCredentialCache: wbcErr (struct wbcContext *, struct wbcCredentialCacheParams *, struct wbcCredentialCacheInfo **, struct wbcAuthErrorInfo **)
+wbcCtxCredentialSave: wbcErr (struct wbcContext *, const char *, const char *)
+wbcCtxDcInfo: wbcErr (struct wbcContext *, const char *, size_t *, const char ***, const char ***)
+wbcCtxDomainInfo: wbcErr (struct wbcContext *, const char *, struct wbcDomainInfo **)
+wbcCtxEndgrent: wbcErr (struct wbcContext *)
+wbcCtxEndpwent: wbcErr (struct wbcContext *)
+wbcCtxFree: void (struct wbcContext *)
+wbcCtxGetDisplayName: wbcErr (struct wbcContext *, const struct wbcDomainSid *, char **, char **, enum wbcSidType *)
+wbcCtxGetGroups: wbcErr (struct wbcContext *, const char *, uint32_t *, gid_t **)
+wbcCtxGetSidAliases: wbcErr (struct wbcContext *, const struct wbcDomainSid *, struct wbcDomainSid *, uint32_t, uint32_t **, uint32_t *)
+wbcCtxGetgrent: wbcErr (struct wbcContext *, struct group **)
+wbcCtxGetgrgid: wbcErr (struct wbcContext *, gid_t, struct group **)
+wbcCtxGetgrlist: wbcErr (struct wbcContext *, struct group **)
+wbcCtxGetgrnam: wbcErr (struct wbcContext *, const char *, struct group **)
+wbcCtxGetpwent: wbcErr (struct wbcContext *, struct passwd **)
+wbcCtxGetpwnam: wbcErr (struct wbcContext *, const char *, struct passwd **)
+wbcCtxGetpwsid: wbcErr (struct wbcContext *, struct wbcDomainSid *, struct passwd **)
+wbcCtxGetpwuid: wbcErr (struct wbcContext *, uid_t, struct passwd **)
+wbcCtxGidToSid: wbcErr (struct wbcContext *, gid_t, struct wbcDomainSid *)
+wbcCtxInterfaceDetails: wbcErr (struct wbcContext *, struct wbcInterfaceDetails **)
+wbcCtxListGroups: wbcErr (struct wbcContext *, const char *, uint32_t *, const char ***)
+wbcCtxListTrusts: wbcErr (struct wbcContext *, struct wbcDomainInfo **, size_t *)
+wbcCtxListUsers: wbcErr (struct wbcContext *, const char *, uint32_t *, const char ***)
+wbcCtxLogoffUser: wbcErr (struct wbcContext *, const char *, uid_t, const char *)
+wbcCtxLogoffUserEx: wbcErr (struct wbcContext *, const struct wbcLogoffUserParams *, struct wbcAuthErrorInfo **)
+wbcCtxLogonUser: wbcErr (struct wbcContext *, const struct wbcLogonUserParams *, struct wbcLogonUserInfo **, struct wbcAuthErrorInfo **, struct wbcUserPasswordPolicyInfo **)
+wbcCtxLookupDomainController: wbcErr (struct wbcContext *, const char *, uint32_t, struct wbcDomainControllerInfo **)
+wbcCtxLookupDomainControllerEx: wbcErr (struct wbcContext *, const char *, struct wbcGuid *, const char *, uint32_t, struct wbcDomainControllerInfoEx **)
+wbcCtxLookupName: wbcErr (struct wbcContext *, const char *, const char *, struct wbcDomainSid *, enum wbcSidType *)
+wbcCtxLookupRids: wbcErr (struct wbcContext *, struct wbcDomainSid *, int, uint32_t *, const char **, const char ***, enum wbcSidType **)
+wbcCtxLookupSid: wbcErr (struct wbcContext *, const struct wbcDomainSid *, char **, char **, enum wbcSidType *)
+wbcCtxLookupSids: wbcErr (struct wbcContext *, const struct wbcDomainSid *, int, struct wbcDomainInfo **, int *, struct wbcTranslatedName **)
+wbcCtxLookupUserSids: wbcErr (struct wbcContext *, const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **)
+wbcCtxPing: wbcErr (struct wbcContext *)
+wbcCtxPingDc: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **)
+wbcCtxPingDc2: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **, char **)
+wbcCtxResolveWinsByIP: wbcErr (struct wbcContext *, const char *, char **)
+wbcCtxResolveWinsByName: wbcErr (struct wbcContext *, const char *, char **)
+wbcCtxSetgrent: wbcErr (struct wbcContext *)
+wbcCtxSetpwent: wbcErr (struct wbcContext *)
+wbcCtxSidToGid: wbcErr (struct wbcContext *, const struct wbcDomainSid *, gid_t *)
+wbcCtxSidToUid: wbcErr (struct wbcContext *, const struct wbcDomainSid *, uid_t *)
+wbcCtxSidsToUnixIds: wbcErr (struct wbcContext *, const struct wbcDomainSid *, uint32_t, struct wbcUnixId *)
+wbcCtxUidToSid: wbcErr (struct wbcContext *, uid_t, struct wbcDomainSid *)
+wbcCtxUnixIdsToSids: wbcErr (struct wbcContext *, const struct wbcUnixId *, uint32_t, struct wbcDomainSid *)
+wbcDcInfo: wbcErr (const char *, size_t *, const char ***, const char ***)
+wbcDomainInfo: wbcErr (const char *, struct wbcDomainInfo **)
+wbcEndgrent: wbcErr (void)
+wbcEndpwent: wbcErr (void)
+wbcErrorString: const char *(wbcErr)
+wbcFreeMemory: void (void *)
+wbcGetDisplayName: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *)
+wbcGetGlobalCtx: struct wbcContext *(void)
+wbcGetGroups: wbcErr (const char *, uint32_t *, gid_t **)
+wbcGetSidAliases: wbcErr (const struct wbcDomainSid *, struct wbcDomainSid *, uint32_t, uint32_t **, uint32_t *)
+wbcGetgrent: wbcErr (struct group **)
+wbcGetgrgid: wbcErr (gid_t, struct group **)
+wbcGetgrlist: wbcErr (struct group **)
+wbcGetgrnam: wbcErr (const char *, struct group **)
+wbcGetpwent: wbcErr (struct passwd **)
+wbcGetpwnam: wbcErr (const char *, struct passwd **)
+wbcGetpwsid: wbcErr (struct wbcDomainSid *, struct passwd **)
+wbcGetpwuid: wbcErr (uid_t, struct passwd **)
+wbcGidToSid: wbcErr (gid_t, struct wbcDomainSid *)
+wbcGuidToString: wbcErr (const struct wbcGuid *, char **)
+wbcInterfaceDetails: wbcErr (struct wbcInterfaceDetails **)
+wbcLibraryDetails: wbcErr (struct wbcLibraryDetails **)
+wbcListGroups: wbcErr (const char *, uint32_t *, const char ***)
+wbcListTrusts: wbcErr (struct wbcDomainInfo **, size_t *)
+wbcListUsers: wbcErr (const char *, uint32_t *, const char ***)
+wbcLogoffUser: wbcErr (const char *, uid_t, const char *)
+wbcLogoffUserEx: wbcErr (const struct wbcLogoffUserParams *, struct wbcAuthErrorInfo **)
+wbcLogonUser: wbcErr (const struct wbcLogonUserParams *, struct wbcLogonUserInfo **, struct wbcAuthErrorInfo **, struct wbcUserPasswordPolicyInfo **)
+wbcLookupDomainController: wbcErr (const char *, uint32_t, struct wbcDomainControllerInfo **)
+wbcLookupDomainControllerEx: wbcErr (const char *, struct wbcGuid *, const char *, uint32_t, struct wbcDomainControllerInfoEx **)
+wbcLookupName: wbcErr (const char *, const char *, struct wbcDomainSid *, enum wbcSidType *)
+wbcLookupRids: wbcErr (struct wbcDomainSid *, int, uint32_t *, const char **, const char ***, enum wbcSidType **)
+wbcLookupSid: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *)
+wbcLookupSids: wbcErr (const struct wbcDomainSid *, int, struct wbcDomainInfo **, int *, struct wbcTranslatedName **)
+wbcLookupUserSids: wbcErr (const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **)
+wbcPing: wbcErr (void)
+wbcPingDc: wbcErr (const char *, struct wbcAuthErrorInfo **)
+wbcPingDc2: wbcErr (const char *, struct wbcAuthErrorInfo **, char **)
+wbcQueryGidToSid: wbcErr (gid_t, struct wbcDomainSid *)
+wbcQuerySidToGid: wbcErr (const struct wbcDomainSid *, gid_t *)
+wbcQuerySidToUid: wbcErr (const struct wbcDomainSid *, uid_t *)
+wbcQueryUidToSid: wbcErr (uid_t, struct wbcDomainSid *)
+wbcRemoveGidMapping: wbcErr (gid_t, const struct wbcDomainSid *)
+wbcRemoveUidMapping: wbcErr (uid_t, const struct wbcDomainSid *)
+wbcRequestResponse: wbcErr (struct wbcContext *, int, struct winbindd_request *, struct winbindd_response *)
+wbcRequestResponsePriv: wbcErr (struct wbcContext *, int, struct winbindd_request *, struct winbindd_response *)
+wbcResolveWinsByIP: wbcErr (const char *, char **)
+wbcResolveWinsByName: wbcErr (const char *, char **)
+wbcSetClientProcessName: void (const char *)
+wbcSetGidHwm: wbcErr (gid_t)
+wbcSetGidMapping: wbcErr (gid_t, const struct wbcDomainSid *)
+wbcSetUidHwm: wbcErr (uid_t)
+wbcSetUidMapping: wbcErr (uid_t, const struct wbcDomainSid *)
+wbcSetgrent: wbcErr (void)
+wbcSetpwent: wbcErr (void)
+wbcSidToGid: wbcErr (const struct wbcDomainSid *, gid_t *)
+wbcSidToString: wbcErr (const struct wbcDomainSid *, char **)
+wbcSidToStringBuf: int (const struct wbcDomainSid *, char *, int)
+wbcSidToUid: wbcErr (const struct wbcDomainSid *, uid_t *)
+wbcSidTypeString: const char *(enum wbcSidType)
+wbcSidsToUnixIds: wbcErr (const struct wbcDomainSid *, uint32_t, struct wbcUnixId *)
+wbcStrDup: char *(const char *)
+wbcStringToGuid: wbcErr (const char *, struct wbcGuid *)
+wbcStringToSid: wbcErr (const char *, struct wbcDomainSid *)
+wbcUidToSid: wbcErr (uid_t, struct wbcDomainSid *)
+wbcUnixIdsToSids: wbcErr (const struct wbcUnixId *, uint32_t, struct wbcDomainSid *)
diff --git a/nsswitch/libwbclient/ABI/wbclient-0.9.sigs b/nsswitch/libwbclient/ABI/wbclient-0.9.sigs
new file mode 100644
index 0000000..ec25e76
--- /dev/null
+++ b/nsswitch/libwbclient/ABI/wbclient-0.9.sigs
@@ -0,0 +1,75 @@
+wbcAddNamedBlob: wbcErr (size_t *, struct wbcNamedBlob **, const char *, uint32_t, uint8_t *, size_t)
+wbcAllocateGid: wbcErr (gid_t *)
+wbcAllocateMemory: void *(size_t, size_t, void (*)(void *))
+wbcAllocateStringArray: const char **(int)
+wbcAllocateUid: wbcErr (uid_t *)
+wbcAuthenticateUser: wbcErr (const char *, const char *)
+wbcAuthenticateUserEx: wbcErr (const struct wbcAuthUserParams *, struct wbcAuthUserInfo **, struct wbcAuthErrorInfo **)
+wbcChangeTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **)
+wbcChangeUserPassword: wbcErr (const char *, const char *, const char *)
+wbcChangeUserPasswordEx: wbcErr (const struct wbcChangePasswordParams *, struct wbcAuthErrorInfo **, enum wbcPasswordChangeRejectReason *, struct wbcUserPasswordPolicyInfo **)
+wbcCheckTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **)
+wbcCredentialCache: wbcErr (struct wbcCredentialCacheParams *, struct wbcCredentialCacheInfo **, struct wbcAuthErrorInfo **)
+wbcCredentialSave: wbcErr (const char *, const char *)
+wbcDcInfo: wbcErr (const char *, size_t *, const char ***, const char ***)
+wbcDomainInfo: wbcErr (const char *, struct wbcDomainInfo **)
+wbcEndgrent: wbcErr (void)
+wbcEndpwent: wbcErr (void)
+wbcErrorString: const char *(wbcErr)
+wbcFreeMemory: void (void *)
+wbcGetDisplayName: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *)
+wbcGetGroups: wbcErr (const char *, uint32_t *, gid_t **)
+wbcGetSidAliases: wbcErr (const struct wbcDomainSid *, struct wbcDomainSid *, uint32_t, uint32_t **, uint32_t *)
+wbcGetgrent: wbcErr (struct group **)
+wbcGetgrgid: wbcErr (gid_t, struct group **)
+wbcGetgrlist: wbcErr (struct group **)
+wbcGetgrnam: wbcErr (const char *, struct group **)
+wbcGetpwent: wbcErr (struct passwd **)
+wbcGetpwnam: wbcErr (const char *, struct passwd **)
+wbcGetpwsid: wbcErr (struct wbcDomainSid *, struct passwd **)
+wbcGetpwuid: wbcErr (uid_t, struct passwd **)
+wbcGidToSid: wbcErr (gid_t, struct wbcDomainSid *)
+wbcGuidToString: wbcErr (const struct wbcGuid *, char **)
+wbcInterfaceDetails: wbcErr (struct wbcInterfaceDetails **)
+wbcLibraryDetails: wbcErr (struct wbcLibraryDetails **)
+wbcListGroups: wbcErr (const char *, uint32_t *, const char ***)
+wbcListTrusts: wbcErr (struct wbcDomainInfo **, size_t *)
+wbcListUsers: wbcErr (const char *, uint32_t *, const char ***)
+wbcLogoffUser: wbcErr (const char *, uid_t, const char *)
+wbcLogoffUserEx: wbcErr (const struct wbcLogoffUserParams *, struct wbcAuthErrorInfo **)
+wbcLogonUser: wbcErr (const struct wbcLogonUserParams *, struct wbcLogonUserInfo **, struct wbcAuthErrorInfo **, struct wbcUserPasswordPolicyInfo **)
+wbcLookupDomainController: wbcErr (const char *, uint32_t, struct wbcDomainControllerInfo **)
+wbcLookupDomainControllerEx: wbcErr (const char *, struct wbcGuid *, const char *, uint32_t, struct wbcDomainControllerInfoEx **)
+wbcLookupName: wbcErr (const char *, const char *, struct wbcDomainSid *, enum wbcSidType *)
+wbcLookupRids: wbcErr (struct wbcDomainSid *, int, uint32_t *, const char **, const char ***, enum wbcSidType **)
+wbcLookupSid: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *)
+wbcLookupSids: wbcErr (const struct wbcDomainSid *, int, struct wbcDomainInfo **, int *, struct wbcTranslatedName **)
+wbcLookupUserSids: wbcErr (const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **)
+wbcPing: wbcErr (void)
+wbcPingDc: wbcErr (const char *, struct wbcAuthErrorInfo **)
+wbcQueryGidToSid: wbcErr (gid_t, struct wbcDomainSid *)
+wbcQuerySidToGid: wbcErr (const struct wbcDomainSid *, gid_t *)
+wbcQuerySidToUid: wbcErr (const struct wbcDomainSid *, uid_t *)
+wbcQueryUidToSid: wbcErr (uid_t, struct wbcDomainSid *)
+wbcRemoveGidMapping: wbcErr (gid_t, const struct wbcDomainSid *)
+wbcRemoveUidMapping: wbcErr (uid_t, const struct wbcDomainSid *)
+wbcRequestResponse: wbcErr (int, struct winbindd_request *, struct winbindd_response *)
+wbcRequestResponsePriv: wbcErr (int, struct winbindd_request *, struct winbindd_response *)
+wbcResolveWinsByIP: wbcErr (const char *, char **)
+wbcResolveWinsByName: wbcErr (const char *, char **)
+wbcSetGidHwm: wbcErr (gid_t)
+wbcSetGidMapping: wbcErr (gid_t, const struct wbcDomainSid *)
+wbcSetUidHwm: wbcErr (uid_t)
+wbcSetUidMapping: wbcErr (uid_t, const struct wbcDomainSid *)
+wbcSetgrent: wbcErr (void)
+wbcSetpwent: wbcErr (void)
+wbcSidToGid: wbcErr (const struct wbcDomainSid *, gid_t *)
+wbcSidToString: wbcErr (const struct wbcDomainSid *, char **)
+wbcSidToStringBuf: int (const struct wbcDomainSid *, char *, int)
+wbcSidToUid: wbcErr (const struct wbcDomainSid *, uid_t *)
+wbcSidTypeString: const char *(enum wbcSidType)
+wbcSidsToUnixIds: wbcErr (const struct wbcDomainSid *, uint32_t, struct wbcUnixId *)
+wbcStrDup: char *(const char *)
+wbcStringToGuid: wbcErr (const char *, struct wbcGuid *)
+wbcStringToSid: wbcErr (const char *, struct wbcDomainSid *)
+wbcUidToSid: wbcErr (uid_t, struct wbcDomainSid *)
diff --git a/nsswitch/libwbclient/Doxyfile b/nsswitch/libwbclient/Doxyfile
new file mode 100644
index 0000000..529a16f
--- /dev/null
+++ b/nsswitch/libwbclient/Doxyfile
@@ -0,0 +1,1297 @@
+# Doxyfile 1.5.3
+
+# This file describes the settings to be used by the documentation system
+# doxygen (www.doxygen.org) for a project
+#
+# All text after a hash (#) is considered a comment and will be ignored
+# The format is:
+#       TAG = value [value, ...]
+# For lists items can also be appended using:
+#       TAG += value [value, ...]
+# Values that contain spaces should be placed between quotes (" ")
+
+#---------------------------------------------------------------------------
+# Project related configuration options
+#---------------------------------------------------------------------------
+
+# This tag specifies the encoding used for all characters in the config file that
+# follow. The default is UTF-8 which is also the encoding used for all text before
+# the first occurrence of this tag. Doxygen uses libiconv (or the iconv built into
+# libc) for the transcoding. See http://www.gnu.org/software/libiconv for the list of
+# possible encodings.
+
+DOXYFILE_ENCODING      = UTF-8
+
+# The PROJECT_NAME tag is a single word (or a sequence of words surrounded
+# by quotes) that should identify the project.
+
+PROJECT_NAME           = Samba
+
+# The PROJECT_NUMBER tag can be used to enter a project or revision number.
+# This could be handy for archiving the generated documentation or
+# if some version control system is used.
+
+PROJECT_NUMBER         = HEAD
+
+# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
+# base path where the generated documentation will be put.
+# If a relative path is entered, it will be relative to the location
+# where doxygen was started. If left blank the current directory will be used.
+
+OUTPUT_DIRECTORY       = dox
+
+# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create
+# 4096 sub-directories (in 2 levels) under the output directory of each output
+# format and will distribute the generated files over these directories.
+# Enabling this option can be useful when feeding doxygen a huge amount of
+# source files, where putting all generated files in the same directory would
+# otherwise cause performance problems for the file system.
+
+CREATE_SUBDIRS         = NO
+
+# The OUTPUT_LANGUAGE tag is used to specify the language in which all
+# documentation generated by doxygen is written. Doxygen will use this
+# information to generate all constant output in the proper language.
+# The default language is English, other supported languages are:
+# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional,
+# Croatian, Czech, Danish, Dutch, Finnish, French, German, Greek, Hungarian,
+# Italian, Japanese, Japanese-en (Japanese with English messages), Korean,
+# Korean-en, Lithuanian, Norwegian, Polish, Portuguese, Romanian, Russian,
+# Serbian, Slovak, Slovene, Spanish, Swedish, and Ukrainian.
+
+OUTPUT_LANGUAGE        = English
+
+# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will
+# include brief member descriptions after the members that are listed in
+# the file and class documentation (similar to JavaDoc).
+# Set to NO to disable this.
+
+BRIEF_MEMBER_DESC      = YES
+
+# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend
+# the brief description of a member or function before the detailed description.
+# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the
+# brief descriptions will be completely suppressed.
+
+REPEAT_BRIEF           = YES
+
+# This tag implements a quasi-intelligent brief description abbreviator
+# that is used to form the text in various listings. Each string
+# in this list, if found as the leading text of the brief description, will be
+# stripped from the text and the result after processing the whole list, is
+# used as the annotated text. Otherwise, the brief description is used as-is.
+# If left blank, the following values are used ("$name" is automatically
+# replaced with the name of the entity): "The $name class" "The $name widget"
+# "The $name file" "is" "provides" "specifies" "contains"
+# "represents" "a" "an" "the"
+
+ABBREVIATE_BRIEF       =
+
+# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then
+# Doxygen will generate a detailed section even if there is only a brief
+# description.
+
+ALWAYS_DETAILED_SEC    = NO
+
+# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all
+# inherited members of a class in the documentation of that class as if those
+# members were ordinary class members. Constructors, destructors and assignment
+# operators of the base classes will not be shown.
+
+INLINE_INHERITED_MEMB  = NO
+
+# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full
+# path before files name in the file list and in the header files. If set
+# to NO the shortest path that makes the file name unique will be used.
+
+FULL_PATH_NAMES        = YES
+
+# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag
+# can be used to strip a user-defined part of the path. Stripping is
+# only done if one of the specified strings matches the left-hand part of
+# the path. The tag can be used to show relative paths in the file list.
+# If left blank the directory from which doxygen is run is used as the
+# path to strip.
+
+STRIP_FROM_PATH        = $(PWD)/
+
+# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of
+# the path mentioned in the documentation of a class, which tells
+# the reader which header file to include in order to use a class.
+# If left blank only the name of the header file containing the class
+# definition is used. Otherwise one should specify the include paths that
+# are normally passed to the compiler using the -I flag.
+
+STRIP_FROM_INC_PATH    =
+
+# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter
+# (but less readable) file names. This can be useful is your file systems
+# doesn't support long names like on DOS, Mac, or CD-ROM.
+
+SHORT_NAMES            = NO
+
+# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen
+# will interpret the first line (until the first dot) of a JavaDoc-style
+# comment as the brief description. If set to NO, the JavaDoc
+# comments will behave just like regular Qt-style comments
+# (thus requiring an explicit @brief command for a brief description.)
+
+JAVADOC_AUTOBRIEF      = YES
+
+# If the QT_AUTOBRIEF tag is set to YES then Doxygen will
+# interpret the first line (until the first dot) of a Qt-style
+# comment as the brief description. If set to NO, the comments
+# will behave just like regular Qt-style comments (thus requiring
+# an explicit \brief command for a brief description.)
+
+QT_AUTOBRIEF           = NO
+
+# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen
+# treat a multi-line C++ special comment block (i.e. a block of //! or ///
+# comments) as a brief description. This used to be the default behaviour.
+# The new default is to treat a multi-line C++ comment block as a detailed
+# description. Set this tag to YES if you prefer the old behaviour instead.
+
+MULTILINE_CPP_IS_BRIEF = NO
+
+# If the DETAILS_AT_TOP tag is set to YES then Doxygen
+# will output the detailed description near the top, like JavaDoc.
+# If set to NO, the detailed description appears after the member
+# documentation.
+
+DETAILS_AT_TOP         = NO
+
+# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented
+# member inherits the documentation from any documented member that it
+# re-implements.
+
+INHERIT_DOCS           = YES
+
+# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce
+# a new page for each member. If set to NO, the documentation of a member will
+# be part of the file/class/namespace that contains it.
+
+SEPARATE_MEMBER_PAGES  = NO
+
+# The TAB_SIZE tag can be used to set the number of spaces in a tab.
+# Doxygen uses this value to replace tabs by spaces in code fragments.
+
+TAB_SIZE               = 8
+
+# This tag can be used to specify a number of aliases that acts
+# as commands in the documentation. An alias has the form "name=value".
+# For example adding "sideeffect=\par Side Effects:\n" will allow you to
+# put the command \sideeffect (or @sideeffect) in the documentation, which
+# will result in a user-defined paragraph with heading "Side Effects:".
+# You can put \n's in the value part of an alias to insert newlines.
+
+ALIASES                =
+
+# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C
+# sources only. Doxygen will then generate output that is more tailored for C.
+# For instance, some of the names that are used will be different. The list
+# of all members will be omitted, etc.
+
+OPTIMIZE_OUTPUT_FOR_C  = YES
+
+# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java
+# sources only. Doxygen will then generate output that is more tailored for Java.
+# For instance, namespaces will be presented as packages, qualified scopes
+# will look different, etc.
+
+OPTIMIZE_OUTPUT_JAVA   = NO
+
+# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want to
+# include (a tag file for) the STL sources as input, then you should
+# set this tag to YES in order to let doxygen match functions declarations and
+# definitions whose arguments contain STL classes (e.g. func(std::string); v.s.
+# func(std::string) {}). This also make the inheritance and collaboration
+# diagrams that involve STL classes more complete and accurate.
+
+BUILTIN_STL_SUPPORT    = NO
+
+# If you use Microsoft's C++/CLI language, you should set this option to YES to
+# enable parsing support.
+
+CPP_CLI_SUPPORT        = NO
+
+# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC
+# tag is set to YES, then doxygen will reuse the documentation of the first
+# member in the group (if any) for the other members of the group. By default
+# all members of a group must be documented explicitly.
+
+DISTRIBUTE_GROUP_DOC   = NO
+
+# Set the SUBGROUPING tag to YES (the default) to allow class member groups of
+# the same type (for instance a group of public functions) to be put as a
+# subgroup of that type (e.g. under the Public Functions section). Set it to
+# NO to prevent subgrouping. Alternatively, this can be done per class using
+# the \nosubgrouping command.
+
+SUBGROUPING            = YES
+
+#---------------------------------------------------------------------------
+# Build related configuration options
+#---------------------------------------------------------------------------
+
+# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in
+# documentation are documented, even if no documentation was available.
+# Private class members and static file members will be hidden unless
+# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES
+
+EXTRACT_ALL            = YES
+
+# If the EXTRACT_PRIVATE tag is set to YES all private members of a class
+# will be included in the documentation.
+
+EXTRACT_PRIVATE        = YES
+
+# If the EXTRACT_STATIC tag is set to YES all static members of a file
+# will be included in the documentation.
+
+EXTRACT_STATIC         = YES
+
+# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs)
+# defined locally in source files will be included in the documentation.
+# If set to NO only classes defined in header files are included.
+
+EXTRACT_LOCAL_CLASSES  = YES
+
+# This flag is only useful for Objective-C code. When set to YES local
+# methods, which are defined in the implementation section but not in
+# the interface are included in the documentation.
+# If set to NO (the default) only methods in the interface are included.
+
+EXTRACT_LOCAL_METHODS  = NO
+
+# If this flag is set to YES, the members of anonymous namespaces will be extracted
+# and appear in the documentation as a namespace called 'anonymous_namespace{file}',
+# where file will be replaced with the base name of the file that contains the anonymous
+# namespace. By default anonymous namespace are hidden.
+
+EXTRACT_ANON_NSPACES   = NO
+
+# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all
+# undocumented members of documented classes, files or namespaces.
+# If set to NO (the default) these members will be included in the
+# various overviews, but no documentation section is generated.
+# This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_MEMBERS     = NO
+
+# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all
+# undocumented classes that are normally visible in the class hierarchy.
+# If set to NO (the default) these classes will be included in the various
+# overviews. This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_CLASSES     = NO
+
+# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all
+# friend (class|struct|union) declarations.
+# If set to NO (the default) these declarations will be included in the
+# documentation.
+
+HIDE_FRIEND_COMPOUNDS  = NO
+
+# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any
+# documentation blocks found inside the body of a function.
+# If set to NO (the default) these blocks will be appended to the
+# function's detailed documentation block.
+
+HIDE_IN_BODY_DOCS      = NO
+
+# The INTERNAL_DOCS tag determines if documentation
+# that is typed after a \internal command is included. If the tag is set
+# to NO (the default) then the documentation will be excluded.
+# Set it to YES to include the internal documentation.
+
+INTERNAL_DOCS          = YES
+
+# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate
+# file names in lower-case letters. If set to YES upper-case letters are also
+# allowed. This is useful if you have classes or files whose names only differ
+# in case and if your file system supports case sensitive file names. Windows
+# and Mac users are advised to set this option to NO.
+
+CASE_SENSE_NAMES       = YES
+
+# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen
+# will show members with their full class and namespace scopes in the
+# documentation. If set to YES the scope will be hidden.
+
+HIDE_SCOPE_NAMES       = YES
+
+# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen
+# will put a list of the files that are included by a file in the documentation
+# of that file.
+
+SHOW_INCLUDE_FILES     = YES
+
+# If the INLINE_INFO tag is set to YES (the default) then a tag [inline]
+# is inserted in the documentation for inline members.
+
+INLINE_INFO            = YES
+
+# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen
+# will sort the (detailed) documentation of file and class members
+# alphabetically by member name. If set to NO the members will appear in
+# declaration order.
+
+SORT_MEMBER_DOCS       = NO
+
+# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the
+# brief documentation of file, namespace and class members alphabetically
+# by member name. If set to NO (the default) the members will appear in
+# declaration order.
+
+SORT_BRIEF_DOCS        = NO
+
+# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be
+# sorted by fully-qualified names, including namespaces. If set to
+# NO (the default), the class list will be sorted only by class name,
+# not including the namespace part.
+# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES.
+# Note: This option applies only to the class list, not to the
+# alphabetical list.
+
+SORT_BY_SCOPE_NAME     = NO
+
+# The GENERATE_TODOLIST tag can be used to enable (YES) or
+# disable (NO) the todo list. This list is created by putting \todo
+# commands in the documentation.
+
+GENERATE_TODOLIST      = YES
+
+# The GENERATE_TESTLIST tag can be used to enable (YES) or
+# disable (NO) the test list. This list is created by putting \test
+# commands in the documentation.
+
+GENERATE_TESTLIST      = YES
+
+# The GENERATE_BUGLIST tag can be used to enable (YES) or
+# disable (NO) the bug list. This list is created by putting \bug
+# commands in the documentation.
+
+GENERATE_BUGLIST       = YES
+
+# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or
+# disable (NO) the deprecated list. This list is created by putting
+# \deprecated commands in the documentation.
+
+GENERATE_DEPRECATEDLIST= YES
+
+# The ENABLED_SECTIONS tag can be used to enable conditional
+# documentation sections, marked by \if sectionname ... \endif.
+
+ENABLED_SECTIONS       =
+
+# The MAX_INITIALIZER_LINES tag determines the maximum number of lines
+# the initial value of a variable or define consists of for it to appear in
+# the documentation. If the initializer consists of more lines than specified
+# here it will be hidden. Use a value of 0 to hide initializers completely.
+# The appearance of the initializer of individual variables and defines in the
+# documentation can be controlled using \showinitializer or \hideinitializer
+# command in the documentation regardless of this setting.
+
+MAX_INITIALIZER_LINES  = 30
+
+# Set the SHOW_USED_FILES tag to NO to disable the list of files generated
+# at the bottom of the documentation of classes and structs. If set to YES the
+# list will mention the files that were used to generate the documentation.
+
+SHOW_USED_FILES        = YES
+
+# If the sources in your project are distributed over multiple directories
+# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy
+# in the documentation. The default is NO.
+
+SHOW_DIRECTORIES       = NO
+
+# The FILE_VERSION_FILTER tag can be used to specify a program or script that
+# doxygen should invoke to get the current version for each file (typically from the
+# version control system). Doxygen will invoke the program by executing (via
+# popen()) the command <command> <input-file>, where <command> is the value of
+# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file
+# provided by doxygen. Whatever the program writes to standard output
+# is used as the file version. See the manual for examples.
+
+FILE_VERSION_FILTER    =
+
+#---------------------------------------------------------------------------
+# configuration options related to warning and progress messages
+#---------------------------------------------------------------------------
+
+# The QUIET tag can be used to turn on/off the messages that are generated
+# by doxygen. Possible values are YES and NO. If left blank NO is used.
+
+QUIET                  = YES
+
+# The WARNINGS tag can be used to turn on/off the warning messages that are
+# generated by doxygen. Possible values are YES and NO. If left blank
+# NO is used.
+
+WARNINGS               = NO
+
+# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings
+# for undocumented members. If EXTRACT_ALL is set to YES then this flag will
+# automatically be disabled.
+
+WARN_IF_UNDOCUMENTED   = NO
+
+# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for
+# potential errors in the documentation, such as not documenting some
+# parameters in a documented function, or documenting parameters that
+# don't exist or using markup commands wrongly.
+
+WARN_IF_DOC_ERROR      = YES
+
+# This WARN_NO_PARAMDOC option can be abled to get warnings for
+# functions that are documented, but have no documentation for their parameters
+# or return value. If set to NO (the default) doxygen will only warn about
+# wrong or incomplete parameter documentation, but not about the absence of
+# documentation.
+
+WARN_NO_PARAMDOC       = NO
+
+# The WARN_FORMAT tag determines the format of the warning messages that
+# doxygen can produce. The string should contain the $file, $line, and $text
+# tags, which will be replaced by the file and line number from which the
+# warning originated and the warning text. Optionally the format may contain
+# $version, which will be replaced by the version of the file (if it could
+# be obtained via FILE_VERSION_FILTER)
+
+WARN_FORMAT            = "$file:$line: $text "
+
+# The WARN_LOGFILE tag can be used to specify a file to which warning
+# and error messages should be written. If left blank the output is written
+# to stderr.
+
+WARN_LOGFILE           =
+
+#---------------------------------------------------------------------------
+# configuration options related to the input files
+#---------------------------------------------------------------------------
+
+# The INPUT tag can be used to specify the files and/or directories that contain
+# documented source files. You may enter file names like "myfile.cpp" or
+# directories like "/usr/src/myproject". Separate the files or directories
+# with spaces.
+
+INPUT                  = .
+
+# This tag can be used to specify the character encoding of the source files that
+# doxygen parses. Internally doxygen uses the UTF-8 encoding, which is also the default
+# input encoding. Doxygen uses libiconv (or the iconv built into libc) for the transcoding.
+# See http://www.gnu.org/software/libiconv for the list of possible encodings.
+
+INPUT_ENCODING         = UTF-8
+
+# If the value of the INPUT tag contains directories, you can use the
+# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
+# and *.h) to filter out the source-files in the directories. If left
+# blank the following patterns are tested:
+# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx
+# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py
+
+FILE_PATTERNS          = *.c \
+                         *.h \
+                         *.idl
+
+# The RECURSIVE tag can be used to turn specify whether or not subdirectories
+# should be searched for input files as well. Possible values are YES and NO.
+# If left blank NO is used.
+
+RECURSIVE              = YES
+
+# The EXCLUDE tag can be used to specify files and/or directories that should
+# excluded from the INPUT source files. This way you can easily exclude a
+# subdirectory from a directory tree whose root is specified with the INPUT tag.
+
+EXCLUDE                = include/includes.h \
+                         include/proto.h
+
+# The EXCLUDE_SYMLINKS tag can be used select whether or not files or
+# directories that are symbolic links (a Unix filesystem feature) are excluded
+# from the input.
+
+EXCLUDE_SYMLINKS       = NO
+
+# If the value of the INPUT tag contains directories, you can use the
+# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude
+# certain files from those directories. Note that the wildcards are matched
+# against the file with absolute path, so to exclude all test directories
+# for example use the pattern */test/*
+
+EXCLUDE_PATTERNS       =
+
+# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names
+# (namespaces, classes, functions, etc.) that should be excluded from the output.
+# The symbol name can be a fully qualified name, a word, or if the wildcard * is used,
+# a substring. Examples: ANamespace, AClass, AClass::ANamespace, ANamespace::*Test
+
+EXCLUDE_SYMBOLS        =
+
+# The EXAMPLE_PATH tag can be used to specify one or more files or
+# directories that contain example code fragments that are included (see
+# the \include command).
+
+EXAMPLE_PATH           =
+
+# If the value of the EXAMPLE_PATH tag contains directories, you can use the
+# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
+# and *.h) to filter out the source-files in the directories. If left
+# blank all files are included.
+
+EXAMPLE_PATTERNS       =
+
+# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be
+# searched for input files to be used with the \include or \dontinclude
+# commands irrespective of the value of the RECURSIVE tag.
+# Possible values are YES and NO. If left blank NO is used.
+
+EXAMPLE_RECURSIVE      = NO
+
+# The IMAGE_PATH tag can be used to specify one or more files or
+# directories that contain image that are included in the documentation (see
+# the \image command).
+
+IMAGE_PATH             =
+
+# The INPUT_FILTER tag can be used to specify a program that doxygen should
+# invoke to filter for each input file. Doxygen will invoke the filter program
+# by executing (via popen()) the command <filter> <input-file>, where <filter>
+# is the value of the INPUT_FILTER tag, and <input-file> is the name of an
+# input file. Doxygen will then use the output that the filter program writes
+# to standard output.  If FILTER_PATTERNS is specified, this tag will be
+# ignored.
+
+INPUT_FILTER           =
+
+# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern
+# basis.  Doxygen will compare the file name with each pattern and apply the
+# filter if there is a match.  The filters are a list of the form:
+# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further
+# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER
+# is applied to all files.
+
+FILTER_PATTERNS        =
+
+# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using
+# INPUT_FILTER) will be used to filter the input files when producing source
+# files to browse (i.e. when SOURCE_BROWSER is set to YES).
+
+FILTER_SOURCE_FILES    = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to source browsing
+#---------------------------------------------------------------------------
+
+# If the SOURCE_BROWSER tag is set to YES then a list of source files will
+# be generated. Documented entities will be cross-referenced with these sources.
+# Note: To get rid of all source code in the generated output, make sure also
+# VERBATIM_HEADERS is set to NO. If you have enabled CALL_GRAPH or CALLER_GRAPH
+# then you must also enable this option. If you don't then doxygen will produce
+# a warning and turn it on anyway
+
+SOURCE_BROWSER         = YES
+
+# Setting the INLINE_SOURCES tag to YES will include the body
+# of functions and classes directly in the documentation.
+
+INLINE_SOURCES         = YES
+
+# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct
+# doxygen to hide any special comment blocks from generated source code
+# fragments. Normal C and C++ comments will always remain visible.
+
+STRIP_CODE_COMMENTS    = NO
+
+# If the REFERENCED_BY_RELATION tag is set to YES (the default)
+# then for each documented function all documented
+# functions referencing it will be listed.
+
+REFERENCED_BY_RELATION = YES
+
+# If the REFERENCES_RELATION tag is set to YES (the default)
+# then for each documented function all documented entities
+# called/used by that function will be listed.
+
+REFERENCES_RELATION    = YES
+
+# If the REFERENCES_LINK_SOURCE tag is set to YES (the default)
+# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from
+# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will
+# link to the source code.  Otherwise they will link to the documentstion.
+
+REFERENCES_LINK_SOURCE = YES
+
+# If the USE_HTAGS tag is set to YES then the references to source code
+# will point to the HTML generated by the htags(1) tool instead of doxygen
+# built-in source browser. The htags tool is part of GNU's global source
+# tagging system (see http://www.gnu.org/software/global/global.html). You
+# will need version 4.8.6 or higher.
+
+USE_HTAGS              = NO
+
+# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen
+# will generate a verbatim copy of the header file for each class for
+# which an include is specified. Set to NO to disable this.
+
+VERBATIM_HEADERS       = YES
+
+#---------------------------------------------------------------------------
+# configuration options related to the alphabetical class index
+#---------------------------------------------------------------------------
+
+# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index
+# of all compounds will be generated. Enable this if the project
+# contains a lot of classes, structs, unions or interfaces.
+
+ALPHABETICAL_INDEX     = YES
+
+# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then
+# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns
+# in which this list will be split (can be a number in the range [1..20])
+
+COLS_IN_ALPHA_INDEX    = 1
+
+# In case all classes in a project start with a common prefix, all
+# classes will be put under the same header in the alphabetical index.
+# The IGNORE_PREFIX tag can be used to specify one or more prefixes that
+# should be ignored while generating the index headers.
+
+IGNORE_PREFIX          =
+
+#---------------------------------------------------------------------------
+# configuration options related to the HTML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_HTML tag is set to YES (the default) Doxygen will
+# generate HTML output.
+
+GENERATE_HTML          = YES
+
+# The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `html' will be used as the default path.
+
+HTML_OUTPUT            = .
+
+# The HTML_FILE_EXTENSION tag can be used to specify the file extension for
+# each generated HTML page (for example: .htm,.php,.asp). If it is left blank
+# doxygen will generate files with .html extension.
+
+HTML_FILE_EXTENSION    = .html
+
+# The HTML_HEADER tag can be used to specify a personal HTML header for
+# each generated HTML page. If it is left blank doxygen will generate a
+# standard header.
+
+HTML_HEADER            =
+
+# The HTML_FOOTER tag can be used to specify a personal HTML footer for
+# each generated HTML page. If it is left blank doxygen will generate a
+# standard footer.
+
+HTML_FOOTER            =
+
+# The HTML_STYLESHEET tag can be used to specify a user-defined cascading
+# style sheet that is used by each HTML page. It can be used to
+# fine-tune the look of the HTML output. If the tag is left blank doxygen
+# will generate a default style sheet. Note that doxygen will try to copy
+# the style sheet file to the HTML output directory, so don't put your own
+# stylesheet in the HTML output directory as well, or it will be erased!
+
+HTML_STYLESHEET        =
+
+# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes,
+# files or namespaces will be aligned in HTML using tables. If set to
+# NO a bullet list will be used.
+
+HTML_ALIGN_MEMBERS     = YES
+
+# If the GENERATE_HTMLHELP tag is set to YES, additional index files
+# will be generated that can be used as input for tools like the
+# Microsoft HTML help workshop to generate a compressed HTML help file (.chm)
+# of the generated HTML documentation.
+
+GENERATE_HTMLHELP      = NO
+
+# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML
+# documentation will contain sections that can be hidden and shown after the
+# page has loaded. For this to work a browser that supports
+# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox
+# Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari).
+
+HTML_DYNAMIC_SECTIONS  = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can
+# be used to specify the file name of the resulting .chm file. You
+# can add a path in front of the file if the result should not be
+# written to the html output directory.
+
+CHM_FILE               =
+
+# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can
+# be used to specify the location (absolute path including file name) of
+# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run
+# the HTML help compiler on the generated index.hhp.
+
+HHC_LOCATION           =
+
+# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag
+# controls if a separate .chi index file is generated (YES) or that
+# it should be included in the master .chm file (NO).
+
+GENERATE_CHI           = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag
+# controls whether a binary table of contents is generated (YES) or a
+# normal table of contents (NO) in the .chm file.
+
+BINARY_TOC             = NO
+
+# The TOC_EXPAND flag can be set to YES to add extra items for group members
+# to the contents of the HTML help documentation and to the tree view.
+
+TOC_EXPAND             = NO
+
+# The DISABLE_INDEX tag can be used to turn on/off the condensed index at
+# top of each HTML page. The value NO (the default) enables the index and
+# the value YES disables it.
+
+DISABLE_INDEX          = NO
+
+# This tag can be used to set the number of enum values (range [1..20])
+# that doxygen will group on one line in the generated HTML documentation.
+
+ENUM_VALUES_PER_LINE   = 3
+
+# If the GENERATE_TREEVIEW tag is set to YES, a side panel will be
+# generated containing a tree-like index structure (just like the one that
+# is generated for HTML Help). For this to work a browser that supports
+# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+,
+# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are
+# probably better off using the HTML help feature.
+
+GENERATE_TREEVIEW      = NO
+
+# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be
+# used to set the initial width (in pixels) of the frame in which the tree
+# is shown.
+
+TREEVIEW_WIDTH         = 250
+
+#---------------------------------------------------------------------------
+# configuration options related to the LaTeX output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will
+# generate Latex output.
+
+GENERATE_LATEX         = NO
+
+# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `latex' will be used as the default path.
+
+LATEX_OUTPUT           = latex
+
+# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be
+# invoked. If left blank `latex' will be used as the default command name.
+
+LATEX_CMD_NAME         = latex
+
+# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to
+# generate index for LaTeX. If left blank `makeindex' will be used as the
+# default command name.
+
+MAKEINDEX_CMD_NAME     = makeindex
+
+# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact
+# LaTeX documents. This may be useful for small projects and may help to
+# save some trees in general.
+
+COMPACT_LATEX          = NO
+
+# The PAPER_TYPE tag can be used to set the paper type that is used
+# by the printer. Possible values are: a4, a4wide, letter, legal and
+# executive. If left blank a4wide will be used.
+
+PAPER_TYPE             = a4wide
+
+# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX
+# packages that should be included in the LaTeX output.
+
+EXTRA_PACKAGES         =
+
+# The LATEX_HEADER tag can be used to specify a personal LaTeX header for
+# the generated latex document. The header should contain everything until
+# the first chapter. If it is left blank doxygen will generate a
+# standard header. Notice: only use this tag if you know what you are doing!
+
+LATEX_HEADER           =
+
+# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated
+# is prepared for conversion to pdf (using ps2pdf). The pdf file will
+# contain links (just like the HTML output) instead of page references
+# This makes the output suitable for online browsing using a pdf viewer.
+
+PDF_HYPERLINKS         = YES
+
+# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of
+# plain latex in the generated Makefile. Set this option to YES to get a
+# higher quality PDF documentation.
+
+USE_PDFLATEX           = YES
+
+# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode.
+# command to the generated LaTeX files. This will instruct LaTeX to keep
+# running if errors occur, instead of asking the user for help.
+# This option is also used when generating formulas in HTML.
+
+LATEX_BATCHMODE        = YES
+
+# If LATEX_HIDE_INDICES is set to YES then doxygen will not
+# include the index chapters (such as File Index, Compound Index, etc.)
+# in the output.
+
+LATEX_HIDE_INDICES     = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the RTF output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output
+# The RTF output is optimized for Word 97 and may not look very pretty with
+# other RTF readers or editors.
+
+GENERATE_RTF           = NO
+
+# The RTF_OUTPUT tag is used to specify where the RTF docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `rtf' will be used as the default path.
+
+RTF_OUTPUT             = rtf
+
+# If the COMPACT_RTF tag is set to YES Doxygen generates more compact
+# RTF documents. This may be useful for small projects and may help to
+# save some trees in general.
+
+COMPACT_RTF            = NO
+
+# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated
+# will contain hyperlink fields. The RTF file will
+# contain links (just like the HTML output) instead of page references.
+# This makes the output suitable for online browsing using WORD or other
+# programs which support those fields.
+# Note: wordpad (write) and others do not support links.
+
+RTF_HYPERLINKS         = NO
+
+# Load stylesheet definitions from file. Syntax is similar to doxygen's
+# config file, i.e. a series of assignments. You only have to provide
+# replacements, missing definitions are set to their default value.
+
+RTF_STYLESHEET_FILE    =
+
+# Set optional variables used in the generation of an rtf document.
+# Syntax is similar to doxygen's config file.
+
+RTF_EXTENSIONS_FILE    =
+
+#---------------------------------------------------------------------------
+# configuration options related to the man page output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_MAN tag is set to YES (the default) Doxygen will
+# generate man pages
+
+GENERATE_MAN           = NO
+
+# The MAN_OUTPUT tag is used to specify where the man pages will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `man' will be used as the default path.
+
+MAN_OUTPUT             = man
+
+# The MAN_EXTENSION tag determines the extension that is added to
+# the generated man pages (default is the subroutine's section .3)
+
+MAN_EXTENSION          = .3
+
+# If the MAN_LINKS tag is set to YES and Doxygen generates man output,
+# then it will generate one additional man file for each entity
+# documented in the real man page(s). These additional files
+# only source the real man page, but without them the man command
+# would be unable to find the correct page. The default is NO.
+
+MAN_LINKS              = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the XML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_XML tag is set to YES Doxygen will
+# generate an XML file that captures the structure of
+# the code including all documentation.
+
+GENERATE_XML           = NO
+
+# The XML_OUTPUT tag is used to specify where the XML pages will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `xml' will be used as the default path.
+
+XML_OUTPUT             = xml
+
+# The XML_SCHEMA tag can be used to specify an XML schema,
+# which can be used by a validating XML parser to check the
+# syntax of the XML files.
+
+XML_SCHEMA             =
+
+# The XML_DTD tag can be used to specify an XML DTD,
+# which can be used by a validating XML parser to check the
+# syntax of the XML files.
+
+XML_DTD                =
+
+# If the XML_PROGRAMLISTING tag is set to YES Doxygen will
+# dump the program listings (including syntax highlighting
+# and cross-referencing information) to the XML output. Note that
+# enabling this will significantly increase the size of the XML output.
+
+XML_PROGRAMLISTING     = YES
+
+#---------------------------------------------------------------------------
+# configuration options for the AutoGen Definitions output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will
+# generate an AutoGen Definitions (see autogen.sf.net) file
+# that captures the structure of the code including all
+# documentation. Note that this feature is still experimental
+# and incomplete at the moment.
+
+GENERATE_AUTOGEN_DEF   = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the Perl module output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_PERLMOD tag is set to YES Doxygen will
+# generate a Perl module file that captures the structure of
+# the code including all documentation. Note that this
+# feature is still experimental and incomplete at the
+# moment.
+
+GENERATE_PERLMOD       = NO
+
+# If the PERLMOD_LATEX tag is set to YES Doxygen will generate
+# the necessary Makefile rules, Perl scripts and LaTeX code to be able
+# to generate PDF and DVI output from the Perl module output.
+
+PERLMOD_LATEX          = NO
+
+# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be
+# nicely formatted so it can be parsed by a human reader.  This is useful
+# if you want to understand what is going on.  On the other hand, if this
+# tag is set to NO the size of the Perl module output will be much smaller
+# and Perl will parse it just the same.
+
+PERLMOD_PRETTY         = YES
+
+# The names of the make variables in the generated doxyrules.make file
+# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX.
+# This is useful so different doxyrules.make files included by the same
+# Makefile don't overwrite each other's variables.
+
+PERLMOD_MAKEVAR_PREFIX =
+
+#---------------------------------------------------------------------------
+# Configuration options related to the preprocessor
+#---------------------------------------------------------------------------
+
+# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will
+# evaluate all C-preprocessor directives found in the sources and include
+# files.
+
+ENABLE_PREPROCESSING   = NO
+
+# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro
+# names in the source code. If set to NO (the default) only conditional
+# compilation will be performed. Macro expansion can be done in a controlled
+# way by setting EXPAND_ONLY_PREDEF to YES.
+
+MACRO_EXPANSION        = NO
+
+# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES
+# then the macro expansion is limited to the macros specified with the
+# PREDEFINED and EXPAND_AS_DEFINED tags.
+
+EXPAND_ONLY_PREDEF     = NO
+
+# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files
+# in the INCLUDE_PATH (see below) will be search if a #include is found.
+
+SEARCH_INCLUDES        = YES
+
+# The INCLUDE_PATH tag can be used to specify one or more directories that
+# contain include files that are not input files but should be processed by
+# the preprocessor.
+
+INCLUDE_PATH           =
+
+# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard
+# patterns (like *.h and *.hpp) to filter out the header-files in the
+# directories. If left blank, the patterns specified with FILE_PATTERNS will
+# be used.
+
+INCLUDE_FILE_PATTERNS  =
+
+# The PREDEFINED tag can be used to specify one or more macro names that
+# are defined before the preprocessor is started (similar to the -D option of
+# gcc). The argument of the tag is a list of macros of the form: name
+# or name=definition (no spaces). If the definition and the = are
+# omitted =1 is assumed. To prevent a macro definition from being
+# undefined via #undef or recursively expanded use the := operator
+# instead of the = operator.
+
+PREDEFINED             =
+
+# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then
+# this tag can be used to specify a list of macro names that should be expanded.
+# The macro definition that is found in the sources will be used.
+# Use the PREDEFINED tag if you want to use a different macro definition.
+
+EXPAND_AS_DEFINED      =
+
+# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then
+# doxygen's preprocessor will remove all function-like macros that are alone
+# on a line, have an all uppercase name, and do not end with a semicolon. Such
+# function macros are typically used for boiler-plate code, and will confuse
+# the parser if not removed.
+
+SKIP_FUNCTION_MACROS   = YES
+
+#---------------------------------------------------------------------------
+# Configuration::additions related to external references
+#---------------------------------------------------------------------------
+
+# The TAGFILES option can be used to specify one or more tagfiles.
+# Optionally an initial location of the external documentation
+# can be added for each tagfile. The format of a tag file without
+# this location is as follows:
+#   TAGFILES = file1 file2 ...
+# Adding location for the tag files is done as follows:
+#   TAGFILES = file1=loc1 "file2 = loc2" ...
+# where "loc1" and "loc2" can be relative or absolute paths or
+# URLs. If a location is present for each tag, the installdox tool
+# does not have to be run to correct the links.
+# Note that each tag file must have a unique name
+# (where the name does NOT include the path)
+# If a tag file is not located in the directory in which doxygen
+# is run, you must also specify the path to the tagfile here.
+
+TAGFILES               =
+
+# When a file name is specified after GENERATE_TAGFILE, doxygen will create
+# a tag file that is based on the input files it reads.
+
+GENERATE_TAGFILE       =
+
+# If the ALLEXTERNALS tag is set to YES all external classes will be listed
+# in the class index. If set to NO only the inherited external classes
+# will be listed.
+
+ALLEXTERNALS           = NO
+
+# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed
+# in the modules index. If set to NO, only the current project's groups will
+# be listed.
+
+EXTERNAL_GROUPS        = YES
+
+# The PERL_PATH should be the absolute path and name of the perl script
+# interpreter (i.e. the result of `which perl').
+
+PERL_PATH              = /usr/bin/perl
+
+#---------------------------------------------------------------------------
+# Configuration options related to the dot tool
+#---------------------------------------------------------------------------
+
+# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will
+# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base
+# or super classes. Setting the tag to NO turns the diagrams off. Note that
+# this option is superseded by the HAVE_DOT option below. This is only a
+# fallback. It is recommended to install and use dot, since it yields more
+# powerful graphs.
+
+CLASS_DIAGRAMS         = YES
+
+# You can define message sequence charts within doxygen comments using the \msc
+# command. Doxygen will then run the mscgen tool (see http://www.mcternan.me.uk/mscgen/) to
+# produce the chart and insert it in the documentation. The MSCGEN_PATH tag allows you to
+# specify the directory where the mscgen tool resides. If left empty the tool is assumed to
+# be found in the default search path.
+
+MSCGEN_PATH            =
+
+# If set to YES, the inheritance and collaboration graphs will hide
+# inheritance and usage relations if the target is undocumented
+# or is not a class.
+
+HIDE_UNDOC_RELATIONS   = YES
+
+# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is
+# available from the path. This tool is part of Graphviz, a graph visualization
+# toolkit from AT&T and Lucent Bell Labs. The other options in this section
+# have no effect if this option is set to NO (the default)
+
+HAVE_DOT               = NO
+
+# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen
+# will generate a graph for each documented class showing the direct and
+# indirect inheritance relations. Setting this tag to YES will force the
+# the CLASS_DIAGRAMS tag to NO.
+
+CLASS_GRAPH            = YES
+
+# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen
+# will generate a graph for each documented class showing the direct and
+# indirect implementation dependencies (inheritance, containment, and
+# class references variables) of the class with other documented classes.
+
+COLLABORATION_GRAPH    = YES
+
+# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen
+# will generate a graph for groups, showing the direct groups dependencies
+
+GROUP_GRAPHS           = YES
+
+# If the UML_LOOK tag is set to YES doxygen will generate inheritance and
+# collaboration diagrams in a style similar to the OMG's Unified Modeling
+# Language.
+
+UML_LOOK               = NO
+
+# If set to YES, the inheritance and collaboration graphs will show the
+# relations between templates and their instances.
+
+TEMPLATE_RELATIONS     = YES
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT
+# tags are set to YES then doxygen will generate a graph for each documented
+# file showing the direct and indirect include dependencies of the file with
+# other documented files.
+
+INCLUDE_GRAPH          = YES
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and
+# HAVE_DOT tags are set to YES then doxygen will generate a graph for each
+# documented header file showing the documented files that directly or
+# indirectly include this file.
+
+INCLUDED_BY_GRAPH      = YES
+
+# If the CALL_GRAPH, SOURCE_BROWSER and HAVE_DOT tags are set to YES then doxygen will
+# generate a call dependency graph for every global function or class method.
+# Note that enabling this option will significantly increase the time of a run.
+# So in most cases it will be better to enable call graphs for selected
+# functions only using the \callgraph command.
+
+CALL_GRAPH             = NO
+
+# If the CALLER_GRAPH, SOURCE_BROWSER and HAVE_DOT tags are set to YES then doxygen will
+# generate a caller dependency graph for every global function or class method.
+# Note that enabling this option will significantly increase the time of a run.
+# So in most cases it will be better to enable caller graphs for selected
+# functions only using the \callergraph command.
+
+CALLER_GRAPH           = NO
+
+# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen
+# will graphical hierarchy of all classes instead of a textual one.
+
+GRAPHICAL_HIERARCHY    = YES
+
+# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES
+# then doxygen will show the dependencies a directory has on other directories
+# in a graphical way. The dependency relations are determined by the #include
+# relations between the files in the directories.
+
+DIRECTORY_GRAPH        = YES
+
+# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images
+# generated by dot. Possible values are png, jpg, or gif
+# If left blank png will be used.
+
+DOT_IMAGE_FORMAT       = png
+
+# The tag DOT_PATH can be used to specify the path where the dot tool can be
+# found. If left blank, it is assumed the dot tool can be found in the path.
+
+DOT_PATH               =
+
+# The DOTFILE_DIRS tag can be used to specify one or more directories that
+# contain dot files that are included in the documentation (see the
+# \dotfile command).
+
+DOTFILE_DIRS           =
+
+# The MAX_DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of
+# nodes that will be shown in the graph. If the number of nodes in a graph
+# becomes larger than this value, doxygen will truncate the graph, which is
+# visualized by representing a node as a red box. Note that doxygen if the number
+# of direct children of the root node in a graph is already larger than
+# MAX_DOT_GRAPH_NOTES then the graph will not be shown at all. Also note
+# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH.
+
+DOT_GRAPH_MAX_NODES    = 50
+
+# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the
+# graphs generated by dot. A depth value of 3 means that only nodes reachable
+# from the root by following a path via at most 3 edges will be shown. Nodes
+# that lay further from the root node will be omitted. Note that setting this
+# option to 1 or 2 may greatly reduce the computation time needed for large
+# code bases. Also note that the size of a graph can be further restricted by
+# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction.
+
+MAX_DOT_GRAPH_DEPTH    = 0
+
+# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent
+# background. This is disabled by default, which results in a white background.
+# Warning: Depending on the platform used, enabling this option may lead to
+# badly anti-aliased labels on the edges of a graph (i.e. they become hard to
+# read).
+
+DOT_TRANSPARENT        = NO
+
+# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output
+# files in one run (i.e. multiple -o and -T options on the command line). This
+# makes dot run faster, but since only newer versions of dot (>1.8.10)
+# support this, this feature is disabled by default.
+
+DOT_MULTI_TARGETS      = NO
+
+# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will
+# generate a legend page explaining the meaning of the various boxes and
+# arrows in the dot generated graphs.
+
+GENERATE_LEGEND        = YES
+
+# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will
+# remove the intermediate dot files that are used to generate
+# the various graphs.
+
+DOT_CLEANUP            = YES
+
+#---------------------------------------------------------------------------
+# Configuration::additions related to the search engine
+#---------------------------------------------------------------------------
+
+# The SEARCHENGINE tag specifies whether or not a search engine should be
+# used. If set to NO the values of all tags below this one will be ignored.
+
+SEARCHENGINE           = NO
diff --git a/nsswitch/libwbclient/libwbclient.h b/nsswitch/libwbclient/libwbclient.h
new file mode 100644
index 0000000..867eb4d
--- /dev/null
+++ b/nsswitch/libwbclient/libwbclient.h
@@ -0,0 +1,44 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Winbind client API
+
+   Copyright (C) Gerald (Jerry) Carter 2007
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 3 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _LIBWBCLIENT_H
+#define _LIBWBCLIENT_H
+
+/* Super header including necessary public and private header files
+   for building the wbclient library.  __DO NOT__ define anything
+   in this file.  Only include other headers. */
+
+/* Winbind headers */
+
+#include "nsswitch/winbind_nss_config.h"
+#include "nsswitch/winbind_struct_protocol.h"
+
+/* Public headers */
+
+#include "wbclient.h"
+
+/* Private headers */
+
+#include "wbc_err_internal.h"
+#include "wbclient_internal.h"
+
+
+#endif      /* _LIBWBCLIENT_H */
diff --git a/nsswitch/libwbclient/tests/wbclient.c b/nsswitch/libwbclient/tests/wbclient.c
new file mode 100644
index 0000000..01fa289
--- /dev/null
+++ b/nsswitch/libwbclient/tests/wbclient.c
@@ -0,0 +1,1121 @@
+/*
+   Unix SMB/CIFS implementation.
+   SMB torture tester
+   Copyright (C) Guenther Deschner 2009-2010
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "source3/include/includes.h"
+#include "lib/replace/replace.h"
+#include "libcli/util/ntstatus.h"
+#include "libcli/util/werror.h"
+#include "lib/util/data_blob.h"
+#include "lib/util/time.h"
+#include "libcli/resolve/resolve.h"
+#include "nsswitch/libwbclient/wbclient.h"
+#include "nsswitch/winbind_client.h"
+#include "torture/smbtorture.h"
+#include "torture/winbind/proto.h"
+#include "lib/util/util_net.h"
+#include "lib/util/charset/charset.h"
+#include "libcli/auth/libcli_auth.h"
+#include "lib/param/param.h"
+#include "lib/util/samba_util.h"
+#include "auth/credentials/credentials.h"
+#include "lib/cmdline/cmdline.h"
+#include "winbindd.h"
+
+#include <gnutls/gnutls.h>
+#include <gnutls/crypto.h>
+
+#define WBC_ERROR_EQUAL(x,y) (x == y)
+
+#define torture_assert_wbc_equal(torture_ctx, got, expected, cmt, cmt_arg)	\
+	do { wbcErr __got = got, __expected = expected; \
+	if (!WBC_ERROR_EQUAL(__got, __expected)) { \
+		torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %s, expected %s: " cmt, wbcErrorString(__got), wbcErrorString(__expected), cmt_arg); \
+		return false; \
+	} \
+	} while (0)
+
+#define torture_assert_wbc_ok(torture_ctx,expr,cmt,cmt_arg)			\
+	torture_assert_wbc_equal(torture_ctx,expr,WBC_ERR_SUCCESS,cmt,cmt_arg)
+
+#define torture_assert_wbc_equal_goto_fail(torture_ctx, got, expected, cmt, cmt_arg)	\
+	do { wbcErr __got = got, __expected = expected; \
+	if (!WBC_ERROR_EQUAL(__got, __expected)) { \
+		torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %s, expected %s: " cmt, wbcErrorString(__got), wbcErrorString(__expected), cmt_arg); \
+		goto fail;						\
+	} \
+	} while (0)
+
+#define torture_assert_wbc_ok_goto_fail(torture_ctx,expr,cmt,cmt_arg)			\
+	torture_assert_wbc_equal_goto_fail(torture_ctx,expr,WBC_ERR_SUCCESS,cmt,cmt_arg)
+
+#define torture_assert_str_equal_goto_fail(torture_ctx,got,expected,cmt)\
+	do { const char *__got = (got), *__expected = (expected); \
+	if (strcmp(__got, __expected) != 0) { \
+		torture_result(torture_ctx, TORTURE_FAIL, \
+			__location__": "#got" was %s, expected %s: %s", \
+			__got, __expected, cmt); \
+		goto fail;;			 \
+	} \
+	} while(0)
+
+static bool test_wbc_ping(struct torture_context *tctx)
+{
+	torture_assert_wbc_ok(tctx, wbcPing(),
+		"%s", "wbcPing failed");
+
+	return true;
+}
+
+static bool test_wbc_pingdc(struct torture_context *tctx)
+{
+	struct wbcInterfaceDetails *details = NULL;
+	wbcErr ret = false;
+
+	torture_assert_wbc_equal_goto_fail(tctx,
+					   wbcPingDc("random_string", NULL),
+					   WBC_ERR_DOMAIN_NOT_FOUND,
+					   "%s",
+					   "wbcPingDc failed");
+	torture_assert_wbc_ok_goto_fail(tctx, wbcPingDc(NULL, NULL),
+		"%s", "wbcPingDc failed");
+
+	torture_assert_wbc_ok_goto_fail(tctx, wbcInterfaceDetails(&details),
+		"%s", "wbcInterfaceDetails failed");
+	torture_assert_goto(tctx, details, ret, fail,
+		       "wbcInterfaceDetails returned NULL pointer");
+	torture_assert_goto(tctx, details->netbios_domain, ret, fail,
+		       "wbcInterfaceDetails returned NULL netbios_domain");
+
+	torture_assert_wbc_ok_goto_fail(tctx,
+					wbcPingDc(details->netbios_domain, NULL),
+					"wbcPingDc(%s) failed",
+					details->netbios_domain);
+
+	torture_assert_wbc_ok_goto_fail(tctx,
+					wbcPingDc("BUILTIN", NULL),
+					"%s",
+					"wbcPingDc(BUILTIN) failed");
+
+	ret = true;
+fail:
+	wbcFreeMemory(details);
+	return ret;
+}
+
+static bool test_wbc_pingdc2(struct torture_context *tctx)
+{
+	struct wbcInterfaceDetails *details = NULL;
+	char *name = NULL;
+	wbcErr ret = false;
+
+	torture_assert_wbc_equal_goto_fail(tctx,
+					   wbcPingDc2("random_string", NULL, &name),
+					   WBC_ERR_DOMAIN_NOT_FOUND,
+					   "%s",
+					   "wbcPingDc2 failed");
+	torture_assert_wbc_ok_goto_fail(tctx,
+					wbcPingDc2(NULL, NULL, &name),
+					"%s",
+					"wbcPingDc2 failed");
+	wbcFreeMemory(name);
+	name = NULL;
+
+	torture_assert_wbc_ok_goto_fail(tctx,
+					wbcInterfaceDetails(&details),
+					"%s",
+					"wbcInterfaceDetails failed");
+	torture_assert_goto(tctx,
+			    details,
+			    ret,
+			    fail,
+			    "wbcInterfaceDetails returned NULL pointer");
+	torture_assert_goto(tctx,
+			    details->netbios_domain,
+			    ret,
+			    fail,
+			    "wbcInterfaceDetails returned NULL netbios_domain");
+
+	torture_assert_wbc_ok_goto_fail(tctx,
+					wbcPingDc2(details->netbios_domain, NULL, &name),
+					"wbcPingDc2(%s) failed",
+					details->netbios_domain);
+	wbcFreeMemory(name);
+	name = NULL;
+
+	torture_assert_wbc_ok_goto_fail(tctx,
+					wbcPingDc2("BUILTIN", NULL, &name),
+					"%s",
+					"wbcPingDc2(BUILTIN) failed");
+
+	ret = true;
+fail:
+	wbcFreeMemory(name);
+	wbcFreeMemory(details);
+
+	return ret;
+}
+
+static bool test_wbc_library_details(struct torture_context *tctx)
+{
+	struct wbcLibraryDetails *details;
+
+	torture_assert_wbc_ok(tctx, wbcLibraryDetails(&details),
+		"%s", "wbcLibraryDetails failed");
+	torture_assert(tctx, details,
+		"wbcLibraryDetails returned NULL pointer");
+
+	wbcFreeMemory(details);
+
+	return true;
+}
+
+static bool test_wbc_interface_details(struct torture_context *tctx)
+{
+	struct wbcInterfaceDetails *details;
+
+	torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
+		"%s", "wbcInterfaceDetails failed");
+	torture_assert(tctx, details,
+		       "wbcInterfaceDetails returned NULL pointer");
+
+	wbcFreeMemory(details);
+
+	return true;
+}
+
+static bool test_wbc_sidtypestring(struct torture_context *tctx)
+{
+	torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_USE_NONE),
+				 "SID_NONE", "SID_NONE failed");
+	torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_USER),
+				 "SID_USER", "SID_USER failed");
+	torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_DOM_GRP),
+				 "SID_DOM_GROUP", "SID_DOM_GROUP failed");
+	torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_DOMAIN),
+				 "SID_DOMAIN", "SID_DOMAIN failed");
+	torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_ALIAS),
+				 "SID_ALIAS", "SID_ALIAS failed");
+	torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_WKN_GRP),
+				 "SID_WKN_GROUP", "SID_WKN_GROUP failed");
+	torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_DELETED),
+				 "SID_DELETED", "SID_DELETED failed");
+	torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_INVALID),
+				 "SID_INVALID", "SID_INVALID failed");
+	torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_UNKNOWN),
+				 "SID_UNKNOWN", "SID_UNKNOWN failed");
+	torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_COMPUTER),
+				 "SID_COMPUTER",  "SID_COMPUTER failed");
+	torture_assert_str_equal(tctx, wbcSidTypeString(WBC_SID_NAME_LABEL),
+				 "SID_LABEL",  "SID_LABEL failed");
+	return true;
+}
+
+static bool test_wbc_sidtostring(struct torture_context *tctx)
+{
+	struct wbcDomainSid sid;
+	const char *sid_string = "S-1-5-32";
+	char *sid_string2;
+
+	torture_assert_wbc_ok(tctx, wbcStringToSid(sid_string, &sid),
+			      "wbcStringToSid of %s failed", sid_string);
+	torture_assert_wbc_ok(tctx, wbcSidToString(&sid, &sid_string2),
+			      "wbcSidToString of %s failed", sid_string);
+	torture_assert_str_equal(tctx, sid_string, sid_string2,
+		"sid strings differ");
+	wbcFreeMemory(sid_string2);
+
+	return true;
+}
+
+static bool test_wbc_guidtostring(struct torture_context *tctx)
+{
+	struct wbcGuid guid;
+	const char *guid_string = "f7cf07b4-1487-45c7-824d-8b18cc580811";
+	char *guid_string2;
+
+	torture_assert_wbc_ok(tctx, wbcStringToGuid(guid_string, &guid),
+			      "wbcStringToGuid of %s failed", guid_string);
+	torture_assert_wbc_ok(tctx, wbcGuidToString(&guid, &guid_string2),
+			      "wbcGuidToString of %s failed", guid_string);
+	torture_assert_str_equal(tctx, guid_string, guid_string2,
+				 "guid strings differ");
+	wbcFreeMemory(guid_string2);
+
+	return true;
+}
+
+static bool test_wbc_domain_info(struct torture_context *tctx)
+{
+	struct wbcDomainInfo *info = NULL;
+	struct wbcInterfaceDetails *details = NULL;
+	wbcErr ret = false;
+
+	torture_assert_wbc_ok_goto_fail(tctx,
+					wbcInterfaceDetails(&details),
+					"%s",
+					"wbcInterfaceDetails failed");
+	torture_assert_wbc_ok_goto_fail(tctx,
+					wbcDomainInfo(details->netbios_domain, &info),
+					"%s",
+					"wbcDomainInfo failed");
+
+	torture_assert_goto(tctx,
+			    info,
+			    ret,
+			    fail,
+			    "wbcDomainInfo returned NULL pointer");
+
+	ret = true;
+fail:
+	wbcFreeMemory(details);
+	wbcFreeMemory(info);
+
+	return ret;
+}
+
+static bool test_wbc_users(struct torture_context *tctx)
+{
+	const char *domain_name = NULL;
+	uint32_t num_users;
+	const char **users = NULL;
+	uint32_t i;
+	struct wbcInterfaceDetails *details = NULL;
+	struct wbcDomainSid *sids = NULL;
+	char *domain = NULL;
+	char *name = NULL;
+	char *sid_string = NULL;
+	wbcErr ret = false;
+	char separator;
+
+	torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
+		"%s", "wbcInterfaceDetails failed");
+
+	domain_name = talloc_strdup(tctx, details->netbios_domain);
+	torture_assert_goto(tctx,
+			    domain_name != NULL,
+			    ret,
+			    fail,
+			    "Failed to allocate domain_name");
+	separator = details->winbind_separator;
+	wbcFreeMemory(details);
+	details = NULL;
+
+	torture_assert_wbc_ok_goto_fail(tctx,
+					wbcListUsers(domain_name, &num_users, &users),
+					"%s",
+					"wbcListUsers failed");
+	torture_assert_goto(tctx,
+			    !(num_users > 0 && !users),
+			    ret,
+			    fail,
+			    "wbcListUsers returned invalid results");
+
+	for (i = 0; i < MIN(num_users, 100); i++) {
+		struct wbcDomainSid sid;
+		enum wbcSidType name_type;
+		uint32_t num_sids;
+		const char *user;
+		char *c;
+
+		c = strchr(users[i], separator);
+
+		if (c == NULL) {
+			/*
+			 * NT4 DC
+			 * user name does not contain DOMAIN SEPARATOR prefix.
+			 */
+
+			user = users[i];
+		} else {
+			/*
+			 * AD DC
+			 * user name starts with DOMAIN SEPARATOR prefix.
+			 */
+			const char *dom;
+
+			*c = '\0';
+			dom = users[i];
+			user = c + 1;
+
+			torture_assert_str_equal_goto(tctx, dom, domain_name,
+						      ret, fail, "Domain part "
+						      "of user name does not "
+						      "match domain name.\n");
+		}
+
+		torture_assert_wbc_ok_goto_fail(tctx,
+						wbcLookupName(domain_name, user,
+							      &sid, &name_type),
+						"wbcLookupName of %s failed",
+						users[i]);
+		torture_assert_int_equal_goto(tctx,
+					      name_type, WBC_SID_NAME_USER,
+					      ret,
+					      fail,
+					      "wbcLookupName expected WBC_SID_NAME_USER");
+		wbcSidToString(&sid, &sid_string);
+		torture_assert_wbc_ok_goto_fail(tctx,
+						wbcLookupSid(&sid,
+							     &domain,
+							     &name,
+							     &name_type),
+						"wbcLookupSid of %s failed",
+						sid_string);
+		torture_assert_int_equal_goto(tctx,
+					      name_type, WBC_SID_NAME_USER,
+					      ret,
+					      fail,
+					      "wbcLookupSid of expected WBC_SID_NAME_USER");
+		torture_assert_goto(tctx,
+				    name,
+				    ret,
+				    fail,
+				    "wbcLookupSid returned no name");
+		wbcFreeMemory(domain);
+		domain = NULL;
+		wbcFreeMemory(name);
+		name = NULL;
+
+		torture_assert_wbc_ok_goto_fail(tctx,
+						wbcLookupUserSids(&sid, true, &num_sids, &sids),
+						"wbcLookupUserSids of %s failed", sid_string);
+		torture_assert_wbc_ok_goto_fail(tctx,
+						wbcGetDisplayName(&sid,
+								  &domain,
+								  &name,
+								  &name_type),
+						"wbcGetDisplayName of %s failed",
+						sid_string);
+		wbcFreeMemory(domain);
+		domain = NULL;
+		wbcFreeMemory(name);
+		name = NULL;
+		wbcFreeMemory(sids);
+		sids = NULL;
+		wbcFreeMemory(sid_string);
+		sid_string = NULL;
+	}
+
+	ret = true;
+fail:
+	wbcFreeMemory(details);
+	wbcFreeMemory(users);
+	wbcFreeMemory(domain);
+	wbcFreeMemory(name);
+	wbcFreeMemory(sids);
+	wbcFreeMemory(sid_string);
+
+	return ret;
+}
+
+static bool test_wbc_groups(struct torture_context *tctx)
+{
+	wbcErr ret = false;
+	const char *domain_name = NULL;
+	uint32_t num_groups;
+	const char **groups = NULL;
+	uint32_t i;
+	struct wbcInterfaceDetails *details = NULL;
+	char *domain = NULL;
+	char *name = NULL;
+	char *sid_string = NULL;
+	char separator;
+
+	torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
+			      "%s", "wbcInterfaceDetails failed");
+
+	domain_name = talloc_strdup(tctx, details->netbios_domain);
+	torture_assert_goto(tctx,
+			    domain_name != NULL,
+			    ret,
+			    fail,
+			    "Failed to allocate domain_name");
+	separator = details->winbind_separator;
+	wbcFreeMemory(details);
+	details = NULL;
+
+	torture_assert_wbc_ok_goto_fail(tctx,
+					wbcListGroups(domain_name, &num_groups, &groups),
+					"wbcListGroups in %s failed",
+					domain_name);
+	torture_assert_goto(tctx,
+			    !(num_groups > 0 && !groups),
+			    ret,
+			    fail,
+			    "wbcListGroups returned invalid results");
+
+	for (i=0; i < MIN(num_groups,100); i++) {
+		struct wbcDomainSid sid;
+		enum wbcSidType name_type;
+		const char *group;
+		char *c;
+
+		c = strchr(groups[i], separator);
+
+		if (c == NULL) {
+			/*
+			 * NT4 DC
+			 * group name does not contain DOMAIN SEPARATOR prefix.
+			 */
+
+			group = groups[i];
+		} else {
+			/*
+			 * AD DC
+			 * group name starts with DOMAIN SEPARATOR prefix.
+			 */
+			const char *dom;
+
+
+			*c = '\0';
+			dom = groups[i];
+			group = c + 1;
+
+			torture_assert_str_equal_goto(tctx, dom, domain_name,
+						      ret, fail, "Domain part "
+						      "of group name does not "
+						      "match domain name.\n");
+		}
+
+		torture_assert_wbc_ok_goto_fail(tctx,
+						wbcLookupName(domain_name,
+							      group,
+							      &sid,
+							      &name_type),
+						"wbcLookupName for %s failed",
+						domain_name);
+		wbcSidToString(&sid, &sid_string);
+		torture_assert_wbc_ok_goto_fail(tctx,
+						wbcLookupSid(&sid,
+							     &domain,
+							     &name,
+							     &name_type),
+						"wbcLookupSid of %s failed",
+						sid_string);
+		torture_assert_goto(tctx,
+				    name,
+				    ret,
+				    fail,
+				    "wbcLookupSid returned no name");
+
+		wbcFreeMemory(domain);
+		domain = NULL;
+		wbcFreeMemory(name);
+		name = NULL;
+		wbcFreeMemory(sid_string);
+		sid_string = NULL;
+	}
+
+	ret = true;
+fail:
+	wbcFreeMemory(details);
+	wbcFreeMemory(groups);
+	wbcFreeMemory(domain);
+	wbcFreeMemory(name);
+	wbcFreeMemory(sid_string);
+
+	return ret;
+}
+
+static bool test_wbc_trusts(struct torture_context *tctx)
+{
+	struct wbcDomainInfo *domains = NULL;
+	struct wbcAuthErrorInfo *error = NULL;
+	size_t num_domains;
+	uint32_t i;
+	wbcErr ret = false;
+
+	torture_assert_wbc_ok_goto_fail(tctx,
+					wbcListTrusts(&domains, &num_domains),
+					"%s",
+					"wbcListTrusts failed");
+	torture_assert_goto(tctx,
+			    !(num_domains > 0 && !domains),
+			    ret,
+			    fail,
+			    "wbcListTrusts returned invalid results");
+
+	for (i=0; i < MIN(num_domains,100); i++) {
+
+		/*
+		struct wbcDomainSid sid;
+		enum wbcSidType name_type;
+		char *domain;
+		char *name;
+		*/
+		torture_assert_wbc_ok_goto_fail(tctx,
+						wbcCheckTrustCredentials(domains[i].short_name,
+									 &error),
+						"%s",
+						"wbcCheckTrustCredentials failed");
+		/*
+		torture_assert_wbc_ok(tctx, wbcLookupName(domains[i].short_name, NULL, &sid, &name_type),
+			"wbcLookupName failed");
+		torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_DOMAIN,
+			"wbcLookupName expected WBC_SID_NAME_DOMAIN");
+		torture_assert_wbc_ok(tctx, wbcLookupSid(&sid, &domain, &name, &name_type),
+			"wbcLookupSid failed");
+		torture_assert_int_equal(tctx, name_type, WBC_SID_NAME_DOMAIN,
+			"wbcLookupSid expected WBC_SID_NAME_DOMAIN");
+		torture_assert(tctx, name,
+			"wbcLookupSid returned no name");
+		*/
+		wbcFreeMemory(error);
+		error = NULL;
+	}
+
+	ret = true;
+fail:
+	wbcFreeMemory(domains);
+	wbcFreeMemory(error);
+
+	return ret;
+}
+
+static bool test_wbc_lookupdc(struct torture_context *tctx)
+{
+	const char *domain_name = NULL;
+	struct wbcInterfaceDetails *details;
+	struct wbcDomainControllerInfo *dc_info;
+
+	torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
+		"%s", "wbcInterfaceDetails failed");
+
+	domain_name = talloc_strdup(tctx, details->netbios_domain);
+	wbcFreeMemory(details);
+
+	torture_assert_wbc_ok(tctx, wbcLookupDomainController(domain_name, 0, &dc_info),
+			      "wbcLookupDomainController for %s failed", domain_name);
+	wbcFreeMemory(dc_info);
+
+	return true;
+}
+
+static bool test_wbc_lookupdcex(struct torture_context *tctx)
+{
+	const char *domain_name = NULL;
+	struct wbcInterfaceDetails *details;
+	struct wbcDomainControllerInfoEx *dc_info;
+
+	torture_assert_wbc_ok(tctx, wbcInterfaceDetails(&details),
+		"%s", "wbcInterfaceDetails failed");
+
+	domain_name = talloc_strdup(tctx, details->netbios_domain);
+	wbcFreeMemory(details);
+
+	torture_assert_wbc_ok(tctx, wbcLookupDomainControllerEx(domain_name, NULL, NULL, 0, &dc_info),
+		"wbcLookupDomainControllerEx for %s failed", domain_name);
+	wbcFreeMemory(dc_info);
+
+	return true;
+}
+
+static bool test_wbc_resolve_winsbyname(struct torture_context *tctx)
+{
+	const char *name;
+	char *ip;
+	wbcErr ret;
+
+	name = torture_setting_string(tctx, "host", NULL);
+
+	torture_comment(tctx, "test-WinsByName: host='%s'\n", name);
+
+	ret = wbcResolveWinsByName(name, &ip);
+
+	if (is_ipaddress(name)) {
+		torture_assert_wbc_equal(tctx, ret, WBC_ERR_DOMAIN_NOT_FOUND, "wbcResolveWinsByName of %s failed", name);
+	} else {
+		torture_assert_wbc_ok(tctx, ret, "wbcResolveWinsByName for %s failed", name);
+	}
+
+	return true;
+}
+
+static bool test_wbc_resolve_winsbyip(struct torture_context *tctx)
+{
+	const char *ip;
+	const char *host;
+	struct nbt_name nbt_name;
+	char *name;
+	wbcErr ret;
+	NTSTATUS status;
+
+	host = torture_setting_string(tctx, "host", NULL);
+
+	torture_comment(tctx, "test-WinsByIp: host='%s'\n", host);
+
+	make_nbt_name_server(&nbt_name, host);
+
+	status = resolve_name_ex(lpcfg_resolve_context(tctx->lp_ctx),
+				 0, 0, &nbt_name, tctx, &ip, tctx->ev);
+	torture_assert_ntstatus_ok(tctx, status,
+			talloc_asprintf(tctx,"Failed to resolve %s: %s",
+					nbt_name.name, nt_errstr(status)));
+
+	torture_comment(tctx, "test-WinsByIp: ip='%s'\n", ip);
+
+	ret = wbcResolveWinsByIP(ip, &name);
+
+	torture_assert_wbc_ok(tctx, ret, "wbcResolveWinsByIP for %s failed", ip);
+
+	wbcFreeMemory(name);
+
+	return true;
+}
+
+static bool test_wbc_lookup_rids(struct torture_context *tctx)
+{
+	struct wbcDomainSid builtin;
+	uint32_t rids[2] = { 544, 545 };
+	const char *domain_name = NULL;
+	const char **names = NULL;
+	enum wbcSidType *types;
+	wbcErr ret = false;
+
+	wbcStringToSid("S-1-5-32", &builtin);
+
+	ret = wbcLookupRids(&builtin, 2, rids, &domain_name, &names,
+			    &types);
+	torture_assert_wbc_ok_goto_fail(
+		tctx, ret, "%s", "wbcLookupRids for 544 and 545 failed");
+
+	torture_assert_str_equal(
+		tctx, names[0], "Administrators",
+		"S-1-5-32-544 not mapped to 'Administrators'");
+	torture_assert_str_equal_goto_fail(
+		tctx, names[1], "Users", "S-1-5-32-545 not mapped to 'Users'");
+
+	ret = true;
+fail:
+	wbcFreeMemory(discard_const_p(char ,domain_name));
+	wbcFreeMemory(names);
+	wbcFreeMemory(types);
+	return ret;
+}
+
+static bool test_wbc_get_sidaliases(struct torture_context *tctx)
+{
+	struct wbcDomainSid builtin;
+	struct wbcDomainInfo *info = NULL;
+	struct wbcInterfaceDetails *details = NULL;
+	struct wbcDomainSid sids[2];
+	uint32_t *rids = NULL;
+	uint32_t num_rids;
+	wbcErr ret = false;
+
+	torture_assert_wbc_ok_goto_fail(tctx,
+					wbcInterfaceDetails(&details),
+					"%s",
+					"wbcInterfaceDetails failed");
+	torture_assert_wbc_ok_goto_fail(tctx,
+					wbcDomainInfo(details->netbios_domain, &info),
+					"wbcDomainInfo of %s failed",
+					details->netbios_domain);
+
+	sids[0] = info->sid;
+	sids[0].sub_auths[sids[0].num_auths++] = 500;
+	sids[1] = info->sid;
+	sids[1].sub_auths[sids[1].num_auths++] = 512;
+
+	torture_assert_wbc_ok_goto_fail(tctx,
+					wbcStringToSid("S-1-5-32", &builtin),
+					"wbcStringToSid of %s failed",
+					"S-1-5-32");
+
+	ret = wbcGetSidAliases(&builtin, sids, 2, &rids, &num_rids);
+	torture_assert_wbc_ok_goto_fail(tctx,
+					ret,
+					"%s",
+					"wbcGetSidAliases failed");
+
+	ret = true;
+fail:
+	wbcFreeMemory(details);
+	wbcFreeMemory(info);
+	wbcFreeMemory(rids);
+	return ret;
+}
+
+static bool test_wbc_authenticate_user_int(struct torture_context *tctx,
+					   const char *correct_password)
+{
+	struct wbcAuthUserParams params;
+	struct wbcAuthUserInfo *info = NULL;
+	struct wbcAuthErrorInfo *error = NULL;
+	wbcErr ret;
+	struct cli_credentials *creds = samba_cmdline_get_creds();
+
+	ret = wbcAuthenticateUser(cli_credentials_get_username(
+			creds), correct_password);
+	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
+		 "wbcAuthenticateUser of %s failed",
+		 cli_credentials_get_username(creds));
+
+	ZERO_STRUCT(params);
+	params.account_name		=
+		cli_credentials_get_username(creds);
+	params.level			= WBC_AUTH_USER_LEVEL_PLAIN;
+	params.password.plaintext	= correct_password;
+
+	ret = wbcAuthenticateUserEx(&params, &info, &error);
+	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
+				 "wbcAuthenticateUserEx of %s failed", params.account_name);
+	wbcFreeMemory(info);
+	info = NULL;
+
+	wbcFreeMemory(error);
+	error = NULL;
+
+	params.password.plaintext       = "wrong";
+	ret = wbcAuthenticateUserEx(&params, &info, &error);
+	torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR,
+				 "wbcAuthenticateUserEx for %s succeeded where it "
+				 "should have failed", params.account_name);
+	wbcFreeMemory(info);
+	info = NULL;
+
+	wbcFreeMemory(error);
+	error = NULL;
+
+	return true;
+}
+
+static bool test_wbc_authenticate_user(struct torture_context *tctx)
+{
+	struct cli_credentials *creds = samba_cmdline_get_creds();
+
+	return test_wbc_authenticate_user_int(tctx,
+		cli_credentials_get_password(creds));
+}
+
+static bool test_wbc_change_password(struct torture_context *tctx)
+{
+	wbcErr ret;
+	struct cli_credentials *creds = samba_cmdline_get_creds();
+	const char *oldpass =
+		cli_credentials_get_password(creds);
+	const char *newpass = "Koo8irei%$";
+
+	struct samr_CryptPassword new_nt_password;
+	struct samr_CryptPassword new_lm_password;
+	struct samr_Password old_nt_hash_enc;
+	struct samr_Password old_lanman_hash_enc;
+
+	gnutls_cipher_hd_t cipher_hnd = NULL;
+
+	uint8_t old_nt_hash[16];
+	uint8_t old_lanman_hash[16];
+	uint8_t new_nt_hash[16];
+	uint8_t new_lanman_hash[16];
+	gnutls_datum_t old_nt_key = {
+		.data = old_nt_hash,
+		.size = sizeof(old_nt_hash),
+	};
+
+	struct wbcChangePasswordParams params;
+
+	if (oldpass == NULL) {
+		torture_skip(tctx,
+			"skipping wbcChangeUserPassword test as old password cannot be retrieved\n");
+	}
+
+	ZERO_STRUCT(params);
+
+	E_md4hash(oldpass, old_nt_hash);
+	E_md4hash(newpass, new_nt_hash);
+
+	if (lpcfg_client_lanman_auth(tctx->lp_ctx) &&
+	    E_deshash(newpass, new_lanman_hash) &&
+	    E_deshash(oldpass, old_lanman_hash)) {
+
+		/* E_deshash returns false for 'long' passwords (> 14
+		   DOS chars).  This allows us to match Win2k, which
+		   does not store a LM hash for these passwords (which
+		   would reduce the effective password length to 14) */
+
+		encode_pw_buffer(new_lm_password.data, newpass, STR_UNICODE);
+
+		gnutls_cipher_init(&cipher_hnd,
+				   GNUTLS_CIPHER_ARCFOUR_128,
+				   &old_nt_key,
+				   NULL);
+		gnutls_cipher_encrypt(cipher_hnd,
+				      new_lm_password.data,
+				      516);
+		gnutls_cipher_deinit(cipher_hnd);
+
+		E_old_pw_hash(new_nt_hash, old_lanman_hash,
+			      old_lanman_hash_enc.hash);
+
+		params.old_password.response.old_lm_hash_enc_length =
+			sizeof(old_lanman_hash_enc.hash);
+		params.old_password.response.old_lm_hash_enc_data =
+			old_lanman_hash_enc.hash;
+		params.new_password.response.lm_length =
+			sizeof(new_lm_password.data);
+		params.new_password.response.lm_data =
+			new_lm_password.data;
+	} else {
+		ZERO_STRUCT(new_lm_password);
+		ZERO_STRUCT(old_lanman_hash_enc);
+	}
+
+	encode_pw_buffer(new_nt_password.data, newpass, STR_UNICODE);
+
+	gnutls_cipher_init(&cipher_hnd,
+			   GNUTLS_CIPHER_ARCFOUR_128,
+			   &old_nt_key,
+			   NULL);
+	gnutls_cipher_encrypt(cipher_hnd,
+			      new_nt_password.data,
+			      516);
+	gnutls_cipher_deinit(cipher_hnd);
+
+	E_old_pw_hash(new_nt_hash, old_nt_hash, old_nt_hash_enc.hash);
+
+	params.old_password.response.old_nt_hash_enc_length =
+		sizeof(old_nt_hash_enc.hash);
+	params.old_password.response.old_nt_hash_enc_data =
+		old_nt_hash_enc.hash;
+	params.new_password.response.nt_length = sizeof(new_nt_password.data);
+	params.new_password.response.nt_data = new_nt_password.data;
+
+	params.level = WBC_CHANGE_PASSWORD_LEVEL_RESPONSE;
+	params.account_name =
+		cli_credentials_get_username(creds);
+	params.domain_name =
+		cli_credentials_get_domain(creds);
+
+	ret = wbcChangeUserPasswordEx(&params, NULL, NULL, NULL);
+	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
+				 "wbcChangeUserPassword for %s failed", params.account_name);
+
+	if (!test_wbc_authenticate_user_int(tctx, newpass)) {
+		return false;
+	}
+
+	ret = wbcChangeUserPassword(
+		cli_credentials_get_username(creds),
+		newpass,
+		cli_credentials_get_password(creds));
+	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
+				 "wbcChangeUserPassword for %s failed", params.account_name);
+
+	return test_wbc_authenticate_user_int(tctx,
+		cli_credentials_get_password(creds));
+}
+
+static bool test_wbc_logon_user(struct torture_context *tctx)
+{
+	struct wbcLogonUserParams params;
+	struct wbcLogonUserInfo *info = NULL;
+	struct wbcAuthErrorInfo *error = NULL;
+	struct wbcUserPasswordPolicyInfo *policy = NULL;
+	struct wbcInterfaceDetails *iface;
+	struct wbcDomainSid sid;
+	enum wbcSidType sidtype;
+	char *sidstr;
+	wbcErr ret;
+	struct cli_credentials *creds = samba_cmdline_get_creds();
+	uint32_t i, flags = 0;
+	const char *expected_unix_username = NULL;
+	const char *unix_username = NULL;
+
+	ZERO_STRUCT(params);
+
+	ret = wbcLogonUser(&params, &info, &error, &policy);
+	torture_assert_wbc_equal(tctx, ret, WBC_ERR_INVALID_PARAM,
+				 "%s", "wbcLogonUser succeeded for NULL where it should "
+				 "have failed");
+
+	params.username =
+		cli_credentials_get_username(creds);
+	params.password =
+		cli_credentials_get_password(creds);
+
+	ret = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
+			      "foo", 0, discard_const_p(uint8_t, "bar"), 4);
+	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
+				 "%s", "wbcAddNamedBlob failed");
+
+	ret = wbcLogonUser(&params, &info, &error, &policy);
+	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
+				 "wbcLogonUser for %s failed", params.username);
+	wbcFreeMemory(info); info = NULL;
+	wbcFreeMemory(error); error = NULL;
+	wbcFreeMemory(policy); policy = NULL;
+
+	params.password = "wrong";
+
+	ret = wbcLogonUser(&params, &info, &error, &policy);
+	torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR,
+				 "wbcLogonUser for %s should have failed with "
+				 "WBC_ERR_AUTH_ERROR", params.username);
+	wbcFreeMemory(info); info = NULL;
+	wbcFreeMemory(error); error = NULL;
+	wbcFreeMemory(policy); policy = NULL;
+
+	ret = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
+			      "membership_of", 0,
+			      discard_const_p(uint8_t, "S-1-2-3-4"),
+			      strlen("S-1-2-3-4")+1);
+	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
+				 "%s", "wbcAddNamedBlob failed");
+	params.password =
+		cli_credentials_get_password(creds);
+	ret = wbcLogonUser(&params, &info, &error, &policy);
+	torture_assert_wbc_equal(tctx, ret, WBC_ERR_AUTH_ERROR,
+				 "wbcLogonUser for %s should have failed with "
+				 "WBC_ERR_AUTH_ERROR", params.username);
+	wbcFreeMemory(info); info = NULL;
+	wbcFreeMemory(error); error = NULL;
+	wbcFreeMemory(policy); policy = NULL;
+	wbcFreeMemory(params.blobs);
+	params.blobs = NULL; params.num_blobs = 0;
+
+	ret = wbcInterfaceDetails(&iface);
+	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
+				 "%s", "wbcInterfaceDetails failed");
+
+	ret = wbcLookupName(iface->netbios_domain,
+		cli_credentials_get_username(creds),
+		&sid,
+		&sidtype);
+	wbcFreeMemory(iface);
+	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
+		"wbcLookupName for %s failed",
+		cli_credentials_get_username(creds));
+
+	ret = wbcSidToString(&sid, &sidstr);
+	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
+				 "%s", "wbcSidToString failed");
+
+	ret = wbcAddNamedBlob(&params.num_blobs, &params.blobs,
+			      "membership_of", 0,
+			      (uint8_t *)sidstr, strlen(sidstr)+1);
+	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
+				 "%s", "wbcAddNamedBlob failed");
+	wbcFreeMemory(sidstr);
+	params.password =
+		cli_credentials_get_password(creds);
+	ret = wbcLogonUser(&params, &info, &error, &policy);
+	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
+				 "wbcLogonUser for %s failed", params.username);
+	wbcFreeMemory(info); info = NULL;
+	wbcFreeMemory(error); error = NULL;
+	wbcFreeMemory(policy); policy = NULL;
+	wbcFreeMemory(params.blobs);
+	params.blobs = NULL; params.num_blobs = 0;
+
+	/* Test WBFLAG_PAM_UNIX_NAME */
+	params.username = cli_credentials_get_username(creds);
+	params.password = cli_credentials_get_password(creds);
+	flags = WBFLAG_PAM_UNIX_NAME;
+
+	torture_assert(tctx,
+		       lp_load_global(lpcfg_configfile(tctx->lp_ctx)),
+		       "lp_load_global() failed\n");
+	expected_unix_username = fill_domain_username_talloc(tctx,
+			cli_credentials_get_domain(creds),
+			cli_credentials_get_username(creds),
+			true);
+
+	ret = wbcAddNamedBlob(&params.num_blobs, &params.blobs, "flags", 0,
+			      (uint8_t *)&flags, sizeof(flags));
+	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
+				 "%s", "wbcAddNamedBlob failed");
+
+	ret = wbcLogonUser(&params, &info, &error, &policy);
+	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
+				 "wbcLogonUser for %s failed",
+				 params.username);
+
+	for (unix_username=NULL, i=0; i<info->num_blobs; i++) {
+		torture_comment(tctx, "Found named blob '%s'\n", info->blobs[i].name);
+		if (strequal(info->blobs[i].name, "unix_username")) {
+			unix_username = (const char *)info->blobs[i].blob.data;
+		}
+	}
+	torture_assert_not_null(tctx, unix_username,
+			"wbcLogonUserInfo does not have unix_username blob\n");
+	torture_assert_str_equal(tctx, unix_username,
+			expected_unix_username,
+			"Unexpected unix_username");
+	wbcFreeMemory(info); info = NULL;
+	wbcFreeMemory(error); error = NULL;
+	wbcFreeMemory(policy); policy = NULL;
+	wbcFreeMemory(params.blobs);
+	params.blobs = NULL; params.num_blobs = 0;
+
+	return true;
+}
+
+static bool test_wbc_getgroups(struct torture_context *tctx)
+{
+	wbcErr ret;
+	uint32_t num_groups;
+	gid_t *groups;
+	struct cli_credentials *creds = samba_cmdline_get_creds();
+
+	ret = wbcGetGroups(
+		cli_credentials_get_username(creds),
+		&num_groups,
+		&groups);
+	torture_assert_wbc_equal(tctx, ret, WBC_ERR_SUCCESS,
+		"wbcGetGroups for %s failed",
+		cli_credentials_get_username(creds));
+	wbcFreeMemory(groups);
+	return true;
+}
+
+struct torture_suite *torture_wbclient(TALLOC_CTX *ctx)
+{
+	struct torture_suite *suite = torture_suite_create(ctx, "wbclient");
+
+	torture_suite_add_simple_test(suite, "wbcPing", test_wbc_ping);
+	torture_suite_add_simple_test(suite, "wbcPingDc", test_wbc_pingdc);
+	torture_suite_add_simple_test(suite, "wbcPingDc2", test_wbc_pingdc2);
+	torture_suite_add_simple_test(suite, "wbcLibraryDetails", test_wbc_library_details);
+	torture_suite_add_simple_test(suite, "wbcInterfaceDetails", test_wbc_interface_details);
+	torture_suite_add_simple_test(suite, "wbcSidTypeString", test_wbc_sidtypestring);
+	torture_suite_add_simple_test(suite, "wbcSidToString", test_wbc_sidtostring);
+	torture_suite_add_simple_test(suite, "wbcGuidToString", test_wbc_guidtostring);
+	torture_suite_add_simple_test(suite, "wbcDomainInfo", test_wbc_domain_info);
+	torture_suite_add_simple_test(suite, "wbcListUsers", test_wbc_users);
+	torture_suite_add_simple_test(suite, "wbcListGroups", test_wbc_groups);
+	torture_suite_add_simple_test(suite, "wbcListTrusts", test_wbc_trusts);
+	torture_suite_add_simple_test(suite, "wbcLookupDomainController", test_wbc_lookupdc);
+	torture_suite_add_simple_test(suite, "wbcLookupDomainControllerEx", test_wbc_lookupdcex);
+	torture_suite_add_simple_test(suite, "wbcResolveWinsByName", test_wbc_resolve_winsbyname);
+	torture_suite_add_simple_test(suite, "wbcResolveWinsByIP", test_wbc_resolve_winsbyip);
+	torture_suite_add_simple_test(suite, "wbcLookupRids",
+				      test_wbc_lookup_rids);
+	torture_suite_add_simple_test(suite, "wbcGetSidAliases",
+				      test_wbc_get_sidaliases);
+	torture_suite_add_simple_test(suite, "wbcAuthenticateUser",
+				      test_wbc_authenticate_user);
+	torture_suite_add_simple_test(suite, "wbcLogonUser",
+				      test_wbc_logon_user);
+	torture_suite_add_simple_test(suite, "wbcChangeUserPassword",
+				      test_wbc_change_password);
+	torture_suite_add_simple_test(suite, "wbcGetGroups",
+				      test_wbc_getgroups);
+
+	return suite;
+}
diff --git a/nsswitch/libwbclient/wbc_err_internal.h b/nsswitch/libwbclient/wbc_err_internal.h
new file mode 100644
index 0000000..dd8e7f2
--- /dev/null
+++ b/nsswitch/libwbclient/wbc_err_internal.h
@@ -0,0 +1,45 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Winbind client API
+
+   Copyright (C) Gerald (Jerry) Carter 2007
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 3 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _WBC_ERR_INTERNAL_H
+#define _WBC_ERR_INTERNAL_H
+
+/* Private macros */
+
+#define BAIL_ON_WBC_ERROR(x)			\
+	do {					\
+		if (!WBC_ERROR_IS_OK(x)) {	\
+			goto done;		\
+		}				\
+	} while(0)
+
+#define BAIL_ON_PTR_ERROR(x, status)                    \
+	do {						\
+		if ((x) == NULL) {			\
+			status = WBC_ERR_NO_MEMORY;	\
+			goto done;			\
+		} else {				\
+			status = WBC_ERR_SUCCESS;	\
+		}					\
+	} while (0)
+
+
+#endif	/* _WBC_ERR_INTERNAL_H */
diff --git a/nsswitch/libwbclient/wbc_guid.c b/nsswitch/libwbclient/wbc_guid.c
new file mode 100644
index 0000000..72701c8
--- /dev/null
+++ b/nsswitch/libwbclient/wbc_guid.c
@@ -0,0 +1,103 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Winbind client API
+
+   Copyright (C) Gerald (Jerry) Carter 2007
+
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 3 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* Required Headers */
+
+#include "replace.h"
+#include "libwbclient.h"
+
+/* Convert a binary GUID to a character string */
+_PUBLIC_
+wbcErr wbcGuidToString(const struct wbcGuid *guid,
+		       char **guid_string)
+{
+	char *result;
+
+	result = (char *)wbcAllocateMemory(37, 1, NULL);
+	if (result == NULL) {
+		return WBC_ERR_NO_MEMORY;
+	}
+	snprintf(result, 37,
+		 "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
+		 guid->time_low, guid->time_mid,
+		 guid->time_hi_and_version,
+		 guid->clock_seq[0],
+		 guid->clock_seq[1],
+		 guid->node[0], guid->node[1],
+		 guid->node[2], guid->node[3],
+		 guid->node[4], guid->node[5]);
+	*guid_string = result;
+
+	return WBC_ERR_SUCCESS;
+}
+
+/* @brief Convert a character string to a binary GUID */
+_PUBLIC_
+wbcErr wbcStringToGuid(const char *str,
+		       struct wbcGuid *guid)
+{
+	unsigned int time_low;
+	unsigned int time_mid, time_hi_and_version;
+	unsigned int clock_seq[2];
+	unsigned int node[6];
+	int i;
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+
+	if (!guid) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	if (!str) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	if (11 == sscanf(str, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
+			 &time_low, &time_mid, &time_hi_and_version,
+			 &clock_seq[0], &clock_seq[1],
+			 &node[0], &node[1], &node[2], &node[3], &node[4], &node[5])) {
+	        wbc_status = WBC_ERR_SUCCESS;
+	} else if (11 == sscanf(str, "{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}",
+				&time_low, &time_mid, &time_hi_and_version,
+				&clock_seq[0], &clock_seq[1],
+				&node[0], &node[1], &node[2], &node[3], &node[4], &node[5])) {
+	        wbc_status = WBC_ERR_SUCCESS;
+	}
+
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	guid->time_low = time_low;
+	guid->time_mid = time_mid;
+	guid->time_hi_and_version = time_hi_and_version;
+	guid->clock_seq[0] = clock_seq[0];
+	guid->clock_seq[1] = clock_seq[1];
+
+	for (i=0;i<6;i++) {
+		guid->node[i] = node[i];
+	}
+
+	wbc_status = WBC_ERR_SUCCESS;
+
+done:
+	return wbc_status;
+}
diff --git a/nsswitch/libwbclient/wbc_idmap.c b/nsswitch/libwbclient/wbc_idmap.c
new file mode 100644
index 0000000..c3acced
--- /dev/null
+++ b/nsswitch/libwbclient/wbc_idmap.c
@@ -0,0 +1,550 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Winbind client API
+
+   Copyright (C) Gerald (Jerry) Carter 2007
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 3 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* Required Headers */
+
+#include "replace.h"
+#include "libwbclient.h"
+#include "../winbind_client.h"
+#include "lib/util/smb_strtox.h"
+
+/* Convert a Windows SID to a Unix uid, allocating an uid if needed */
+_PUBLIC_
+wbcErr wbcCtxSidToUid(struct wbcContext *ctx, const struct wbcDomainSid *sid,
+		      uid_t *puid)
+{
+	struct wbcUnixId xid;
+	wbcErr wbc_status;
+
+	if (!sid || !puid) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	wbc_status = wbcCtxSidsToUnixIds(ctx, sid, 1, &xid);
+	if (!WBC_ERROR_IS_OK(wbc_status)) {
+		goto done;
+	}
+
+	if ((xid.type == WBC_ID_TYPE_UID) || (xid.type == WBC_ID_TYPE_BOTH)) {
+		*puid = xid.id.uid;
+		wbc_status = WBC_ERR_SUCCESS;
+	} else {
+		wbc_status = WBC_ERR_DOMAIN_NOT_FOUND;
+	}
+
+ done:
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcSidToUid(const struct wbcDomainSid *sid, uid_t *puid)
+{
+	return wbcCtxSidToUid(NULL, sid, puid);
+}
+
+/* Convert a Windows SID to a Unix uid if there already is a mapping */
+_PUBLIC_
+wbcErr wbcQuerySidToUid(const struct wbcDomainSid *sid,
+			uid_t *puid)
+{
+	return WBC_ERR_NOT_IMPLEMENTED;
+}
+
+/* Convert a Unix uid to a Windows SID, allocating a SID if needed */
+_PUBLIC_
+wbcErr wbcCtxUidToSid(struct wbcContext *ctx, uid_t uid,
+		      struct wbcDomainSid *psid)
+{
+	struct wbcUnixId xid;
+	struct wbcDomainSid sid;
+	struct wbcDomainSid null_sid = { 0 };
+	wbcErr wbc_status;
+
+	if (!psid) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	xid = (struct wbcUnixId) { .type = WBC_ID_TYPE_UID, .id.uid = uid };
+
+	wbc_status = wbcCtxUnixIdsToSids(ctx, &xid, 1, &sid);
+	if (!WBC_ERROR_IS_OK(wbc_status)) {
+		goto done;
+	}
+
+	if (memcmp(&sid, &null_sid, sizeof(sid)) != 0) {
+		*psid = sid;
+	} else {
+		wbc_status = WBC_ERR_DOMAIN_NOT_FOUND;
+	}
+
+done:
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcUidToSid(uid_t uid, struct wbcDomainSid *sid)
+{
+	return wbcCtxUidToSid(NULL, uid, sid);
+}
+
+/* Convert a Unix uid to a Windows SID if there already is a mapping */
+_PUBLIC_
+wbcErr wbcQueryUidToSid(uid_t uid,
+			struct wbcDomainSid *sid)
+{
+	return WBC_ERR_NOT_IMPLEMENTED;
+}
+
+/** @brief Convert a Windows SID to a Unix gid, allocating a gid if needed
+ *
+ * @param *sid        Pointer to the domain SID to be resolved
+ * @param *pgid       Pointer to the resolved gid_t value
+ *
+ * @return #wbcErr
+ *
+ **/
+
+_PUBLIC_
+wbcErr wbcCtxSidToGid(struct wbcContext *ctx, const struct wbcDomainSid *sid,
+		      gid_t *pgid)
+{
+	struct wbcUnixId xid;
+	wbcErr wbc_status;
+
+	if (!sid || !pgid) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	wbc_status = wbcCtxSidsToUnixIds(ctx, sid, 1, &xid);
+	if (!WBC_ERROR_IS_OK(wbc_status)) {
+		goto done;
+	}
+
+	if ((xid.type == WBC_ID_TYPE_GID) || (xid.type == WBC_ID_TYPE_BOTH)) {
+		*pgid = xid.id.gid;
+		wbc_status = WBC_ERR_SUCCESS;
+	} else {
+		wbc_status = WBC_ERR_DOMAIN_NOT_FOUND;
+	}
+
+ done:
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcSidToGid(const struct wbcDomainSid *sid, gid_t *pgid)
+{
+	return wbcCtxSidToGid(NULL, sid, pgid);
+}
+
+/* Convert a Windows SID to a Unix gid if there already is a mapping */
+
+_PUBLIC_
+wbcErr wbcQuerySidToGid(const struct wbcDomainSid *sid,
+			gid_t *pgid)
+{
+	return WBC_ERR_NOT_IMPLEMENTED;
+}
+
+
+/* Convert a Unix gid to a Windows SID, allocating a SID if needed */
+_PUBLIC_
+wbcErr wbcCtxGidToSid(struct wbcContext *ctx, gid_t gid,
+		      struct wbcDomainSid *psid)
+{
+	struct wbcUnixId xid;
+	struct wbcDomainSid sid;
+	struct wbcDomainSid null_sid = { 0 };
+	wbcErr wbc_status;
+
+	if (!psid) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	xid = (struct wbcUnixId) { .type = WBC_ID_TYPE_GID, .id.gid = gid };
+
+	wbc_status = wbcCtxUnixIdsToSids(ctx, &xid, 1, &sid);
+	if (!WBC_ERROR_IS_OK(wbc_status)) {
+		goto done;
+	}
+
+	if (memcmp(&sid, &null_sid, sizeof(sid)) != 0) {
+		*psid = sid;
+	} else {
+		wbc_status = WBC_ERR_DOMAIN_NOT_FOUND;
+	}
+
+done:
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcGidToSid(gid_t gid, struct wbcDomainSid *sid)
+{
+	return wbcCtxGidToSid(NULL, gid, sid);
+}
+
+/* Convert a Unix gid to a Windows SID if there already is a mapping */
+_PUBLIC_
+wbcErr wbcQueryGidToSid(gid_t gid,
+			struct wbcDomainSid *sid)
+{
+	return WBC_ERR_NOT_IMPLEMENTED;
+}
+
+/* Obtain a new uid from Winbind */
+_PUBLIC_
+wbcErr wbcCtxAllocateUid(struct wbcContext *ctx, uid_t *puid)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+
+	if (!puid)
+		return WBC_ERR_INVALID_PARAM;
+
+	/* Initialise request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	/* Make request */
+
+	wbc_status = wbcRequestResponsePriv(ctx, WINBINDD_ALLOCATE_UID,
+					    &request, &response);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	/* Copy out result */
+	*puid = response.data.uid;
+
+	wbc_status = WBC_ERR_SUCCESS;
+
+ done:
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcAllocateUid(uid_t *puid)
+{
+	return wbcCtxAllocateUid(NULL, puid);
+}
+
+/* Obtain a new gid from Winbind */
+_PUBLIC_
+wbcErr wbcCtxAllocateGid(struct wbcContext *ctx, gid_t *pgid)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+
+	if (!pgid)
+		return WBC_ERR_INVALID_PARAM;
+
+	/* Initialise request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	/* Make request */
+
+	wbc_status = wbcRequestResponsePriv(ctx, WINBINDD_ALLOCATE_GID,
+					    &request, &response);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	/* Copy out result */
+	*pgid = response.data.gid;
+
+	wbc_status = WBC_ERR_SUCCESS;
+
+ done:
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcAllocateGid(gid_t *pgid)
+{
+	return wbcCtxAllocateGid(NULL, pgid);
+}
+
+/* we can't include smb.h here... */
+#define _ID_TYPE_UID 1
+#define _ID_TYPE_GID 2
+
+/* Set an user id mapping - not implemented any more */
+_PUBLIC_
+wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid)
+{
+	return WBC_ERR_NOT_IMPLEMENTED;
+}
+
+/* Set a group id mapping - not implemented any more */
+_PUBLIC_
+wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid)
+{
+	return WBC_ERR_NOT_IMPLEMENTED;
+}
+
+/* Remove a user id mapping - not implemented any more */
+_PUBLIC_
+wbcErr wbcRemoveUidMapping(uid_t uid, const struct wbcDomainSid *sid)
+{
+	return WBC_ERR_NOT_IMPLEMENTED;
+}
+
+/* Remove a group id mapping - not implemented any more */
+_PUBLIC_
+wbcErr wbcRemoveGidMapping(gid_t gid, const struct wbcDomainSid *sid)
+{
+	return WBC_ERR_NOT_IMPLEMENTED;
+}
+
+/* Set the highwater mark for allocated uids - not implemented any more */
+_PUBLIC_
+wbcErr wbcSetUidHwm(uid_t uid_hwm)
+{
+	return WBC_ERR_NOT_IMPLEMENTED;
+}
+
+/* Set the highwater mark for allocated gids - not implemented any more */
+_PUBLIC_
+wbcErr wbcSetGidHwm(gid_t gid_hwm)
+{
+	return WBC_ERR_NOT_IMPLEMENTED;
+}
+
+/* Convert a list of SIDs */
+_PUBLIC_
+wbcErr wbcCtxSidsToUnixIds(struct wbcContext *ctx,
+			   const struct wbcDomainSid *sids,
+			   uint32_t num_sids, struct wbcUnixId *ids)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	int buflen, extra_len;
+	uint32_t i;
+	char *sidlist, *p, *extra_data;
+
+	buflen = num_sids * (WBC_SID_STRING_BUFLEN + 1) + 1;
+
+	sidlist = (char *)malloc(buflen);
+	if (sidlist == NULL) {
+		return WBC_ERR_NO_MEMORY;
+	}
+
+	p = sidlist;
+
+	for (i=0; i<num_sids; i++) {
+		int remaining;
+		int len;
+
+		remaining = buflen - (p - sidlist);
+
+		len = wbcSidToStringBuf(&sids[i], p, remaining);
+		if (len > remaining) {
+			free(sidlist);
+			return WBC_ERR_UNKNOWN_FAILURE;
+		}
+
+		p += len;
+		*p++ = '\n';
+	}
+	*p++ = '\0';
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	request.extra_data.data = sidlist;
+	request.extra_len = p - sidlist;
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_SIDS_TO_XIDS,
+					&request, &response);
+	free(sidlist);
+	if (!WBC_ERROR_IS_OK(wbc_status)) {
+		return wbc_status;
+	}
+
+	extra_len = response.length - sizeof(struct winbindd_response);
+	extra_data = (char *)response.extra_data.data;
+
+	if ((extra_len <= 0) || (extra_data[extra_len-1] != '\0')) {
+		goto wbc_err_invalid;
+	}
+
+	p = extra_data;
+
+	for (i=0; i<num_sids; i++) {
+		struct wbcUnixId *id = &ids[i];
+		char *q;
+		int error = 0;
+
+		switch (p[0]) {
+		case 'U':
+			id->type = WBC_ID_TYPE_UID;
+			id->id.uid = smb_strtoul(p+1,
+						 &q,
+						 10,
+						 &error,
+						 SMB_STR_STANDARD);
+			break;
+		case 'G':
+			id->type = WBC_ID_TYPE_GID;
+			id->id.gid = smb_strtoul(p+1,
+						 &q,
+						 10,
+						 &error,
+						 SMB_STR_STANDARD);
+			break;
+		case 'B':
+			id->type = WBC_ID_TYPE_BOTH;
+			id->id.uid = smb_strtoul(p+1,
+						 &q,
+						 10,
+						 &error,
+						 SMB_STR_STANDARD);
+			break;
+		default:
+			id->type = WBC_ID_TYPE_NOT_SPECIFIED;
+			q = strchr(p, '\n');
+			break;
+		};
+		if (q == NULL || q[0] != '\n' || error != 0) {
+			goto wbc_err_invalid;
+		}
+		p = q+1;
+	}
+	wbc_status = WBC_ERR_SUCCESS;
+	goto done;
+
+wbc_err_invalid:
+	wbc_status = WBC_ERR_INVALID_RESPONSE;
+done:
+	winbindd_free_response(&response);
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcSidsToUnixIds(const struct wbcDomainSid *sids, uint32_t num_sids,
+			struct wbcUnixId *ids)
+{
+	return wbcCtxSidsToUnixIds(NULL, sids, num_sids, ids);
+}
+
+_PUBLIC_
+wbcErr wbcCtxUnixIdsToSids(struct wbcContext *ctx,
+			   const struct wbcUnixId *ids, uint32_t num_ids,
+			   struct wbcDomainSid *sids)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	wbcErr wbc_status;
+	char *buf;
+	char *s;
+	const size_t sidlen = (1 /* U/G */ + 10 /* 2^32 */ + 1 /* \n */);
+	size_t ofs, buflen;
+	uint32_t i;
+
+	if (num_ids > SIZE_MAX / sidlen) {
+		return WBC_ERR_NO_MEMORY; /* overflow */
+	}
+	buflen = num_ids * sidlen;
+
+	buflen += 1;		/* trailing \0 */
+	if (buflen < 1) {
+		return WBC_ERR_NO_MEMORY; /* overflow */
+	}
+
+	buf = malloc(buflen);
+	if (buf == NULL) {
+		return WBC_ERR_NO_MEMORY;
+	}
+
+	ofs = 0;
+
+	for (i=0; i<num_ids; i++) {
+		const struct wbcUnixId *id = &ids[i];
+		int len;
+
+		switch (id->type) {
+		case WBC_ID_TYPE_UID:
+			len = snprintf(buf+ofs, buflen-ofs, "U%"PRIu32"\n",
+				       (uint32_t)id->id.uid);
+			break;
+		case WBC_ID_TYPE_GID:
+			len = snprintf(buf+ofs, buflen-ofs, "G%"PRIu32"\n",
+				       (uint32_t)id->id.gid);
+			break;
+		default:
+			free(buf);
+			return WBC_ERR_INVALID_PARAM;
+		}
+
+		if (len + ofs >= buflen) { /* >= for the terminating '\0' */
+			free(buf);
+			return WBC_ERR_UNKNOWN_FAILURE;
+		}
+		ofs += len;
+	}
+
+	request = (struct winbindd_request) {
+		.extra_data.data = buf, .extra_len = ofs+1
+	};
+	response = (struct winbindd_response) {0};
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_XIDS_TO_SIDS,
+					&request, &response);
+	free(buf);
+	if (!WBC_ERROR_IS_OK(wbc_status)) {
+		return wbc_status;
+	}
+
+	s = response.extra_data.data;
+	for (i=0; i<num_ids; i++) {
+		char *n = strchr(s, '\n');
+
+		if (n == NULL) {
+			goto fail;
+		}
+		*n = '\0';
+
+		wbc_status = wbcStringToSid(s, &sids[i]);
+		if (!WBC_ERROR_IS_OK(wbc_status)) {
+			sids[i] = (struct wbcDomainSid) {0};
+		}
+		s = n+1;
+	}
+
+	wbc_status = WBC_ERR_SUCCESS;
+fail:
+	winbindd_free_response(&response);
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcUnixIdsToSids(const struct wbcUnixId *ids, uint32_t num_ids,
+			struct wbcDomainSid *sids)
+{
+	return wbcCtxUnixIdsToSids(NULL, ids, num_ids, sids);
+}
diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c
new file mode 100644
index 0000000..4df0ffe
--- /dev/null
+++ b/nsswitch/libwbclient/wbc_pam.c
@@ -0,0 +1,1484 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Winbind client API
+
+   Copyright (C) Gerald (Jerry) Carter 2007
+   Copyright (C) Guenther Deschner 2008
+   Copyright (C) Volker Lendecke 2009
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 3 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* Required Headers */
+
+#include "replace.h"
+#include "libwbclient.h"
+#include "../winbind_client.h"
+
+/* Authenticate a username/password pair */
+_PUBLIC_
+wbcErr wbcCtxAuthenticateUser(struct wbcContext *ctx,
+			      const char *username, const char *password)
+{
+	wbcErr wbc_status = WBC_ERR_SUCCESS;
+	struct wbcAuthUserParams params;
+
+	ZERO_STRUCT(params);
+
+	params.account_name		= username;
+	params.level			= WBC_AUTH_USER_LEVEL_PLAIN;
+	params.password.plaintext	= password;
+
+	wbc_status = wbcCtxAuthenticateUserEx(ctx, &params, NULL, NULL);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+done:
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcAuthenticateUser(const char *username, const char *password)
+{
+	return wbcCtxAuthenticateUser(NULL, username, password);
+}
+
+static bool sid_attr_compose(struct wbcSidWithAttr *s,
+			     const struct wbcDomainSid *d,
+			     uint32_t rid, uint32_t attr)
+{
+	if (d->num_auths >= WBC_MAXSUBAUTHS) {
+		return false;
+	}
+	s->sid = *d;
+	s->sid.sub_auths[s->sid.num_auths++] = rid;
+	s->attributes = attr;
+	return true;
+}
+
+static void wbcAuthUserInfoDestructor(void *ptr)
+{
+	struct wbcAuthUserInfo *i = (struct wbcAuthUserInfo *)ptr;
+	free(i->account_name);
+	free(i->user_principal);
+	free(i->full_name);
+	free(i->domain_name);
+	free(i->dns_domain_name);
+	free(i->logon_server);
+	free(i->logon_script);
+	free(i->profile_path);
+	free(i->home_directory);
+	free(i->home_drive);
+	free(i->sids);
+}
+
+static wbcErr wbc_create_auth_info(const struct winbindd_response *resp,
+				   struct wbcAuthUserInfo **_i)
+{
+	wbcErr wbc_status = WBC_ERR_SUCCESS;
+	struct wbcAuthUserInfo *i;
+	struct wbcDomainSid domain_sid;
+	char *p;
+	uint32_t sn = 0;
+	uint32_t j;
+
+	i = (struct wbcAuthUserInfo *)wbcAllocateMemory(
+		1, sizeof(struct wbcAuthUserInfo),
+		wbcAuthUserInfoDestructor);
+	BAIL_ON_PTR_ERROR(i, wbc_status);
+
+	i->user_flags	= resp->data.auth.info3.user_flgs;
+
+	i->account_name	= strdup(resp->data.auth.info3.user_name);
+	BAIL_ON_PTR_ERROR(i->account_name, wbc_status);
+	if (resp->data.auth.validation_level == 6) {
+		i->user_principal = strdup(resp->data.auth.info6.principal_name);
+		BAIL_ON_PTR_ERROR(i->user_principal, wbc_status);
+	} else {
+		i->user_principal = NULL;
+	}
+	i->full_name	= strdup(resp->data.auth.info3.full_name);
+	BAIL_ON_PTR_ERROR(i->full_name, wbc_status);
+	i->domain_name	= strdup(resp->data.auth.info3.logon_dom);
+	BAIL_ON_PTR_ERROR(i->domain_name, wbc_status);
+	if (resp->data.auth.validation_level == 6) {
+		i->dns_domain_name = strdup(resp->data.auth.info6.dns_domainname);
+		BAIL_ON_PTR_ERROR(i->dns_domain_name, wbc_status);
+	} else {
+		i->dns_domain_name = NULL;
+	}
+
+	i->acct_flags	= resp->data.auth.info3.acct_flags;
+	memcpy(i->user_session_key,
+	       resp->data.auth.user_session_key,
+	       sizeof(i->user_session_key));
+	memcpy(i->lm_session_key,
+	       resp->data.auth.first_8_lm_hash,
+	       sizeof(i->lm_session_key));
+
+	i->logon_count		= resp->data.auth.info3.logon_count;
+	i->bad_password_count	= resp->data.auth.info3.bad_pw_count;
+
+	i->logon_time		= resp->data.auth.info3.logon_time;
+	i->logoff_time		= resp->data.auth.info3.logoff_time;
+	i->kickoff_time		= resp->data.auth.info3.kickoff_time;
+	i->pass_last_set_time	= resp->data.auth.info3.pass_last_set_time;
+	i->pass_can_change_time	= resp->data.auth.info3.pass_can_change_time;
+	i->pass_must_change_time= resp->data.auth.info3.pass_must_change_time;
+
+	i->logon_server	= strdup(resp->data.auth.info3.logon_srv);
+	BAIL_ON_PTR_ERROR(i->logon_server, wbc_status);
+	i->logon_script	= strdup(resp->data.auth.info3.logon_script);
+	BAIL_ON_PTR_ERROR(i->logon_script, wbc_status);
+	i->profile_path	= strdup(resp->data.auth.info3.profile_path);
+	BAIL_ON_PTR_ERROR(i->profile_path, wbc_status);
+	i->home_directory= strdup(resp->data.auth.info3.home_dir);
+	BAIL_ON_PTR_ERROR(i->home_directory, wbc_status);
+	i->home_drive	= strdup(resp->data.auth.info3.dir_drive);
+	BAIL_ON_PTR_ERROR(i->home_drive, wbc_status);
+
+	i->num_sids	= 2;
+	i->num_sids 	+= resp->data.auth.info3.num_groups;
+	i->num_sids	+= resp->data.auth.info3.num_other_sids;
+
+	i->sids	= (struct wbcSidWithAttr *)calloc(
+		sizeof(struct wbcSidWithAttr), i->num_sids);
+	BAIL_ON_PTR_ERROR(i->sids, wbc_status);
+
+	wbc_status = wbcStringToSid(resp->data.auth.info3.dom_sid,
+				    &domain_sid);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	sn = 0;
+	if (!sid_attr_compose(&i->sids[sn], &domain_sid,
+			      resp->data.auth.info3.user_rid, 0)) {
+		wbc_status = WBC_ERR_INVALID_SID;
+		goto done;
+	}
+	sn++;
+	if (!sid_attr_compose(&i->sids[sn], &domain_sid,
+			      resp->data.auth.info3.group_rid, 0)) {
+		wbc_status = WBC_ERR_INVALID_SID;
+		goto done;
+	}
+	sn++;
+
+	p = (char *)resp->extra_data.data;
+	if (!p) {
+		wbc_status = WBC_ERR_INVALID_RESPONSE;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	for (j=0; j < resp->data.auth.info3.num_groups; j++) {
+		uint32_t rid;
+		uint32_t attrs;
+		int ret;
+		char *s = p;
+		char *e = strchr(p, '\n');
+		if (!e) {
+			wbc_status = WBC_ERR_INVALID_RESPONSE;
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+		e[0] = '\0';
+		p = &e[1];
+
+		ret = sscanf(s, "0x%08X:0x%08X", &rid, &attrs);
+		if (ret != 2) {
+			wbc_status = WBC_ERR_INVALID_RESPONSE;
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+
+		if (!sid_attr_compose(&i->sids[sn], &domain_sid,
+				      rid, attrs)) {
+			wbc_status = WBC_ERR_INVALID_SID;
+			goto done;
+		}
+		sn++;
+	}
+
+	for (j=0; j < resp->data.auth.info3.num_other_sids; j++) {
+		uint32_t attrs;
+		int ret;
+		char *s = p;
+		char *a;
+		char *e = strchr(p, '\n');
+		if (!e) {
+			wbc_status = WBC_ERR_INVALID_RESPONSE;
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+		e[0] = '\0';
+		p = &e[1];
+
+		e = strchr(s, ':');
+		if (!e) {
+			wbc_status = WBC_ERR_INVALID_RESPONSE;
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+		e[0] = '\0';
+		a = &e[1];
+
+		ret = sscanf(a, "0x%08X",
+			     &attrs);
+		if (ret != 1) {
+			wbc_status = WBC_ERR_INVALID_RESPONSE;
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+
+		wbc_status = wbcStringToSid(s, &i->sids[sn].sid);
+		BAIL_ON_WBC_ERROR(wbc_status);
+
+		i->sids[sn].attributes = attrs;
+		sn++;
+	}
+
+	i->num_sids = sn;
+
+	*_i = i;
+	i = NULL;
+done:
+	wbcFreeMemory(i);
+	return wbc_status;
+}
+
+static void wbcAuthErrorInfoDestructor(void *ptr)
+{
+	struct wbcAuthErrorInfo *e = (struct wbcAuthErrorInfo *)ptr;
+	free(e->nt_string);
+	free(e->display_string);
+}
+
+static wbcErr wbc_create_error_info(const struct winbindd_response *resp,
+				    struct wbcAuthErrorInfo **_e)
+{
+	wbcErr wbc_status = WBC_ERR_SUCCESS;
+	struct wbcAuthErrorInfo *e;
+
+	e = (struct wbcAuthErrorInfo *)wbcAllocateMemory(
+		1, sizeof(struct wbcAuthErrorInfo),
+		wbcAuthErrorInfoDestructor);
+	BAIL_ON_PTR_ERROR(e, wbc_status);
+
+	e->nt_status = resp->data.auth.nt_status;
+	e->pam_error = resp->data.auth.pam_error;
+	e->authoritative = resp->data.auth.authoritative;
+	e->nt_string = strdup(resp->data.auth.nt_status_string);
+	BAIL_ON_PTR_ERROR(e->nt_string, wbc_status);
+
+	e->display_string = strdup(resp->data.auth.error_string);
+	BAIL_ON_PTR_ERROR(e->display_string, wbc_status);
+
+	*_e = e;
+	e = NULL;
+
+done:
+	wbcFreeMemory(e);
+	return wbc_status;
+}
+
+static wbcErr wbc_create_password_policy_info(const struct winbindd_response *resp,
+					      struct wbcUserPasswordPolicyInfo **_i)
+{
+	wbcErr wbc_status = WBC_ERR_SUCCESS;
+	struct wbcUserPasswordPolicyInfo *i;
+
+	i = (struct wbcUserPasswordPolicyInfo *)wbcAllocateMemory(
+		1, sizeof(struct wbcUserPasswordPolicyInfo), NULL);
+	BAIL_ON_PTR_ERROR(i, wbc_status);
+
+	i->min_passwordage	= resp->data.auth.policy.min_passwordage;
+	i->min_length_password	= resp->data.auth.policy.min_length_password;
+	i->password_history	= resp->data.auth.policy.password_history;
+	i->password_properties	= resp->data.auth.policy.password_properties;
+	i->expire		= resp->data.auth.policy.expire;
+
+	*_i = i;
+	i = NULL;
+
+done:
+	wbcFreeMemory(i);
+	return wbc_status;
+}
+
+static void wbcLogonUserInfoDestructor(void *ptr)
+{
+	struct wbcLogonUserInfo *i = (struct wbcLogonUserInfo *)ptr;
+	wbcFreeMemory(i->info);
+	wbcFreeMemory(i->blobs);
+}
+
+static wbcErr wbc_create_logon_info(struct winbindd_response *resp,
+				    struct wbcLogonUserInfo **_i)
+{
+	wbcErr wbc_status = WBC_ERR_SUCCESS;
+	struct wbcLogonUserInfo *i;
+
+	i = (struct wbcLogonUserInfo *)wbcAllocateMemory(
+		1, sizeof(struct wbcLogonUserInfo),
+		wbcLogonUserInfoDestructor);
+	BAIL_ON_PTR_ERROR(i, wbc_status);
+
+	wbc_status = wbc_create_auth_info(resp, &i->info);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	if (resp->data.auth.krb5ccname[0] != '\0') {
+		wbc_status = wbcAddNamedBlob(&i->num_blobs,
+					     &i->blobs,
+					     "krb5ccname",
+					     0,
+					     (uint8_t *)resp->data.auth.krb5ccname,
+					     strlen(resp->data.auth.krb5ccname)+1);
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	if (resp->data.auth.unix_username[0] != '\0') {
+		wbc_status = wbcAddNamedBlob(&i->num_blobs,
+					     &i->blobs,
+					     "unix_username",
+					     0,
+					     (uint8_t *)resp->data.auth.unix_username,
+					     strlen(resp->data.auth.unix_username)+1);
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	*_i = i;
+	i = NULL;
+done:
+	wbcFreeMemory(i);
+	return wbc_status;
+}
+
+
+/* Authenticate with more detailed information */
+_PUBLIC_
+wbcErr wbcCtxAuthenticateUserEx(struct wbcContext *ctx,
+				const struct wbcAuthUserParams *params,
+				struct wbcAuthUserInfo **info,
+				struct wbcAuthErrorInfo **error)
+{
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	int cmd = 0;
+	struct winbindd_request request;
+	struct winbindd_response response;
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	if (error) {
+		*error = NULL;
+	}
+
+	if (!params) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	if (params->level != WBC_AUTH_USER_LEVEL_PAC && !params->account_name) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	/* Initialize request */
+
+	switch (params->level) {
+	case WBC_AUTH_USER_LEVEL_PLAIN:
+		cmd = WINBINDD_PAM_AUTH;
+		request.flags = WBFLAG_PAM_INFO3_TEXT |
+				WBFLAG_PAM_USER_SESSION_KEY |
+				WBFLAG_PAM_LMKEY;
+
+		if (!params->password.plaintext) {
+			wbc_status = WBC_ERR_INVALID_PARAM;
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+
+		if (params->domain_name && params->domain_name[0]) {
+			/* We need to get the winbind separator :-( */
+			struct winbindd_response sep_response;
+
+			ZERO_STRUCT(sep_response);
+
+			wbc_status = wbcRequestResponse(ctx, WINBINDD_INFO,
+							NULL, &sep_response);
+			BAIL_ON_WBC_ERROR(wbc_status);
+
+			snprintf(request.data.auth.user,
+				 sizeof(request.data.auth.user)-1,
+				 "%s%c%s",
+				 params->domain_name,
+				 sep_response.data.info.winbind_separator,
+				 params->account_name);
+		} else {
+			strncpy(request.data.auth.user,
+				params->account_name,
+				sizeof(request.data.auth.user)-1);
+		}
+
+		strncpy(request.data.auth.pass,
+			params->password.plaintext,
+			sizeof(request.data.auth.pass)-1);
+		break;
+
+	case WBC_AUTH_USER_LEVEL_HASH:
+		wbc_status = WBC_ERR_NOT_IMPLEMENTED;
+		BAIL_ON_WBC_ERROR(wbc_status);
+		break;
+
+	case WBC_AUTH_USER_LEVEL_RESPONSE:
+		cmd = WINBINDD_PAM_AUTH_CRAP;
+		request.flags = WBFLAG_PAM_INFO3_TEXT |
+				WBFLAG_PAM_USER_SESSION_KEY |
+				WBFLAG_PAM_LMKEY;
+
+		if (params->password.response.lm_length &&
+		    !params->password.response.lm_data) {
+			wbc_status = WBC_ERR_INVALID_PARAM;
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+		if (params->password.response.lm_length == 0 &&
+		    params->password.response.lm_data) {
+			wbc_status = WBC_ERR_INVALID_PARAM;
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+
+		if (params->password.response.nt_length &&
+		    !params->password.response.nt_data) {
+			wbc_status = WBC_ERR_INVALID_PARAM;
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+		if (params->password.response.nt_length == 0&&
+		    params->password.response.nt_data) {
+			wbc_status = WBC_ERR_INVALID_PARAM;
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+
+		strncpy(request.data.auth_crap.user,
+			params->account_name,
+			sizeof(request.data.auth_crap.user)-1);
+		if (params->domain_name) {
+			strncpy(request.data.auth_crap.domain,
+				params->domain_name,
+				sizeof(request.data.auth_crap.domain)-1);
+		}
+		if (params->workstation_name) {
+			strncpy(request.data.auth_crap.workstation,
+				params->workstation_name,
+				sizeof(request.data.auth_crap.workstation)-1);
+		}
+
+		request.data.auth_crap.logon_parameters =
+				params->parameter_control;
+
+		memcpy(request.data.auth_crap.chal,
+		       params->password.response.challenge,
+		       sizeof(request.data.auth_crap.chal));
+
+		request.data.auth_crap.lm_resp_len =
+				MIN(params->password.response.lm_length,
+				    sizeof(request.data.auth_crap.lm_resp));
+		if (params->password.response.lm_data) {
+			memcpy(request.data.auth_crap.lm_resp,
+			       params->password.response.lm_data,
+			       request.data.auth_crap.lm_resp_len);
+		}
+		request.data.auth_crap.nt_resp_len = params->password.response.nt_length;
+		if (params->password.response.nt_length > sizeof(request.data.auth_crap.nt_resp)) {
+			request.flags |= WBFLAG_BIG_NTLMV2_BLOB;
+			request.extra_len = params->password.response.nt_length;
+			request.extra_data.data = (char *)malloc(
+				request.extra_len);
+			if (request.extra_data.data == NULL) {
+				wbc_status = WBC_ERR_NO_MEMORY;
+				BAIL_ON_WBC_ERROR(wbc_status);
+			}
+			memcpy(request.extra_data.data,
+			       params->password.response.nt_data,
+			       request.data.auth_crap.nt_resp_len);
+		} else if (params->password.response.nt_data) {
+			memcpy(request.data.auth_crap.nt_resp,
+			       params->password.response.nt_data,
+			       request.data.auth_crap.nt_resp_len);
+		}
+		break;
+
+	case WBC_AUTH_USER_LEVEL_PAC:
+		cmd = WINBINDD_PAM_AUTH_CRAP;
+		request.flags = WBFLAG_PAM_AUTH_PAC | WBFLAG_PAM_INFO3_TEXT;
+		request.extra_data.data = malloc(params->password.pac.length);
+		if (request.extra_data.data == NULL) {
+			wbc_status = WBC_ERR_NO_MEMORY;
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+		memcpy(request.extra_data.data, params->password.pac.data,
+		       params->password.pac.length);
+		request.extra_len = params->password.pac.length;
+		break;
+
+	default:
+		break;
+	}
+
+	if (cmd == 0) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	if (params->flags) {
+		request.flags |= params->flags;
+	}
+
+	if (cmd == WINBINDD_PAM_AUTH_CRAP) {
+		wbc_status = wbcRequestResponsePriv(ctx, cmd,
+						    &request, &response);
+	} else {
+		wbc_status = wbcRequestResponse(ctx, cmd,
+						&request, &response);
+	}
+	if (response.data.auth.nt_status != 0) {
+		if (error) {
+			wbc_status = wbc_create_error_info(&response,
+							   error);
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+
+		wbc_status = WBC_ERR_AUTH_ERROR;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	if (info) {
+		wbc_status = wbc_create_auth_info(&response, info);
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+done:
+	winbindd_free_response(&response);
+
+	free(request.extra_data.data);
+
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
+			     struct wbcAuthUserInfo **info,
+			     struct wbcAuthErrorInfo **error)
+{
+	return wbcCtxAuthenticateUserEx(NULL, params, info, error);
+}
+
+/* Trigger a verification of the trust credentials of a specific domain */
+_PUBLIC_
+wbcErr wbcCtxCheckTrustCredentials(struct wbcContext *ctx, const char *domain,
+				   struct wbcAuthErrorInfo **error)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	if (domain) {
+		strncpy(request.domain_name, domain,
+			sizeof(request.domain_name)-1);
+	}
+
+	/* Send request */
+
+	wbc_status = wbcRequestResponsePriv(ctx, WINBINDD_CHECK_MACHACC,
+					    &request, &response);
+	if (response.data.auth.nt_status != 0) {
+		if (error) {
+			wbc_status = wbc_create_error_info(&response,
+							   error);
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+
+		wbc_status = WBC_ERR_AUTH_ERROR;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+ done:
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcCheckTrustCredentials(const char *domain,
+				struct wbcAuthErrorInfo **error)
+{
+	return wbcCtxCheckTrustCredentials(NULL, domain, error);
+}
+
+/* Trigger a change of the trust credentials for a specific domain */
+_PUBLIC_
+wbcErr wbcCtxChangeTrustCredentials(struct wbcContext *ctx, const char *domain,
+				    struct wbcAuthErrorInfo **error)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	if (domain) {
+		strncpy(request.domain_name, domain,
+			sizeof(request.domain_name)-1);
+	}
+
+	/* Send request */
+
+	wbc_status = wbcRequestResponsePriv(ctx, WINBINDD_CHANGE_MACHACC,
+					    &request, &response);
+	if (response.data.auth.nt_status != 0) {
+		if (error) {
+			wbc_status = wbc_create_error_info(&response,
+							   error);
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+
+		wbc_status = WBC_ERR_AUTH_ERROR;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+ done:
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcChangeTrustCredentials(const char *domain,
+				 struct wbcAuthErrorInfo **error)
+{
+	return wbcCtxChangeTrustCredentials(NULL, domain, error);
+}
+
+/*
+ * Trigger a no-op NETLOGON call. Lightweight version of
+ * wbcCheckTrustCredentials
+ */
+_PUBLIC_
+wbcErr wbcCtxPingDc(struct wbcContext *ctx, const char *domain,
+		    struct wbcAuthErrorInfo **error)
+{
+	return wbcCtxPingDc2(ctx, domain, error, NULL);
+}
+
+_PUBLIC_
+wbcErr wbcPingDc(const char *domain, struct wbcAuthErrorInfo **error)
+{
+	return wbcPingDc2(domain, error, NULL);
+}
+
+/*
+ * Trigger a no-op NETLOGON call. Lightweight version of
+ * wbcCheckTrustCredentials, optionally return attempted DC
+ */
+_PUBLIC_
+wbcErr wbcCtxPingDc2(struct wbcContext *ctx, const char *domain,
+		     struct wbcAuthErrorInfo **error, char **dcname)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	if (domain) {
+		strncpy(request.domain_name, domain,
+			sizeof(request.domain_name)-1);
+	}
+
+	/* Send request */
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_PING_DC,
+					&request,
+					&response);
+
+	if (dcname && response.extra_data.data) {
+		size_t len;
+
+		len = response.length - sizeof(struct winbindd_response);
+		*dcname = wbcAllocateMemory(1, len, NULL);
+		BAIL_ON_PTR_ERROR(*dcname, wbc_status);
+
+		strlcpy(*dcname, response.extra_data.data, len);
+	}
+
+	if (response.data.auth.nt_status != 0) {
+		if (error) {
+			wbc_status = wbc_create_error_info(&response,
+							   error);
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+
+		wbc_status = WBC_ERR_AUTH_ERROR;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+ done:
+	winbindd_free_response(&response);
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcPingDc2(const char *domain, struct wbcAuthErrorInfo **error,
+		  char **dcname)
+{
+	return wbcCtxPingDc2(NULL, domain, error, dcname);
+}
+
+/* Trigger an extended logoff notification to Winbind for a specific user */
+_PUBLIC_
+wbcErr wbcCtxLogoffUserEx(struct wbcContext *ctx,
+			  const struct wbcLogoffUserParams *params,
+		          struct wbcAuthErrorInfo **error)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	size_t i;
+
+	/* validate input */
+
+	if (!params || !params->username) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	if ((params->num_blobs > 0) && (params->blobs == NULL)) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+	if ((params->num_blobs == 0) && (params->blobs != NULL)) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	strncpy(request.data.logoff.user, params->username,
+		sizeof(request.data.logoff.user)-1);
+
+	for (i=0; i<params->num_blobs; i++) {
+
+		if (strcasecmp(params->blobs[i].name, "ccfilename") == 0) {
+			if (params->blobs[i].blob.data) {
+				strncpy(request.data.logoff.krb5ccname,
+					(const char *)params->blobs[i].blob.data,
+					sizeof(request.data.logoff.krb5ccname) - 1);
+			}
+			continue;
+		}
+
+		if (strcasecmp(params->blobs[i].name, "user_uid") == 0) {
+			if (params->blobs[i].blob.data) {
+				memcpy(&request.data.logoff.uid,
+					params->blobs[i].blob.data,
+					MIN(params->blobs[i].blob.length,
+					    sizeof(request.data.logoff.uid)));
+			}
+			continue;
+		}
+
+		if (strcasecmp(params->blobs[i].name, "flags") == 0) {
+			if (params->blobs[i].blob.data) {
+				memcpy(&request.flags,
+					params->blobs[i].blob.data,
+					MIN(params->blobs[i].blob.length,
+					    sizeof(request.flags)));
+			}
+			continue;
+		}
+	}
+
+	/* Send request */
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_PAM_LOGOFF,
+					&request,
+					&response);
+
+	/* Take the response above and return it to the caller */
+	if (response.data.auth.nt_status != 0) {
+		if (error) {
+			wbc_status = wbc_create_error_info(&response,
+							   error);
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+
+		wbc_status = WBC_ERR_AUTH_ERROR;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+ done:
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcLogoffUserEx(const struct wbcLogoffUserParams *params,
+		       struct wbcAuthErrorInfo **error)
+{
+	return wbcCtxLogoffUserEx(NULL, params, error);
+}
+
+/* Trigger a logoff notification to Winbind for a specific user */
+_PUBLIC_
+wbcErr wbcCtxLogoffUser(struct wbcContext *ctx,
+			const char *username, uid_t uid,
+			const char *ccfilename)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+
+	/* validate input */
+
+	if (!username) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	strncpy(request.data.logoff.user, username,
+		sizeof(request.data.logoff.user)-1);
+	request.data.logoff.uid = uid;
+
+	if (ccfilename) {
+		strncpy(request.data.logoff.krb5ccname, ccfilename,
+			sizeof(request.data.logoff.krb5ccname)-1);
+	}
+
+	/* Send request */
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_PAM_LOGOFF,
+					&request,
+					&response);
+
+	/* Take the response above and return it to the caller */
+
+ done:
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcLogoffUser(const char *username,
+		     uid_t uid,
+		     const char *ccfilename)
+{
+	return wbcCtxLogoffUser(NULL, username, uid, ccfilename);
+}
+
+/* Change a password for a user with more detailed information upon failure */
+_PUBLIC_
+wbcErr wbcCtxChangeUserPasswordEx(struct wbcContext *ctx,
+			const struct wbcChangePasswordParams *params,
+			struct wbcAuthErrorInfo **error,
+			enum wbcPasswordChangeRejectReason *reject_reason,
+			struct wbcUserPasswordPolicyInfo **policy)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	int cmd = 0;
+
+	/* validate input */
+
+	if (!params->account_name) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		goto done;
+	}
+
+	if (error) {
+		*error = NULL;
+	}
+
+	if (policy) {
+		*policy = NULL;
+	}
+
+	if (reject_reason) {
+		*reject_reason = -1;
+	}
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	switch (params->level) {
+	case WBC_CHANGE_PASSWORD_LEVEL_PLAIN:
+		cmd = WINBINDD_PAM_CHAUTHTOK;
+
+		if (!params->account_name) {
+			wbc_status = WBC_ERR_INVALID_PARAM;
+			goto done;
+		}
+
+		strncpy(request.data.chauthtok.user, params->account_name,
+			sizeof(request.data.chauthtok.user) - 1);
+
+		if (params->old_password.plaintext) {
+			strncpy(request.data.chauthtok.oldpass,
+				params->old_password.plaintext,
+				sizeof(request.data.chauthtok.oldpass) - 1);
+		}
+
+		if (params->new_password.plaintext) {
+			strncpy(request.data.chauthtok.newpass,
+				params->new_password.plaintext,
+				sizeof(request.data.chauthtok.newpass) - 1);
+		}
+		break;
+
+	case WBC_CHANGE_PASSWORD_LEVEL_RESPONSE:
+		cmd = WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP;
+
+		if (!params->account_name || !params->domain_name) {
+			wbc_status = WBC_ERR_INVALID_PARAM;
+			goto done;
+		}
+
+		if (params->old_password.response.old_lm_hash_enc_length &&
+		    !params->old_password.response.old_lm_hash_enc_data) {
+			wbc_status = WBC_ERR_INVALID_PARAM;
+			goto done;
+		}
+
+		if (params->old_password.response.old_lm_hash_enc_length == 0 &&
+		    params->old_password.response.old_lm_hash_enc_data) {
+			wbc_status = WBC_ERR_INVALID_PARAM;
+			goto done;
+		}
+
+		if (params->old_password.response.old_nt_hash_enc_length &&
+		    !params->old_password.response.old_nt_hash_enc_data) {
+			wbc_status = WBC_ERR_INVALID_PARAM;
+			goto done;
+		}
+
+		if (params->old_password.response.old_nt_hash_enc_length == 0 &&
+		    params->old_password.response.old_nt_hash_enc_data) {
+			wbc_status = WBC_ERR_INVALID_PARAM;
+			goto done;
+		}
+
+		if (params->new_password.response.lm_length &&
+		    !params->new_password.response.lm_data) {
+			wbc_status = WBC_ERR_INVALID_PARAM;
+			goto done;
+		}
+
+		if (params->new_password.response.lm_length == 0 &&
+		    params->new_password.response.lm_data) {
+			wbc_status = WBC_ERR_INVALID_PARAM;
+			goto done;
+		}
+
+		if (params->new_password.response.nt_length &&
+		    !params->new_password.response.nt_data) {
+			wbc_status = WBC_ERR_INVALID_PARAM;
+			goto done;
+		}
+
+		if (params->new_password.response.nt_length == 0 &&
+		    params->new_password.response.nt_data) {
+			wbc_status = WBC_ERR_INVALID_PARAM;
+			goto done;
+		}
+
+		strncpy(request.data.chng_pswd_auth_crap.user,
+			params->account_name,
+			sizeof(request.data.chng_pswd_auth_crap.user) - 1);
+
+		strncpy(request.data.chng_pswd_auth_crap.domain,
+			params->domain_name,
+			sizeof(request.data.chng_pswd_auth_crap.domain) - 1);
+
+		if (params->new_password.response.nt_data) {
+			request.data.chng_pswd_auth_crap.new_nt_pswd_len =
+				params->new_password.response.nt_length;
+			memcpy(request.data.chng_pswd_auth_crap.new_nt_pswd,
+			       params->new_password.response.nt_data,
+			       request.data.chng_pswd_auth_crap.new_nt_pswd_len);
+		}
+
+		if (params->new_password.response.lm_data) {
+			request.data.chng_pswd_auth_crap.new_lm_pswd_len =
+				params->new_password.response.lm_length;
+			memcpy(request.data.chng_pswd_auth_crap.new_lm_pswd,
+			       params->new_password.response.lm_data,
+			       request.data.chng_pswd_auth_crap.new_lm_pswd_len);
+		}
+
+		if (params->old_password.response.old_nt_hash_enc_data) {
+			request.data.chng_pswd_auth_crap.old_nt_hash_enc_len =
+				params->old_password.response.old_nt_hash_enc_length;
+			memcpy(request.data.chng_pswd_auth_crap.old_nt_hash_enc,
+			       params->old_password.response.old_nt_hash_enc_data,
+			       request.data.chng_pswd_auth_crap.old_nt_hash_enc_len);
+		}
+
+		if (params->old_password.response.old_lm_hash_enc_data) {
+			request.data.chng_pswd_auth_crap.old_lm_hash_enc_len =
+				params->old_password.response.old_lm_hash_enc_length;
+			memcpy(request.data.chng_pswd_auth_crap.old_lm_hash_enc,
+			       params->old_password.response.old_lm_hash_enc_data,
+			       request.data.chng_pswd_auth_crap.old_lm_hash_enc_len);
+		}
+
+		break;
+	default:
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		goto done;
+		break;
+	}
+
+	/* Send request */
+
+	wbc_status = wbcRequestResponse(ctx, cmd,
+					&request,
+					&response);
+	if (WBC_ERROR_IS_OK(wbc_status)) {
+		goto done;
+	}
+
+	/* Take the response above and return it to the caller */
+
+	if (response.data.auth.nt_status != 0) {
+		if (error) {
+			wbc_status = wbc_create_error_info(&response,
+							   error);
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+
+	}
+
+	if (policy) {
+		wbc_status = wbc_create_password_policy_info(&response,
+							     policy);
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	if (reject_reason) {
+		*reject_reason = response.data.auth.reject_reason;
+	}
+
+	wbc_status = WBC_ERR_PWD_CHANGE_FAILED;
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+ done:
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcChangeUserPasswordEx(const struct wbcChangePasswordParams *params,
+			      struct wbcAuthErrorInfo **error,
+			      enum wbcPasswordChangeRejectReason *reject_reason,
+			      struct wbcUserPasswordPolicyInfo **policy)
+{
+	return wbcCtxChangeUserPasswordEx(NULL, params, error,
+					  reject_reason, policy);
+}
+
+/* Change a password for a user */
+_PUBLIC_
+wbcErr wbcCtxChangeUserPassword(struct wbcContext *ctx,
+				const char *username,
+				const char *old_password,
+				const char *new_password)
+{
+	wbcErr wbc_status = WBC_ERR_SUCCESS;
+	struct wbcChangePasswordParams params;
+
+	ZERO_STRUCT(params);
+
+	params.account_name		= username;
+	params.level			= WBC_CHANGE_PASSWORD_LEVEL_PLAIN;
+	params.old_password.plaintext	= old_password;
+	params.new_password.plaintext	= new_password;
+
+	wbc_status = wbcCtxChangeUserPasswordEx(ctx, &params,
+						NULL,
+						NULL,
+						NULL);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+done:
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcChangeUserPassword(const char *username,
+			     const char *old_password,
+			     const char *new_password)
+{
+	return wbcCtxChangeUserPassword(NULL, username,
+					old_password, new_password);
+}
+
+/* Logon a User */
+_PUBLIC_
+wbcErr wbcCtxLogonUser(struct wbcContext *ctx,
+		       const struct wbcLogonUserParams *params,
+		       struct wbcLogonUserInfo **info,
+		       struct wbcAuthErrorInfo **error,
+		       struct wbcUserPasswordPolicyInfo **policy)
+{
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	struct winbindd_request request;
+	struct winbindd_response response;
+	uint32_t i;
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	if (info) {
+		*info = NULL;
+	}
+	if (error) {
+		*error = NULL;
+	}
+	if (policy) {
+		*policy = NULL;
+	}
+
+	if (!params) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	if (!params->username) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	if ((params->num_blobs > 0) && (params->blobs == NULL)) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+	if ((params->num_blobs == 0) && (params->blobs != NULL)) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	/* Initialize request */
+
+	request.flags = WBFLAG_PAM_INFO3_TEXT |
+			WBFLAG_PAM_USER_SESSION_KEY |
+			WBFLAG_PAM_LMKEY;
+
+	if (!params->password) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	strncpy(request.data.auth.user,
+		params->username,
+		sizeof(request.data.auth.user)-1);
+
+	strncpy(request.data.auth.pass,
+		params->password,
+		sizeof(request.data.auth.pass)-1);
+
+	for (i=0; i<params->num_blobs; i++) {
+
+		if (strcasecmp(params->blobs[i].name, "krb5_cc_type") == 0) {
+			if (params->blobs[i].blob.data) {
+				strncpy(request.data.auth.krb5_cc_type,
+					(const char *)params->blobs[i].blob.data,
+					sizeof(request.data.auth.krb5_cc_type) - 1);
+			}
+			continue;
+		}
+
+		if (strcasecmp(params->blobs[i].name, "user_uid") == 0) {
+			if (params->blobs[i].blob.data) {
+				memcpy(&request.data.auth.uid,
+					params->blobs[i].blob.data,
+					MIN(sizeof(request.data.auth.uid),
+					    params->blobs[i].blob.length));
+			}
+			continue;
+		}
+
+		if (strcasecmp(params->blobs[i].name, "flags") == 0) {
+			if (params->blobs[i].blob.data) {
+				uint32_t flags;
+				memcpy(&flags,
+					params->blobs[i].blob.data,
+					MIN(sizeof(flags),
+					    params->blobs[i].blob.length));
+				request.flags |= flags;
+			}
+			continue;
+		}
+
+		if (strcasecmp(params->blobs[i].name, "membership_of") == 0) {
+			if (params->blobs[i].blob.data &&
+			    params->blobs[i].blob.data[0] > 0) {
+				strncpy(request.data.auth.require_membership_of_sid,
+					(const char *)params->blobs[i].blob.data,
+					sizeof(request.data.auth.require_membership_of_sid) - 1);
+			}
+			continue;
+		}
+	}
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_PAM_AUTH,
+					&request,
+					&response);
+
+	if (response.data.auth.nt_status != 0) {
+		if (error) {
+			wbc_status = wbc_create_error_info(&response,
+							   error);
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+
+		wbc_status = WBC_ERR_AUTH_ERROR;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	if (info) {
+		wbc_status = wbc_create_logon_info(&response,
+						   info);
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	if (policy) {
+		wbc_status = wbc_create_password_policy_info(&response,
+							     policy);
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+done:
+	winbindd_free_response(&response);
+
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcLogonUser(const struct wbcLogonUserParams *params,
+		    struct wbcLogonUserInfo **info,
+		    struct wbcAuthErrorInfo **error,
+		    struct wbcUserPasswordPolicyInfo **policy)
+{
+	return wbcCtxLogonUser(NULL, params, info, error, policy);
+}
+
+static void wbcCredentialCacheInfoDestructor(void *ptr)
+{
+	struct wbcCredentialCacheInfo *i =
+		(struct wbcCredentialCacheInfo *)ptr;
+	wbcFreeMemory(i->blobs);
+}
+
+/* Authenticate a user with cached credentials */
+_PUBLIC_
+wbcErr wbcCtxCredentialCache(struct wbcContext *ctx,
+			     struct wbcCredentialCacheParams *params,
+                             struct wbcCredentialCacheInfo **info,
+                             struct wbcAuthErrorInfo **error)
+{
+	wbcErr status = WBC_ERR_UNKNOWN_FAILURE;
+	struct wbcCredentialCacheInfo *result = NULL;
+	struct winbindd_request request;
+	struct winbindd_response response;
+	struct wbcNamedBlob *initial_blob = NULL;
+	struct wbcNamedBlob *challenge_blob = NULL;
+	size_t i;
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	*info = NULL;
+
+	if (error != NULL) {
+		*error = NULL;
+	}
+	if ((params == NULL)
+	    || (params->account_name == NULL)
+	    || (params->level != WBC_CREDENTIAL_CACHE_LEVEL_NTLMSSP)) {
+		status = WBC_ERR_INVALID_PARAM;
+		goto fail;
+	}
+
+	for (i=0; i<params->num_blobs; i++) {
+		/*
+		 * Older callers may used to provide the NEGOTIATE request
+		 * as "initial_blob", but it was completely ignored by winbindd.
+		 *
+		 * So we keep ignoring it.
+		 *
+		 * A new callers that is capable to support "new_spnego",
+		 * will provide the NEGOTIATE request as "negotiate_blob"
+		 * instead.
+		 */
+		if (strcasecmp(params->blobs[i].name, "negotiate_blob") == 0) {
+			if (initial_blob != NULL) {
+				status = WBC_ERR_INVALID_PARAM;
+				goto fail;
+			}
+			initial_blob = &params->blobs[i];
+			continue;
+		}
+		if (strcasecmp(params->blobs[i].name, "challenge_blob") == 0) {
+			if (challenge_blob != NULL) {
+				status = WBC_ERR_INVALID_PARAM;
+				goto fail;
+			}
+			challenge_blob = &params->blobs[i];
+			continue;
+		}
+	}
+
+	if (params->domain_name != NULL) {
+		status = wbcRequestResponse(ctx, WINBINDD_INFO,
+					    NULL, &response);
+		if (!WBC_ERROR_IS_OK(status)) {
+			goto fail;
+		}
+		snprintf(request.data.ccache_ntlm_auth.user,
+			 sizeof(request.data.ccache_ntlm_auth.user)-1,
+			 "%s%c%s", params->domain_name,
+			 response.data.info.winbind_separator,
+			 params->account_name);
+	} else {
+		strncpy(request.data.ccache_ntlm_auth.user,
+			params->account_name,
+			sizeof(request.data.ccache_ntlm_auth.user)-1);
+	}
+	request.data.ccache_ntlm_auth.uid = getuid();
+
+	request.data.ccache_ntlm_auth.initial_blob_len = 0;
+	request.data.ccache_ntlm_auth.challenge_blob_len = 0;
+	request.extra_len = 0;
+
+	if (initial_blob != NULL) {
+		request.data.ccache_ntlm_auth.initial_blob_len =
+			initial_blob->blob.length;
+		request.extra_len += initial_blob->blob.length;
+	}
+	if (challenge_blob != NULL) {
+		request.data.ccache_ntlm_auth.challenge_blob_len =
+			challenge_blob->blob.length;
+		request.extra_len += challenge_blob->blob.length;
+	}
+
+	if (request.extra_len != 0) {
+		request.extra_data.data = (char *)malloc(request.extra_len);
+		if (request.extra_data.data == NULL) {
+			status = WBC_ERR_NO_MEMORY;
+			goto fail;
+		}
+	}
+	if (initial_blob != NULL) {
+		memcpy(request.extra_data.data,
+		       initial_blob->blob.data, initial_blob->blob.length);
+	}
+	if (challenge_blob != NULL) {
+		memcpy(request.extra_data.data
+		       + request.data.ccache_ntlm_auth.initial_blob_len,
+		       challenge_blob->blob.data,
+		       challenge_blob->blob.length);
+	}
+
+	status = wbcRequestResponse(ctx, WINBINDD_CCACHE_NTLMAUTH,
+				    &request, &response);
+	if (!WBC_ERROR_IS_OK(status)) {
+		goto fail;
+	}
+
+	result = (struct wbcCredentialCacheInfo *)wbcAllocateMemory(
+		1, sizeof(struct wbcCredentialCacheInfo),
+		wbcCredentialCacheInfoDestructor);
+	if (result == NULL) {
+		status = WBC_ERR_NO_MEMORY;
+		goto fail;
+	}
+	result->num_blobs = 0;
+	result->blobs = NULL;
+	status = wbcAddNamedBlob(&result->num_blobs, &result->blobs,
+				 "auth_blob", 0,
+				 (uint8_t *)response.extra_data.data,
+				 response.data.ccache_ntlm_auth.auth_blob_len);
+	if (!WBC_ERROR_IS_OK(status)) {
+		goto fail;
+	}
+	status = wbcAddNamedBlob(
+		&result->num_blobs, &result->blobs, "session_key", 0,
+		response.data.ccache_ntlm_auth.session_key,
+		sizeof(response.data.ccache_ntlm_auth.session_key));
+	if (!WBC_ERROR_IS_OK(status)) {
+		goto fail;
+	}
+	if (response.data.ccache_ntlm_auth.new_spnego) {
+		status = wbcAddNamedBlob(
+			&result->num_blobs, &result->blobs, "new_spnego", 0,
+			&response.data.ccache_ntlm_auth.new_spnego,
+			sizeof(response.data.ccache_ntlm_auth.new_spnego));
+		if (!WBC_ERROR_IS_OK(status)) {
+			goto fail;
+		}
+	}
+
+	*info = result;
+	result = NULL;
+	status = WBC_ERR_SUCCESS;
+fail:
+	free(request.extra_data.data);
+	winbindd_free_response(&response);
+	wbcFreeMemory(result);
+	return status;
+}
+
+_PUBLIC_
+wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params,
+                          struct wbcCredentialCacheInfo **info,
+                          struct wbcAuthErrorInfo **error)
+{
+	return wbcCtxCredentialCache(NULL, params, info, error);
+}
+
+/* Authenticate a user with cached credentials */
+_PUBLIC_
+wbcErr wbcCtxCredentialSave(struct wbcContext *ctx,
+			    const char *user, const char *password)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	strncpy(request.data.ccache_save.user, user,
+		sizeof(request.data.ccache_save.user)-1);
+	strncpy(request.data.ccache_save.pass, password,
+		sizeof(request.data.ccache_save.pass)-1);
+	request.data.ccache_save.uid = getuid();
+
+	return wbcRequestResponse(ctx, WINBINDD_CCACHE_SAVE, &request, &response);
+}
+
+_PUBLIC_
+wbcErr wbcCredentialSave(const char *user, const char *password)
+{
+	return wbcCtxCredentialSave(NULL, user, password);
+}
diff --git a/nsswitch/libwbclient/wbc_pwd.c b/nsswitch/libwbclient/wbc_pwd.c
new file mode 100644
index 0000000..4e83fbf
--- /dev/null
+++ b/nsswitch/libwbclient/wbc_pwd.c
@@ -0,0 +1,722 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Winbind client API
+
+   Copyright (C) Gerald (Jerry) Carter 2007
+   Copyright (C) Matthew Newton 2015
+
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 3 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* Required Headers */
+
+#include "replace.h"
+#include "libwbclient.h"
+#include "../winbind_client.h"
+
+/** @brief The maximum number of pwent structs to get from winbindd
+ *
+ */
+#define MAX_GETPWENT_USERS 500
+
+/** @brief The maximum number of grent structs to get from winbindd
+ *
+ */
+#define MAX_GETGRENT_GROUPS 500
+
+/**
+ *
+ **/
+
+static void wbcPasswdDestructor(void *ptr)
+{
+	struct passwd *pw = (struct passwd *)ptr;
+	free(pw->pw_name);
+	free(pw->pw_passwd);
+	free(pw->pw_gecos);
+	free(pw->pw_shell);
+	free(pw->pw_dir);
+}
+
+static struct passwd *copy_passwd_entry(struct winbindd_pw *p)
+{
+	struct passwd *pw = NULL;
+
+	pw = (struct passwd *)wbcAllocateMemory(1, sizeof(struct passwd),
+						wbcPasswdDestructor);
+	if (pw == NULL) {
+		return NULL;
+	}
+	pw->pw_name = strdup(p->pw_name);
+	if (pw->pw_name == NULL) {
+		goto fail;
+	}
+	pw->pw_passwd = strdup(p->pw_passwd);
+	if (pw->pw_passwd == NULL) {
+		goto fail;
+	}
+	pw->pw_gecos = strdup(p->pw_gecos);
+	if (pw->pw_gecos == NULL) {
+		goto fail;
+	}
+	pw->pw_shell = strdup(p->pw_shell);
+	if (pw->pw_shell == NULL) {
+		goto fail;
+	}
+	pw->pw_dir = strdup(p->pw_dir);
+	if (pw->pw_dir == NULL) {
+		goto fail;
+	}
+	pw->pw_uid = p->pw_uid;
+	pw->pw_gid = p->pw_gid;
+	return pw;
+
+fail:
+	wbcFreeMemory(pw);
+	return NULL;
+}
+
+/**
+ *
+ **/
+
+static void wbcGroupDestructor(void *ptr)
+{
+	struct group *gr = (struct group *)ptr;
+	int i;
+
+	free(gr->gr_name);
+	free(gr->gr_passwd);
+
+	/* if the array was partly created this can be NULL */
+	if (gr->gr_mem == NULL) {
+		return;
+	}
+
+	for (i=0; gr->gr_mem[i] != NULL; i++) {
+		free(gr->gr_mem[i]);
+	}
+	free(gr->gr_mem);
+}
+
+static struct group *copy_group_entry(struct winbindd_gr *g,
+				      char *mem_buf)
+{
+	struct group *gr = NULL;
+	int i;
+	char *mem_p, *mem_q;
+
+	gr = (struct group *)wbcAllocateMemory(
+		1, sizeof(struct group), wbcGroupDestructor);
+	if (gr == NULL) {
+		return NULL;
+	}
+
+	gr->gr_name = strdup(g->gr_name);
+	if (gr->gr_name == NULL) {
+		goto fail;
+	}
+	gr->gr_passwd = strdup(g->gr_passwd);
+	if (gr->gr_passwd == NULL) {
+		goto fail;
+	}
+	gr->gr_gid = g->gr_gid;
+
+	gr->gr_mem = (char **)calloc(g->num_gr_mem+1, sizeof(char *));
+	if (gr->gr_mem == NULL) {
+		goto fail;
+	}
+
+	mem_p = mem_q = mem_buf;
+	for (i=0; i<g->num_gr_mem && mem_p; i++) {
+		mem_q = strchr(mem_p, ',');
+		if (mem_q != NULL) {
+			*mem_q = '\0';
+		}
+
+		gr->gr_mem[i] = strdup(mem_p);
+		if (gr->gr_mem[i] == NULL) {
+			goto fail;
+		}
+
+		if (mem_q == NULL) {
+			i += 1;
+			break;
+		}
+		mem_p = mem_q + 1;
+	}
+	gr->gr_mem[i] = NULL;
+
+	return gr;
+
+fail:
+	wbcFreeMemory(gr);
+	return NULL;
+}
+
+/* Fill in a struct passwd* for a domain user based on username */
+_PUBLIC_
+wbcErr wbcCtxGetpwnam(struct wbcContext *ctx,
+		      const char *name, struct passwd **pwd)
+{
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	struct winbindd_request request;
+	struct winbindd_response response;
+
+	if (!name || !pwd) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	/* Initialize request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	/* dst is already null terminated from the memset above */
+
+	strncpy(request.data.username, name, sizeof(request.data.username)-1);
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_GETPWNAM,
+					&request,
+					&response);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	*pwd = copy_passwd_entry(&response.data.pw);
+	BAIL_ON_PTR_ERROR(*pwd, wbc_status);
+
+ done:
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcGetpwnam(const char *name, struct passwd **pwd)
+{
+	return wbcCtxGetpwnam(NULL, name, pwd);
+}
+
+/* Fill in a struct passwd* for a domain user based on uid */
+_PUBLIC_
+wbcErr wbcCtxGetpwuid(struct wbcContext *ctx, uid_t uid, struct passwd **pwd)
+{
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	struct winbindd_request request;
+	struct winbindd_response response;
+
+	if (!pwd) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	/* Initialize request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	request.data.uid = uid;
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_GETPWUID,
+					&request,
+					&response);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	*pwd = copy_passwd_entry(&response.data.pw);
+	BAIL_ON_PTR_ERROR(*pwd, wbc_status);
+
+ done:
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd)
+{
+	return wbcCtxGetpwuid(NULL, uid, pwd);
+}
+
+/* Fill in a struct passwd* for a domain user based on sid */
+_PUBLIC_
+wbcErr wbcCtxGetpwsid(struct wbcContext *ctx,
+		      struct wbcDomainSid *sid, struct passwd **pwd)
+{
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	struct winbindd_request request;
+	struct winbindd_response response;
+
+	if (!pwd) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	/* Initialize request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+        wbcSidToStringBuf(sid, request.data.sid, sizeof(request.data.sid));
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_GETPWSID,
+					&request,
+					&response);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	*pwd = copy_passwd_entry(&response.data.pw);
+	BAIL_ON_PTR_ERROR(*pwd, wbc_status);
+
+ done:
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcGetpwsid(struct wbcDomainSid *sid, struct passwd **pwd)
+{
+	return wbcCtxGetpwsid(NULL, sid, pwd);
+}
+
+/* Fill in a struct passwd* for a domain user based on username */
+_PUBLIC_
+wbcErr wbcCtxGetgrnam(struct wbcContext *ctx,
+		      const char *name, struct group **grp)
+{
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	struct winbindd_request request;
+	struct winbindd_response response;
+
+	/* Initialize request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	if (!name || !grp) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	/* dst is already null terminated from the memset above */
+
+	strncpy(request.data.groupname, name, sizeof(request.data.groupname)-1);
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_GETGRNAM,
+					&request,
+					&response);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	*grp = copy_group_entry(&response.data.gr,
+				(char*)response.extra_data.data);
+	BAIL_ON_PTR_ERROR(*grp, wbc_status);
+
+ done:
+	winbindd_free_response(&response);
+
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcGetgrnam(const char *name, struct group **grp)
+{
+	return wbcCtxGetgrnam(NULL, name, grp);
+}
+
+/* Fill in a struct passwd* for a domain user based on uid */
+_PUBLIC_
+wbcErr wbcCtxGetgrgid(struct wbcContext *ctx, gid_t gid, struct group **grp)
+{
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	struct winbindd_request request;
+	struct winbindd_response response;
+
+	/* Initialize request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	if (!grp) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	request.data.gid = gid;
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_GETGRGID,
+					&request,
+					&response);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	*grp = copy_group_entry(&response.data.gr,
+				(char*)response.extra_data.data);
+	BAIL_ON_PTR_ERROR(*grp, wbc_status);
+
+ done:
+	winbindd_free_response(&response);
+
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcGetgrgid(gid_t gid, struct group **grp)
+{
+	return wbcCtxGetgrgid(NULL, gid, grp);
+}
+
+/** @brief Winbindd response containing the passwd structs
+ *
+ */
+static struct winbindd_response pw_response;
+
+/* Reset the passwd iterator */
+_PUBLIC_
+wbcErr wbcCtxSetpwent(struct wbcContext *ctx)
+{
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+
+	if (!ctx) {
+		ctx = wbcGetGlobalCtx();
+	}
+
+	if (ctx->pw_cache_size > 0) {
+		ctx->pw_cache_idx = ctx->pw_cache_size = 0;
+		winbindd_free_response(&pw_response);
+	}
+
+	ZERO_STRUCT(pw_response);
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_SETPWENT,
+					NULL, NULL);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+ done:
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcSetpwent(void)
+{
+	return wbcCtxSetpwent(NULL);
+}
+
+/* Close the passwd iterator */
+_PUBLIC_
+wbcErr wbcCtxEndpwent(struct wbcContext *ctx)
+{
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+
+	if (!ctx) {
+		ctx = wbcGetGlobalCtx();
+	}
+
+	if (ctx->pw_cache_size > 0) {
+		ctx->pw_cache_idx = ctx->pw_cache_size = 0;
+		winbindd_free_response(&pw_response);
+	}
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_ENDPWENT,
+					NULL, NULL);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+ done:
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcEndpwent(void)
+{
+	return wbcCtxEndpwent(NULL);
+}
+
+/* Return the next struct passwd* entry from the pwent iterator */
+_PUBLIC_
+wbcErr wbcCtxGetpwent(struct wbcContext *ctx, struct passwd **pwd)
+{
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	struct winbindd_request request;
+	struct winbindd_pw *wb_pw;
+
+	if (!ctx) {
+		ctx = wbcGetGlobalCtx();
+	}
+
+	/* If there's a cached result, return that. */
+	if (ctx->pw_cache_idx < ctx->pw_cache_size) {
+		goto return_result;
+	}
+
+	/* Otherwise, query winbindd for some entries. */
+
+	ctx->pw_cache_idx = 0;
+
+	winbindd_free_response(&pw_response);
+
+	ZERO_STRUCT(request);
+	request.data.num_entries = MAX_GETPWENT_USERS;
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_GETPWENT, &request,
+					&pw_response);
+
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	ctx->pw_cache_size = pw_response.data.num_entries;
+
+return_result:
+
+	wb_pw = (struct winbindd_pw *) pw_response.extra_data.data;
+
+	*pwd = copy_passwd_entry(&wb_pw[ctx->pw_cache_idx]);
+
+	BAIL_ON_PTR_ERROR(*pwd, wbc_status);
+
+	ctx->pw_cache_idx++;
+
+done:
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcGetpwent(struct passwd **pwd)
+{
+	return wbcCtxGetpwent(NULL, pwd);
+}
+
+/** @brief Winbindd response containing the group structs
+ *
+ */
+static struct winbindd_response gr_response;
+
+/* Reset the group iterator */
+_PUBLIC_
+wbcErr wbcCtxSetgrent(struct wbcContext *ctx)
+{
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+
+	if (!ctx) {
+		ctx = wbcGetGlobalCtx();
+	}
+
+	if (ctx->gr_cache_size > 0) {
+		ctx->gr_cache_idx = ctx->gr_cache_size = 0;
+		winbindd_free_response(&gr_response);
+	}
+
+	ZERO_STRUCT(gr_response);
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_SETGRENT,
+					NULL, NULL);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+ done:
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcSetgrent(void)
+{
+	return wbcCtxSetgrent(NULL);
+}
+
+/* Close the group iterator */
+_PUBLIC_
+wbcErr wbcCtxEndgrent(struct wbcContext *ctx)
+{
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+
+	if (!ctx) {
+		ctx = wbcGetGlobalCtx();
+	}
+
+	if (ctx->gr_cache_size > 0) {
+		ctx->gr_cache_idx = ctx->gr_cache_size = 0;
+		winbindd_free_response(&gr_response);
+	}
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_ENDGRENT,
+					NULL, NULL);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+ done:
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcEndgrent(void)
+{
+	return wbcCtxEndgrent(NULL);
+}
+
+/* Return the next struct group* entry from the pwent iterator */
+_PUBLIC_
+wbcErr wbcCtxGetgrent(struct wbcContext *ctx, struct group **grp)
+{
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	struct winbindd_request request;
+	struct winbindd_gr *wb_gr;
+	uint32_t mem_ofs;
+
+	if (!ctx) {
+		ctx = wbcGetGlobalCtx();
+	}
+
+	/* If there's a cached result, return that. */
+	if (ctx->gr_cache_idx < ctx->gr_cache_size) {
+		goto return_result;
+	}
+
+	/* Otherwise, query winbindd for some entries. */
+
+	ctx->gr_cache_idx = 0;
+
+	winbindd_free_response(&gr_response);
+
+	ZERO_STRUCT(request);
+	request.data.num_entries = MAX_GETGRENT_GROUPS;
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_GETGRENT,
+					&request, &gr_response);
+
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	ctx->gr_cache_size = gr_response.data.num_entries;
+
+return_result:
+
+	wb_gr = (struct winbindd_gr *) gr_response.extra_data.data;
+
+	mem_ofs = wb_gr[ctx->gr_cache_idx].gr_mem_ofs +
+		  ctx->gr_cache_size * sizeof(struct winbindd_gr);
+
+	*grp = copy_group_entry(&wb_gr[ctx->gr_cache_idx],
+				((char *)gr_response.extra_data.data)+mem_ofs);
+
+	BAIL_ON_PTR_ERROR(*grp, wbc_status);
+
+	ctx->gr_cache_idx++;
+
+done:
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcGetgrent(struct group **grp)
+{
+	return wbcCtxGetgrent(NULL, grp);
+}
+
+/* Return the next struct group* entry from the pwent iterator */
+_PUBLIC_
+wbcErr wbcCtxGetgrlist(struct wbcContext *ctx, struct group **grp)
+{
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	struct winbindd_request request;
+	struct winbindd_gr *wb_gr;
+
+	if (!ctx) {
+		ctx = wbcGetGlobalCtx();
+	}
+
+	/* If there's a cached result, return that. */
+	if (ctx->gr_cache_idx < ctx->gr_cache_size) {
+		goto return_result;
+	}
+
+	/* Otherwise, query winbindd for some entries. */
+
+	ctx->gr_cache_idx = 0;
+
+	winbindd_free_response(&gr_response);
+	ZERO_STRUCT(gr_response);
+
+	ZERO_STRUCT(request);
+	request.data.num_entries = MAX_GETGRENT_GROUPS;
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_GETGRLST,
+					&request, &gr_response);
+
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	ctx->gr_cache_size = gr_response.data.num_entries;
+
+return_result:
+
+	wb_gr = (struct winbindd_gr *) gr_response.extra_data.data;
+
+	*grp = copy_group_entry(&wb_gr[ctx->gr_cache_idx], NULL);
+
+	BAIL_ON_PTR_ERROR(*grp, wbc_status);
+
+	ctx->gr_cache_idx++;
+
+done:
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcGetgrlist(struct group **grp)
+{
+	return wbcCtxGetgrlist(NULL, grp);
+}
+
+/* Return the unix group array belonging to the given user */
+_PUBLIC_
+wbcErr wbcCtxGetGroups(struct wbcContext *ctx, const char *account,
+		       uint32_t *num_groups, gid_t **_groups)
+{
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	struct winbindd_request request;
+	struct winbindd_response response;
+	uint32_t i;
+	gid_t *groups = NULL;
+
+	/* Initialize request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	if (!account) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	/* Send request */
+
+	strncpy(request.data.username, account, sizeof(request.data.username)-1);
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_GETGROUPS,
+					&request,
+					&response);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	groups = (gid_t *)wbcAllocateMemory(
+		response.data.num_entries, sizeof(gid_t), NULL);
+	BAIL_ON_PTR_ERROR(groups, wbc_status);
+
+	for (i = 0; i < response.data.num_entries; i++) {
+		groups[i] = ((gid_t *)response.extra_data.data)[i];
+	}
+
+	*num_groups = response.data.num_entries;
+	*_groups = groups;
+	groups = NULL;
+
+	wbc_status = WBC_ERR_SUCCESS;
+
+ done:
+	winbindd_free_response(&response);
+	wbcFreeMemory(groups);
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcGetGroups(const char *account, uint32_t *num_groups, gid_t **_groups)
+{
+	return wbcCtxGetGroups(NULL, account, num_groups, _groups);
+}
diff --git a/nsswitch/libwbclient/wbc_sid.c b/nsswitch/libwbclient/wbc_sid.c
new file mode 100644
index 0000000..e4b6376
--- /dev/null
+++ b/nsswitch/libwbclient/wbc_sid.c
@@ -0,0 +1,1123 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Winbind client API
+
+   Copyright (C) Gerald (Jerry) Carter 2007
+   Copyright (C) Volker Lendecke 2010
+
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 3 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* Required Headers */
+
+#include "replace.h"
+#include "libwbclient.h"
+#include "../winbind_client.h"
+#include "lib/util/smb_strtox.h"
+
+/* Convert a sid to a string into a buffer. Return the string
+ * length. If buflen is too small, return the string length that would
+ * result if it was long enough. */
+_PUBLIC_
+int wbcSidToStringBuf(const struct wbcDomainSid *sid, char *buf, int buflen)
+{
+	uint64_t id_auth;
+	int i, ofs;
+
+	if (!sid) {
+		strlcpy(buf, "(NULL SID)", buflen);
+		return 10;	/* strlen("(NULL SID)") */
+	}
+
+	id_auth = (uint64_t)sid->id_auth[5] +
+		((uint64_t)sid->id_auth[4] << 8) +
+		((uint64_t)sid->id_auth[3] << 16) +
+		((uint64_t)sid->id_auth[2] << 24) +
+		((uint64_t)sid->id_auth[1] << 32) +
+		((uint64_t)sid->id_auth[0] << 40);
+
+	ofs = snprintf(buf, buflen, "S-%hhu-", (unsigned char)sid->sid_rev_num);
+	if (id_auth >= UINT32_MAX) {
+		ofs += snprintf(buf + ofs, MAX(buflen - ofs, 0), "0x%llx",
+				(unsigned long long)id_auth);
+	} else {
+		ofs += snprintf(buf + ofs, MAX(buflen - ofs, 0), "%llu",
+				(unsigned long long)id_auth);
+	}
+
+	for (i = 0; i < sid->num_auths; i++) {
+		ofs += snprintf(buf + ofs, MAX(buflen - ofs, 0), "-%u",
+				(unsigned int)sid->sub_auths[i]);
+	}
+	return ofs;
+}
+
+/* Convert a binary SID to a character string */
+_PUBLIC_
+wbcErr wbcSidToString(const struct wbcDomainSid *sid,
+		      char **sid_string)
+{
+	char buf[WBC_SID_STRING_BUFLEN];
+	char *result;
+	int len;
+
+	if (!sid) {
+		return WBC_ERR_INVALID_SID;
+	}
+
+	len = wbcSidToStringBuf(sid, buf, sizeof(buf));
+
+	if (len >= WBC_SID_STRING_BUFLEN) {
+		return WBC_ERR_INVALID_SID;
+	}
+
+	result = (char *)wbcAllocateMemory(len+1, 1, NULL);
+	if (result == NULL) {
+		return WBC_ERR_NO_MEMORY;
+	}
+	memcpy(result, buf, len+1);
+
+	*sid_string = result;
+	return WBC_ERR_SUCCESS;
+}
+
+#define AUTHORITY_MASK	(~(0xffffffffffffULL))
+
+/* Convert a character string to a binary SID */
+_PUBLIC_
+wbcErr wbcStringToSid(const char *str,
+		      struct wbcDomainSid *sid)
+{
+	const char *p;
+	char *q;
+	int error = 0;
+	uint64_t x;
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+
+	if (!sid) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	/* Sanity check for either "S-" or "s-" */
+
+	if (!str
+	    || (str[0]!='S' && str[0]!='s')
+	    || (str[1]!='-'))
+	{
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	/* Get the SID revision number */
+
+	p = str+2;
+	x = (uint64_t)smb_strtoul(p, &q, 10, &error, SMB_STR_STANDARD);
+	if (x == 0 || x > UINT8_MAX || !q || *q != '-' || error != 0) {
+		wbc_status = WBC_ERR_INVALID_SID;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+	sid->sid_rev_num = (uint8_t)x;
+
+	/*
+	 * Next the Identifier Authority.  This is stored big-endian in a
+	 * 6 byte array. If the authority value is >= UINT_MAX, then it should
+	 * be expressed as a hex value, according to MS-DTYP.
+	 */
+	p = q+1;
+	x = smb_strtoull(p, &q, 0, &error, SMB_STR_STANDARD);
+	if (!q || *q != '-' || (x & AUTHORITY_MASK) || error != 0) {
+		wbc_status = WBC_ERR_INVALID_SID;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+	sid->id_auth[5] = (x & 0x0000000000ffULL);
+	sid->id_auth[4] = (x & 0x00000000ff00ULL) >> 8;
+	sid->id_auth[3] = (x & 0x000000ff0000ULL) >> 16;
+	sid->id_auth[2] = (x & 0x0000ff000000ULL) >> 24;
+	sid->id_auth[1] = (x & 0x00ff00000000ULL) >> 32;
+	sid->id_auth[0] = (x & 0xff0000000000ULL) >> 40;
+
+	/* now read the the subauthorities */
+	p = q +1;
+	sid->num_auths = 0;
+	while (sid->num_auths < WBC_MAXSUBAUTHS) {
+		x = smb_strtoull(p, &q, 10, &error, SMB_STR_ALLOW_NO_CONVERSION);
+		if (p == q)
+			break;
+		if (x > UINT32_MAX || error != 0) {
+			wbc_status = WBC_ERR_INVALID_SID;
+			BAIL_ON_WBC_ERROR(wbc_status);
+		}
+		sid->sub_auths[sid->num_auths++] = x;
+
+		if (*q != '-') {
+			break;
+		}
+		p = q + 1;
+	}
+
+	/* IF we ended early, then the SID could not be converted */
+
+	if (q && *q!='\0') {
+		wbc_status = WBC_ERR_INVALID_SID;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	wbc_status = WBC_ERR_SUCCESS;
+
+done:
+	return wbc_status;
+
+}
+
+
+/* Convert a domain and name to SID */
+_PUBLIC_
+wbcErr wbcCtxLookupName(struct wbcContext *ctx,
+			const char *domain,
+			const char *name,
+			struct wbcDomainSid *sid,
+			enum wbcSidType *name_type)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+
+	if (!sid || !name_type) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	/* Initialize request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	/* dst is already null terminated from the memset above */
+
+	strncpy(request.data.name.dom_name, domain,
+		sizeof(request.data.name.dom_name)-1);
+	strncpy(request.data.name.name, name,
+		sizeof(request.data.name.name)-1);
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_LOOKUPNAME,
+					&request,
+					&response);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	wbc_status = wbcStringToSid(response.data.sid.sid, sid);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	*name_type = (enum wbcSidType)response.data.sid.type;
+
+	wbc_status = WBC_ERR_SUCCESS;
+
+ done:
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcLookupName(const char *domain,
+		     const char *name,
+		     struct wbcDomainSid *sid,
+		     enum wbcSidType *name_type)
+{
+	return wbcCtxLookupName(NULL, domain, name, sid, name_type);
+}
+
+
+/* Convert a SID to a domain and name */
+_PUBLIC_
+wbcErr wbcCtxLookupSid(struct wbcContext *ctx,
+		       const struct wbcDomainSid *sid,
+		       char **pdomain,
+		       char **pname,
+		       enum wbcSidType *pname_type)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	char *domain, *name;
+
+	if (!sid) {
+		return WBC_ERR_INVALID_PARAM;
+	}
+
+	/* Initialize request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	wbcSidToStringBuf(sid, request.data.sid, sizeof(request.data.sid));
+
+	/* Make request */
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_LOOKUPSID,
+					&request,
+					&response);
+	if (!WBC_ERROR_IS_OK(wbc_status)) {
+		return wbc_status;
+	}
+
+	/* Copy out result */
+
+	wbc_status = WBC_ERR_NO_MEMORY;
+	domain = NULL;
+	name = NULL;
+
+	domain = wbcStrDup(response.data.name.dom_name);
+	if (domain == NULL) {
+		goto done;
+	}
+	name = wbcStrDup(response.data.name.name);
+	if (name == NULL) {
+		goto done;
+	}
+	if (pdomain != NULL) {
+		*pdomain = domain;
+		domain = NULL;
+	}
+	if (pname != NULL) {
+		*pname = name;
+		name = NULL;
+	}
+	if (pname_type != NULL) {
+		*pname_type = (enum wbcSidType)response.data.name.type;
+	}
+	wbc_status = WBC_ERR_SUCCESS;
+done:
+	wbcFreeMemory(name);
+	wbcFreeMemory(domain);
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcLookupSid(const struct wbcDomainSid *sid,
+		    char **pdomain,
+		    char **pname,
+		    enum wbcSidType *pname_type)
+{
+	return wbcCtxLookupSid(NULL, sid, pdomain, pname, pname_type);
+}
+
+static void wbcDomainInfosDestructor(void *ptr)
+{
+	struct wbcDomainInfo *i = (struct wbcDomainInfo *)ptr;
+
+	while (i->short_name != NULL) {
+		wbcFreeMemory(i->short_name);
+		wbcFreeMemory(i->dns_name);
+		i += 1;
+	}
+}
+
+static void wbcTranslatedNamesDestructor(void *ptr)
+{
+	struct wbcTranslatedName *n = (struct wbcTranslatedName *)ptr;
+
+	while (n->name != NULL) {
+		wbcFreeMemory(n->name);
+		n += 1;
+	}
+}
+
+_PUBLIC_
+wbcErr wbcCtxLookupSids(struct wbcContext *ctx,
+			const struct wbcDomainSid *sids, int num_sids,
+			struct wbcDomainInfo **pdomains, int *pnum_domains,
+			struct wbcTranslatedName **pnames)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	int buflen, i, extra_len, num_domains, num_names;
+	char *sidlist, *p, *q, *extra_data;
+	struct wbcDomainInfo *domains = NULL;
+	struct wbcTranslatedName *names = NULL;
+	int error = 0;
+
+	buflen = num_sids * (WBC_SID_STRING_BUFLEN + 1) + 1;
+
+	sidlist = (char *)malloc(buflen);
+	if (sidlist == NULL) {
+		return WBC_ERR_NO_MEMORY;
+	}
+
+	p = sidlist;
+
+	for (i=0; i<num_sids; i++) {
+		int remaining;
+		int len;
+
+		remaining = buflen - (p - sidlist);
+
+		len = wbcSidToStringBuf(&sids[i], p, remaining);
+		if (len > remaining) {
+			free(sidlist);
+			return WBC_ERR_UNKNOWN_FAILURE;
+		}
+
+		p += len;
+		*p++ = '\n';
+	}
+	*p++ = '\0';
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	request.extra_data.data = sidlist;
+	request.extra_len = p - sidlist;
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_LOOKUPSIDS,
+					&request, &response);
+	free(sidlist);
+	if (!WBC_ERROR_IS_OK(wbc_status)) {
+		return wbc_status;
+	}
+
+	extra_len = response.length - sizeof(struct winbindd_response);
+	extra_data = (char *)response.extra_data.data;
+
+	if ((extra_len <= 0) || (extra_data[extra_len-1] != '\0')) {
+		goto wbc_err_invalid;
+	}
+
+	p = extra_data;
+
+	num_domains = smb_strtoul(p, &q, 10, &error, SMB_STR_STANDARD);
+	if (*q != '\n' || error != 0) {
+		goto wbc_err_invalid;
+	}
+	p = q+1;
+
+	domains = (struct wbcDomainInfo *)wbcAllocateMemory(
+		num_domains+1, sizeof(struct wbcDomainInfo),
+		wbcDomainInfosDestructor);
+	if (domains == NULL) {
+		wbc_status = WBC_ERR_NO_MEMORY;
+		goto fail;
+	}
+
+	for (i=0; i<num_domains; i++) {
+
+		q = strchr(p, ' ');
+		if (q == NULL) {
+			goto wbc_err_invalid;
+		}
+		*q = '\0';
+		wbc_status = wbcStringToSid(p, &domains[i].sid);
+		if (!WBC_ERROR_IS_OK(wbc_status)) {
+			goto fail;
+		}
+		p = q+1;
+
+		q = strchr(p, '\n');
+		if (q == NULL) {
+			goto wbc_err_invalid;
+		}
+		*q = '\0';
+		domains[i].short_name = wbcStrDup(p);
+		if (domains[i].short_name == NULL) {
+			wbc_status = WBC_ERR_NO_MEMORY;
+			goto fail;
+		}
+		p = q+1;
+	}
+
+	num_names = smb_strtoul(p, &q, 10, &error, SMB_STR_STANDARD);
+	if (*q != '\n' || error != 0) {
+		goto wbc_err_invalid;
+	}
+	p = q+1;
+
+	if (num_names != num_sids) {
+		goto wbc_err_invalid;
+	}
+
+	names = (struct wbcTranslatedName *)wbcAllocateMemory(
+		num_names+1, sizeof(struct wbcTranslatedName),
+		wbcTranslatedNamesDestructor);
+	if (names == NULL) {
+		wbc_status = WBC_ERR_NO_MEMORY;
+		goto fail;
+	}
+
+	for (i=0; i<num_names; i++) {
+
+		names[i].domain_index = smb_strtoul(p,
+						    &q,
+						    10,
+						    &error,
+						    SMB_STR_STANDARD);
+		if (names[i].domain_index < 0 || error != 0) {
+			goto wbc_err_invalid;
+		}
+		if (names[i].domain_index >= num_domains) {
+			goto wbc_err_invalid;
+		}
+
+		if (*q != ' ') {
+			goto wbc_err_invalid;
+		}
+		p = q+1;
+
+		names[i].type = smb_strtoul(p, &q, 10, &error, SMB_STR_STANDARD);
+		if (*q != ' ' || error != 0) {
+			goto wbc_err_invalid;
+		}
+		p = q+1;
+
+		q = strchr(p, '\n');
+		if (q == NULL) {
+			goto wbc_err_invalid;
+		}
+		*q = '\0';
+		names[i].name = wbcStrDup(p);
+		if (names[i].name == NULL) {
+			wbc_status = WBC_ERR_NO_MEMORY;
+			goto fail;
+		}
+		p = q+1;
+	}
+	if (*p != '\0') {
+		goto wbc_err_invalid;
+	}
+
+	*pdomains = domains;
+	*pnames = names;
+	winbindd_free_response(&response);
+	return WBC_ERR_SUCCESS;
+
+wbc_err_invalid:
+	wbc_status = WBC_ERR_INVALID_RESPONSE;
+fail:
+	winbindd_free_response(&response);
+	wbcFreeMemory(domains);
+	wbcFreeMemory(names);
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcLookupSids(const struct wbcDomainSid *sids, int num_sids,
+		     struct wbcDomainInfo **pdomains, int *pnum_domains,
+		     struct wbcTranslatedName **pnames)
+{
+	return wbcCtxLookupSids(NULL, sids, num_sids, pdomains,
+				pnum_domains, pnames);
+}
+
+/* Translate a collection of RIDs within a domain to names */
+
+_PUBLIC_
+wbcErr wbcCtxLookupRids(struct wbcContext *ctx, struct wbcDomainSid *dom_sid,
+		     int num_rids,
+		     uint32_t *rids,
+		     const char **pp_domain_name,
+		     const char ***pnames,
+		     enum wbcSidType **ptypes)
+{
+	size_t i, len, ridbuf_size;
+	char *ridlist;
+	char *p;
+	int error = 0;
+	struct winbindd_request request;
+	struct winbindd_response response;
+	char *domain_name = NULL;
+	const char **names = NULL;
+	enum wbcSidType *types = NULL;
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+
+	/* Initialise request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	if (!dom_sid || (num_rids == 0)) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	wbcSidToStringBuf(dom_sid, request.data.sid, sizeof(request.data.sid));
+
+	/* Even if all the Rids were of maximum 32bit values,
+	   we would only have 11 bytes per rid in the final array
+	   ("4294967296" + \n).  Add one more byte for the
+	   terminating '\0' */
+
+	ridbuf_size = (sizeof(char)*11) * num_rids + 1;
+
+	ridlist = (char *)malloc(ridbuf_size);
+	BAIL_ON_PTR_ERROR(ridlist, wbc_status);
+
+	len = 0;
+	for (i=0; i<num_rids; i++) {
+		len += snprintf(ridlist + len, ridbuf_size - len, "%u\n",
+				rids[i]);
+	}
+	ridlist[len] = '\0';
+	len += 1;
+
+	request.extra_data.data = ridlist;
+	request.extra_len = len;
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_LOOKUPRIDS,
+					&request,
+					&response);
+	free(ridlist);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	domain_name = wbcStrDup(response.data.domain_name);
+	BAIL_ON_PTR_ERROR(domain_name, wbc_status);
+
+	names = wbcAllocateStringArray(num_rids);
+	BAIL_ON_PTR_ERROR(names, wbc_status);
+
+	types = (enum wbcSidType *)wbcAllocateMemory(
+		num_rids, sizeof(enum wbcSidType), NULL);
+	BAIL_ON_PTR_ERROR(types, wbc_status);
+
+	p = (char *)response.extra_data.data;
+
+	for (i=0; i<num_rids; i++) {
+		char *q;
+
+		if (*p == '\0') {
+			wbc_status = WBC_ERR_INVALID_RESPONSE;
+			goto done;
+		}
+
+		types[i] = (enum wbcSidType)smb_strtoul(p,
+							&q,
+							10,
+							&error,
+							SMB_STR_STANDARD);
+
+		if (*q != ' ' || error != 0) {
+			wbc_status = WBC_ERR_INVALID_RESPONSE;
+			goto done;
+		}
+
+		p = q+1;
+
+		if ((q = strchr(p, '\n')) == NULL) {
+			wbc_status = WBC_ERR_INVALID_RESPONSE;
+			goto done;
+		}
+
+		*q = '\0';
+
+		names[i] = strdup(p);
+		BAIL_ON_PTR_ERROR(names[i], wbc_status);
+
+		p = q+1;
+	}
+
+	if (*p != '\0') {
+		wbc_status = WBC_ERR_INVALID_RESPONSE;
+		goto done;
+	}
+
+	wbc_status = WBC_ERR_SUCCESS;
+
+ done:
+	winbindd_free_response(&response);
+
+	if (WBC_ERROR_IS_OK(wbc_status)) {
+		*pp_domain_name = domain_name;
+		*pnames = names;
+		*ptypes = types;
+	}
+	else {
+		wbcFreeMemory(domain_name);
+		wbcFreeMemory(names);
+		wbcFreeMemory(types);
+	}
+
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
+		     int num_rids,
+		     uint32_t *rids,
+		     const char **pp_domain_name,
+		     const char ***pnames,
+		     enum wbcSidType **ptypes)
+{
+	return wbcCtxLookupRids(NULL, dom_sid, num_rids, rids,
+				pp_domain_name, pnames, ptypes);
+}
+
+/* Get the groups a user belongs to */
+_PUBLIC_
+wbcErr wbcCtxLookupUserSids(struct wbcContext *ctx,
+			    const struct wbcDomainSid *user_sid,
+			    bool domain_groups_only,
+			    uint32_t *num_sids,
+			    struct wbcDomainSid **_sids)
+{
+	uint32_t i;
+	const char *s;
+	struct winbindd_request request;
+	struct winbindd_response response;
+	struct wbcDomainSid *sids = NULL;
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	int cmd;
+
+	/* Initialise request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	if (!user_sid) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	wbcSidToStringBuf(user_sid, request.data.sid, sizeof(request.data.sid));
+
+	if (domain_groups_only) {
+		cmd = WINBINDD_GETUSERDOMGROUPS;
+	} else {
+		cmd = WINBINDD_GETUSERSIDS;
+	}
+
+	wbc_status = wbcRequestResponse(ctx, cmd,
+					&request,
+					&response);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	if (response.data.num_entries &&
+	    !response.extra_data.data) {
+		wbc_status = WBC_ERR_INVALID_RESPONSE;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	sids = (struct wbcDomainSid *)wbcAllocateMemory(
+		response.data.num_entries, sizeof(struct wbcDomainSid),
+		NULL);
+	BAIL_ON_PTR_ERROR(sids, wbc_status);
+
+	s = (const char *)response.extra_data.data;
+	for (i = 0; i < response.data.num_entries; i++) {
+		char *n = strchr(s, '\n');
+		if (n) {
+			*n = '\0';
+		}
+		wbc_status = wbcStringToSid(s, &sids[i]);
+		BAIL_ON_WBC_ERROR(wbc_status);
+		s += strlen(s) + 1;
+	}
+
+	*num_sids = response.data.num_entries;
+	*_sids = sids;
+	sids = NULL;
+	wbc_status = WBC_ERR_SUCCESS;
+
+ done:
+	winbindd_free_response(&response);
+	if (sids) {
+		wbcFreeMemory(sids);
+	}
+
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid,
+			 bool domain_groups_only,
+			 uint32_t *num_sids,
+			 struct wbcDomainSid **_sids)
+{
+	return wbcCtxLookupUserSids(NULL, user_sid, domain_groups_only,
+				    num_sids, _sids);
+}
+
+static inline
+wbcErr _sid_to_rid(struct wbcDomainSid *sid, uint32_t *rid)
+{
+	if (sid->num_auths < 1) {
+		return WBC_ERR_INVALID_RESPONSE;
+	}
+	*rid = sid->sub_auths[sid->num_auths - 1];
+
+	return WBC_ERR_SUCCESS;
+}
+
+/* Get alias membership for sids */
+_PUBLIC_
+wbcErr wbcCtxGetSidAliases(struct wbcContext *ctx,
+			   const struct wbcDomainSid *dom_sid,
+			   struct wbcDomainSid *sids,
+			   uint32_t num_sids,
+			   uint32_t **alias_rids,
+			   uint32_t *num_alias_rids)
+{
+	uint32_t i;
+	const char *s;
+	struct winbindd_request request;
+	struct winbindd_response response;
+	ssize_t extra_data_len = 0;
+	char * extra_data = NULL;
+	ssize_t buflen = 0;
+	struct wbcDomainSid sid;
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	uint32_t * rids = NULL;
+
+	/* Initialise request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	if (!dom_sid) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		goto done;
+	}
+
+	wbcSidToStringBuf(dom_sid, request.data.sid, sizeof(request.data.sid));
+
+	/* Lets assume each sid is around 57 characters
+	 * S-1-5-21-AAAAAAAAAAA-BBBBBBBBBBB-CCCCCCCCCCC-DDDDDDDDDDD\n */
+	buflen = 57 * num_sids;
+	extra_data = (char *)malloc(buflen);
+	if (!extra_data) {
+		wbc_status = WBC_ERR_NO_MEMORY;
+		goto done;
+	}
+
+	/* Build the sid list */
+	for (i=0; i<num_sids; i++) {
+		char sid_str[WBC_SID_STRING_BUFLEN];
+		size_t sid_len;
+
+		sid_len = wbcSidToStringBuf(&sids[i], sid_str, sizeof(sid_str));
+
+		if (buflen < extra_data_len + sid_len + 2) {
+			char * tmp_data = NULL;
+			buflen *= 2;
+			tmp_data = (char *)realloc(extra_data, buflen);
+			if (!tmp_data) {
+				wbc_status = WBC_ERR_NO_MEMORY;
+				BAIL_ON_WBC_ERROR(wbc_status);
+			}
+			extra_data = tmp_data;
+		}
+
+		strncpy(&extra_data[extra_data_len], sid_str,
+			buflen - extra_data_len);
+		extra_data_len += sid_len;
+		extra_data[extra_data_len++] = '\n';
+		extra_data[extra_data_len] = '\0';
+	}
+	extra_data_len += 1;
+
+	request.extra_data.data = extra_data;
+	request.extra_len = extra_data_len;
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_GETSIDALIASES,
+					&request,
+					&response);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	if (response.data.num_entries &&
+	    !response.extra_data.data) {
+		wbc_status = WBC_ERR_INVALID_RESPONSE;
+		goto done;
+	}
+
+	rids = (uint32_t *)wbcAllocateMemory(response.data.num_entries,
+					     sizeof(uint32_t), NULL);
+	BAIL_ON_PTR_ERROR(rids, wbc_status);
+
+	s = (const char *)response.extra_data.data;
+	for (i = 0; i < response.data.num_entries; i++) {
+		char *n = strchr(s, '\n');
+		if (n) {
+			*n = '\0';
+		}
+		wbc_status = wbcStringToSid(s, &sid);
+		BAIL_ON_WBC_ERROR(wbc_status);
+		wbc_status = _sid_to_rid(&sid, &rids[i]);
+		BAIL_ON_WBC_ERROR(wbc_status);
+		s += strlen(s) + 1;
+	}
+
+	*num_alias_rids = response.data.num_entries;
+	*alias_rids = rids;
+	rids = NULL;
+	wbc_status = WBC_ERR_SUCCESS;
+
+ done:
+	free(extra_data);
+	winbindd_free_response(&response);
+	wbcFreeMemory(rids);
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcGetSidAliases(const struct wbcDomainSid *dom_sid,
+			struct wbcDomainSid *sids,
+			uint32_t num_sids,
+			uint32_t **alias_rids,
+			uint32_t *num_alias_rids)
+{
+	return wbcCtxGetSidAliases(NULL, dom_sid, sids, num_sids,
+				   alias_rids, num_alias_rids);
+}
+
+
+/* Lists Users */
+_PUBLIC_
+wbcErr wbcCtxListUsers(struct wbcContext *ctx,
+		       const char *domain_name,
+		       uint32_t *_num_users,
+		       const char ***_users)
+{
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	struct winbindd_request request;
+	struct winbindd_response response;
+	uint32_t num_users = 0;
+	const char **users = NULL;
+	const char *next;
+
+	/* Initialise request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	if (domain_name) {
+		strncpy(request.domain_name, domain_name,
+			sizeof(request.domain_name)-1);
+	}
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_LIST_USERS,
+					&request,
+					&response);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	users = wbcAllocateStringArray(response.data.num_entries);
+	if (users == NULL) {
+		return WBC_ERR_NO_MEMORY;
+	}
+
+	/* Look through extra data */
+
+	next = (const char *)response.extra_data.data;
+	while (next) {
+		const char *current;
+		char *k;
+
+		if (num_users >= response.data.num_entries) {
+			wbc_status = WBC_ERR_INVALID_RESPONSE;
+			goto done;
+		}
+
+		current = next;
+		k = strchr(next, ',');
+
+		if (k) {
+			k[0] = '\0';
+			next = k+1;
+		} else {
+			next = NULL;
+		}
+
+		users[num_users] = strdup(current);
+		BAIL_ON_PTR_ERROR(users[num_users], wbc_status);
+		num_users += 1;
+	}
+	if (num_users != response.data.num_entries) {
+		wbc_status = WBC_ERR_INVALID_RESPONSE;
+		goto done;
+	}
+
+	*_num_users = response.data.num_entries;
+	*_users = users;
+	users = NULL;
+	wbc_status = WBC_ERR_SUCCESS;
+
+ done:
+	winbindd_free_response(&response);
+	wbcFreeMemory(users);
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcListUsers(const char *domain_name,
+		    uint32_t *_num_users,
+		    const char ***_users)
+{
+	return wbcCtxListUsers(NULL, domain_name, _num_users, _users);
+}
+
+/* Lists Groups */
+_PUBLIC_
+wbcErr wbcCtxListGroups(struct wbcContext *ctx,
+			const char *domain_name,
+			uint32_t *_num_groups,
+			const char ***_groups)
+{
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	struct winbindd_request request;
+	struct winbindd_response response;
+	uint32_t num_groups = 0;
+	const char **groups = NULL;
+	const char *next;
+
+	/* Initialise request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	if (domain_name) {
+		strncpy(request.domain_name, domain_name,
+			sizeof(request.domain_name)-1);
+	}
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_LIST_GROUPS,
+					&request,
+					&response);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	groups = wbcAllocateStringArray(response.data.num_entries);
+	if (groups == NULL) {
+		return WBC_ERR_NO_MEMORY;
+	}
+
+	/* Look through extra data */
+
+	next = (const char *)response.extra_data.data;
+	while (next) {
+		const char *current;
+		char *k;
+
+		if (num_groups >= response.data.num_entries) {
+			wbc_status = WBC_ERR_INVALID_RESPONSE;
+			goto done;
+		}
+
+		current = next;
+		k = strchr(next, ',');
+
+		if (k) {
+			k[0] = '\0';
+			next = k+1;
+		} else {
+			next = NULL;
+		}
+
+		groups[num_groups] = strdup(current);
+		BAIL_ON_PTR_ERROR(groups[num_groups], wbc_status);
+		num_groups += 1;
+	}
+	if (num_groups != response.data.num_entries) {
+		wbc_status = WBC_ERR_INVALID_RESPONSE;
+		goto done;
+	}
+
+	*_num_groups = response.data.num_entries;
+	*_groups = groups;
+	groups = NULL;
+	wbc_status = WBC_ERR_SUCCESS;
+
+ done:
+	winbindd_free_response(&response);
+	wbcFreeMemory(groups);
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcListGroups(const char *domain_name,
+		     uint32_t *_num_groups,
+		     const char ***_groups)
+{
+	return wbcCtxListGroups(NULL, domain_name, _num_groups, _groups);
+}
+
+_PUBLIC_
+wbcErr wbcCtxGetDisplayName(struct wbcContext *ctx,
+			    const struct wbcDomainSid *sid,
+			    char **pdomain,
+			    char **pfullname,
+			    enum wbcSidType *pname_type)
+{
+	wbcErr wbc_status;
+	char *domain = NULL;
+	char *name = NULL;
+	enum wbcSidType name_type;
+
+	wbc_status = wbcCtxLookupSid(ctx, sid, &domain, &name, &name_type);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	if (name_type == WBC_SID_NAME_USER) {
+		uid_t uid;
+		struct passwd *pwd;
+
+		wbc_status = wbcCtxSidToUid(ctx, sid, &uid);
+		BAIL_ON_WBC_ERROR(wbc_status);
+
+		wbc_status = wbcCtxGetpwuid(ctx, uid, &pwd);
+		BAIL_ON_WBC_ERROR(wbc_status);
+
+		wbcFreeMemory(name);
+
+		name = wbcStrDup(pwd->pw_gecos);
+		wbcFreeMemory(pwd);
+		BAIL_ON_PTR_ERROR(name, wbc_status);
+	}
+
+	wbc_status = WBC_ERR_SUCCESS;
+
+ done:
+	if (WBC_ERROR_IS_OK(wbc_status)) {
+		*pdomain = domain;
+		*pfullname = name;
+		*pname_type = name_type;
+	} else {
+		wbcFreeMemory(domain);
+		wbcFreeMemory(name);
+	}
+
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcGetDisplayName(const struct wbcDomainSid *sid,
+			 char **pdomain,
+			 char **pfullname,
+			 enum wbcSidType *pname_type)
+{
+	return wbcCtxGetDisplayName(NULL, sid, pdomain, pfullname, pname_type);
+}
+
+_PUBLIC_
+const char* wbcSidTypeString(enum wbcSidType type)
+{
+	switch (type) {
+	case WBC_SID_NAME_USE_NONE: return "SID_NONE";
+	case WBC_SID_NAME_USER:     return "SID_USER";
+	case WBC_SID_NAME_DOM_GRP:  return "SID_DOM_GROUP";
+	case WBC_SID_NAME_DOMAIN:   return "SID_DOMAIN";
+	case WBC_SID_NAME_ALIAS:    return "SID_ALIAS";
+	case WBC_SID_NAME_WKN_GRP:  return "SID_WKN_GROUP";
+	case WBC_SID_NAME_DELETED:  return "SID_DELETED";
+	case WBC_SID_NAME_INVALID:  return "SID_INVALID";
+	case WBC_SID_NAME_UNKNOWN:  return "SID_UNKNOWN";
+	case WBC_SID_NAME_COMPUTER: return "SID_COMPUTER";
+	case WBC_SID_NAME_LABEL:    return "SID_LABEL";
+	default:                    return "Unknown type";
+	}
+}
diff --git a/nsswitch/libwbclient/wbc_util.c b/nsswitch/libwbclient/wbc_util.c
new file mode 100644
index 0000000..9e54baf
--- /dev/null
+++ b/nsswitch/libwbclient/wbc_util.c
@@ -0,0 +1,920 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Winbind client asynchronous API, utility functions
+
+   Copyright (C) Gerald (Jerry) Carter 2007-2008
+
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 3 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* Required Headers */
+
+#include "replace.h"
+#include "libwbclient.h"
+#include "../winbind_client.h"
+
+/** @brief Ping winbindd to see if the daemon is running
+ *
+ * @param *ctx       wbclient Context
+ *
+ * @return #wbcErr
+ **/
+_PUBLIC_
+wbcErr wbcCtxPing(struct wbcContext *ctx)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+
+	/* Initialize request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	return wbcRequestResponse(ctx, WINBINDD_PING, &request, &response);
+}
+
+_PUBLIC_
+wbcErr wbcPing(void)
+{
+	return wbcCtxPing(NULL);
+}
+
+static void wbcInterfaceDetailsDestructor(void *ptr)
+{
+	struct wbcInterfaceDetails *i = (struct wbcInterfaceDetails *)ptr;
+	free(i->winbind_version);
+	free(i->netbios_name);
+	free(i->netbios_domain);
+	free(i->dns_domain);
+}
+
+/**
+ * @brief Query useful information about the winbind service
+ *
+ * @param *_details	pointer to hold the struct wbcInterfaceDetails
+ *
+ * @return #wbcErr
+ */
+
+_PUBLIC_
+wbcErr wbcCtxInterfaceDetails(struct wbcContext *ctx,
+			      struct wbcInterfaceDetails **_details)
+{
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	struct wbcInterfaceDetails *info;
+	struct wbcDomainInfo *domain = NULL;
+	struct winbindd_request request;
+	struct winbindd_response response;
+
+	/* Initialize request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	info = (struct wbcInterfaceDetails *)wbcAllocateMemory(
+		1, sizeof(struct wbcInterfaceDetails),
+		wbcInterfaceDetailsDestructor);
+	BAIL_ON_PTR_ERROR(info, wbc_status);
+
+	/* first the interface version */
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_INTERFACE_VERSION,
+					NULL, &response);
+	BAIL_ON_WBC_ERROR(wbc_status);
+	info->interface_version = response.data.interface_version;
+
+	/* then the samba version and the winbind separator */
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_INFO, NULL, &response);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	info->winbind_version = strdup(response.data.info.samba_version);
+	BAIL_ON_PTR_ERROR(info->winbind_version, wbc_status);
+	info->winbind_separator = response.data.info.winbind_separator;
+
+	/* then the local netbios name */
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_NETBIOS_NAME,
+					NULL, &response);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	info->netbios_name = strdup(response.data.netbios_name);
+	BAIL_ON_PTR_ERROR(info->netbios_name, wbc_status);
+
+	/* then the local workgroup name */
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_DOMAIN_NAME,
+					NULL, &response);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	info->netbios_domain = strdup(response.data.domain_name);
+	BAIL_ON_PTR_ERROR(info->netbios_domain, wbc_status);
+
+	wbc_status = wbcCtxDomainInfo(ctx, info->netbios_domain, &domain);
+	if (wbc_status == WBC_ERR_DOMAIN_NOT_FOUND) {
+		/* maybe it's a standalone server */
+		domain = NULL;
+	} else {
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	if (domain) {
+		info->dns_domain = strdup(domain->dns_name);
+		wbcFreeMemory(domain);
+		BAIL_ON_PTR_ERROR(info->dns_domain, wbc_status);
+	} else {
+		info->dns_domain = NULL;
+	}
+
+	*_details = info;
+	info = NULL;
+
+	wbc_status = WBC_ERR_SUCCESS;
+
+done:
+	wbcFreeMemory(info);
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcInterfaceDetails(struct wbcInterfaceDetails **_details)
+{
+	return wbcCtxInterfaceDetails(NULL, _details);
+}
+
+static void wbcDomainInfoDestructor(void *ptr)
+{
+	struct wbcDomainInfo *i = (struct wbcDomainInfo *)ptr;
+	free(i->short_name);
+	free(i->dns_name);
+}
+
+/** @brief Lookup the current status of a trusted domain, sync wrapper
+ *
+ * @param domain      Domain to query
+ * @param *dinfo       Pointer to returned struct wbcDomainInfo
+ *
+ * @return #wbcErr
+ */
+
+_PUBLIC_
+wbcErr wbcCtxDomainInfo(struct wbcContext *ctx,
+			const char *domain,
+			struct wbcDomainInfo **dinfo)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	struct wbcDomainInfo *info = NULL;
+
+	if (!domain || !dinfo) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	/* Initialize request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	strncpy(request.domain_name, domain,
+		sizeof(request.domain_name)-1);
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_DOMAIN_INFO,
+					&request,
+					&response);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	info = (struct wbcDomainInfo *)wbcAllocateMemory(
+		1, sizeof(struct wbcDomainInfo), wbcDomainInfoDestructor);
+	BAIL_ON_PTR_ERROR(info, wbc_status);
+
+	info->short_name = strdup(response.data.domain_info.name);
+	BAIL_ON_PTR_ERROR(info->short_name, wbc_status);
+
+	info->dns_name = strdup(response.data.domain_info.alt_name);
+	BAIL_ON_PTR_ERROR(info->dns_name, wbc_status);
+
+	wbc_status = wbcStringToSid(response.data.domain_info.sid,
+				    &info->sid);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	if (response.data.domain_info.native_mode)
+		info->domain_flags |= WBC_DOMINFO_DOMAIN_NATIVE;
+	if (response.data.domain_info.active_directory)
+		info->domain_flags |= WBC_DOMINFO_DOMAIN_AD;
+	if (response.data.domain_info.primary)
+		info->domain_flags |= WBC_DOMINFO_DOMAIN_PRIMARY;
+
+	*dinfo = info;
+	info = NULL;
+
+	wbc_status = WBC_ERR_SUCCESS;
+
+ done:
+	wbcFreeMemory(info);
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcDomainInfo(const char *domain, struct wbcDomainInfo **dinfo)
+{
+	return wbcCtxDomainInfo(NULL, domain, dinfo);
+}
+
+/* Get the list of current DCs */
+_PUBLIC_
+wbcErr wbcCtxDcInfo(struct wbcContext *ctx,
+		    const char *domain, size_t *num_dcs,
+		    const char ***dc_names, const char ***dc_ips)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	const char **names = NULL;
+	const char **ips = NULL;
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	size_t extra_len;
+	int i;
+	char *p;
+
+	/* Initialise request */
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	if (domain != NULL) {
+		strncpy(request.domain_name, domain,
+			sizeof(request.domain_name) - 1);
+	}
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_DC_INFO,
+					&request, &response);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	names = wbcAllocateStringArray(response.data.num_entries);
+	BAIL_ON_PTR_ERROR(names, wbc_status);
+
+	ips = wbcAllocateStringArray(response.data.num_entries);
+	BAIL_ON_PTR_ERROR(ips, wbc_status);
+
+	wbc_status = WBC_ERR_INVALID_RESPONSE;
+
+	p = (char *)response.extra_data.data;
+
+	if (response.length < (sizeof(struct winbindd_response)+1)) {
+		goto done;
+	}
+
+	extra_len = response.length - sizeof(struct winbindd_response);
+
+	if (p[extra_len-1] != '\0') {
+		goto done;
+	}
+
+	for (i=0; i<response.data.num_entries; i++) {
+		char *q;
+
+		q = strchr(p, '\n');
+		if (q == NULL) {
+			goto done;
+		}
+		names[i] = strndup(p, q-p);
+		BAIL_ON_PTR_ERROR(names[i], wbc_status);
+		p = q+1;
+
+		q = strchr(p, '\n');
+		if (q == NULL) {
+			goto done;
+		}
+		ips[i] = strndup(p, q-p);
+		BAIL_ON_PTR_ERROR(ips[i], wbc_status);
+		p = q+1;
+	}
+	if (p[0] != '\0') {
+		goto done;
+	}
+
+        wbc_status = WBC_ERR_SUCCESS;
+done:
+	if (response.extra_data.data)
+		free(response.extra_data.data);
+
+	if (WBC_ERROR_IS_OK(wbc_status)) {
+		*num_dcs = response.data.num_entries;
+		*dc_names = names;
+		names = NULL;
+		*dc_ips = ips;
+		ips = NULL;
+	}
+	wbcFreeMemory(names);
+	wbcFreeMemory(ips);
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcDcInfo(const char *domain, size_t *num_dcs,
+		 const char ***dc_names, const char ***dc_ips)
+{
+	return wbcCtxDcInfo(NULL, domain, num_dcs, dc_names, dc_ips);
+}
+
+/* Resolve a NetbiosName via WINS */
+_PUBLIC_
+wbcErr wbcCtxResolveWinsByName(struct wbcContext *ctx,
+			       const char *name, char **ip)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	char *ipaddr;
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	/* Send request */
+
+	strncpy(request.data.winsreq, name,
+		sizeof(request.data.winsreq)-1);
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_WINS_BYNAME,
+					&request,
+					&response);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	/* Display response */
+
+	ipaddr = wbcStrDup(response.data.winsresp);
+	BAIL_ON_PTR_ERROR(ipaddr, wbc_status);
+
+	*ip = ipaddr;
+	wbc_status = WBC_ERR_SUCCESS;
+
+ done:
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcResolveWinsByName(const char *name, char **ip)
+{
+	return wbcCtxResolveWinsByName(NULL, name, ip);
+}
+
+/* Resolve an IP address via WINS into a NetbiosName */
+_PUBLIC_
+wbcErr wbcCtxResolveWinsByIP(struct wbcContext *ctx,
+			     const char *ip, char **name)
+{
+	struct winbindd_request request;
+	struct winbindd_response response;
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	char *name_str;
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	/* Send request */
+
+	strncpy(request.data.winsreq, ip,
+		sizeof(request.data.winsreq)-1);
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_WINS_BYIP,
+					&request,
+					&response);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	/* Display response */
+
+	name_str = wbcStrDup(response.data.winsresp);
+	BAIL_ON_PTR_ERROR(name_str, wbc_status);
+
+	*name = name_str;
+	wbc_status = WBC_ERR_SUCCESS;
+
+ done:
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcResolveWinsByIP(const char *ip, char **name)
+{
+	return wbcCtxResolveWinsByIP(NULL, ip, name);
+}
+
+/**
+ */
+
+static wbcErr process_domain_info_string(struct wbcDomainInfo *info,
+					 char *info_string)
+{
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	char *r = NULL;
+	char *s = NULL;
+
+	r = info_string;
+
+	/* Short Name */
+	if ((s = strchr(r, '\\')) == NULL) {
+		wbc_status = WBC_ERR_INVALID_RESPONSE;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+	*s = '\0';
+	s++;
+
+	info->short_name = strdup(r);
+	BAIL_ON_PTR_ERROR(info->short_name, wbc_status);
+
+
+	/* DNS Name */
+	r = s;
+	if ((s = strchr(r, '\\')) == NULL) {
+		wbc_status = WBC_ERR_INVALID_RESPONSE;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+	*s = '\0';
+	s++;
+
+	info->dns_name = strdup(r);
+	BAIL_ON_PTR_ERROR(info->dns_name, wbc_status);
+
+	/* SID */
+	r = s;
+	if ((s = strchr(r, '\\')) == NULL) {
+		wbc_status = WBC_ERR_INVALID_RESPONSE;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+	*s = '\0';
+	s++;
+
+	wbc_status = wbcStringToSid(r, &info->sid);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	/* Trust type */
+	r = s;
+	if ((s = strchr(r, '\\')) == NULL) {
+		wbc_status = WBC_ERR_INVALID_RESPONSE;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+	*s = '\0';
+	s++;
+
+	if (strncmp(r, "Routed", strlen("Routed")) == 0) {
+		info->trust_type = WBC_DOMINFO_TRUSTTYPE_NONE;
+		info->trust_routing = strdup(r);
+		BAIL_ON_PTR_ERROR(info->trust_routing, wbc_status);
+	} else if (strcmp(r, "Local") == 0) {
+		info->trust_type = WBC_DOMINFO_TRUSTTYPE_LOCAL;
+	} else if (strcmp(r, "Workstation") == 0) {
+		info->trust_type = WBC_DOMINFO_TRUSTTYPE_WKSTA;
+	} else if (strcmp(r, "RWDC") == 0) {
+		info->trust_type = WBC_DOMINFO_TRUSTTYPE_RWDC;
+	} else if (strcmp(r, "RODC") == 0) {
+		info->trust_type = WBC_DOMINFO_TRUSTTYPE_RODC;
+	} else if (strcmp(r, "PDC") == 0) {
+		info->trust_type = WBC_DOMINFO_TRUSTTYPE_PDC;
+	} else if (strcmp(r, "External") == 0) {
+		info->trust_type = WBC_DOMINFO_TRUSTTYPE_EXTERNAL;
+	} else if (strcmp(r, "Forest") == 0) {
+		info->trust_type = WBC_DOMINFO_TRUSTTYPE_FOREST;
+	} else if (strcmp(r, "In Forest") == 0) {
+		info->trust_type = WBC_DOMINFO_TRUSTTYPE_IN_FOREST;
+	} else {
+		wbc_status = WBC_ERR_INVALID_RESPONSE;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	/* Transitive */
+	r = s;
+	if ((s = strchr(r, '\\')) == NULL) {
+		wbc_status = WBC_ERR_INVALID_RESPONSE;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+	*s = '\0';
+	s++;
+
+	if (strcmp(r, "Yes") == 0) {
+		info->trust_flags |= WBC_DOMINFO_TRUST_TRANSITIVE;
+	}
+
+	/* Incoming */
+	r = s;
+	if ((s = strchr(r, '\\')) == NULL) {
+		wbc_status = WBC_ERR_INVALID_RESPONSE;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+	*s = '\0';
+	s++;
+
+	if (strcmp(r, "Yes") == 0) {
+		info->trust_flags |= WBC_DOMINFO_TRUST_INCOMING;
+	}
+
+	/* Outgoing */
+	r = s;
+	if ((s = strchr(r, '\\')) == NULL) {
+		wbc_status = WBC_ERR_INVALID_RESPONSE;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+	*s = '\0';
+	s++;
+
+	if (strcmp(r, "Yes") == 0) {
+		info->trust_flags |= WBC_DOMINFO_TRUST_OUTGOING;
+	}
+
+	/* Online/Offline status */
+	r = s;
+	if ( strcmp(r, "Offline") == 0) {
+		info->domain_flags |= WBC_DOMINFO_DOMAIN_OFFLINE;
+	}
+
+	wbc_status = WBC_ERR_SUCCESS;
+
+ done:
+	return wbc_status;
+}
+
+static void wbcDomainInfoListDestructor(void *ptr)
+{
+	struct wbcDomainInfo *i = (struct wbcDomainInfo *)ptr;
+
+	while (i->short_name != NULL) {
+		free(i->short_name);
+		free(i->dns_name);
+		i += 1;
+	}
+}
+
+/* Enumerate the domain trusts known by Winbind */
+_PUBLIC_
+wbcErr wbcCtxListTrusts(struct wbcContext *ctx,
+			struct wbcDomainInfo **domains, size_t *num_domains)
+{
+	struct winbindd_response response;
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	char *p = NULL;
+	char *extra_data = NULL;
+	struct wbcDomainInfo *d_list = NULL;
+	int i = 0;
+
+	*domains = NULL;
+	*num_domains = 0;
+
+	ZERO_STRUCT(response);
+
+	/* Send request */
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_LIST_TRUSTDOM,
+					NULL,
+					&response);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	/* Decode the response */
+
+	p = (char *)response.extra_data.data;
+
+	if ((p == NULL) || (strlen(p) == 0)) {
+		/* We should always at least get back our
+		   own SAM domain */
+
+		wbc_status = WBC_ERR_DOMAIN_NOT_FOUND;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	d_list = (struct wbcDomainInfo *)wbcAllocateMemory(
+		response.data.num_entries + 1,sizeof(struct wbcDomainInfo),
+		wbcDomainInfoListDestructor);
+	BAIL_ON_PTR_ERROR(d_list, wbc_status);
+
+	extra_data = strdup((char*)response.extra_data.data);
+	BAIL_ON_PTR_ERROR(extra_data, wbc_status);
+
+	p = extra_data;
+
+	/* Outer loop processes the list of domain information */
+
+	for (i=0; i<response.data.num_entries && p; i++) {
+		char *next = strchr(p, '\n');
+
+		if (next) {
+			*next = '\0';
+			next++;
+		}
+
+		wbc_status = process_domain_info_string(&d_list[i], p);
+		BAIL_ON_WBC_ERROR(wbc_status);
+
+		p = next;
+	}
+
+	*domains = d_list;
+	d_list = NULL;
+	*num_domains = i;
+
+ done:
+	winbindd_free_response(&response);
+	wbcFreeMemory(d_list);
+	free(extra_data);
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcListTrusts(struct wbcDomainInfo **domains, size_t *num_domains)
+{
+	return wbcCtxListTrusts(NULL, domains, num_domains);
+}
+
+static void wbcDomainControllerInfoDestructor(void *ptr)
+{
+	struct wbcDomainControllerInfo *i =
+		(struct wbcDomainControllerInfo *)ptr;
+	free(i->dc_name);
+}
+
+/* Enumerate the domain trusts known by Winbind */
+_PUBLIC_
+wbcErr wbcCtxLookupDomainController(struct wbcContext *ctx,
+				    const char *domain, uint32_t flags,
+				    struct wbcDomainControllerInfo **dc_info)
+{
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	struct winbindd_request request;
+	struct winbindd_response response;
+	struct wbcDomainControllerInfo *dc = NULL;
+
+	/* validate input params */
+
+	if (!domain || !dc_info) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	strncpy(request.data.dsgetdcname.domain_name, domain,
+		sizeof(request.data.dsgetdcname.domain_name)-1);
+
+	request.flags = flags;
+
+	dc = (struct wbcDomainControllerInfo *)wbcAllocateMemory(
+		 1, sizeof(struct wbcDomainControllerInfo),
+		wbcDomainControllerInfoDestructor);
+	BAIL_ON_PTR_ERROR(dc, wbc_status);
+
+	/* Send request */
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_DSGETDCNAME,
+					&request,
+					&response);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	dc->dc_name = strdup(response.data.dsgetdcname.dc_unc);
+	BAIL_ON_PTR_ERROR(dc->dc_name, wbc_status);
+
+	*dc_info = dc;
+	dc = NULL;
+
+done:
+	wbcFreeMemory(dc);
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcLookupDomainController(const char *domain, uint32_t flags,
+				 struct wbcDomainControllerInfo **dc_info)
+{
+	return wbcCtxLookupDomainController(NULL, domain, flags, dc_info);
+}
+
+static void wbcDomainControllerInfoExDestructor(void *ptr)
+{
+	struct wbcDomainControllerInfoEx *i =
+		(struct wbcDomainControllerInfoEx *)ptr;
+	free(discard_const_p(char, i->dc_unc));
+	free(discard_const_p(char, i->dc_address));
+	free(discard_const_p(char, i->domain_guid));
+	free(discard_const_p(char, i->domain_name));
+	free(discard_const_p(char, i->forest_name));
+	free(discard_const_p(char, i->dc_site_name));
+	free(discard_const_p(char, i->client_site_name));
+}
+
+static wbcErr wbc_create_domain_controller_info_ex(const struct winbindd_response *resp,
+						   struct wbcDomainControllerInfoEx **_i)
+{
+	wbcErr wbc_status = WBC_ERR_SUCCESS;
+	struct wbcDomainControllerInfoEx *i;
+	struct wbcGuid guid;
+
+	i = (struct wbcDomainControllerInfoEx *)wbcAllocateMemory(
+		1, sizeof(struct wbcDomainControllerInfoEx),
+		wbcDomainControllerInfoExDestructor);
+	BAIL_ON_PTR_ERROR(i, wbc_status);
+
+	i->dc_unc = strdup(resp->data.dsgetdcname.dc_unc);
+	BAIL_ON_PTR_ERROR(i->dc_unc, wbc_status);
+
+	i->dc_address = strdup(resp->data.dsgetdcname.dc_address);
+	BAIL_ON_PTR_ERROR(i->dc_address, wbc_status);
+
+	i->dc_address_type = resp->data.dsgetdcname.dc_address_type;
+
+	wbc_status = wbcStringToGuid(resp->data.dsgetdcname.domain_guid, &guid);
+	if (WBC_ERROR_IS_OK(wbc_status)) {
+		i->domain_guid = (struct wbcGuid *)malloc(
+			sizeof(struct wbcGuid));
+		BAIL_ON_PTR_ERROR(i->domain_guid, wbc_status);
+
+		*i->domain_guid = guid;
+	}
+
+	i->domain_name = strdup(resp->data.dsgetdcname.domain_name);
+	BAIL_ON_PTR_ERROR(i->domain_name, wbc_status);
+
+	if (resp->data.dsgetdcname.forest_name[0] != '\0') {
+		i->forest_name = strdup(resp->data.dsgetdcname.forest_name);
+		BAIL_ON_PTR_ERROR(i->forest_name, wbc_status);
+	}
+
+	i->dc_flags = resp->data.dsgetdcname.dc_flags;
+
+	if (resp->data.dsgetdcname.dc_site_name[0] != '\0') {
+		i->dc_site_name = strdup(resp->data.dsgetdcname.dc_site_name);
+		BAIL_ON_PTR_ERROR(i->dc_site_name, wbc_status);
+	}
+
+	if (resp->data.dsgetdcname.client_site_name[0] != '\0') {
+		i->client_site_name = strdup(
+			resp->data.dsgetdcname.client_site_name);
+		BAIL_ON_PTR_ERROR(i->client_site_name, wbc_status);
+	}
+
+	*_i = i;
+	i = NULL;
+
+done:
+	if (i != NULL) {
+		wbcFreeMemory(i);
+	}
+	return wbc_status;
+}
+
+/* Get extended domain controller information */
+_PUBLIC_
+wbcErr wbcCtxLookupDomainControllerEx(struct wbcContext *ctx,
+				      const char *domain,
+				      struct wbcGuid *guid,
+				      const char *site,
+				      uint32_t flags,
+				      struct wbcDomainControllerInfoEx **dc_info)
+{
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	struct winbindd_request request;
+	struct winbindd_response response;
+
+	/* validate input params */
+
+	if (!domain || !dc_info) {
+		wbc_status = WBC_ERR_INVALID_PARAM;
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	ZERO_STRUCT(request);
+	ZERO_STRUCT(response);
+
+	request.data.dsgetdcname.flags = flags;
+
+	strncpy(request.data.dsgetdcname.domain_name, domain,
+		sizeof(request.data.dsgetdcname.domain_name)-1);
+
+	if (site) {
+		strncpy(request.data.dsgetdcname.site_name, site,
+			sizeof(request.data.dsgetdcname.site_name)-1);
+	}
+
+	if (guid) {
+		char *str = NULL;
+
+		wbc_status = wbcGuidToString(guid, &str);
+		BAIL_ON_WBC_ERROR(wbc_status);
+
+		strncpy(request.data.dsgetdcname.domain_guid, str,
+			sizeof(request.data.dsgetdcname.domain_guid)-1);
+
+		wbcFreeMemory(str);
+	}
+
+	/* Send request */
+
+	wbc_status = wbcRequestResponse(ctx, WINBINDD_DSGETDCNAME,
+					&request,
+					&response);
+	BAIL_ON_WBC_ERROR(wbc_status);
+
+	if (dc_info) {
+		wbc_status = wbc_create_domain_controller_info_ex(&response,
+								  dc_info);
+		BAIL_ON_WBC_ERROR(wbc_status);
+	}
+
+	wbc_status = WBC_ERR_SUCCESS;
+done:
+	return wbc_status;
+}
+
+_PUBLIC_
+wbcErr wbcLookupDomainControllerEx(const char *domain,
+				   struct wbcGuid *guid,
+				   const char *site,
+				   uint32_t flags,
+				   struct wbcDomainControllerInfoEx **dc_info)
+{
+	return wbcCtxLookupDomainControllerEx(NULL, domain, guid, site,
+					      flags, dc_info);
+}
+
+static void wbcNamedBlobDestructor(void *ptr)
+{
+	struct wbcNamedBlob *b = (struct wbcNamedBlob *)ptr;
+
+	while (b->name != NULL) {
+		free(discard_const_p(char, b->name));
+		free(b->blob.data);
+		b += 1;
+	}
+}
+
+/* Initialize a named blob and add to list of blobs */
+_PUBLIC_
+wbcErr wbcAddNamedBlob(size_t *num_blobs,
+		       struct wbcNamedBlob **pblobs,
+		       const char *name,
+		       uint32_t flags,
+		       uint8_t *data,
+		       size_t length)
+{
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	struct wbcNamedBlob *blobs, *blob;
+
+	if (name == NULL) {
+		return WBC_ERR_INVALID_PARAM;
+	}
+
+	/*
+	 * Overallocate the b->name==NULL terminator for
+	 * wbcNamedBlobDestructor
+	 */
+	blobs = (struct wbcNamedBlob *)wbcAllocateMemory(
+		*num_blobs + 2, sizeof(struct wbcNamedBlob),
+		wbcNamedBlobDestructor);
+
+	if (blobs == NULL) {
+		return WBC_ERR_NO_MEMORY;
+	}
+
+	if (*pblobs != NULL) {
+		struct wbcNamedBlob *old = *pblobs;
+		memcpy(blobs, old, sizeof(struct wbcNamedBlob) * (*num_blobs));
+		if (*num_blobs != 0) {
+			/* end indicator for wbcNamedBlobDestructor */
+			old[0].name = NULL;
+		}
+		wbcFreeMemory(old);
+	}
+	*pblobs = blobs;
+
+	blob = &blobs[*num_blobs];
+
+	blob->name = strdup(name);
+	BAIL_ON_PTR_ERROR(blob->name, wbc_status);
+	blob->flags = flags;
+
+	blob->blob.length = length;
+	blob->blob.data	= (uint8_t *)malloc(length);
+	BAIL_ON_PTR_ERROR(blob->blob.data, wbc_status);
+	memcpy(blob->blob.data, data, length);
+
+	*num_blobs += 1;
+	*pblobs = blobs;
+	blobs = NULL;
+
+	wbc_status = WBC_ERR_SUCCESS;
+done:
+	wbcFreeMemory(blobs);
+	return wbc_status;
+}
+
+_PUBLIC_
+void wbcSetClientProcessName(const char *name)
+{
+	winbind_set_client_name(name);
+}
diff --git a/nsswitch/libwbclient/wbclient.c b/nsswitch/libwbclient/wbclient.c
new file mode 100644
index 0000000..4562046
--- /dev/null
+++ b/nsswitch/libwbclient/wbclient.c
@@ -0,0 +1,344 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Winbind client API
+
+   Copyright (C) Gerald (Jerry) Carter 2007
+   Copyright (C) Matthew Newton 2015
+
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 3 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/* Required Headers */
+
+#include "replace.h"
+#include "libwbclient.h"
+
+/* From wb_common.c */
+
+struct winbindd_context;
+
+NSS_STATUS winbindd_request_response(struct winbindd_context *wbctx,
+				     int req_type,
+				     struct winbindd_request *request,
+				     struct winbindd_response *response);
+NSS_STATUS winbindd_priv_request_response(struct winbindd_context *wbctx,
+					  int req_type,
+					  struct winbindd_request *request,
+					  struct winbindd_response *response);
+struct winbindd_context *winbindd_ctx_create(void);
+void winbindd_ctx_free(struct winbindd_context *ctx);
+
+/* Global context used for non-Ctx functions */
+
+static struct wbcContext wbcGlobalCtx = {
+	.winbindd_ctx = NULL,
+	.pw_cache_size = 0,
+	.pw_cache_idx = 0,
+	.gr_cache_size = 0,
+	.gr_cache_idx = 0
+};
+
+/*
+ result == NSS_STATUS_UNAVAIL: winbind not around
+ result == NSS_STATUS_NOTFOUND: winbind around, but domain missing
+
+ Due to a bad API NSS_STATUS_NOTFOUND is returned both when winbind_off
+ and when winbind return WINBINDD_ERROR. So the semantics of this
+ routine depends on winbind_on. Grepping for winbind_off I just
+ found 3 places where winbind is turned off, and this does not conflict
+ (as far as I have seen) with the callers of is_trusted_domains.
+
+ --Volker
+*/
+
+static wbcErr wbcRequestResponseInt(
+	struct winbindd_context *wbctx,
+	int cmd,
+	struct winbindd_request *request,
+	struct winbindd_response *response,
+	NSS_STATUS (*fn)(struct winbindd_context *wbctx, int req_type,
+			 struct winbindd_request *request,
+			 struct winbindd_response *response))
+{
+	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
+	NSS_STATUS nss_status;
+
+	/* for some calls the request and/or response can be NULL */
+
+	nss_status = fn(wbctx, cmd, request, response);
+
+	switch (nss_status) {
+	case NSS_STATUS_SUCCESS:
+		wbc_status = WBC_ERR_SUCCESS;
+		break;
+	case NSS_STATUS_UNAVAIL:
+		wbc_status = WBC_ERR_WINBIND_NOT_AVAILABLE;
+		break;
+	case NSS_STATUS_NOTFOUND:
+		wbc_status = WBC_ERR_DOMAIN_NOT_FOUND;
+		break;
+	default:
+		wbc_status = WBC_ERR_NSS_ERROR;
+		break;
+	}
+
+	return wbc_status;
+}
+
+/**
+ * @brief Wrapper around Winbind's send/receive API call
+ *
+ * @param ctx       Context
+ * @param cmd       Winbind command operation to perform
+ * @param request   Send structure
+ * @param response  Receive structure
+ *
+ * @return #wbcErr
+ */
+_PUBLIC_ /* this is internal to wbclient_internal.h, but part of the ABI */
+wbcErr wbcRequestResponse(struct wbcContext *ctx, int cmd,
+			  struct winbindd_request *request,
+			  struct winbindd_response *response)
+{
+	struct winbindd_context *wbctx = NULL;
+
+	if (ctx) {
+		wbctx = ctx->winbindd_ctx;
+	}
+
+	return wbcRequestResponseInt(wbctx, cmd, request, response,
+				     winbindd_request_response);
+}
+
+_PUBLIC_ /* this is internal to wbclient_internal.h, but part of the ABI */
+wbcErr wbcRequestResponsePriv(struct wbcContext *ctx, int cmd,
+			      struct winbindd_request *request,
+			      struct winbindd_response *response)
+{
+	struct winbindd_context *wbctx = NULL;
+
+	if (ctx) {
+		wbctx = ctx->winbindd_ctx;
+	}
+
+	return wbcRequestResponseInt(wbctx, cmd, request, response,
+				     winbindd_priv_request_response);
+}
+
+/** @brief Translate an error value into a string
+ *
+ * @param error
+ *
+ * @return a pointer to a static string
+ **/
+_PUBLIC_
+const char *wbcErrorString(wbcErr error)
+{
+	switch (error) {
+	case WBC_ERR_SUCCESS:
+		return "WBC_ERR_SUCCESS";
+	case WBC_ERR_NOT_IMPLEMENTED:
+		return "WBC_ERR_NOT_IMPLEMENTED";
+	case WBC_ERR_UNKNOWN_FAILURE:
+		return "WBC_ERR_UNKNOWN_FAILURE";
+	case WBC_ERR_NO_MEMORY:
+		return "WBC_ERR_NO_MEMORY";
+	case WBC_ERR_INVALID_SID:
+		return "WBC_ERR_INVALID_SID";
+	case WBC_ERR_INVALID_PARAM:
+		return "WBC_ERR_INVALID_PARAM";
+	case WBC_ERR_WINBIND_NOT_AVAILABLE:
+		return "WBC_ERR_WINBIND_NOT_AVAILABLE";
+	case WBC_ERR_DOMAIN_NOT_FOUND:
+		return "WBC_ERR_DOMAIN_NOT_FOUND";
+	case WBC_ERR_INVALID_RESPONSE:
+		return "WBC_ERR_INVALID_RESPONSE";
+	case WBC_ERR_NSS_ERROR:
+		return "WBC_ERR_NSS_ERROR";
+	case WBC_ERR_UNKNOWN_USER:
+		return "WBC_ERR_UNKNOWN_USER";
+	case WBC_ERR_UNKNOWN_GROUP:
+		return "WBC_ERR_UNKNOWN_GROUP";
+	case WBC_ERR_AUTH_ERROR:
+		return "WBC_ERR_AUTH_ERROR";
+	case WBC_ERR_PWD_CHANGE_FAILED:
+		return "WBC_ERR_PWD_CHANGE_FAILED";
+	}
+
+	return "unknown wbcErr value";
+}
+
+#define WBC_MAGIC (0x7a2b0e1e)
+#define WBC_MAGIC_FREE (0x875634fe)
+
+struct wbcMemPrefix {
+	uint32_t magic;
+	void (*destructor)(void *ptr);
+};
+
+static size_t wbcPrefixLen(void)
+{
+	size_t result = sizeof(struct wbcMemPrefix);
+	return (result + 15) & ~15;
+}
+
+static struct wbcMemPrefix *wbcMemToPrefix(void *ptr)
+{
+	return (struct wbcMemPrefix *)(((char *)ptr) - wbcPrefixLen());
+}
+
+_PUBLIC_ /* this is internal to wbclient_internal.h, but part of the ABI */
+void *wbcAllocateMemory(size_t nelem, size_t elsize,
+			void (*destructor)(void *ptr))
+{
+	struct wbcMemPrefix *result;
+
+	if (nelem >= (2<<24)/elsize) {
+		/* basic protection against integer wrap */
+		return NULL;
+	}
+
+	result = (struct wbcMemPrefix *)calloc(
+		1, nelem*elsize + wbcPrefixLen());
+	if (result == NULL) {
+		return NULL;
+	}
+	result->magic = WBC_MAGIC;
+	result->destructor = destructor;
+	return ((char *)result) + wbcPrefixLen();
+}
+
+/* Free library allocated memory */
+_PUBLIC_
+void wbcFreeMemory(void *p)
+{
+	struct wbcMemPrefix *wbcMem;
+
+	if (p == NULL) {
+		return;
+	}
+	wbcMem = wbcMemToPrefix(p);
+	if (wbcMem->magic != WBC_MAGIC) {
+		return;
+	}
+
+	/* paranoid check to ensure we don't double free */
+	wbcMem->magic = WBC_MAGIC_FREE;
+
+	if (wbcMem->destructor != NULL) {
+		wbcMem->destructor(p);
+	}
+	free(wbcMem);
+	return;
+}
+
+_PUBLIC_ /* this is internal to wbclient_internal.h, but part of the ABI */
+char *wbcStrDup(const char *str)
+{
+	char *result;
+	size_t len;
+
+	len = strlen(str);
+	result = (char *)wbcAllocateMemory(len+1, sizeof(char), NULL);
+	if (result == NULL) {
+		return NULL;
+	}
+	memcpy(result, str, len+1);
+	return result;
+}
+
+static void wbcStringArrayDestructor(void *ptr)
+{
+	char **p = (char **)ptr;
+	while (*p != NULL) {
+		free(*p);
+		p += 1;
+	}
+}
+
+_PUBLIC_ /* this is internal to wbclient_internal.h, but part of the ABI */
+const char **wbcAllocateStringArray(int num_strings)
+{
+	return (const char **)wbcAllocateMemory(
+		num_strings + 1, sizeof(const char *),
+		wbcStringArrayDestructor);
+}
+
+_PUBLIC_
+wbcErr wbcLibraryDetails(struct wbcLibraryDetails **_details)
+{
+	struct wbcLibraryDetails *info;
+
+	info = (struct wbcLibraryDetails *)wbcAllocateMemory(
+		1, sizeof(struct wbcLibraryDetails), NULL);
+
+	if (info == NULL) {
+		return WBC_ERR_NO_MEMORY;
+	}
+
+	info->major_version = WBCLIENT_MAJOR_VERSION;
+	info->minor_version = WBCLIENT_MINOR_VERSION;
+	info->vendor_version = WBCLIENT_VENDOR_VERSION;
+
+	*_details = info;
+	return WBC_ERR_SUCCESS;
+}
+
+/* Context handling functions */
+
+static void wbcContextDestructor(void *ptr)
+{
+	struct wbcContext *ctx = (struct wbcContext *)ptr;
+
+	winbindd_ctx_free(ctx->winbindd_ctx);
+}
+
+_PUBLIC_
+struct wbcContext *wbcCtxCreate(void)
+{
+	struct wbcContext *ctx;
+	struct winbindd_context *wbctx;
+
+	ctx = (struct wbcContext *)wbcAllocateMemory(
+		1, sizeof(struct wbcContext), wbcContextDestructor);
+
+	if (!ctx) {
+		return NULL;
+	}
+
+	wbctx = winbindd_ctx_create();
+
+	if (!wbctx) {
+		wbcFreeMemory(ctx);
+		return NULL;
+	}
+
+	ctx->winbindd_ctx = wbctx;
+
+	return ctx;
+}
+
+_PUBLIC_
+void wbcCtxFree(struct wbcContext *ctx)
+{
+	wbcFreeMemory(ctx);
+}
+
+_PUBLIC_ /* this is internal to wbclient_internal.h, but part of the ABI */
+struct wbcContext *wbcGetGlobalCtx(void)
+{
+	return &wbcGlobalCtx;
+}
diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h
new file mode 100644
index 0000000..05cf8a1
--- /dev/null
+++ b/nsswitch/libwbclient/wbclient.h
@@ -0,0 +1,2068 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Winbind client API
+
+   Copyright (C) Gerald (Jerry) Carter 2007
+   Copyright (C) Volker Lendecke 2009
+   Copyright (C) Matthew Newton 2015
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 3 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _WBCLIENT_H
+#define _WBCLIENT_H
+
+#include <pwd.h>
+#include <grp.h>
+
+/* Define error types */
+
+/**
+ *  @brief Status codes returned from wbc functions
+ **/
+
+enum _wbcErrType {
+	WBC_ERR_SUCCESS = 0,    /**< Successful completion **/
+	WBC_ERR_NOT_IMPLEMENTED,/**< Function not implemented **/
+	WBC_ERR_UNKNOWN_FAILURE,/**< General failure **/
+	WBC_ERR_NO_MEMORY,      /**< Memory allocation error **/
+	WBC_ERR_INVALID_SID,    /**< Invalid SID format **/
+	WBC_ERR_INVALID_PARAM,  /**< An Invalid parameter was supplied **/
+	WBC_ERR_WINBIND_NOT_AVAILABLE,   /**< Winbind daemon is not available **/
+	WBC_ERR_DOMAIN_NOT_FOUND,        /**< Domain is not trusted or cannot be found **/
+	WBC_ERR_INVALID_RESPONSE,        /**< Winbind returned an invalid response **/
+	WBC_ERR_NSS_ERROR,            /**< NSS_STATUS error **/
+	WBC_ERR_AUTH_ERROR,        /**< Authentication failed **/
+	WBC_ERR_UNKNOWN_USER,      /**< User account cannot be found */
+	WBC_ERR_UNKNOWN_GROUP,     /**< Group account cannot be found */
+	WBC_ERR_PWD_CHANGE_FAILED  /**< Password Change has failed */
+};
+
+typedef enum _wbcErrType wbcErr;
+
+#define WBC_ERROR_IS_OK(x) ((x) == WBC_ERR_SUCCESS)
+
+const char *wbcErrorString(wbcErr error);
+
+/**
+ *  @brief Some useful details about the wbclient library
+ *
+ *  0.1: Initial version
+ *  0.2: Added wbcRemoveUidMapping()
+ *       Added wbcRemoveGidMapping()
+ *  0.3: Added wbcGetpwsid()
+ *	 Added wbcGetSidAliases()
+ *  0.4: Added wbcSidTypeString()
+ *  0.5: Added wbcChangeTrustCredentials()
+ *  0.6: Made struct wbcInterfaceDetails char* members non-const
+ *  0.7: Added wbcSidToStringBuf()
+ *  0.8: Added wbcSidsToUnixIds() and wbcLookupSids()
+ *  0.9: Added support for WBC_ID_TYPE_BOTH
+ *  0.10: Added wbcPingDc2()
+ *  0.11: Extended wbcAuthenticateUserEx to provide PAC parsing
+ *  0.12: Added wbcCtxCreate and friends
+ *  0.13: Added wbcCtxUnixIdsToSids and wbcUnixIdsToSids
+ *  0.14: Added "authoritative" to wbcAuthErrorInfo
+ *        Added WBC_SID_NAME_LABEL
+ *  0.15: Added wbcSetClientProcessName()
+ **/
+#define WBCLIENT_MAJOR_VERSION 0
+#define WBCLIENT_MINOR_VERSION 15
+#define WBCLIENT_VENDOR_VERSION "Samba libwbclient"
+struct wbcLibraryDetails {
+	uint16_t major_version;
+	uint16_t minor_version;
+	const char *vendor_version;
+};
+
+/**
+ *  @brief Some useful details about the running winbindd
+ *
+ **/
+struct wbcInterfaceDetails {
+	uint32_t interface_version;
+	char *winbind_version;
+	char winbind_separator;
+	char *netbios_name;
+	char *netbios_domain;
+	char *dns_domain;
+};
+
+/**
+ *  @brief Library context data
+ *
+ **/
+
+struct wbcContext;
+
+/*
+ * Data types used by the Winbind Client API
+ */
+
+#ifndef WBC_MAXSUBAUTHS
+#define WBC_MAXSUBAUTHS 15 /* max sub authorities in a SID */
+#endif
+
+/**
+ *  @brief Windows Security Identifier
+ *
+ **/
+
+struct wbcDomainSid {
+	uint8_t   sid_rev_num;
+	uint8_t   num_auths;
+	uint8_t   id_auth[6];
+	uint32_t  sub_auths[WBC_MAXSUBAUTHS];
+};
+
+/**
+ * @brief Security Identifier type
+ **/
+
+enum wbcSidType {
+	WBC_SID_NAME_USE_NONE=0,
+	WBC_SID_NAME_USER=1,
+	WBC_SID_NAME_DOM_GRP=2,
+	WBC_SID_NAME_DOMAIN=3,
+	WBC_SID_NAME_ALIAS=4,
+	WBC_SID_NAME_WKN_GRP=5,
+	WBC_SID_NAME_DELETED=6,
+	WBC_SID_NAME_INVALID=7,
+	WBC_SID_NAME_UNKNOWN=8,
+	WBC_SID_NAME_COMPUTER=9,
+	WBC_SID_NAME_LABEL=10
+};
+
+/**
+ * @brief Security Identifier with attributes
+ **/
+
+struct wbcSidWithAttr {
+	struct wbcDomainSid sid;
+	uint32_t attributes;
+};
+
+/* wbcSidWithAttr->attributes */
+
+#define WBC_SID_ATTR_GROUP_MANDATORY		0x00000001
+#define WBC_SID_ATTR_GROUP_ENABLED_BY_DEFAULT	0x00000002
+#define WBC_SID_ATTR_GROUP_ENABLED 		0x00000004
+#define WBC_SID_ATTR_GROUP_OWNER 		0x00000008
+#define WBC_SID_ATTR_GROUP_USEFOR_DENY_ONLY 	0x00000010
+#define WBC_SID_ATTR_GROUP_RESOURCE 		0x20000000
+#define WBC_SID_ATTR_GROUP_LOGON_ID 		0xC0000000
+
+/**
+ *  @brief Windows GUID
+ *
+ **/
+
+struct wbcGuid {
+	uint32_t time_low;
+	uint16_t time_mid;
+	uint16_t time_hi_and_version;
+	uint8_t clock_seq[2];
+	uint8_t node[6];
+};
+
+/**
+ * @brief Domain Information
+ **/
+
+struct wbcDomainInfo {
+	char *short_name;
+	char *dns_name;
+	struct wbcDomainSid sid;
+	uint32_t domain_flags;
+	uint32_t trust_flags;
+	uint32_t trust_type;
+	char *trust_routing;
+};
+
+/* wbcDomainInfo->domain_flags */
+
+#define WBC_DOMINFO_DOMAIN_UNKNOWN    0x00000000
+#define WBC_DOMINFO_DOMAIN_NATIVE     0x00000001
+#define WBC_DOMINFO_DOMAIN_AD         0x00000002
+#define WBC_DOMINFO_DOMAIN_PRIMARY    0x00000004
+#define WBC_DOMINFO_DOMAIN_OFFLINE    0x00000008
+
+/* wbcDomainInfo->trust_flags */
+
+#define WBC_DOMINFO_TRUST_TRANSITIVE  0x00000001
+#define WBC_DOMINFO_TRUST_INCOMING    0x00000002
+#define WBC_DOMINFO_TRUST_OUTGOING    0x00000004
+
+/* wbcDomainInfo->trust_type */
+
+#define WBC_DOMINFO_TRUSTTYPE_NONE       0x00000000
+#define WBC_DOMINFO_TRUSTTYPE_FOREST     0x00000001
+#define WBC_DOMINFO_TRUSTTYPE_IN_FOREST  0x00000002
+#define WBC_DOMINFO_TRUSTTYPE_EXTERNAL   0x00000003
+#define WBC_DOMINFO_TRUSTTYPE_LOCAL      0x00000004
+#define WBC_DOMINFO_TRUSTTYPE_WKSTA      0x00000005
+#define WBC_DOMINFO_TRUSTTYPE_RWDC       0x00000006
+#define WBC_DOMINFO_TRUSTTYPE_RODC       0x00000007
+#define WBC_DOMINFO_TRUSTTYPE_PDC        0x00000008
+
+
+/**
+ * @brief Generic Blob
+ **/
+
+struct wbcBlob {
+	uint8_t *data;
+	size_t length;
+};
+
+/**
+ * @brief Named Blob
+ **/
+
+struct wbcNamedBlob {
+	const char *name;
+	uint32_t flags;
+	struct wbcBlob blob;
+};
+
+/**
+ * @brief Auth User Parameters
+ **/
+
+struct wbcAuthUserParams {
+	const char *account_name;
+	const char *domain_name;
+	const char *workstation_name;
+
+	uint32_t flags;
+
+	uint32_t parameter_control;
+
+	enum wbcAuthUserLevel {
+		WBC_AUTH_USER_LEVEL_PLAIN = 1,
+		WBC_AUTH_USER_LEVEL_HASH = 2,
+		WBC_AUTH_USER_LEVEL_RESPONSE = 3,
+		WBC_AUTH_USER_LEVEL_PAC = 4
+	} level;
+	union {
+		const char *plaintext;
+		struct {
+			uint8_t nt_hash[16];
+			uint8_t lm_hash[16];
+		} hash;
+		struct {
+			uint8_t challenge[8];
+			uint32_t nt_length;
+			uint8_t *nt_data;
+			uint32_t lm_length;
+			uint8_t *lm_data;
+		} response;
+		struct wbcBlob pac;
+	} password;
+};
+
+/**
+ * @brief Logon User Parameters
+ **/
+
+struct wbcLogonUserParams {
+	const char *username;
+	const char *password;
+	size_t num_blobs;
+	struct wbcNamedBlob *blobs;
+};
+
+/**
+ * @brief ChangePassword Parameters
+ **/
+
+struct wbcChangePasswordParams {
+	const char *account_name;
+	const char *domain_name;
+
+	uint32_t flags;
+
+	enum wbcChangePasswordLevel {
+		WBC_CHANGE_PASSWORD_LEVEL_PLAIN = 1,
+		WBC_CHANGE_PASSWORD_LEVEL_RESPONSE = 2
+	} level;
+
+	union {
+		const char *plaintext;
+		struct {
+			uint32_t old_nt_hash_enc_length;
+			uint8_t *old_nt_hash_enc_data;
+			uint32_t old_lm_hash_enc_length;
+			uint8_t *old_lm_hash_enc_data;
+		} response;
+	} old_password;
+	union {
+		const char *plaintext;
+		struct {
+			uint32_t nt_length;
+			uint8_t *nt_data;
+			uint32_t lm_length;
+			uint8_t *lm_data;
+		} response;
+	} new_password;
+};
+
+/* wbcAuthUserParams->parameter_control */
+
+#define WBC_MSV1_0_CLEARTEXT_PASSWORD_ALLOWED		0x00000002
+#define WBC_MSV1_0_UPDATE_LOGON_STATISTICS		0x00000004
+#define WBC_MSV1_0_RETURN_USER_PARAMETERS		0x00000008
+#define WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT		0x00000020
+#define WBC_MSV1_0_RETURN_PROFILE_PATH			0x00000200
+#define WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT	0x00000800
+#define WBC_MSV1_0_ALLOW_MSVCHAPV2			0x00010000
+
+/* wbcAuthUserParams->flags */
+
+#define WBC_AUTH_PARAM_FLAGS_INTERACTIVE_LOGON		0x00000001
+
+/**
+ * @brief Auth User Information
+ *
+ * Some of the strings are maybe NULL
+ **/
+
+struct wbcAuthUserInfo {
+	uint32_t user_flags;
+
+	char *account_name;
+	char *user_principal;
+	char *full_name;
+	char *domain_name;
+	char *dns_domain_name;
+
+	uint32_t acct_flags;
+	uint8_t user_session_key[16];
+	uint8_t lm_session_key[8];
+
+	uint16_t logon_count;
+	uint16_t bad_password_count;
+
+	uint64_t logon_time;
+	uint64_t logoff_time;
+	uint64_t kickoff_time;
+	uint64_t pass_last_set_time;
+	uint64_t pass_can_change_time;
+	uint64_t pass_must_change_time;
+
+	char *logon_server;
+	char *logon_script;
+	char *profile_path;
+	char *home_directory;
+	char *home_drive;
+
+	/*
+	 * the 1st one is the account sid
+	 * the 2nd one is the primary_group sid
+	 * followed by the rest of the groups
+	 */
+	uint32_t num_sids;
+	struct wbcSidWithAttr *sids;
+};
+
+/**
+ * @brief Logon User Information
+ *
+ * Some of the strings are maybe NULL
+ **/
+
+struct wbcLogonUserInfo {
+	struct wbcAuthUserInfo *info;
+	size_t num_blobs;
+	struct wbcNamedBlob *blobs;
+};
+
+/* wbcAuthUserInfo->user_flags */
+
+#define WBC_AUTH_USER_INFO_GUEST			0x00000001
+#define WBC_AUTH_USER_INFO_NOENCRYPTION			0x00000002
+#define WBC_AUTH_USER_INFO_CACHED_ACCOUNT		0x00000004
+#define WBC_AUTH_USER_INFO_USED_LM_PASSWORD		0x00000008
+#define WBC_AUTH_USER_INFO_EXTRA_SIDS			0x00000020
+#define WBC_AUTH_USER_INFO_SUBAUTH_SESSION_KEY		0x00000040
+#define WBC_AUTH_USER_INFO_SERVER_TRUST_ACCOUNT		0x00000080
+#define WBC_AUTH_USER_INFO_NTLMV2_ENABLED		0x00000100
+#define WBC_AUTH_USER_INFO_RESOURCE_GROUPS		0x00000200
+#define WBC_AUTH_USER_INFO_PROFILE_PATH_RETURNED	0x00000400
+#define WBC_AUTH_USER_INFO_GRACE_LOGON			0x01000000
+
+/* wbcAuthUserInfo->acct_flags */
+
+#define WBC_ACB_DISABLED			0x00000001 /* 1 User account disabled */
+#define WBC_ACB_HOMDIRREQ			0x00000002 /* 1 Home directory required */
+#define WBC_ACB_PWNOTREQ			0x00000004 /* 1 User password not required */
+#define WBC_ACB_TEMPDUP				0x00000008 /* 1 Temporary duplicate account */
+#define WBC_ACB_NORMAL				0x00000010 /* 1 Normal user account */
+#define WBC_ACB_MNS				0x00000020 /* 1 MNS logon user account */
+#define WBC_ACB_DOMTRUST			0x00000040 /* 1 Interdomain trust account */
+#define WBC_ACB_WSTRUST				0x00000080 /* 1 Workstation trust account */
+#define WBC_ACB_SVRTRUST			0x00000100 /* 1 Server trust account */
+#define WBC_ACB_PWNOEXP				0x00000200 /* 1 User password does not expire */
+#define WBC_ACB_AUTOLOCK			0x00000400 /* 1 Account auto locked */
+#define WBC_ACB_ENC_TXT_PWD_ALLOWED		0x00000800 /* 1 Encryped text password is allowed */
+#define WBC_ACB_SMARTCARD_REQUIRED		0x00001000 /* 1 Smart Card required */
+#define WBC_ACB_TRUSTED_FOR_DELEGATION		0x00002000 /* 1 Trusted for Delegation */
+#define WBC_ACB_NOT_DELEGATED			0x00004000 /* 1 Not delegated */
+#define WBC_ACB_USE_DES_KEY_ONLY		0x00008000 /* 1 Use DES key only */
+#define WBC_ACB_DONT_REQUIRE_PREAUTH		0x00010000 /* 1 Preauth not required */
+#define WBC_ACB_PW_EXPIRED			0x00020000 /* 1 Password Expired */
+#define WBC_ACB_NO_AUTH_DATA_REQD		0x00080000   /* 1 = No authorization data required */
+
+struct wbcAuthErrorInfo {
+	uint32_t nt_status;
+	char *nt_string;
+	int32_t pam_error;
+	char *display_string;
+	uint8_t authoritative;
+};
+
+/**
+ * @brief User Password Policy Information
+ **/
+
+/* wbcUserPasswordPolicyInfo->password_properties */
+
+#define WBC_DOMAIN_PASSWORD_COMPLEX		0x00000001
+#define WBC_DOMAIN_PASSWORD_NO_ANON_CHANGE	0x00000002
+#define WBC_DOMAIN_PASSWORD_NO_CLEAR_CHANGE	0x00000004
+#define WBC_DOMAIN_PASSWORD_LOCKOUT_ADMINS	0x00000008
+#define WBC_DOMAIN_PASSWORD_STORE_CLEARTEXT	0x00000010
+#define WBC_DOMAIN_REFUSE_PASSWORD_CHANGE	0x00000020
+
+struct wbcUserPasswordPolicyInfo {
+	uint32_t min_length_password;
+	uint32_t password_history;
+	uint32_t password_properties;
+	uint64_t expire;
+	uint64_t min_passwordage;
+};
+
+/**
+ * @brief Change Password Reject Reason
+ **/
+
+enum wbcPasswordChangeRejectReason {
+	WBC_PWD_CHANGE_NO_ERROR=0,
+	WBC_PWD_CHANGE_PASSWORD_TOO_SHORT=1,
+	WBC_PWD_CHANGE_PWD_IN_HISTORY=2,
+	WBC_PWD_CHANGE_USERNAME_IN_PASSWORD=3,
+	WBC_PWD_CHANGE_FULLNAME_IN_PASSWORD=4,
+	WBC_PWD_CHANGE_NOT_COMPLEX=5,
+	WBC_PWD_CHANGE_MACHINE_NOT_DEFAULT=6,
+	WBC_PWD_CHANGE_FAILED_BY_FILTER=7,
+	WBC_PWD_CHANGE_PASSWORD_TOO_LONG=8
+};
+
+/* Note: this defines exist for compatibility reasons with existing code */
+#define WBC_PWD_CHANGE_REJECT_OTHER      WBC_PWD_CHANGE_NO_ERROR
+#define WBC_PWD_CHANGE_REJECT_TOO_SHORT  WBC_PWD_CHANGE_PASSWORD_TOO_SHORT
+#define WBC_PWD_CHANGE_REJECT_IN_HISTORY WBC_PWD_CHANGE_PWD_IN_HISTORY
+#define WBC_PWD_CHANGE_REJECT_COMPLEXITY WBC_PWD_CHANGE_NOT_COMPLEX
+
+/**
+ * @brief Logoff User Parameters
+ **/
+
+struct wbcLogoffUserParams {
+	const char *username;
+	size_t num_blobs;
+	struct wbcNamedBlob *blobs;
+};
+
+/** @brief Credential cache log-on parameters
+ *
+ */
+
+struct wbcCredentialCacheParams {
+        const char *account_name;
+        const char *domain_name;
+        enum wbcCredentialCacheLevel {
+                WBC_CREDENTIAL_CACHE_LEVEL_NTLMSSP = 1
+        } level;
+        size_t num_blobs;
+        struct wbcNamedBlob *blobs;
+};
+
+
+/** @brief Info returned by credential cache auth
+ *
+ */
+
+struct wbcCredentialCacheInfo {
+        size_t num_blobs;
+        struct wbcNamedBlob *blobs;
+};
+
+/*
+ * DomainControllerInfo struct
+ */
+struct wbcDomainControllerInfo {
+	char *dc_name;
+};
+
+/*
+ * DomainControllerInfoEx struct
+ */
+struct wbcDomainControllerInfoEx {
+	const char *dc_unc;
+	const char *dc_address;
+	uint16_t dc_address_type;
+	struct wbcGuid *domain_guid;
+	const char *domain_name;
+	const char *forest_name;
+	uint32_t dc_flags;
+	const char *dc_site_name;
+	const char *client_site_name;
+};
+
+/**********************************************************
+ * Memory Management
+ **********************************************************/
+
+/**
+ * @brief Free library allocated memory
+ *
+ * @param * Pointer to free
+ *
+ * @return void
+ **/
+void wbcFreeMemory(void*);
+
+
+/**********************************************************
+ * Context Management
+ **********************************************************/
+
+/**
+ * @brief Create a new wbcContext context
+ *
+ * @return wbcContext
+ **/
+struct wbcContext *wbcCtxCreate(void);
+
+/**
+ * @brief Free a library context
+ *
+ * @param ctx           wbcContext to free
+ *
+ * @return void
+ **/
+void wbcCtxFree(struct wbcContext *ctx);
+
+
+
+/*
+ * Utility functions for dealing with SIDs
+ */
+
+/**
+ * @brief Get a string representation of the SID type
+ *
+ * @param type		type of the SID
+ *
+ * @return string representation of the SID type
+ */
+const char* wbcSidTypeString(enum wbcSidType type);
+
+#define WBC_SID_STRING_BUFLEN (15*11+25)
+
+/*
+ * @brief Print a sid into a buffer
+ *
+ * @param sid		Binary Security Identifier
+ * @param buf		Target buffer
+ * @param buflen	Target buffer length
+ *
+ * @return Resulting string length.
+ */
+int wbcSidToStringBuf(const struct wbcDomainSid *sid, char *buf, int buflen);
+
+/**
+ * @brief Convert a binary SID to a character string
+ *
+ * @param sid           Binary Security Identifier
+ * @param **sid_string  Resulting character string
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcSidToString(const struct wbcDomainSid *sid,
+		      char **sid_string);
+
+/**
+ * @brief Convert a character string to a binary SID
+ *
+ * @param *sid_string   Character string in the form of S-...
+ * @param sid           Resulting binary SID
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcStringToSid(const char *sid_string,
+		      struct wbcDomainSid *sid);
+
+/*
+ * Utility functions for dealing with GUIDs
+ */
+
+/**
+ * @brief Convert a binary GUID to a character string
+ *
+ * @param guid           Binary Guid
+ * @param **guid_string  Resulting character string
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcGuidToString(const struct wbcGuid *guid,
+		       char **guid_string);
+
+/**
+ * @brief Convert a character string to a binary GUID
+ *
+ * @param *guid_string  Character string
+ * @param guid          Resulting binary GUID
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcStringToGuid(const char *guid_string,
+		       struct wbcGuid *guid);
+
+/**
+ * @brief Ping winbindd to see if the daemon is running
+ *
+ * @param *ctx        wbclient Context
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxPing(struct wbcContext *ctx);
+
+/**
+ * @brief Ping winbindd to see if the daemon is running
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcPing(void);
+
+wbcErr wbcLibraryDetails(struct wbcLibraryDetails **details);
+
+wbcErr wbcCtxInterfaceDetails(struct wbcContext *ctx,
+			      struct wbcInterfaceDetails **details);
+wbcErr wbcInterfaceDetails(struct wbcInterfaceDetails **details);
+
+/**********************************************************
+ * Name/SID conversion
+ **********************************************************/
+
+/**
+ * @brief Convert a domain and name to SID
+ *
+ * @param *ctx        wbclient Context
+ * @param dom_name    Domain name (possibly "")
+ * @param name        User or group name
+ * @param *sid        Pointer to the resolved domain SID
+ * @param *name_type  Pointer to the SID type
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxLookupName(struct wbcContext *ctx,
+			const char *dom_name,
+			const char *name,
+			struct wbcDomainSid *sid,
+			enum wbcSidType *name_type);
+
+/**
+ * @brief Convert a domain and name to SID
+ *
+ * @param dom_name    Domain name (possibly "")
+ * @param name        User or group name
+ * @param *sid        Pointer to the resolved domain SID
+ * @param *name_type  Pointer to the SID type
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcLookupName(const char *dom_name,
+		     const char *name,
+		     struct wbcDomainSid *sid,
+		     enum wbcSidType *name_type);
+
+/**
+ * @brief Convert a SID to a domain and name
+ *
+ * @param *ctx       wbclient Context
+ * @param *sid       Pointer to the domain SID to be resolved
+ * @param domain     Resolved Domain name (possibly "")
+ * @param name       Resolved User or group name
+ * @param *name_type Pointer to the resolved SID type
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxLookupSid(struct wbcContext *ctx,
+		       const struct wbcDomainSid *sid,
+		       char **domain,
+		       char **name,
+		       enum wbcSidType *name_type);
+
+/**
+ * @brief Convert a SID to a domain and name
+ *
+ * @param *sid       Pointer to the domain SID to be resolved
+ * @param domain     Resolved Domain name (possibly "")
+ * @param name       Resolved User or group name
+ * @param *name_type Pointer to the resolved SID type
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcLookupSid(const struct wbcDomainSid *sid,
+		    char **domain,
+		    char **name,
+		    enum wbcSidType *name_type);
+
+struct wbcTranslatedName {
+	enum wbcSidType type;
+	char *name;
+	int domain_index;
+};
+
+wbcErr wbcCtxLookupSids(struct wbcContext *ctx,
+			const struct wbcDomainSid *sids, int num_sids,
+			struct wbcDomainInfo **domains, int *num_domains,
+			struct wbcTranslatedName **names);
+
+wbcErr wbcLookupSids(const struct wbcDomainSid *sids, int num_sids,
+		     struct wbcDomainInfo **domains, int *num_domains,
+		     struct wbcTranslatedName **names);
+
+/**
+ * @brief Translate a collection of RIDs within a domain to names
+ */
+wbcErr wbcCtxLookupRids(struct wbcContext *ctx,
+			struct wbcDomainSid *dom_sid,
+			int num_rids,
+			uint32_t *rids,
+			const char **domain_name,
+			const char ***names,
+			enum wbcSidType **types);
+
+/**
+ * @brief Translate a collection of RIDs within a domain to names
+ */
+wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
+		     int num_rids,
+		     uint32_t *rids,
+		     const char **domain_name,
+		     const char ***names,
+		     enum wbcSidType **types);
+
+/*
+ * @brief Get the groups a user belongs to
+ **/
+wbcErr wbcCtxLookupUserSids(struct wbcContext *ctx,
+			    const struct wbcDomainSid *user_sid,
+			    bool domain_groups_only,
+			    uint32_t *num_sids,
+			    struct wbcDomainSid **sids);
+
+/*
+ * @brief Get the groups a user belongs to
+ **/
+wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid,
+			 bool domain_groups_only,
+			 uint32_t *num_sids,
+			 struct wbcDomainSid **sids);
+
+/*
+ * @brief Get alias membership for sids
+ **/
+wbcErr wbcCtxGetSidAliases(struct wbcContext *ctx,
+			   const struct wbcDomainSid *dom_sid,
+			   struct wbcDomainSid *sids,
+			   uint32_t num_sids,
+			   uint32_t **alias_rids,
+			   uint32_t *num_alias_rids);
+
+/*
+ * @brief Get alias membership for sids
+ **/
+wbcErr wbcGetSidAliases(const struct wbcDomainSid *dom_sid,
+			struct wbcDomainSid *sids,
+			uint32_t num_sids,
+			uint32_t **alias_rids,
+			uint32_t *num_alias_rids);
+
+/**
+ * @brief Lists Users
+ **/
+wbcErr wbcCtxListUsers(struct wbcContext *ctx,
+		       const char *domain_name,
+		       uint32_t *num_users,
+		       const char ***users);
+
+/**
+ * @brief Lists Users
+ **/
+wbcErr wbcListUsers(const char *domain_name,
+		    uint32_t *num_users,
+		    const char ***users);
+
+/**
+ * @brief Lists Groups
+ **/
+wbcErr wbcCtxListGroups(struct wbcContext *ctx,
+			const char *domain_name,
+			uint32_t *num_groups,
+			const char ***groups);
+
+/**
+ * @brief Lists Groups
+ **/
+wbcErr wbcListGroups(const char *domain_name,
+		     uint32_t *num_groups,
+		     const char ***groups);
+
+wbcErr wbcCtxGetDisplayName(struct wbcContext *ctx,
+			    const struct wbcDomainSid *sid,
+			    char **pdomain,
+			    char **pfullname,
+			    enum wbcSidType *pname_type);
+
+wbcErr wbcGetDisplayName(const struct wbcDomainSid *sid,
+			 char **pdomain,
+			 char **pfullname,
+			 enum wbcSidType *pname_type);
+
+/**********************************************************
+ * SID/uid/gid Mappings
+ **********************************************************/
+
+/**
+ * @brief Convert a Windows SID to a Unix uid, allocating an uid if needed
+ *
+ * @param *ctx        wbclient Context
+ * @param *sid        Pointer to the domain SID to be resolved
+ * @param *puid       Pointer to the resolved uid_t value
+ *
+ * @return #wbcErr
+ *
+ **/
+wbcErr wbcCtxSidToUid(struct wbcContext *ctx,
+		      const struct wbcDomainSid *sid,
+		      uid_t *puid);
+
+/**
+ * @brief Convert a Windows SID to a Unix uid, allocating an uid if needed
+ *
+ * @param *sid        Pointer to the domain SID to be resolved
+ * @param *puid       Pointer to the resolved uid_t value
+ *
+ * @return #wbcErr
+ *
+ **/
+wbcErr wbcSidToUid(const struct wbcDomainSid *sid,
+		   uid_t *puid);
+
+/**
+ * @brief Convert a Windows SID to a Unix uid if there already is a mapping
+ *
+ * @param *sid        Pointer to the domain SID to be resolved
+ * @param *puid       Pointer to the resolved uid_t value
+ *
+ * @return #wbcErr
+ *
+ **/
+wbcErr wbcQuerySidToUid(const struct wbcDomainSid *sid,
+			uid_t *puid);
+
+/**
+ * @brief Convert a Unix uid to a Windows SID, allocating a SID if needed
+ *
+ * @param *ctx        wbclient Context
+ * @param uid         Unix uid to be resolved
+ * @param *sid        Pointer to the resolved domain SID
+ *
+ * @return #wbcErr
+ *
+ **/
+wbcErr wbcCtxUidToSid(struct wbcContext *ctx, uid_t uid,
+		      struct wbcDomainSid *sid);
+
+/**
+ * @brief Convert a Unix uid to a Windows SID, allocating a SID if needed
+ *
+ * @param uid         Unix uid to be resolved
+ * @param *sid        Pointer to the resolved domain SID
+ *
+ * @return #wbcErr
+ *
+ **/
+wbcErr wbcUidToSid(uid_t uid,
+		   struct wbcDomainSid *sid);
+
+/**
+ * @brief Convert a Unix uid to a Windows SID if there already is a mapping
+ *
+ * @param uid         Unix uid to be resolved
+ * @param *sid        Pointer to the resolved domain SID
+ *
+ * @return #wbcErr
+ *
+ **/
+wbcErr wbcQueryUidToSid(uid_t uid,
+			struct wbcDomainSid *sid);
+
+/**
+ * @brief Convert a Windows SID to a Unix gid, allocating a gid if needed
+ *
+ * @param *ctx        wbclient Context
+ * @param *sid        Pointer to the domain SID to be resolved
+ * @param *pgid       Pointer to the resolved gid_t value
+ *
+ * @return #wbcErr
+ *
+ **/
+wbcErr wbcCtxSidToGid(struct wbcContext *ctx,
+		      const struct wbcDomainSid *sid,
+		      gid_t *pgid);
+
+/**
+ * @brief Convert a Windows SID to a Unix gid, allocating a gid if needed
+ *
+ * @param *sid        Pointer to the domain SID to be resolved
+ * @param *pgid       Pointer to the resolved gid_t value
+ *
+ * @return #wbcErr
+ *
+ **/
+wbcErr wbcSidToGid(const struct wbcDomainSid *sid,
+		   gid_t *pgid);
+
+/**
+ * @brief Convert a Windows SID to a Unix gid if there already is a mapping
+ *
+ * @param *sid        Pointer to the domain SID to be resolved
+ * @param *pgid       Pointer to the resolved gid_t value
+ *
+ * @return #wbcErr
+ *
+ **/
+wbcErr wbcQuerySidToGid(const struct wbcDomainSid *sid,
+			gid_t *pgid);
+
+/**
+ * @brief Convert a Unix gid to a Windows SID, allocating a SID if needed
+ *
+ * @param *ctx        wbclient Context
+ * @param gid         Unix gid to be resolved
+ * @param *sid        Pointer to the resolved domain SID
+ *
+ * @return #wbcErr
+ *
+ **/
+wbcErr wbcCtxGidToSid(struct wbcContext *ctx, gid_t gid,
+		   struct wbcDomainSid *sid);
+
+/**
+ * @brief Convert a Unix gid to a Windows SID, allocating a SID if needed
+ *
+ * @param gid         Unix gid to be resolved
+ * @param *sid        Pointer to the resolved domain SID
+ *
+ * @return #wbcErr
+ *
+ **/
+wbcErr wbcGidToSid(gid_t gid,
+		   struct wbcDomainSid *sid);
+
+/**
+ * @brief Convert a Unix gid to a Windows SID if there already is a mapping
+ *
+ * @param gid         Unix gid to be resolved
+ * @param *sid        Pointer to the resolved domain SID
+ *
+ * @return #wbcErr
+ *
+ **/
+wbcErr wbcQueryGidToSid(gid_t gid,
+			struct wbcDomainSid *sid);
+
+enum wbcIdType {
+	WBC_ID_TYPE_NOT_SPECIFIED,
+	WBC_ID_TYPE_UID,
+	WBC_ID_TYPE_GID,
+	WBC_ID_TYPE_BOTH
+};
+
+union wbcUnixIdContainer {
+	uid_t uid;
+	gid_t gid;
+};
+
+struct wbcUnixId {
+	enum wbcIdType type;
+	union wbcUnixIdContainer id;
+};
+
+/**
+ * @brief Convert a list of sids to unix ids
+ *
+ * @param *ctx        wbclient Context
+ * @param sids        Pointer to an array of SIDs to convert
+ * @param num_sids    Number of SIDs
+ * @param ids         Preallocated output array for translated IDs
+ *
+ * @return #wbcErr
+ *
+ **/
+wbcErr wbcCtxSidsToUnixIds(struct wbcContext *ctx,
+			   const struct wbcDomainSid *sids, uint32_t num_sids,
+			   struct wbcUnixId *ids);
+
+/**
+ * @brief Convert a list of sids to unix ids
+ *
+ * @param sids        Pointer to an array of SIDs to convert
+ * @param num_sids    Number of SIDs
+ * @param ids         Preallocated output array for translated IDs
+ *
+ * @return #wbcErr
+ *
+ **/
+wbcErr wbcSidsToUnixIds(const struct wbcDomainSid *sids, uint32_t num_sids,
+			struct wbcUnixId *ids);
+
+wbcErr wbcCtxUnixIdsToSids(struct wbcContext *ctx,
+			   const struct wbcUnixId *ids, uint32_t num_ids,
+			   struct wbcDomainSid *sids);
+wbcErr wbcUnixIdsToSids(const struct wbcUnixId *ids, uint32_t num_ids,
+			struct wbcDomainSid *sids);
+
+/**
+ * @brief Obtain a new uid from Winbind
+ *
+ * @param *ctx        wbclient Context
+ * @param *puid       Pointer to the allocated uid
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxAllocateUid(struct wbcContext *ctx, uid_t *puid);
+
+/**
+ * @brief Obtain a new uid from Winbind
+ *
+ * @param *puid       Pointer to the allocated uid
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcAllocateUid(uid_t *puid);
+
+/**
+ * @brief Obtain a new gid from Winbind
+ *
+ * @param *ctx        wbclient Context
+ * @param *pgid       Pointer to the allocated gid
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxAllocateGid(struct wbcContext *ctx, gid_t *pgid);
+
+/**
+ * @brief Obtain a new gid from Winbind
+ *
+ * @param *pgid       Pointer to the allocated gid
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcAllocateGid(gid_t *pgid);
+
+/**
+ * @brief Set an user id mapping
+ *
+ * @param uid       Uid of the desired mapping.
+ * @param *sid      Pointer to the sid of the desired mapping.
+ *
+ * @return #wbcErr
+ *
+ * @deprecated      This method is not impemented any more and should
+ *                  be removed in the next major version change.
+ **/
+wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid);
+
+/**
+ * @brief Set a group id mapping
+ *
+ * @param gid       Gid of the desired mapping.
+ * @param *sid      Pointer to the sid of the desired mapping.
+ *
+ * @return #wbcErr
+ *
+ * @deprecated      This method is not impemented any more and should
+ *                  be removed in the next major version change.
+ **/
+wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid);
+
+/**
+ * @brief Remove a user id mapping
+ *
+ * @param uid       Uid of the mapping to remove.
+ * @param *sid      Pointer to the sid of the mapping to remove.
+ *
+ * @return #wbcErr
+ *
+ * @deprecated      This method is not impemented any more and should
+ *                  be removed in the next major version change.
+ **/
+wbcErr wbcRemoveUidMapping(uid_t uid, const struct wbcDomainSid *sid);
+
+/**
+ * @brief Remove a group id mapping
+ *
+ * @param gid       Gid of the mapping to remove.
+ * @param *sid      Pointer to the sid of the mapping to remove.
+ *
+ * @return #wbcErr
+ *
+ * @deprecated      This method is not impemented any more and should
+ *                  be removed in the next major version change.
+ **/
+wbcErr wbcRemoveGidMapping(gid_t gid, const struct wbcDomainSid *sid);
+
+/**
+ * @brief Set the highwater mark for allocated uids.
+ *
+ * @param uid_hwm      The new uid highwater mark value
+ *
+ * @return #wbcErr
+ *
+ * @deprecated      This method is not impemented any more and should
+ *                  be removed in the next major version change.
+ **/
+wbcErr wbcSetUidHwm(uid_t uid_hwm);
+
+/**
+ * @brief Set the highwater mark for allocated gids.
+ *
+ * @param gid_hwm      The new gid highwater mark value
+ *
+ * @return #wbcErr
+ *
+ * @deprecated      This method is not impemented any more and should
+ *                  be removed in the next major version change.
+ **/
+wbcErr wbcSetGidHwm(gid_t gid_hwm);
+
+/**********************************************************
+ * NSS Lookup User/Group details
+ **********************************************************/
+
+/**
+ * @brief Fill in a struct passwd* for a domain user based
+ *   on username
+ *
+ * @param *ctx      wbclient Context
+ * @param *name     Username to lookup
+ * @param **pwd     Pointer to resulting struct passwd* from the query.
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxGetpwnam(struct wbcContext *ctx,
+		      const char *name, struct passwd **pwd);
+
+/**
+ * @brief Fill in a struct passwd* for a domain user based
+ *   on username
+ *
+ * @param *name     Username to lookup
+ * @param **pwd     Pointer to resulting struct passwd* from the query.
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcGetpwnam(const char *name, struct passwd **pwd);
+
+/**
+ * @brief Fill in a struct passwd* for a domain user based
+ *   on uid
+ *
+ * @param *ctx      wbclient Context
+ * @param uid       Uid to lookup
+ * @param **pwd     Pointer to resulting struct passwd* from the query.
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxGetpwuid(struct wbcContext *ctx,
+		      uid_t uid, struct passwd **pwd);
+
+/**
+ * @brief Fill in a struct passwd* for a domain user based
+ *   on uid
+ *
+ * @param uid       Uid to lookup
+ * @param **pwd     Pointer to resulting struct passwd* from the query.
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd);
+
+/**
+ * @brief Fill in a struct passwd* for a domain user based
+ *   on sid
+ *
+ * @param *ctx         wbclient Context
+ * @param sid       Sid to lookup
+ * @param **pwd     Pointer to resulting struct passwd* from the query.
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxGetpwsid(struct wbcContext *ctx,
+		      struct wbcDomainSid * sid, struct passwd **pwd);
+
+/**
+ * @brief Fill in a struct passwd* for a domain user based
+ *   on sid
+ *
+ * @param sid       Sid to lookup
+ * @param **pwd     Pointer to resulting struct passwd* from the query.
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcGetpwsid(struct wbcDomainSid * sid, struct passwd **pwd);
+
+/**
+ * @brief Fill in a struct passwd* for a domain user based
+ *   on username
+ *
+ * @param *ctx      wbclient Context
+ * @param *name     Username to lookup
+ * @param **grp     Pointer to resulting struct group* from the query.
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxGetgrnam(struct wbcContext *ctx,
+		      const char *name, struct group **grp);
+
+/**
+ * @brief Fill in a struct passwd* for a domain user based
+ *   on username
+ *
+ * @param *name     Username to lookup
+ * @param **grp     Pointer to resulting struct group* from the query.
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcGetgrnam(const char *name, struct group **grp);
+
+/**
+ * @brief Fill in a struct passwd* for a domain user based
+ *   on uid
+ *
+ * @param *ctx      wbclient Context
+ * @param gid       Uid to lookup
+ * @param **grp     Pointer to resulting struct group* from the query.
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxGetgrgid(struct wbcContext *ctx,
+		      gid_t gid, struct group **grp);
+
+/**
+ * @brief Fill in a struct passwd* for a domain user based
+ *   on uid
+ *
+ * @param gid       Uid to lookup
+ * @param **grp     Pointer to resulting struct group* from the query.
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcGetgrgid(gid_t gid, struct group **grp);
+
+/**
+ * @brief Reset the passwd iterator
+ *
+ * @param *ctx      wbclient Context
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxSetpwent(struct wbcContext *ctx);
+
+/**
+ * @brief Reset the passwd iterator
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcSetpwent(void);
+
+/**
+ * @brief Close the passwd iterator
+ *
+ * @param *ctx      wbclient Context
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxEndpwent(struct wbcContext *ctx);
+
+/**
+ * @brief Close the passwd iterator
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcEndpwent(void);
+
+/**
+ * @brief Return the next struct passwd* entry from the pwent iterator
+ *
+ * @param *ctx      wbclient Context
+ * @param **pwd     Pointer to resulting struct passwd* from the query.
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxGetpwent(struct wbcContext *ctx, struct passwd **pwd);
+
+/**
+ * @brief Return the next struct passwd* entry from the pwent iterator
+ *
+ * @param **pwd     Pointer to resulting struct passwd* from the query.
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcGetpwent(struct passwd **pwd);
+
+/**
+ * @brief Reset the group iterator
+ *
+ * @param *ctx      wbclient Context
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxSetgrent(struct wbcContext *ctx);
+
+/**
+ * @brief Reset the group iterator
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcSetgrent(void);
+
+/**
+ * @brief Close the group iterator
+ *
+ * @param *ctx      wbclient Context
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxEndgrent(struct wbcContext *ctx);
+
+/**
+ * @brief Close the group iterator
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcEndgrent(void);
+
+/**
+ * @brief Return the next struct group* entry from the pwent iterator
+ *
+ * @param *ctx      wbclient Context
+ * @param **grp     Pointer to resulting struct group* from the query.
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxGetgrent(struct wbcContext *ctx, struct group **grp);
+
+/**
+ * @brief Return the next struct group* entry from the pwent iterator
+ *
+ * @param **grp     Pointer to resulting struct group* from the query.
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcGetgrent(struct group **grp);
+
+/**
+ * @brief Return the next struct group* entry from the pwent iterator
+ *
+ * This is similar to #wbcGetgrent, just that the member list is empty
+ *
+ * @param *ctx      wbclient Context
+ * @param **grp     Pointer to resulting struct group* from the query.
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxGetgrlist(struct wbcContext *ctx, struct group **grp);
+
+/**
+ * @brief Return the next struct group* entry from the pwent iterator
+ *
+ * This is similar to #wbcGetgrent, just that the member list is empty
+ *
+ * @param **grp     Pointer to resulting struct group* from the query.
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcGetgrlist(struct group **grp);
+
+/**
+ * @brief Return the unix group array belonging to the given user
+ *
+ * @param *ctx           wbclient Context
+ * @param *account       The given user name
+ * @param *num_groups    Number of elements returned in the groups array
+ * @param **_groups      Pointer to resulting gid_t array.
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxGetGroups(struct wbcContext *ctx,
+		       const char *account,
+		       uint32_t *num_groups,
+		       gid_t **_groups);
+
+/**
+ * @brief Return the unix group array belonging to the given user
+ *
+ * @param *account       The given user name
+ * @param *num_groups    Number of elements returned in the groups array
+ * @param **_groups      Pointer to resulting gid_t array.
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcGetGroups(const char *account,
+		    uint32_t *num_groups,
+		    gid_t **_groups);
+
+
+/**********************************************************
+ * Lookup Domain information
+ **********************************************************/
+
+/**
+ * @brief Lookup the current status of a trusted domain
+ *
+ * @param *ctx           wbclient Context
+ * @param domain         The domain to query
+ *
+ * @param dinfo          A pointer to store the returned domain_info struct.
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxDomainInfo(struct wbcContext *ctx,
+			const char *domain,
+			struct wbcDomainInfo **dinfo);
+
+/**
+ * @brief Lookup the current status of a trusted domain
+ *
+ * @param domain         The domain to query
+ *
+ * @param dinfo          A pointer to store the returned domain_info struct.
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcDomainInfo(const char *domain,
+		     struct wbcDomainInfo **dinfo);
+
+/**
+ * @brief Lookup the currently contacted DCs
+ *
+ * @param *ctx          wbclient Context
+ * @param domain        The domain to query
+ *
+ * @param num_dcs       Number of DCs currently known
+ * @param dc_names      Names of the currently known DCs
+ * @param dc_ips        IP addresses of the currently known DCs
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxDcInfo(struct wbcContext *ctx,
+		    const char *domain, size_t *num_dcs,
+		    const char ***dc_names, const char ***dc_ips);
+
+/**
+ * @brief Lookup the currently contacted DCs
+ *
+ * @param domain        The domain to query
+ *
+ * @param num_dcs       Number of DCs currently known
+ * @param dc_names      Names of the currently known DCs
+ * @param dc_ips        IP addresses of the currently known DCs
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcDcInfo(const char *domain, size_t *num_dcs,
+		 const char ***dc_names, const char ***dc_ips);
+
+/**
+ * @brief Enumerate the domain trusts known by Winbind
+ *
+ * @param *ctx          wbclient Context
+ * @param **domains     Pointer to the allocated domain list array
+ * @param *num_domains  Pointer to number of domains returned
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxListTrusts(struct wbcContext *ctx,
+			struct wbcDomainInfo **domains,
+			size_t *num_domains);
+
+/**
+ * @brief Enumerate the domain trusts known by Winbind
+ *
+ * @param **domains     Pointer to the allocated domain list array
+ * @param *num_domains  Pointer to number of domains returned
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcListTrusts(struct wbcDomainInfo **domains,
+		     size_t *num_domains);
+
+/* Flags for wbcLookupDomainController */
+
+#define WBC_LOOKUP_DC_FORCE_REDISCOVERY        0x00000001
+#define WBC_LOOKUP_DC_DS_REQUIRED              0x00000010
+#define WBC_LOOKUP_DC_DS_PREFERRED             0x00000020
+#define WBC_LOOKUP_DC_GC_SERVER_REQUIRED       0x00000040
+#define WBC_LOOKUP_DC_PDC_REQUIRED             0x00000080
+#define WBC_LOOKUP_DC_BACKGROUND_ONLY          0x00000100
+#define WBC_LOOKUP_DC_IP_REQUIRED              0x00000200
+#define WBC_LOOKUP_DC_KDC_REQUIRED             0x00000400
+#define WBC_LOOKUP_DC_TIMESERV_REQUIRED        0x00000800
+#define WBC_LOOKUP_DC_WRITABLE_REQUIRED        0x00001000
+#define WBC_LOOKUP_DC_GOOD_TIMESERV_PREFERRED  0x00002000
+#define WBC_LOOKUP_DC_AVOID_SELF               0x00004000
+#define WBC_LOOKUP_DC_ONLY_LDAP_NEEDED         0x00008000
+#define WBC_LOOKUP_DC_IS_FLAT_NAME             0x00010000
+#define WBC_LOOKUP_DC_IS_DNS_NAME              0x00020000
+#define WBC_LOOKUP_DC_TRY_NEXTCLOSEST_SITE     0x00040000
+#define WBC_LOOKUP_DC_DS_6_REQUIRED            0x00080000
+#define WBC_LOOKUP_DC_RETURN_DNS_NAME          0x40000000
+#define WBC_LOOKUP_DC_RETURN_FLAT_NAME         0x80000000
+
+/**
+ * @brief Enumerate the domain trusts known by Winbind
+ *
+ * @param *ctx          wbclient Context
+ * @param domain        Name of the domain to query for a DC
+ * @param flags         Bit flags used to control the domain location query
+ * @param *dc_info      Pointer to the returned domain controller information
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxLookupDomainController(struct wbcContext *ctx,
+				    const char *domain,
+				    uint32_t flags,
+				    struct wbcDomainControllerInfo **dc_info);
+
+/**
+ * @brief Enumerate the domain trusts known by Winbind
+ *
+ * @param domain        Name of the domain to query for a DC
+ * @param flags         Bit flags used to control the domain location query
+ * @param *dc_info      Pointer to the returned domain controller information
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcLookupDomainController(const char *domain,
+				 uint32_t flags,
+				 struct wbcDomainControllerInfo **dc_info);
+
+/**
+ * @brief Get extended domain controller information
+ *
+ * @param *ctx          wbclient Context
+ * @param domain        Name of the domain to query for a DC
+ * @param guid          Guid of the domain to query for a DC
+ * @param site          Site of the domain to query for a DC
+ * @param flags         Bit flags used to control the domain location query
+ * @param *dc_info      Pointer to the returned extended domain controller information
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxLookupDomainControllerEx(struct wbcContext *ctx,
+				      const char *domain,
+				      struct wbcGuid *guid,
+				      const char *site,
+				      uint32_t flags,
+				      struct wbcDomainControllerInfoEx **dc_info);
+
+/**
+ * @brief Get extended domain controller information
+ *
+ * @param domain        Name of the domain to query for a DC
+ * @param guid          Guid of the domain to query for a DC
+ * @param site          Site of the domain to query for a DC
+ * @param flags         Bit flags used to control the domain location query
+ * @param *dc_info      Pointer to the returned extended domain controller information
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcLookupDomainControllerEx(const char *domain,
+				   struct wbcGuid *guid,
+				   const char *site,
+				   uint32_t flags,
+				   struct wbcDomainControllerInfoEx **dc_info);
+
+/**********************************************************
+ * Athenticate functions
+ **********************************************************/
+
+/**
+ * @brief Authenticate a username/password pair
+ *
+ * @param *ctx         wbclient Context
+ * @param username     Name of user to authenticate
+ * @param password     Clear text password os user
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxAuthenticateUser(struct wbcContext *ctx,
+			      const char *username,
+			      const char *password);
+
+/**
+ * @brief Authenticate a username/password pair
+ *
+ * @param username     Name of user to authenticate
+ * @param password     Clear text password os user
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcAuthenticateUser(const char *username,
+			   const char *password);
+
+/**
+ * @brief Authenticate with more detailed information
+ *
+ * @param *ctx         wbclient Context
+ * @param params       Input parameters, WBC_AUTH_USER_LEVEL_HASH
+ *                     is not supported yet
+ * @param info         Output details on WBC_ERR_SUCCESS
+ * @param error        Output details on WBC_ERR_AUTH_ERROR
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxAuthenticateUserEx(struct wbcContext *ctx,
+				const struct wbcAuthUserParams *params,
+				struct wbcAuthUserInfo **info,
+				struct wbcAuthErrorInfo **error);
+
+/**
+ * @brief Authenticate with more detailed information
+ *
+ * @param params       Input parameters, WBC_AUTH_USER_LEVEL_HASH
+ *                     is not supported yet
+ * @param info         Output details on WBC_ERR_SUCCESS
+ * @param error        Output details on WBC_ERR_AUTH_ERROR
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
+			     struct wbcAuthUserInfo **info,
+			     struct wbcAuthErrorInfo **error);
+
+/**
+ * @brief Logon a User
+ *
+ * @param[in]  *ctx        wbclient Context
+ * @param[in]  params      Pointer to a wbcLogonUserParams structure
+ * @param[out] info        Pointer to a pointer to a wbcLogonUserInfo structure
+ * @param[out] error       Pointer to a pointer to a wbcAuthErrorInfo structure
+ * @param[out] policy      Pointer to a pointer to a wbcUserPasswordPolicyInfo structure
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxLogonUser(struct wbcContext *ctx,
+		       const struct wbcLogonUserParams *params,
+		       struct wbcLogonUserInfo **info,
+		       struct wbcAuthErrorInfo **error,
+		       struct wbcUserPasswordPolicyInfo **policy);
+
+/**
+ * @brief Logon a User
+ *
+ * @param[in]  params      Pointer to a wbcLogonUserParams structure
+ * @param[out] info        Pointer to a pointer to a wbcLogonUserInfo structure
+ * @param[out] error       Pointer to a pointer to a wbcAuthErrorInfo structure
+ * @param[out] policy      Pointer to a pointer to a wbcUserPasswordPolicyInfo structure
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcLogonUser(const struct wbcLogonUserParams *params,
+		    struct wbcLogonUserInfo **info,
+		    struct wbcAuthErrorInfo **error,
+		    struct wbcUserPasswordPolicyInfo **policy);
+
+/**
+ * @brief Trigger a logoff notification to Winbind for a specific user
+ *
+ * @param *ctx        wbclient Context
+ * @param username    Name of user to remove from Winbind's list of
+ *                    logged on users.
+ * @param uid         Uid assigned to the username
+ * @param ccfilename  Absolute path to the Krb5 credentials cache to
+ *                    be removed
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxLogoffUser(struct wbcContext *ctx,
+			const char *username, uid_t uid,
+			const char *ccfilename);
+
+/**
+ * @brief Trigger a logoff notification to Winbind for a specific user
+ *
+ * @param username    Name of user to remove from Winbind's list of
+ *                    logged on users.
+ * @param uid         Uid assigned to the username
+ * @param ccfilename  Absolute path to the Krb5 credentials cache to
+ *                    be removed
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcLogoffUser(const char *username,
+		     uid_t uid,
+		     const char *ccfilename);
+
+/**
+ * @brief Trigger an extended logoff notification to Winbind for a specific user
+ *
+ * @param *ctx        wbclient Context
+ * @param params      A wbcLogoffUserParams structure
+ * @param error       User output details on error
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxLogoffUserEx(struct wbcContext *ctx,
+			  const struct wbcLogoffUserParams *params,
+		          struct wbcAuthErrorInfo **error);
+
+/**
+ * @brief Trigger an extended logoff notification to Winbind for a specific user
+ *
+ * @param params      A wbcLogoffUserParams structure
+ * @param error       User output details on error
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcLogoffUserEx(const struct wbcLogoffUserParams *params,
+		       struct wbcAuthErrorInfo **error);
+
+/**
+ * @brief Change a password for a user
+ *
+ * @param *ctx          wbclient Context
+ * @param username      Name of user to authenticate
+ * @param old_password  Old clear text password of user
+ * @param new_password  New clear text password of user
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxChangeUserPassword(struct wbcContext *ctx,
+				const char *username,
+				const char *old_password,
+				const char *new_password);
+
+/**
+ * @brief Change a password for a user
+ *
+ * @param username      Name of user to authenticate
+ * @param old_password  Old clear text password of user
+ * @param new_password  New clear text password of user
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcChangeUserPassword(const char *username,
+			     const char *old_password,
+			     const char *new_password);
+
+/**
+ * @brief Change a password for a user with more detailed information upon
+ *   failure
+ *
+ * @param *ctx                  wbclient Context
+ * @param params                Input parameters
+ * @param error                 User output details on WBC_ERR_PWD_CHANGE_FAILED
+ * @param reject_reason         New password reject reason on WBC_ERR_PWD_CHANGE_FAILED
+ * @param policy                Password policy output details on WBC_ERR_PWD_CHANGE_FAILED
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxChangeUserPasswordEx(struct wbcContext *ctx,
+				  const struct wbcChangePasswordParams *params,
+				  struct wbcAuthErrorInfo **error,
+				  enum wbcPasswordChangeRejectReason *reject_reason,
+				  struct wbcUserPasswordPolicyInfo **policy);
+
+/**
+ * @brief Change a password for a user with more detailed information upon
+ *   failure
+ *
+ * @param params                Input parameters
+ * @param error                 User output details on WBC_ERR_PWD_CHANGE_FAILED
+ * @param reject_reason         New password reject reason on WBC_ERR_PWD_CHANGE_FAILED
+ * @param policy                Password policy output details on WBC_ERR_PWD_CHANGE_FAILED
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcChangeUserPasswordEx(const struct wbcChangePasswordParams *params,
+			       struct wbcAuthErrorInfo **error,
+			       enum wbcPasswordChangeRejectReason *reject_reason,
+			       struct wbcUserPasswordPolicyInfo **policy);
+
+/**
+ * @brief Authenticate a user with cached credentials
+ *
+ * @param *ctx       wbclient Context
+ * @param *params    Pointer to a wbcCredentialCacheParams structure
+ * @param **info     Pointer to a pointer to a wbcCredentialCacheInfo structure
+ * @param **error    Pointer to a pointer to a wbcAuthErrorInfo structure
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxCredentialCache(struct wbcContext *ctx,
+			     struct wbcCredentialCacheParams *params,
+                             struct wbcCredentialCacheInfo **info,
+                             struct wbcAuthErrorInfo **error);
+
+/**
+ * @brief Authenticate a user with cached credentials
+ *
+ * @param *params    Pointer to a wbcCredentialCacheParams structure
+ * @param **info     Pointer to a pointer to a wbcCredentialCacheInfo structure
+ * @param **error    Pointer to a pointer to a wbcAuthErrorInfo structure
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params,
+                          struct wbcCredentialCacheInfo **info,
+                          struct wbcAuthErrorInfo **error);
+
+/**
+ * @brief Save a password with winbind for doing wbcCredentialCache() later
+ *
+ * @param *ctx       wbclient Context
+ * @param *user	     Username
+ * @param *password  Password
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxCredentialSave(struct wbcContext *ctx,
+			    const char *user, const char *password);
+
+/**
+ * @brief Save a password with winbind for doing wbcCredentialCache() later
+ *
+ * @param *user	     Username
+ * @param *password  Password
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCredentialSave(const char *user, const char *password);
+
+/**********************************************************
+ * Resolve functions
+ **********************************************************/
+
+/**
+ * @brief Resolve a NetbiosName via WINS
+ *
+ * @param *ctx         wbclient Context
+ * @param name         Name to resolve
+ * @param *ip          Pointer to the ip address string
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxResolveWinsByName(struct wbcContext *ctx,
+			       const char *name, char **ip);
+
+/**
+ * @brief Resolve a NetbiosName via WINS
+ *
+ * @param name         Name to resolve
+ * @param *ip          Pointer to the ip address string
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcResolveWinsByName(const char *name, char **ip);
+
+/**
+ * @brief Resolve an IP address via WINS into a NetbiosName
+ *
+ * @param *ctx         wbclient Context
+ * @param ip           The ip address string
+ * @param *name        Pointer to the name
+ *
+ * @return #wbcErr
+ *
+ **/
+wbcErr wbcCtxResolveWinsByIP(struct wbcContext *ctx,
+			     const char *ip, char **name);
+
+/**
+ * @brief Resolve an IP address via WINS into a NetbiosName
+ *
+ * @param ip           The ip address string
+ * @param *name        Pointer to the name
+ *
+ * @return #wbcErr
+ *
+ **/
+wbcErr wbcResolveWinsByIP(const char *ip, char **name);
+
+/**********************************************************
+ * Trusted domain functions
+ **********************************************************/
+
+/**
+ * @brief Trigger a verification of the trust credentials of a specific domain
+ *
+ * @param *ctx         wbclient Context
+ * @param *domain      The name of the domain.
+ * @param error        Output details on WBC_ERR_AUTH_ERROR
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxCheckTrustCredentials(struct wbcContext *ctx, const char *domain,
+				   struct wbcAuthErrorInfo **error);
+
+/**
+ * @brief Trigger a verification of the trust credentials of a specific domain
+ *
+ * @param *domain      The name of the domain.
+ * @param error        Output details on WBC_ERR_AUTH_ERROR
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCheckTrustCredentials(const char *domain,
+				struct wbcAuthErrorInfo **error);
+
+/**
+ * @brief Trigger a change of the trust credentials for a specific domain
+ *
+ * @param *ctx         wbclient Context
+ * @param *domain      The name of the domain.
+ * @param error        Output details on WBC_ERR_AUTH_ERROR
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxChangeTrustCredentials(struct wbcContext *ctx, const char *domain,
+				    struct wbcAuthErrorInfo **error);
+
+/**
+ * @brief Trigger a change of the trust credentials for a specific domain
+ *
+ * @param *domain      The name of the domain.
+ * @param error        Output details on WBC_ERR_AUTH_ERROR
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcChangeTrustCredentials(const char *domain,
+				 struct wbcAuthErrorInfo **error);
+
+/**
+ * @brief Trigger a no-op call through the NETLOGON pipe. Low-cost
+ *        version of wbcCheckTrustCredentials
+ *
+ * @param *ctx         wbclient Context
+ * @param *domain      The name of the domain, only NULL for the default domain is
+ *                     supported yet. Other values than NULL will result in
+ *                     WBC_ERR_NOT_IMPLEMENTED.
+ * @param error        Output details on WBC_ERR_AUTH_ERROR
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxPingDc(struct wbcContext *ctx, const char *domain,
+		    struct wbcAuthErrorInfo **error);
+
+/**
+ * @brief Trigger a no-op call through the NETLOGON pipe. Low-cost
+ *        version of wbcCheckTrustCredentials
+ *
+ * @param *domain      The name of the domain, only NULL for the default domain is
+ *                     supported yet. Other values than NULL will result in
+ *                     WBC_ERR_NOT_IMPLEMENTED.
+ * @param error        Output details on WBC_ERR_AUTH_ERROR
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcPingDc(const char *domain, struct wbcAuthErrorInfo **error);
+
+/**
+ * @brief Trigger a no-op call through the NETLOGON pipe. Low-cost
+ *        version of wbcCheckTrustCredentials
+ *
+ * @param *ctx         wbclient Context
+ * @param *domain      The name of the domain, only NULL for the default domain is
+ *                     supported yet. Other values than NULL will result in
+ *                     WBC_ERR_NOT_IMPLEMENTED.
+ * @param error        Output details on WBC_ERR_AUTH_ERROR
+ * @param dcname       DC that was attempted to ping
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcCtxPingDc2(struct wbcContext *ctx, const char *domain,
+		     struct wbcAuthErrorInfo **error,
+		     char **dcname);
+
+/**
+ * @brief Trigger a no-op call through the NETLOGON pipe. Low-cost
+ *        version of wbcCheckTrustCredentials
+ *
+ * @param *domain      The name of the domain, only NULL for the default domain is
+ *                     supported yet. Other values than NULL will result in
+ *                     WBC_ERR_NOT_IMPLEMENTED.
+ * @param error        Output details on WBC_ERR_AUTH_ERROR
+ * @param dcname       DC that was attempted to ping
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcPingDc2(const char *domain, struct wbcAuthErrorInfo **error,
+		  char **dcname);
+
+/**********************************************************
+ * Helper functions
+ **********************************************************/
+
+/**
+ * @brief Initialize a named blob and add to list of blobs
+ *
+ * @param[in,out] num_blobs     Pointer to the number of blobs
+ * @param[in,out] blobs         Pointer to an array of blobs
+ * @param[in]     name          Name of the new named blob
+ * @param[in]     flags         Flags of the new named blob
+ * @param[in]     data          Blob data of new blob
+ * @param[in]     length        Blob data length of new blob
+ *
+ * @return #wbcErr
+ **/
+wbcErr wbcAddNamedBlob(size_t *num_blobs,
+		       struct wbcNamedBlob **blobs,
+		       const char *name,
+		       uint32_t flags,
+		       uint8_t *data,
+		       size_t length);
+
+/**
+ * @brief Set the name of the process which call wbclient.
+ *
+ * By default wbclient will figure out the process name. This should just be
+ * used in special cases like pam modules or similar. Only alpha numeric
+ * chars in ASCII are allowed.
+ *
+ * This function should only be called once!
+ *
+ * @param[in]  name             The process name to set.
+ */
+void wbcSetClientProcessName(const char *name);
+
+#endif      /* _WBCLIENT_H */
diff --git a/nsswitch/libwbclient/wbclient.pc.in b/nsswitch/libwbclient/wbclient.pc.in
new file mode 100644
index 0000000..c7b199b
--- /dev/null
+++ b/nsswitch/libwbclient/wbclient.pc.in
@@ -0,0 +1,11 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+modulesdir=${prefix}/modules/gensec
+
+Name: wbclient
+Description: Winbind client
+Version: @PACKAGE_VERSION@
+Libs: @LIB_RPATH@ -L${libdir} -lwbclient
+Cflags: -I${includedir}  -DHAVE_IMMEDIATE_STRUCTURES=1
diff --git a/nsswitch/libwbclient/wbclient_internal.h b/nsswitch/libwbclient/wbclient_internal.h
new file mode 100644
index 0000000..6d815c0
--- /dev/null
+++ b/nsswitch/libwbclient/wbclient_internal.h
@@ -0,0 +1,50 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   Winbind client API
+
+   Copyright (C) Gerald (Jerry) Carter 2007
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 3 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _WBCLIENT_INTERNAL_H
+#define _WBCLIENT_INTERNAL_H
+
+struct wbcContext {
+	struct winbindd_context *winbindd_ctx;
+	uint32_t pw_cache_size; /* Number of cached passwd structs */
+	uint32_t pw_cache_idx;  /* Position of the pwent context */
+	uint32_t gr_cache_size; /* Number of cached group structs */
+	uint32_t gr_cache_idx;  /* Position of the grent context */
+};
+
+/* Private functions */
+
+wbcErr wbcRequestResponse(struct wbcContext *ctx, int cmd,
+			  struct winbindd_request *request,
+			  struct winbindd_response *response);
+
+wbcErr wbcRequestResponsePriv(struct wbcContext *ctx, int cmd,
+			      struct winbindd_request *request,
+			      struct winbindd_response *response);
+
+void *wbcAllocateMemory(size_t nelem, size_t elsize,
+			void (*destructor)(void *ptr));
+
+char *wbcStrDup(const char *str);
+const char **wbcAllocateStringArray(int num_strings);
+struct wbcContext *wbcGetGlobalCtx(void);
+
+#endif      /* _WBCLIENT_INTERNAL_H */
diff --git a/nsswitch/libwbclient/wscript b/nsswitch/libwbclient/wscript
new file mode 100644
index 0000000..ad1d321
--- /dev/null
+++ b/nsswitch/libwbclient/wscript
@@ -0,0 +1,57 @@
+#!/usr/bin/env python
+
+from waflib import Options, Logs
+
+# Remember to also update wbclient.h
+VERSION="0.15"
+
+# It may be useful at some point to allow Samba to build against a
+# system libwbclient, such as the one provided by Likewise.  To to
+# this, not only must the check below be activated but this must only
+# be activated with an off-by-default option to disable the internal
+# build of both winbindd implementations, and all the internal
+# references to libwbclient.h will need to be fixed to point at the
+# system libwbclient.  Finally, as a system libwbclient would probably
+# not use the same version scheme as Samba, so this would need to
+# reference Likewise version numbers instead.
+#
+#def configure(conf):
+#    if conf.CHECK_BUNDLED_SYSTEM_PKG('wbclient', minversion=VERSION):
+#        conf.define('USING_SYSTEM_LIBWBCLIENT', 1)
+#
+
+def build(bld):
+#    if bld.CONFIG_SET('USING_SYSTEM_LIBWBCLIENT'):
+#        Logs.info("\tSelected system libwbclient build")
+#        return
+#
+#    Logs.info("\tSelected embedded libwbclient build")
+
+    bld.SAMBA_SUBSYSTEM('wbclient-internal',
+        source='../wb_common.c',
+        deps='replace',
+        cflags='-DWINBINDD_SOCKET_DIR=\"%s\"' % bld.env.WINBINDD_SOCKET_DIR,
+        hide_symbols=True,
+        provide_builtin_linking=True,
+        builtin_cflags='-DWINBINDD_SOCKET_DIR=\"%s\"' % bld.env.WINBINDD_SOCKET_DIR,
+        )
+
+    abi_match = 'wbc*'
+    bld.SAMBA_LIBRARY('wbclient',
+                      source='''
+                             wbc_guid.c
+                             wbc_idmap.c
+                             wbclient.c
+                             wbc_pam.c
+                             wbc_pwd.c
+                             wbc_sid.c
+                             wbc_util.c''',
+                      hide_symbols=True,
+                      deps='wbclient-internal smb_strtox',
+                      require_builtin_deps=True,
+                      provide_builtin_linking=True,
+                      pc_files='wbclient.pc',
+                      public_headers='wbclient.h',
+                      abi_directory='ABI',
+                      abi_match=abi_match,
+                      vnum=VERSION)