clean up

16 files changed, 641 insertions, 608 deletions

diff --git a/src/main.go b/src/main.go
index 9067cdf..83cb879 100644
--- a/src/main.go
+++ b/src/main.go
@@ -1,2 +1,11 @@
-//include "nslcd.h"
-import "C"
+package nshd
+
+import (
+	_ "./nslcd_proto"
+	_ "./sd_daemon"
+	_ "./sd_daemon/logger"
+)
+
+func main() {
+	
+}
diff --git a/src/nslcd-proto/.gitignore b/src/nslcd-proto/.gitignore
deleted file mode 100644
index 75e7f93..0000000
--- a/src/nslcd-proto/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-/backend.go
diff --git a/src/nslcd-proto/Makefile b/src/nslcd-proto/Makefile
deleted file mode 100644
index fce3d2f..0000000
--- a/src/nslcd-proto/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
-backend.go: structures.go Makefile
-	{ \
-		echo 'package nslcd_proto' && \
-		echo 'type Backend interface {' && \
-		sed -rn 's/^type Request_([^_ ]+)(_\S+)?.*/\1\2(Request_\1\2) []\1/p' $< | grep -v PAM && \
-		sed -rn 's/^type Request_(PAM)(_\S+)?.*/\1\2(Request_\1\2) []\1\2/p' $< && \
-		echo '}' && \
-	:; } | gofmt > $@
-
-.DELETE_ON_ERROR:
diff --git a/src/nslcd-proto/handle.go b/src/nslcd-proto/handle.go
deleted file mode 100644
index 07f8d84..0000000
--- a/src/nslcd-proto/handle.go
+++ /dev/null
@@ -1,11 +0,0 @@
-package nslcd_proto
-
-import "io"
-
-// Initialize() error { func
-//         e := c.SetReadDeadline(...)
-//         e := c.SetWriteDeadline(...)
-// }
-
-func Handle(in io.Reader, out io.Writer) {
-        
diff --git a/src/nslcd-proto/nslcd.h b/src/nslcd-proto/nslcd.h
deleted file mode 100644
index 4a73fbf..0000000
--- a/src/nslcd-proto/nslcd.h
+++ /dev/null
@@ -1,307 +0,0 @@
-/*
-   nslcd.h - file describing client/server protocol
-
-   Copyright (C) 2006 West Consulting
-   Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012, 2013 Arthur de Jong
-
-   This library is free software; you can redistribute it and/or
-   modify it under the terms of the GNU Lesser General Public
-   License as published by the Free Software Foundation; either
-   version 2.1 of the License, or (at your option) any later version.
-
-   This library is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-   Lesser General Public License for more details.
-
-   You should have received a copy of the GNU Lesser General Public
-   License along with this library; if not, write to the Free Software
-   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-   02110-1301 USA
-*/
-
-#ifndef _NSLCD_H
-#define _NSLCD_H 1
-
-/*
-   The protocol used between the nslcd client and server is a simple binary
-   protocol. It is request/response based where the client initiates a
-   connection, does a single request and closes the connection again. Any
-   mangled or not understood messages will be silently ignored by the server.
-
-   A request looks like:
-     INT32  NSLCD_VERSION
-     INT32  NSLCD_ACTION_*
-     [request parameters if any]
-   A response looks like:
-     INT32  NSLCD_VERSION
-     INT32  NSLCD_ACTION_* (the original request type)
-     [result(s)]
-     INT32  NSLCD_RESULT_END
-   A single result entry looks like:
-     INT32  NSLCD_RESULT_BEGIN
-     [result value(s)]
-   If a response would return multiple values (e.g. for NSLCD_ACTION_*_ALL
-   functions) each return value will be preceded by a NSLCD_RESULT_BEGIN
-   value. After the last returned result the server sends
-   NSLCD_RESULT_END. If some error occurs (e.g. LDAP server unavailable,
-   error in the request, etc) the server terminates the connection to signal
-   an error condition (breaking the protocol).
-
-   These are the available basic data types:
-     INT32  - 32-bit integer value
-     TYPE   - a typed field that is transferred using sizeof()
-     STRING - a string length (32bit) followed by the string value (not
-              null-terminted) the string itself is assumed to be UTF-8
-     STRINGLIST - a 32-bit number noting the number of strings followed by
-                  the strings one at a time
-
-   Furthermore the ADDRESS compound data type is defined as:
-     INT32  type of address: e.g. AF_INET or AF_INET6
-     INT32  lenght of address
-     RAW    the address itself
-   With the ADDRESSLIST using the same construct as with STRINGLIST.
-
-   The protocol uses network byte order for all types.
-*/
-
-/* The current version of the protocol. This protocol should only be
-   updated with major backwards-incompatible changes. */
-#define NSLCD_VERSION 0x00000002
-
-/* Get a NSLCD configuration option. There is one request parameter:
-    INT32   NSLCD_CONFIG_*
-  the result value is:
-    STRING  value, interpretation depending on request */
-#define NSLCD_ACTION_CONFIG_GET        0x00010001
-
-/* return the message, if any, that is presented to the user when password
-   modification through PAM is prohibited */
-#define NSLCD_CONFIG_PAM_PASSWORD_PROHIBIT_MESSAGE 1
-
-/* Email alias (/etc/aliases) NSS requests. The result values for a
-   single entry are:
-     STRING      alias name
-     STRINGLIST  alias rcpts */
-#define NSLCD_ACTION_ALIAS_BYNAME      0x00020001
-#define NSLCD_ACTION_ALIAS_ALL         0x00020008
-
-/* Ethernet address/name mapping NSS requests. The result values for a
-   single entry are:
-     STRING            ether name
-     TYPE(uint8_t[6])  ether address */
-#define NSLCD_ACTION_ETHER_BYNAME      0x00030001
-#define NSLCD_ACTION_ETHER_BYETHER     0x00030002
-#define NSLCD_ACTION_ETHER_ALL         0x00030008
-
-/* Group and group membership related NSS requests. The result values
-   for a single entry are:
-     STRING       group name
-     STRING       group password
-     INT32        group id
-     STRINGLIST   members (usernames) of the group
-     (note that the BYMEMER call returns an emtpy members list) */
-#define NSLCD_ACTION_GROUP_BYNAME      0x00040001
-#define NSLCD_ACTION_GROUP_BYGID       0x00040002
-#define NSLCD_ACTION_GROUP_BYMEMBER    0x00040006
-#define NSLCD_ACTION_GROUP_ALL         0x00040008
-
-/* Hostname (/etc/hosts) lookup NSS requests. The result values
-   for an entry are:
-     STRING       host name
-     STRINGLIST   host aliases
-     ADDRESSLIST  host addresses */
-#define NSLCD_ACTION_HOST_BYNAME       0x00050001
-#define NSLCD_ACTION_HOST_BYADDR       0x00050002
-#define NSLCD_ACTION_HOST_ALL          0x00050008
-
-/* Netgroup NSS result entries contain a number of parts. A result entry
-   starts with:
-     STRING  netgroup name
-   followed by zero or more references to other netgroups or netgroup
-   triples. A reference to another netgroup looks like:
-     INT32   NSLCD_NETGROUP_TYPE_NETGROUP
-     STRING  other netgroup name
-   A a netgroup triple looks like:
-     INT32   NSLCD_NETGROUP_TYPE_TRIPLE
-     STRING  host
-     STRING  user
-     STRING  domain
-   A netgroup result entry is terminated by:
-     INT32   NSLCD_NETGROUP_TYPE_END
-   */
-#define NSLCD_ACTION_NETGROUP_BYNAME   0x00060001
-#define NSLCD_ACTION_NETGROUP_ALL      0x00060008
-#define NSLCD_NETGROUP_TYPE_NETGROUP 1
-#define NSLCD_NETGROUP_TYPE_TRIPLE   2
-#define NSLCD_NETGROUP_TYPE_END      3
-
-/* Network name (/etc/networks) NSS requests. Result values for a single
-   entry are:
-     STRING       network name
-     STRINGLIST   network aliases
-     ADDRESSLIST  network addresses */
-#define NSLCD_ACTION_NETWORK_BYNAME    0x00070001
-#define NSLCD_ACTION_NETWORK_BYADDR    0x00070002
-#define NSLCD_ACTION_NETWORK_ALL       0x00070008
-
-/* User account (/etc/passwd) NSS requests. Result values are:
-     STRING       user name
-     STRING       user password
-     INT32        user id
-     INT32        group id
-     STRING       gecos information
-     STRING       home directory
-     STRING       login shell */
-#define NSLCD_ACTION_PASSWD_BYNAME     0x00080001
-#define NSLCD_ACTION_PASSWD_BYUID      0x00080002
-#define NSLCD_ACTION_PASSWD_ALL        0x00080008
-
-/* Protocol information requests. Result values are:
-     STRING      protocol name
-     STRINGLIST  protocol aliases
-     INT32       protocol number */
-#define NSLCD_ACTION_PROTOCOL_BYNAME   0x00090001
-#define NSLCD_ACTION_PROTOCOL_BYNUMBER 0x00090002
-#define NSLCD_ACTION_PROTOCOL_ALL      0x00090008
-
-/* RPC information requests. Result values are:
-     STRING      rpc name
-     STRINGLIST  rpc aliases
-     INT32       rpc number */
-#define NSLCD_ACTION_RPC_BYNAME        0x000a0001
-#define NSLCD_ACTION_RPC_BYNUMBER      0x000a0002
-#define NSLCD_ACTION_RPC_ALL           0x000a0008
-
-/* Service (/etc/services) information requests. The BYNAME and BYNUMBER
-   requests contain an extra protocol string in the request which, if not
-   blank, will filter the services by this protocol. Result values are:
-     STRING      service name
-     STRINGLIST  service aliases
-     INT32       service (port) number
-     STRING      service protocol */
-#define NSLCD_ACTION_SERVICE_BYNAME    0x000b0001
-#define NSLCD_ACTION_SERVICE_BYNUMBER  0x000b0002
-#define NSLCD_ACTION_SERVICE_ALL       0x000b0008
-
-/* Extended user account (/etc/shadow) information requests. Result
-   values for a single entry are:
-     STRING  user name
-     STRING  user password
-     INT32   last password change
-     INT32   mindays
-     INT32   maxdays
-     INT32   warn
-     INT32   inact
-     INT32   expire
-     INT32   flag */
-/* It is my understanding that an empty value for those INT32 fields
-   is expressed with a negative number. -- lukeshu */
-#define NSLCD_ACTION_SHADOW_BYNAME     0x000c0001
-#define NSLCD_ACTION_SHADOW_ALL        0x000c0008
-
-/* PAM-related requests. The request parameters for all these requests
-   begin with:
-     STRING  user name
-     STRING  service name
-     STRING  ruser
-     STRING  rhost
-     STRING  tty
-   If the user is not known in LDAP no result may be returned (immediately
-   return NSLCD_RESULT_END instead of a PAM error code). */
-
-/* PAM authentication check request. The extra request values are:
-     STRING  password
-   and the result value consists of:
-     INT32   authc NSLCD_PAM_* result code
-     STRING  user name (the cannonical user name)
-     INT32   authz NSLCD_PAM_* result code
-     STRING  authorisation error message
-   If the username is empty in this request an attempt is made to
-   authenticate as the administrator (set using rootpwmoddn).
-   Some authorisation checks are already done during authentication so the
-   response also includes authorisation information. */
-#define NSLCD_ACTION_PAM_AUTHC         0x000d0001
-
-/* PAM authorisation check request. The result value consists of:
-     INT32   authz NSLCD_PAM_* result code
-     STRING  authorisation error message
-   The authentication check may have already returned some authorisation
-   information. The authorisation error message, if supplied, will be used
-   by the PAM module instead of a message that is generated by the PAM
-   module itself. */
-#define NSLCD_ACTION_PAM_AUTHZ         0x000d0002
-
-/* PAM session open request. The result value consists of:
-     STRING   session id
-   This session id may be used to close this session with. */
-#define NSLCD_ACTION_PAM_SESS_O        0x000d0003
-
-/* PAM session close request. This request has the following
-   extra request value:
-     STRING   session id
-   and this calls only returns an empty response value. */
-#define NSLCD_ACTION_PAM_SESS_C        0x000d0004
-
-/* PAM password modification request. This requests has the following extra
-   request values:
-     INT32   asroot: 0=oldpasswd is user passwd, 1=oldpasswd is root passwd
-     STRING  old password
-     STRING  new password
-   and returns there extra result values:
-     INT32   NSLCD_PAM_* result code
-     STRING  error message */
-#define NSLCD_ACTION_PAM_PWMOD         0x000d0005
-
-/* User information change request. This request allows one to change
-   their full name and other information. The request parameters for this
-   request are:
-     STRING  user name
-     INT32   asroot: 0=passwd is user passwd, 1=passwd is root passwd
-     STRING  password
-   followed by one or more of the below, terminated by NSLCD_USERMOD_END
-     INT32   NSLCD_USERMOD_*
-     STRING  new value
-   the response consists of one or more of the entries below, terminated
-   by NSLCD_USERMOD_END:
-     INT32   NSLCD_USERMOD_*
-     STRING  response
-   (if the response is blank, the change went OK, otherwise the string
-   contains an error message)
-   */
-#define NSLCD_ACTION_USERMOD           0x000e0001
-
-/* These are the possible values for the NSLCD_ACTION_USERMOD operation
-   above. */
-#define NSLCD_USERMOD_END        0 /* end of change values */
-#define NSLCD_USERMOD_RESULT     1 /* global result value */
-#define NSLCD_USERMOD_FULLNAME   2 /* full name */
-#define NSLCD_USERMOD_ROOMNUMBER 3 /* room number */
-#define NSLCD_USERMOD_WORKPHONE  4 /* office phone number */
-#define NSLCD_USERMOD_HOMEPHONE  5 /* home phone number */
-#define NSLCD_USERMOD_OTHER      6 /* other info */
-#define NSLCD_USERMOD_HOMEDIR    7 /* home directory */
-#define NSLCD_USERMOD_SHELL      8 /* login shell */
-
-/* Request result codes. */
-#define NSLCD_RESULT_BEGIN 1
-#define NSLCD_RESULT_END   2
-
-/* Partial list of PAM result codes. */
-#define NSLCD_PAM_SUCCESS             0 /* everything ok */
-#define NSLCD_PAM_PERM_DENIED         6 /* Permission denied */
-#define NSLCD_PAM_AUTH_ERR            7 /* Authc failure */
-#define NSLCD_PAM_CRED_INSUFFICIENT   8 /* Cannot access authc data */
-#define NSLCD_PAM_AUTHINFO_UNAVAIL    9 /* Cannot retrieve authc info */
-#define NSLCD_PAM_USER_UNKNOWN       10 /* User not known */
-#define NSLCD_PAM_MAXTRIES           11 /* Retry limit reached */
-#define NSLCD_PAM_NEW_AUTHTOK_REQD   12 /* Password expired */
-#define NSLCD_PAM_ACCT_EXPIRED       13 /* Account expired */
-#define NSLCD_PAM_SESSION_ERR        14 /* Cannot make/remove session record */
-#define NSLCD_PAM_AUTHTOK_ERR        20 /* Authentication token manipulation error */
-#define NSLCD_PAM_AUTHTOK_DISABLE_AGING 23 /* Password aging disabled */
-#define NSLCD_PAM_IGNORE             25 /* Ignore module */
-#define NSLCD_PAM_ABORT              26 /* Fatal error */
-#define NSLCD_PAM_AUTHTOK_EXPIRED    27 /* authentication token has expired */
-
-#endif /* not _NSLCD_H */
diff --git a/src/nslcd-proto/structures.go b/src/nslcd-proto/structures.go
deleted file mode 100644
index 7d36940..0000000
--- a/src/nslcd-proto/structures.go
+++ /dev/null
@@ -1,249 +0,0 @@
-
-package nslcd_proto
-
-import (
-        "io"
-        "fmt"
-        "net"
-)
-
-//#include "nslcd.h"
-import "C"
-
-type Config struct {
-        Value string
-}
-type Request_Config struct { Key int32 }
-
-type Alias struct {
-        Name string
-        Recipients []string
-}
-type Request_Alias_ByName struct { Name string }
-type Request_Alias_All struct {}
-
-type Ether struct {
-        Name string
-        Address [6]byte
-}
-type Request_Ether_ByName struct { Name string }
-type Request_Ether_ByEther struct { Address [6]byte }
-type Request_Ether_All struct {}
-
-type Group struct {
-        Name string
-        Password string
-        ID int32
-        Members []string
-}
-type Request_Group_ByName struct { Name string }
-type Request_Group_ByGid struct { GID int32 }
-type Request_Group_ByMember struct { Member string }
-type Request_Group_All struct {}
-
-type Host struct {
-        Name string
-        Aliases []string
-        Addresses []net.IP
-}
-type Request_Host_ByName struct { Name string }
-type Request_Host_ByAddr struct { Address net.IP }
-type Request_Host_All struct {}
-
-type Netgroup_Netgroup struct {
-        Name string
-}
-type Netgroup_Triple struct {
-        Host string
-        User string
-        Domain string
-}
-type Netgroup_PartList []interface{}
-func (data Netgroup_PartList) NslcdWrite(fd io.Writer) {
-        for _, part := range data {
-                var t int32 = -1
-                switch part.(type) {
-                case Netgroup_Netgroup: t = C.NSLCD_NETGROUP_TYPE_NETGROUP
-                case Netgroup_Triple: t = C.NSLCD_NETGROUP_TYPE_TRIPLE
-                }
-                if t < 0 {
-                        panic("invalid netgroup type")
-                }
-                write(fd, t)
-                write(fd, part)
-        }
-        write(fd, int32(C.NSLCD_NETGROUP_TYPE_END))
-}
-func (data *Netgroup_PartList) NslcdRead(fd io.Reader) {
-        *data = make([]interface{}, 0)
-        for {
-                var t int32
-                var v interface{}
-                read(fd, &t)
-                switch t {
-                case C.NSLCD_NETGROUP_TYPE_NETGROUP:
-                        v = Netgroup_Netgroup{}
-                case C.NSLCD_NETGROUP_TYPE_TRIPLE:
-                        v = Netgroup_Triple{}
-                case C.NSLCD_NETGROUP_TYPE_END:
-                        return
-                default:
-                        panic(NslcdError(fmt.Sprintf("unrecognized netgroup type: %d", t)))
-                }
-                read(fd, &v)
-                *data = append(*data, v)
-        }
-}
-var _ NslcdObject = Netgroup_PartList{}
-var _ NslcdObjectPtr = &Netgroup_PartList{}
-type Netgroup struct {
-        Name string
-        Parts Netgroup_PartList
-}
-type Request_Netgroup_ByName struct { Name string }
-type Request_Netgroup_All struct {}
-
-type Network struct {
-        Name string
-        Aliases []string
-        Addresses []net.IP
-}
-type Request_Network_ByName struct { Name string }
-type Request_Network_ByAddr struct { Address net.IP }
-type Request_Network_All struct {}
-
-type Passwd struct {
-        Name string
-        Password string
-        UID int32
-        GID int32
-        GECOS string
-        HomeDir string
-        Shell string
-}
-type Request_Passwd_ByName struct { Name string }
-type Request_Passwd_ByUID struct { UID int32 }
-type Request_Passwd_All struct {}
-
-type Protocol struct {
-        Name string
-        Aliases []string
-        Number int32
-}
-type Request_Protocol_ByName struct { Name string }
-type Request_Protocol_ByNumber struct { Number int32 }
-type Request_Protocol_All struct {}
-
-type RPC struct {
-        Name string
-        Aliases []string
-        Number int32
-}
-type Request_RPC_ByName struct { Name string }
-type Request_RPC_ByNumber struct { Number int32 }
-type Request_RPC_All struct {}
-
-type Service struct {
-        Name string
-        Aliases []string
-        PortNumber int32
-        Protocol string
-}
-type Request_Service_ByName struct { Name string }
-type Request_Service_ByNumber struct { Number int32 }
-type Request_Service_All struct {}
-
-type Shadow struct {
-        Name string
-        Password string
-        LastChangeDate int32
-        MinDays int32
-        MaxDays int32
-        WarnDays int32
-        InactDays int32
-        ExpireDate int32
-        Flag int32
-}
-type Request_Shadow_ByName struct { Name string }
-type Request_Shadow_All struct {}
-
-type PAM_Base struct {
-        UserName string
-        ServiceName string
-        RUser string
-        RHost string
-        TTY string
-}
-
-type Request_PAM_Authentication struct {
-        Base PAM_Base
-        Password string
-}
-type PAM_Authentication struct {
-        AuthenticationResult int32
-        UserName string
-        AuthorizationResult int32
-        AuthorizationError string
-}
-
-type PAM_Authorization struct {
-        Result int32
-        Error string
-}
-type Request_PAM_Authorization struct {}
-
-type PAM_SessionOpen struct {
-        SessionID string
-}
-type Request_PAM_SessionOpen struct {}
-
-type PAM_SessionClose struct {}
-type Request_PAM_SessionClose struct {
-        SessionID string
-}
-
-type Request_PAM_PwMod struct {
-        AsRoot int32
-        OldPassword string
-        NewPassword string
-}
-type PAM_PwMod struct {
-        Result int32
-        Error string
-}
-
-type UserMod_Item struct {
-        Key int32
-        Value string
-}
-type UserMod_ItemList []UserMod_Item
-func (data UserMod_ItemList) NslcdWrite(fd io.Writer) {
-        for _, item := range data {
-                write(fd, item)
-        }
-        write(fd, int32(C.NSLCD_USERMOD_END))
-}
-func (data *UserMod_ItemList) NslcdRead(fd io.Reader) {
-        *data = make([]UserMod_Item, 0)
-        for {
-                var t int32
-                read(fd, &t)
-                if t == C.NSLCD_USERMOD_END {
-                        return
-                }
-                var v UserMod_Item
-                read(fd, &v)
-                *data = append(*data, v)
-        }
-}
-var _ NslcdObject = UserMod_ItemList{}
-var _ NslcdObjectPtr = &UserMod_ItemList{}
-type Request_UserMod struct {
-        UserName string
-        AsRoot int32
-        Password string
-        Items UserMod_ItemList
-}
-type UserMod struct {
-        Items []UserMod_Item
-}
diff --git a/src/nslcd_proto/.gitignore b/src/nslcd_proto/.gitignore
new file mode 100644
index 0000000..8a88ae3
--- /dev/null
+++ b/src/nslcd_proto/.gitignore
@@ -0,0 +1,6 @@
+/struct_backend.go
+/func_handlerequest.go
+/requests.txt
+/responses.txt
+/enumerator-list.mk
+*@*.go
diff --git a/src/nslcd_proto/Makefile b/src/nslcd_proto/Makefile
new file mode 100644
index 0000000..2014bdd
--- /dev/null
+++ b/src/nslcd_proto/Makefile
@@ -0,0 +1,31 @@
+all: struct_backend.go func_handlerequest.go
+.PHONY: all
+
+clean:
+	rm -f -- struct_backend.go func_handlerequest.go enumerator@*.go
+	rm -f -- enumerator-list.mk requests.txt responses.txt
+.PHONY: clean
+
+ifeq (,$(filter clean,$(MAKECMDGOALS)))
+-include enumerator-list.mk
+endif
+
+enumerator@%.go: enumerator@T.got
+	< $< sed 's/<T>/$*/g' > $@
+
+enumerator-list.mk: responses.txt Makefile
+	< $< sed -rn 's/.*/all: enumerator@&.go/p' > $@
+
+requests.txt: nslcd_h.go Makefile
+	< $< grep -Eo 'Request_([^_ ]+)(_\S+)?' | sed 's/^Request_//' > $@
+responses.txt: struct_backend.go Makefile
+	< $< sed -rn 's/.* (\S+)_Enumerator$$/\1/p' | sort -u > $@
+
+%.go: %.go.sh
+	./$^ > $@
+
+struct_backend.go: requests.txt
+func_handlerequest.go: requests.txt
+
+.DELETE_ON_ERROR:
+.SECONDARY:
diff --git a/src/nslcd_proto/enumerator@T.got b/src/nslcd_proto/enumerator@T.got
new file mode 100644
index 0000000..88c3603
--- /dev/null
+++ b/src/nslcd_proto/enumerator@T.got
@@ -0,0 +1,26 @@
+// -*- Mode: Go -*-
+package nslcd_proto
+
+type <T>_Enumerator interface {
+	GetNext() (n <T>, err error)
+	GenericGetNext() (n interface{}, err error)
+}
+
+type <T>_List struct {
+	dat []<T>
+	i   int
+}
+
+func New_<T>_List(ary []<T>) *<T>_List {
+	return &<T>_List{ary, 0}
+}
+
+func (o *<T>_List) GetNext() (n <T>, err error) {
+	n = o.dat[o.i]
+	err = nil
+	o.i++
+	return
+}
+func (o *<T>_List) GenericGetNext() (n interface{}, err error) {
+	return o.GetNext()
+}
diff --git a/src/nslcd_proto/func_handlerequest.go.sh b/src/nslcd_proto/func_handlerequest.go.sh
new file mode 100755
index 0000000..0f0c686
--- /dev/null
+++ b/src/nslcd_proto/func_handlerequest.go.sh
@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+# -*- Mode: Go -*-
+requests=$1
+cat <<EOF
+package nslcd_proto
+
+import (
+	"fmt"
+	"io"
+)
+
+type enumerator interface {
+	GenericGetNext() (n interface{}, err error)
+}
+
+func handleRequest(in io.Reader, out io.Writer, backend Backend) {
+	var version int32
+	read(in, &version)
+	if version != NSLCD_VERSION {
+		panic(NslcdError(fmt.Sprintf("version mismatch: server=%#08x client=%#08x", NSLCD_VERSION, version)))
+	}
+	var action int32
+	read(in, &action)
+
+	var res enumerator = nil
+	switch action {
+$(
+while read -r request; do
+	cat <<EOT
+	case NSLCD_ACTION_${request^^}:
+		var req Request_${request}
+		read(in, &req)
+		res = backend.${request}(req)
+EOT
+done < "$requests"
+)
+	default:
+		panic(NslcdError(fmt.Sprintf("unknown request action: %#08x", action)))
+	}
+	write(out, NSLCD_VERSION)
+	write(out, action)
+
+	var result interface{}
+	var err error
+	for result, err = res.GenericGetNext(); (result != nil) && (err != nil); result, err = res.GenericGetNext() {
+		write(out, NSLCD_RESULT_BEGIN)
+		write(out, result)
+	}
+	if err != nil {
+		panic(err)
+	}
+	write(out, NSLCD_RESULT_END)
+}
+EOF
diff --git a/src/nslcd-proto/io.go b/src/nslcd_proto/io.go
index 9ed6fd5..0804e98 100644
--- a/src/nslcd-proto/io.go
+++ b/src/nslcd_proto/io.go
@@ -11,9 +11,16 @@ import (
 //#include <sys/socket.h>
 import "C"
 
+type NslcdObject interface {
+	NslcdWrite(fd io.Writer)
+}
+type NslcdObjectPtr interface {
+	NslcdRead(fd io.Reader)
+}
+
 func write(fd io.Writer, data interface{}) {
 	switch data := data.(type) {
-		// basic data types
+	// basic data types
 	case []byte:
 		_, err := fd.Write(data)
 		if err != nil {
@@ -26,7 +33,7 @@ func write(fd io.Writer, data interface{}) {
 		}
 	case NslcdObject:
 		data.NslcdWrite(fd)
-		// composite datatypes
+	// composite datatypes
 	case string:
 		write(fd, int32(len(data)))
 		write(fd, []byte(data))
@@ -38,8 +45,10 @@ func write(fd io.Writer, data interface{}) {
 	case net.IP:
 		var af int32 = -1
 		switch len(data) {
-		case net.IPv4len: af = C.AF_INET
-		case net.IPv6len: af = C.AF_INET6
+		case net.IPv4len:
+			af = C.AF_INET
+		case net.IPv6len:
+			af = C.AF_INET6
 		}
 		var bytes []byte
 		if af < 0 {
@@ -63,7 +72,7 @@ func write(fd io.Writer, data interface{}) {
 				write(fd, v.Field(i).Interface())
 			}
 		default:
-			panic("invalid NSLCD protocol data")
+			panic("Invalid structure for NSLCD protocol data")
 		}
 	}
 	panic("not reached")
@@ -71,7 +80,7 @@ func write(fd io.Writer, data interface{}) {
 
 func read(fd io.Reader, data interface{}) {
 	switch data := data.(type) {
-		// basic data types
+	// basic data types
 	case *[]byte:
 		_, err := fd.Read(*data)
 		if err != nil {
@@ -84,7 +93,7 @@ func read(fd io.Reader, data interface{}) {
 		}
 	case NslcdObjectPtr:
 		data.NslcdRead(fd)
-		// composite datatypes
+	// composite datatypes
 	case *string:
 		var len int32
 		read(fd, &len)
@@ -103,15 +112,17 @@ func read(fd io.Reader, data interface{}) {
 		read(fd, &af)
 		var _len int32
 		switch af {
-		case C.AF_INET: _len = net.IPv4len;
-		case C.AF_INET6: _len = net.IPv6len;
+		case C.AF_INET:
+			_len = net.IPv4len
+		case C.AF_INET6:
+			_len = net.IPv6len
 		default:
-			panic(NslcdError(fmt.Sprintf("incorrect address family specified: %d", af)));
+			panic(NslcdError(fmt.Sprintf("incorrect address family specified: %d", af)))
 		}
 		var len int32
 		read(fd, &len)
-		if (len != _len) {
-			panic(NslcdError(fmt.Sprintf("address length incorrect: %d", len)));
+		if len != _len {
+			panic(NslcdError(fmt.Sprintf("address length incorrect: %d", len)))
 		}
 		buf := make([]byte, len)
 		read(fd, &buf)
@@ -123,9 +134,6 @@ func read(fd io.Reader, data interface{}) {
 		for i := 0; i < int(num); i++ {
 			read(fd, &((*data)[i]))
 		}
-		// Entities
-	case Netgroup:
-		read(fd, &data.Name)
 	default:
 		v := reflect.ValueOf(data)
 		switch v.Kind() {
@@ -134,7 +142,7 @@ func read(fd io.Reader, data interface{}) {
 				read(fd, v.Field(i).Interface())
 			}
 		default:
-			panic("invalid NSLCD protocol data")
+			panic("Invalid structure for NSLCD protocol data")
 		}
 	}
 	panic("not reached")
diff --git a/src/nslcd_proto/nslcd_h.go b/src/nslcd_proto/nslcd_h.go
new file mode 100644
index 0000000..56c1316
--- /dev/null
+++ b/src/nslcd_proto/nslcd_h.go
@@ -0,0 +1,449 @@
+// This file is based heavily on nslcd.h from nss-pam-ldapd
+/*
+   nslcd.h - file describing client/server protocol
+
+   Copyright (C) 2006 West Consulting
+   Copyright (C) 2006, 2007, 2009, 2010, 2011, 2012, 2013 Arthur de Jong
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with this library; if not, write to the Free Software
+   Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+   02110-1301 USA
+*/
+
+package nslcd_proto
+
+import (
+	"fmt"
+	"io"
+	"net"
+)
+
+type void struct{}
+
+/*
+   The protocol used between the nslcd client and server is a simple binary
+   protocol. It is request/response based where the client initiates a
+   connection, does a single request and closes the connection again. Any
+   mangled or not understood messages will be silently ignored by the server.
+
+   A request looks like:
+     INT32  NSLCD_VERSION
+     INT32  NSLCD_ACTION_*
+     [request parameters if any]
+   A response looks like:
+     INT32  NSLCD_VERSION
+     INT32  NSLCD_ACTION_* (the original request type)
+     [result(s)]
+     INT32  NSLCD_RESULT_END
+   A single result entry looks like:
+	NSLCD_RESULT_BEGIN int32
+	[result value(s)]
+   If a response would return multiple values (e.g. for NSLCD_ACTION_*_ALL
+   functions) each return value will be preceded by a NSLCD_RESULT_BEGIN
+   value. After the last returned result the server sends
+   NSLCD_RESULT_END. If some error occurs (e.g. LDAP server unavailable,
+   error in the request, etc) the server terminates the connection to signal
+   an error condition (breaking the protocol).
+
+   These are the available basic data types:
+     INT32  - 32-bit integer value
+     TYPE   - a typed field that is transferred using sizeof()
+     STRING - a string length (32bit) followed by the string value (not
+              null-terminted) the string itself is assumed to be UTF-8
+     STRINGLIST - a 32-bit number noting the number of strings followed by
+                  the strings one at a time
+
+   Furthermore the ADDRESS compound data type is defined as:
+     INT32  type of address: e.g. AF_INET or AF_INET6
+     INT32  lenght of address
+     RAW    the address itself
+   With the ADDRESSLIST using the same construct as with STRINGLIST.
+
+   The protocol uses network byte order for all types.
+*/
+// These basic data types are implemented in `io.go`
+
+/* The current version of the protocol. This protocol should only be
+   updated with major backwards-incompatible changes. */
+const NSLCD_VERSION int32 = 0x00000002
+
+/* Get a NSLCD configuration option. There is one request parameter: */
+type Request_Config_Get struct {
+	Key int32
+}
+/* the result value is: */
+type Config struct {
+	Value string /* interpretation depending on request */
+}
+const NSLCD_ACTION_CONFIG_GET        int32 = 0x00010001
+
+const (
+	/* return the message, if any, that is presented to the user when password
+	   modification through PAM is prohibited */
+	NSLCD_CONFIG_PAM_PASSWORD_PROHIBIT_MESSAGE int32 = 1
+)
+
+/* Email alias (/etc/aliases) NSS requests. The result values for a
+   single entry are: */
+type Alias struct {
+	Name       string
+	Recipients []string
+}
+const NSLCD_ACTION_ALIAS_BYNAME      int32 = 0x00020001; type Request_Alias_ByName string
+const NSLCD_ACTION_ALIAS_ALL         int32 = 0x00020008; type Request_Alias_All    void
+
+/* Ethernet address/name mapping NSS requests. The result values for a
+   single entry are: */
+type Ether struct {
+	Name    string
+	Address [6]byte
+}
+const NSLCD_ACTION_ETHER_BYNAME      int32 = 0x00030001; type Request_Ether_ByName  string
+const NSLCD_ACTION_ETHER_BYETHER     int32 = 0x00030002; type Request_Ether_ByEther [6]byte
+const NSLCD_ACTION_ETHER_ALL         int32 = 0x00030008; type Request_Ether_All     void
+
+/* Group and group membership related NSS requests. The result values
+   for a single entry are: */
+type Group struct {
+	Name     string
+	Password string
+	ID       int32
+	Members  []string
+}
+/*   (note that the BYMEMER call returns an emtpy members list) */
+const NSLCD_ACTION_GROUP_BYNAME      int32 = 0x00040001; type Request_Group_ByName   string
+const NSLCD_ACTION_GROUP_BYGID       int32 = 0x00040002; type Request_Group_ByGid    int32
+const NSLCD_ACTION_GROUP_BYMEMBER    int32 = 0x00040006; type Request_Group_ByMember string
+const NSLCD_ACTION_GROUP_ALL         int32 = 0x00040008; type Request_Group_All      void
+
+/* Hostname (/etc/hosts) lookup NSS requests. The result values
+   for an entry are: */
+type Host struct {
+	Name      string
+	Aliases   []string
+	Addresses []net.IP
+}
+const NSLCD_ACTION_HOST_BYNAME       int32 = 0x00050001; type Request_Host_ByName string
+const NSLCD_ACTION_HOST_BYADDR       int32 = 0x00050002; type Request_Host_ByAddr net.IP
+const NSLCD_ACTION_HOST_ALL          int32 = 0x00050008; type Request_Host_All    void
+
+/* Netgroup NSS result entries contain a number of parts. A result entry
+   starts with:
+     STRING  netgroup name
+   followed by zero or more references to other netgroups or netgroup
+   triples. A reference to another netgroup looks like:
+     INT32   NSLCD_NETGROUP_TYPE_NETGROUP
+     STRING  other netgroup name
+   A a netgroup triple looks like:
+     INT32   NSLCD_NETGROUP_TYPE_TRIPLE
+     STRING  host
+     STRING  user
+     STRING  domain
+   A netgroup result entry is terminated by:
+     INT32   NSLCD_NETGROUP_TYPE_END
+   */
+type Netgroup_Netgroup struct {
+	Name string
+}
+type Netgroup_Triple struct {
+	Host string
+	User string
+	Domain string
+}
+type Netgroup_PartList []interface{}
+func (data Netgroup_PartList) NslcdWrite(fd io.Writer) {
+	for _, part := range data {
+		var t int32 = -1
+		switch part.(type) {
+		case Netgroup_Netgroup: t = NSLCD_NETGROUP_TYPE_NETGROUP
+		case Netgroup_Triple: t = NSLCD_NETGROUP_TYPE_TRIPLE
+		}
+		if t < 0 {
+			panic("unrecognized netgroup type")
+		}
+		write(fd, t)
+		write(fd, part)
+	}
+	write(fd, NSLCD_NETGROUP_TYPE_END)
+}
+func (data *Netgroup_PartList) NslcdRead(fd io.Reader) {
+	*data = make([]interface{}, 0)
+	for {
+		var t int32
+		var v interface{}
+		read(fd, &t)
+		switch t {
+		case NSLCD_NETGROUP_TYPE_NETGROUP:
+			v = Netgroup_Netgroup{}
+		case NSLCD_NETGROUP_TYPE_TRIPLE:
+			v = Netgroup_Triple{}
+		case NSLCD_NETGROUP_TYPE_END:
+			return
+		default:
+			panic(NslcdError(fmt.Sprintf("unrecognized netgroup type: %#08x", t)))
+		}
+		read(fd, &v)
+		*data = append(*data, v)
+	}
+}
+var _ NslcdObject = Netgroup_PartList{}
+var _ NslcdObjectPtr = &Netgroup_PartList{}
+type Netgroup struct {
+	Name string
+	Parts Netgroup_PartList
+}
+const NSLCD_ACTION_NETGROUP_BYNAME   int32 = 0x00060001; type Request_Netgroup_ByName string
+const NSLCD_ACTION_NETGROUP_ALL      int32 = 0x00060008; type Request_Netgroup_All    void
+const (
+	NSLCD_NETGROUP_TYPE_NETGROUP int32 = 1
+	NSLCD_NETGROUP_TYPE_TRIPLE   int32 = 2
+	NSLCD_NETGROUP_TYPE_END      int32 = 3
+)
+
+/* Network name (/etc/networks) NSS requests. Result values for a single
+   entry are: */
+type Network struct {
+	Name      string
+	Aliases   []string
+	Addresses []net.IP
+}
+const NSLCD_ACTION_NETWORK_BYNAME    int32 = 0x00070001; type Request_Network_ByName string
+const NSLCD_ACTION_NETWORK_BYADDR    int32 = 0x00070002; type Request_Network_ByAddr net.IP
+const NSLCD_ACTION_NETWORK_ALL       int32 = 0x00070008; type Request_Network_All    void
+
+/* User account (/etc/passwd) NSS requests. Result values are: */
+type Passwd struct {
+	Name     string
+	Password string
+	UID      int32
+	GID      int32
+	GECOS    string
+	HomeDir  string
+	Shell    string
+}
+const NSLCD_ACTION_PASSWD_BYNAME     int32 = 0x00080001; type Request_Passwd_ByName string
+const NSLCD_ACTION_PASSWD_BYUID      int32 = 0x00080002; type Request_Passwd_ByUID  int32
+const NSLCD_ACTION_PASSWD_ALL        int32 = 0x00080008; type Request_Passwd_All    void
+
+/* Protocol information requests. Result values are: */
+type Protocol struct {
+	Name    string
+	Aliases []string
+	Number  int32
+}
+const NSLCD_ACTION_PROTOCOL_BYNAME   int32 = 0x00090001; type Request_Protocol_ByName   string
+const NSLCD_ACTION_PROTOCOL_BYNUMBER int32 = 0x00090002; type Request_Protocol_ByNumber int32
+const NSLCD_ACTION_PROTOCOL_ALL      int32 = 0x00090008; type Request_Protocol_All      void
+
+/* RPC information requests. Result values are: */
+type RPC struct {
+	Name    string
+	Aliases []string
+	Number  int32
+}
+const NSLCD_ACTION_RPC_BYNAME        int32 = 0x000a0001; type Request_RPC_ByName   string
+const NSLCD_ACTION_RPC_BYNUMBER      int32 = 0x000a0002; type Request_RPC_ByNumber int32
+const NSLCD_ACTION_RPC_ALL           int32 = 0x000a0008; type Request_RPC_All      void
+
+/* Service (/etc/services) information requests. The BYNAME and BYNUMBER
+   requests contain an extra protocol string in the request which, if not
+   blank, will filter the services by this protocol. Result values are: */
+type Service struct {
+	Name       string
+	Aliases    []string
+	PortNumber int32
+	Protocol   string
+}
+const NSLCD_ACTION_SERVICE_BYNAME    int32 = 0x000b0001; type Request_Service_ByName   string
+const NSLCD_ACTION_SERVICE_BYNUMBER  int32 = 0x000b0002; type Request_Service_ByNumber int32
+const NSLCD_ACTION_SERVICE_ALL       int32 = 0x000b0008; type Request_Service_All      void
+
+/* Extended user account (/etc/shadow) information requests. Result
+   values for a single entry are: */
+type Shadow struct {
+	Name           string
+	Password       string
+	LastChangeDate int32
+	MinDays        int32
+	MaxDays        int32
+	WarnDays       int32
+	InactDays      int32
+	ExpireDate     int32
+	Flag           int32
+}
+const NSLCD_ACTION_SHADOW_BYNAME     int32 = 0x000c0001; type Request_Shadow_ByName string
+const NSLCD_ACTION_SHADOW_ALL        int32 = 0x000c0008; type Request_Shadow_All    void
+
+/* PAM-related requests. The request parameters for all these requests
+   begin with: */
+type PAM_Base struct {
+	UserName    string
+	ServiceName string
+	RUser       string
+	RHost       string
+	TTY         string
+}
+/* If the user is not known in LDAP no result may be returned (immediately
+   return NSLCD_RESULT_END instead of a PAM error code). */
+
+/* PAM authentication check request. The extra request values are: */
+type Request_PAM_Authentication struct {
+	Base PAM_Base
+	Password string
+}
+/* and the result value consists of: */
+type PAM_Authentication struct {
+	AuthenticationResult int32
+	UserName             string
+	AuthorizationResult  int32
+	AuthorizationError   string
+}
+/* If the username is empty in this request an attempt is made to
+   authenticate as the administrator (set using rootpwmoddn).
+   Some authorisation checks are already done during authentication so the
+   response also includes authorisation information. */
+const NSLCD_ACTION_PAM_AUTHENTICATION int32 = 0x000d0001
+
+/* PAM authorisation check request. The result value consists of: */
+type PAM_Authorization struct {
+	Result int32
+	Error string
+}
+/* The authentication check may have already returned some authorisation
+   information. The authorisation error message, if supplied, will be used
+   by the PAM module instead of a message that is generated by the PAM
+   module itself. */
+const NSLCD_ACTION_PAM_AUTHORIZATION int32 = 0x000d0002; type Request_PAM_Authorization void
+
+/* PAM session open request. The result value consists of: */
+type PAM_SessionOpen struct {
+	SessionID string
+}
+/* This session id may be used to close this session with. */
+const NSLCD_ACTION_PAM_SESSIONOPEN   int32 = 0x000d0003; type Request_PAM_SessionOpen void
+
+/* PAM session close request. This request has the following
+   extra request value: */
+type Request_PAM_SessionClose struct {
+	SessionID string
+}
+/* and this calls only returns an empty response value. */
+type PAM_SessionClose void
+const NSLCD_ACTION_PAM_SESSIONCLOSE  int32 = 0x000d0004
+
+/* PAM password modification request. This requests has the following extra
+   request values: */
+type Request_PAM_PwMod struct {
+	AsRoot      int32 /* 0=oldpasswd is user passwd, 1=oldpasswd is root passwd */
+	OldPassword string
+	NewPassword string
+}
+/* and returns the result values: */
+type PAM_PwMod struct {
+	Result int32
+	Error  string
+}
+const NSLCD_ACTION_PAM_PWMOD         int32 = 0x000d0005
+
+/* User information change request. This request allows one to change
+   their full name and other information. The request parameters for this
+   request are:
+     STRING  user name
+     INT32   asroot: 0=passwd is user passwd, 1=passwd is root passwd
+     STRING  password
+   followed by one or more of the below, terminated by NSLCD_USERMOD_END
+     INT32   NSLCD_USERMOD_*
+     STRING  new value
+   the response consists of one or more of the entries below, terminated
+   by NSLCD_USERMOD_END:
+     INT32   NSLCD_USERMOD_*
+     STRING  response
+   (if the response is blank, the change went OK, otherwise the string
+   contains an error message)
+   */
+type UserMod_Item struct {
+	Key   int32
+	Value string
+}
+type UserMod_ItemList []UserMod_Item
+func (data UserMod_ItemList) NslcdWrite(fd io.Writer) {
+	for _, item := range data {
+		write(fd, item)
+	}
+	write(fd, NSLCD_USERMOD_END)
+}
+func (data *UserMod_ItemList) NslcdRead(fd io.Reader) {
+	*data = make([]UserMod_Item, 0)
+	for {
+		var t int32
+		read(fd, &t)
+		if t == NSLCD_USERMOD_END {
+			return
+		}
+		var v UserMod_Item
+		read(fd, &v)
+		*data = append(*data, v)
+	}
+}
+var _ NslcdObject = UserMod_ItemList{}
+var _ NslcdObjectPtr = &UserMod_ItemList{}
+type Request_UserMod struct {
+	UserName string
+	AsRoot   int32
+	Password string
+	Items    UserMod_ItemList
+}
+type UserMod struct {
+	Items []UserMod_Item
+}
+const NSLCD_ACTION_USERMOD           int32 = 0x000e0001
+
+/* These are the possible values for the NSLCD_ACTION_USERMOD operation
+   above. */
+const (
+	NSLCD_USERMOD_END        int32 = 0 /* end of change values */
+	NSLCD_USERMOD_RESULT     int32 = 1 /* global result value */
+	NSLCD_USERMOD_FULLNAME   int32 = 2 /* full name */
+	NSLCD_USERMOD_ROOMNUMBER int32 = 3 /* room number */
+	NSLCD_USERMOD_WORKPHONE  int32 = 4 /* office phone number */
+	NSLCD_USERMOD_HOMEPHONE  int32 = 5 /* home phone number */
+	NSLCD_USERMOD_OTHER      int32 = 6 /* other info */
+	NSLCD_USERMOD_HOMEDIR    int32 = 7 /* home directory */
+	NSLCD_USERMOD_SHELL      int32 = 8 /* login shell */
+)
+
+/* Request result codes. */
+const (
+	NSLCD_RESULT_BEGIN int32 = 1
+	NSLCD_RESULT_END   int32 = 2
+)
+
+/* Partial list of PAM result codes. */
+const (
+	NSLCD_PAM_SUCCESS               int32 =  0 /* everything ok */
+	NSLCD_PAM_PERM_DENIED           int32 =  6 /* Permission denied */
+	NSLCD_PAM_AUTH_ERR              int32 =  7 /* Authc failure */
+	NSLCD_PAM_CRED_INSUFFICIENT     int32 =  8 /* Cannot access authc data */
+	NSLCD_PAM_AUTHINFO_UNAVAIL      int32 =  9 /* Cannot retrieve authc info */
+	NSLCD_PAM_USER_UNKNOWN          int32 = 10 /* User not known */
+	NSLCD_PAM_MAXTRIES              int32 = 11 /* Retry limit reached */
+	NSLCD_PAM_NEW_AUTHTOK_REQD      int32 = 12 /* Password expired */
+	NSLCD_PAM_ACCT_EXPIRED          int32 = 13 /* Account expired */
+	NSLCD_PAM_SESSION_ERR           int32 = 14 /* Cannot make/remove session record */
+	NSLCD_PAM_AUTHTOK_ERR           int32 = 20 /* Authentication token manipulation error */
+	NSLCD_PAM_AUTHTOK_DISABLE_AGING int32 = 23 /* Password aging disabled */
+	NSLCD_PAM_IGNORE                int32 = 25 /* Ignore module */
+	NSLCD_PAM_ABORT                 int32 = 26 /* Fatal error */
+	NSLCD_PAM_AUTHTOK_EXPIRED       int32 = 27 /* authentication token has expired */
+)
diff --git a/src/nslcd_proto/struct_backend.go.sh b/src/nslcd_proto/struct_backend.go.sh
new file mode 100755
index 0000000..792ae84
--- /dev/null
+++ b/src/nslcd_proto/struct_backend.go.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+requests=$1
+cat <<EOF | gofmt
+package nslcd_proto
+
+type Backend interface {
+	$(sed -rn 's/([^_]+)(.*)/\1\2(Request_\1\2) \1_Enumerator/p' "$requests" | grep -v PAM)
+	$(sed -rn 's/(PAM)(.*)/\1\2(Request_\1\2) \1\2_Enumerator/p' "$requests")
+}
+EOF
diff --git a/src/nslcd-proto/util.go b/src/nslcd_proto/util.go
index ec74df2..38c5705 100644
--- a/src/nslcd-proto/util.go
+++ b/src/nslcd_proto/util.go
@@ -3,17 +3,11 @@ package nslcd_proto
 import "io"
 
 type NslcdError string
+
 func (o NslcdError) Error() string {
 	return string(o)
 }
 
-type NslcdObject interface {
-	NslcdWrite(fd io.Writer)
-}
-type NslcdObjectPtr interface {
-	NslcdRead(fd io.Reader)
-}
-
 func Write(fd io.Writer, data interface{}) (err error) {
 	err = nil
 	defer func() {
@@ -42,6 +36,27 @@ func Read(fd io.Reader, data interface{}) (err error) {
 			}
 		}
 	}()
-	read(fd, data);
+	read(fd, data)
 	return
 }
+
+func HandleRequest(in io.Reader, out io.Writer, backend Backend) (err error) {
+	err = nil
+	defer func() {
+		if r := recover(); r != nil {
+			switch r := r.(type) {
+			case error:
+				err = r
+			default:
+				panic(r)
+			}
+		}
+	}()
+	handleRequest(in, out, backend)
+	return
+}
+
+// Initialize() error { func
+//         e := c.SetReadDeadline(...)
+//         e := c.SetWriteDeadline(...)
+// }
diff --git a/src/sd-daemon/listen_fds.go b/src/sd_daemon/listen_fds.go
index c90d373..45ef699 100644
--- a/src/sd-daemon/listen_fds.go
+++ b/src/sd_daemon/listen_fds.go
@@ -14,7 +14,7 @@
 // limitations under the License.
 
 // Package activation implements primitives for systemd socket activation.
-package listen
+package sd_daemon
 
 import (
 	"os"
diff --git a/src/sd-daemon/logger/logger.go b/src/sd_daemon/logger/logger.go
index cfabe9f..6c09604 100644
--- a/src/sd-daemon/logger/logger.go
+++ b/src/sd_daemon/logger/logger.go
@@ -1,13 +1,16 @@
 package logger
 
-import ("fmt"; "os")
+import (
+	"fmt"
+	"os"
+)
 
 //#include <systemd/sd-daemon.h>
 import "C"
 
 func log(level string, format string, a ...interface{}) {
-        f := level + format + "\n";
-        fmt.Fprintf(os.Stderr, f, a);
+        f := level + format + "\n"
+        fmt.Fprintf(os.Stderr, f, a)
 }
                 
 /* system is unusable               */ func Emerg(  format string, a ...interface{}) { log(C.SD_EMERG  , format, a); }