summaryrefslogtreecommitdiff
path: root/source3/libads
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2010-07-02 00:32:52 +0200
committerGünther Deschner <gd@samba.org>2010-08-05 00:32:02 +0200
commite7a6a3ec0da01666c8e0c9772007ce7146df9d75 (patch)
treef1348f256cea7f8a4f898ed1df14b531e7fda52b /source3/libads
parent385adcce732e3a0788ce935fbc76363feb9ff22f (diff)
downloadsamba-e7a6a3ec0da01666c8e0c9772007ce7146df9d75.tar.gz
samba-e7a6a3ec0da01666c8e0c9772007ce7146df9d75.tar.bz2
samba-e7a6a3ec0da01666c8e0c9772007ce7146df9d75.zip
s3: avoid global include of ads.h.
Guenther
Diffstat (limited to 'source3/libads')
-rw-r--r--source3/libads/ads_proto.h171
-rw-r--r--source3/libads/ads_struct.c1
-rw-r--r--source3/libads/ads_utils.c1
-rw-r--r--source3/libads/authdata.c1
-rw-r--r--source3/libads/disp_sec.c1
-rw-r--r--source3/libads/kerberos.c53
-rw-r--r--source3/libads/kerberos_keytab.c1
-rw-r--r--source3/libads/kerberos_proto.h67
-rw-r--r--source3/libads/kerberos_util.c107
-rw-r--r--source3/libads/kerberos_verify.c1
-rw-r--r--source3/libads/krb5_setpw.c31
-rw-r--r--source3/libads/ldap.c1
-rw-r--r--source3/libads/ldap_printer.c1
-rw-r--r--source3/libads/ldap_schema.c1
-rw-r--r--source3/libads/ldap_user.c1
-rw-r--r--source3/libads/ldap_utils.c1
-rw-r--r--source3/libads/ndr.c1
-rw-r--r--source3/libads/sasl.c2
-rw-r--r--source3/libads/sasl_wrapping.c1
-rw-r--r--source3/libads/util.c1
20 files changed, 363 insertions, 82 deletions
diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h
new file mode 100644
index 0000000000..aedd23f1c5
--- /dev/null
+++ b/source3/libads/ads_proto.h
@@ -0,0 +1,171 @@
+/* The following definitions come from libads/ads_struct.c */
+
+char *ads_build_path(const char *realm, const char *sep, const char *field, int reverse);
+char *ads_build_dn(const char *realm);
+char *ads_build_domain(const char *dn);
+ADS_STRUCT *ads_init(const char *realm,
+ const char *workgroup,
+ const char *ldap_server);
+bool ads_set_sasl_wrap_flags(ADS_STRUCT *ads, int flags);
+void ads_destroy(ADS_STRUCT **ads);
+
+const char *ads_get_ldap_server_name(ADS_STRUCT *ads);
+
+/* The following definitions come from libads/disp_sec.c */
+
+void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct security_descriptor *sd);
+
+/* The following definitions come from libads/kerberos_keytab.c */
+
+int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc);
+int ads_keytab_flush(ADS_STRUCT *ads);
+int ads_keytab_create_default(ADS_STRUCT *ads);
+int ads_keytab_list(const char *keytab_name);
+
+/* The following definitions come from libads/krb5_errs.c */
+
+/* The following definitions come from libads/kerberos_util.c */
+
+ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
+ const char *machine_account,
+ const char *password);
+int ads_kinit_password(ADS_STRUCT *ads);
+
+/* The following definitions come from libads/ldap.c */
+
+bool ads_sitename_match(ADS_STRUCT *ads);
+bool ads_closest_dc(ADS_STRUCT *ads);
+ADS_STATUS ads_connect(ADS_STRUCT *ads);
+ADS_STATUS ads_connect_user_creds(ADS_STRUCT *ads);
+ADS_STATUS ads_connect_gc(ADS_STRUCT *ads);
+void ads_disconnect(ADS_STRUCT *ads);
+ADS_STATUS ads_do_search_all_fn(ADS_STRUCT *ads, const char *bind_path,
+ int scope, const char *expr, const char **attrs,
+ bool (*fn)(ADS_STRUCT *, char *, void **, void *),
+ void *data_area);
+char *ads_parent_dn(const char *dn);
+ADS_MODLIST ads_init_mods(TALLOC_CTX *ctx);
+ADS_STATUS ads_mod_str(TALLOC_CTX *ctx, ADS_MODLIST *mods,
+ const char *name, const char *val);
+ADS_STATUS ads_mod_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods,
+ const char *name, const char **vals);
+ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods);
+ADS_STATUS ads_gen_add(ADS_STRUCT *ads, const char *new_dn, ADS_MODLIST mods);
+ADS_STATUS ads_del_dn(ADS_STRUCT *ads, char *del_dn);
+char *ads_ou_string(ADS_STRUCT *ads, const char *org_unit);
+char *ads_default_ou_string(ADS_STRUCT *ads, const char *wknguid);
+ADS_STATUS ads_add_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods,
+ const char *name, const char **vals);
+uint32 ads_get_kvno(ADS_STRUCT *ads, const char *account_name);
+uint32_t ads_get_machine_kvno(ADS_STRUCT *ads, const char *machine_name);
+ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machine_name);
+ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_name,
+ const char *my_fqdn, const char *spn);
+ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name,
+ const char *org_unit);
+ADS_STATUS ads_move_machine_acct(ADS_STRUCT *ads, const char *machine_name,
+ const char *org_unit, bool *moved);
+int ads_count_replies(ADS_STRUCT *ads, void *res);
+ADS_STATUS ads_USN(ADS_STRUCT *ads, uint32 *usn);
+ADS_STATUS ads_current_time(ADS_STRUCT *ads);
+ADS_STATUS ads_domain_func_level(ADS_STRUCT *ads, uint32 *val);
+ADS_STATUS ads_domain_sid(ADS_STRUCT *ads, struct dom_sid *sid);
+ADS_STATUS ads_site_dn(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char **site_name);
+ADS_STATUS ads_site_dn_for_machine(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char *computer_name, const char **site_dn);
+ADS_STATUS ads_upn_suffixes(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, char ***suffixes, size_t *num_suffixes);
+ADS_STATUS ads_get_joinable_ous(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ char ***ous,
+ size_t *num_ous);
+ADS_STATUS ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx,
+ const char *extended_dn,
+ enum ads_extended_dn_flags flags,
+ struct dom_sid *sid);
+char* ads_get_dnshostname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
+char* ads_get_upn( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
+char* ads_get_samaccountname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
+ADS_STATUS ads_join_realm(ADS_STRUCT *ads, const char *machine_name,
+ uint32 account_type, const char *org_unit);
+ADS_STATUS ads_leave_realm(ADS_STRUCT *ads, const char *hostname);
+ADS_STATUS ads_find_samaccount(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ const char *samaccountname,
+ uint32 *uac_ret,
+ const char **dn_ret);
+ADS_STATUS ads_config_path(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ char **config_path);
+const char *ads_get_extended_right_name_by_guid(ADS_STRUCT *ads,
+ const char *config_path,
+ TALLOC_CTX *mem_ctx,
+ const struct GUID *rights_guid);
+ADS_STATUS ads_check_ou_dn(TALLOC_CTX *mem_ctx,
+ ADS_STRUCT *ads,
+ const char **account_ou);
+
+/* The following definitions come from libads/ldap_printer.c */
+
+ADS_STATUS ads_mod_printer_entry(ADS_STRUCT *ads, char *prt_dn,
+ TALLOC_CTX *ctx, const ADS_MODLIST *mods);
+ADS_STATUS ads_add_printer_entry(ADS_STRUCT *ads, char *prt_dn,
+ TALLOC_CTX *ctx, ADS_MODLIST *mods);
+WERROR get_remote_printer_publishing_data(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ ADS_MODLIST *mods,
+ const char *printer);
+
+/* The following definitions come from libads/ldap_user.c */
+
+ADS_STATUS ads_add_user_acct(ADS_STRUCT *ads, const char *user,
+ const char *container, const char *fullname);
+ADS_STATUS ads_add_group_acct(ADS_STRUCT *ads, const char *group,
+ const char *container, const char *comment);
+
+/* The following definitions come from libads/ldap_utils.c */
+
+ADS_STATUS ads_ranged_search(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ int scope,
+ const char *base,
+ const char *filter,
+ void *args,
+ const char *range_attr,
+ char ***strings,
+ size_t *num_strings);
+ADS_STATUS ads_ranged_search_internal(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ int scope,
+ const char *base,
+ const char *filter,
+ const char **attrs,
+ void *args,
+ const char *range_attr,
+ char ***strings,
+ size_t *num_strings,
+ uint32 *first_usn,
+ int *num_retries,
+ bool *more_values);
+
+/* The following definitions come from libads/ndr.c */
+
+void ndr_print_ads_auth_flags(struct ndr_print *ndr, const char *name, uint32_t r);
+void ndr_print_ads_struct(struct ndr_print *ndr, const char *name, const struct ads_struct *r);
+
+/* The following definitions come from libads/sasl.c */
+
+ADS_STATUS ads_sasl_bind(ADS_STRUCT *ads);
+
+/* The following definitions come from libads/sasl_wrapping.c */
+
+ADS_STATUS ads_setup_sasl_wrapping(ADS_STRUCT *ads,
+ const struct ads_saslwrap_ops *ops,
+ void *private_data);
+ADS_STATUS ads_setup_sasl_wrapping(ADS_STRUCT *ads,
+ const struct ads_saslwrap_ops *ops,
+ void *private_data);
+
+/* The following definitions come from libads/util.c */
+
+ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_principal);
+ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads,
+ char **returned_principal);
diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c
index e01a36cbae..7794952387 100644
--- a/source3/libads/ads_struct.c
+++ b/source3/libads/ads_struct.c
@@ -19,6 +19,7 @@
*/
#include "includes.h"
+#include "ads.h"
/* return a ldap dn path from a string, given separators and field name
caller must free
diff --git a/source3/libads/ads_utils.c b/source3/libads/ads_utils.c
index 213242c223..ec3efa8550 100644
--- a/source3/libads/ads_utils.c
+++ b/source3/libads/ads_utils.c
@@ -20,6 +20,7 @@
*/
#include "includes.h"
+#include "ads.h"
const char *ads_get_ldap_server_name(ADS_STRUCT *ads)
{
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index 00062f4457..3c529dbe7a 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -25,6 +25,7 @@
#include "includes.h"
#include "librpc/gen_ndr/ndr_krb5pac.h"
#include "smb_krb5.h"
+#include "libads/kerberos_proto.h"
#ifdef HAVE_KRB5
diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c
index d05b5085f0..05ac216bbe 100644
--- a/source3/libads/disp_sec.c
+++ b/source3/libads/disp_sec.c
@@ -18,6 +18,7 @@
*/
#include "includes.h"
+#include "ads.h"
#include "libads/ldap_schema.h"
/* for ADS */
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index f34b9cad09..c48944ae6f 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -24,6 +24,7 @@
#include "includes.h"
#include "smb_krb5.h"
#include "../librpc/gen_ndr/ndr_misc.h"
+#include "libads/kerberos_proto.h"
#ifdef HAVE_KRB5
@@ -284,58 +285,6 @@ int kerberos_kinit_password_ext(const char *principal,
return code;
}
-
-
-/* run kinit to setup our ccache */
-int ads_kinit_password(ADS_STRUCT *ads)
-{
- char *s;
- int ret;
- const char *account_name;
- fstring acct_name;
-
- if (ads->auth.flags & ADS_AUTH_USER_CREDS) {
- account_name = ads->auth.user_name;
- goto got_accountname;
- }
-
- if ( IS_DC ) {
- /* this will end up getting a ticket for DOMAIN@RUSTED.REA.LM */
- account_name = lp_workgroup();
- } else {
- /* always use the sAMAccountName for security = domain */
- /* global_myname()$@REA.LM */
- if ( lp_security() == SEC_DOMAIN ) {
- fstr_sprintf( acct_name, "%s$", global_myname() );
- account_name = acct_name;
- }
- else
- /* This looks like host/global_myname()@REA.LM */
- account_name = ads->auth.user_name;
- }
-
- got_accountname:
- if (asprintf(&s, "%s@%s", account_name, ads->auth.realm) == -1) {
- return KRB5_CC_NOMEM;
- }
-
- if (!ads->auth.password) {
- SAFE_FREE(s);
- return KRB5_LIBOS_CANTREADPWD;
- }
-
- ret = kerberos_kinit_password_ext(s, ads->auth.password, ads->auth.time_offset,
- &ads->auth.tgt_expire, NULL, NULL, False, False, ads->auth.renewable,
- NULL);
-
- if (ret) {
- DEBUG(0,("kerberos_kinit_password %s failed: %s\n",
- s, error_message(ret)));
- }
- SAFE_FREE(s);
- return ret;
-}
-
int ads_kdestroy(const char *cc_name)
{
krb5_error_code code;
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index fa2a1261a2..33b065f654 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -27,6 +27,7 @@
#include "includes.h"
#include "smb_krb5.h"
+#include "ads.h"
#ifdef HAVE_KRB5
diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h
new file mode 100644
index 0000000000..7be81fa9a5
--- /dev/null
+++ b/source3/libads/kerberos_proto.h
@@ -0,0 +1,67 @@
+/* The following definitions come from libads/kerberos_verify.c */
+
+NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
+ const char *realm,
+ time_t time_offset,
+ const DATA_BLOB *ticket,
+ char **principal,
+ struct PAC_LOGON_INFO **logon_info,
+ DATA_BLOB *ap_rep,
+ DATA_BLOB *session_key,
+ bool use_replay_cache);
+
+/* The following definitions come from libads/kerberos.c */
+
+int kerberos_kinit_password_ext(const char *principal,
+ const char *password,
+ int time_offset,
+ time_t *expire_time,
+ time_t *renew_till_time,
+ const char *cache_name,
+ bool request_pac,
+ bool add_netbios_addr,
+ time_t renewable_time,
+ NTSTATUS *ntstatus);
+int ads_kdestroy(const char *cc_name);
+char* kerberos_standard_des_salt( void );
+bool kerberos_secrets_store_des_salt( const char* salt );
+char* kerberos_secrets_fetch_des_salt( void );
+char *kerberos_get_default_realm_from_ccache( void );
+char *kerberos_get_realm_from_hostname(const char *hostname);
+
+bool kerberos_secrets_store_salting_principal(const char *service,
+ int enctype,
+ const char *principal);
+int kerberos_kinit_password(const char *principal,
+ const char *password,
+ int time_offset,
+ const char *cache_name);
+bool create_local_private_krb5_conf_for_domain(const char *realm,
+ const char *domain,
+ const char *sitename,
+ struct sockaddr_storage *pss,
+ const char *kdc_name);
+
+/* The following definitions come from libads/authdata.c */
+
+NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
+ const char *name,
+ const char *pass,
+ time_t time_offset,
+ time_t *expire_time,
+ time_t *renew_till_time,
+ const char *cache_name,
+ bool request_pac,
+ bool add_netbios_addr,
+ time_t renewable_time,
+ const char *impersonate_princ_s,
+ struct PAC_LOGON_INFO **logon_info);
+
+/* The following definitions come from libads/krb5_setpw.c */
+
+ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
+ const char *newpw, int time_offset);
+ADS_STATUS kerberos_set_password(const char *kpasswd_server,
+ const char *auth_principal, const char *auth_password,
+ const char *target_principal, const char *new_password,
+ int time_offset);
diff --git a/source3/libads/kerberos_util.c b/source3/libads/kerberos_util.c
new file mode 100644
index 0000000000..4762e1b914
--- /dev/null
+++ b/source3/libads/kerberos_util.c
@@ -0,0 +1,107 @@
+/*
+ Unix SMB/CIFS implementation.
+ krb5 set password implementation
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Remus Koos 2001 (remuskoos@yahoo.com)
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "smb_krb5.h"
+#include "ads.h"
+
+#ifdef HAVE_KRB5
+
+/**
+ * Set the machine account password
+ * @param ads connection to ads server
+ * @param hostname machine whose password is being set
+ * @param password new password
+ * @return status of password change
+ **/
+ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
+ const char *machine_account,
+ const char *password)
+{
+ ADS_STATUS status;
+ char *principal = NULL;
+
+ /*
+ we need to use the '$' form of the name here (the machine account name),
+ as otherwise the server might end up setting the password for a user
+ instead
+ */
+ if (asprintf(&principal, "%s@%s", machine_account, ads->config.realm) < 0) {
+ return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ }
+
+ status = ads_krb5_set_password(ads->auth.kdc_server, principal,
+ password, ads->auth.time_offset);
+
+ SAFE_FREE(principal);
+ return status;
+}
+
+/* run kinit to setup our ccache */
+int ads_kinit_password(ADS_STRUCT *ads)
+{
+ char *s;
+ int ret;
+ const char *account_name;
+ fstring acct_name;
+
+ if (ads->auth.flags & ADS_AUTH_USER_CREDS) {
+ account_name = ads->auth.user_name;
+ goto got_accountname;
+ }
+
+ if ( IS_DC ) {
+ /* this will end up getting a ticket for DOMAIN@RUSTED.REA.LM */
+ account_name = lp_workgroup();
+ } else {
+ /* always use the sAMAccountName for security = domain */
+ /* global_myname()$@REA.LM */
+ if ( lp_security() == SEC_DOMAIN ) {
+ fstr_sprintf( acct_name, "%s$", global_myname() );
+ account_name = acct_name;
+ }
+ else
+ /* This looks like host/global_myname()@REA.LM */
+ account_name = ads->auth.user_name;
+ }
+
+ got_accountname:
+ if (asprintf(&s, "%s@%s", account_name, ads->auth.realm) == -1) {
+ return KRB5_CC_NOMEM;
+ }
+
+ if (!ads->auth.password) {
+ SAFE_FREE(s);
+ return KRB5_LIBOS_CANTREADPWD;
+ }
+
+ ret = kerberos_kinit_password_ext(s, ads->auth.password, ads->auth.time_offset,
+ &ads->auth.tgt_expire, NULL, NULL, False, False, ads->auth.renewable,
+ NULL);
+
+ if (ret) {
+ DEBUG(0,("kerberos_kinit_password %s failed: %s\n",
+ s, error_message(ret)));
+ }
+ SAFE_FREE(s);
+ return ret;
+}
+
+#endif
diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c
index 2047f0e3b9..f8a6602194 100644
--- a/source3/libads/kerberos_verify.c
+++ b/source3/libads/kerberos_verify.c
@@ -25,6 +25,7 @@
#include "includes.h"
#include "smb_krb5.h"
+#include "libads/kerberos_proto.h"
#ifdef HAVE_KRB5
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index ec5cafc49d..1c04d896de 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -20,6 +20,7 @@
#include "includes.h"
#include "smb_krb5.h"
+#include "libads/kerberos_proto.h"
#ifdef HAVE_KRB5
@@ -806,34 +807,4 @@ ADS_STATUS kerberos_set_password(const char *kpasswd_server,
new_password, time_offset);
}
-
-/**
- * Set the machine account password
- * @param ads connection to ads server
- * @param hostname machine whose password is being set
- * @param password new password
- * @return status of password change
- **/
-ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
- const char *machine_account,
- const char *password)
-{
- ADS_STATUS status;
- char *principal = NULL;
-
- /*
- we need to use the '$' form of the name here (the machine account name),
- as otherwise the server might end up setting the password for a user
- instead
- */
- if (asprintf(&principal, "%s@%s", machine_account, ads->config.realm) < 0) {
- return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- }
-
- status = ads_krb5_set_password(ads->auth.kdc_server, principal,
- password, ads->auth.time_offset);
-
- SAFE_FREE(principal);
- return status;
-}
#endif
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 5adbd6d039..77ab51ee26 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -22,6 +22,7 @@
*/
#include "includes.h"
+#include "ads.h"
#include "libads/sitename_cache.h"
#include "libads/cldap.h"
#include "libads/dns.h"
diff --git a/source3/libads/ldap_printer.c b/source3/libads/ldap_printer.c
index fff50cfe8b..e4a7d34cf1 100644
--- a/source3/libads/ldap_printer.c
+++ b/source3/libads/ldap_printer.c
@@ -18,6 +18,7 @@
*/
#include "includes.h"
+#include "ads.h"
#include "../librpc/gen_ndr/cli_spoolss.h"
#include "rpc_client/cli_spoolss.h"
#include "registry.h"
diff --git a/source3/libads/ldap_schema.c b/source3/libads/ldap_schema.c
index c739286abb..80ec45c73c 100644
--- a/source3/libads/ldap_schema.c
+++ b/source3/libads/ldap_schema.c
@@ -19,6 +19,7 @@
*/
#include "includes.h"
+#include "ads.h"
#include "libads/ldap_schema.h"
#ifdef HAVE_LDAP
diff --git a/source3/libads/ldap_user.c b/source3/libads/ldap_user.c
index ffd20f9bd2..55421009a7 100644
--- a/source3/libads/ldap_user.c
+++ b/source3/libads/ldap_user.c
@@ -18,6 +18,7 @@
*/
#include "includes.h"
+#include "ads.h"
#include "../libds/common/flags.h"
#ifdef HAVE_ADS
diff --git a/source3/libads/ldap_utils.c b/source3/libads/ldap_utils.c
index f9106caed1..c0c1adba30 100644
--- a/source3/libads/ldap_utils.c
+++ b/source3/libads/ldap_utils.c
@@ -21,6 +21,7 @@
*/
#include "includes.h"
+#include "ads.h"
#ifdef HAVE_LDAP
/*
diff --git a/source3/libads/ndr.c b/source3/libads/ndr.c
index 397aa2ca60..843ae3b615 100644
--- a/source3/libads/ndr.c
+++ b/source3/libads/ndr.c
@@ -20,6 +20,7 @@
*/
#include "includes.h"
+#include "ads.h"
#include "../librpc/gen_ndr/ndr_netlogon.h"
void ndr_print_ads_auth_flags(struct ndr_print *ndr, const char *name, uint32_t r)
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index f4a0ac627e..7ad4c9a868 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -20,6 +20,8 @@
#include "includes.h"
#include "../libcli/auth/spnego.h"
#include "../libcli/auth/ntlmssp.h"
+#include "ads.h"
+#include "smb_krb5.h"
#ifdef HAVE_LDAP
diff --git a/source3/libads/sasl_wrapping.c b/source3/libads/sasl_wrapping.c
index 2bfa079235..d7353ac79c 100644
--- a/source3/libads/sasl_wrapping.c
+++ b/source3/libads/sasl_wrapping.c
@@ -18,6 +18,7 @@
*/
#include "includes.h"
+#include "ads.h"
#ifdef HAVE_LDAP_SASL_WRAPPING
diff --git a/source3/libads/util.c b/source3/libads/util.c
index 9dcb906a37..f028c75cfe 100644
--- a/source3/libads/util.c
+++ b/source3/libads/util.c
@@ -18,6 +18,7 @@
*/
#include "includes.h"
+#include "ads.h"
#ifdef HAVE_KRB5