Install public header files again and include required prototypes.

(This used to be commit 47ffbbf67435904754469544390b67d34c958343)

5 files changed, 170 insertions, 58 deletions

diff --git a/source4/auth/credentials/credentials.c b/source4/auth/credentials/credentials.c
index 6d5c1210c9..89dddc9e05 100644
--- a/source4/auth/credentials/credentials.c
+++ b/source4/auth/credentials/credentials.c
@@ -33,7 +33,7 @@
  * Create a new credentials structure
  * @param mem_ctx TALLOC_CTX parent for credentials structure 
  */
-struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx) 
+_PUBLIC_ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx) 
 {
 	struct cli_credentials *cred = talloc(mem_ctx, struct cli_credentials);
 	if (!cred) {
@@ -77,7 +77,7 @@ struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx)
  * Create a new anonymous credential
  * @param mem_ctx TALLOC_CTX parent for credentials structure 
  */
-struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx)
+_PUBLIC_ struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx)
 {
 	struct cli_credentials *anon_credentials;
 
@@ -87,23 +87,23 @@ struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx)
 	return anon_credentials;
 }
 
-void cli_credentials_set_kerberos_state(struct cli_credentials *creds, 
+_PUBLIC_ void cli_credentials_set_kerberos_state(struct cli_credentials *creds, 
 					enum credentials_use_kerberos use_kerberos)
 {
 	creds->use_kerberos = use_kerberos;
 }
 
-enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds)
+_PUBLIC_ enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds)
 {
 	return creds->use_kerberos;
 }
 
-void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features)
+_PUBLIC_ void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features)
 {
 	creds->gensec_features = gensec_features;
 }
 
-uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds)
+_PUBLIC_ uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds)
 {
 	return creds->gensec_features;
 }
@@ -115,7 +115,7 @@ uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds)
  * @retval The username set on this context.
  * @note Return value will never be NULL except by programmer error.
  */
-const char *cli_credentials_get_username(struct cli_credentials *cred)
+_PUBLIC_ const char *cli_credentials_get_username(struct cli_credentials *cred)
 {
 	if (cred->machine_account_pending) {
 		cli_credentials_set_machine_account(cred, 
@@ -134,7 +134,7 @@ const char *cli_credentials_get_username(struct cli_credentials *cred)
 	return cred->username;
 }
 
-bool cli_credentials_set_username(struct cli_credentials *cred, 
+_PUBLIC_ bool cli_credentials_set_username(struct cli_credentials *cred, 
 				  const char *val, enum credentials_obtained obtained)
 {
 	if (obtained >= cred->username_obtained) {
@@ -159,7 +159,7 @@ bool cli_credentials_set_username_callback(struct cli_credentials *cred,
 	return false;
 }
 
-bool cli_credentials_set_bind_dn(struct cli_credentials *cred, 
+_PUBLIC_ bool cli_credentials_set_bind_dn(struct cli_credentials *cred, 
 				 const char *bind_dn)
 {
 	cred->bind_dn = talloc_strdup(cred, bind_dn);
@@ -172,7 +172,7 @@ bool cli_credentials_set_bind_dn(struct cli_credentials *cred,
  * @retval The username set on this context.
  * @note Return value will be NULL if not specified explictly
  */
-const char *cli_credentials_get_bind_dn(struct cli_credentials *cred)
+_PUBLIC_ const char *cli_credentials_get_bind_dn(struct cli_credentials *cred)
 {
 	return cred->bind_dn;
 }
@@ -184,7 +184,7 @@ const char *cli_credentials_get_bind_dn(struct cli_credentials *cred)
  * @retval The username set on this context.
  * @note Return value will never be NULL except by programmer error.
  */
-const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx)
+_PUBLIC_ const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx)
 {
 	if (cred->machine_account_pending) {
 		cli_credentials_set_machine_account(cred,
@@ -246,7 +246,7 @@ bool cli_credentials_set_principal_callback(struct cli_credentials *cred,
  * function to determine if authentication has been explicitly
  * requested */
 
-bool cli_credentials_authentication_requested(struct cli_credentials *cred) 
+_PUBLIC_ bool cli_credentials_authentication_requested(struct cli_credentials *cred) 
 {
 	if (cred->bind_dn) {
 		return true;
@@ -275,7 +275,7 @@ bool cli_credentials_authentication_requested(struct cli_credentials *cred)
  * @param cred credentials context
  * @retval If set, the cleartext password, otherwise NULL
  */
-const char *cli_credentials_get_password(struct cli_credentials *cred)
+_PUBLIC_ const char *cli_credentials_get_password(struct cli_credentials *cred)
 {
 	if (cred->machine_account_pending) {
 		cli_credentials_set_machine_account(cred,
@@ -297,7 +297,7 @@ const char *cli_credentials_get_password(struct cli_credentials *cred)
 /* Set a password on the credentials context, including an indication
  * of 'how' the password was obtained */
 
-bool cli_credentials_set_password(struct cli_credentials *cred, 
+_PUBLIC_ bool cli_credentials_set_password(struct cli_credentials *cred, 
 				  const char *val, 
 				  enum credentials_obtained obtained)
 {
@@ -313,7 +313,7 @@ bool cli_credentials_set_password(struct cli_credentials *cred,
 	return false;
 }
 
-bool cli_credentials_set_password_callback(struct cli_credentials *cred,
+_PUBLIC_ bool cli_credentials_set_password_callback(struct cli_credentials *cred,
 					   const char *(*password_cb) (struct cli_credentials *))
 {
 	if (cred->password_obtained < CRED_CALLBACK) {
@@ -358,7 +358,7 @@ bool cli_credentials_set_old_password(struct cli_credentials *cred,
  * @param cred credentials context
  * @retval If set, the cleartext password, otherwise NULL
  */
-const struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred, 
+_PUBLIC_ const struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred, 
 							TALLOC_CTX *mem_ctx)
 {
 	const char *password = cli_credentials_get_password(cred);
@@ -377,7 +377,7 @@ const struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *
 	}
 }
 
-bool cli_credentials_set_nt_hash(struct cli_credentials *cred,
+_PUBLIC_ bool cli_credentials_set_nt_hash(struct cli_credentials *cred,
 				 const struct samr_Password *nt_hash, 
 				 enum credentials_obtained obtained)
 {
@@ -401,7 +401,7 @@ bool cli_credentials_set_nt_hash(struct cli_credentials *cred,
  * @retval The domain set on this context. 
  * @note Return value will never be NULL except by programmer error.
  */
-const char *cli_credentials_get_domain(struct cli_credentials *cred)
+_PUBLIC_ const char *cli_credentials_get_domain(struct cli_credentials *cred)
 {
 	if (cred->machine_account_pending) {
 		cli_credentials_set_machine_account(cred,
@@ -421,7 +421,7 @@ const char *cli_credentials_get_domain(struct cli_credentials *cred)
 }
 
 
-bool cli_credentials_set_domain(struct cli_credentials *cred, 
+_PUBLIC_ bool cli_credentials_set_domain(struct cli_credentials *cred, 
 				const char *val, 
 				enum credentials_obtained obtained)
 {
@@ -456,7 +456,7 @@ bool cli_credentials_set_domain_callback(struct cli_credentials *cred,
  * @retval The realm set on this context. 
  * @note Return value will never be NULL except by programmer error.
  */
-const char *cli_credentials_get_realm(struct cli_credentials *cred)
+_PUBLIC_ const char *cli_credentials_get_realm(struct cli_credentials *cred)
 {	
 	if (cred->machine_account_pending) {
 		cli_credentials_set_machine_account(cred,
@@ -479,7 +479,7 @@ const char *cli_credentials_get_realm(struct cli_credentials *cred)
  * Set the realm for this credentials context, and force it to
  * uppercase for the sainity of our local kerberos libraries 
  */
-bool cli_credentials_set_realm(struct cli_credentials *cred, 
+_PUBLIC_ bool cli_credentials_set_realm(struct cli_credentials *cred, 
 			       const char *val, 
 			       enum credentials_obtained obtained)
 {
@@ -512,7 +512,7 @@ bool cli_credentials_set_realm_callback(struct cli_credentials *cred,
  * @retval The workstation name set on this context. 
  * @note Return value will never be NULL except by programmer error.
  */
-const char *cli_credentials_get_workstation(struct cli_credentials *cred)
+_PUBLIC_ const char *cli_credentials_get_workstation(struct cli_credentials *cred)
 {
 	if (cred->workstation_obtained == CRED_CALLBACK && 
 	    !cred->callback_running) {
@@ -525,7 +525,7 @@ const char *cli_credentials_get_workstation(struct cli_credentials *cred)
 	return cred->workstation;
 }
 
-bool cli_credentials_set_workstation(struct cli_credentials *cred, 
+_PUBLIC_ bool cli_credentials_set_workstation(struct cli_credentials *cred, 
 				     const char *val, 
 				     enum credentials_obtained obtained)
 {
@@ -560,7 +560,7 @@ bool cli_credentials_set_workstation_callback(struct cli_credentials *cred,
  * @param obtained This enum describes how 'specified' this password is
  */
 
-void cli_credentials_parse_string(struct cli_credentials *credentials, const char *data, enum credentials_obtained obtained)
+_PUBLIC_ void cli_credentials_parse_string(struct cli_credentials *credentials, const char *data, enum credentials_obtained obtained)
 {
 	char *uname, *p;
 
@@ -597,7 +597,7 @@ void cli_credentials_parse_string(struct cli_credentials *credentials, const cha
  * @param mem_ctx The memory context to place the result on
  */
 
-const char *cli_credentials_get_unparsed_name(struct cli_credentials *credentials, TALLOC_CTX *mem_ctx)
+_PUBLIC_ const char *cli_credentials_get_unparsed_name(struct cli_credentials *credentials, TALLOC_CTX *mem_ctx)
 {
 	const char *bind_dn = cli_credentials_get_bind_dn(credentials);
 	const char *domain;
@@ -625,7 +625,7 @@ const char *cli_credentials_get_unparsed_name(struct cli_credentials *credential
  *
  * @param cred Credentials structure to fill in
  */
-void cli_credentials_set_conf(struct cli_credentials *cred, 
+_PUBLIC_ void cli_credentials_set_conf(struct cli_credentials *cred, 
 			      struct loadparm_context *lp_ctx)
 {
 	cli_credentials_set_username(cred, "", CRED_UNINITIALISED);
@@ -640,7 +640,7 @@ void cli_credentials_set_conf(struct cli_credentials *cred,
  * 
  * @param cred Credentials structure to fill in
  */
-void cli_credentials_guess(struct cli_credentials *cred,
+_PUBLIC_ void cli_credentials_guess(struct cli_credentials *cred,
 			   struct loadparm_context *lp_ctx)
 {
 	char *p;
@@ -683,7 +683,7 @@ void cli_credentials_guess(struct cli_credentials *cred,
  * Attach NETLOGON credentials for use with SCHANNEL
  */
 
-void cli_credentials_set_netlogon_creds(struct cli_credentials *cred, 
+_PUBLIC_ void cli_credentials_set_netlogon_creds(struct cli_credentials *cred, 
 					struct creds_CredentialState *netlogon_creds)
 {
 	cred->netlogon_creds = talloc_reference(cred, netlogon_creds);
@@ -702,7 +702,7 @@ struct creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_cred
  * Set NETLOGON secure channel type
  */
 
-void cli_credentials_set_secure_channel_type(struct cli_credentials *cred,
+_PUBLIC_ void cli_credentials_set_secure_channel_type(struct cli_credentials *cred,
 					     enum netr_SchannelType secure_channel_type)
 {
 	cred->secure_channel_type = secure_channel_type;
@@ -712,7 +712,7 @@ void cli_credentials_set_secure_channel_type(struct cli_credentials *cred,
  * Return NETLOGON secure chanel type
  */
 
-enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_credentials *cred)
+_PUBLIC_ enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_credentials *cred)
 {
 	return cred->secure_channel_type;
 }
@@ -720,7 +720,7 @@ enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_creden
 /**
  * Fill in a credentials structure as the anonymous user
  */
-void cli_credentials_set_anonymous(struct cli_credentials *cred) 
+_PUBLIC_ void cli_credentials_set_anonymous(struct cli_credentials *cred) 
 {
 	cli_credentials_set_username(cred, "", CRED_SPECIFIED);
 	cli_credentials_set_domain(cred, "", CRED_SPECIFIED);
@@ -734,7 +734,7 @@ void cli_credentials_set_anonymous(struct cli_credentials *cred)
  * @retval true if anonymous, false if a username is specified
  */
 
-bool cli_credentials_is_anonymous(struct cli_credentials *cred)
+_PUBLIC_ bool cli_credentials_is_anonymous(struct cli_credentials *cred)
 {
 	const char *username;
 	
@@ -763,7 +763,7 @@ bool cli_credentials_is_anonymous(struct cli_credentials *cred)
  *
  * @retval whether the credentials struct is finished
  */
-bool cli_credentials_wrong_password(struct cli_credentials *cred)
+_PUBLIC_ bool cli_credentials_wrong_password(struct cli_credentials *cred)
 {
 	if (cred->password_obtained != CRED_CALLBACK_RESULT) {
 		return false;
@@ -779,7 +779,7 @@ bool cli_credentials_wrong_password(struct cli_credentials *cred)
 /*
   set the common event context for this set of credentials
  */
-void cli_credentials_set_event_context(struct cli_credentials *cred, struct event_context *ev)
+_PUBLIC_ void cli_credentials_set_event_context(struct cli_credentials *cred, struct event_context *ev)
 {
 	cred->ev = ev;
 }
@@ -787,7 +787,7 @@ void cli_credentials_set_event_context(struct cli_credentials *cred, struct even
 /*
   set the common event context for this set of credentials
  */
-struct event_context *cli_credentials_get_event_context(struct cli_credentials *cred)
+_PUBLIC_ struct event_context *cli_credentials_get_event_context(struct cli_credentials *cred)
 {
 	if (cred->ev == NULL) {
 		cred->ev = event_context_find(cred);
diff --git a/source4/auth/credentials/credentials.h b/source4/auth/credentials/credentials.h
index 1b205c61ce..afcb300638 100644
--- a/source4/auth/credentials/credentials.h
+++ b/source4/auth/credentials/credentials.h
@@ -132,6 +132,117 @@ struct ccache_container;
 
 struct gssapi_creds_container;
 
-#include "auth/credentials/credentials_proto.h"
+const char *cli_credentials_get_workstation(struct cli_credentials *cred);
+bool cli_credentials_set_workstation(struct cli_credentials *cred, 
+				     const char *val, 
+				     enum credentials_obtained obtained);
+bool cli_credentials_is_anonymous(struct cli_credentials *cred);
+struct cli_credentials *cli_credentials_init(TALLOC_CTX *mem_ctx);
+void cli_credentials_set_anonymous(struct cli_credentials *cred);
+bool cli_credentials_wrong_password(struct cli_credentials *cred);
+const char *cli_credentials_get_password(struct cli_credentials *cred);
+void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, 
+					      const char **username, 
+					      const char **domain);
+NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, 
+					   int *flags,
+					   DATA_BLOB challenge, DATA_BLOB target_info, 
+					   DATA_BLOB *_lm_response, DATA_BLOB *_nt_response, 
+					   DATA_BLOB *_lm_session_key, DATA_BLOB *_session_key);
+const char *cli_credentials_get_realm(struct cli_credentials *cred);
+const char *cli_credentials_get_username(struct cli_credentials *cred);
+int cli_credentials_get_krb5_context(struct cli_credentials *cred, 
+				     struct loadparm_context *lp_ctx,
+				     struct smb_krb5_context **smb_krb5_context);
+int cli_credentials_get_ccache(struct cli_credentials *cred, 
+			       struct loadparm_context *lp_ctx,
+			       struct ccache_container **ccc);
+int cli_credentials_get_keytab(struct cli_credentials *cred, 
+			       struct loadparm_context *lp_ctx,
+			       struct keytab_container **_ktc);
+const char *cli_credentials_get_domain(struct cli_credentials *cred);
+struct creds_CredentialState *cli_credentials_get_netlogon_creds(struct cli_credentials *cred);
+void cli_credentials_set_machine_account_pending(struct cli_credentials *cred,
+						 struct loadparm_context *lp_ctx);
+void cli_credentials_set_conf(struct cli_credentials *cred, 
+			      struct loadparm_context *lp_ctx);
+const char *cli_credentials_get_principal(struct cli_credentials *cred, TALLOC_CTX *mem_ctx);
+int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, 
+					 struct loadparm_context *lp_ctx,
+					 struct gssapi_creds_container **_gcc);
+int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, 
+					 struct loadparm_context *lp_ctx,
+					 struct gssapi_creds_container **_gcc);
+void cli_credentials_set_event_context(struct cli_credentials *cred, struct event_context *ev);
+void cli_credentials_set_kerberos_state(struct cli_credentials *creds, 
+					enum credentials_use_kerberos use_kerberos);
+struct event_context *cli_credentials_get_event_context(struct cli_credentials *cred);
+bool cli_credentials_set_domain(struct cli_credentials *cred, 
+				const char *val, 
+				enum credentials_obtained obtained);
+bool cli_credentials_set_username(struct cli_credentials *cred, 
+				  const char *val, enum credentials_obtained obtained);
+bool cli_credentials_set_password(struct cli_credentials *cred, 
+				  const char *val, 
+				  enum credentials_obtained obtained);
+struct cli_credentials *cli_credentials_init_anon(TALLOC_CTX *mem_ctx);
+void cli_credentials_parse_string(struct cli_credentials *credentials, const char *data, enum credentials_obtained obtained);
+const struct samr_Password *cli_credentials_get_nt_hash(struct cli_credentials *cred, 
+							TALLOC_CTX *mem_ctx);
+bool cli_credentials_set_realm(struct cli_credentials *cred, 
+			       const char *val, 
+			       enum credentials_obtained obtained);
+void cli_credentials_set_secure_channel_type(struct cli_credentials *cred,
+				     enum netr_SchannelType secure_channel_type);
+void cli_credentials_set_netlogon_creds(struct cli_credentials *cred, 
+					struct creds_CredentialState *netlogon_creds);
+NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred, 
+					  struct smb_krb5_context *smb_krb5_context);
+NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
+					      struct loadparm_context *lp_ctx,
+					      const char *serviceprincipal);
+NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred,
+					     struct loadparm_context *lp_ctx);
+bool cli_credentials_authentication_requested(struct cli_credentials *cred);
+void cli_credentials_guess(struct cli_credentials *cred,
+			   struct loadparm_context *lp_ctx);
+bool cli_credentials_set_bind_dn(struct cli_credentials *cred, 
+				 const char *bind_dn);
+const char *cli_credentials_get_bind_dn(struct cli_credentials *cred);
+bool cli_credentials_parse_file(struct cli_credentials *cred, const char *file, enum credentials_obtained obtained);
+const char *cli_credentials_get_unparsed_name(struct cli_credentials *credentials, TALLOC_CTX *mem_ctx);
+bool cli_credentials_set_password_callback(struct cli_credentials *cred,
+					   const char *(*password_cb) (struct cli_credentials *));
+enum netr_SchannelType cli_credentials_get_secure_channel_type(struct cli_credentials *cred);
+void cli_credentials_set_kvno(struct cli_credentials *cred,
+			      int kvno);
+bool cli_credentials_set_nt_hash(struct cli_credentials *cred,
+				 const struct samr_Password *nt_hash, 
+				 enum credentials_obtained obtained);
+int cli_credentials_set_keytab_name(struct cli_credentials *cred, 
+				    struct loadparm_context *lp_ctx,
+				    const char *keytab_name, 
+				    enum credentials_obtained obtained);
+int cli_credentials_update_keytab(struct cli_credentials *cred, 
+				  struct loadparm_context *lp_ctx);
+void cli_credentials_set_gensec_features(struct cli_credentials *creds, uint32_t gensec_features);
+uint32_t cli_credentials_get_gensec_features(struct cli_credentials *creds);
+int cli_credentials_set_ccache(struct cli_credentials *cred, 
+			       struct loadparm_context *lp_ctx,
+			       const char *name, 
+			       enum credentials_obtained obtained);
+bool cli_credentials_parse_password_file(struct cli_credentials *credentials, const char *file, enum credentials_obtained obtained);
+bool cli_credentials_parse_password_fd(struct cli_credentials *credentials, 
+				       int fd, enum credentials_obtained obtained);
+void cli_credentials_invalidate_ccache(struct cli_credentials *cred, 
+				       enum credentials_obtained obtained);
+void cli_credentials_set_salt_principal(struct cli_credentials *cred, const char *principal);
+enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds);
+NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, 
+				     struct loadparm_context *lp_ctx,
+				     struct ldb_context *ldb,
+				     const char *base,
+				     const char *filter);
+ int cli_credentials_get_kvno(struct cli_credentials *cred);
 
 #endif /* __CREDENTIALS_H__ */
diff --git a/source4/auth/credentials/credentials_files.c b/source4/auth/credentials/credentials_files.c
index c1001c9622..8bcbc65575 100644
--- a/source4/auth/credentials/credentials_files.c
+++ b/source4/auth/credentials/credentials_files.c
@@ -39,7 +39,7 @@
  * @param obtained This enum describes how 'specified' this password is
  */
 
-bool cli_credentials_parse_password_fd(struct cli_credentials *credentials, 
+_PUBLIC_ bool cli_credentials_parse_password_fd(struct cli_credentials *credentials, 
 				       int fd, enum credentials_obtained obtained)
 {
 	char *p;
@@ -83,7 +83,7 @@ bool cli_credentials_parse_password_fd(struct cli_credentials *credentials,
  * @param obtained This enum describes how 'specified' this password is
  */
 
-bool cli_credentials_parse_password_file(struct cli_credentials *credentials, const char *file, enum credentials_obtained obtained)
+_PUBLIC_ bool cli_credentials_parse_password_file(struct cli_credentials *credentials, const char *file, enum credentials_obtained obtained)
 {
 	int fd = open(file, O_RDONLY, 0);
 	bool ret;
@@ -109,7 +109,7 @@ bool cli_credentials_parse_password_file(struct cli_credentials *credentials, co
  * @param obtained This enum describes how 'specified' this password is
  */
 
-bool cli_credentials_parse_file(struct cli_credentials *cred, const char *file, enum credentials_obtained obtained) 
+_PUBLIC_ bool cli_credentials_parse_file(struct cli_credentials *cred, const char *file, enum credentials_obtained obtained) 
 {
 	uint16_t len = 0;
 	char *ptr, *val, *param;
@@ -168,7 +168,7 @@ bool cli_credentials_parse_file(struct cli_credentials *cred, const char *file,
  * @param cred Credentials structure to fill in
  * @retval NTSTATUS error detailing any failure
  */
-NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, 
+_PUBLIC_ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred, 
 				     struct loadparm_context *lp_ctx,
 				     struct ldb_context *ldb,
 				     const char *base,
@@ -326,7 +326,7 @@ NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
  * @param cred Credentials structure to fill in
  * @retval NTSTATUS error detailing any failure
  */
-NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred,
+_PUBLIC_ NTSTATUS cli_credentials_set_machine_account(struct cli_credentials *cred,
 					     struct loadparm_context *lp_ctx)
 {
 	char *filter;
@@ -369,7 +369,7 @@ NTSTATUS cli_credentials_set_krbtgt(struct cli_credentials *cred,
  * @param cred Credentials structure to fill in
  * @retval NTSTATUS error detailing any failure
  */
-NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
+_PUBLIC_ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
 					      struct loadparm_context *lp_ctx,
 					      const char *serviceprincipal)
 {
@@ -395,7 +395,7 @@ NTSTATUS cli_credentials_set_stored_principal(struct cli_credentials *cred,
  *       than during, popt processing.
  *
  */
-void cli_credentials_set_machine_account_pending(struct cli_credentials *cred,
+_PUBLIC_ void cli_credentials_set_machine_account_pending(struct cli_credentials *cred,
 						 struct loadparm_context *lp_ctx)
 {
 	cred->machine_account_pending = true;
diff --git a/source4/auth/credentials/credentials_krb5.c b/source4/auth/credentials/credentials_krb5.c
index 52bf9f124f..cd9285b09d 100644
--- a/source4/auth/credentials/credentials_krb5.c
+++ b/source4/auth/credentials/credentials_krb5.c
@@ -25,10 +25,11 @@
 #include "system/kerberos.h"
 #include "auth/kerberos/kerberos.h"
 #include "auth/credentials/credentials.h"
+#include "auth/credentials/credentials_proto.h"
 #include "auth/credentials/credentials_krb5.h"
 #include "param/param.h"
 
-int cli_credentials_get_krb5_context(struct cli_credentials *cred, 
+_PUBLIC_ int cli_credentials_get_krb5_context(struct cli_credentials *cred, 
 				     struct loadparm_context *lp_ctx,
 				     struct smb_krb5_context **smb_krb5_context) 
 {
@@ -52,7 +53,7 @@ int cli_credentials_get_krb5_context(struct cli_credentials *cred,
  * otherwise we might have problems with the krb5 context already
  * being here.
  */
-NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred, 
+_PUBLIC_ NTSTATUS cli_credentials_set_krb5_context(struct cli_credentials *cred, 
 					  struct smb_krb5_context *smb_krb5_context)
 {
 	if (!talloc_reference(cred, smb_krb5_context)) {
@@ -126,7 +127,7 @@ static int free_dccache(struct ccache_container *ccc) {
 	return 0;
 }
 
-int cli_credentials_set_ccache(struct cli_credentials *cred, 
+_PUBLIC_ int cli_credentials_set_ccache(struct cli_credentials *cred, 
 			       struct loadparm_context *lp_ctx,
 			       const char *name, 
 			       enum credentials_obtained obtained)
@@ -251,7 +252,7 @@ static int cli_credentials_new_ccache(struct cli_credentials *cred,
 	return ret;
 }
 
-int cli_credentials_get_ccache(struct cli_credentials *cred, 
+_PUBLIC_ int cli_credentials_get_ccache(struct cli_credentials *cred, 
 			       struct loadparm_context *lp_ctx,
 			       struct ccache_container **ccc)
 {
@@ -315,7 +316,7 @@ void cli_credentials_invalidate_client_gss_creds(struct cli_credentials *cred,
 	}
 }
 
-void cli_credentials_invalidate_ccache(struct cli_credentials *cred, 
+_PUBLIC_ void cli_credentials_invalidate_ccache(struct cli_credentials *cred, 
 				       enum credentials_obtained obtained)
 {
 	/* If the caller just changed the username/password etc, then
@@ -346,7 +347,7 @@ static int free_gssapi_creds(struct gssapi_creds_container *gcc)
 	return 0;
 }
 
-int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, 
+_PUBLIC_ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred, 
 					 struct loadparm_context *lp_ctx,
 					 struct gssapi_creds_container **_gcc) 
 {
@@ -454,7 +455,7 @@ int cli_credentials_get_client_gss_creds(struct cli_credentials *cred,
  * attached to this context.  If this hasn't been done or set before,
  * it will be generated from the password.
  */
-int cli_credentials_get_keytab(struct cli_credentials *cred, 
+_PUBLIC_ int cli_credentials_get_keytab(struct cli_credentials *cred, 
 			       struct loadparm_context *lp_ctx,
 			       struct keytab_container **_ktc)
 {
@@ -508,7 +509,7 @@ int cli_credentials_get_keytab(struct cli_credentials *cred,
 /* Given the name of a keytab (presumably in the format
  * FILE:/etc/krb5.keytab), open it and attach it */
 
-int cli_credentials_set_keytab_name(struct cli_credentials *cred, 
+_PUBLIC_ int cli_credentials_set_keytab_name(struct cli_credentials *cred, 
 				    struct loadparm_context *lp_ctx,
 				    const char *keytab_name, 
 				    enum credentials_obtained obtained) 
@@ -547,7 +548,7 @@ int cli_credentials_set_keytab_name(struct cli_credentials *cred,
 	return ret;
 }
 
-int cli_credentials_update_keytab(struct cli_credentials *cred, 
+_PUBLIC_ int cli_credentials_update_keytab(struct cli_credentials *cred, 
 				  struct loadparm_context *lp_ctx) 
 {
 	krb5_error_code ret;
@@ -583,7 +584,7 @@ int cli_credentials_update_keytab(struct cli_credentials *cred,
 
 /* Get server gss credentials (in gsskrb5, this means the keytab) */
 
-int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, 
+_PUBLIC_ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred, 
 					 struct loadparm_context *lp_ctx,
 					 struct gssapi_creds_container **_gcc) 
 {
@@ -657,7 +658,7 @@ int cli_credentials_get_server_gss_creds(struct cli_credentials *cred,
  * Set Kerberos KVNO
  */
 
-void cli_credentials_set_kvno(struct cli_credentials *cred,
+_PUBLIC_ void cli_credentials_set_kvno(struct cli_credentials *cred,
 			      int kvno)
 {
 	cred->kvno = kvno;
@@ -667,7 +668,7 @@ void cli_credentials_set_kvno(struct cli_credentials *cred,
  * Return Kerberos KVNO
  */
 
-int cli_credentials_get_kvno(struct cli_credentials *cred)
+_PUBLIC_ int cli_credentials_get_kvno(struct cli_credentials *cred)
 {
 	return cred->kvno;
 }
@@ -693,7 +694,7 @@ const char *cli_credentials_get_salt_principal(struct cli_credentials *cred)
 	return cred->salt_principal;
 }
 
-void cli_credentials_set_salt_principal(struct cli_credentials *cred, const char *principal) 
+_PUBLIC_ void cli_credentials_set_salt_principal(struct cli_credentials *cred, const char *principal) 
 {
 	cred->salt_principal = talloc_strdup(cred, principal);
 }
diff --git a/source4/auth/credentials/credentials_ntlm.c b/source4/auth/credentials/credentials_ntlm.c
index 04f1d312e6..b88f2018df 100644
--- a/source4/auth/credentials/credentials_ntlm.c
+++ b/source4/auth/credentials/credentials_ntlm.c
@@ -27,7 +27,7 @@
 #include "libcli/auth/libcli_auth.h"
 #include "auth/credentials/credentials.h"
 
-void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, 
+_PUBLIC_ void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, 
 					      const char **username, 
 					      const char **domain) 
 {
@@ -40,7 +40,7 @@ void cli_credentials_get_ntlm_username_domain(struct cli_credentials *cred, TALL
 	}
 }
 
-NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, 
+_PUBLIC_ NTSTATUS cli_credentials_get_ntlm_response(struct cli_credentials *cred, TALLOC_CTX *mem_ctx, 
 					   int *flags,
 					   DATA_BLOB challenge, DATA_BLOB target_info, 
 					   DATA_BLOB *_lm_response, DATA_BLOB *_nt_response,