summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--libgpo/gpo.h1
-rw-r--r--source3/Makefile.in4
-rw-r--r--source3/include/ads.h8
-rw-r--r--source3/include/includes.h5
-rw-r--r--source3/include/proto.h238
-rw-r--r--source3/include/smb_krb5.h2
-rw-r--r--source3/include/smbldap.h6
-rw-r--r--source3/lib/netapi/joindomain.c2
-rw-r--r--source3/lib/smbldap.c4
-rw-r--r--source3/libads/ads_proto.h171
-rw-r--r--source3/libads/ads_struct.c1
-rw-r--r--source3/libads/ads_utils.c1
-rw-r--r--source3/libads/authdata.c1
-rw-r--r--source3/libads/disp_sec.c1
-rw-r--r--source3/libads/kerberos.c53
-rw-r--r--source3/libads/kerberos_keytab.c1
-rw-r--r--source3/libads/kerberos_proto.h67
-rw-r--r--source3/libads/kerberos_util.c107
-rw-r--r--source3/libads/kerberos_verify.c1
-rw-r--r--source3/libads/krb5_setpw.c31
-rw-r--r--source3/libads/ldap.c1
-rw-r--r--source3/libads/ldap_printer.c1
-rw-r--r--source3/libads/ldap_schema.c1
-rw-r--r--source3/libads/ldap_user.c1
-rw-r--r--source3/libads/ldap_utils.c1
-rw-r--r--source3/libads/ndr.c1
-rw-r--r--source3/libads/sasl.c2
-rw-r--r--source3/libads/sasl_wrapping.c1
-rw-r--r--source3/libads/util.c1
-rw-r--r--source3/libnet/libnet_join.c1
-rw-r--r--source3/libsmb/cliconnect.c1
-rw-r--r--source3/libsmb/namequery_dc.c1
-rw-r--r--source3/param/loadparm.c2
-rw-r--r--source3/smbd/sesssetup.c1
-rw-r--r--source3/smbd/smb2_sesssetup.c1
-rw-r--r--source3/utils/net_ads.c2
-rw-r--r--source3/utils/net_ads_gpo.c1
-rw-r--r--source3/utils/net_proto.h6
-rw-r--r--source3/utils/ntlm_auth.c1
-rw-r--r--source3/winbindd/idmap_ad.c1
-rw-r--r--source3/winbindd/idmap_adex/cell_util.c1
-rw-r--r--source3/winbindd/idmap_adex/domain_util.c1
-rw-r--r--source3/winbindd/idmap_adex/gc_util.c1
-rw-r--r--source3/winbindd/idmap_adex/idmap_adex.c1
-rw-r--r--source3/winbindd/idmap_adex/likewise_cell.c1
-rw-r--r--source3/winbindd/idmap_adex/provider_unified.c1
-rw-r--r--source3/winbindd/idmap_hash/idmap_hash.c1
-rw-r--r--source3/winbindd/nss_info.c1
-rw-r--r--source3/winbindd/nss_info_template.c1
-rw-r--r--source3/winbindd/winbindd_ads.c1
-rw-r--r--source3/winbindd/winbindd_cache.c1
-rw-r--r--source3/winbindd/winbindd_cm.c1
-rw-r--r--source3/winbindd/winbindd_cred_cache.c1
-rw-r--r--source3/winbindd/winbindd_pam.c1
-rw-r--r--source3/winbindd/winbindd_proto.h3
-rw-r--r--source3/wscript_build4
56 files changed, 416 insertions, 338 deletions
diff --git a/libgpo/gpo.h b/libgpo/gpo.h
index 6e71e3cff7..ba9e0b7962 100644
--- a/libgpo/gpo.h
+++ b/libgpo/gpo.h
@@ -24,6 +24,7 @@
#include "source4/libgpo/ads_convenience.h"
#else
struct loadparm_context;
+#include "ads.h"
#endif
enum GPO_LINK_TYPE {
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 128ff8c4b6..af26549eb4 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -456,7 +456,9 @@ LIBGPO_OBJ = $(LIBGPO_OBJ0)
LIBADS_OBJ = libads/ldap.o libads/ldap_printer.o \
libads/sasl.o libads/sasl_wrapping.o \
- libads/krb5_setpw.o libads/ldap_user.o \
+ libads/krb5_setpw.o \
+ libads/kerberos_util.o \
+ libads/ldap_user.o \
libads/ads_struct.o libads/kerberos_keytab.o \
libads/disp_sec.o libads/ads_utils.o libads/ldap_utils.o \
libads/ldap_schema.o libads/util.o libads/ndr.o
diff --git a/source3/include/ads.h b/source3/include/ads.h
index 0637cc8ad4..b45d53de07 100644
--- a/source3/include/ads.h
+++ b/source3/include/ads.h
@@ -148,6 +148,12 @@ typedef struct {
int critical;
} ads_control;
-#define ADS_IGNORE_PRINCIPAL "not_defined_in_RFC4178@please_ignore"
+#include "libads/ads_proto.h"
+
+#ifdef HAVE_LDAP
+#include "libads/ads_ldap_protos.h"
+#endif
+
+#include "libads/kerberos_proto.h"
#endif /* _INCLUDE_ADS_H_ */
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 2573585f6e..35686e9f31 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -628,7 +628,6 @@ extern void *cmdline_lp_ctx;
#include "krb5_env.h"
#include "libads/ads_status.h"
-#include "ads.h"
#include "interfaces.h"
#include "trans2.h"
#include "../libcli/util/error.h"
@@ -736,10 +735,6 @@ enum flush_reason_enum {
#include "modules/vfs_irixacl.h"
#endif
-#ifdef HAVE_LDAP
-#include "libads/ads_ldap_protos.h"
-#endif
-
/* We need this after proto.h to reference GetTimeOfDay(). */
#include "smbprofile.h"
diff --git a/source3/include/proto.h b/source3/include/proto.h
index f9684ad16e..9fd91b4724 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1727,244 +1727,6 @@ void wins_srv_tags_free(char **list);
struct in_addr wins_srv_ip_tag(const char *tag, struct in_addr src_ip);
unsigned wins_srv_count_tag(const char *tag);
-/* The following definitions come from libads/ads_struct.c */
-
-char *ads_build_path(const char *realm, const char *sep, const char *field, int reverse);
-char *ads_build_dn(const char *realm);
-char *ads_build_domain(const char *dn);
-ADS_STRUCT *ads_init(const char *realm,
- const char *workgroup,
- const char *ldap_server);
-bool ads_set_sasl_wrap_flags(ADS_STRUCT *ads, int flags);
-void ads_destroy(ADS_STRUCT **ads);
-
-const char *ads_get_ldap_server_name(ADS_STRUCT *ads);
-
-/* The following definitions come from libads/authdata.c */
-
-NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
- const char *name,
- const char *pass,
- time_t time_offset,
- time_t *expire_time,
- time_t *renew_till_time,
- const char *cache_name,
- bool request_pac,
- bool add_netbios_addr,
- time_t renewable_time,
- const char *impersonate_princ_s,
- struct PAC_LOGON_INFO **logon_info);
-
-/* The following definitions come from libads/disp_sec.c */
-
-void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct security_descriptor *sd);
-
-/* The following definitions come from libads/kerberos.c */
-
-int kerberos_kinit_password_ext(const char *principal,
- const char *password,
- int time_offset,
- time_t *expire_time,
- time_t *renew_till_time,
- const char *cache_name,
- bool request_pac,
- bool add_netbios_addr,
- time_t renewable_time,
- NTSTATUS *ntstatus);
-int ads_kinit_password(ADS_STRUCT *ads);
-int ads_kdestroy(const char *cc_name);
-char* kerberos_standard_des_salt( void );
-bool kerberos_secrets_store_des_salt( const char* salt );
-char* kerberos_secrets_fetch_des_salt( void );
-char *kerberos_get_default_realm_from_ccache( void );
-char *kerberos_get_realm_from_hostname(const char *hostname);
-
-bool kerberos_secrets_store_salting_principal(const char *service,
- int enctype,
- const char *principal);
-int kerberos_kinit_password(const char *principal,
- const char *password,
- int time_offset,
- const char *cache_name);
-bool create_local_private_krb5_conf_for_domain(const char *realm,
- const char *domain,
- const char *sitename,
- struct sockaddr_storage *pss,
- const char *kdc_name);
-
-/* The following definitions come from libads/kerberos_keytab.c */
-
-int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc);
-int ads_keytab_flush(ADS_STRUCT *ads);
-int ads_keytab_create_default(ADS_STRUCT *ads);
-int ads_keytab_list(const char *keytab_name);
-
-/* The following definitions come from libads/kerberos_verify.c */
-
-NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
- const char *realm,
- time_t time_offset,
- const DATA_BLOB *ticket,
- char **principal,
- struct PAC_LOGON_INFO **logon_info,
- DATA_BLOB *ap_rep,
- DATA_BLOB *session_key,
- bool use_replay_cache);
-
-/* The following definitions come from libads/krb5_errs.c */
-
-
-/* The following definitions come from libads/krb5_setpw.c */
-
-ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
- const char *newpw, int time_offset);
-ADS_STATUS kerberos_set_password(const char *kpasswd_server,
- const char *auth_principal, const char *auth_password,
- const char *target_principal, const char *new_password,
- int time_offset);
-ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
- const char *machine_account,
- const char *password);
-
-/* The following definitions come from libads/ldap.c */
-
-bool ads_sitename_match(ADS_STRUCT *ads);
-bool ads_closest_dc(ADS_STRUCT *ads);
-ADS_STATUS ads_connect(ADS_STRUCT *ads);
-ADS_STATUS ads_connect_user_creds(ADS_STRUCT *ads);
-ADS_STATUS ads_connect_gc(ADS_STRUCT *ads);
-void ads_disconnect(ADS_STRUCT *ads);
-ADS_STATUS ads_do_search_all_fn(ADS_STRUCT *ads, const char *bind_path,
- int scope, const char *expr, const char **attrs,
- bool (*fn)(ADS_STRUCT *, char *, void **, void *),
- void *data_area);
-char *ads_parent_dn(const char *dn);
-ADS_MODLIST ads_init_mods(TALLOC_CTX *ctx);
-ADS_STATUS ads_mod_str(TALLOC_CTX *ctx, ADS_MODLIST *mods,
- const char *name, const char *val);
-ADS_STATUS ads_mod_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods,
- const char *name, const char **vals);
-ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods);
-ADS_STATUS ads_gen_add(ADS_STRUCT *ads, const char *new_dn, ADS_MODLIST mods);
-ADS_STATUS ads_del_dn(ADS_STRUCT *ads, char *del_dn);
-char *ads_ou_string(ADS_STRUCT *ads, const char *org_unit);
-char *ads_default_ou_string(ADS_STRUCT *ads, const char *wknguid);
-ADS_STATUS ads_add_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods,
- const char *name, const char **vals);
-uint32 ads_get_kvno(ADS_STRUCT *ads, const char *account_name);
-uint32_t ads_get_machine_kvno(ADS_STRUCT *ads, const char *machine_name);
-ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machine_name);
-ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_name,
- const char *my_fqdn, const char *spn);
-ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name,
- const char *org_unit);
-ADS_STATUS ads_move_machine_acct(ADS_STRUCT *ads, const char *machine_name,
- const char *org_unit, bool *moved);
-int ads_count_replies(ADS_STRUCT *ads, void *res);
-ADS_STATUS ads_USN(ADS_STRUCT *ads, uint32 *usn);
-ADS_STATUS ads_current_time(ADS_STRUCT *ads);
-ADS_STATUS ads_domain_func_level(ADS_STRUCT *ads, uint32 *val);
-ADS_STATUS ads_domain_sid(ADS_STRUCT *ads, struct dom_sid *sid);
-ADS_STATUS ads_site_dn(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char **site_name);
-ADS_STATUS ads_site_dn_for_machine(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char *computer_name, const char **site_dn);
-ADS_STATUS ads_upn_suffixes(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, char ***suffixes, size_t *num_suffixes);
-ADS_STATUS ads_get_joinable_ous(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- char ***ous,
- size_t *num_ous);
-ADS_STATUS ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx,
- const char *extended_dn,
- enum ads_extended_dn_flags flags,
- struct dom_sid *sid);
-char* ads_get_dnshostname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
-char* ads_get_upn( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
-char* ads_get_samaccountname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
-ADS_STATUS ads_join_realm(ADS_STRUCT *ads, const char *machine_name,
- uint32 account_type, const char *org_unit);
-ADS_STATUS ads_leave_realm(ADS_STRUCT *ads, const char *hostname);
-ADS_STATUS ads_find_samaccount(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- const char *samaccountname,
- uint32 *uac_ret,
- const char **dn_ret);
-ADS_STATUS ads_config_path(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- char **config_path);
-const char *ads_get_extended_right_name_by_guid(ADS_STRUCT *ads,
- const char *config_path,
- TALLOC_CTX *mem_ctx,
- const struct GUID *rights_guid);
-ADS_STATUS ads_check_ou_dn(TALLOC_CTX *mem_ctx,
- ADS_STRUCT *ads,
- const char **account_ou);
-
-/* The following definitions come from libads/ldap_printer.c */
-
-ADS_STATUS ads_mod_printer_entry(ADS_STRUCT *ads, char *prt_dn,
- TALLOC_CTX *ctx, const ADS_MODLIST *mods);
-ADS_STATUS ads_add_printer_entry(ADS_STRUCT *ads, char *prt_dn,
- TALLOC_CTX *ctx, ADS_MODLIST *mods);
-WERROR get_remote_printer_publishing_data(struct rpc_pipe_client *cli,
- TALLOC_CTX *mem_ctx,
- ADS_MODLIST *mods,
- const char *printer);
-
-/* The following definitions come from libads/ldap_user.c */
-
-ADS_STATUS ads_add_user_acct(ADS_STRUCT *ads, const char *user,
- const char *container, const char *fullname);
-ADS_STATUS ads_add_group_acct(ADS_STRUCT *ads, const char *group,
- const char *container, const char *comment);
-
-/* The following definitions come from libads/ldap_utils.c */
-
-ADS_STATUS ads_ranged_search(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- int scope,
- const char *base,
- const char *filter,
- void *args,
- const char *range_attr,
- char ***strings,
- size_t *num_strings);
-ADS_STATUS ads_ranged_search_internal(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- int scope,
- const char *base,
- const char *filter,
- const char **attrs,
- void *args,
- const char *range_attr,
- char ***strings,
- size_t *num_strings,
- uint32 *first_usn,
- int *num_retries,
- bool *more_values);
-
-/* The following definitions come from libads/ndr.c */
-
-void ndr_print_ads_auth_flags(struct ndr_print *ndr, const char *name, uint32_t r);
-void ndr_print_ads_struct(struct ndr_print *ndr, const char *name, const struct ads_struct *r);
-
-/* The following definitions come from libads/sasl.c */
-
-ADS_STATUS ads_sasl_bind(ADS_STRUCT *ads);
-
-/* The following definitions come from libads/sasl_wrapping.c */
-
-ADS_STATUS ads_setup_sasl_wrapping(ADS_STRUCT *ads,
- const struct ads_saslwrap_ops *ops,
- void *private_data);
-ADS_STATUS ads_setup_sasl_wrapping(ADS_STRUCT *ads,
- const struct ads_saslwrap_ops *ops,
- void *private_data);
-
-/* The following definitions come from libads/util.c */
-
-ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_principal);
-ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads,
- char **returned_principal);
-
/* The following definitions come from librpc/ndr/util.c */
enum ndr_err_code ndr_push_server_id(struct ndr_push *ndr, int ndr_flags, const struct server_id *r);
diff --git a/source3/include/smb_krb5.h b/source3/include/smb_krb5.h
index 3e5c86268a..35cc047868 100644
--- a/source3/include/smb_krb5.h
+++ b/source3/include/smb_krb5.h
@@ -4,6 +4,8 @@
#define KRB5_PRIVATE 1 /* this file uses PRIVATE interfaces! */
/* this file uses DEPRECATED interfaces! */
+#define ADS_IGNORE_PRINCIPAL "not_defined_in_RFC4178@please_ignore"
+
#if defined(HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER)
#define KRB5_DEPRECATED 1
#else
diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h
index f2a028046d..69b4153f28 100644
--- a/source3/include/smbldap.h
+++ b/source3/include/smbldap.h
@@ -247,4 +247,10 @@ struct ldapsam_privates;
#define LDAP_CONNECTION_DEFAULT_TIMEOUT 2
#define LDAP_PAGE_SIZE 1024
+#ifndef LDAP_OPT_SUCCESS
+#define LDAP_OPT_SUCCESS 0
+#endif
+
+#define ADS_PAGE_CTL_OID "1.2.840.113556.1.4.319"
+
#endif /* _SMBLDAP_H */
diff --git a/source3/lib/netapi/joindomain.c b/source3/lib/netapi/joindomain.c
index 336f9dc783..94de573395 100644
--- a/source3/lib/netapi/joindomain.c
+++ b/source3/lib/netapi/joindomain.c
@@ -18,7 +18,7 @@
*/
#include "includes.h"
-
+#include "ads.h"
#include "librpc/gen_ndr/libnetapi.h"
#include "lib/netapi/netapi.h"
#include "lib/netapi/netapi_private.h"
diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c
index a4d26fa8b6..b1571536eb 100644
--- a/source3/lib/smbldap.c
+++ b/source3/lib/smbldap.c
@@ -25,10 +25,6 @@
#include "includes.h"
#include "smbldap.h"
-#ifndef LDAP_OPT_SUCCESS
-#define LDAP_OPT_SUCCESS 0
-#endif
-
/* Try not to hit the up or down server forever */
#define SMBLDAP_DONT_PING_TIME 10 /* ping only all 10 seconds */
diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h
new file mode 100644
index 0000000000..aedd23f1c5
--- /dev/null
+++ b/source3/libads/ads_proto.h
@@ -0,0 +1,171 @@
+/* The following definitions come from libads/ads_struct.c */
+
+char *ads_build_path(const char *realm, const char *sep, const char *field, int reverse);
+char *ads_build_dn(const char *realm);
+char *ads_build_domain(const char *dn);
+ADS_STRUCT *ads_init(const char *realm,
+ const char *workgroup,
+ const char *ldap_server);
+bool ads_set_sasl_wrap_flags(ADS_STRUCT *ads, int flags);
+void ads_destroy(ADS_STRUCT **ads);
+
+const char *ads_get_ldap_server_name(ADS_STRUCT *ads);
+
+/* The following definitions come from libads/disp_sec.c */
+
+void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct security_descriptor *sd);
+
+/* The following definitions come from libads/kerberos_keytab.c */
+
+int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc);
+int ads_keytab_flush(ADS_STRUCT *ads);
+int ads_keytab_create_default(ADS_STRUCT *ads);
+int ads_keytab_list(const char *keytab_name);
+
+/* The following definitions come from libads/krb5_errs.c */
+
+/* The following definitions come from libads/kerberos_util.c */
+
+ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
+ const char *machine_account,
+ const char *password);
+int ads_kinit_password(ADS_STRUCT *ads);
+
+/* The following definitions come from libads/ldap.c */
+
+bool ads_sitename_match(ADS_STRUCT *ads);
+bool ads_closest_dc(ADS_STRUCT *ads);
+ADS_STATUS ads_connect(ADS_STRUCT *ads);
+ADS_STATUS ads_connect_user_creds(ADS_STRUCT *ads);
+ADS_STATUS ads_connect_gc(ADS_STRUCT *ads);
+void ads_disconnect(ADS_STRUCT *ads);
+ADS_STATUS ads_do_search_all_fn(ADS_STRUCT *ads, const char *bind_path,
+ int scope, const char *expr, const char **attrs,
+ bool (*fn)(ADS_STRUCT *, char *, void **, void *),
+ void *data_area);
+char *ads_parent_dn(const char *dn);
+ADS_MODLIST ads_init_mods(TALLOC_CTX *ctx);
+ADS_STATUS ads_mod_str(TALLOC_CTX *ctx, ADS_MODLIST *mods,
+ const char *name, const char *val);
+ADS_STATUS ads_mod_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods,
+ const char *name, const char **vals);
+ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods);
+ADS_STATUS ads_gen_add(ADS_STRUCT *ads, const char *new_dn, ADS_MODLIST mods);
+ADS_STATUS ads_del_dn(ADS_STRUCT *ads, char *del_dn);
+char *ads_ou_string(ADS_STRUCT *ads, const char *org_unit);
+char *ads_default_ou_string(ADS_STRUCT *ads, const char *wknguid);
+ADS_STATUS ads_add_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods,
+ const char *name, const char **vals);
+uint32 ads_get_kvno(ADS_STRUCT *ads, const char *account_name);
+uint32_t ads_get_machine_kvno(ADS_STRUCT *ads, const char *machine_name);
+ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machine_name);
+ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_name,
+ const char *my_fqdn, const char *spn);
+ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name,
+ const char *org_unit);
+ADS_STATUS ads_move_machine_acct(ADS_STRUCT *ads, const char *machine_name,
+ const char *org_unit, bool *moved);
+int ads_count_replies(ADS_STRUCT *ads, void *res);
+ADS_STATUS ads_USN(ADS_STRUCT *ads, uint32 *usn);
+ADS_STATUS ads_current_time(ADS_STRUCT *ads);
+ADS_STATUS ads_domain_func_level(ADS_STRUCT *ads, uint32 *val);
+ADS_STATUS ads_domain_sid(ADS_STRUCT *ads, struct dom_sid *sid);
+ADS_STATUS ads_site_dn(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char **site_name);
+ADS_STATUS ads_site_dn_for_machine(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char *computer_name, const char **site_dn);
+ADS_STATUS ads_upn_suffixes(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, char ***suffixes, size_t *num_suffixes);
+ADS_STATUS ads_get_joinable_ous(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ char ***ous,
+ size_t *num_ous);
+ADS_STATUS ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx,
+ const char *extended_dn,
+ enum ads_extended_dn_flags flags,
+ struct dom_sid *sid);
+char* ads_get_dnshostname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
+char* ads_get_upn( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
+char* ads_get_samaccountname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
+ADS_STATUS ads_join_realm(ADS_STRUCT *ads, const char *machine_name,
+ uint32 account_type, const char *org_unit);
+ADS_STATUS ads_leave_realm(ADS_STRUCT *ads, const char *hostname);
+ADS_STATUS ads_find_samaccount(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ const char *samaccountname,
+ uint32 *uac_ret,
+ const char **dn_ret);
+ADS_STATUS ads_config_path(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ char **config_path);
+const char *ads_get_extended_right_name_by_guid(ADS_STRUCT *ads,
+ const char *config_path,
+ TALLOC_CTX *mem_ctx,
+ const struct GUID *rights_guid);
+ADS_STATUS ads_check_ou_dn(TALLOC_CTX *mem_ctx,
+ ADS_STRUCT *ads,
+ const char **account_ou);
+
+/* The following definitions come from libads/ldap_printer.c */
+
+ADS_STATUS ads_mod_printer_entry(ADS_STRUCT *ads, char *prt_dn,
+ TALLOC_CTX *ctx, const ADS_MODLIST *mods);
+ADS_STATUS ads_add_printer_entry(ADS_STRUCT *ads, char *prt_dn,
+ TALLOC_CTX *ctx, ADS_MODLIST *mods);
+WERROR get_remote_printer_publishing_data(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ ADS_MODLIST *mods,
+ const char *printer);
+
+/* The following definitions come from libads/ldap_user.c */
+
+ADS_STATUS ads_add_user_acct(ADS_STRUCT *ads, const char *user,
+ const char *container, const char *fullname);
+ADS_STATUS ads_add_group_acct(ADS_STRUCT *ads, const char *group,
+ const char *container, const char *comment);
+
+/* The following definitions come from libads/ldap_utils.c */
+
+ADS_STATUS ads_ranged_search(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ int scope,
+ const char *base,
+ const char *filter,
+ void *args,
+ const char *range_attr,
+ char ***strings,
+ size_t *num_strings);
+ADS_STATUS ads_ranged_search_internal(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ int scope,
+ const char *base,
+ const char *filter,
+ const char **attrs,
+ void *args,
+ const char *range_attr,
+ char ***strings,
+ size_t *num_strings,
+ uint32 *first_usn,
+ int *num_retries,
+ bool *more_values);
+
+/* The following definitions come from libads/ndr.c */
+
+void ndr_print_ads_auth_flags(struct ndr_print *ndr, const char *name, uint32_t r);
+void ndr_print_ads_struct(struct ndr_print *ndr, const char *name, const struct ads_struct *r);
+
+/* The following definitions come from libads/sasl.c */
+
+ADS_STATUS ads_sasl_bind(ADS_STRUCT *ads);
+
+/* The following definitions come from libads/sasl_wrapping.c */
+
+ADS_STATUS ads_setup_sasl_wrapping(ADS_STRUCT *ads,
+ const struct ads_saslwrap_ops *ops,
+ void *private_data);
+ADS_STATUS ads_setup_sasl_wrapping(ADS_STRUCT *ads,
+ const struct ads_saslwrap_ops *ops,
+ void *private_data);
+
+/* The following definitions come from libads/util.c */
+
+ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_principal);
+ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads,
+ char **returned_principal);
diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c
index e01a36cbae..7794952387 100644
--- a/source3/libads/ads_struct.c
+++ b/source3/libads/ads_struct.c
@@ -19,6 +19,7 @@
*/
#include "includes.h"
+#include "ads.h"
/* return a ldap dn path from a string, given separators and field name
caller must free
diff --git a/source3/libads/ads_utils.c b/source3/libads/ads_utils.c
index 213242c223..ec3efa8550 100644
--- a/source3/libads/ads_utils.c
+++ b/source3/libads/ads_utils.c
@@ -20,6 +20,7 @@
*/
#include "includes.h"
+#include "ads.h"
const char *ads_get_ldap_server_name(ADS_STRUCT *ads)
{
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index 00062f4457..3c529dbe7a 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -25,6 +25,7 @@
#include "includes.h"
#include "librpc/gen_ndr/ndr_krb5pac.h"
#include "smb_krb5.h"
+#include "libads/kerberos_proto.h"
#ifdef HAVE_KRB5
diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c
index d05b5085f0..05ac216bbe 100644
--- a/source3/libads/disp_sec.c
+++ b/source3/libads/disp_sec.c
@@ -18,6 +18,7 @@
*/
#include "includes.h"
+#include "ads.h"
#include "libads/ldap_schema.h"
/* for ADS */
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index f34b9cad09..c48944ae6f 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -24,6 +24,7 @@
#include "includes.h"
#include "smb_krb5.h"
#include "../librpc/gen_ndr/ndr_misc.h"
+#include "libads/kerberos_proto.h"
#ifdef HAVE_KRB5
@@ -284,58 +285,6 @@ int kerberos_kinit_password_ext(const char *principal,
return code;
}
-
-
-/* run kinit to setup our ccache */
-int ads_kinit_password(ADS_STRUCT *ads)
-{
- char *s;
- int ret;
- const char *account_name;
- fstring acct_name;
-
- if (ads->auth.flags & ADS_AUTH_USER_CREDS) {
- account_name = ads->auth.user_name;
- goto got_accountname;
- }
-
- if ( IS_DC ) {
- /* this will end up getting a ticket for DOMAIN@RUSTED.REA.LM */
- account_name = lp_workgroup();
- } else {
- /* always use the sAMAccountName for security = domain */
- /* global_myname()$@REA.LM */
- if ( lp_security() == SEC_DOMAIN ) {
- fstr_sprintf( acct_name, "%s$", global_myname() );
- account_name = acct_name;
- }
- else
- /* This looks like host/global_myname()@REA.LM */
- account_name = ads->auth.user_name;
- }
-
- got_accountname:
- if (asprintf(&s, "%s@%s", account_name, ads->auth.realm) == -1) {
- return KRB5_CC_NOMEM;
- }
-
- if (!ads->auth.password) {
- SAFE_FREE(s);
- return KRB5_LIBOS_CANTREADPWD;
- }
-
- ret = kerberos_kinit_password_ext(s, ads->auth.password, ads->auth.time_offset,
- &ads->auth.tgt_expire, NULL, NULL, False, False, ads->auth.renewable,
- NULL);
-
- if (ret) {
- DEBUG(0,("kerberos_kinit_password %s failed: %s\n",
- s, error_message(ret)));
- }
- SAFE_FREE(s);
- return ret;
-}
-
int ads_kdestroy(const char *cc_name)
{
krb5_error_code code;
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index fa2a1261a2..33b065f654 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -27,6 +27,7 @@
#include "includes.h"
#include "smb_krb5.h"
+#include "ads.h"
#ifdef HAVE_KRB5
diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h
new file mode 100644
index 0000000000..7be81fa9a5
--- /dev/null
+++ b/source3/libads/kerberos_proto.h
@@ -0,0 +1,67 @@
+/* The following definitions come from libads/kerberos_verify.c */
+
+NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
+ const char *realm,
+ time_t time_offset,
+ const DATA_BLOB *ticket,
+ char **principal,
+ struct PAC_LOGON_INFO **logon_info,
+ DATA_BLOB *ap_rep,
+ DATA_BLOB *session_key,
+ bool use_replay_cache);
+
+/* The following definitions come from libads/kerberos.c */
+
+int kerberos_kinit_password_ext(const char *principal,
+ const char *password,
+ int time_offset,
+ time_t *expire_time,
+ time_t *renew_till_time,
+ const char *cache_name,
+ bool request_pac,
+ bool add_netbios_addr,
+ time_t renewable_time,
+ NTSTATUS *ntstatus);
+int ads_kdestroy(const char *cc_name);
+char* kerberos_standard_des_salt( void );
+bool kerberos_secrets_store_des_salt( const char* salt );
+char* kerberos_secrets_fetch_des_salt( void );
+char *kerberos_get_default_realm_from_ccache( void );
+char *kerberos_get_realm_from_hostname(const char *hostname);
+
+bool kerberos_secrets_store_salting_principal(const char *service,
+ int enctype,
+ const char *principal);
+int kerberos_kinit_password(const char *principal,
+ const char *password,
+ int time_offset,
+ const char *cache_name);
+bool create_local_private_krb5_conf_for_domain(const char *realm,
+ const char *domain,
+ const char *sitename,
+ struct sockaddr_storage *pss,
+ const char *kdc_name);
+
+/* The following definitions come from libads/authdata.c */
+
+NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
+ const char *name,
+ const char *pass,
+ time_t time_offset,
+ time_t *expire_time,
+ time_t *renew_till_time,
+ const char *cache_name,
+ bool request_pac,
+ bool add_netbios_addr,
+ time_t renewable_time,
+ const char *impersonate_princ_s,
+ struct PAC_LOGON_INFO **logon_info);
+
+/* The following definitions come from libads/krb5_setpw.c */
+
+ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
+ const char *newpw, int time_offset);
+ADS_STATUS kerberos_set_password(const char *kpasswd_server,
+ const char *auth_principal, const char *auth_password,
+ const char *target_principal, const char *new_password,
+ int time_offset);
diff --git a/source3/libads/kerberos_util.c b/source3/libads/kerberos_util.c
new file mode 100644
index 0000000000..4762e1b914
--- /dev/null
+++ b/source3/libads/kerberos_util.c
@@ -0,0 +1,107 @@
+/*
+ Unix SMB/CIFS implementation.
+ krb5 set password implementation
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Remus Koos 2001 (remuskoos@yahoo.com)
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "smb_krb5.h"
+#include "ads.h"
+
+#ifdef HAVE_KRB5
+
+/**
+ * Set the machine account password
+ * @param ads connection to ads server
+ * @param hostname machine whose password is being set
+ * @param password new password
+ * @return status of password change
+ **/
+ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
+ const char *machine_account,
+ const char *password)
+{
+ ADS_STATUS status;
+ char *principal = NULL;
+
+ /*
+ we need to use the '$' form of the name here (the machine account name),
+ as otherwise the server might end up setting the password for a user
+ instead
+ */
+ if (asprintf(&principal, "%s@%s", machine_account, ads->config.realm) < 0) {
+ return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ }
+
+ status = ads_krb5_set_password(ads->auth.kdc_server, principal,
+ password, ads->auth.time_offset);
+
+ SAFE_FREE(principal);
+ return status;
+}
+
+/* run kinit to setup our ccache */
+int ads_kinit_password(ADS_STRUCT *ads)
+{
+ char *s;
+ int ret;
+ const char *account_name;
+ fstring acct_name;
+
+ if (ads->auth.flags & ADS_AUTH_USER_CREDS) {
+ account_name = ads->auth.user_name;
+ goto got_accountname;
+ }
+
+ if ( IS_DC ) {
+ /* this will end up getting a ticket for DOMAIN@RUSTED.REA.LM */
+ account_name = lp_workgroup();
+ } else {
+ /* always use the sAMAccountName for security = domain */
+ /* global_myname()$@REA.LM */
+ if ( lp_security() == SEC_DOMAIN ) {
+ fstr_sprintf( acct_name, "%s$", global_myname() );
+ account_name = acct_name;
+ }
+ else
+ /* This looks like host/global_myname()@REA.LM */
+ account_name = ads->auth.user_name;
+ }
+
+ got_accountname:
+ if (asprintf(&s, "%s@%s", account_name, ads->auth.realm) == -1) {
+ return KRB5_CC_NOMEM;
+ }
+
+ if (!ads->auth.password) {
+ SAFE_FREE(s);
+ return KRB5_LIBOS_CANTREADPWD;
+ }
+
+ ret = kerberos_kinit_password_ext(s, ads->auth.password, ads->auth.time_offset,
+ &ads->auth.tgt_expire, NULL, NULL, False, False, ads->auth.renewable,
+ NULL);
+
+ if (ret) {
+ DEBUG(0,("kerberos_kinit_password %s failed: %s\n",
+ s, error_message(ret)));
+ }
+ SAFE_FREE(s);
+ return ret;
+}
+
+#endif
diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c
index 2047f0e3b9..f8a6602194 100644
--- a/source3/libads/kerberos_verify.c
+++ b/source3/libads/kerberos_verify.c
@@ -25,6 +25,7 @@
#include "includes.h"
#include "smb_krb5.h"
+#include "libads/kerberos_proto.h"
#ifdef HAVE_KRB5
diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c
index ec5cafc49d..1c04d896de 100644
--- a/source3/libads/krb5_setpw.c
+++ b/source3/libads/krb5_setpw.c
@@ -20,6 +20,7 @@
#include "includes.h"
#include "smb_krb5.h"
+#include "libads/kerberos_proto.h"
#ifdef HAVE_KRB5
@@ -806,34 +807,4 @@ ADS_STATUS kerberos_set_password(const char *kpasswd_server,
new_password, time_offset);
}
-
-/**
- * Set the machine account password
- * @param ads connection to ads server
- * @param hostname machine whose password is being set
- * @param password new password
- * @return status of password change
- **/
-ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
- const char *machine_account,
- const char *password)
-{
- ADS_STATUS status;
- char *principal = NULL;
-
- /*
- we need to use the '$' form of the name here (the machine account name),
- as otherwise the server might end up setting the password for a user
- instead
- */
- if (asprintf(&principal, "%s@%s", machine_account, ads->config.realm) < 0) {
- return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- }
-
- status = ads_krb5_set_password(ads->auth.kdc_server, principal,
- password, ads->auth.time_offset);
-
- SAFE_FREE(principal);
- return status;
-}
#endif
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 5adbd6d039..77ab51ee26 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -22,6 +22,7 @@
*/
#include "includes.h"
+#include "ads.h"
#include "libads/sitename_cache.h"
#include "libads/cldap.h"
#include "libads/dns.h"
diff --git a/source3/libads/ldap_printer.c b/source3/libads/ldap_printer.c
index fff50cfe8b..e4a7d34cf1 100644
--- a/source3/libads/ldap_printer.c
+++ b/source3/libads/ldap_printer.c
@@ -18,6 +18,7 @@
*/
#include "includes.h"
+#include "ads.h"
#include "../librpc/gen_ndr/cli_spoolss.h"
#include "rpc_client/cli_spoolss.h"
#include "registry.h"
diff --git a/source3/libads/ldap_schema.c b/source3/libads/ldap_schema.c
index c739286abb..80ec45c73c 100644
--- a/source3/libads/ldap_schema.c
+++ b/source3/libads/ldap_schema.c
@@ -19,6 +19,7 @@
*/
#include "includes.h"
+#include "ads.h"
#include "libads/ldap_schema.h"
#ifdef HAVE_LDAP
diff --git a/source3/libads/ldap_user.c b/source3/libads/ldap_user.c
index ffd20f9bd2..55421009a7 100644
--- a/source3/libads/ldap_user.c
+++ b/source3/libads/ldap_user.c
@@ -18,6 +18,7 @@
*/
#include "includes.h"
+#include "ads.h"
#include "../libds/common/flags.h"
#ifdef HAVE_ADS
diff --git a/source3/libads/ldap_utils.c b/source3/libads/ldap_utils.c
index f9106caed1..c0c1adba30 100644
--- a/source3/libads/ldap_utils.c
+++ b/source3/libads/ldap_utils.c
@@ -21,6 +21,7 @@
*/
#include "includes.h"
+#include "ads.h"
#ifdef HAVE_LDAP
/*
diff --git a/source3/libads/ndr.c b/source3/libads/ndr.c
index 397aa2ca60..843ae3b615 100644
--- a/source3/libads/ndr.c
+++ b/source3/libads/ndr.c
@@ -20,6 +20,7 @@
*/
#include "includes.h"
+#include "ads.h"
#include "../librpc/gen_ndr/ndr_netlogon.h"
void ndr_print_ads_auth_flags(struct ndr_print *ndr, const char *name, uint32_t r)
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index f4a0ac627e..7ad4c9a868 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -20,6 +20,8 @@
#include "includes.h"
#include "../libcli/auth/spnego.h"
#include "../libcli/auth/ntlmssp.h"
+#include "ads.h"
+#include "smb_krb5.h"
#ifdef HAVE_LDAP
diff --git a/source3/libads/sasl_wrapping.c b/source3/libads/sasl_wrapping.c
index 2bfa079235..d7353ac79c 100644
--- a/source3/libads/sasl_wrapping.c
+++ b/source3/libads/sasl_wrapping.c
@@ -18,6 +18,7 @@
*/
#include "includes.h"
+#include "ads.h"
#ifdef HAVE_LDAP_SASL_WRAPPING
diff --git a/source3/libads/util.c b/source3/libads/util.c
index 9dcb906a37..f028c75cfe 100644
--- a/source3/libads/util.c
+++ b/source3/libads/util.c
@@ -18,6 +18,7 @@
*/
#include "includes.h"
+#include "ads.h"
#ifdef HAVE_KRB5
diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index e2b917966b..2d18261bfb 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -19,6 +19,7 @@
*/
#include "includes.h"
+#include "ads.h"
#include "librpc/gen_ndr/ndr_libnet_join.h"
#include "libnet/libnet_join.h"
#include "libcli/auth/libcli_auth.h"
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 2d3e5a56a7..a0f8f282b3 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -23,6 +23,7 @@
#include "../libcli/auth/spnego.h"
#include "smb_krb5.h"
#include "../libcli/auth/ntlmssp.h"
+#include "libads/kerberos_proto.h"
static const struct {
int prot;
diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c
index cebd793537..6458e5d564 100644
--- a/source3/libsmb/namequery_dc.c
+++ b/source3/libsmb/namequery_dc.c
@@ -24,6 +24,7 @@
#include "includes.h"
#include "libads/sitename_cache.h"
+#include "ads.h"
/**********************************************************************
Is this our primary domain ?
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index f65a9d50e9..a91e82fe3d 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -57,6 +57,8 @@
#include "lib/smbconf/smbconf_init.h"
#include "lib/smbconf/smbconf_reg.h"
+#include "ads.h"
+
#ifdef HAVE_SYS_SYSCTL_H
#include <sys/sysctl.h>
#endif
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 9d8e7ece2c..514170e5fa 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -28,6 +28,7 @@
#include "../libcli/auth/ntlmssp.h"
#include "ntlmssp_wrap.h"
#include "librpc/gen_ndr/messaging.h"
+#include "libads/kerberos_proto.h"
/* For split krb5 SPNEGO blobs. */
struct pending_auth_data {
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index f5272b35cd..4f6d5d2e13 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -25,6 +25,7 @@
#include "../libcli/auth/spnego.h"
#include "../libcli/auth/ntlmssp.h"
#include "ntlmssp_wrap.h"
+#include "libads/kerberos_proto.h"
static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *smb2req,
uint64_t in_session_id,
diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c
index ef28fc7008..71181990b5 100644
--- a/source3/utils/net_ads.c
+++ b/source3/utils/net_ads.c
@@ -25,10 +25,10 @@
#include "librpc/gen_ndr/ndr_krb5pac.h"
#include "../librpc/gen_ndr/cli_spoolss.h"
#include "nsswitch/libwbclient/wbclient.h"
+#include "ads.h"
#include "libads/cldap.h"
#include "libads/dns.h"
#include "../libds/common/flags.h"
-#include "ads.h"
#include "librpc/gen_ndr/libnet_join.h"
#include "libnet/libnet_join.h"
#include "smb_krb5.h"
diff --git a/source3/utils/net_ads_gpo.c b/source3/utils/net_ads_gpo.c
index 05c3676160..57396c76e3 100644
--- a/source3/utils/net_ads_gpo.c
+++ b/source3/utils/net_ads_gpo.c
@@ -19,6 +19,7 @@
#include "includes.h"
#include "utils/net.h"
+#include "ads.h"
#include "../libgpo/gpo.h"
#include "libgpo/gpo_proto.h"
#include "../libds/common/flags.h"
diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h
index 9f3fe155a4..4791223f2d 100644
--- a/source3/utils/net_proto.h
+++ b/source3/utils/net_proto.h
@@ -45,9 +45,9 @@ void debug_unix_user_token(int dbg_class, int dbg_lev, uid_t uid, gid_t gid,
enum netr_SchannelType get_sec_channel_type(const char *param);
/* The following definitions come from utils/net_ads.c */
-
-ADS_STATUS ads_startup(struct net_context *c, bool only_own_domain, ADS_STRUCT **ads);
-ADS_STATUS ads_startup_nobind(struct net_context *c, bool only_own_domain, ADS_STRUCT **ads);
+struct ads_struct;
+ADS_STATUS ads_startup(struct net_context *c, bool only_own_domain, struct ads_struct **ads);
+ADS_STATUS ads_startup_nobind(struct net_context *c, bool only_own_domain, struct ads_struct **ads);
int net_ads_check_our_domain(struct net_context *c);
int net_ads_check(struct net_context *c);
int net_ads_user(struct net_context *c, int argc, const char **argv);
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 971ba96220..1ddc94b8f7 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -31,6 +31,7 @@
#include "smb_krb5.h"
#include <iniparser.h>
#include "../lib/crypto/arcfour.h"
+#include "libads/kerberos_proto.h"
#ifndef PAM_WINBIND_CONFIG_FILE
#define PAM_WINBIND_CONFIG_FILE "/etc/security/pam_winbind.conf"
diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c
index 7aaaa9d272..def41c6c11 100644
--- a/source3/winbindd/idmap_ad.c
+++ b/source3/winbindd/idmap_ad.c
@@ -28,6 +28,7 @@
#include "includes.h"
#include "winbindd.h"
#include "../libds/common/flags.h"
+#include "ads.h"
#include "libads/ldap_schema.h"
#include "nss_info.h"
diff --git a/source3/winbindd/idmap_adex/cell_util.c b/source3/winbindd/idmap_adex/cell_util.c
index 257647a797..c32bb9179d 100644
--- a/source3/winbindd/idmap_adex/cell_util.c
+++ b/source3/winbindd/idmap_adex/cell_util.c
@@ -19,6 +19,7 @@
*/
#include "includes.h"
+#include "ads.h"
#include "idmap_adex.h"
#include "../libds/common/flags.h"
diff --git a/source3/winbindd/idmap_adex/domain_util.c b/source3/winbindd/idmap_adex/domain_util.c
index dae5415b3b..72643e97da 100644
--- a/source3/winbindd/idmap_adex/domain_util.c
+++ b/source3/winbindd/idmap_adex/domain_util.c
@@ -19,6 +19,7 @@
*/
#include "includes.h"
+#include "ads.h"
#include "idmap_adex.h"
#undef DBGC_CLASS
diff --git a/source3/winbindd/idmap_adex/gc_util.c b/source3/winbindd/idmap_adex/gc_util.c
index 9b4ce77b00..339234dfaf 100644
--- a/source3/winbindd/idmap_adex/gc_util.c
+++ b/source3/winbindd/idmap_adex/gc_util.c
@@ -19,6 +19,7 @@
*/
#include "includes.h"
+#include "ads.h"
#include "idmap_adex.h"
#include "libads/cldap.h"
diff --git a/source3/winbindd/idmap_adex/idmap_adex.c b/source3/winbindd/idmap_adex/idmap_adex.c
index aabc4da400..c815e75a29 100644
--- a/source3/winbindd/idmap_adex/idmap_adex.c
+++ b/source3/winbindd/idmap_adex/idmap_adex.c
@@ -19,6 +19,7 @@
*/
#include "includes.h"
+#include "ads.h"
#include "idmap_adex.h"
#include "nss_info.h"
diff --git a/source3/winbindd/idmap_adex/likewise_cell.c b/source3/winbindd/idmap_adex/likewise_cell.c
index f1abb24da2..24343eb554 100644
--- a/source3/winbindd/idmap_adex/likewise_cell.c
+++ b/source3/winbindd/idmap_adex/likewise_cell.c
@@ -19,6 +19,7 @@
*/
#include "includes.h"
+#include "ads.h"
#include "idmap_adex.h"
#undef DBGC_CLASS
diff --git a/source3/winbindd/idmap_adex/provider_unified.c b/source3/winbindd/idmap_adex/provider_unified.c
index f66d4dfbf4..999615ca3c 100644
--- a/source3/winbindd/idmap_adex/provider_unified.c
+++ b/source3/winbindd/idmap_adex/provider_unified.c
@@ -21,6 +21,7 @@
*/
#include "includes.h"
+#include "ads.h"
#include "idmap_adex.h"
#undef DBGC_CLASS
diff --git a/source3/winbindd/idmap_hash/idmap_hash.c b/source3/winbindd/idmap_hash/idmap_hash.c
index de4652d684..ed55cd5dd4 100644
--- a/source3/winbindd/idmap_hash/idmap_hash.c
+++ b/source3/winbindd/idmap_hash/idmap_hash.c
@@ -21,6 +21,7 @@
#include "includes.h"
#include "winbindd/winbindd.h"
#include "idmap_hash.h"
+#include "ads.h"
#include "nss_info.h"
#undef DBGC_CLASS
diff --git a/source3/winbindd/nss_info.c b/source3/winbindd/nss_info.c
index 82eb6c7db5..67ffbf21cc 100644
--- a/source3/winbindd/nss_info.c
+++ b/source3/winbindd/nss_info.c
@@ -20,6 +20,7 @@
*/
#include "includes.h"
+#include "ads.h"
#include "nss_info.h"
static struct nss_function_entry *backends = NULL;
diff --git a/source3/winbindd/nss_info_template.c b/source3/winbindd/nss_info_template.c
index 1b69a8cb2b..0bc398e908 100644
--- a/source3/winbindd/nss_info_template.c
+++ b/source3/winbindd/nss_info_template.c
@@ -19,6 +19,7 @@
*/
#include "includes.h"
+#include "ads.h"
#include "nss_info.h"
/************************************************************************
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index c73e1a0aeb..949e206d04 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -25,6 +25,7 @@
#include "winbindd.h"
#include "../librpc/gen_ndr/cli_netlogon.h"
#include "../libds/common/flags.h"
+#include "ads.h"
#ifdef HAVE_ADS
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 631a14d413..5d12c2b3bc 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -28,6 +28,7 @@
#include "tdb_validate.h"
#include "../libcli/auth/libcli_auth.h"
#include "../librpc/gen_ndr/ndr_wbint.h"
+#include "ads.h"
#include "nss_info.h"
#undef DBGC_CLASS
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index b300357190..c10d82cb49 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -70,6 +70,7 @@
#include "libads/sitename_cache.h"
#include "librpc/gen_ndr/messaging.h"
#include "libsmb/clidgram.h"
+#include "ads.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
diff --git a/source3/winbindd/winbindd_cred_cache.c b/source3/winbindd/winbindd_cred_cache.c
index 22e135a381..ab8934bfd4 100644
--- a/source3/winbindd/winbindd_cred_cache.c
+++ b/source3/winbindd/winbindd_cred_cache.c
@@ -25,6 +25,7 @@
#include "winbindd.h"
#include "../libcli/auth/libcli_auth.h"
#include "smb_krb5.h"
+#include "libads/kerberos_proto.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 010245f05d..11b16310b4 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -32,6 +32,7 @@
#include "smb_krb5.h"
#include "../lib/crypto/arcfour.h"
#include "../libcli/security/dom_sid.h"
+#include "ads.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index a26a9df889..eb9ca4bace 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -155,10 +155,11 @@ bool wcache_tdc_fetch_list( struct winbindd_tdc_domain **domains, size_t *num_do
bool wcache_tdc_add_domain( struct winbindd_domain *domain );
struct winbindd_tdc_domain * wcache_tdc_fetch_domain( TALLOC_CTX *ctx, const char *name );
void wcache_tdc_clear( void );
+struct ads_struct;
NTSTATUS nss_get_info_cached( struct winbindd_domain *domain,
const struct dom_sid *user_sid,
TALLOC_CTX *ctx,
- ADS_STRUCT *ads, LDAPMessage *msg,
+ struct ads_struct *ads, LDAPMessage *msg,
const char **homedir, const char **shell,
const char **gecos, gid_t *p_gid);
bool wcache_store_seqnum(const char *domain_name, uint32_t seqnum,
diff --git a/source3/wscript_build b/source3/wscript_build
index aec350ffce..1babb54db8 100644
--- a/source3/wscript_build
+++ b/source3/wscript_build
@@ -205,7 +205,9 @@ LIBGPO_SRC = '''${LIBGPO_SRC0}'''
LIBADS_SRC = '''libads/ldap.c libads/ldap_printer.c
libads/sasl.c libads/sasl_wrapping.c
- libads/krb5_setpw.c libads/ldap_user.c
+ libads/krb5_setpw.c
+ libads/kerberos_util.c
+ libads/ldap_user.c
libads/ads_struct.c libads/kerberos_keytab.c
libads/disp_sec.c libads/ads_utils.c libads/ldap_utils.c
libads/ldap_schema.c libads/util.c libads/ndr.c'''