diff options
56 files changed, 416 insertions, 338 deletions
diff --git a/libgpo/gpo.h b/libgpo/gpo.h index 6e71e3cff7..ba9e0b7962 100644 --- a/libgpo/gpo.h +++ b/libgpo/gpo.h @@ -24,6 +24,7 @@ #include "source4/libgpo/ads_convenience.h" #else struct loadparm_context; +#include "ads.h" #endif enum GPO_LINK_TYPE { diff --git a/source3/Makefile.in b/source3/Makefile.in index 128ff8c4b6..af26549eb4 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -456,7 +456,9 @@ LIBGPO_OBJ = $(LIBGPO_OBJ0) LIBADS_OBJ = libads/ldap.o libads/ldap_printer.o \ libads/sasl.o libads/sasl_wrapping.o \ - libads/krb5_setpw.o libads/ldap_user.o \ + libads/krb5_setpw.o \ + libads/kerberos_util.o \ + libads/ldap_user.o \ libads/ads_struct.o libads/kerberos_keytab.o \ libads/disp_sec.o libads/ads_utils.o libads/ldap_utils.o \ libads/ldap_schema.o libads/util.o libads/ndr.o diff --git a/source3/include/ads.h b/source3/include/ads.h index 0637cc8ad4..b45d53de07 100644 --- a/source3/include/ads.h +++ b/source3/include/ads.h @@ -148,6 +148,12 @@ typedef struct { int critical; } ads_control; -#define ADS_IGNORE_PRINCIPAL "not_defined_in_RFC4178@please_ignore" +#include "libads/ads_proto.h" + +#ifdef HAVE_LDAP +#include "libads/ads_ldap_protos.h" +#endif + +#include "libads/kerberos_proto.h" #endif /* _INCLUDE_ADS_H_ */ diff --git a/source3/include/includes.h b/source3/include/includes.h index 2573585f6e..35686e9f31 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -628,7 +628,6 @@ extern void *cmdline_lp_ctx; #include "krb5_env.h" #include "libads/ads_status.h" -#include "ads.h" #include "interfaces.h" #include "trans2.h" #include "../libcli/util/error.h" @@ -736,10 +735,6 @@ enum flush_reason_enum { #include "modules/vfs_irixacl.h" #endif -#ifdef HAVE_LDAP -#include "libads/ads_ldap_protos.h" -#endif - /* We need this after proto.h to reference GetTimeOfDay(). */ #include "smbprofile.h" diff --git a/source3/include/proto.h b/source3/include/proto.h index f9684ad16e..9fd91b4724 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1727,244 +1727,6 @@ void wins_srv_tags_free(char **list); struct in_addr wins_srv_ip_tag(const char *tag, struct in_addr src_ip); unsigned wins_srv_count_tag(const char *tag); -/* The following definitions come from libads/ads_struct.c */ - -char *ads_build_path(const char *realm, const char *sep, const char *field, int reverse); -char *ads_build_dn(const char *realm); -char *ads_build_domain(const char *dn); -ADS_STRUCT *ads_init(const char *realm, - const char *workgroup, - const char *ldap_server); -bool ads_set_sasl_wrap_flags(ADS_STRUCT *ads, int flags); -void ads_destroy(ADS_STRUCT **ads); - -const char *ads_get_ldap_server_name(ADS_STRUCT *ads); - -/* The following definitions come from libads/authdata.c */ - -NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx, - const char *name, - const char *pass, - time_t time_offset, - time_t *expire_time, - time_t *renew_till_time, - const char *cache_name, - bool request_pac, - bool add_netbios_addr, - time_t renewable_time, - const char *impersonate_princ_s, - struct PAC_LOGON_INFO **logon_info); - -/* The following definitions come from libads/disp_sec.c */ - -void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct security_descriptor *sd); - -/* The following definitions come from libads/kerberos.c */ - -int kerberos_kinit_password_ext(const char *principal, - const char *password, - int time_offset, - time_t *expire_time, - time_t *renew_till_time, - const char *cache_name, - bool request_pac, - bool add_netbios_addr, - time_t renewable_time, - NTSTATUS *ntstatus); -int ads_kinit_password(ADS_STRUCT *ads); -int ads_kdestroy(const char *cc_name); -char* kerberos_standard_des_salt( void ); -bool kerberos_secrets_store_des_salt( const char* salt ); -char* kerberos_secrets_fetch_des_salt( void ); -char *kerberos_get_default_realm_from_ccache( void ); -char *kerberos_get_realm_from_hostname(const char *hostname); - -bool kerberos_secrets_store_salting_principal(const char *service, - int enctype, - const char *principal); -int kerberos_kinit_password(const char *principal, - const char *password, - int time_offset, - const char *cache_name); -bool create_local_private_krb5_conf_for_domain(const char *realm, - const char *domain, - const char *sitename, - struct sockaddr_storage *pss, - const char *kdc_name); - -/* The following definitions come from libads/kerberos_keytab.c */ - -int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc); -int ads_keytab_flush(ADS_STRUCT *ads); -int ads_keytab_create_default(ADS_STRUCT *ads); -int ads_keytab_list(const char *keytab_name); - -/* The following definitions come from libads/kerberos_verify.c */ - -NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx, - const char *realm, - time_t time_offset, - const DATA_BLOB *ticket, - char **principal, - struct PAC_LOGON_INFO **logon_info, - DATA_BLOB *ap_rep, - DATA_BLOB *session_key, - bool use_replay_cache); - -/* The following definitions come from libads/krb5_errs.c */ - - -/* The following definitions come from libads/krb5_setpw.c */ - -ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ, - const char *newpw, int time_offset); -ADS_STATUS kerberos_set_password(const char *kpasswd_server, - const char *auth_principal, const char *auth_password, - const char *target_principal, const char *new_password, - int time_offset); -ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads, - const char *machine_account, - const char *password); - -/* The following definitions come from libads/ldap.c */ - -bool ads_sitename_match(ADS_STRUCT *ads); -bool ads_closest_dc(ADS_STRUCT *ads); -ADS_STATUS ads_connect(ADS_STRUCT *ads); -ADS_STATUS ads_connect_user_creds(ADS_STRUCT *ads); -ADS_STATUS ads_connect_gc(ADS_STRUCT *ads); -void ads_disconnect(ADS_STRUCT *ads); -ADS_STATUS ads_do_search_all_fn(ADS_STRUCT *ads, const char *bind_path, - int scope, const char *expr, const char **attrs, - bool (*fn)(ADS_STRUCT *, char *, void **, void *), - void *data_area); -char *ads_parent_dn(const char *dn); -ADS_MODLIST ads_init_mods(TALLOC_CTX *ctx); -ADS_STATUS ads_mod_str(TALLOC_CTX *ctx, ADS_MODLIST *mods, - const char *name, const char *val); -ADS_STATUS ads_mod_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods, - const char *name, const char **vals); -ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods); -ADS_STATUS ads_gen_add(ADS_STRUCT *ads, const char *new_dn, ADS_MODLIST mods); -ADS_STATUS ads_del_dn(ADS_STRUCT *ads, char *del_dn); -char *ads_ou_string(ADS_STRUCT *ads, const char *org_unit); -char *ads_default_ou_string(ADS_STRUCT *ads, const char *wknguid); -ADS_STATUS ads_add_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods, - const char *name, const char **vals); -uint32 ads_get_kvno(ADS_STRUCT *ads, const char *account_name); -uint32_t ads_get_machine_kvno(ADS_STRUCT *ads, const char *machine_name); -ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machine_name); -ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_name, - const char *my_fqdn, const char *spn); -ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name, - const char *org_unit); -ADS_STATUS ads_move_machine_acct(ADS_STRUCT *ads, const char *machine_name, - const char *org_unit, bool *moved); -int ads_count_replies(ADS_STRUCT *ads, void *res); -ADS_STATUS ads_USN(ADS_STRUCT *ads, uint32 *usn); -ADS_STATUS ads_current_time(ADS_STRUCT *ads); -ADS_STATUS ads_domain_func_level(ADS_STRUCT *ads, uint32 *val); -ADS_STATUS ads_domain_sid(ADS_STRUCT *ads, struct dom_sid *sid); -ADS_STATUS ads_site_dn(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char **site_name); -ADS_STATUS ads_site_dn_for_machine(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char *computer_name, const char **site_dn); -ADS_STATUS ads_upn_suffixes(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, char ***suffixes, size_t *num_suffixes); -ADS_STATUS ads_get_joinable_ous(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - char ***ous, - size_t *num_ous); -ADS_STATUS ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, - const char *extended_dn, - enum ads_extended_dn_flags flags, - struct dom_sid *sid); -char* ads_get_dnshostname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name ); -char* ads_get_upn( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name ); -char* ads_get_samaccountname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name ); -ADS_STATUS ads_join_realm(ADS_STRUCT *ads, const char *machine_name, - uint32 account_type, const char *org_unit); -ADS_STATUS ads_leave_realm(ADS_STRUCT *ads, const char *hostname); -ADS_STATUS ads_find_samaccount(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - const char *samaccountname, - uint32 *uac_ret, - const char **dn_ret); -ADS_STATUS ads_config_path(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - char **config_path); -const char *ads_get_extended_right_name_by_guid(ADS_STRUCT *ads, - const char *config_path, - TALLOC_CTX *mem_ctx, - const struct GUID *rights_guid); -ADS_STATUS ads_check_ou_dn(TALLOC_CTX *mem_ctx, - ADS_STRUCT *ads, - const char **account_ou); - -/* The following definitions come from libads/ldap_printer.c */ - -ADS_STATUS ads_mod_printer_entry(ADS_STRUCT *ads, char *prt_dn, - TALLOC_CTX *ctx, const ADS_MODLIST *mods); -ADS_STATUS ads_add_printer_entry(ADS_STRUCT *ads, char *prt_dn, - TALLOC_CTX *ctx, ADS_MODLIST *mods); -WERROR get_remote_printer_publishing_data(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - ADS_MODLIST *mods, - const char *printer); - -/* The following definitions come from libads/ldap_user.c */ - -ADS_STATUS ads_add_user_acct(ADS_STRUCT *ads, const char *user, - const char *container, const char *fullname); -ADS_STATUS ads_add_group_acct(ADS_STRUCT *ads, const char *group, - const char *container, const char *comment); - -/* The following definitions come from libads/ldap_utils.c */ - -ADS_STATUS ads_ranged_search(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - int scope, - const char *base, - const char *filter, - void *args, - const char *range_attr, - char ***strings, - size_t *num_strings); -ADS_STATUS ads_ranged_search_internal(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - int scope, - const char *base, - const char *filter, - const char **attrs, - void *args, - const char *range_attr, - char ***strings, - size_t *num_strings, - uint32 *first_usn, - int *num_retries, - bool *more_values); - -/* The following definitions come from libads/ndr.c */ - -void ndr_print_ads_auth_flags(struct ndr_print *ndr, const char *name, uint32_t r); -void ndr_print_ads_struct(struct ndr_print *ndr, const char *name, const struct ads_struct *r); - -/* The following definitions come from libads/sasl.c */ - -ADS_STATUS ads_sasl_bind(ADS_STRUCT *ads); - -/* The following definitions come from libads/sasl_wrapping.c */ - -ADS_STATUS ads_setup_sasl_wrapping(ADS_STRUCT *ads, - const struct ads_saslwrap_ops *ops, - void *private_data); -ADS_STATUS ads_setup_sasl_wrapping(ADS_STRUCT *ads, - const struct ads_saslwrap_ops *ops, - void *private_data); - -/* The following definitions come from libads/util.c */ - -ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_principal); -ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads, - char **returned_principal); - /* The following definitions come from librpc/ndr/util.c */ enum ndr_err_code ndr_push_server_id(struct ndr_push *ndr, int ndr_flags, const struct server_id *r); diff --git a/source3/include/smb_krb5.h b/source3/include/smb_krb5.h index 3e5c86268a..35cc047868 100644 --- a/source3/include/smb_krb5.h +++ b/source3/include/smb_krb5.h @@ -4,6 +4,8 @@ #define KRB5_PRIVATE 1 /* this file uses PRIVATE interfaces! */ /* this file uses DEPRECATED interfaces! */ +#define ADS_IGNORE_PRINCIPAL "not_defined_in_RFC4178@please_ignore" + #if defined(HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER) #define KRB5_DEPRECATED 1 #else diff --git a/source3/include/smbldap.h b/source3/include/smbldap.h index f2a028046d..69b4153f28 100644 --- a/source3/include/smbldap.h +++ b/source3/include/smbldap.h @@ -247,4 +247,10 @@ struct ldapsam_privates; #define LDAP_CONNECTION_DEFAULT_TIMEOUT 2 #define LDAP_PAGE_SIZE 1024 +#ifndef LDAP_OPT_SUCCESS +#define LDAP_OPT_SUCCESS 0 +#endif + +#define ADS_PAGE_CTL_OID "1.2.840.113556.1.4.319" + #endif /* _SMBLDAP_H */ diff --git a/source3/lib/netapi/joindomain.c b/source3/lib/netapi/joindomain.c index 336f9dc783..94de573395 100644 --- a/source3/lib/netapi/joindomain.c +++ b/source3/lib/netapi/joindomain.c @@ -18,7 +18,7 @@ */ #include "includes.h" - +#include "ads.h" #include "librpc/gen_ndr/libnetapi.h" #include "lib/netapi/netapi.h" #include "lib/netapi/netapi_private.h" diff --git a/source3/lib/smbldap.c b/source3/lib/smbldap.c index a4d26fa8b6..b1571536eb 100644 --- a/source3/lib/smbldap.c +++ b/source3/lib/smbldap.c @@ -25,10 +25,6 @@ #include "includes.h" #include "smbldap.h" -#ifndef LDAP_OPT_SUCCESS -#define LDAP_OPT_SUCCESS 0 -#endif - /* Try not to hit the up or down server forever */ #define SMBLDAP_DONT_PING_TIME 10 /* ping only all 10 seconds */ diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h new file mode 100644 index 0000000000..aedd23f1c5 --- /dev/null +++ b/source3/libads/ads_proto.h @@ -0,0 +1,171 @@ +/* The following definitions come from libads/ads_struct.c */ + +char *ads_build_path(const char *realm, const char *sep, const char *field, int reverse); +char *ads_build_dn(const char *realm); +char *ads_build_domain(const char *dn); +ADS_STRUCT *ads_init(const char *realm, + const char *workgroup, + const char *ldap_server); +bool ads_set_sasl_wrap_flags(ADS_STRUCT *ads, int flags); +void ads_destroy(ADS_STRUCT **ads); + +const char *ads_get_ldap_server_name(ADS_STRUCT *ads); + +/* The following definitions come from libads/disp_sec.c */ + +void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct security_descriptor *sd); + +/* The following definitions come from libads/kerberos_keytab.c */ + +int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc); +int ads_keytab_flush(ADS_STRUCT *ads); +int ads_keytab_create_default(ADS_STRUCT *ads); +int ads_keytab_list(const char *keytab_name); + +/* The following definitions come from libads/krb5_errs.c */ + +/* The following definitions come from libads/kerberos_util.c */ + +ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads, + const char *machine_account, + const char *password); +int ads_kinit_password(ADS_STRUCT *ads); + +/* The following definitions come from libads/ldap.c */ + +bool ads_sitename_match(ADS_STRUCT *ads); +bool ads_closest_dc(ADS_STRUCT *ads); +ADS_STATUS ads_connect(ADS_STRUCT *ads); +ADS_STATUS ads_connect_user_creds(ADS_STRUCT *ads); +ADS_STATUS ads_connect_gc(ADS_STRUCT *ads); +void ads_disconnect(ADS_STRUCT *ads); +ADS_STATUS ads_do_search_all_fn(ADS_STRUCT *ads, const char *bind_path, + int scope, const char *expr, const char **attrs, + bool (*fn)(ADS_STRUCT *, char *, void **, void *), + void *data_area); +char *ads_parent_dn(const char *dn); +ADS_MODLIST ads_init_mods(TALLOC_CTX *ctx); +ADS_STATUS ads_mod_str(TALLOC_CTX *ctx, ADS_MODLIST *mods, + const char *name, const char *val); +ADS_STATUS ads_mod_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods, + const char *name, const char **vals); +ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods); +ADS_STATUS ads_gen_add(ADS_STRUCT *ads, const char *new_dn, ADS_MODLIST mods); +ADS_STATUS ads_del_dn(ADS_STRUCT *ads, char *del_dn); +char *ads_ou_string(ADS_STRUCT *ads, const char *org_unit); +char *ads_default_ou_string(ADS_STRUCT *ads, const char *wknguid); +ADS_STATUS ads_add_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods, + const char *name, const char **vals); +uint32 ads_get_kvno(ADS_STRUCT *ads, const char *account_name); +uint32_t ads_get_machine_kvno(ADS_STRUCT *ads, const char *machine_name); +ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machine_name); +ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_name, + const char *my_fqdn, const char *spn); +ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name, + const char *org_unit); +ADS_STATUS ads_move_machine_acct(ADS_STRUCT *ads, const char *machine_name, + const char *org_unit, bool *moved); +int ads_count_replies(ADS_STRUCT *ads, void *res); +ADS_STATUS ads_USN(ADS_STRUCT *ads, uint32 *usn); +ADS_STATUS ads_current_time(ADS_STRUCT *ads); +ADS_STATUS ads_domain_func_level(ADS_STRUCT *ads, uint32 *val); +ADS_STATUS ads_domain_sid(ADS_STRUCT *ads, struct dom_sid *sid); +ADS_STATUS ads_site_dn(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char **site_name); +ADS_STATUS ads_site_dn_for_machine(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char *computer_name, const char **site_dn); +ADS_STATUS ads_upn_suffixes(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, char ***suffixes, size_t *num_suffixes); +ADS_STATUS ads_get_joinable_ous(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + char ***ous, + size_t *num_ous); +ADS_STATUS ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, + const char *extended_dn, + enum ads_extended_dn_flags flags, + struct dom_sid *sid); +char* ads_get_dnshostname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name ); +char* ads_get_upn( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name ); +char* ads_get_samaccountname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name ); +ADS_STATUS ads_join_realm(ADS_STRUCT *ads, const char *machine_name, + uint32 account_type, const char *org_unit); +ADS_STATUS ads_leave_realm(ADS_STRUCT *ads, const char *hostname); +ADS_STATUS ads_find_samaccount(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + const char *samaccountname, + uint32 *uac_ret, + const char **dn_ret); +ADS_STATUS ads_config_path(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + char **config_path); +const char *ads_get_extended_right_name_by_guid(ADS_STRUCT *ads, + const char *config_path, + TALLOC_CTX *mem_ctx, + const struct GUID *rights_guid); +ADS_STATUS ads_check_ou_dn(TALLOC_CTX *mem_ctx, + ADS_STRUCT *ads, + const char **account_ou); + +/* The following definitions come from libads/ldap_printer.c */ + +ADS_STATUS ads_mod_printer_entry(ADS_STRUCT *ads, char *prt_dn, + TALLOC_CTX *ctx, const ADS_MODLIST *mods); +ADS_STATUS ads_add_printer_entry(ADS_STRUCT *ads, char *prt_dn, + TALLOC_CTX *ctx, ADS_MODLIST *mods); +WERROR get_remote_printer_publishing_data(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + ADS_MODLIST *mods, + const char *printer); + +/* The following definitions come from libads/ldap_user.c */ + +ADS_STATUS ads_add_user_acct(ADS_STRUCT *ads, const char *user, + const char *container, const char *fullname); +ADS_STATUS ads_add_group_acct(ADS_STRUCT *ads, const char *group, + const char *container, const char *comment); + +/* The following definitions come from libads/ldap_utils.c */ + +ADS_STATUS ads_ranged_search(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + int scope, + const char *base, + const char *filter, + void *args, + const char *range_attr, + char ***strings, + size_t *num_strings); +ADS_STATUS ads_ranged_search_internal(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + int scope, + const char *base, + const char *filter, + const char **attrs, + void *args, + const char *range_attr, + char ***strings, + size_t *num_strings, + uint32 *first_usn, + int *num_retries, + bool *more_values); + +/* The following definitions come from libads/ndr.c */ + +void ndr_print_ads_auth_flags(struct ndr_print *ndr, const char *name, uint32_t r); +void ndr_print_ads_struct(struct ndr_print *ndr, const char *name, const struct ads_struct *r); + +/* The following definitions come from libads/sasl.c */ + +ADS_STATUS ads_sasl_bind(ADS_STRUCT *ads); + +/* The following definitions come from libads/sasl_wrapping.c */ + +ADS_STATUS ads_setup_sasl_wrapping(ADS_STRUCT *ads, + const struct ads_saslwrap_ops *ops, + void *private_data); +ADS_STATUS ads_setup_sasl_wrapping(ADS_STRUCT *ads, + const struct ads_saslwrap_ops *ops, + void *private_data); + +/* The following definitions come from libads/util.c */ + +ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_principal); +ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads, + char **returned_principal); diff --git a/source3/libads/ads_struct.c b/source3/libads/ads_struct.c index e01a36cbae..7794952387 100644 --- a/source3/libads/ads_struct.c +++ b/source3/libads/ads_struct.c @@ -19,6 +19,7 @@ */ #include "includes.h" +#include "ads.h" /* return a ldap dn path from a string, given separators and field name caller must free diff --git a/source3/libads/ads_utils.c b/source3/libads/ads_utils.c index 213242c223..ec3efa8550 100644 --- a/source3/libads/ads_utils.c +++ b/source3/libads/ads_utils.c @@ -20,6 +20,7 @@ */ #include "includes.h" +#include "ads.h" const char *ads_get_ldap_server_name(ADS_STRUCT *ads) { diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c index 00062f4457..3c529dbe7a 100644 --- a/source3/libads/authdata.c +++ b/source3/libads/authdata.c @@ -25,6 +25,7 @@ #include "includes.h" #include "librpc/gen_ndr/ndr_krb5pac.h" #include "smb_krb5.h" +#include "libads/kerberos_proto.h" #ifdef HAVE_KRB5 diff --git a/source3/libads/disp_sec.c b/source3/libads/disp_sec.c index d05b5085f0..05ac216bbe 100644 --- a/source3/libads/disp_sec.c +++ b/source3/libads/disp_sec.c @@ -18,6 +18,7 @@ */ #include "includes.h" +#include "ads.h" #include "libads/ldap_schema.h" /* for ADS */ diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index f34b9cad09..c48944ae6f 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -24,6 +24,7 @@ #include "includes.h" #include "smb_krb5.h" #include "../librpc/gen_ndr/ndr_misc.h" +#include "libads/kerberos_proto.h" #ifdef HAVE_KRB5 @@ -284,58 +285,6 @@ int kerberos_kinit_password_ext(const char *principal, return code; } - - -/* run kinit to setup our ccache */ -int ads_kinit_password(ADS_STRUCT *ads) -{ - char *s; - int ret; - const char *account_name; - fstring acct_name; - - if (ads->auth.flags & ADS_AUTH_USER_CREDS) { - account_name = ads->auth.user_name; - goto got_accountname; - } - - if ( IS_DC ) { - /* this will end up getting a ticket for DOMAIN@RUSTED.REA.LM */ - account_name = lp_workgroup(); - } else { - /* always use the sAMAccountName for security = domain */ - /* global_myname()$@REA.LM */ - if ( lp_security() == SEC_DOMAIN ) { - fstr_sprintf( acct_name, "%s$", global_myname() ); - account_name = acct_name; - } - else - /* This looks like host/global_myname()@REA.LM */ - account_name = ads->auth.user_name; - } - - got_accountname: - if (asprintf(&s, "%s@%s", account_name, ads->auth.realm) == -1) { - return KRB5_CC_NOMEM; - } - - if (!ads->auth.password) { - SAFE_FREE(s); - return KRB5_LIBOS_CANTREADPWD; - } - - ret = kerberos_kinit_password_ext(s, ads->auth.password, ads->auth.time_offset, - &ads->auth.tgt_expire, NULL, NULL, False, False, ads->auth.renewable, - NULL); - - if (ret) { - DEBUG(0,("kerberos_kinit_password %s failed: %s\n", - s, error_message(ret))); - } - SAFE_FREE(s); - return ret; -} - int ads_kdestroy(const char *cc_name) { krb5_error_code code; diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c index fa2a1261a2..33b065f654 100644 --- a/source3/libads/kerberos_keytab.c +++ b/source3/libads/kerberos_keytab.c @@ -27,6 +27,7 @@ #include "includes.h" #include "smb_krb5.h" +#include "ads.h" #ifdef HAVE_KRB5 diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h new file mode 100644 index 0000000000..7be81fa9a5 --- /dev/null +++ b/source3/libads/kerberos_proto.h @@ -0,0 +1,67 @@ +/* The following definitions come from libads/kerberos_verify.c */ + +NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx, + const char *realm, + time_t time_offset, + const DATA_BLOB *ticket, + char **principal, + struct PAC_LOGON_INFO **logon_info, + DATA_BLOB *ap_rep, + DATA_BLOB *session_key, + bool use_replay_cache); + +/* The following definitions come from libads/kerberos.c */ + +int kerberos_kinit_password_ext(const char *principal, + const char *password, + int time_offset, + time_t *expire_time, + time_t *renew_till_time, + const char *cache_name, + bool request_pac, + bool add_netbios_addr, + time_t renewable_time, + NTSTATUS *ntstatus); +int ads_kdestroy(const char *cc_name); +char* kerberos_standard_des_salt( void ); +bool kerberos_secrets_store_des_salt( const char* salt ); +char* kerberos_secrets_fetch_des_salt( void ); +char *kerberos_get_default_realm_from_ccache( void ); +char *kerberos_get_realm_from_hostname(const char *hostname); + +bool kerberos_secrets_store_salting_principal(const char *service, + int enctype, + const char *principal); +int kerberos_kinit_password(const char *principal, + const char *password, + int time_offset, + const char *cache_name); +bool create_local_private_krb5_conf_for_domain(const char *realm, + const char *domain, + const char *sitename, + struct sockaddr_storage *pss, + const char *kdc_name); + +/* The following definitions come from libads/authdata.c */ + +NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx, + const char *name, + const char *pass, + time_t time_offset, + time_t *expire_time, + time_t *renew_till_time, + const char *cache_name, + bool request_pac, + bool add_netbios_addr, + time_t renewable_time, + const char *impersonate_princ_s, + struct PAC_LOGON_INFO **logon_info); + +/* The following definitions come from libads/krb5_setpw.c */ + +ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ, + const char *newpw, int time_offset); +ADS_STATUS kerberos_set_password(const char *kpasswd_server, + const char *auth_principal, const char *auth_password, + const char *target_principal, const char *new_password, + int time_offset); diff --git a/source3/libads/kerberos_util.c b/source3/libads/kerberos_util.c new file mode 100644 index 0000000000..4762e1b914 --- /dev/null +++ b/source3/libads/kerberos_util.c @@ -0,0 +1,107 @@ +/* + Unix SMB/CIFS implementation. + krb5 set password implementation + Copyright (C) Andrew Tridgell 2001 + Copyright (C) Remus Koos 2001 (remuskoos@yahoo.com) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "includes.h" +#include "smb_krb5.h" +#include "ads.h" + +#ifdef HAVE_KRB5 + +/** + * Set the machine account password + * @param ads connection to ads server + * @param hostname machine whose password is being set + * @param password new password + * @return status of password change + **/ +ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads, + const char *machine_account, + const char *password) +{ + ADS_STATUS status; + char *principal = NULL; + + /* + we need to use the '$' form of the name here (the machine account name), + as otherwise the server might end up setting the password for a user + instead + */ + if (asprintf(&principal, "%s@%s", machine_account, ads->config.realm) < 0) { + return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); + } + + status = ads_krb5_set_password(ads->auth.kdc_server, principal, + password, ads->auth.time_offset); + + SAFE_FREE(principal); + return status; +} + +/* run kinit to setup our ccache */ +int ads_kinit_password(ADS_STRUCT *ads) +{ + char *s; + int ret; + const char *account_name; + fstring acct_name; + + if (ads->auth.flags & ADS_AUTH_USER_CREDS) { + account_name = ads->auth.user_name; + goto got_accountname; + } + + if ( IS_DC ) { + /* this will end up getting a ticket for DOMAIN@RUSTED.REA.LM */ + account_name = lp_workgroup(); + } else { + /* always use the sAMAccountName for security = domain */ + /* global_myname()$@REA.LM */ + if ( lp_security() == SEC_DOMAIN ) { + fstr_sprintf( acct_name, "%s$", global_myname() ); + account_name = acct_name; + } + else + /* This looks like host/global_myname()@REA.LM */ + account_name = ads->auth.user_name; + } + + got_accountname: + if (asprintf(&s, "%s@%s", account_name, ads->auth.realm) == -1) { + return KRB5_CC_NOMEM; + } + + if (!ads->auth.password) { + SAFE_FREE(s); + return KRB5_LIBOS_CANTREADPWD; + } + + ret = kerberos_kinit_password_ext(s, ads->auth.password, ads->auth.time_offset, + &ads->auth.tgt_expire, NULL, NULL, False, False, ads->auth.renewable, + NULL); + + if (ret) { + DEBUG(0,("kerberos_kinit_password %s failed: %s\n", + s, error_message(ret))); + } + SAFE_FREE(s); + return ret; +} + +#endif diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c index 2047f0e3b9..f8a6602194 100644 --- a/source3/libads/kerberos_verify.c +++ b/source3/libads/kerberos_verify.c @@ -25,6 +25,7 @@ #include "includes.h" #include "smb_krb5.h" +#include "libads/kerberos_proto.h" #ifdef HAVE_KRB5 diff --git a/source3/libads/krb5_setpw.c b/source3/libads/krb5_setpw.c index ec5cafc49d..1c04d896de 100644 --- a/source3/libads/krb5_setpw.c +++ b/source3/libads/krb5_setpw.c @@ -20,6 +20,7 @@ #include "includes.h" #include "smb_krb5.h" +#include "libads/kerberos_proto.h" #ifdef HAVE_KRB5 @@ -806,34 +807,4 @@ ADS_STATUS kerberos_set_password(const char *kpasswd_server, new_password, time_offset); } - -/** - * Set the machine account password - * @param ads connection to ads server - * @param hostname machine whose password is being set - * @param password new password - * @return status of password change - **/ -ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads, - const char *machine_account, - const char *password) -{ - ADS_STATUS status; - char *principal = NULL; - - /* - we need to use the '$' form of the name here (the machine account name), - as otherwise the server might end up setting the password for a user - instead - */ - if (asprintf(&principal, "%s@%s", machine_account, ads->config.realm) < 0) { - return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); - } - - status = ads_krb5_set_password(ads->auth.kdc_server, principal, - password, ads->auth.time_offset); - - SAFE_FREE(principal); - return status; -} #endif diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 5adbd6d039..77ab51ee26 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -22,6 +22,7 @@ */ #include "includes.h" +#include "ads.h" #include "libads/sitename_cache.h" #include "libads/cldap.h" #include "libads/dns.h" diff --git a/source3/libads/ldap_printer.c b/source3/libads/ldap_printer.c index fff50cfe8b..e4a7d34cf1 100644 --- a/source3/libads/ldap_printer.c +++ b/source3/libads/ldap_printer.c @@ -18,6 +18,7 @@ */ #include "includes.h" +#include "ads.h" #include "../librpc/gen_ndr/cli_spoolss.h" #include "rpc_client/cli_spoolss.h" #include "registry.h" diff --git a/source3/libads/ldap_schema.c b/source3/libads/ldap_schema.c index c739286abb..80ec45c73c 100644 --- a/source3/libads/ldap_schema.c +++ b/source3/libads/ldap_schema.c @@ -19,6 +19,7 @@ */ #include "includes.h" +#include "ads.h" #include "libads/ldap_schema.h" #ifdef HAVE_LDAP diff --git a/source3/libads/ldap_user.c b/source3/libads/ldap_user.c index ffd20f9bd2..55421009a7 100644 --- a/source3/libads/ldap_user.c +++ b/source3/libads/ldap_user.c @@ -18,6 +18,7 @@ */ #include "includes.h" +#include "ads.h" #include "../libds/common/flags.h" #ifdef HAVE_ADS diff --git a/source3/libads/ldap_utils.c b/source3/libads/ldap_utils.c index f9106caed1..c0c1adba30 100644 --- a/source3/libads/ldap_utils.c +++ b/source3/libads/ldap_utils.c @@ -21,6 +21,7 @@ */ #include "includes.h" +#include "ads.h" #ifdef HAVE_LDAP /* diff --git a/source3/libads/ndr.c b/source3/libads/ndr.c index 397aa2ca60..843ae3b615 100644 --- a/source3/libads/ndr.c +++ b/source3/libads/ndr.c @@ -20,6 +20,7 @@ */ #include "includes.h" +#include "ads.h" #include "../librpc/gen_ndr/ndr_netlogon.h" void ndr_print_ads_auth_flags(struct ndr_print *ndr, const char *name, uint32_t r) diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index f4a0ac627e..7ad4c9a868 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -20,6 +20,8 @@ #include "includes.h" #include "../libcli/auth/spnego.h" #include "../libcli/auth/ntlmssp.h" +#include "ads.h" +#include "smb_krb5.h" #ifdef HAVE_LDAP diff --git a/source3/libads/sasl_wrapping.c b/source3/libads/sasl_wrapping.c index 2bfa079235..d7353ac79c 100644 --- a/source3/libads/sasl_wrapping.c +++ b/source3/libads/sasl_wrapping.c @@ -18,6 +18,7 @@ */ #include "includes.h" +#include "ads.h" #ifdef HAVE_LDAP_SASL_WRAPPING diff --git a/source3/libads/util.c b/source3/libads/util.c index 9dcb906a37..f028c75cfe 100644 --- a/source3/libads/util.c +++ b/source3/libads/util.c @@ -18,6 +18,7 @@ */ #include "includes.h" +#include "ads.h" #ifdef HAVE_KRB5 diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index e2b917966b..2d18261bfb 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -19,6 +19,7 @@ */ #include "includes.h" +#include "ads.h" #include "librpc/gen_ndr/ndr_libnet_join.h" #include "libnet/libnet_join.h" #include "libcli/auth/libcli_auth.h" diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 2d3e5a56a7..a0f8f282b3 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -23,6 +23,7 @@ #include "../libcli/auth/spnego.h" #include "smb_krb5.h" #include "../libcli/auth/ntlmssp.h" +#include "libads/kerberos_proto.h" static const struct { int prot; diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c index cebd793537..6458e5d564 100644 --- a/source3/libsmb/namequery_dc.c +++ b/source3/libsmb/namequery_dc.c @@ -24,6 +24,7 @@ #include "includes.h" #include "libads/sitename_cache.h" +#include "ads.h" /********************************************************************** Is this our primary domain ? diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index f65a9d50e9..a91e82fe3d 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -57,6 +57,8 @@ #include "lib/smbconf/smbconf_init.h" #include "lib/smbconf/smbconf_reg.h" +#include "ads.h" + #ifdef HAVE_SYS_SYSCTL_H #include <sys/sysctl.h> #endif diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index 9d8e7ece2c..514170e5fa 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -28,6 +28,7 @@ #include "../libcli/auth/ntlmssp.h" #include "ntlmssp_wrap.h" #include "librpc/gen_ndr/messaging.h" +#include "libads/kerberos_proto.h" /* For split krb5 SPNEGO blobs. */ struct pending_auth_data { diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c index f5272b35cd..4f6d5d2e13 100644 --- a/source3/smbd/smb2_sesssetup.c +++ b/source3/smbd/smb2_sesssetup.c @@ -25,6 +25,7 @@ #include "../libcli/auth/spnego.h" #include "../libcli/auth/ntlmssp.h" #include "ntlmssp_wrap.h" +#include "libads/kerberos_proto.h" static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *smb2req, uint64_t in_session_id, diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index ef28fc7008..71181990b5 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -25,10 +25,10 @@ #include "librpc/gen_ndr/ndr_krb5pac.h" #include "../librpc/gen_ndr/cli_spoolss.h" #include "nsswitch/libwbclient/wbclient.h" +#include "ads.h" #include "libads/cldap.h" #include "libads/dns.h" #include "../libds/common/flags.h" -#include "ads.h" #include "librpc/gen_ndr/libnet_join.h" #include "libnet/libnet_join.h" #include "smb_krb5.h" diff --git a/source3/utils/net_ads_gpo.c b/source3/utils/net_ads_gpo.c index 05c3676160..57396c76e3 100644 --- a/source3/utils/net_ads_gpo.c +++ b/source3/utils/net_ads_gpo.c @@ -19,6 +19,7 @@ #include "includes.h" #include "utils/net.h" +#include "ads.h" #include "../libgpo/gpo.h" #include "libgpo/gpo_proto.h" #include "../libds/common/flags.h" diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h index 9f3fe155a4..4791223f2d 100644 --- a/source3/utils/net_proto.h +++ b/source3/utils/net_proto.h @@ -45,9 +45,9 @@ void debug_unix_user_token(int dbg_class, int dbg_lev, uid_t uid, gid_t gid, enum netr_SchannelType get_sec_channel_type(const char *param); /* The following definitions come from utils/net_ads.c */ - -ADS_STATUS ads_startup(struct net_context *c, bool only_own_domain, ADS_STRUCT **ads); -ADS_STATUS ads_startup_nobind(struct net_context *c, bool only_own_domain, ADS_STRUCT **ads); +struct ads_struct; +ADS_STATUS ads_startup(struct net_context *c, bool only_own_domain, struct ads_struct **ads); +ADS_STATUS ads_startup_nobind(struct net_context *c, bool only_own_domain, struct ads_struct **ads); int net_ads_check_our_domain(struct net_context *c); int net_ads_check(struct net_context *c); int net_ads_user(struct net_context *c, int argc, const char **argv); diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 971ba96220..1ddc94b8f7 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -31,6 +31,7 @@ #include "smb_krb5.h" #include <iniparser.h> #include "../lib/crypto/arcfour.h" +#include "libads/kerberos_proto.h" #ifndef PAM_WINBIND_CONFIG_FILE #define PAM_WINBIND_CONFIG_FILE "/etc/security/pam_winbind.conf" diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c index 7aaaa9d272..def41c6c11 100644 --- a/source3/winbindd/idmap_ad.c +++ b/source3/winbindd/idmap_ad.c @@ -28,6 +28,7 @@ #include "includes.h" #include "winbindd.h" #include "../libds/common/flags.h" +#include "ads.h" #include "libads/ldap_schema.h" #include "nss_info.h" diff --git a/source3/winbindd/idmap_adex/cell_util.c b/source3/winbindd/idmap_adex/cell_util.c index 257647a797..c32bb9179d 100644 --- a/source3/winbindd/idmap_adex/cell_util.c +++ b/source3/winbindd/idmap_adex/cell_util.c @@ -19,6 +19,7 @@ */ #include "includes.h" +#include "ads.h" #include "idmap_adex.h" #include "../libds/common/flags.h" diff --git a/source3/winbindd/idmap_adex/domain_util.c b/source3/winbindd/idmap_adex/domain_util.c index dae5415b3b..72643e97da 100644 --- a/source3/winbindd/idmap_adex/domain_util.c +++ b/source3/winbindd/idmap_adex/domain_util.c @@ -19,6 +19,7 @@ */ #include "includes.h" +#include "ads.h" #include "idmap_adex.h" #undef DBGC_CLASS diff --git a/source3/winbindd/idmap_adex/gc_util.c b/source3/winbindd/idmap_adex/gc_util.c index 9b4ce77b00..339234dfaf 100644 --- a/source3/winbindd/idmap_adex/gc_util.c +++ b/source3/winbindd/idmap_adex/gc_util.c @@ -19,6 +19,7 @@ */ #include "includes.h" +#include "ads.h" #include "idmap_adex.h" #include "libads/cldap.h" diff --git a/source3/winbindd/idmap_adex/idmap_adex.c b/source3/winbindd/idmap_adex/idmap_adex.c index aabc4da400..c815e75a29 100644 --- a/source3/winbindd/idmap_adex/idmap_adex.c +++ b/source3/winbindd/idmap_adex/idmap_adex.c @@ -19,6 +19,7 @@ */ #include "includes.h" +#include "ads.h" #include "idmap_adex.h" #include "nss_info.h" diff --git a/source3/winbindd/idmap_adex/likewise_cell.c b/source3/winbindd/idmap_adex/likewise_cell.c index f1abb24da2..24343eb554 100644 --- a/source3/winbindd/idmap_adex/likewise_cell.c +++ b/source3/winbindd/idmap_adex/likewise_cell.c @@ -19,6 +19,7 @@ */ #include "includes.h" +#include "ads.h" #include "idmap_adex.h" #undef DBGC_CLASS diff --git a/source3/winbindd/idmap_adex/provider_unified.c b/source3/winbindd/idmap_adex/provider_unified.c index f66d4dfbf4..999615ca3c 100644 --- a/source3/winbindd/idmap_adex/provider_unified.c +++ b/source3/winbindd/idmap_adex/provider_unified.c @@ -21,6 +21,7 @@ */ #include "includes.h" +#include "ads.h" #include "idmap_adex.h" #undef DBGC_CLASS diff --git a/source3/winbindd/idmap_hash/idmap_hash.c b/source3/winbindd/idmap_hash/idmap_hash.c index de4652d684..ed55cd5dd4 100644 --- a/source3/winbindd/idmap_hash/idmap_hash.c +++ b/source3/winbindd/idmap_hash/idmap_hash.c @@ -21,6 +21,7 @@ #include "includes.h" #include "winbindd/winbindd.h" #include "idmap_hash.h" +#include "ads.h" #include "nss_info.h" #undef DBGC_CLASS diff --git a/source3/winbindd/nss_info.c b/source3/winbindd/nss_info.c index 82eb6c7db5..67ffbf21cc 100644 --- a/source3/winbindd/nss_info.c +++ b/source3/winbindd/nss_info.c @@ -20,6 +20,7 @@ */ #include "includes.h" +#include "ads.h" #include "nss_info.h" static struct nss_function_entry *backends = NULL; diff --git a/source3/winbindd/nss_info_template.c b/source3/winbindd/nss_info_template.c index 1b69a8cb2b..0bc398e908 100644 --- a/source3/winbindd/nss_info_template.c +++ b/source3/winbindd/nss_info_template.c @@ -19,6 +19,7 @@ */ #include "includes.h" +#include "ads.h" #include "nss_info.h" /************************************************************************ diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index c73e1a0aeb..949e206d04 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -25,6 +25,7 @@ #include "winbindd.h" #include "../librpc/gen_ndr/cli_netlogon.h" #include "../libds/common/flags.h" +#include "ads.h" #ifdef HAVE_ADS diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c index 631a14d413..5d12c2b3bc 100644 --- a/source3/winbindd/winbindd_cache.c +++ b/source3/winbindd/winbindd_cache.c @@ -28,6 +28,7 @@ #include "tdb_validate.h" #include "../libcli/auth/libcli_auth.h" #include "../librpc/gen_ndr/ndr_wbint.h" +#include "ads.h" #include "nss_info.h" #undef DBGC_CLASS diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index b300357190..c10d82cb49 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -70,6 +70,7 @@ #include "libads/sitename_cache.h" #include "librpc/gen_ndr/messaging.h" #include "libsmb/clidgram.h" +#include "ads.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND diff --git a/source3/winbindd/winbindd_cred_cache.c b/source3/winbindd/winbindd_cred_cache.c index 22e135a381..ab8934bfd4 100644 --- a/source3/winbindd/winbindd_cred_cache.c +++ b/source3/winbindd/winbindd_cred_cache.c @@ -25,6 +25,7 @@ #include "winbindd.h" #include "../libcli/auth/libcli_auth.h" #include "smb_krb5.h" +#include "libads/kerberos_proto.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 010245f05d..11b16310b4 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -32,6 +32,7 @@ #include "smb_krb5.h" #include "../lib/crypto/arcfour.h" #include "../libcli/security/dom_sid.h" +#include "ads.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_WINBIND diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index a26a9df889..eb9ca4bace 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -155,10 +155,11 @@ bool wcache_tdc_fetch_list( struct winbindd_tdc_domain **domains, size_t *num_do bool wcache_tdc_add_domain( struct winbindd_domain *domain ); struct winbindd_tdc_domain * wcache_tdc_fetch_domain( TALLOC_CTX *ctx, const char *name ); void wcache_tdc_clear( void ); +struct ads_struct; NTSTATUS nss_get_info_cached( struct winbindd_domain *domain, const struct dom_sid *user_sid, TALLOC_CTX *ctx, - ADS_STRUCT *ads, LDAPMessage *msg, + struct ads_struct *ads, LDAPMessage *msg, const char **homedir, const char **shell, const char **gecos, gid_t *p_gid); bool wcache_store_seqnum(const char *domain_name, uint32_t seqnum, diff --git a/source3/wscript_build b/source3/wscript_build index aec350ffce..1babb54db8 100644 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -205,7 +205,9 @@ LIBGPO_SRC = '''${LIBGPO_SRC0}''' LIBADS_SRC = '''libads/ldap.c libads/ldap_printer.c libads/sasl.c libads/sasl_wrapping.c - libads/krb5_setpw.c libads/ldap_user.c + libads/krb5_setpw.c + libads/kerberos_util.c + libads/ldap_user.c libads/ads_struct.c libads/kerberos_keytab.c libads/disp_sec.c libads/ads_utils.c libads/ldap_utils.c libads/ldap_schema.c libads/util.c libads/ndr.c''' |