diff options
Diffstat (limited to 'source3/libads')
| -rw-r--r-- | source3/libads/ads_ldap_protos.h | 28 | ||||
| -rw-r--r-- | source3/libads/ads_proto.h | 36 | ||||
| -rw-r--r-- | source3/libads/ads_status.c | 1 | ||||
| -rw-r--r-- | source3/libads/ads_status.h | 26 | ||||
| -rw-r--r-- | source3/libads/authdata.c | 2 | ||||
| -rw-r--r-- | source3/libads/cldap.c | 14 | ||||
| -rw-r--r-- | source3/libads/cldap.h | 31 | ||||
| -rw-r--r-- | source3/libads/dns.c | 25 | ||||
| -rw-r--r-- | source3/libads/dns.h | 37 | ||||
| -rw-r--r-- | source3/libads/kerberos.c | 45 | ||||
| -rw-r--r-- | source3/libads/kerberos_keytab.c | 14 | ||||
| -rw-r--r-- | source3/libads/kerberos_proto.h | 36 | ||||
| -rw-r--r-- | source3/libads/kerberos_util.c | 6 | ||||
| -rw-r--r-- | source3/libads/kerberos_verify.c | 6 | ||||
| -rw-r--r-- | source3/libads/ldap.c | 145 | ||||
| -rw-r--r-- | source3/libads/ldap_printer.c | 6 | ||||
| -rw-r--r-- | source3/libads/ldap_schema.c | 6 | ||||
| -rw-r--r-- | source3/libads/ldap_schema.h | 25 | ||||
| -rw-r--r-- | source3/libads/ldap_utils.c | 2 | ||||
| -rw-r--r-- | source3/libads/ndr.c | 2 | ||||
| -rw-r--r-- | source3/libads/sasl.c | 6 |
21 files changed, 334 insertions, 165 deletions
diff --git a/source3/libads/ads_ldap_protos.h b/source3/libads/ads_ldap_protos.h index 03869fe5c9..0fb7134994 100644 --- a/source3/libads/ads_ldap_protos.h +++ b/source3/libads/ads_ldap_protos.h @@ -1,4 +1,30 @@ /* + Unix SMB/CIFS implementation. + ads (active directory) utility library + Copyright (C) Andrew Tridgell 2001 + Copyright (C) Remus Koos 2001 + Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002 + Copyright (C) Guenther Deschner 2005 + Copyright (C) Gerald Carter 2006 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _LIBADS_ADS_LDAP_PROTOS_H_ +#define _LIBADS_ADS_LDAP_PROTOS_H_ + +/* * Prototypes for ads */ @@ -112,3 +138,5 @@ ADS_STATUS ads_get_joinable_ous(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, char ***ous, size_t *num_ous); + +#endif /* _LIBADS_ADS_LDAP_PROTOS_H_ */ diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h index ed702de8a6..324fa2a9cc 100644 --- a/source3/libads/ads_proto.h +++ b/source3/libads/ads_proto.h @@ -1,3 +1,37 @@ +/* + * Unix SMB/CIFS implementation. + * ads (active directory) utility library + * + * Copyright (C) Andrew Bartlett 2001 + * Copyright (C) Andrew Tridgell 2001 + * Copyright (C) Remus Koos (remuskoos@yahoo.com) 2001 + * Copyright (C) Alexey Kotovich 2002 + * Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002-2003 + * Copyright (C) Luke Howard 2003 + * Copyright (C) Guenther Deschner 2003-2008 + * Copyright (C) Rakesh Patel 2004 + * Copyright (C) Dan Perry 2004 + * Copyright (C) Jeremy Allison 2004 + * Copyright (C) Gerald Carter 2006 + * Copyright (C) Stefan Metzmacher 2007 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#ifndef _LIBADS_ADS_PROTO_H_ +#define _LIBADS_ADS_PROTO_H_ + /* The following definitions come from libads/ads_struct.c */ char *ads_build_path(const char *realm, const char *sep, const char *field, int reverse); @@ -152,3 +186,5 @@ ADS_STATUS ads_setup_sasl_wrapping(ADS_STRUCT *ads, /* The following definitions come from libads/util.c */ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_principal); + +#endif /* _LIBADS_ADS_PROTO_H_ */ diff --git a/source3/libads/ads_status.c b/source3/libads/ads_status.c index b99464118d..a9e59edadd 100644 --- a/source3/libads/ads_status.c +++ b/source3/libads/ads_status.c @@ -23,6 +23,7 @@ #include "includes.h" #include "smb_krb5.h" #include "smb_ldap.h" +#include "libads/ads_status.h" /* build a ADS_STATUS structure diff --git a/source3/libads/ads_status.h b/source3/libads/ads_status.h index 4c27e16f50..ff7c103638 100644 --- a/source3/libads/ads_status.h +++ b/source3/libads/ads_status.h @@ -1,3 +1,27 @@ +/* + Unix SMB/CIFS implementation. + ads (active directory) utility library + Copyright (C) Andrew Tridgell 2001 + Copyright (C) Remus Koos 2001 + Copyright (C) Andrew Bartlett 2001 + + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _LIBADS_ADS_STATUS_H_ +#define _LIBADS_ADS_STATUS_H_ /* there are 5 possible types of errors the ads subsystem can produce */ enum ads_error_type {ENUM_ADS_ERROR_KRB5, ENUM_ADS_ERROR_GSS, @@ -40,3 +64,5 @@ ADS_STATUS ads_build_nt_error(enum ads_error_type etype, NTSTATUS ads_ntstatus(ADS_STATUS status); const char *ads_errstr(ADS_STATUS status); NTSTATUS gss_err_to_ntstatus(uint32 maj, uint32 min); + +#endif /* _LIBADS_ADS_STATUS_H_ */ diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c index 6f49b857da..44279a24d7 100644 --- a/source3/libads/authdata.c +++ b/source3/libads/authdata.c @@ -78,7 +78,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx, NT_STATUS_HAVE_NO_MEMORY(auth_princ); local_service = talloc_asprintf(mem_ctx, "%s$@%s", - global_myname(), lp_realm()); + lp_netbios_name(), lp_realm()); NT_STATUS_HAVE_NO_MEMORY(local_service); ret = kerberos_kinit_password_ext(auth_princ, diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index 5d2e900c05..03fa17c26f 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -30,7 +30,7 @@ *******************************************************************/ bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx, - const char *server, + struct sockaddr_storage *ss, const char *realm, uint32_t nt_version, struct netlogon_samlogon_response **_reply) @@ -39,18 +39,12 @@ bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx, struct cldap_netlogon io; struct netlogon_samlogon_response *reply; NTSTATUS status; - struct sockaddr_storage ss; char addrstr[INET6_ADDRSTRLEN]; const char *dest_str; int ret; struct tsocket_address *dest_addr; - if (!interpret_string_addr_prefer_ipv4(&ss, server, 0)) { - DEBUG(2,("Failed to resolve[%s] into an address for cldap\n", - server)); - return false; - } - dest_str = print_sockaddr(addrstr, sizeof(addrstr), &ss); + dest_str = print_sockaddr(addrstr, sizeof(addrstr), ss); ret = tsocket_address_inet_from_strings(mem_ctx, "ip", dest_str, LDAP_PORT, @@ -113,7 +107,7 @@ failed: *******************************************************************/ bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx, - const char *server, + struct sockaddr_storage *ss, const char *realm, struct NETLOGON_SAM_LOGON_RESPONSE_EX *reply5) { @@ -121,7 +115,7 @@ bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx, struct netlogon_samlogon_response *reply = NULL; bool ret; - ret = ads_cldap_netlogon(mem_ctx, server, realm, nt_version, &reply); + ret = ads_cldap_netlogon(mem_ctx, ss, realm, nt_version, &reply); if (!ret) { return false; } diff --git a/source3/libads/cldap.h b/source3/libads/cldap.h index e2d05ce731..60e1c56038 100644 --- a/source3/libads/cldap.h +++ b/source3/libads/cldap.h @@ -1,12 +1,39 @@ +/* + Samba Unix/Linux SMB client library + net ads cldap functions + Copyright (C) 2001 Andrew Tridgell (tridge@samba.org) + Copyright (C) 2003 Jim McDonough (jmcd@us.ibm.com) + Copyright (C) 2008 Guenther Deschner (gd@samba.org) + Copyright (C) 2009 Stefan Metzmacher (metze@samba.org) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _LIBADS_CLDAP_H_ +#define _LIBADS_CLDAP_H_ + #include "../libcli/netlogon/netlogon.h" /* The following definitions come from libads/cldap.c */ bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx, - const char *server, + struct sockaddr_storage *ss, const char *realm, uint32_t nt_version, struct netlogon_samlogon_response **reply); bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx, - const char *server, + struct sockaddr_storage *ss, const char *realm, struct NETLOGON_SAM_LOGON_RESPONSE_EX *reply5); + +#endif /* _LIBADS_CLDAP_H_ */ diff --git a/source3/libads/dns.c b/source3/libads/dns.c index 113e63710b..5eae10ec28 100644 --- a/source3/libads/dns.c +++ b/source3/libads/dns.c @@ -328,7 +328,7 @@ static NTSTATUS dns_send_req( TALLOC_CTX *ctx, const char *name, int q_type, buf_len = resp_len * sizeof(uint8); if (buf_len) { - if ((buffer = TALLOC_ARRAY(ctx, uint8, buf_len)) + if ((buffer = talloc_array(ctx, uint8, buf_len)) == NULL ) { DEBUG(0,("ads_dns_lookup_srv: " "talloc() failed!\n")); @@ -401,11 +401,19 @@ static NTSTATUS ads_dns_lookup_srv( TALLOC_CTX *ctx, int rrnum; int idx = 0; NTSTATUS status; + const char *dns_hosts_file; if ( !ctx || !name || !dclist ) { return NT_STATUS_INVALID_PARAMETER; } + dns_hosts_file = lp_parm_const_string(-1, "resolv", "host file", NULL); + if (dns_hosts_file) { + return resolve_dns_hosts_file_as_dns_rr(dns_hosts_file, + name, true, ctx, + dclist, numdcs); + } + /* Send the request. May have to loop several times in case of large replies */ @@ -434,7 +442,7 @@ static NTSTATUS ads_dns_lookup_srv( TALLOC_CTX *ctx, answer_count)); if (answer_count) { - if ((dcs = TALLOC_ZERO_ARRAY(ctx, struct dns_rr_srv, + if ((dcs = talloc_zero_array(ctx, struct dns_rr_srv, answer_count)) == NULL ) { DEBUG(0,("ads_dns_lookup_srv: " "talloc() failure for %d char*'s\n", @@ -526,13 +534,13 @@ static NTSTATUS ads_dns_lookup_srv( TALLOC_CTX *ctx, /* allocate new memory */ if (dcs[i].num_ips == 0) { - if ((dcs[i].ss_s = TALLOC_ARRAY(dcs, + if ((dcs[i].ss_s = talloc_array(dcs, struct sockaddr_storage, 1 )) == NULL ) { return NT_STATUS_NO_MEMORY; } } else { - if ((tmp_ss_s = TALLOC_REALLOC_ARRAY(dcs, + if ((tmp_ss_s = talloc_realloc(dcs, dcs[i].ss_s, struct sockaddr_storage, dcs[i].num_ips+1)) @@ -590,11 +598,18 @@ NTSTATUS ads_dns_lookup_ns(TALLOC_CTX *ctx, int rrnum; int idx = 0; NTSTATUS status; + const char *dns_hosts_file; if ( !ctx || !dnsdomain || !nslist ) { return NT_STATUS_INVALID_PARAMETER; } + dns_hosts_file = lp_parm_const_string(-1, "resolv", "host file", NULL); + if (dns_hosts_file) { + DEBUG(1, ("NO 'NS' lookup available when using resolv:host file")); + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } + /* Send the request. May have to loop several times in case of large replies */ @@ -623,7 +638,7 @@ NTSTATUS ads_dns_lookup_ns(TALLOC_CTX *ctx, answer_count)); if (answer_count) { - if ((nsarray = TALLOC_ARRAY(ctx, struct dns_rr_ns, + if ((nsarray = talloc_array(ctx, struct dns_rr_ns, answer_count)) == NULL ) { DEBUG(0,("ads_dns_lookup_ns: " "talloc() failure for %d char*'s\n", diff --git a/source3/libads/dns.h b/source3/libads/dns.h index b747e97bb7..f53153ba26 100644 --- a/source3/libads/dns.h +++ b/source3/libads/dns.h @@ -20,42 +20,7 @@ #ifndef _ADS_DNS_H #define _ADS_DNS_H -/* DNS query section in replies */ - -struct dns_query { - const char *hostname; - uint16 type; - uint16 in_class; -}; - -/* DNS RR record in reply */ - -struct dns_rr { - const char *hostname; - uint16 type; - uint16 in_class; - uint32 ttl; - uint16 rdatalen; - uint8 *rdata; -}; - -/* SRV records */ - -struct dns_rr_srv { - const char *hostname; - uint16 priority; - uint16 weight; - uint16 port; - size_t num_ips; - struct sockaddr_storage *ss_s; /* support multi-homed hosts */ -}; - -/* NS records */ - -struct dns_rr_ns { - const char *hostname; - struct sockaddr_storage ss; -}; +#include "libcli/dns/dns.h" /* The following definitions come from libads/dns.c */ diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index d496ade71b..913d690049 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -223,8 +223,8 @@ int kerberos_kinit_password_ext(const char *principal, krb5_get_init_creds_opt_set_address_list(opt, addr->addrs); } - if ((code = krb5_get_init_creds_password(ctx, &my_creds, me, CONST_DISCARD(char *,password), - kerb_prompter, CONST_DISCARD(char *,password), + if ((code = krb5_get_init_creds_password(ctx, &my_creds, me, discard_const_p(char,password), + kerb_prompter, discard_const_p(char, password), 0, NULL, opt))) { goto out; } @@ -352,7 +352,7 @@ char* kerberos_standard_des_salt( void ) { fstring salt; - fstr_sprintf( salt, "host/%s.%s@", global_myname(), lp_realm() ); + fstr_sprintf( salt, "host/%s.%s@", lp_netbios_name(), lp_realm() ); strlower_m( salt ); fstrcat( salt, lp_realm() ); @@ -958,22 +958,37 @@ bool create_local_private_krb5_conf_for_domain(const char *realm, /* Insanity, sheer insanity..... */ if (strequal(realm, lp_realm())) { - char linkpath[PATH_MAX+1]; - int lret; - - lret = readlink(SYSTEM_KRB5_CONF_PATH, linkpath, sizeof(linkpath)-1); - if (lret != -1) { - linkpath[lret] = '\0'; - } - - if (lret != -1 || strcmp(linkpath, fname) == 0) { - /* Symlink already exists. */ - goto done; + SMB_STRUCT_STAT sbuf; + + if (sys_lstat(SYSTEM_KRB5_CONF_PATH, &sbuf, false) == 0) { + if (S_ISLNK(sbuf.st_ex_mode) && sbuf.st_ex_size) { + int lret; + size_t alloc_size = sbuf.st_ex_size + 1; + char *linkpath = talloc_array(talloc_tos(), char, + alloc_size); + if (!linkpath) { + goto done; + } + lret = readlink(SYSTEM_KRB5_CONF_PATH, linkpath, + alloc_size - 1); + if (lret == -1) { + TALLOC_FREE(linkpath); + goto done; + } + linkpath[lret] = '\0'; + + if (strcmp(linkpath, fname) == 0) { + /* Symlink already exists. */ + TALLOC_FREE(linkpath); + goto done; + } + TALLOC_FREE(linkpath); + } } /* Try and replace with a symlink. */ if (symlink(fname, SYSTEM_KRB5_CONF_PATH) == -1) { - const char *newpath = SYSTEM_KRB5_CONF_PATH ## ".saved"; + const char *newpath = SYSTEM_KRB5_CONF_PATH ".saved"; if (errno != EEXIST) { DEBUG(0,("create_local_private_krb5_conf_for_domain: symlink " "of %s to %s failed. Errno %s\n", diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c index 6e1b7c08fe..7654c666f4 100644 --- a/source3/libads/kerberos_keytab.c +++ b/source3/libads/kerberos_keytab.c @@ -316,7 +316,7 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc) goto out; } - my_fqdn = ads_get_dnshostname(ads, tmpctx, global_myname()); + my_fqdn = ads_get_dnshostname(ads, tmpctx, lp_netbios_name()); if (!my_fqdn) { DEBUG(0, (__location__ ": unable to determine machine " "account's dns name in AD!\n")); @@ -324,7 +324,7 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc) goto out; } - machine_name = ads_get_samaccountname(ads, tmpctx, global_myname()); + machine_name = ads_get_samaccountname(ads, tmpctx, lp_netbios_name()); if (!machine_name) { DEBUG(0, (__location__ ": unable to determine machine " "account's short name in AD!\n")); @@ -380,7 +380,7 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc) "'%s'\n", princ_s)); aderr = ads_add_service_principal_name(ads, - global_myname(), my_fqdn, srvPrinc); + lp_netbios_name(), my_fqdn, srvPrinc); if (!ADS_ERR_OK(aderr)) { DEBUG(1, (__location__ ": failed to " "ads_add_service_principal_name.\n")); @@ -389,7 +389,7 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc) } } - kvno = (krb5_kvno)ads_get_machine_kvno(ads, global_myname()); + kvno = (krb5_kvno)ads_get_machine_kvno(ads, lp_netbios_name()); if (kvno == -1) { /* -1 indicates failure, everything else is OK */ DEBUG(1, (__location__ ": ads_get_machine_kvno failed to " @@ -458,7 +458,7 @@ int ads_keytab_flush(ADS_STRUCT *ads) goto out; } - kvno = (krb5_kvno)ads_get_machine_kvno(ads, global_myname()); + kvno = (krb5_kvno)ads_get_machine_kvno(ads, lp_netbios_name()); if (kvno == -1) { /* -1 indicates a failure */ DEBUG(1, (__location__ ": Error determining the kvno.\n")); @@ -472,7 +472,7 @@ int ads_keytab_flush(ADS_STRUCT *ads) goto out; } - aderr = ads_clear_service_principal_names(ads, global_myname()); + aderr = ads_clear_service_principal_names(ads, lp_netbios_name()); if (!ADS_ERR_OK(aderr)) { DEBUG(1, (__location__ ": Error while clearing service " "principal listings in LDAP.\n")); @@ -547,7 +547,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads) goto done; } - machine_name = talloc_strdup(tmpctx, global_myname()); + machine_name = talloc_strdup(tmpctx, lp_netbios_name()); if (!machine_name) { ret = -1; goto done; diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h index afd57fe220..406669cc49 100644 --- a/source3/libads/kerberos_proto.h +++ b/source3/libads/kerberos_proto.h @@ -1,5 +1,39 @@ +/* + * Unix SMB/CIFS implementation. + * kerberos utility library + * + * Copyright (C) Andrew Tridgell 2001 + * Copyright (C) Remus Koos (remuskoos@yahoo.com) 2001 + * Copyright (C) Luke Howard 2002-2003 + * Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003 + * Copyright (C) Guenther Deschner 2003-2008 + * Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005 + * Copyright (C) Jeremy Allison 2004,2007 + * Copyright (C) Stefan Metzmacher 2004-2005 + * Copyright (C) Nalin Dahyabhai <nalin@redhat.com> 2004 + * Copyright (C) Gerald Carter 2006 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +#ifndef _LIBADS_KERBEROS_PROTO_H_ +#define _LIBADS_KERBEROS_PROTO_H_ + struct PAC_LOGON_INFO; +#include "libads/ads_status.h" + /* The following definitions come from libads/kerberos_verify.c */ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx, @@ -67,3 +101,5 @@ ADS_STATUS kerberos_set_password(const char *kpasswd_server, const char *auth_principal, const char *auth_password, const char *target_principal, const char *new_password, int time_offset); + +#endif /* _LIBADS_KERBEROS_PROTO_H_ */ diff --git a/source3/libads/kerberos_util.c b/source3/libads/kerberos_util.c index 4762e1b914..4935da8e79 100644 --- a/source3/libads/kerberos_util.c +++ b/source3/libads/kerberos_util.c @@ -72,13 +72,13 @@ int ads_kinit_password(ADS_STRUCT *ads) account_name = lp_workgroup(); } else { /* always use the sAMAccountName for security = domain */ - /* global_myname()$@REA.LM */ + /* lp_netbios_name()$@REA.LM */ if ( lp_security() == SEC_DOMAIN ) { - fstr_sprintf( acct_name, "%s$", global_myname() ); + fstr_sprintf( acct_name, "%s$", lp_netbios_name() ); account_name = acct_name; } else - /* This looks like host/global_myname()@REA.LM */ + /* This looks like host/lp_netbios_name()@REA.LM */ account_name = ads->auth.user_name; } diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c index fab38dc4de..f11ea88477 100644 --- a/source3/libads/kerberos_verify.c +++ b/source3/libads/kerberos_verify.c @@ -151,10 +151,10 @@ static bool ads_keytab_verify_ticket(krb5_context context, * clients might want to use for authenticating to the file * service. We allow name$,{host,cifs}/{name,fqdn,name.REALM}. */ - fstrcpy(my_name, global_myname()); + fstrcpy(my_name, lp_netbios_name()); my_fqdn[0] = '\0'; - name_to_fqdn(my_fqdn, global_myname()); + name_to_fqdn(my_fqdn, lp_netbios_name()); err = asprintf(&valid_princ_formats[0], "%s$@%s", my_name, lp_realm()); @@ -534,7 +534,7 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx, krb5_auth_con_setflags( context, auth_context, flags ); } - if (asprintf(&host_princ_s, "%s$", global_myname()) == -1) { + if (asprintf(&host_princ_s, "%s$", lp_netbios_name()) == -1) { goto out; } diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 90c645c44a..128c133760 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -59,14 +59,47 @@ static void gotalarm_sig(int signum) gotalarm = 1; } - LDAP *ldap_open_with_timeout(const char *server, int port, unsigned int to) + LDAP *ldap_open_with_timeout(const char *server, + struct sockaddr_storage *ss, + int port, unsigned int to) { LDAP *ldp = NULL; - DEBUG(10, ("Opening connection to LDAP server '%s:%d', timeout " "%u seconds\n", server, port, to)); +#if defined(HAVE_LDAP_INIT_FD) && defined(SOCKET_WRAPPER) + /* Only use this private LDAP function if we are in make test, + * as this is the best way to get the emulated TCP socket into + * OpenLDAP */ + if (socket_wrapper_dir() != NULL) { + int fd, ldap_err; + NTSTATUS status; + char *uri; + + status = open_socket_out(ss, port, to, &fd); + + if (!NT_STATUS_IS_OK(status)) { + return NULL; + } + +#ifndef LDAP_PROTO_TCP +#define LDAP_PROTO_TCP 1 +#endif + uri = talloc_asprintf(talloc_tos(), "ldap://%s:%u", server, port); + if (uri == NULL) { + return NULL; + } + ldap_err = ldap_init_fd(fd, LDAP_PROTO_TCP, uri, &ldp); + talloc_free(uri); + + if (ldap_err != LDAP_SUCCESS) { + return NULL; + } + return ldp; + } +#endif + /* Setup timeout */ gotalarm = 0; CatchSignal(SIGALRM, gotalarm_sig); @@ -196,45 +229,32 @@ bool ads_closest_dc(ADS_STRUCT *ads) */ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc) { - char *srv; struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply; TALLOC_CTX *frame = talloc_stackframe(); bool ret = false; + struct sockaddr_storage ss; + char addr[INET6_ADDRSTRLEN]; if (!server || !*server) { TALLOC_FREE(frame); return False; } - if (!is_ipaddress(server)) { - struct sockaddr_storage ss; - char addr[INET6_ADDRSTRLEN]; - - if (!resolve_name(server, &ss, 0x20, true)) { - DEBUG(5,("ads_try_connect: unable to resolve name %s\n", - server )); - TALLOC_FREE(frame); - return false; - } - print_sockaddr(addr, sizeof(addr), &ss); - srv = talloc_strdup(frame, addr); - } else { - /* this copes with inet_ntoa brokenness */ - srv = talloc_strdup(frame, server); - } - - if (!srv) { + if (!resolve_name(server, &ss, 0x20, true)) { + DEBUG(5,("ads_try_connect: unable to resolve name %s\n", + server )); TALLOC_FREE(frame); return false; } + print_sockaddr(addr, sizeof(addr), &ss); DEBUG(5,("ads_try_connect: sending CLDAP request to %s (realm: %s)\n", - srv, ads->server.realm)); + addr, ads->server.realm)); ZERO_STRUCT( cldap_reply ); - if ( !ads_cldap_netlogon_5(frame, srv, ads->server.realm, &cldap_reply ) ) { - DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", srv)); + if ( !ads_cldap_netlogon_5(frame, &ss, ads->server.realm, &cldap_reply ) ) { + DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", addr)); ret = false; goto out; } @@ -243,7 +263,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc) if ( !(cldap_reply.server_type & NBT_SERVER_LDAP) ) { DEBUG(1,("ads_try_connect: %s's CLDAP reply says it is not an LDAP server!\n", - srv)); + addr)); ret = false; goto out; } @@ -273,13 +293,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc) ads->server.workgroup = SMB_STRDUP(cldap_reply.domain_name); ads->ldap.port = gc ? LDAP_GC_PORT : LDAP_PORT; - if (!interpret_string_addr(&ads->ldap.ss, srv, 0)) { - DEBUG(1,("ads_try_connect: unable to convert %s " - "to an address\n", - srv)); - ret = false; - goto out; - } + ads->ldap.ss = ss; /* Store our site name. */ sitename_store( cldap_reply.domain_name, cldap_reply.client_site); @@ -515,7 +529,7 @@ ADS_STATUS ads_connect_gc(ADS_STRUCT *ads) TALLOC_CTX *frame = talloc_stackframe(); struct dns_rr_srv *gcs_list; int num_gcs; - char *realm = ads->server.realm; + const char *realm = ads->server.realm; NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); int i; @@ -643,7 +657,7 @@ got_connection: /* Must use the userPrincipalName value here or sAMAccountName and not servicePrincipalName; found by Guenther Deschner */ - if (asprintf(&ads->auth.user_name, "%s$", global_myname() ) == -1) { + if (asprintf(&ads->auth.user_name, "%s$", lp_netbios_name() ) == -1) { DEBUG(0,("ads_connect: asprintf fail.\n")); ads->auth.user_name = NULL; } @@ -658,18 +672,6 @@ got_connection: ads->auth.kdc_server = SMB_STRDUP(addr); } -#if KRB5_DNS_HACK - /* this is a really nasty hack to avoid ADS DNS problems. It needs a patch - to MIT kerberos to work (tridge) */ - { - char *env = NULL; - if (asprintf(&env, "KRB5_KDC_ADDRESS_%s", ads->config.realm) > 0) { - setenv(env, ads->auth.kdc_server, 1); - free(env); - } - } -#endif - /* If the caller() requested no LDAP bind, then we are done */ if (ads->auth.flags & ADS_AUTH_NO_BIND) { @@ -686,6 +688,7 @@ got_connection: /* Otherwise setup the TCP LDAP session */ ads->ldap.ld = ldap_open_with_timeout(ads->config.ldap_server_name, + &ads->ldap.ss, ads->ldap.port, lp_ldap_timeout()); if (ads->ldap.ld == NULL) { status = ADS_ERROR(LDAP_OPERATIONS_ERROR); @@ -781,13 +784,13 @@ static struct berval *dup_berval(TALLOC_CTX *ctx, const struct berval *in_val) if (!in_val) return NULL; - value = TALLOC_ZERO_P(ctx, struct berval); + value = talloc_zero(ctx, struct berval); if (value == NULL) return NULL; if (in_val->bv_len == 0) return value; value->bv_len = in_val->bv_len; - value->bv_val = (char *)TALLOC_MEMDUP(ctx, in_val->bv_val, + value->bv_val = (char *)talloc_memdup(ctx, in_val->bv_val, in_val->bv_len); return value; } @@ -804,7 +807,7 @@ static struct berval **ads_dup_values(TALLOC_CTX *ctx, if (!in_vals) return NULL; for (i=0; in_vals[i]; i++) ; /* count values */ - values = TALLOC_ZERO_ARRAY(ctx, struct berval *, i+1); + values = talloc_zero_array(ctx, struct berval *, i+1); if (!values) return NULL; for (i=0; in_vals[i]; i++) { @@ -825,7 +828,7 @@ static char **ads_push_strvals(TALLOC_CTX *ctx, const char **in_vals) if (!in_vals) return NULL; for (i=0; in_vals[i]; i++) ; /* count values */ - values = TALLOC_ZERO_ARRAY(ctx, char *, i+1); + values = talloc_zero_array(ctx, char *, i+1); if (!values) return NULL; for (i=0; in_vals[i]; i++) { @@ -849,7 +852,7 @@ static char **ads_pull_strvals(TALLOC_CTX *ctx, const char **in_vals) if (!in_vals) return NULL; for (i=0; in_vals[i]; i++) ; /* count values */ - values = TALLOC_ZERO_ARRAY(ctx, char *, i+1); + values = talloc_zero_array(ctx, char *, i+1); if (!values) return NULL; for (i=0; in_vals[i]; i++) { @@ -937,21 +940,21 @@ static ADS_STATUS ads_do_paged_search_args(ADS_STRUCT *ads, ber_printf(cookie_be, "{io}", (ber_int_t) 1000, "", 0); } ber_flatten(cookie_be, &cookie_bv); - PagedResults.ldctl_oid = CONST_DISCARD(char *, ADS_PAGE_CTL_OID); + PagedResults.ldctl_oid = discard_const_p(char, ADS_PAGE_CTL_OID); PagedResults.ldctl_iscritical = (char) 1; PagedResults.ldctl_value.bv_len = cookie_bv->bv_len; PagedResults.ldctl_value.bv_val = cookie_bv->bv_val; - NoReferrals.ldctl_oid = CONST_DISCARD(char *, ADS_NO_REFERRALS_OID); + NoReferrals.ldctl_oid = discard_const_p(char, ADS_NO_REFERRALS_OID); NoReferrals.ldctl_iscritical = (char) 0; NoReferrals.ldctl_value.bv_len = 0; - NoReferrals.ldctl_value.bv_val = CONST_DISCARD(char *, ""); + NoReferrals.ldctl_value.bv_val = discard_const_p(char, ""); if (external_control && (strequal(external_control->control, ADS_EXTENDED_DN_OID) || strequal(external_control->control, ADS_SD_FLAGS_OID))) { - ExternalCtrl.ldctl_oid = CONST_DISCARD(char *, external_control->control); + ExternalCtrl.ldctl_oid = discard_const_p(char, external_control->control); ExternalCtrl.ldctl_iscritical = (char) external_control->critical; /* win2k does not accept a ldctl_value beeing passed in */ @@ -1382,7 +1385,7 @@ ADS_MODLIST ads_init_mods(TALLOC_CTX *ctx) #define ADS_MODLIST_ALLOC_SIZE 10 LDAPMod **mods; - if ((mods = TALLOC_ZERO_ARRAY(ctx, LDAPMod *, ADS_MODLIST_ALLOC_SIZE + 1))) + if ((mods = talloc_zero_array(ctx, LDAPMod *, ADS_MODLIST_ALLOC_SIZE + 1))) /* -1 is safety to make sure we don't go over the end. need to reset it to NULL before doing ldap modify */ mods[ADS_MODLIST_ALLOC_SIZE] = (LDAPMod *) -1; @@ -1419,7 +1422,7 @@ static ADS_STATUS ads_modlist_add(TALLOC_CTX *ctx, ADS_MODLIST *mods, for (curmod=0; modlist[curmod] && modlist[curmod] != (LDAPMod *) -1; curmod++); if (modlist[curmod] == (LDAPMod *) -1) { - if (!(modlist = TALLOC_REALLOC_ARRAY(ctx, modlist, LDAPMod *, + if (!(modlist = talloc_realloc(ctx, modlist, LDAPMod *, curmod+ADS_MODLIST_ALLOC_SIZE+1))) return ADS_ERROR(LDAP_NO_MEMORY); memset(&modlist[curmod], 0, @@ -1428,7 +1431,7 @@ static ADS_STATUS ads_modlist_add(TALLOC_CTX *ctx, ADS_MODLIST *mods, *mods = (ADS_MODLIST)modlist; } - if (!(modlist[curmod] = TALLOC_ZERO_P(ctx, LDAPMod))) + if (!(modlist[curmod] = talloc_zero(ctx, LDAPMod))) return ADS_ERROR(LDAP_NO_MEMORY); modlist[curmod]->mod_type = talloc_strdup(ctx, name); if (mod_op & LDAP_MOD_BVALUES) { @@ -1521,7 +1524,7 @@ ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods) non-existent attribute (but allowable for the object) to run */ LDAPControl PermitModify = { - CONST_DISCARD(char *, ADS_PERMIT_MODIFY_OID), + discard_const_p(char, ADS_PERMIT_MODIFY_OID), {0, NULL}, (char) 1}; LDAPControl *controls[2]; @@ -2225,7 +2228,7 @@ static bool ads_dump_field(ADS_STRUCT *ads, char *field, void **values, void *da } for (i=0; handlers[i].name; i++) { - if (StrCaseCmp(handlers[i].name, field) == 0) { + if (strcasecmp_m(handlers[i].name, field) == 0) { if (!values) /* first time, indicate string or not */ return handlers[i].string; handlers[i].handler(ads, field, (struct berval **) values); @@ -2430,7 +2433,7 @@ int ads_count_replies(ADS_STRUCT *ads, void *res) *num_values = ldap_count_values(values); - ret = TALLOC_ARRAY(mem_ctx, char *, *num_values + 1); + ret = talloc_array(mem_ctx, char *, *num_values + 1); if (!ret) { ldap_value_free(values); return NULL; @@ -2543,7 +2546,7 @@ int ads_count_replies(ADS_STRUCT *ads, void *res) return NULL; } - strings = TALLOC_REALLOC_ARRAY(mem_ctx, current_strings, char *, + strings = talloc_realloc(mem_ctx, current_strings, char *, *num_strings + num_new_strings); if (strings == NULL) { @@ -2666,7 +2669,7 @@ int ads_count_replies(ADS_STRUCT *ads, void *res) /* nop */ ; if (i) { - (*sids) = TALLOC_ARRAY(mem_ctx, struct dom_sid, i); + (*sids) = talloc_array(mem_ctx, struct dom_sid, i); if (!(*sids)) { ldap_value_free_len(values); return 0; @@ -2854,7 +2857,7 @@ ADS_STATUS ads_current_time(ADS_STRUCT *ads) if (ads->config.current_time != 0) { ads->auth.time_offset = ads->config.current_time - time(NULL); - DEBUG(4,("time offset is %d seconds\n", ads->auth.time_offset)); + DEBUG(4,("KDC time offset is %d seconds\n", ads->auth.time_offset)); } ads_msgfree(ads, res); @@ -3284,7 +3287,7 @@ ADS_STATUS ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, return 0; } - (*sids) = TALLOC_ZERO_ARRAY(mem_ctx, struct dom_sid, dn_count + 1); + (*sids) = talloc_zero_array(mem_ctx, struct dom_sid, dn_count + 1); if (!(*sids)) { TALLOC_FREE(dn_strings); return 0; @@ -3322,10 +3325,10 @@ char* ads_get_dnshostname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine int count = 0; char *name = NULL; - status = ads_find_machine_acct(ads, &res, global_myname()); + status = ads_find_machine_acct(ads, &res, lp_netbios_name()); if (!ADS_ERR_OK(status)) { DEBUG(0,("ads_get_dnshostname: Failed to find account for %s\n", - global_myname())); + lp_netbios_name())); goto out; } @@ -3357,7 +3360,7 @@ char* ads_get_upn( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name ) status = ads_find_machine_acct(ads, &res, machine_name); if (!ADS_ERR_OK(status)) { DEBUG(0,("ads_get_upn: Failed to find account for %s\n", - global_myname())); + lp_netbios_name())); goto out; } @@ -3386,10 +3389,10 @@ char* ads_get_samaccountname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *mach int count = 0; char *name = NULL; - status = ads_find_machine_acct(ads, &res, global_myname()); + status = ads_find_machine_acct(ads, &res, lp_netbios_name()); if (!ADS_ERR_OK(status)) { DEBUG(0,("ads_get_dnshostname: Failed to find account for %s\n", - global_myname())); + lp_netbios_name())); goto out; } @@ -3482,7 +3485,7 @@ ADS_STATUS ads_leave_realm(ADS_STRUCT *ads, const char *hostname) pldap_control[0] = &ldap_control; memset(&ldap_control, 0, sizeof(LDAPControl)); - ldap_control.ldctl_oid = (char *)LDAP_SERVER_TREE_DELETE_OID; + ldap_control.ldctl_oid = discard_const_p(char, LDAP_SERVER_TREE_DELETE_OID); /* hostname must be lowercase */ host = SMB_STRDUP(hostname); diff --git a/source3/libads/ldap_printer.c b/source3/libads/ldap_printer.c index 235ef7f954..8ff9f9bdc9 100644 --- a/source3/libads/ldap_printer.c +++ b/source3/libads/ldap_printer.c @@ -22,9 +22,7 @@ #include "rpc_client/rpc_client.h" #include "../librpc/gen_ndr/ndr_spoolss_c.h" #include "rpc_client/cli_spoolss.h" -#include "registry.h" #include "registry/reg_objects.h" -#include "nt_printing.h" #ifdef HAVE_ADS @@ -201,7 +199,7 @@ static bool map_multi_sz(TALLOC_CTX *ctx, ADS_MODLIST *mods, }; if (num_vals) { - str_values = TALLOC_ARRAY(ctx, char *, num_vals + 1); + str_values = talloc_array(ctx, char *, num_vals + 1); if (!str_values) { return False; } @@ -291,7 +289,7 @@ static void map_regval_to_ads(TALLOC_CTX *ctx, ADS_MODLIST *mods, int i; for (i=0; map[i].valname; i++) { - if (StrCaseCmp(map[i].valname, regval_name(value)) == 0) { + if (strcasecmp_m(map[i].valname, regval_name(value)) == 0) { if (!map[i].fn(ctx, mods, value)) { DEBUG(5, ("Add of value %s to modlist failed\n", regval_name(value))); } else { diff --git a/source3/libads/ldap_schema.c b/source3/libads/ldap_schema.c index 51aac14906..7368be830f 100644 --- a/source3/libads/ldap_schema.c +++ b/source3/libads/ldap_schema.c @@ -76,11 +76,11 @@ static ADS_STATUS ads_get_attrnames_by_oids(ADS_STRUCT *ads, goto out; } - if (((*names) = TALLOC_ARRAY(mem_ctx, char *, *count)) == NULL) { + if (((*names) = talloc_array(mem_ctx, char *, *count)) == NULL) { status = ADS_ERROR(LDAP_NO_MEMORY); goto out; } - if (((*OIDs_out) = TALLOC_ARRAY(mem_ctx, char *, *count)) == NULL) { + if (((*OIDs_out) = talloc_array(mem_ctx, char *, *count)) == NULL) { status = ADS_ERROR(LDAP_NO_MEMORY); goto out; } @@ -252,7 +252,7 @@ ADS_STATUS ads_check_posix_schema_mapping(TALLOC_CTX *mem_ctx, return ADS_ERROR(LDAP_NO_MEMORY); } - if ( (schema = TALLOC_P(mem_ctx, struct posix_schema)) == NULL ) { + if ( (schema = talloc(mem_ctx, struct posix_schema)) == NULL ) { TALLOC_FREE( ctx ); return ADS_ERROR(LDAP_NO_MEMORY); } diff --git a/source3/libads/ldap_schema.h b/source3/libads/ldap_schema.h index 44964dd1c1..fc4ed07808 100644 --- a/source3/libads/ldap_schema.h +++ b/source3/libads/ldap_schema.h @@ -1,3 +1,26 @@ +/* + Unix SMB/CIFS implementation. + ads (active directory) utility library + Copyright (C) Guenther Deschner 2005-2007 + Copyright (C) Gerald (Jerry) Carter 2006 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _LIBADS_LDAP_SCHEMA_H_ +#define _LIBADS_LDAP_SCHEMA_H_ + /* used to remember the names of the posix attributes in AD */ /* see the rfc2307 & sfu nss backends */ @@ -55,3 +78,5 @@ ADS_STATUS ads_check_posix_schema_mapping(TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, enum wb_posix_mapping map_type, struct posix_schema **s ) ; + +#endif /* _LIBADS_LDAP_SCHEMA_H_ */ diff --git a/source3/libads/ldap_utils.c b/source3/libads/ldap_utils.c index ab77abdd16..2f1c1b8e0a 100644 --- a/source3/libads/ldap_utils.c +++ b/source3/libads/ldap_utils.c @@ -242,7 +242,7 @@ ADS_STATUS ads_ranged_search(ADS_STRUCT *ads, *num_strings = 0; *strings = NULL; - attrs = TALLOC_ARRAY(mem_ctx, const char *, 3); + attrs = talloc_array(mem_ctx, const char *, 3); ADS_ERROR_HAVE_NO_MEMORY(attrs); attrs[0] = talloc_strdup(mem_ctx, range_attr); diff --git a/source3/libads/ndr.c b/source3/libads/ndr.c index c6b1121396..c667aa3637 100644 --- a/source3/libads/ndr.c +++ b/source3/libads/ndr.c @@ -22,7 +22,7 @@ #include "includes.h" #include "ads.h" #include "../librpc/gen_ndr/ndr_netlogon.h" -#include "librpc/ndr/util.h" +#include "../librpc/ndr/libndr.h" static void ndr_print_ads_auth_flags(struct ndr_print *ndr, const char *name, uint32_t r) { diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c index e7daa8aec6..45cf569c79 100644 --- a/source3/libads/sasl.c +++ b/source3/libads/sasl.c @@ -141,7 +141,7 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads) struct ntlmssp_state *ntlmssp_state; nt_status = ntlmssp_client_start(NULL, - global_myname(), + lp_netbios_name(), lp_workgroup(), lp_client_ntlmv2_auth(), &ntlmssp_state); @@ -388,7 +388,7 @@ static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const gss_name_t uint32 minor_status; int gss_rc, rc; gss_OID_desc krb5_mech_type = - {9, CONST_DISCARD(char *, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") }; + {9, discard_const_p(char, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") }; gss_OID mech_type = &krb5_mech_type; gss_OID actual_mech_type = GSS_C_NULL_OID; const char *spnego_mechs[] = {OID_KERBEROS5_OLD, OID_KERBEROS5, OID_NTLMSSP, NULL}; @@ -722,7 +722,7 @@ static ADS_STATUS ads_generate_service_principal(ADS_STRUCT *ads, gss_buffer_desc input_name; /* GSS_KRB5_NT_PRINCIPAL_NAME */ gss_OID_desc nt_principal = - {10, CONST_DISCARD(char *, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01")}; + {10, discard_const_p(char, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01")}; uint32 minor_status; int gss_rc; #endif |