summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/auth/auth.c1
-rw-r--r--source4/auth/auth.h1
-rw-r--r--source4/auth/auth_sam.c524
-rw-r--r--source4/auth/config.mk18
-rw-r--r--source4/auth/gensec/config.mk2
-rw-r--r--source4/auth/kerberos/kerberos_pac.c1
-rw-r--r--source4/auth/ntlmssp/config.mk2
-rw-r--r--source4/auth/sam.c395
-rw-r--r--source4/build/smb_build/TODO2
-rw-r--r--source4/build/smb_build/input.pm45
-rw-r--r--source4/build/smb_build/main.pl11
-rw-r--r--source4/build/smb_build/makefile.pm56
-rw-r--r--source4/build/smb_build/output.pm32
-rw-r--r--source4/dsdb/config.mk2
-rw-r--r--source4/lib/charset/util_unistr.c19
-rw-r--r--source4/lib/ldb/config.mk2
-rw-r--r--source4/lib/registry/config.mk2
-rw-r--r--source4/lib/registry/registry.h1
-rw-r--r--source4/lib/socket/config.mk9
-rw-r--r--source4/lib/util/util_str.c12
-rw-r--r--source4/libcli/config.mk6
-rw-r--r--source4/rpc_server/config.mk10
-rw-r--r--source4/rpc_server/netlogon/dcerpc_netlogon.c1
-rw-r--r--source4/smbd/config.mk10
-rw-r--r--source4/torture/config.mk2
-rw-r--r--source4/utils/config.mk10
26 files changed, 641 insertions, 535 deletions
diff --git a/source4/auth/auth.c b/source4/auth/auth.c
index 140aa57b15..dfef0c8c4d 100644
--- a/source4/auth/auth.c
+++ b/source4/auth/auth.c
@@ -21,6 +21,7 @@
#include "includes.h"
#include "dlinklist.h"
+#include "lib/ldb/include/ldb.h"
#include "auth/auth.h"
#include "lib/events/events.h"
#include "build.h"
diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index 80360a7cb4..724ccf91ca 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -25,6 +25,7 @@
#include "libcli/auth/credentials.h"
#include "auth/gensec/gensec.h"
#include "auth/gensec/spnego.h"
+#include "lib/ldb/include/ldb.h"
/* modules can use the following to determine if the interface has changed
* please increment the version number after each interface change
diff --git a/source4/auth/auth_sam.c b/source4/auth/auth_sam.c
index 22e093581c..f6b8316eb7 100644
--- a/source4/auth/auth_sam.c
+++ b/source4/auth/auth_sam.c
@@ -22,246 +22,16 @@
#include "includes.h"
#include "system/time.h"
-#include "auth/auth.h"
#include "db_wrap.h"
+#include "auth/auth.h"
+#include "auth/auth_sam.h"
#include "dsdb/samdb/samdb.h"
#include "libcli/security/security.h"
#include "libcli/ldap/ldap.h"
#include "librpc/gen_ndr/ndr_security.h"
-static const char *user_attrs[] = {
- /* requried for the krb5 kdc*/
- "objectClass",
- "sAMAccountName",
- "userPrincipalName",
- "servicePrincipalName",
- "msDS-KeyVersionNumber",
- "krb5Key",
-
- /* passwords */
- "lmPwdHash",
- "ntPwdHash",
-
- "userAccountControl",
-
- "pwdLastSet",
- "accountExpires",
-
- "objectSid",
-
- /* check 'allowed workstations' */
- "userWorkstations",
-
- /* required for server_info, not access control: */
- "displayName",
- "scriptPath",
- "profilePath",
- "homeDirectory",
- "homeDrive",
- "lastLogon",
- "lastLogoff",
- "accountExpires",
- "badPwdCount",
- "logonCount",
- "primaryGroupID",
- NULL,
-};
-
-static const char *domain_ref_attrs[] = {"nETBIOSName", "nCName",
- "dnsRoot", "objectClass", NULL};
-
-/****************************************************************************
- Do a specific test for an smb password being correct, given a smb_password and
- the lanman and NT responses.
-****************************************************************************/
-static NTSTATUS authsam_password_ok(struct auth_context *auth_context,
- TALLOC_CTX *mem_ctx,
- uint16_t acct_flags,
- const struct samr_Password *lm_pwd,
- const struct samr_Password *nt_pwd,
- const struct auth_usersupplied_info *user_info,
- DATA_BLOB *user_sess_key,
- DATA_BLOB *lm_sess_key)
-{
- NTSTATUS status;
-
- if (acct_flags & ACB_PWNOTREQ) {
- if (lp_null_passwords()) {
- DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n",
- user_info->mapped.account_name));
- return NT_STATUS_OK;
- } else {
- DEBUG(3,("Account for user '%s' has no password and null passwords are NOT allowed.\n",
- user_info->mapped.account_name));
- return NT_STATUS_LOGON_FAILURE;
- }
- }
-
- switch (user_info->password_state) {
- case AUTH_PASSWORD_PLAIN:
- {
- const struct auth_usersupplied_info *user_info_temp;
- status = encrypt_user_info(mem_ctx, auth_context,
- AUTH_PASSWORD_HASH,
- user_info, &user_info_temp);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(1, ("Failed to convert plaintext password to password HASH: %s\n", nt_errstr(status)));
- return status;
- }
- user_info = user_info_temp;
-
- /*fall through*/
- }
- case AUTH_PASSWORD_HASH:
- *lm_sess_key = data_blob(NULL, 0);
- *user_sess_key = data_blob(NULL, 0);
- status = hash_password_check(mem_ctx,
- user_info->password.hash.lanman,
- user_info->password.hash.nt,
- user_info->mapped.account_name,
- lm_pwd, nt_pwd);
- NT_STATUS_NOT_OK_RETURN(status);
- break;
-
- case AUTH_PASSWORD_RESPONSE:
- status = ntlm_password_check(mem_ctx, user_info->logon_parameters,
- &auth_context->challenge.data,
- &user_info->password.response.lanman,
- &user_info->password.response.nt,
- user_info->mapped.account_name,
- user_info->client.account_name,
- user_info->client.domain_name,
- lm_pwd, nt_pwd,
- user_sess_key, lm_sess_key);
- NT_STATUS_NOT_OK_RETURN(status);
- break;
- }
-
- if (user_sess_key && user_sess_key->data) {
- talloc_steal(auth_context, user_sess_key->data);
- }
- if (lm_sess_key && lm_sess_key->data) {
- talloc_steal(auth_context, lm_sess_key->data);
- }
-
- return NT_STATUS_OK;
-}
-
-
-/****************************************************************************
- Do a specific test for a SAM_ACCOUNT being vaild for this connection
- (ie not disabled, expired and the like).
-****************************************************************************/
-NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx,
- struct ldb_context *sam_ctx,
- uint32_t logon_parameters,
- struct ldb_message *msg,
- struct ldb_message *msg_domain_ref,
- const char *logon_workstation,
- const char *name_for_logs)
-{
- uint16_t acct_flags;
- const char *workstation_list;
- NTTIME acct_expiry;
- NTTIME must_change_time;
- NTTIME last_set_time;
-
- struct ldb_dn *domain_dn = samdb_result_dn(mem_ctx, msg_domain_ref, "nCName", ldb_dn_new(mem_ctx));
-
- NTTIME now;
- DEBUG(4,("authsam_account_ok: Checking SMB password for user %s\n", name_for_logs));
-
- acct_flags = samdb_result_acct_flags(msg, "userAccountControl");
-
- acct_expiry = samdb_result_nttime(msg, "accountExpires", 0);
- must_change_time = samdb_result_force_password_change(sam_ctx, mem_ctx,
- domain_dn, msg);
- last_set_time = samdb_result_nttime(msg, "pwdLastSet", 0);
-
- workstation_list = samdb_result_string(msg, "userWorkstations", NULL);
-
- /* Quit if the account was disabled. */
- if (acct_flags & ACB_DISABLED) {
- DEBUG(1,("authsam_account_ok: Account for user '%s' was disabled.\n", name_for_logs));
- return NT_STATUS_ACCOUNT_DISABLED;
- }
-
- /* Quit if the account was locked out. */
- if (acct_flags & ACB_AUTOLOCK) {
- DEBUG(1,("authsam_account_ok: Account for user %s was locked out.\n", name_for_logs));
- return NT_STATUS_ACCOUNT_LOCKED_OUT;
- }
-
- /* Test account expire time */
- unix_to_nt_time(&now, time(NULL));
- if (now > acct_expiry) {
- DEBUG(1,("authsam_account_ok: Account for user '%s' has expired.\n", name_for_logs));
- DEBUG(3,("authsam_account_ok: Account expired at '%s'.\n",
- nt_time_string(mem_ctx, acct_expiry)));
- return NT_STATUS_ACCOUNT_EXPIRED;
- }
-
- if (!(acct_flags & ACB_PWNOEXP)) {
- /* check for immediate expiry "must change at next logon" */
- if (must_change_time == 0 && last_set_time != 0) {
- DEBUG(1,("sam_account_ok: Account for user '%s' password must change!.\n",
- name_for_logs));
- return NT_STATUS_PASSWORD_MUST_CHANGE;
- }
-
- /* check for expired password */
- if ((must_change_time != 0) && (must_change_time < now)) {
- DEBUG(1,("sam_account_ok: Account for user '%s' password expired!.\n",
- name_for_logs));
- DEBUG(1,("sam_account_ok: Password expired at '%s' unix time.\n",
- nt_time_string(mem_ctx, must_change_time)));
- return NT_STATUS_PASSWORD_EXPIRED;
- }
- }
-
- /* Test workstation. Workstation list is comma separated. */
- if (logon_workstation && workstation_list && *workstation_list) {
- BOOL invalid_ws = True;
- int i;
- const char **workstations = str_list_make(mem_ctx, workstation_list, ",");
-
- for (i = 0; workstations && workstations[i]; i++) {
- DEBUG(10,("sam_account_ok: checking for workstation match '%s' and '%s'\n",
- workstations[i], logon_workstation));
-
- if (strequal(workstations[i], logon_workstation) == 0) {
- invalid_ws = False;
- break;
- }
- }
-
- talloc_free(workstations);
-
- if (invalid_ws) {
- return NT_STATUS_INVALID_WORKSTATION;
- }
- }
-
- if (acct_flags & ACB_DOMTRUST) {
- DEBUG(2,("sam_account_ok: Domain trust account %s denied by server\n", name_for_logs));
- return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT;
- }
-
- if (!(logon_parameters & MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT)) {
- if (acct_flags & ACB_SVRTRUST) {
- DEBUG(2,("sam_account_ok: Server trust account %s denied by server\n", name_for_logs));
- return NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT;
- }
- }
- if (!(logon_parameters & MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT)) {
- if (acct_flags & ACB_WSTRUST) {
- DEBUG(4,("sam_account_ok: Wksta trust account %s denied by server\n", name_for_logs));
- return NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT;
- }
- }
-
- return NT_STATUS_OK;
-}
+extern const char *user_attrs[];
+extern const char *domain_ref_attrs[];
/****************************************************************************
Look for the specified user in the sam, return ldb result structures
@@ -381,6 +151,85 @@ static NTSTATUS authsam_search_account(TALLOC_CTX *mem_ctx, struct ldb_context *
return NT_STATUS_OK;
}
+/****************************************************************************
+ Do a specific test for an smb password being correct, given a smb_password and
+ the lanman and NT responses.
+****************************************************************************/
+static NTSTATUS authsam_password_ok(struct auth_context *auth_context,
+ TALLOC_CTX *mem_ctx,
+ uint16_t acct_flags,
+ const struct samr_Password *lm_pwd,
+ const struct samr_Password *nt_pwd,
+ const struct auth_usersupplied_info *user_info,
+ DATA_BLOB *user_sess_key,
+ DATA_BLOB *lm_sess_key)
+{
+ NTSTATUS status;
+
+ if (acct_flags & ACB_PWNOTREQ) {
+ if (lp_null_passwords()) {
+ DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n",
+ user_info->mapped.account_name));
+ return NT_STATUS_OK;
+ } else {
+ DEBUG(3,("Account for user '%s' has no password and null passwords are NOT allowed.\n",
+ user_info->mapped.account_name));
+ return NT_STATUS_LOGON_FAILURE;
+ }
+ }
+
+ switch (user_info->password_state) {
+ case AUTH_PASSWORD_PLAIN:
+ {
+ const struct auth_usersupplied_info *user_info_temp;
+ status = encrypt_user_info(mem_ctx, auth_context,
+ AUTH_PASSWORD_HASH,
+ user_info, &user_info_temp);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to convert plaintext password to password HASH: %s\n", nt_errstr(status)));
+ return status;
+ }
+ user_info = user_info_temp;
+
+ /*fall through*/
+ }
+ case AUTH_PASSWORD_HASH:
+ *lm_sess_key = data_blob(NULL, 0);
+ *user_sess_key = data_blob(NULL, 0);
+ status = hash_password_check(mem_ctx,
+ user_info->password.hash.lanman,
+ user_info->password.hash.nt,
+ user_info->mapped.account_name,
+ lm_pwd, nt_pwd);
+ NT_STATUS_NOT_OK_RETURN(status);
+ break;
+
+ case AUTH_PASSWORD_RESPONSE:
+ status = ntlm_password_check(mem_ctx, user_info->logon_parameters,
+ &auth_context->challenge.data,
+ &user_info->password.response.lanman,
+ &user_info->password.response.nt,
+ user_info->mapped.account_name,
+ user_info->client.account_name,
+ user_info->client.domain_name,
+ lm_pwd, nt_pwd,
+ user_sess_key, lm_sess_key);
+ NT_STATUS_NOT_OK_RETURN(status);
+ break;
+ }
+
+ if (user_sess_key && user_sess_key->data) {
+ talloc_steal(auth_context, user_sess_key->data);
+ }
+ if (lm_sess_key && lm_sess_key->data) {
+ talloc_steal(auth_context, lm_sess_key->data);
+ }
+
+ return NT_STATUS_OK;
+}
+
+
+
static NTSTATUS authsam_authenticate(struct auth_context *auth_context,
TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx,
struct ldb_message **msgs,
@@ -424,214 +273,7 @@ static NTSTATUS authsam_authenticate(struct auth_context *auth_context,
return nt_status;
}
-NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx,
- struct ldb_message *msg,
- struct ldb_message *msg_domain_ref,
- DATA_BLOB user_sess_key, DATA_BLOB lm_sess_key,
- struct auth_serversupplied_info **_server_info)
-{
- struct auth_serversupplied_info *server_info;
- struct ldb_message **group_msgs;
- int group_ret;
- const char *group_attrs[3] = { "sAMAccountType", "objectSid", NULL };
- /* find list of sids */
- struct dom_sid **groupSIDs = NULL;
- struct dom_sid *account_sid;
- struct dom_sid *primary_group_sid;
- const char *str;
- struct ldb_dn *ncname;
- int i;
- uint_t rid;
- TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
-
- group_ret = gendb_search(sam_ctx,
- tmp_ctx, NULL, &group_msgs, group_attrs,
- "(&(member=%s)(sAMAccountType=*))",
- ldb_dn_linearize(tmp_ctx, msg->dn));
- if (group_ret == -1) {
- talloc_free(tmp_ctx);
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
- }
-
- server_info = talloc(mem_ctx, struct auth_serversupplied_info);
- NT_STATUS_HAVE_NO_MEMORY(server_info);
-
- if (group_ret > 0) {
- groupSIDs = talloc_array(server_info, struct dom_sid *, group_ret);
- NT_STATUS_HAVE_NO_MEMORY(groupSIDs);
- }
-
- /* Need to unroll some nested groups, but not aliases */
- for (i = 0; i < group_ret; i++) {
- groupSIDs[i] = samdb_result_dom_sid(groupSIDs,
- group_msgs[i], "objectSid");
- NT_STATUS_HAVE_NO_MEMORY(groupSIDs[i]);
- }
-
- talloc_free(tmp_ctx);
-
- account_sid = samdb_result_dom_sid(server_info, msg, "objectSid");
- NT_STATUS_HAVE_NO_MEMORY(account_sid);
-
- primary_group_sid = dom_sid_dup(server_info, account_sid);
- NT_STATUS_HAVE_NO_MEMORY(primary_group_sid);
-
- rid = samdb_result_uint(msg, "primaryGroupID", ~0);
- if (rid == ~0) {
- if (group_ret > 0) {
- primary_group_sid = groupSIDs[0];
- } else {
- primary_group_sid = NULL;
- }
- } else {
- primary_group_sid->sub_auths[primary_group_sid->num_auths-1] = rid;
- }
- server_info->account_sid = account_sid;
- server_info->primary_group_sid = primary_group_sid;
-
- server_info->n_domain_groups = group_ret;
- server_info->domain_groups = groupSIDs;
-
- server_info->account_name = talloc_steal(server_info, samdb_result_string(msg, "sAMAccountName", NULL));
-
- server_info->domain_name = talloc_steal(server_info, samdb_result_string(msg_domain_ref, "nETBIOSName", NULL));
-
- str = samdb_result_string(msg, "displayName", "");
- server_info->full_name = talloc_strdup(server_info, str);
- NT_STATUS_HAVE_NO_MEMORY(server_info->full_name);
-
- str = samdb_result_string(msg, "scriptPath", "");
- server_info->logon_script = talloc_strdup(server_info, str);
- NT_STATUS_HAVE_NO_MEMORY(server_info->logon_script);
-
- str = samdb_result_string(msg, "profilePath", "");
- server_info->profile_path = talloc_strdup(server_info, str);
- NT_STATUS_HAVE_NO_MEMORY(server_info->profile_path);
-
- str = samdb_result_string(msg, "homeDirectory", "");
- server_info->home_directory = talloc_strdup(server_info, str);
- NT_STATUS_HAVE_NO_MEMORY(server_info->home_directory);
-
- str = samdb_result_string(msg, "homeDrive", "");
- server_info->home_drive = talloc_strdup(server_info, str);
- NT_STATUS_HAVE_NO_MEMORY(server_info->home_drive);
-
- server_info->logon_server = talloc_strdup(server_info, lp_netbios_name());
- NT_STATUS_HAVE_NO_MEMORY(server_info->logon_server);
-
- server_info->last_logon = samdb_result_nttime(msg, "lastLogon", 0);
- server_info->last_logoff = samdb_result_nttime(msg, "lastLogoff", 0);
- server_info->acct_expiry = samdb_result_nttime(msg, "accountExpires", 0);
- server_info->last_password_change = samdb_result_nttime(msg, "pwdLastSet", 0);
-
- ncname = samdb_result_dn(mem_ctx, msg_domain_ref, "nCName", NULL);
- if (!ncname) {
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
- }
- server_info->allow_password_change
- = samdb_result_allow_password_change(sam_ctx, mem_ctx,
- ncname, msg, "pwdLastSet");
- server_info->force_password_change
- = samdb_result_force_password_change(sam_ctx, mem_ctx,
- ncname, msg);
-
- server_info->logon_count = samdb_result_uint(msg, "logonCount", 0);
- server_info->bad_password_count = samdb_result_uint(msg, "badPwdCount", 0);
-
- server_info->acct_flags = samdb_result_acct_flags(msg, "userAccountControl");
-
- server_info->user_session_key = user_sess_key;
- server_info->lm_session_key = lm_sess_key;
-
- server_info->authenticated = True;
-
- *_server_info = server_info;
-
- return NT_STATUS_OK;
-}
-
-_PUBLIC_ NTSTATUS sam_get_results_principal(struct ldb_context *sam_ctx,
- TALLOC_CTX *mem_ctx, const char *principal,
- struct ldb_message ***msgs,
- struct ldb_message ***msgs_domain_ref)
-{
- struct ldb_dn *user_dn, *domain_dn;
- NTSTATUS nt_status;
- TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
- int ret;
-
- if (!tmp_ctx) {
- return NT_STATUS_NO_MEMORY;
- }
-
- nt_status = crack_user_principal_name(sam_ctx, tmp_ctx, principal, &user_dn, &domain_dn);
- if (!NT_STATUS_IS_OK(nt_status)) {
- talloc_free(tmp_ctx);
- return nt_status;
- }
-
- /* grab domain info from the reference */
- ret = gendb_search(sam_ctx, tmp_ctx, NULL, msgs_domain_ref, domain_ref_attrs,
- "(ncName=%s)", ldb_dn_linearize(tmp_ctx, domain_dn));
-
- if (ret != 1) {
- talloc_free(tmp_ctx);
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
- }
-
- /* pull the user attributes */
- ret = gendb_search_dn(sam_ctx, tmp_ctx,
- user_dn, msgs, user_attrs);
- if (ret != 1) {
- talloc_free(tmp_ctx);
- return NT_STATUS_INTERNAL_DB_CORRUPTION;
- }
- talloc_steal(mem_ctx, *msgs);
- talloc_steal(mem_ctx, *msgs_domain_ref);
- talloc_free(tmp_ctx);
-
- return NT_STATUS_OK;
-}
-
-/* Used in the gensec_gssapi and gensec_krb5 server-side code, where the PAC isn't available */
-NTSTATUS sam_get_server_info_principal(TALLOC_CTX *mem_ctx, const char *principal,
- struct auth_serversupplied_info **server_info)
-{
- NTSTATUS nt_status;
- DATA_BLOB user_sess_key = data_blob(NULL, 0);
- DATA_BLOB lm_sess_key = data_blob(NULL, 0);
-
- struct ldb_message **msgs;
- struct ldb_message **msgs_domain_ref;
- struct ldb_context *sam_ctx;
-
- TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
- if (!tmp_ctx) {
- return NT_STATUS_NO_MEMORY;
- }
-
- sam_ctx = samdb_connect(tmp_ctx, system_session(tmp_ctx));
- if (sam_ctx == NULL) {
- talloc_free(tmp_ctx);
- return NT_STATUS_INVALID_SYSTEM_SERVICE;
- }
-
- nt_status = sam_get_results_principal(sam_ctx, tmp_ctx, principal,
- &msgs, &msgs_domain_ref);
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- }
-
- nt_status = authsam_make_server_info(tmp_ctx, sam_ctx, msgs[0], msgs_domain_ref[0],
- user_sess_key, lm_sess_key,
- server_info);
- if (NT_STATUS_IS_OK(nt_status)) {
- talloc_steal(mem_ctx, *server_info);
- }
- talloc_free(tmp_ctx);
- return nt_status;
-}
static NTSTATUS authsam_check_password_internals(struct auth_method_context *ctx,
TALLOC_CTX *mem_ctx,
diff --git a/source4/auth/config.mk b/source4/auth/config.mk
index 6586fbfe5d..7e2a0ea2cc 100644
--- a/source4/auth/config.mk
+++ b/source4/auth/config.mk
@@ -4,19 +4,23 @@ include kerberos/config.mk
include ntlmssp/config.mk
include credentials/config.mk
+[SUBSYSTEM::auth_sam]
+PRIVATE_PROTO_HEADER = auth_sam.h
+OBJ_FILES = \
+ sam.o \
+ auth_sam_reply.o
+PUBLIC_DEPENDENCIES = \
+ SAMDB
+
#######################
# Start MODULE auth_sam
-[MODULE::auth_sam]
+[MODULE::auth_sam_module]
# gensec_krb5 and gensec_gssapi depend on it
-OUTPUT_TYPE = MERGEDOBJ
-PRIVATE_PROTO_HEADER = auth_sam.h
INIT_FUNCTION = auth_sam_init
SUBSYSTEM = auth
-OBJ_FILES = \
- auth_sam.o \
- auth_sam_reply.o
+OBJ_FILES = auth_sam.o
PUBLIC_DEPENDENCIES = \
- SAMDB
+ SAMDB auth_sam
# End MODULE auth_sam
#######################
diff --git a/source4/auth/gensec/config.mk b/source4/auth/gensec/config.mk
index 38351c7efb..2aad8eb4b1 100644
--- a/source4/auth/gensec/config.mk
+++ b/source4/auth/gensec/config.mk
@@ -52,7 +52,7 @@ INIT_FUNCTION = gensec_schannel_init
OBJ_FILES = schannel.o \
schannel_sign.o
PUBLIC_DEPENDENCIES = auth SCHANNELDB NDR_SCHANNEL
-OUTPUT_TYPE = MERGEDOBJ
+OUTPUT_TYPE = INTEGRATED
# End MODULE gensec_schannel
################################################
diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c
index 673137fd5c..c0733297a4 100644
--- a/source4/auth/kerberos/kerberos_pac.c
+++ b/source4/auth/kerberos/kerberos_pac.c
@@ -28,6 +28,7 @@
#include "system/kerberos.h"
#include "auth/kerberos/kerberos.h"
#include "librpc/gen_ndr/ndr_krb5pac.h"
+#include "auth/auth.h"
#include "auth/auth_sam.h"
static krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
diff --git a/source4/auth/ntlmssp/config.mk b/source4/auth/ntlmssp/config.mk
index fc9ccd91f6..b1b00166e6 100644
--- a/source4/auth/ntlmssp/config.mk
+++ b/source4/auth/ntlmssp/config.mk
@@ -13,6 +13,6 @@ OBJ_FILES = ntlmssp.o \
ntlmssp_client.o \
ntlmssp_server.o
PUBLIC_DEPENDENCIES = auth MSRPC_PARSE
-OUTPUT_TYPE = MERGEDOBJ
+OUTPUT_TYPE = INTEGRATED
# End MODULE gensec_ntlmssp
################################################
diff --git a/source4/auth/sam.c b/source4/auth/sam.c
new file mode 100644
index 0000000000..a40e844f85
--- /dev/null
+++ b/source4/auth/sam.c
@@ -0,0 +1,395 @@
+/*
+ Unix SMB/CIFS implementation.
+ Password and authentication handling
+ Copyright (C) Andrew Bartlett <abartlet@samba.org> 2001-2004
+ Copyright (C) Gerald Carter 2003
+ Copyright (C) Stefan Metzmacher 2005
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+#include "system/time.h"
+#include "auth/auth.h"
+#include "db_wrap.h"
+#include "dsdb/samdb/samdb.h"
+#include "libcli/security/security.h"
+#include "libcli/ldap/ldap.h"
+#include "librpc/gen_ndr/ndr_security.h"
+
+const char *user_attrs[] = {
+ /* required for the krb5 kdc */
+ "objectClass",
+ "sAMAccountName",
+ "userPrincipalName",
+ "servicePrincipalName",
+ "msDS-KeyVersionNumber",
+ "krb5Key",
+
+ /* passwords */
+ "lmPwdHash",
+ "ntPwdHash",
+
+ "userAccountControl",
+
+ "pwdLastSet",
+ "accountExpires",
+
+ "objectSid",
+
+ /* check 'allowed workstations' */
+ "userWorkstations",
+
+ /* required for server_info, not access control: */
+ "displayName",
+ "scriptPath",
+ "profilePath",
+ "homeDirectory",
+ "homeDrive",
+ "lastLogon",
+ "lastLogoff",
+ "accountExpires",
+ "badPwdCount",
+ "logonCount",
+ "primaryGroupID",
+ NULL,
+};
+
+const char *domain_ref_attrs[] = {"nETBIOSName", "nCName",
+ "dnsRoot", "objectClass", NULL};
+
+
+/****************************************************************************
+ Do a specific test for a SAM_ACCOUNT being vaild for this connection
+ (ie not disabled, expired and the like).
+****************************************************************************/
+_PUBLIC_ NTSTATUS authsam_account_ok(TALLOC_CTX *mem_ctx,
+ struct ldb_context *sam_ctx,
+ uint32_t logon_parameters,
+ struct ldb_message *msg,
+ struct ldb_message *msg_domain_ref,
+ const char *logon_workstation,
+ const char *name_for_logs)
+{
+ uint16_t acct_flags;
+ const char *workstation_list;
+ NTTIME acct_expiry;
+ NTTIME must_change_time;
+ NTTIME last_set_time;
+
+ struct ldb_dn *domain_dn = samdb_result_dn(mem_ctx, msg_domain_ref, "nCName", ldb_dn_new(mem_ctx));
+
+ NTTIME now;
+ DEBUG(4,("authsam_account_ok: Checking SMB password for user %s\n", name_for_logs));
+
+ acct_flags = samdb_result_acct_flags(msg, "userAccountControl");
+
+ acct_expiry = samdb_result_nttime(msg, "accountExpires", 0);
+ must_change_time = samdb_result_force_password_change(sam_ctx, mem_ctx,
+ domain_dn, msg);
+ last_set_time = samdb_result_nttime(msg, "pwdLastSet", 0);
+
+ workstation_list = samdb_result_string(msg, "userWorkstations", NULL);
+
+ /* Quit if the account was disabled. */
+ if (acct_flags & ACB_DISABLED) {
+ DEBUG(1,("authsam_account_ok: Account for user '%s' was disabled.\n", name_for_logs));
+ return NT_STATUS_ACCOUNT_DISABLED;
+ }
+
+ /* Quit if the account was locked out. */
+ if (acct_flags & ACB_AUTOLOCK) {
+ DEBUG(1,("authsam_account_ok: Account for user %s was locked out.\n", name_for_logs));
+ return NT_STATUS_ACCOUNT_LOCKED_OUT;
+ }
+
+ /* Test account expire time */
+ unix_to_nt_time(&now, time(NULL));
+ if (now > acct_expiry) {
+ DEBUG(1,("authsam_account_ok: Account for user '%s' has expired.\n", name_for_logs));
+ DEBUG(3,("authsam_account_ok: Account expired at '%s'.\n",
+ nt_time_string(mem_ctx, acct_expiry)));
+ return NT_STATUS_ACCOUNT_EXPIRED;
+ }
+
+ if (!(acct_flags & ACB_PWNOEXP)) {
+ /* check for immediate expiry "must change at next logon" */
+ if (must_change_time == 0 && last_set_time != 0) {
+ DEBUG(1,("sam_account_ok: Account for user '%s' password must change!.\n",
+ name_for_logs));
+ return NT_STATUS_PASSWORD_MUST_CHANGE;
+ }
+
+ /* check for expired password */
+ if ((must_change_time != 0) && (must_change_time < now)) {
+ DEBUG(1,("sam_account_ok: Account for user '%s' password expired!.\n",
+ name_for_logs));
+ DEBUG(1,("sam_account_ok: Password expired at '%s' unix time.\n",
+ nt_time_string(mem_ctx, must_change_time)));
+ return NT_STATUS_PASSWORD_EXPIRED;
+ }
+ }
+
+ /* Test workstation. Workstation list is comma separated. */
+ if (logon_workstation && workstation_list && *workstation_list) {
+ BOOL invalid_ws = True;
+ int i;
+ const char **workstations = str_list_make(mem_ctx, workstation_list, ",");
+
+ for (i = 0; workstations && workstations[i]; i++) {
+ DEBUG(10,("sam_account_ok: checking for workstation match '%s' and '%s'\n",
+ workstations[i], logon_workstation));
+
+ if (strequal(workstations[i], logon_workstation) == 0) {
+ invalid_ws = False;
+ break;
+ }
+ }
+
+ talloc_free(workstations);
+
+ if (invalid_ws) {
+ return NT_STATUS_INVALID_WORKSTATION;
+ }
+ }
+
+ if (acct_flags & ACB_DOMTRUST) {
+ DEBUG(2,("sam_account_ok: Domain trust account %s denied by server\n", name_for_logs));
+ return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT;
+ }
+
+ if (!(logon_parameters & MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT)) {
+ if (acct_flags & ACB_SVRTRUST) {
+ DEBUG(2,("sam_account_ok: Server trust account %s denied by server\n", name_for_logs));
+ return NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT;
+ }
+ }
+ if (!(logon_parameters & MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT)) {
+ if (acct_flags & ACB_WSTRUST) {
+ DEBUG(4,("sam_account_ok: Wksta trust account %s denied by server\n", name_for_logs));
+ return NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT;
+ }
+ }
+
+ return NT_STATUS_OK;
+}
+
+_PUBLIC_ NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx,
+ struct ldb_message *msg,
+ struct ldb_message *msg_domain_ref,
+ DATA_BLOB user_sess_key, DATA_BLOB lm_sess_key,
+ struct auth_serversupplied_info **_server_info)
+{
+ struct auth_serversupplied_info *server_info;
+ struct ldb_message **group_msgs;
+ int group_ret;
+ const char *group_attrs[3] = { "sAMAccountType", "objectSid", NULL };
+ /* find list of sids */
+ struct dom_sid **groupSIDs = NULL;
+ struct dom_sid *account_sid;
+ struct dom_sid *primary_group_sid;
+ const char *str;
+ struct ldb_dn *ncname;
+ int i;
+ uint_t rid;
+ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+
+ group_ret = gendb_search(sam_ctx,
+ tmp_ctx, NULL, &group_msgs, group_attrs,
+ "(&(member=%s)(sAMAccountType=*))",
+ ldb_dn_linearize(tmp_ctx, msg->dn));
+ if (group_ret == -1) {
+ talloc_free(tmp_ctx);
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ server_info = talloc(mem_ctx, struct auth_serversupplied_info);
+ NT_STATUS_HAVE_NO_MEMORY(server_info);
+
+ if (group_ret > 0) {
+ groupSIDs = talloc_array(server_info, struct dom_sid *, group_ret);
+ NT_STATUS_HAVE_NO_MEMORY(groupSIDs);
+ }
+
+ /* Need to unroll some nested groups, but not aliases */
+ for (i = 0; i < group_ret; i++) {
+ groupSIDs[i] = samdb_result_dom_sid(groupSIDs,
+ group_msgs[i], "objectSid");
+ NT_STATUS_HAVE_NO_MEMORY(groupSIDs[i]);
+ }
+
+ talloc_free(tmp_ctx);
+
+ account_sid = samdb_result_dom_sid(server_info, msg, "objectSid");
+ NT_STATUS_HAVE_NO_MEMORY(account_sid);
+
+ primary_group_sid = dom_sid_dup(server_info, account_sid);
+ NT_STATUS_HAVE_NO_MEMORY(primary_group_sid);
+
+ rid = samdb_result_uint(msg, "primaryGroupID", ~0);
+ if (rid == ~0) {
+ if (group_ret > 0) {
+ primary_group_sid = groupSIDs[0];
+ } else {
+ primary_group_sid = NULL;
+ }
+ } else {
+ primary_group_sid->sub_auths[primary_group_sid->num_auths-1] = rid;
+ }
+
+ server_info->account_sid = account_sid;
+ server_info->primary_group_sid = primary_group_sid;
+
+ server_info->n_domain_groups = group_ret;
+ server_info->domain_groups = groupSIDs;
+
+ server_info->account_name = talloc_steal(server_info, samdb_result_string(msg, "sAMAccountName", NULL));
+
+ server_info->domain_name = talloc_steal(server_info, samdb_result_string(msg_domain_ref, "nETBIOSName", NULL));
+
+ str = samdb_result_string(msg, "displayName", "");
+ server_info->full_name = talloc_strdup(server_info, str);
+ NT_STATUS_HAVE_NO_MEMORY(server_info->full_name);
+
+ str = samdb_result_string(msg, "scriptPath", "");
+ server_info->logon_script = talloc_strdup(server_info, str);
+ NT_STATUS_HAVE_NO_MEMORY(server_info->logon_script);
+
+ str = samdb_result_string(msg, "profilePath", "");
+ server_info->profile_path = talloc_strdup(server_info, str);
+ NT_STATUS_HAVE_NO_MEMORY(server_info->profile_path);
+
+ str = samdb_result_string(msg, "homeDirectory", "");
+ server_info->home_directory = talloc_strdup(server_info, str);
+ NT_STATUS_HAVE_NO_MEMORY(server_info->home_directory);
+
+ str = samdb_result_string(msg, "homeDrive", "");
+ server_info->home_drive = talloc_strdup(server_info, str);
+ NT_STATUS_HAVE_NO_MEMORY(server_info->home_drive);
+
+ server_info->logon_server = talloc_strdup(server_info, lp_netbios_name());
+ NT_STATUS_HAVE_NO_MEMORY(server_info->logon_server);
+
+ server_info->last_logon = samdb_result_nttime(msg, "lastLogon", 0);
+ server_info->last_logoff = samdb_result_nttime(msg, "lastLogoff", 0);
+ server_info->acct_expiry = samdb_result_nttime(msg, "accountExpires", 0);
+ server_info->last_password_change = samdb_result_nttime(msg, "pwdLastSet", 0);
+
+ ncname = samdb_result_dn(mem_ctx, msg_domain_ref, "nCName", NULL);
+ if (!ncname) {
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+ server_info->allow_password_change
+ = samdb_result_allow_password_change(sam_ctx, mem_ctx,
+ ncname, msg, "pwdLastSet");
+ server_info->force_password_change
+ = samdb_result_force_password_change(sam_ctx, mem_ctx,
+ ncname, msg);
+
+ server_info->logon_count = samdb_result_uint(msg, "logonCount", 0);
+ server_info->bad_password_count = samdb_result_uint(msg, "badPwdCount", 0);
+
+ server_info->acct_flags = samdb_result_acct_flags(msg, "userAccountControl");
+
+ server_info->user_session_key = user_sess_key;
+ server_info->lm_session_key = lm_sess_key;
+
+ server_info->authenticated = True;
+
+ *_server_info = server_info;
+
+ return NT_STATUS_OK;
+}
+
+_PUBLIC_ NTSTATUS sam_get_results_principal(struct ldb_context *sam_ctx,
+ TALLOC_CTX *mem_ctx, const char *principal,
+ struct ldb_message ***msgs,
+ struct ldb_message ***msgs_domain_ref)
+{
+ struct ldb_dn *user_dn, *domain_dn;
+ NTSTATUS nt_status;
+ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ int ret;
+
+ if (!tmp_ctx) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ nt_status = crack_user_principal_name(sam_ctx, tmp_ctx, principal, &user_dn, &domain_dn);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ talloc_free(tmp_ctx);
+ return nt_status;
+ }
+
+ /* grab domain info from the reference */
+ ret = gendb_search(sam_ctx, tmp_ctx, NULL, msgs_domain_ref, domain_ref_attrs,
+ "(ncName=%s)", ldb_dn_linearize(tmp_ctx, domain_dn));
+
+ if (ret != 1) {
+ talloc_free(tmp_ctx);
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+
+ /* pull the user attributes */
+ ret = gendb_search_dn(sam_ctx, tmp_ctx, user_dn, msgs, user_attrs);
+ if (ret != 1) {
+ talloc_free(tmp_ctx);
+ return NT_STATUS_INTERNAL_DB_CORRUPTION;
+ }
+ talloc_steal(mem_ctx, *msgs);
+ talloc_steal(mem_ctx, *msgs_domain_ref);
+ talloc_free(tmp_ctx);
+
+ return NT_STATUS_OK;
+}
+
+/* Used in the gensec_gssapi and gensec_krb5 server-side code, where the PAC isn't available */
+NTSTATUS sam_get_server_info_principal(TALLOC_CTX *mem_ctx, const char *principal,
+ struct auth_serversupplied_info **server_info)
+{
+ NTSTATUS nt_status;
+ DATA_BLOB user_sess_key = data_blob(NULL, 0);
+ DATA_BLOB lm_sess_key = data_blob(NULL, 0);
+
+ struct ldb_message **msgs;
+ struct ldb_message **msgs_domain_ref;
+ struct ldb_context *sam_ctx;
+
+ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ if (!tmp_ctx) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ sam_ctx = samdb_connect(tmp_ctx, system_session(tmp_ctx));
+ if (sam_ctx == NULL) {
+ talloc_free(tmp_ctx);
+ return NT_STATUS_INVALID_SYSTEM_SERVICE;
+ }
+
+ nt_status = sam_get_results_principal(sam_ctx, tmp_ctx, principal,
+ &msgs, &msgs_domain_ref);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
+
+ nt_status = authsam_make_server_info(tmp_ctx, sam_ctx, msgs[0], msgs_domain_ref[0],
+ user_sess_key, lm_sess_key,
+ server_info);
+ if (NT_STATUS_IS_OK(nt_status)) {
+ talloc_steal(mem_ctx, *server_info);
+ }
+ talloc_free(tmp_ctx);
+ return nt_status;
+}
diff --git a/source4/build/smb_build/TODO b/source4/build/smb_build/TODO
index 3ded826539..c21c3b8082 100644
--- a/source4/build/smb_build/TODO
+++ b/source4/build/smb_build/TODO
@@ -1,4 +1,6 @@
- let the build system implement some make functions($(patsubst),$(wildcard),...) and use our own implementations where `make' does not support them
+- include extra_flags.txt using Makefile construction if
+ supported by current make
- change default subsystem/library build type to STATIC_LIBRARY
- fix order of UNIQUE_DEPENDENCIES
- make --enable-dso the default
diff --git a/source4/build/smb_build/input.pm b/source4/build/smb_build/input.pm
index 09721f3a49..887677243d 100644
--- a/source4/build/smb_build/input.pm
+++ b/source4/build/smb_build/input.pm
@@ -65,10 +65,7 @@ sub check_module($$$)
$mod->{INIT_FUNCTION_TYPE} = "NTSTATUS (*) (void)";
}
- if (defined($mod->{CHOSEN_BUILD}) and $mod->{CHOSEN_BUILD} ne "DEFAULT")
- {
- $mod->{OUTPUT_TYPE} = $mod->{CHOSEN_BUILD};
- } elsif (not defined($mod->{OUTPUT_TYPE})) {
+ if (not defined($mod->{OUTPUT_TYPE})) {
$mod->{OUTPUT_TYPE} = $default_ot;
}
@@ -76,8 +73,7 @@ sub check_module($$$)
$mod->{INSTALLDIR} = "MODULESDIR/$mod->{SUBSYSTEM}";
push (@{$mod->{PRIVATE_DEPENDENCIES}}, $mod->{SUBSYSTEM}) unless
$INPUT->{$mod->{SUBSYSTEM}}->{TYPE} eq "BINARY";
- } else {
- push (@{$INPUT->{$mod->{SUBSYSTEM}}{PRIVATE_DEPENDENCIES}}, $mod->{NAME});
+ } else {
push (@{$INPUT->{$mod->{SUBSYSTEM}}{INIT_FUNCTIONS}}, $mod->{INIT_FUNCTION}) if defined($mod->{INIT_FUNCTION});
}
}
@@ -118,17 +114,33 @@ sub check_binary($$)
$bin->{OUTPUT_TYPE} = "BINARY";
}
+
+sub import_integrated($$)
+{
+ my ($lib, $depend) = @_;
+
+ foreach my $mod (values %$depend) {
+ next if(not defined($mod->{SUBSYSTEM}));
+ next if($mod->{SUBSYSTEM} ne $lib->{NAME});
+ next if($mod->{ENABLE} ne "YES");
+
+ push (@{$lib->{FULL_OBJ_LIST}}, "\$($mod->{TYPE}_$mod->{NAME}_OBJ_LIST)");
+ push (@{$lib->{LINK_FLAGS}}, "\$($mod->{TYPE}_$mod->{NAME}_LINK_FLAGS)");
+ push (@{$lib->{PRIVATE_DEPENDENCIES}}, @{$mod->{PUBLIC_DEPENDENCIES}}) if defined($mod->{PUBLIC_DEPENDENCIES});
+ push (@{$lib->{PRIVATE_DEPENDENCIES}}, @{$mod->{PRIVATE_DEPENDENCIES}}) if defined($mod->{PRIVATE_DEPENDENCIES});
+
+ $mod->{ENABLE} = "NO";
+ }
+}
+
sub calc_unique_deps($$$$$$)
{
sub calc_unique_deps($$$$$$);
my ($name, $INPUT, $deps, $udeps, $withlibs, $busy) = @_;
foreach my $n (@$deps) {
- if (grep (/^$n$/, @$busy)) {
- # print "($name) BUSY: $n, list: " . join(',', @$busy) . "\n";
- # die("Recursive dependency for $dep->{NAME}");
- next;
- }
+ die("Dependency unknown: $n") unless (defined($INPUT->{$n}));
+ die("Recursive dependency: $n, list: " . join(',', @$busy)) if (grep (/^$n$/, @$busy));
next if (grep /^$n$/, @$udeps);
my $dep = $INPUT->{$n};
@@ -136,6 +148,7 @@ sub calc_unique_deps($$$$$$)
($withlibs or
($dep->{OUTPUT_TYPE} eq "OBJ_LIST") or
($dep->{OUTPUT_TYPE} eq "MERGEDOBJ") or
+ ($dep->{OUTPUT_TYPE} eq "INTEGRATED") or
($dep->{OUTPUT_TYPE} eq "STATIC_LIBRARY"))) {
push (@$busy, $dep->{NAME});
calc_unique_deps($dep->{NAME}, $INPUT, $dep->{PUBLIC_DEPENDENCIES}, $udeps, $withlibs, $busy);
@@ -143,9 +156,7 @@ sub calc_unique_deps($$$$$$)
pop (@$busy);
}
- # FIXME: Insert at the right position
- push (@{$udeps}, $dep->{NAME});
-
+ unshift (@{$udeps}, $dep->{NAME});
}
}
@@ -191,6 +202,8 @@ sub check($$$$$)
foreach my $k (keys %$INPUT) {
my $part = $INPUT->{$k};
+ $part->{FULL_OBJ_LIST} = ["\$($part->{TYPE}_$part->{NAME}_OBJ_LIST)"];
+
check_subsystem($INPUT, $part, $subsys_ot) if ($part->{TYPE} eq "SUBSYSTEM");
check_module($INPUT, $part, $module_ot) if ($part->{TYPE} eq "MODULE");
check_library($INPUT, $part, $lib_ot) if ($part->{TYPE} eq "LIBRARY");
@@ -198,6 +211,10 @@ sub check($$$$$)
}
foreach my $part (values %$INPUT) {
+ import_integrated($part, $INPUT);
+ }
+
+ foreach my $part (values %$INPUT) {
$part->{UNIQUE_DEPENDENCIES} = [];
calc_unique_deps($part->{NAME}, $INPUT, $part->{PUBLIC_DEPENDENCIES}, $part->{UNIQUE_DEPENDENCIES}, 0, []);
calc_unique_deps($part->{NAME}, $INPUT, $part->{PRIVATE_DEPENDENCIES}, $part->{UNIQUE_DEPENDENCIES}, 0, []);
diff --git a/source4/build/smb_build/main.pl b/source4/build/smb_build/main.pl
index 4f6787eaf8..ec4ad0995e 100644
--- a/source4/build/smb_build/main.pl
+++ b/source4/build/smb_build/main.pl
@@ -45,10 +45,8 @@ if (defined($ENV{"MODULE_OUTPUT_TYPE"})) {
$module_output_type = $ENV{MODULE_OUTPUT_TYPE};
} elsif ($config::config{BLDSHARED} eq "true") {
$module_output_type = "SHARED_LIBRARY";
-} elsif ($config::config{BLDMERGED} eq "true") {
- $module_output_type = "MERGEDOBJ";
} else {
- $module_output_type = "OBJ_LIST";
+ $module_output_type = "INTEGRATED";
}
my $DEPEND = smb_build::input::check($INPUT, \%config::enabled,
@@ -59,6 +57,13 @@ $config::config{LIBRARY_OUTPUT_TYPE} = $library_output_type;
$config::config{MODULE_OUTPUT_TYPE} = $module_output_type;
my $mkenv = new smb_build::makefile(\%config::config, $mkfile);
+
+foreach my $key (values %$OUTPUT) {
+ next unless defined $key->{OUTPUT_TYPE};
+
+ $mkenv->Integrated($key) if $key->{OUTPUT_TYPE} eq "INTEGRATED";
+}
+
foreach my $key (values %$OUTPUT) {
next unless defined $key->{OUTPUT_TYPE};
diff --git a/source4/build/smb_build/makefile.pm b/source4/build/smb_build/makefile.pm
index aa9f93fc2d..83a1f28b0c 100644
--- a/source4/build/smb_build/makefile.pm
+++ b/source4/build/smb_build/makefile.pm
@@ -197,6 +197,14 @@ sub _prepare_list($$$)
$self->output("$ctx->{TYPE}\_$ctx->{NAME}_$var =$tmplist\n");
}
+sub Integrated($$)
+{
+ my ($self,$ctx) = @_;
+
+ $self->_prepare_list($ctx, "OBJ_LIST");
+ $self->_prepare_list($ctx, "LINK_FLAGS");
+}
+
sub SharedLibrary($$)
{
my ($self,$ctx) = @_;
@@ -231,11 +239,11 @@ sub SharedLibrary($$)
}
$self->_prepare_list($ctx, "OBJ_LIST");
+ $self->_prepare_list($ctx, "FULL_OBJ_LIST");
$self->_prepare_list($ctx, "DEPEND_LIST");
- $self->_prepare_list($ctx, "LINK_LIST");
$self->_prepare_list($ctx, "LINK_FLAGS");
- push(@{$self->{all_objs}}, "\$($ctx->{TYPE}_$ctx->{NAME}_OBJ_LIST)");
+ push(@{$self->{all_objs}}, "\$($ctx->{TYPE}_$ctx->{NAME}_FULL_OBJ_LIST)");
if ($ctx->{TYPE} eq "MODULE" and defined($ctx->{INIT_FUNCTION})) {
my $init_fn = $ctx->{INIT_FUNCTION_TYPE};
@@ -270,12 +278,12 @@ __EOD__
$self->output(<< "__EOD__"
#
-$ctx->{TARGET}: \$($ctx->{TYPE}_$ctx->{NAME}_DEPEND_LIST) \$($ctx->{TYPE}_$ctx->{NAME}_OBJ_LIST) $init_obj
+$ctx->{TARGET}: \$($ctx->{TYPE}_$ctx->{NAME}_DEPEND_LIST) \$($ctx->{TYPE}_$ctx->{NAME}_FULL_OBJ_LIST) $init_obj
\@echo Linking \$\@
\@mkdir -p $ctx->{DEBUGDIR}
\@\$(SHLD) \$(SHLD_FLAGS) -o \$\@ \$(LOCAL_LINK_FLAGS) \\
\$($ctx->{TYPE}_$ctx->{NAME}_LINK_FLAGS) $soarg \\
- $init_obj \$($ctx->{TYPE}_$ctx->{NAME}_LINK_LIST)$soargdebug
+ $init_obj $soargdebug
__EOD__
);
if (defined($ctx->{ALIASES})) {
@@ -297,12 +305,12 @@ __EOD__
$self->output(<< "__EOD__"
#
-$installdir/$ctx->{LIBRARY_REALNAME}: \$($ctx->{TYPE}_$ctx->{NAME}_DEPEND_LIST) \$($ctx->{TYPE}_$ctx->{NAME}_OBJ_LIST) $init_obj
+$installdir/$ctx->{LIBRARY_REALNAME}: \$($ctx->{TYPE}_$ctx->{NAME}_DEPEND_LIST) \$($ctx->{TYPE}_$ctx->{NAME}_FULL_OBJ_LIST) $init_obj
\@echo Linking \$\@
\@mkdir -p $installdir
\@\$(SHLD) \$(SHLD_FLAGS) -o \$\@ \$(INSTALL_LINK_FLAGS) \\
\$($ctx->{TYPE}_$ctx->{NAME}_LINK_FLAGS) $soarg \\
- $init_obj \$($ctx->{TYPE}_$ctx->{NAME}_LINK_LIST)$singlesoarg
+ $init_obj $singlesoarg
__EOD__
);
@@ -312,17 +320,18 @@ sub MergedObj($$)
{
my ($self,$ctx) = @_;
- return unless $ctx->{TARGET};
-
$self->_prepare_list($ctx, "OBJ_LIST");
+ $self->_prepare_list($ctx, "FULL_OBJ_LIST");
$self->_prepare_list($ctx, "DEPEND_LIST");
- push(@{$self->{all_objs}}, "\$($ctx->{TYPE}_$ctx->{NAME}_OBJ_LIST)");
+ return unless $ctx->{TARGET};
+
+ push(@{$self->{all_objs}}, "\$($ctx->{TYPE}_$ctx->{NAME}_FULL_OBJ_LIST)");
- $self->output("$ctx->{TARGET}: \$($ctx->{TYPE}_$ctx->{NAME}_OBJ_LIST)\n");
+ $self->output("$ctx->{TARGET}: \$($ctx->{TYPE}_$ctx->{NAME}_FULL_OBJ_LIST)\n");
$self->output("\t\@echo \"Pre-Linking $ctx->{TYPE} $ctx->{NAME}\"\n");
- $self->output("\t@\$(LD) -r \$($ctx->{TYPE}_$ctx->{NAME}_OBJ_LIST) -o $ctx->{TARGET}\n");
+ $self->output("\t@\$(LD) -r \$($ctx->{TYPE}_$ctx->{NAME}_FULL_OBJ_LIST) -o $ctx->{TARGET}\n");
$self->output("\n");
}
@@ -332,12 +341,13 @@ sub ObjList($$)
return unless $ctx->{TARGET};
- push(@{$self->{all_objs}}, "\$($ctx->{TYPE}_$ctx->{NAME}_OBJ_LIST)");
+ push(@{$self->{all_objs}}, "\$($ctx->{TYPE}_$ctx->{NAME}_FULL_OBJ_LIST)");
$self->_prepare_list($ctx, "OBJ_LIST");
+ $self->_prepare_list($ctx, "FULL_OBJ_LIST");
$self->_prepare_list($ctx, "DEPEND_LIST");
$self->output("$ctx->{TARGET}: ");
- $self->output("\$($ctx->{TYPE}_$ctx->{NAME}_DEPEND_LIST) \$($ctx->{TYPE}_$ctx->{NAME}_OBJ_LIST)\n");
+ $self->output("\$($ctx->{TYPE}_$ctx->{NAME}_DEPEND_LIST) \$($ctx->{TYPE}_$ctx->{NAME}_FULL_OBJ_LIST)\n");
$self->output("\t\@touch $ctx->{TARGET}\n");
}
@@ -348,19 +358,17 @@ sub StaticLibrary($$)
push (@{$self->{static_libs}}, $ctx->{TARGET});
$self->_prepare_list($ctx, "OBJ_LIST");
+ $self->_prepare_list($ctx, "FULL_OBJ_LIST");
- $self->_prepare_list($ctx, "DEPEND_LIST");
- $self->_prepare_list($ctx, "LINK_LIST");
$self->_prepare_list($ctx, "LINK_FLAGS");
- push(@{$self->{all_objs}}, "\$($ctx->{TYPE}_$ctx->{NAME}_OBJ_LIST)");
+ push(@{$self->{all_objs}}, "\$($ctx->{TYPE}_$ctx->{NAME}_FULL_OBJ_LIST)");
$self->output(<< "__EOD__"
#
-$ctx->{TARGET}: \$($ctx->{TYPE}_$ctx->{NAME}_OBJ_LIST)
+$ctx->{TARGET}: \$($ctx->{TYPE}_$ctx->{NAME}_FULL_OBJ_LIST)
\@echo Linking \$@
- \@\$(STLD) \$(STLD_FLAGS) \$@ \\
- \$($ctx->{TYPE}_$ctx->{NAME}_OBJ_LIST)
+ \@\$(STLD) \$(STLD_FLAGS) \$@ \$($ctx->{TYPE}_$ctx->{NAME}_FULL_OBJ_LIST)
__EOD__
);
@@ -391,7 +399,7 @@ sub Binary($$)
$installdir = "bin";
}
- push(@{$self->{all_objs}}, "\$($ctx->{TYPE}_$ctx->{NAME}_OBJ_LIST)");
+ push(@{$self->{all_objs}}, "\$($ctx->{TYPE}_$ctx->{NAME}_FULL_OBJ_LIST)");
unless (defined($ctx->{INSTALLDIR})) {
} elsif ($ctx->{INSTALLDIR} eq "SBINDIR") {
@@ -403,17 +411,16 @@ sub Binary($$)
push (@{$self->{binaries}}, "bin/$ctx->{BINARY}");
$self->_prepare_list($ctx, "OBJ_LIST");
+ $self->_prepare_list($ctx, "FULL_OBJ_LIST");
$self->_prepare_list($ctx, "DEPEND_LIST");
- $self->_prepare_list($ctx, "LINK_LIST");
$self->_prepare_list($ctx, "LINK_FLAGS");
if ($self->{duplicate_build}) {
$self->output(<< "__EOD__"
#
-bin/$ctx->{BINARY}: \$($ctx->{TYPE}_$ctx->{NAME}_DEPEND_LIST) \$($ctx->{TYPE}_$ctx->{NAME}_OBJ_LIST)
+bin/$ctx->{BINARY}: \$($ctx->{TYPE}_$ctx->{NAME}_DEPEND_LIST) \$($ctx->{TYPE}_$ctx->{NAME}_FULL_OBJ_LIST)
\@echo Linking \$\@
\@\$(CC) \$(LDFLAGS) -o \$\@ \$(LOCAL_LINK_FLAGS) \$(INSTALL_LINK_FLAGS) \\
- \$\($ctx->{TYPE}_$ctx->{NAME}_LINK_LIST) \\
\$\($ctx->{TYPE}_$ctx->{NAME}_LINK_FLAGS)
__EOD__
@@ -421,10 +428,9 @@ __EOD__
}
$self->output(<< "__EOD__"
-$installdir/$ctx->{BINARY}: \$($ctx->{TYPE}_$ctx->{NAME}_DEPEND_LIST) \$($ctx->{TYPE}_$ctx->{NAME}_OBJ_LIST)
+$installdir/$ctx->{BINARY}: \$($ctx->{TYPE}_$ctx->{NAME}_DEPEND_LIST) \$($ctx->{TYPE}_$ctx->{NAME}_FULL_OBJ_LIST)
\@echo Linking \$\@
\@\$(CC) \$(LDFLAGS) -o \$\@ \$(INSTALL_LINK_FLAGS) \\
- \$\($ctx->{TYPE}_$ctx->{NAME}_LINK_LIST) \\
\$\($ctx->{TYPE}_$ctx->{NAME}_LINK_FLAGS)
__EOD__
diff --git a/source4/build/smb_build/output.pm b/source4/build/smb_build/output.pm
index de122ee9a0..ba8359a72b 100644
--- a/source4/build/smb_build/output.pm
+++ b/source4/build/smb_build/output.pm
@@ -16,8 +16,10 @@ sub add_dir($$)
$dir =~ s/^\.\///g;
foreach (@$files) {
- $_ = "$dir/$_";
- s/([^\/\.]+)\/\.\.\///g;
+ if (substr($_, 0, 1) ne "\$") {
+ $_ = "$dir/$_";
+ s/([^\/\.]+)\/\.\.\///g;
+ }
push (@ret, $_);
}
@@ -45,8 +47,8 @@ sub generate_shared_library($)
my $link_name;
my $lib_name;
- @{$lib->{DEPEND_LIST}} = ();
- @{$lib->{LINK_LIST}} = ("\$($lib->{TYPE}_$lib->{NAME}\_OBJ_LIST)");
+ $lib->{DEPEND_LIST} = [];
+ $lib->{LINK_FLAGS} = ["\$($lib->{TYPE}_$lib->{NAME}\_OBJ_LIST)"];
$link_name = lc($lib->{NAME});
$lib_name = $link_name;
@@ -77,8 +79,8 @@ sub generate_shared_library($)
}
if (defined($lib->{VERSION})) {
- $lib->{LIBRARY_SONAME} = $lib->{LIBRARY_REALNAME}.".$lib->{SO_VERSION}";
- $lib->{LIBRARY_REALNAME} = $lib->{LIBRARY_REALNAME}.".$lib->{VERSION}";
+ $lib->{LIBRARY_SONAME} = "$lib->{LIBRARY_REALNAME}.$lib->{SO_VERSION}";
+ $lib->{LIBRARY_REALNAME} = "$lib->{LIBRARY_REALNAME}.$lib->{VERSION}";
}
$lib->{TARGET} = "$lib->{DEBUGDIR}/$lib->{LIBRARY_REALNAME}";
@@ -90,14 +92,13 @@ sub generate_static_library($)
my $lib = shift;
my $link_name;
- @{$lib->{DEPEND_LIST}} = ();
+ $lib->{DEPEND_LIST} = [];
$link_name = $lib->{NAME};
$link_name =~ s/^LIB//;
$lib->{LIBRARY_NAME} = "lib".lc($link_name).".a";
- @{$lib->{LINK_LIST}} = ("\$($lib->{TYPE}_$lib->{NAME}\_OBJ_LIST)");
- @{$lib->{LINK_FLAGS}} = ();
+ $lib->{LINK_FLAGS} = ["\$($lib->{TYPE}_$lib->{NAME}\_OBJ_LIST)"];
$lib->{TARGET} = "bin/$lib->{LIBRARY_NAME}";
$lib->{OUTPUT} = "-l".lc($link_name);
@@ -107,9 +108,8 @@ sub generate_binary($)
{
my $bin = shift;
- @{$bin->{DEPEND_LIST}} = ();
- @{$bin->{LINK_LIST}} = ("\$($bin->{TYPE}_$bin->{NAME}\_OBJ_LIST)");
- @{$bin->{LINK_FLAGS}} = ();
+ $bin->{DEPEND_LIST} = [];
+ $bin->{LINK_FLAGS} = ["\$($bin->{TYPE}_$bin->{NAME}\_OBJ_LIST)"];
$bin->{RELEASEDIR} = "bin/install";
$bin->{DEBUGDIR} = "bin/";
@@ -117,17 +117,16 @@ sub generate_binary($)
$bin->{BINARY} = $bin->{NAME};
}
+
sub create_output($$)
{
my ($depend, $config) = @_;
my $part;
foreach $part (values %{$depend}) {
- next if not defined($part->{OUTPUT_TYPE});
+ next unless(defined($part->{OUTPUT_TYPE}));
# Combine object lists
- push(@{$part->{OBJ_LIST}}, add_dir($part->{BASEDIR}, $part->{INIT_OBJ_FILES})) if defined($part->{INIT_OBJ_FILES});
- push(@{$part->{OBJ_LIST}}, add_dir($part->{BASEDIR}, $part->{ADD_OBJ_FILES})) if defined($part->{ADD_OBJ_FILES});
push(@{$part->{OBJ_LIST}}, add_dir($part->{BASEDIR}, $part->{OBJ_FILES})) if defined($part->{OBJ_FILES});
if ((not defined($part->{OBJ_LIST}) or
@@ -161,7 +160,7 @@ sub create_output($$)
my $elem = $depend->{$_};
next if $elem == $part;
- push(@{$part->{LINK_LIST}}, $elem->{OUTPUT}) if defined($elem->{OUTPUT});
+ push(@{$part->{LINK_FLAGS}}, $elem->{OUTPUT}) if defined($elem->{OUTPUT});
push(@{$part->{LINK_FLAGS}}, @{$elem->{LIBS}}) if defined($elem->{LIBS});
push(@{$part->{LINK_FLAGS}},@{$elem->{LDFLAGS}}) if defined($elem->{LDFLAGS});
push(@{$part->{DEPEND_LIST}}, $elem->{TARGET}) if defined($elem->{TARGET});
@@ -177,6 +176,7 @@ sub create_output($$)
}
}
+
return $depend;
}
diff --git a/source4/dsdb/config.mk b/source4/dsdb/config.mk
index e0426167e3..5d7029b77a 100644
--- a/source4/dsdb/config.mk
+++ b/source4/dsdb/config.mk
@@ -7,7 +7,7 @@ include samdb/ldb_modules/config.mk
[SUBSYSTEM::SAMDB]
PUBLIC_PROTO_HEADER = samdb/samdb_proto.h
PUBLIC_HEADERS = samdb/samdb.h
-PUBLIC_DEPENDENCIES = ldb LIBCLI_LDAP
+PUBLIC_DEPENDENCIES = ldb LIBCLI_LDAP HEIMDAL_KRB5
OBJ_FILES = \
samdb/samdb.o \
samdb/samdb_privilege.o \
diff --git a/source4/lib/charset/util_unistr.c b/source4/lib/charset/util_unistr.c
index faa1398eac..f55e390856 100644
--- a/source4/lib/charset/util_unistr.c
+++ b/source4/lib/charset/util_unistr.c
@@ -613,3 +613,22 @@ _PUBLIC_ void strupper_m(char *s)
*d = 0;
}
+
+/**
+ Find the number of 'c' chars in a string
+**/
+_PUBLIC_ size_t count_chars_w(const char *s, char c)
+{
+ size_t count = 0;
+
+ while (*s) {
+ size_t size;
+ codepoint_t c2 = next_codepoint(s, &size);
+ if (c2 == c) count++;
+ s += size;
+ }
+
+ return count;
+}
+
+
diff --git a/source4/lib/ldb/config.mk b/source4/lib/ldb/config.mk
index 00344f68f6..224dd32142 100644
--- a/source4/lib/ldb/config.mk
+++ b/source4/lib/ldb/config.mk
@@ -177,7 +177,7 @@ OBJ_FILES = \
OBJ_FILES= \
tools/cmdline.o
PUBLIC_DEPENDENCIES = ldb LIBSAMBA-UTIL LIBPOPT POPT_SAMBA POPT_CREDENTIALS
-PRIVATE_DEPENDENCIES = gensec
+PRIVATE_DEPENDENCIES = gensec LIBCLI_RESOLVE
# End SUBSYSTEM LIBLDB_CMDLINE
################################################
diff --git a/source4/lib/registry/config.mk b/source4/lib/registry/config.mk
index 44437dfa69..89a77c231e 100644
--- a/source4/lib/registry/config.mk
+++ b/source4/lib/registry/config.mk
@@ -53,7 +53,7 @@ PUBLIC_DEPENDENCIES = LIBTALLOC
[MODULE::registry_rpc]
INIT_FUNCTION = registry_rpc_init
PRIVATE_PROTO_HEADER = reg_backend_rpc.h
-OUTPUT_TYPE = MERGEDOBJ
+OUTPUT_TYPE = INTEGRATED
SUBSYSTEM = registry
OBJ_FILES = \
reg_backend_rpc.o
diff --git a/source4/lib/registry/registry.h b/source4/lib/registry/registry.h
index b556829880..385b0e7d6f 100644
--- a/source4/lib/registry/registry.h
+++ b/source4/lib/registry/registry.h
@@ -169,6 +169,7 @@ struct reg_diff
};
struct auth_session_info;
+struct event_context;
#include "lib/registry/registry_proto.h"
diff --git a/source4/lib/socket/config.mk b/source4/lib/socket/config.mk
index 25838c58cc..bbac1ff6d1 100644
--- a/source4/lib/socket/config.mk
+++ b/source4/lib/socket/config.mk
@@ -3,7 +3,7 @@
# Start MODULE socket_ipv4
[MODULE::socket_ipv4]
SUBSYSTEM = SOCKET
-OUTPUT_TYPE = MERGEDOBJ
+OUTPUT_TYPE = INTEGRATED
OBJ_FILES = \
socket_ipv4.o
PUBLIC_DEPENDENCIES = EXT_SOCKET
@@ -15,7 +15,7 @@ PRIVATE_DEPENDENCIES = LIBSAMBA-ERRORS
# Start MODULE socket_ipv6
[MODULE::socket_ipv6]
SUBSYSTEM = SOCKET
-OUTPUT_TYPE = MERGEDOBJ
+OUTPUT_TYPE = INTEGRATED
OBJ_FILES = \
socket_ipv6.o
PUBLIC_DEPENDENCIES = EXT_SOCKET
@@ -26,7 +26,7 @@ PUBLIC_DEPENDENCIES = EXT_SOCKET
# Start MODULE socket_unix
[MODULE::socket_unix]
SUBSYSTEM = SOCKET
-OUTPUT_TYPE = MERGEDOBJ
+OUTPUT_TYPE = INTEGRATED
OBJ_FILES = \
socket_unix.o
PUBLIC_DEPENDENCIES = EXT_SOCKET
@@ -42,6 +42,7 @@ OBJ_FILES = \
connect_multi.o \
connect.o
PUBLIC_DEPENDENCIES = LIBTALLOC
-PRIVATE_DEPENDENCIES = SOCKET_WRAPPER LIBCLI_COMPOSITE
+PRIVATE_DEPENDENCIES = SOCKET_WRAPPER LIBCLI_COMPOSITE
+#LIBCLI_RESOLVE
# End SUBSYSTEM SOCKET
################################################
diff --git a/source4/lib/util/util_str.c b/source4/lib/util/util_str.c
index 9de27c0777..60419e0510 100644
--- a/source4/lib/util/util_str.c
+++ b/source4/lib/util/util_str.c
@@ -81,15 +81,15 @@ _PUBLIC_ size_t count_chars(const char *s, char c)
size_t count = 0;
while (*s) {
- size_t size;
- codepoint_t c2 = next_codepoint(s, &size);
- if (c2 == c) count++;
- s += size;
+ if (*s == c) count++;
+ s ++;
}
return count;
}
+
+
/**
Safe string copy into a known length string. maxlength does not
include the terminating zero.
@@ -433,12 +433,12 @@ _PUBLIC_ void rfc1738_unescape(char *buf)
{
char *p=buf;
- while ((p=strchr_m(p,'+')))
+ while ((p=strchr(p,'+')))
*p = ' ';
p = buf;
- while (p && *p && (p=strchr_m(p,'%'))) {
+ while (p && *p && (p=strchr(p,'%'))) {
int c1 = p[1];
int c2 = p[2];
diff --git a/source4/libcli/config.mk b/source4/libcli/config.mk
index c62f30dd20..a75cf3bace 100644
--- a/source4/libcli/config.mk
+++ b/source4/libcli/config.mk
@@ -86,11 +86,12 @@ PUBLIC_DEPENDENCIES = NDR_WINSREPL SOCKET LIBEVENTS
PRIVATE_PROTO_HEADER = resolve/proto.h
OBJ_FILES = \
resolve/resolve.o \
- resolve/nbtlist.o \
resolve/bcast.o \
+ resolve/nbtlist.o \
resolve/wins.o \
resolve/host.o
-PUBLIC_DEPENDENCIES = LIBCLI_NBT LIBNETIF
+PUBLIC_DEPENDENCIES = LIBNETIF
+PRIVATE_DEPENDENCIES = LIBCLI_NBT
[SUBSYSTEM::LIBCLI_FINDDCS]
PRIVATE_PROTO_HEADER = finddcs.h
@@ -120,6 +121,7 @@ OBJ_FILES = clireadwrite.o \
[SUBSYSTEM::LIBCLI_RAW]
PRIVATE_PROTO_HEADER = raw/raw_proto.h
+PRIVATE_DEPENDENCIES = LIBCLI_COMPOSITE
PUBLIC_DEPENDENCIES = LIBCLI_RAW_KRB5
OBJ_FILES = raw/rawfile.o \
raw/smb_signing.o \
diff --git a/source4/rpc_server/config.mk b/source4/rpc_server/config.mk
index c187cfdb49..b85700528c 100644
--- a/source4/rpc_server/config.mk
+++ b/source4/rpc_server/config.mk
@@ -123,7 +123,7 @@ PUBLIC_DEPENDENCIES = \
[MODULE::dcerpc_winreg]
INIT_FUNCTION = dcerpc_server_winreg_init
SUBSYSTEM = dcerpc_server
-OUTPUT_TYPE = MERGEDOBJ
+OUTPUT_TYPE = INTEGRATED
OBJ_FILES = \
winreg/rpc_winreg.o
PUBLIC_DEPENDENCIES = \
@@ -141,7 +141,8 @@ OBJ_FILES = \
PUBLIC_DEPENDENCIES = \
DCERPC_COMMON \
SCHANNELDB \
- NDR_NETLOGON
+ NDR_NETLOGON \
+ auth_sam
# End MODULE dcerpc_netlogon
################################################
@@ -164,7 +165,7 @@ PUBLIC_DEPENDENCIES = \
[MODULE::dcerpc_spoolss]
INIT_FUNCTION = dcerpc_server_spoolss_init
SUBSYSTEM = dcerpc_server
-OUTPUT_TYPE = MERGEDOBJ
+OUTPUT_TYPE = INTEGRATED
OBJ_FILES = \
spoolss/dcesrv_spoolss.o
PUBLIC_DEPENDENCIES = \
@@ -218,8 +219,7 @@ OBJ_FILES = \
PUBLIC_DEPENDENCIES = \
LIBCLI_AUTH \
LIBNDR \
- dcerpc \
- service
+ dcerpc
#
# End SUBSYSTEM DCERPC
################################################
diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c
index 9f1b84f77e..dc9537e66c 100644
--- a/source4/rpc_server/netlogon/dcerpc_netlogon.c
+++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c
@@ -25,6 +25,7 @@
#include "rpc_server/dcerpc_server.h"
#include "rpc_server/common/common.h"
#include "lib/ldb/include/ldb.h"
+#include "auth/auth_sam.h"
#include "auth/auth.h"
#include "dsdb/samdb/samdb.h"
#include "rpc_server/samr/proto.h"
diff --git a/source4/smbd/config.mk b/source4/smbd/config.mk
index 3033ed1bb0..8238fe5384 100644
--- a/source4/smbd/config.mk
+++ b/source4/smbd/config.mk
@@ -14,7 +14,7 @@ PUBLIC_DEPENDENCIES = \
# Start MODULE service_smb
[MODULE::service_smb]
INIT_FUNCTION = server_service_smb_init
-OUTPUT_TYPE = MERGEDOBJ
+OUTPUT_TYPE = INTEGRATED
SUBSYSTEM = service
PUBLIC_DEPENDENCIES = \
SMB_SERVER
@@ -26,7 +26,7 @@ PUBLIC_DEPENDENCIES = \
[MODULE::service_rpc]
INIT_FUNCTION = server_service_rpc_init
SUBSYSTEM = service
-OUTPUT_TYPE = MERGEDOBJ
+OUTPUT_TYPE = INTEGRATED
PUBLIC_DEPENDENCIES = \
dcerpc_server
# End MODULE server_rpc
@@ -129,6 +129,10 @@ PRIVATE_DEPENDENCIES = \
LIBSAMBA-UTIL \
PIDFILE \
POPT_SAMBA \
- LIBPOPT
+ LIBPOPT \
+ gensec \
+ registry \
+ ntptr \
+ ntvfs
# End BINARY smbd
#################################
diff --git a/source4/torture/config.mk b/source4/torture/config.mk
index bf5b6ef2fb..09790a686d 100644
--- a/source4/torture/config.mk
+++ b/source4/torture/config.mk
@@ -103,7 +103,7 @@ PUBLIC_DEPENDENCIES = \
[MODULE::torture_rpc]
# TORTURE_NET and TORTURE_NBT use functions from torture_rpc...
-OUTPUT_TYPE = MERGEDOBJ
+OUTPUT_TYPE = INTEGRATED
SUBSYSTEM = torture
INIT_FUNCTION = torture_rpc_init
PRIVATE_PROTO_HEADER = \
diff --git a/source4/utils/config.mk b/source4/utils/config.mk
index 9ffe72352e..cafa022d94 100644
--- a/source4/utils/config.mk
+++ b/source4/utils/config.mk
@@ -29,7 +29,8 @@ PRIVATE_DEPENDENCIES = \
LIBPOPT \
POPT_SAMBA \
POPT_CREDENTIALS \
- gensec
+ gensec \
+ LIBCLI_RESOLVE
MANPAGE = man/ntlm_auth.1
# End BINARY ntlm_auth
#################################
@@ -81,7 +82,8 @@ PRIVATE_DEPENDENCIES = \
LIBCLI_NBT \
LIBPOPT \
POPT_SAMBA \
- LIBNETIF
+ LIBNETIF \
+ LIBCLI_RESOLVE
# End BINARY nmblookup
#################################
@@ -96,6 +98,8 @@ PRIVATE_DEPENDENCIES = \
LIBSAMBA-UTIL \
LIBPOPT \
SOCKET \
- POPT_SAMBA
+ POPT_SAMBA \
+ LIBCLI_RESOLVE \
+ CHARSET
# End BINARY testparm
#################################