#include "source4/libgpo/ads_convenience.h"
#else
struct loadparm_context;
+#include "ads.h"
#endif
enum GPO_LINK_TYPE {
LIBADS_OBJ = libads/ldap.o libads/ldap_printer.o \
libads/sasl.o libads/sasl_wrapping.o \
- libads/krb5_setpw.o libads/ldap_user.o \
+ libads/krb5_setpw.o \
+ libads/kerberos_util.o \
+ libads/ldap_user.o \
libads/ads_struct.o libads/kerberos_keytab.o \
libads/disp_sec.o libads/ads_utils.o libads/ldap_utils.o \
libads/ldap_schema.o libads/util.o libads/ndr.o
int critical;
} ads_control;
-#define ADS_IGNORE_PRINCIPAL "not_defined_in_RFC4178@please_ignore"
+#include "libads/ads_proto.h"
+
+#ifdef HAVE_LDAP
+#include "libads/ads_ldap_protos.h"
+#endif
+
+#include "libads/kerberos_proto.h"
#endif /* _INCLUDE_ADS_H_ */
#include "krb5_env.h"
#include "libads/ads_status.h"
-#include "ads.h"
#include "interfaces.h"
#include "trans2.h"
#include "../libcli/util/error.h"
#include "modules/vfs_irixacl.h"
#endif
-#ifdef HAVE_LDAP
-#include "libads/ads_ldap_protos.h"
-#endif
-
/* We need this after proto.h to reference GetTimeOfDay(). */
#include "smbprofile.h"
struct in_addr wins_srv_ip_tag(const char *tag, struct in_addr src_ip);
unsigned wins_srv_count_tag(const char *tag);
-/* The following definitions come from libads/ads_struct.c */
-
-char *ads_build_path(const char *realm, const char *sep, const char *field, int reverse);
-char *ads_build_dn(const char *realm);
-char *ads_build_domain(const char *dn);
-ADS_STRUCT *ads_init(const char *realm,
- const char *workgroup,
- const char *ldap_server);
-bool ads_set_sasl_wrap_flags(ADS_STRUCT *ads, int flags);
-void ads_destroy(ADS_STRUCT **ads);
-
-const char *ads_get_ldap_server_name(ADS_STRUCT *ads);
-
-/* The following definitions come from libads/authdata.c */
-
-NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
- const char *name,
- const char *pass,
- time_t time_offset,
- time_t *expire_time,
- time_t *renew_till_time,
- const char *cache_name,
- bool request_pac,
- bool add_netbios_addr,
- time_t renewable_time,
- const char *impersonate_princ_s,
- struct PAC_LOGON_INFO **logon_info);
-
-/* The following definitions come from libads/disp_sec.c */
-
-void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct security_descriptor *sd);
-
-/* The following definitions come from libads/kerberos.c */
-
-int kerberos_kinit_password_ext(const char *principal,
- const char *password,
- int time_offset,
- time_t *expire_time,
- time_t *renew_till_time,
- const char *cache_name,
- bool request_pac,
- bool add_netbios_addr,
- time_t renewable_time,
- NTSTATUS *ntstatus);
-int ads_kinit_password(ADS_STRUCT *ads);
-int ads_kdestroy(const char *cc_name);
-char* kerberos_standard_des_salt( void );
-bool kerberos_secrets_store_des_salt( const char* salt );
-char* kerberos_secrets_fetch_des_salt( void );
-char *kerberos_get_default_realm_from_ccache( void );
-char *kerberos_get_realm_from_hostname(const char *hostname);
-
-bool kerberos_secrets_store_salting_principal(const char *service,
- int enctype,
- const char *principal);
-int kerberos_kinit_password(const char *principal,
- const char *password,
- int time_offset,
- const char *cache_name);
-bool create_local_private_krb5_conf_for_domain(const char *realm,
- const char *domain,
- const char *sitename,
- struct sockaddr_storage *pss,
- const char *kdc_name);
-
-/* The following definitions come from libads/kerberos_keytab.c */
-
-int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc);
-int ads_keytab_flush(ADS_STRUCT *ads);
-int ads_keytab_create_default(ADS_STRUCT *ads);
-int ads_keytab_list(const char *keytab_name);
-
-/* The following definitions come from libads/kerberos_verify.c */
-
-NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
- const char *realm,
- time_t time_offset,
- const DATA_BLOB *ticket,
- char **principal,
- struct PAC_LOGON_INFO **logon_info,
- DATA_BLOB *ap_rep,
- DATA_BLOB *session_key,
- bool use_replay_cache);
-
-/* The following definitions come from libads/krb5_errs.c */
-
-
-/* The following definitions come from libads/krb5_setpw.c */
-
-ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
- const char *newpw, int time_offset);
-ADS_STATUS kerberos_set_password(const char *kpasswd_server,
- const char *auth_principal, const char *auth_password,
- const char *target_principal, const char *new_password,
- int time_offset);
-ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
- const char *machine_account,
- const char *password);
-
-/* The following definitions come from libads/ldap.c */
-
-bool ads_sitename_match(ADS_STRUCT *ads);
-bool ads_closest_dc(ADS_STRUCT *ads);
-ADS_STATUS ads_connect(ADS_STRUCT *ads);
-ADS_STATUS ads_connect_user_creds(ADS_STRUCT *ads);
-ADS_STATUS ads_connect_gc(ADS_STRUCT *ads);
-void ads_disconnect(ADS_STRUCT *ads);
-ADS_STATUS ads_do_search_all_fn(ADS_STRUCT *ads, const char *bind_path,
- int scope, const char *expr, const char **attrs,
- bool (*fn)(ADS_STRUCT *, char *, void **, void *),
- void *data_area);
-char *ads_parent_dn(const char *dn);
-ADS_MODLIST ads_init_mods(TALLOC_CTX *ctx);
-ADS_STATUS ads_mod_str(TALLOC_CTX *ctx, ADS_MODLIST *mods,
- const char *name, const char *val);
-ADS_STATUS ads_mod_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods,
- const char *name, const char **vals);
-ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods);
-ADS_STATUS ads_gen_add(ADS_STRUCT *ads, const char *new_dn, ADS_MODLIST mods);
-ADS_STATUS ads_del_dn(ADS_STRUCT *ads, char *del_dn);
-char *ads_ou_string(ADS_STRUCT *ads, const char *org_unit);
-char *ads_default_ou_string(ADS_STRUCT *ads, const char *wknguid);
-ADS_STATUS ads_add_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods,
- const char *name, const char **vals);
-uint32 ads_get_kvno(ADS_STRUCT *ads, const char *account_name);
-uint32_t ads_get_machine_kvno(ADS_STRUCT *ads, const char *machine_name);
-ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machine_name);
-ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_name,
- const char *my_fqdn, const char *spn);
-ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name,
- const char *org_unit);
-ADS_STATUS ads_move_machine_acct(ADS_STRUCT *ads, const char *machine_name,
- const char *org_unit, bool *moved);
-int ads_count_replies(ADS_STRUCT *ads, void *res);
-ADS_STATUS ads_USN(ADS_STRUCT *ads, uint32 *usn);
-ADS_STATUS ads_current_time(ADS_STRUCT *ads);
-ADS_STATUS ads_domain_func_level(ADS_STRUCT *ads, uint32 *val);
-ADS_STATUS ads_domain_sid(ADS_STRUCT *ads, struct dom_sid *sid);
-ADS_STATUS ads_site_dn(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char **site_name);
-ADS_STATUS ads_site_dn_for_machine(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char *computer_name, const char **site_dn);
-ADS_STATUS ads_upn_suffixes(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, char ***suffixes, size_t *num_suffixes);
-ADS_STATUS ads_get_joinable_ous(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- char ***ous,
- size_t *num_ous);
-ADS_STATUS ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx,
- const char *extended_dn,
- enum ads_extended_dn_flags flags,
- struct dom_sid *sid);
-char* ads_get_dnshostname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
-char* ads_get_upn( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
-char* ads_get_samaccountname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
-ADS_STATUS ads_join_realm(ADS_STRUCT *ads, const char *machine_name,
- uint32 account_type, const char *org_unit);
-ADS_STATUS ads_leave_realm(ADS_STRUCT *ads, const char *hostname);
-ADS_STATUS ads_find_samaccount(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- const char *samaccountname,
- uint32 *uac_ret,
- const char **dn_ret);
-ADS_STATUS ads_config_path(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- char **config_path);
-const char *ads_get_extended_right_name_by_guid(ADS_STRUCT *ads,
- const char *config_path,
- TALLOC_CTX *mem_ctx,
- const struct GUID *rights_guid);
-ADS_STATUS ads_check_ou_dn(TALLOC_CTX *mem_ctx,
- ADS_STRUCT *ads,
- const char **account_ou);
-
-/* The following definitions come from libads/ldap_printer.c */
-
-ADS_STATUS ads_mod_printer_entry(ADS_STRUCT *ads, char *prt_dn,
- TALLOC_CTX *ctx, const ADS_MODLIST *mods);
-ADS_STATUS ads_add_printer_entry(ADS_STRUCT *ads, char *prt_dn,
- TALLOC_CTX *ctx, ADS_MODLIST *mods);
-WERROR get_remote_printer_publishing_data(struct rpc_pipe_client *cli,
- TALLOC_CTX *mem_ctx,
- ADS_MODLIST *mods,
- const char *printer);
-
-/* The following definitions come from libads/ldap_user.c */
-
-ADS_STATUS ads_add_user_acct(ADS_STRUCT *ads, const char *user,
- const char *container, const char *fullname);
-ADS_STATUS ads_add_group_acct(ADS_STRUCT *ads, const char *group,
- const char *container, const char *comment);
-
-/* The following definitions come from libads/ldap_utils.c */
-
-ADS_STATUS ads_ranged_search(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- int scope,
- const char *base,
- const char *filter,
- void *args,
- const char *range_attr,
- char ***strings,
- size_t *num_strings);
-ADS_STATUS ads_ranged_search_internal(ADS_STRUCT *ads,
- TALLOC_CTX *mem_ctx,
- int scope,
- const char *base,
- const char *filter,
- const char **attrs,
- void *args,
- const char *range_attr,
- char ***strings,
- size_t *num_strings,
- uint32 *first_usn,
- int *num_retries,
- bool *more_values);
-
-/* The following definitions come from libads/ndr.c */
-
-void ndr_print_ads_auth_flags(struct ndr_print *ndr, const char *name, uint32_t r);
-void ndr_print_ads_struct(struct ndr_print *ndr, const char *name, const struct ads_struct *r);
-
-/* The following definitions come from libads/sasl.c */
-
-ADS_STATUS ads_sasl_bind(ADS_STRUCT *ads);
-
-/* The following definitions come from libads/sasl_wrapping.c */
-
-ADS_STATUS ads_setup_sasl_wrapping(ADS_STRUCT *ads,
- const struct ads_saslwrap_ops *ops,
- void *private_data);
-ADS_STATUS ads_setup_sasl_wrapping(ADS_STRUCT *ads,
- const struct ads_saslwrap_ops *ops,
- void *private_data);
-
-/* The following definitions come from libads/util.c */
-
-ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_principal);
-ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads,
- char **returned_principal);
-
/* The following definitions come from librpc/ndr/util.c */
enum ndr_err_code ndr_push_server_id(struct ndr_push *ndr, int ndr_flags, const struct server_id *r);
#define KRB5_PRIVATE 1 /* this file uses PRIVATE interfaces! */
/* this file uses DEPRECATED interfaces! */
+#define ADS_IGNORE_PRINCIPAL "not_defined_in_RFC4178@please_ignore"
+
#if defined(HAVE_KRB5_DEPRECATED_WITH_IDENTIFIER)
#define KRB5_DEPRECATED 1
#else
#define LDAP_CONNECTION_DEFAULT_TIMEOUT 2
#define LDAP_PAGE_SIZE 1024
+#ifndef LDAP_OPT_SUCCESS
+#define LDAP_OPT_SUCCESS 0
+#endif
+
+#define ADS_PAGE_CTL_OID "1.2.840.113556.1.4.319"
+
#endif /* _SMBLDAP_H */
*/
#include "includes.h"
-
+#include "ads.h"
#include "librpc/gen_ndr/libnetapi.h"
#include "lib/netapi/netapi.h"
#include "lib/netapi/netapi_private.h"
#include "includes.h"
#include "smbldap.h"
-#ifndef LDAP_OPT_SUCCESS
-#define LDAP_OPT_SUCCESS 0
-#endif
-
/* Try not to hit the up or down server forever */
#define SMBLDAP_DONT_PING_TIME 10 /* ping only all 10 seconds */
--- /dev/null
+/* The following definitions come from libads/ads_struct.c */
+
+char *ads_build_path(const char *realm, const char *sep, const char *field, int reverse);
+char *ads_build_dn(const char *realm);
+char *ads_build_domain(const char *dn);
+ADS_STRUCT *ads_init(const char *realm,
+ const char *workgroup,
+ const char *ldap_server);
+bool ads_set_sasl_wrap_flags(ADS_STRUCT *ads, int flags);
+void ads_destroy(ADS_STRUCT **ads);
+
+const char *ads_get_ldap_server_name(ADS_STRUCT *ads);
+
+/* The following definitions come from libads/disp_sec.c */
+
+void ads_disp_sd(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct security_descriptor *sd);
+
+/* The following definitions come from libads/kerberos_keytab.c */
+
+int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc);
+int ads_keytab_flush(ADS_STRUCT *ads);
+int ads_keytab_create_default(ADS_STRUCT *ads);
+int ads_keytab_list(const char *keytab_name);
+
+/* The following definitions come from libads/krb5_errs.c */
+
+/* The following definitions come from libads/kerberos_util.c */
+
+ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
+ const char *machine_account,
+ const char *password);
+int ads_kinit_password(ADS_STRUCT *ads);
+
+/* The following definitions come from libads/ldap.c */
+
+bool ads_sitename_match(ADS_STRUCT *ads);
+bool ads_closest_dc(ADS_STRUCT *ads);
+ADS_STATUS ads_connect(ADS_STRUCT *ads);
+ADS_STATUS ads_connect_user_creds(ADS_STRUCT *ads);
+ADS_STATUS ads_connect_gc(ADS_STRUCT *ads);
+void ads_disconnect(ADS_STRUCT *ads);
+ADS_STATUS ads_do_search_all_fn(ADS_STRUCT *ads, const char *bind_path,
+ int scope, const char *expr, const char **attrs,
+ bool (*fn)(ADS_STRUCT *, char *, void **, void *),
+ void *data_area);
+char *ads_parent_dn(const char *dn);
+ADS_MODLIST ads_init_mods(TALLOC_CTX *ctx);
+ADS_STATUS ads_mod_str(TALLOC_CTX *ctx, ADS_MODLIST *mods,
+ const char *name, const char *val);
+ADS_STATUS ads_mod_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods,
+ const char *name, const char **vals);
+ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods);
+ADS_STATUS ads_gen_add(ADS_STRUCT *ads, const char *new_dn, ADS_MODLIST mods);
+ADS_STATUS ads_del_dn(ADS_STRUCT *ads, char *del_dn);
+char *ads_ou_string(ADS_STRUCT *ads, const char *org_unit);
+char *ads_default_ou_string(ADS_STRUCT *ads, const char *wknguid);
+ADS_STATUS ads_add_strlist(TALLOC_CTX *ctx, ADS_MODLIST *mods,
+ const char *name, const char **vals);
+uint32 ads_get_kvno(ADS_STRUCT *ads, const char *account_name);
+uint32_t ads_get_machine_kvno(ADS_STRUCT *ads, const char *machine_name);
+ADS_STATUS ads_clear_service_principal_names(ADS_STRUCT *ads, const char *machine_name);
+ADS_STATUS ads_add_service_principal_name(ADS_STRUCT *ads, const char *machine_name,
+ const char *my_fqdn, const char *spn);
+ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads, const char *machine_name,
+ const char *org_unit);
+ADS_STATUS ads_move_machine_acct(ADS_STRUCT *ads, const char *machine_name,
+ const char *org_unit, bool *moved);
+int ads_count_replies(ADS_STRUCT *ads, void *res);
+ADS_STATUS ads_USN(ADS_STRUCT *ads, uint32 *usn);
+ADS_STATUS ads_current_time(ADS_STRUCT *ads);
+ADS_STATUS ads_domain_func_level(ADS_STRUCT *ads, uint32 *val);
+ADS_STATUS ads_domain_sid(ADS_STRUCT *ads, struct dom_sid *sid);
+ADS_STATUS ads_site_dn(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char **site_name);
+ADS_STATUS ads_site_dn_for_machine(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, const char *computer_name, const char **site_dn);
+ADS_STATUS ads_upn_suffixes(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, char ***suffixes, size_t *num_suffixes);
+ADS_STATUS ads_get_joinable_ous(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ char ***ous,
+ size_t *num_ous);
+ADS_STATUS ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx,
+ const char *extended_dn,
+ enum ads_extended_dn_flags flags,
+ struct dom_sid *sid);
+char* ads_get_dnshostname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
+char* ads_get_upn( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
+char* ads_get_samaccountname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name );
+ADS_STATUS ads_join_realm(ADS_STRUCT *ads, const char *machine_name,
+ uint32 account_type, const char *org_unit);
+ADS_STATUS ads_leave_realm(ADS_STRUCT *ads, const char *hostname);
+ADS_STATUS ads_find_samaccount(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ const char *samaccountname,
+ uint32 *uac_ret,
+ const char **dn_ret);
+ADS_STATUS ads_config_path(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ char **config_path);
+const char *ads_get_extended_right_name_by_guid(ADS_STRUCT *ads,
+ const char *config_path,
+ TALLOC_CTX *mem_ctx,
+ const struct GUID *rights_guid);
+ADS_STATUS ads_check_ou_dn(TALLOC_CTX *mem_ctx,
+ ADS_STRUCT *ads,
+ const char **account_ou);
+
+/* The following definitions come from libads/ldap_printer.c */
+
+ADS_STATUS ads_mod_printer_entry(ADS_STRUCT *ads, char *prt_dn,
+ TALLOC_CTX *ctx, const ADS_MODLIST *mods);
+ADS_STATUS ads_add_printer_entry(ADS_STRUCT *ads, char *prt_dn,
+ TALLOC_CTX *ctx, ADS_MODLIST *mods);
+WERROR get_remote_printer_publishing_data(struct rpc_pipe_client *cli,
+ TALLOC_CTX *mem_ctx,
+ ADS_MODLIST *mods,
+ const char *printer);
+
+/* The following definitions come from libads/ldap_user.c */
+
+ADS_STATUS ads_add_user_acct(ADS_STRUCT *ads, const char *user,
+ const char *container, const char *fullname);
+ADS_STATUS ads_add_group_acct(ADS_STRUCT *ads, const char *group,
+ const char *container, const char *comment);
+
+/* The following definitions come from libads/ldap_utils.c */
+
+ADS_STATUS ads_ranged_search(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ int scope,
+ const char *base,
+ const char *filter,
+ void *args,
+ const char *range_attr,
+ char ***strings,
+ size_t *num_strings);
+ADS_STATUS ads_ranged_search_internal(ADS_STRUCT *ads,
+ TALLOC_CTX *mem_ctx,
+ int scope,
+ const char *base,
+ const char *filter,
+ const char **attrs,
+ void *args,
+ const char *range_attr,
+ char ***strings,
+ size_t *num_strings,
+ uint32 *first_usn,
+ int *num_retries,
+ bool *more_values);
+
+/* The following definitions come from libads/ndr.c */
+
+void ndr_print_ads_auth_flags(struct ndr_print *ndr, const char *name, uint32_t r);
+void ndr_print_ads_struct(struct ndr_print *ndr, const char *name, const struct ads_struct *r);
+
+/* The following definitions come from libads/sasl.c */
+
+ADS_STATUS ads_sasl_bind(ADS_STRUCT *ads);
+
+/* The following definitions come from libads/sasl_wrapping.c */
+
+ADS_STATUS ads_setup_sasl_wrapping(ADS_STRUCT *ads,
+ const struct ads_saslwrap_ops *ops,
+ void *private_data);
+ADS_STATUS ads_setup_sasl_wrapping(ADS_STRUCT *ads,
+ const struct ads_saslwrap_ops *ops,
+ void *private_data);
+
+/* The following definitions come from libads/util.c */
+
+ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_principal);
+ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads,
+ char **returned_principal);
*/
#include "includes.h"
+#include "ads.h"
/* return a ldap dn path from a string, given separators and field name
caller must free
*/
#include "includes.h"
+#include "ads.h"
const char *ads_get_ldap_server_name(ADS_STRUCT *ads)
{
#include "includes.h"
#include "librpc/gen_ndr/ndr_krb5pac.h"
#include "smb_krb5.h"
+#include "libads/kerberos_proto.h"
#ifdef HAVE_KRB5
*/
#include "includes.h"
+#include "ads.h"
#include "libads/ldap_schema.h"
/* for ADS */
#include "includes.h"
#include "smb_krb5.h"
#include "../librpc/gen_ndr/ndr_misc.h"
+#include "libads/kerberos_proto.h"
#ifdef HAVE_KRB5
return code;
}
-
-
-/* run kinit to setup our ccache */
-int ads_kinit_password(ADS_STRUCT *ads)
-{
- char *s;
- int ret;
- const char *account_name;
- fstring acct_name;
-
- if (ads->auth.flags & ADS_AUTH_USER_CREDS) {
- account_name = ads->auth.user_name;
- goto got_accountname;
- }
-
- if ( IS_DC ) {
- /* this will end up getting a ticket for DOMAIN@RUSTED.REA.LM */
- account_name = lp_workgroup();
- } else {
- /* always use the sAMAccountName for security = domain */
- /* global_myname()$@REA.LM */
- if ( lp_security() == SEC_DOMAIN ) {
- fstr_sprintf( acct_name, "%s$", global_myname() );
- account_name = acct_name;
- }
- else
- /* This looks like host/global_myname()@REA.LM */
- account_name = ads->auth.user_name;
- }
-
- got_accountname:
- if (asprintf(&s, "%s@%s", account_name, ads->auth.realm) == -1) {
- return KRB5_CC_NOMEM;
- }
-
- if (!ads->auth.password) {
- SAFE_FREE(s);
- return KRB5_LIBOS_CANTREADPWD;
- }
-
- ret = kerberos_kinit_password_ext(s, ads->auth.password, ads->auth.time_offset,
- &ads->auth.tgt_expire, NULL, NULL, False, False, ads->auth.renewable,
- NULL);
-
- if (ret) {
- DEBUG(0,("kerberos_kinit_password %s failed: %s\n",
- s, error_message(ret)));
- }
- SAFE_FREE(s);
- return ret;
-}
-
int ads_kdestroy(const char *cc_name)
{
krb5_error_code code;
#include "includes.h"
#include "smb_krb5.h"
+#include "ads.h"
#ifdef HAVE_KRB5
--- /dev/null
+/* The following definitions come from libads/kerberos_verify.c */
+
+NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
+ const char *realm,
+ time_t time_offset,
+ const DATA_BLOB *ticket,
+ char **principal,
+ struct PAC_LOGON_INFO **logon_info,
+ DATA_BLOB *ap_rep,
+ DATA_BLOB *session_key,
+ bool use_replay_cache);
+
+/* The following definitions come from libads/kerberos.c */
+
+int kerberos_kinit_password_ext(const char *principal,
+ const char *password,
+ int time_offset,
+ time_t *expire_time,
+ time_t *renew_till_time,
+ const char *cache_name,
+ bool request_pac,
+ bool add_netbios_addr,
+ time_t renewable_time,
+ NTSTATUS *ntstatus);
+int ads_kdestroy(const char *cc_name);
+char* kerberos_standard_des_salt( void );
+bool kerberos_secrets_store_des_salt( const char* salt );
+char* kerberos_secrets_fetch_des_salt( void );
+char *kerberos_get_default_realm_from_ccache( void );
+char *kerberos_get_realm_from_hostname(const char *hostname);
+
+bool kerberos_secrets_store_salting_principal(const char *service,
+ int enctype,
+ const char *principal);
+int kerberos_kinit_password(const char *principal,
+ const char *password,
+ int time_offset,
+ const char *cache_name);
+bool create_local_private_krb5_conf_for_domain(const char *realm,
+ const char *domain,
+ const char *sitename,
+ struct sockaddr_storage *pss,
+ const char *kdc_name);
+
+/* The following definitions come from libads/authdata.c */
+
+NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
+ const char *name,
+ const char *pass,
+ time_t time_offset,
+ time_t *expire_time,
+ time_t *renew_till_time,
+ const char *cache_name,
+ bool request_pac,
+ bool add_netbios_addr,
+ time_t renewable_time,
+ const char *impersonate_princ_s,
+ struct PAC_LOGON_INFO **logon_info);
+
+/* The following definitions come from libads/krb5_setpw.c */
+
+ADS_STATUS ads_krb5_set_password(const char *kdc_host, const char *princ,
+ const char *newpw, int time_offset);
+ADS_STATUS kerberos_set_password(const char *kpasswd_server,
+ const char *auth_principal, const char *auth_password,
+ const char *target_principal, const char *new_password,
+ int time_offset);
--- /dev/null
+/*
+ Unix SMB/CIFS implementation.
+ krb5 set password implementation
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Remus Koos 2001 (remuskoos@yahoo.com)
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "smb_krb5.h"
+#include "ads.h"
+
+#ifdef HAVE_KRB5
+
+/**
+ * Set the machine account password
+ * @param ads connection to ads server
+ * @param hostname machine whose password is being set
+ * @param password new password
+ * @return status of password change
+ **/
+ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
+ const char *machine_account,
+ const char *password)
+{
+ ADS_STATUS status;
+ char *principal = NULL;
+
+ /*
+ we need to use the '$' form of the name here (the machine account name),
+ as otherwise the server might end up setting the password for a user
+ instead
+ */
+ if (asprintf(&principal, "%s@%s", machine_account, ads->config.realm) < 0) {
+ return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
+ }
+
+ status = ads_krb5_set_password(ads->auth.kdc_server, principal,
+ password, ads->auth.time_offset);
+
+ SAFE_FREE(principal);
+ return status;
+}
+
+/* run kinit to setup our ccache */
+int ads_kinit_password(ADS_STRUCT *ads)
+{
+ char *s;
+ int ret;
+ const char *account_name;
+ fstring acct_name;
+
+ if (ads->auth.flags & ADS_AUTH_USER_CREDS) {
+ account_name = ads->auth.user_name;
+ goto got_accountname;
+ }
+
+ if ( IS_DC ) {
+ /* this will end up getting a ticket for DOMAIN@RUSTED.REA.LM */
+ account_name = lp_workgroup();
+ } else {
+ /* always use the sAMAccountName for security = domain */
+ /* global_myname()$@REA.LM */
+ if ( lp_security() == SEC_DOMAIN ) {
+ fstr_sprintf( acct_name, "%s$", global_myname() );
+ account_name = acct_name;
+ }
+ else
+ /* This looks like host/global_myname()@REA.LM */
+ account_name = ads->auth.user_name;
+ }
+
+ got_accountname:
+ if (asprintf(&s, "%s@%s", account_name, ads->auth.realm) == -1) {
+ return KRB5_CC_NOMEM;
+ }
+
+ if (!ads->auth.password) {
+ SAFE_FREE(s);
+ return KRB5_LIBOS_CANTREADPWD;
+ }
+
+ ret = kerberos_kinit_password_ext(s, ads->auth.password, ads->auth.time_offset,
+ &ads->auth.tgt_expire, NULL, NULL, False, False, ads->auth.renewable,
+ NULL);
+
+ if (ret) {
+ DEBUG(0,("kerberos_kinit_password %s failed: %s\n",
+ s, error_message(ret)));
+ }
+ SAFE_FREE(s);
+ return ret;
+}
+
+#endif
#include "includes.h"
#include "smb_krb5.h"
+#include "libads/kerberos_proto.h"
#ifdef HAVE_KRB5
#include "includes.h"
#include "smb_krb5.h"
+#include "libads/kerberos_proto.h"
#ifdef HAVE_KRB5
new_password, time_offset);
}
-
-/**
- * Set the machine account password
- * @param ads connection to ads server
- * @param hostname machine whose password is being set
- * @param password new password
- * @return status of password change
- **/
-ADS_STATUS ads_set_machine_password(ADS_STRUCT *ads,
- const char *machine_account,
- const char *password)
-{
- ADS_STATUS status;
- char *principal = NULL;
-
- /*
- we need to use the '$' form of the name here (the machine account name),
- as otherwise the server might end up setting the password for a user
- instead
- */
- if (asprintf(&principal, "%s@%s", machine_account, ads->config.realm) < 0) {
- return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
- }
-
- status = ads_krb5_set_password(ads->auth.kdc_server, principal,
- password, ads->auth.time_offset);
-
- SAFE_FREE(principal);
- return status;
-}
#endif
*/
#include "includes.h"
+#include "ads.h"
#include "libads/sitename_cache.h"
#include "libads/cldap.h"
#include "libads/dns.h"
*/
#include "includes.h"
+#include "ads.h"
#include "../librpc/gen_ndr/cli_spoolss.h"
#include "rpc_client/cli_spoolss.h"
#include "registry.h"
*/
#include "includes.h"
+#include "ads.h"
#include "libads/ldap_schema.h"
#ifdef HAVE_LDAP
*/
#include "includes.h"
+#include "ads.h"
#include "../libds/common/flags.h"
#ifdef HAVE_ADS
*/
#include "includes.h"
+#include "ads.h"
#ifdef HAVE_LDAP
/*
*/
#include "includes.h"
+#include "ads.h"
#include "../librpc/gen_ndr/ndr_netlogon.h"
void ndr_print_ads_auth_flags(struct ndr_print *ndr, const char *name, uint32_t r)
#include "includes.h"
#include "../libcli/auth/spnego.h"
#include "../libcli/auth/ntlmssp.h"
+#include "ads.h"
+#include "smb_krb5.h"
#ifdef HAVE_LDAP
*/
#include "includes.h"
+#include "ads.h"
#ifdef HAVE_LDAP_SASL_WRAPPING
*/
#include "includes.h"
+#include "ads.h"
#ifdef HAVE_KRB5
*/
#include "includes.h"
+#include "ads.h"
#include "librpc/gen_ndr/ndr_libnet_join.h"
#include "libnet/libnet_join.h"
#include "libcli/auth/libcli_auth.h"
#include "../libcli/auth/spnego.h"
#include "smb_krb5.h"
#include "../libcli/auth/ntlmssp.h"
+#include "libads/kerberos_proto.h"
static const struct {
int prot;
#include "includes.h"
#include "libads/sitename_cache.h"
+#include "ads.h"
/**********************************************************************
Is this our primary domain ?
#include "lib/smbconf/smbconf_init.h"
#include "lib/smbconf/smbconf_reg.h"
+#include "ads.h"
+
#ifdef HAVE_SYS_SYSCTL_H
#include <sys/sysctl.h>
#endif
#include "../libcli/auth/ntlmssp.h"
#include "ntlmssp_wrap.h"
#include "librpc/gen_ndr/messaging.h"
+#include "libads/kerberos_proto.h"
/* For split krb5 SPNEGO blobs. */
struct pending_auth_data {
#include "../libcli/auth/spnego.h"
#include "../libcli/auth/ntlmssp.h"
#include "ntlmssp_wrap.h"
+#include "libads/kerberos_proto.h"
static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *smb2req,
uint64_t in_session_id,
#include "librpc/gen_ndr/ndr_krb5pac.h"
#include "../librpc/gen_ndr/cli_spoolss.h"
#include "nsswitch/libwbclient/wbclient.h"
+#include "ads.h"
#include "libads/cldap.h"
#include "libads/dns.h"
#include "../libds/common/flags.h"
-#include "ads.h"
#include "librpc/gen_ndr/libnet_join.h"
#include "libnet/libnet_join.h"
#include "smb_krb5.h"
#include "includes.h"
#include "utils/net.h"
+#include "ads.h"
#include "../libgpo/gpo.h"
#include "libgpo/gpo_proto.h"
#include "../libds/common/flags.h"
enum netr_SchannelType get_sec_channel_type(const char *param);
/* The following definitions come from utils/net_ads.c */
-
-ADS_STATUS ads_startup(struct net_context *c, bool only_own_domain, ADS_STRUCT **ads);
-ADS_STATUS ads_startup_nobind(struct net_context *c, bool only_own_domain, ADS_STRUCT **ads);
+struct ads_struct;
+ADS_STATUS ads_startup(struct net_context *c, bool only_own_domain, struct ads_struct **ads);
+ADS_STATUS ads_startup_nobind(struct net_context *c, bool only_own_domain, struct ads_struct **ads);
int net_ads_check_our_domain(struct net_context *c);
int net_ads_check(struct net_context *c);
int net_ads_user(struct net_context *c, int argc, const char **argv);
#include "smb_krb5.h"
#include <iniparser.h>
#include "../lib/crypto/arcfour.h"
+#include "libads/kerberos_proto.h"
#ifndef PAM_WINBIND_CONFIG_FILE
#define PAM_WINBIND_CONFIG_FILE "/etc/security/pam_winbind.conf"
#include "includes.h"
#include "winbindd.h"
#include "../libds/common/flags.h"
+#include "ads.h"
#include "libads/ldap_schema.h"
#include "nss_info.h"
*/
#include "includes.h"
+#include "ads.h"
#include "idmap_adex.h"
#include "../libds/common/flags.h"
*/
#include "includes.h"
+#include "ads.h"
#include "idmap_adex.h"
#undef DBGC_CLASS
*/
#include "includes.h"
+#include "ads.h"
#include "idmap_adex.h"
#include "libads/cldap.h"
*/
#include "includes.h"
+#include "ads.h"
#include "idmap_adex.h"
#include "nss_info.h"
*/
#include "includes.h"
+#include "ads.h"
#include "idmap_adex.h"
#undef DBGC_CLASS
*/
#include "includes.h"
+#include "ads.h"
#include "idmap_adex.h"
#undef DBGC_CLASS
#include "includes.h"
#include "winbindd/winbindd.h"
#include "idmap_hash.h"
+#include "ads.h"
#include "nss_info.h"
#undef DBGC_CLASS
*/
#include "includes.h"
+#include "ads.h"
#include "nss_info.h"
static struct nss_function_entry *backends = NULL;
*/
#include "includes.h"
+#include "ads.h"
#include "nss_info.h"
/************************************************************************
#include "winbindd.h"
#include "../librpc/gen_ndr/cli_netlogon.h"
#include "../libds/common/flags.h"
+#include "ads.h"
#ifdef HAVE_ADS
#include "tdb_validate.h"
#include "../libcli/auth/libcli_auth.h"
#include "../librpc/gen_ndr/ndr_wbint.h"
+#include "ads.h"
#include "nss_info.h"
#undef DBGC_CLASS
#include "libads/sitename_cache.h"
#include "librpc/gen_ndr/messaging.h"
#include "libsmb/clidgram.h"
+#include "ads.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
#include "winbindd.h"
#include "../libcli/auth/libcli_auth.h"
#include "smb_krb5.h"
+#include "libads/kerberos_proto.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
#include "smb_krb5.h"
#include "../lib/crypto/arcfour.h"
#include "../libcli/security/dom_sid.h"
+#include "ads.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
bool wcache_tdc_add_domain( struct winbindd_domain *domain );
struct winbindd_tdc_domain * wcache_tdc_fetch_domain( TALLOC_CTX *ctx, const char *name );
void wcache_tdc_clear( void );
+struct ads_struct;
NTSTATUS nss_get_info_cached( struct winbindd_domain *domain,
const struct dom_sid *user_sid,
TALLOC_CTX *ctx,
- ADS_STRUCT *ads, LDAPMessage *msg,
+ struct ads_struct *ads, LDAPMessage *msg,
const char **homedir, const char **shell,
const char **gecos, gid_t *p_gid);
bool wcache_store_seqnum(const char *domain_name, uint32_t seqnum,
LIBADS_SRC = '''libads/ldap.c libads/ldap_printer.c
libads/sasl.c libads/sasl_wrapping.c
- libads/krb5_setpw.c libads/ldap_user.c
+ libads/krb5_setpw.c
+ libads/kerberos_util.c
+ libads/ldap_user.c
libads/ads_struct.c libads/kerberos_keytab.c
libads/disp_sec.c libads/ads_utils.c libads/ldap_utils.c
libads/ldap_schema.c libads/util.c libads/ndr.c'''
git.samba.org / anatoliy / anatoliy.git / commitdiff