2025-01-03 01:18:10 +03:00 · 2009-03-01 16:25:57 +01:00 · 2009-03-01 16:25:57 +01:00 · 248554370a
commit 248554370a
parent c441b7dda8
10 changed files with 245 additions and 182 deletions
--- a/libgpo/config.mk
+++ b/libgpo/config.mk
@ -1,4 +1,6 @@
 [SUBSYSTEM::LIBGPO]
+PRIVATE_DEPENDENCIES = LIBLDB LIBSAMBA-NET

 LIBGPO_OBJ_FILES = ../libgpo/gpo_util.o ../libgpo/gpo_sec.o \
-				   ../libgpo/gpext/gpext.o ../libgpo/gpo_fetch.o
+				   ../libgpo/gpext/gpext.o ../libgpo/gpo_fetch.o \
+			$(libgpodir)/ads_convenience.o
--- a/libgpo/gpext/gpext.h
+++ b/libgpo/gpext/gpext.h
@ -83,4 +83,44 @@ struct gp_extension_methods {
 	NTSTATUS (*shutdown)(void);
 };

+/* The following definitions come from libgpo/gpext/gpext.c  */
+
+struct gp_extension *get_gp_extension_list(void);
+NTSTATUS unregister_gp_extension(const char *name);
+NTSTATUS register_gp_extension(TALLOC_CTX *gpext_ctx,
+			       int version,
+			       const char *name,
+			       const char *guid,
+			       struct gp_extension_methods *methods);
+NTSTATUS gp_ext_info_add_entry(TALLOC_CTX *mem_ctx,
+			       const char *module,
+			       const char *ext_guid,
+			       struct gp_extension_reg_table *table,
+			       struct gp_extension_reg_info *info);
+NTSTATUS shutdown_gp_extensions(void);
+NTSTATUS init_gp_extensions(TALLOC_CTX *mem_ctx);
+NTSTATUS free_gp_extensions(void);
+void debug_gpext_header(int lvl,
+			const char *name,
+			uint32_t flags,
+			struct GROUP_POLICY_OBJECT *gpo,
+			const char *extension_guid,
+			const char *snapin_guid);
+NTSTATUS process_gpo_list_with_extension(ADS_STRUCT *ads,
+			   TALLOC_CTX *mem_ctx,
+			   uint32_t flags,
+			   const struct nt_user_token *token,
+			   struct GROUP_POLICY_OBJECT *gpo_list,
+			   const char *extension_guid,
+			   const char *snapin_guid);
+NTSTATUS gpext_process_extension(ADS_STRUCT *ads,
+				 TALLOC_CTX *mem_ctx,
+				 uint32_t flags,
+				 const struct nt_user_token *token,
+				 struct registry_key *root_key,
+				 struct GROUP_POLICY_OBJECT *gpo,
+				 const char *extension_guid,
+				 const char *snapin_guid);
+
+
 #endif /* __GPEXT_H__ */
--- a/libgpo/gpo.h
+++ b/libgpo/gpo.h
@ -20,6 +20,10 @@
 #ifndef __GPO_H__
 #define __GPO_H__

+#if _SAMBA_BUILD_ == 4
+#include "source4/libgpo/ads_convenience.h"
+#endif
+
 enum GPO_LINK_TYPE {
 	GP_LINK_UNKOWN	= 0,
 	GP_LINK_MACHINE	= 1,
@ -160,6 +164,116 @@ struct gp_registry_context {
 #define ADS_EXTENDED_RIGHT_APPLY_GROUP_POLICY "edacfd8f-ffb3-11d1-b41d-00a0c968f939"


+struct cli_state;
+
+/* The following definitions come from libgpo/gpo_fetch.c  */
+
+NTSTATUS gpo_explode_filesyspath(TALLOC_CTX *mem_ctx,
+				 const char *file_sys_path,
+				 char **server,
+				 char **service,
+				 char **nt_path,
+				 char **unix_path);
+NTSTATUS gpo_fetch_files(TALLOC_CTX *mem_ctx,
+			 struct cli_state *cli,
+			 struct GROUP_POLICY_OBJECT *gpo);
+NTSTATUS gpo_get_sysvol_gpt_version(TALLOC_CTX *mem_ctx,
+				    const char *unix_path,
+				    uint32_t *sysvol_version,
+				    char **display_name);
+
+/* The following definitions come from libgpo/gpo_ldap.c  */
+
+bool ads_parse_gp_ext(TALLOC_CTX *mem_ctx,
+		      const char *extension_raw,
+		      struct GP_EXT **gp_ext);
+ADS_STATUS ads_get_gpo_link(ADS_STRUCT *ads,
+			    TALLOC_CTX *mem_ctx,
+			    const char *link_dn,
+			    struct GP_LINK *gp_link_struct);
+ADS_STATUS ads_add_gpo_link(ADS_STRUCT *ads,
+			    TALLOC_CTX *mem_ctx,
+			    const char *link_dn,
+			    const char *gpo_dn,
+			    uint32_t gpo_opt);
+ADS_STATUS ads_delete_gpo_link(ADS_STRUCT *ads,
+			       TALLOC_CTX *mem_ctx,
+			       const char *link_dn,
+			       const char *gpo_dn);
+ADS_STATUS ads_get_gpo(ADS_STRUCT *ads,
+		       TALLOC_CTX *mem_ctx,
+		       const char *gpo_dn,
+		       const char *display_name,
+		       const char *guid_name,
+		       struct GROUP_POLICY_OBJECT *gpo);
+ADS_STATUS ads_get_sid_token(ADS_STRUCT *ads,
+			     TALLOC_CTX *mem_ctx,
+			     const char *dn,
+			     struct nt_user_token **token);
+ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
+			    TALLOC_CTX *mem_ctx,
+			    const char *dn,
+			    uint32_t flags,
+			    const struct nt_user_token *token,
+			    struct GROUP_POLICY_OBJECT **gpo_list);
+
+/* The following definitions come from libgpo/gpo_sec.c  */
+
+NTSTATUS gpo_apply_security_filtering(const struct GROUP_POLICY_OBJECT *gpo,
+				      const struct nt_user_token *token);
+
+/* The following definitions come from libgpo/gpo_util.c  */
+
+const char *cse_gpo_guid_string_to_name(const char *guid);
+const char *cse_gpo_name_to_guid_string(const char *name);
+const char *cse_snapin_gpo_guid_string_to_name(const char *guid);
+void dump_gp_ext(struct GP_EXT *gp_ext, int debuglevel);
+void dump_gpo(ADS_STRUCT *ads,
+	      TALLOC_CTX *mem_ctx,
+	      struct GROUP_POLICY_OBJECT *gpo,
+	      int debuglevel);
+void dump_gpo_list(ADS_STRUCT *ads,
+		   TALLOC_CTX *mem_ctx,
+		   struct GROUP_POLICY_OBJECT *gpo_list,
+		   int debuglevel);
+void dump_gplink(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GP_LINK *gp_link);
+ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads,
+			     TALLOC_CTX *mem_ctx,
+			     const struct nt_user_token *token,
+			     struct registry_key *root_key,
+			     struct GROUP_POLICY_OBJECT *gpo,
+			     const char *extension_guid_filter,
+			     uint32_t flags);
+ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
+				TALLOC_CTX *mem_ctx,
+				const struct nt_user_token *token,
+				struct GROUP_POLICY_OBJECT *gpo_list,
+				const char *extensions_guid_filter,
+				uint32_t flags);
+NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
+			   TALLOC_CTX *mem_ctx,
+			   uint32_t flags,
+			   struct GROUP_POLICY_OBJECT *gpo,
+			   struct cli_state **cli_out);
+NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads,
+				TALLOC_CTX *mem_ctx,
+				uint32_t flags,
+				struct GROUP_POLICY_OBJECT *gpo_list);
+NTSTATUS gpo_get_unix_path(TALLOC_CTX *mem_ctx,
+			   struct GROUP_POLICY_OBJECT *gpo,
+			   char **unix_path);
+char *gpo_flag_str(uint32_t flags);
+NTSTATUS gp_find_file(TALLOC_CTX *mem_ctx,
+		      uint32_t flags,
+		      const char *filename,
+		      const char *suffix,
+		      const char **filename_out);
+ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads,
+				TALLOC_CTX *mem_ctx,
+				const char *dn,
+				struct nt_user_token **token);
+
+
 #include "../libgpo/gpext/gpext.h"

 #endif
--- a/libgpo/gpo_ldap.c
+++ b/libgpo/gpo_ldap.c
@ -19,6 +19,7 @@

 #include "includes.h"
 #if _SAMBA_BUILD_ == 4
+#include "libgpo/gpo.h"
 #include "source4/libgpo/ads_convenience.h"
 #endif

@ -42,12 +43,12 @@ bool ads_parse_gp_ext(TALLOC_CTX *mem_ctx,

 	DEBUG(20,("ads_parse_gp_ext: %s\n", extension_raw));

-	ext = TALLOC_ZERO_P(mem_ctx, struct GP_EXT);
+	ext = talloc_zero(mem_ctx, struct GP_EXT);
 	if (!ext) {
 		goto parse_error;
 	}

-	ext_list = str_list_make_v3(mem_ctx, extension_raw, "]");
+	ext_list = str_list_make(mem_ctx, extension_raw, "]");
 	if (!ext_list) {
 		goto parse_error;
 	}
@ -59,13 +60,13 @@ bool ads_parse_gp_ext(TALLOC_CTX *mem_ctx,
 	ext->num_exts = i;

 	if (ext->num_exts) {
-		ext->extensions 	= TALLOC_ZERO_ARRAY(mem_ctx, char *,
+		ext->extensions 	= talloc_zero_array(mem_ctx, char *,
 							    ext->num_exts);
-		ext->extensions_guid	= TALLOC_ZERO_ARRAY(mem_ctx, char *,
+		ext->extensions_guid	= talloc_zero_array(mem_ctx, char *,
 							    ext->num_exts);
-		ext->snapins		= TALLOC_ZERO_ARRAY(mem_ctx, char *,
+		ext->snapins		= talloc_zero_array(mem_ctx, char *,
 							    ext->num_exts);
-		ext->snapins_guid	= TALLOC_ZERO_ARRAY(mem_ctx, char *,
+		ext->snapins_guid	= talloc_zero_array(mem_ctx, char *,
 							    ext->num_exts);
 	}

@ -90,7 +91,7 @@ bool ads_parse_gp_ext(TALLOC_CTX *mem_ctx,
 			p++;
 		}

-		ext_strings = str_list_make_v3(mem_ctx, p, "}");
+		ext_strings = str_list_make(mem_ctx, p, "}");
 		if (ext_strings == NULL) {
 			goto parse_error;
 		}
@ -140,8 +141,8 @@ bool ads_parse_gp_ext(TALLOC_CTX *mem_ctx,
 	ret = true;

 parse_error:
-	TALLOC_FREE(ext_list);
-	TALLOC_FREE(ext_strings);
+	talloc_free(ext_list);
+	talloc_free(ext_strings);

 	return ret;
 }
@ -178,9 +179,9 @@ static ADS_STATUS gpo_parse_gplink(TALLOC_CTX *mem_ctx,
 	gp_link->num_links = i;

 	if (gp_link->num_links) {
-		gp_link->link_names = TALLOC_ZERO_ARRAY(mem_ctx, char *,
+		gp_link->link_names = talloc_zero_array(mem_ctx, char *,
 							gp_link->num_links);
-		gp_link->link_opts = TALLOC_ZERO_ARRAY(mem_ctx, uint32_t,
+		gp_link->link_opts = talloc_zero_array(mem_ctx, uint32_t,
 						       gp_link->num_links);
 	}

@ -225,7 +226,7 @@ static ADS_STATUS gpo_parse_gplink(TALLOC_CTX *mem_ctx,
 	status = ADS_SUCCESS;

 parse_error:
-	TALLOC_FREE(link_list);
+	talloc_free(link_list);

 	return status;
 }
@ -595,7 +596,7 @@ static ADS_STATUS add_gplink_to_gpo_list(ADS_STRUCT *ads,
 			DEBUG(10,("skipping GPO \"%s\" as object "
 				"has no access to it\n",
 				new_gpo->display_name));
-			TALLOC_FREE(new_gpo);
+			talloc_free(new_gpo);
 			continue;
 		}

--- a/libgpo/gpo_util.c
+++ b/libgpo/gpo_util.c
@ -18,7 +18,11 @@
 */

 #include "includes.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+#if _SAMBA_BUILD_ == 4
 #include "../libgpo/gpo.h"
+#include "source4/libgpo/ads_convenience.h"
+#endif
 #undef strdup

 #define DEFAULT_DOMAIN_POLICY "Default Domain Policy"
@ -601,7 +605,7 @@ ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,

 done:
 	gp_free_reg_ctx(reg_ctx);
-	TALLOC_FREE(root_key);
+	talloc_free(root_key);
 	free_gp_extensions();

 	return status;
@ -660,7 +664,7 @@ NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,

 			result = cli_full_connection(&cli,
 					global_myname(),
-					ads->config.ldap_server_name,
+					ads_get_ldap_server_name(ads),
 					/* server */
 					NULL, 0,
 					share, "A:",
@ -834,7 +838,7 @@ NTSTATUS gp_find_file(TALLOC_CTX *mem_ctx,
 			      path, suffix);
 	NT_STATUS_HAVE_NO_MEMORY(tmp);

-	if (sys_stat(tmp, &sbuf) == 0) {
+	if (stat(tmp, &sbuf) == 0) {
 		*filename_out = tmp;
 		return NT_STATUS_OK;
 	}
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@ -1676,6 +1676,7 @@ uint32 ads_uf2acb(uint32 uf);
 uint32 ads_uf2atype(uint32 uf);
 uint32 ads_gtype2atype(uint32 gtype);
 enum lsa_SidType ads_atype_map(uint32 atype);
+const char *ads_get_ldap_server_name(ADS_STRUCT *ads);

 /* The following definitions come from libads/authdata.c  */

@ -1992,61 +1993,6 @@ ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_princip
 ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads,
 				       char **returned_principal);

-/* The following definitions come from libgpo/gpext/gpext.c  */
-
-struct gp_extension *get_gp_extension_list(void);
-NTSTATUS unregister_gp_extension(const char *name);
-NTSTATUS register_gp_extension(TALLOC_CTX *gpext_ctx,
-			       int version,
-			       const char *name,
-			       const char *guid,
-			       struct gp_extension_methods *methods);
-NTSTATUS gp_ext_info_add_entry(TALLOC_CTX *mem_ctx,
-			       const char *module,
-			       const char *ext_guid,
-			       struct gp_extension_reg_table *table,
-			       struct gp_extension_reg_info *info);
-NTSTATUS shutdown_gp_extensions(void);
-NTSTATUS init_gp_extensions(TALLOC_CTX *mem_ctx);
-NTSTATUS free_gp_extensions(void);
-void debug_gpext_header(int lvl,
-			const char *name,
-			uint32_t flags,
-			struct GROUP_POLICY_OBJECT *gpo,
-			const char *extension_guid,
-			const char *snapin_guid);
-NTSTATUS process_gpo_list_with_extension(ADS_STRUCT *ads,
-			   TALLOC_CTX *mem_ctx,
-			   uint32_t flags,
-			   const struct nt_user_token *token,
-			   struct GROUP_POLICY_OBJECT *gpo_list,
-			   const char *extension_guid,
-			   const char *snapin_guid);
-NTSTATUS gpext_process_extension(ADS_STRUCT *ads,
-				 TALLOC_CTX *mem_ctx,
-				 uint32_t flags,
-				 const struct nt_user_token *token,
-				 struct registry_key *root_key,
-				 struct GROUP_POLICY_OBJECT *gpo,
-				 const char *extension_guid,
-				 const char *snapin_guid);
-
-/* The following definitions come from libgpo/gpo_fetch.c  */
-
-NTSTATUS gpo_explode_filesyspath(TALLOC_CTX *mem_ctx,
-				 const char *file_sys_path,
-				 char **server,
-				 char **service,
-				 char **nt_path,
-				 char **unix_path);
-NTSTATUS gpo_fetch_files(TALLOC_CTX *mem_ctx,
-			 struct cli_state *cli,
-			 struct GROUP_POLICY_OBJECT *gpo);
-NTSTATUS gpo_get_sysvol_gpt_version(TALLOC_CTX *mem_ctx,
-				    const char *unix_path,
-				    uint32_t *sysvol_version,
-				    char **display_name);
-
 /* The following definitions come from libgpo/gpo_filesync.c  */

 NTSTATUS gpo_copy_file(TALLOC_CTX *mem_ctx,
@ -2065,41 +2011,6 @@ NTSTATUS parse_gpt_ini(TALLOC_CTX *mem_ctx,
 		       uint32_t *version,
 		       char **display_name);

-/* The following definitions come from libgpo/gpo_ldap.c  */
-
-bool ads_parse_gp_ext(TALLOC_CTX *mem_ctx,
-		      const char *extension_raw,
-		      struct GP_EXT **gp_ext);
-ADS_STATUS ads_get_gpo_link(ADS_STRUCT *ads,
-			    TALLOC_CTX *mem_ctx,
-			    const char *link_dn,
-			    struct GP_LINK *gp_link_struct);
-ADS_STATUS ads_add_gpo_link(ADS_STRUCT *ads,
-			    TALLOC_CTX *mem_ctx,
-			    const char *link_dn,
-			    const char *gpo_dn,
-			    uint32_t gpo_opt);
-ADS_STATUS ads_delete_gpo_link(ADS_STRUCT *ads,
-			       TALLOC_CTX *mem_ctx,
-			       const char *link_dn,
-			       const char *gpo_dn);
-ADS_STATUS ads_get_gpo(ADS_STRUCT *ads,
-		       TALLOC_CTX *mem_ctx,
-		       const char *gpo_dn,
-		       const char *display_name,
-		       const char *guid_name,
-		       struct GROUP_POLICY_OBJECT *gpo);
-ADS_STATUS ads_get_sid_token(ADS_STRUCT *ads,
-			     TALLOC_CTX *mem_ctx,
-			     const char *dn,
-			     struct nt_user_token **token);
-ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
-			    TALLOC_CTX *mem_ctx,
-			    const char *dn,
-			    uint32_t flags,
-			    const struct nt_user_token *token,
-			    struct GROUP_POLICY_OBJECT **gpo_list);
-
 /* The following definitions come from libgpo/gpo_reg.c  */

 struct nt_user_token *registry_create_system_token(TALLOC_CTX *mem_ctx);
@ -2159,61 +2070,6 @@ WERROR reg_apply_registry_entry(TALLOC_CTX *mem_ctx,
 				const struct nt_user_token *token,
 				uint32_t flags);

-/* The following definitions come from libgpo/gpo_sec.c  */
-
-NTSTATUS gpo_apply_security_filtering(const struct GROUP_POLICY_OBJECT *gpo,
-				      const struct nt_user_token *token);
-
-/* The following definitions come from libgpo/gpo_util.c  */
-
-const char *cse_gpo_guid_string_to_name(const char *guid);
-const char *cse_gpo_name_to_guid_string(const char *name);
-const char *cse_snapin_gpo_guid_string_to_name(const char *guid);
-void dump_gp_ext(struct GP_EXT *gp_ext, int debuglevel);
-void dump_gpo(ADS_STRUCT *ads,
-	      TALLOC_CTX *mem_ctx,
-	      struct GROUP_POLICY_OBJECT *gpo,
-	      int debuglevel);
-void dump_gpo_list(ADS_STRUCT *ads,
-		   TALLOC_CTX *mem_ctx,
-		   struct GROUP_POLICY_OBJECT *gpo_list,
-		   int debuglevel);
-void dump_gplink(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, struct GP_LINK *gp_link);
-ADS_STATUS gpo_process_a_gpo(ADS_STRUCT *ads,
-			     TALLOC_CTX *mem_ctx,
-			     const struct nt_user_token *token,
-			     struct registry_key *root_key,
-			     struct GROUP_POLICY_OBJECT *gpo,
-			     const char *extension_guid_filter,
-			     uint32_t flags);
-ADS_STATUS gpo_process_gpo_list(ADS_STRUCT *ads,
-				TALLOC_CTX *mem_ctx,
-				const struct nt_user_token *token,
-				struct GROUP_POLICY_OBJECT *gpo_list,
-				const char *extensions_guid_filter,
-				uint32_t flags);
-NTSTATUS check_refresh_gpo(ADS_STRUCT *ads,
-			   TALLOC_CTX *mem_ctx,
-			   uint32_t flags,
-			   struct GROUP_POLICY_OBJECT *gpo,
-			   struct cli_state **cli_out);
-NTSTATUS check_refresh_gpo_list(ADS_STRUCT *ads,
-				TALLOC_CTX *mem_ctx,
-				uint32_t flags,
-				struct GROUP_POLICY_OBJECT *gpo_list);
-NTSTATUS gpo_get_unix_path(TALLOC_CTX *mem_ctx,
-			   struct GROUP_POLICY_OBJECT *gpo,
-			   char **unix_path);
-char *gpo_flag_str(uint32_t flags);
-NTSTATUS gp_find_file(TALLOC_CTX *mem_ctx,
-		      uint32_t flags,
-		      const char *filename,
-		      const char *suffix,
-		      const char **filename_out);
-ADS_STATUS gp_get_machine_token(ADS_STRUCT *ads,
-				TALLOC_CTX *mem_ctx,
-				const char *dn,
-				struct nt_user_token **token);

 #include "librpc/gen_ndr/ndr_dfs.h"
 #include "librpc/gen_ndr/ndr_dssetup.h"
--- a/source3/libads/ads_utils.c
+++ b/source3/libads/ads_utils.c
@ -148,3 +148,8 @@ enum lsa_SidType ads_atype_map(uint32 atype)
 	}
 	return SID_NAME_UNKNOWN;
 }
+
+const char *ads_get_ldap_server_name(ADS_STRUCT *ads)
+{
+	return ads->config.ldap_server_name;
+}
--- a/source4/Makefile
+++ b/source4/Makefile
@ -106,6 +106,7 @@ ntp_signdsrcdir := ntp_signd
 wmisrcdir := lib/wmi
 tallocsrcdir := ../lib/talloc
 comsrcdir := $(srcdir)/lib/com
+libgpodir := libgpo

 include data.mk

--- a/source4/libgpo/ads_convenience.c
+++ b/source4/libgpo/ads_convenience.c
@ -25,38 +25,43 @@
 #include "includes.h"
 #include "libnet/libnet.h"
 #include "librpc/gen_ndr/ndr_security.h"
-#include "libgpo/source/ads_convenience.h"
+#include "libgpo/ads_convenience.h"
+#include "param/param.h"
+#include "libcli/libcli.h"
+#include "ldb_wrap.h"
+
+static ADS_STATUS ads_connect(ADS_STRUCT *ads);

 WERROR ads_startup (struct libnet_context *netctx, ADS_STRUCT **ads)
 {
 	*ads = talloc(netctx, ADS_STRUCT);
-	*ads->netctx = netctx;
+	(*ads)->netctx = netctx;

 	ads_connect(*ads);

 	return WERR_OK;
 }

-ADS_STATUS ads_connect(ADS_STRUCT *ads)
+static ADS_STATUS ads_connect(ADS_STRUCT *ads)
 {
-	struct libnet_lookup_DCs *io;
+	struct libnet_LookupDCs *io;
 	char *url;

-	io = talloc_zero(ads, struct libnet_lookup_DCs);
+	io = talloc_zero(ads, struct libnet_LookupDCs);

 	/* We are looking for the PDC of the active domain. */
 	io->in.name_type = NBT_NAME_PDC;
 	io->in.domain_name = lp_workgroup(ads->netctx->lp_ctx);
-	libnet_lookupDCs(ads->netctx, ads, io);
+	libnet_LookupDCs(ads->netctx, ads, io);

-	url = talloc_asprintf(ads, "ldap://%s", io->out.dcs[0]);
+	url = talloc_asprintf(ads, "ldap://%s", io->out.dcs[0].name);
 	ads->ldbctx = ldb_wrap_connect(ads, ads->netctx->event_ctx, ads->netctx->lp_ctx,
 	                 url, NULL, ads->netctx->cred, 0, NULL);
 	if (ads->ldbctx == NULL) {
-		return ADS_STATUS_NT(NT_STATUS_UNSUCCESSFUL);
+		return ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
 	}

-	return ADS_STATUS_NT(NT_STATUS_OK);
+	return ADS_ERROR_NT(NT_STATUS_OK);
 }

 ADS_STATUS ads_search_dn(ADS_STRUCT *ads, LDAPMessage **res,
@ -64,7 +69,7 @@ ADS_STATUS ads_search_dn(ADS_STRUCT *ads, LDAPMessage **res,
 {
 	ADS_STATUS status;

-	status.err_state = ldb_search(ads->ldbctx, ads, res,
+	status.err.rc = ldb_search(ads->ldbctx, ads, res,
 	                              ldb_dn_new(ads, ads->ldbctx, dn),
 	                              LDB_SCOPE_BASE,
                                      attrs,
@ -81,8 +86,8 @@ const char * ads_get_dn(ADS_STRUCT *ads, LDAPMessage *res)

 bool ads_pull_sd(ADS_STRUCT *ads, TALLOC_CTX *ctx, LDAPMessage *res, const char *field, struct security_descriptor **sd)
 {
-	struct ldb_val *val;
-	struct ndr_err_code ndr_err;
+	const struct ldb_val *val;
+	enum ndr_err_code ndr_err;

 	val = ldb_msg_find_ldb_val(res->msgs[0], field);

@ -103,18 +108,18 @@ bool ads_pull_sd(ADS_STRUCT *ads, TALLOC_CTX *ctx, LDAPMessage *res, const char
 ADS_STATUS ads_search_retry_dn_sd_flags(ADS_STRUCT *ads, LDAPMessage **res, uint32_t sd_flags,
                                        const char *dn, const char **attrs)
 {
-	return ads_search_sd_flags(ads, dn, LDB_SCOPE_BASE, "(objectclass=*)", attrs, sd_flags, res);
+	return ads_do_search_all_sd_flags(ads, dn, LDB_SCOPE_BASE, "(objectclass=*)", attrs, sd_flags, res);
 }

-static ADS_STATUS ads_do_search_all_sd_flags (ADS_STRUCT *ads, const char *dn, int scope,
+ADS_STATUS ads_do_search_all_sd_flags (ADS_STRUCT *ads, const char *dn, int scope,
                                              const char *filter, const char **attrs,
                                              uint32_t sd_flags, LDAPMessage **res)
 {
-	int count = 3;
 	int rv;
 	struct ldb_request *req;
 	struct ldb_control **controls;
 	struct ldb_parse_tree *tree;
+	struct ldb_dn *ldb_dn;

 	controls = talloc_zero_array(ads, struct ldb_control *, 2);
 	controls[0] = talloc(ads, struct ldb_control);
@ -124,13 +129,15 @@ static ADS_STATUS ads_do_search_all_sd_flags (ADS_STRUCT *ads, const char *dn, i

 	tree = ldb_parse_tree(ads, filter);

-	rv = ldb_build_search_req_ex(&req, ads->ldbctx, ads, res, dn, scope, tree, attrs, controls,
+	ldb_dn = ldb_dn_new(ads, ads->ldbctx, dn);
+
+	rv = ldb_build_search_req_ex(&req, ads->ldbctx, (TALLOC_CTX *)res, ldb_dn, scope, tree, attrs, controls,
 	                             res, ldb_search_default_callback, NULL);
 	if (rv != LDB_SUCCESS) {
 		talloc_free(*res);
 		talloc_free(req);
 		talloc_free(tree);
-		return ADS_STATUS(irv);
+		return ADS_ERROR(rv);
 	}
 	rv = ldb_request(ads->ldbctx, req);
 	if (rv == LDB_SUCCESS) {
@ -139,7 +146,7 @@ static ADS_STATUS ads_do_search_all_sd_flags (ADS_STRUCT *ads, const char *dn, i

 	talloc_free(req);
 	talloc_free(tree);
-	return ADS_STATUS(rv);
+	return ADS_ERROR(rv);

 }

@ -166,6 +173,7 @@ int ads_count_replies(ADS_STRUCT *ads, LDAPMessage *res)
 ADS_STATUS ads_msgfree(ADS_STRUCT *ads, LDAPMessage *res)
 {
 	talloc_free(res);
+	return ADS_ERROR_NT(NT_STATUS_OK);
 }

 /*
@ -203,7 +211,7 @@ const char *ads_errstr(ADS_STATUS status)
 	case ENUM_ADS_ERROR_SYSTEM:
 		return strerror(status.err.rc);
 	case ENUM_ADS_ERROR_LDAP:
-		return msg;
+		return ldb_strerror(status.err.rc);
 	case ENUM_ADS_ERROR_NT:
 		return get_friendly_nt_error_msg(ads_ntstatus(status));
 	default:
--- a/source4/libgpo/ads_convenience.h
+++ b/source4/libgpo/ads_convenience.h
@ -22,9 +22,13 @@
 #ifndef __ADS_CONVENIENCE_H__
 #define __ADS_CONVENIENCE_H__

+#include "librpc/gen_ndr/security.h"
+
 #define ADS_ERR_OK(status) ((status.error_type == ENUM_ADS_ERROR_NT) ? NT_STATUS_IS_OK(status.err.nt_status):(status.err.rc == 0))
 #define ADS_ERROR(rc) ads_build_ldap_error(rc)
 #define ADS_ERROR_NT(rc) ads_build_nt_error(rc)
+#define ADS_SUCCESS ADS_ERROR(0)
+
 #define ADS_ERROR_HAVE_NO_MEMORY(x) do { \
        if (!(x)) {\
                return ADS_ERROR_NT(NT_STATUS_NO_MEMORY);\
@ -44,7 +48,7 @@ typedef struct {
 } ADS_STRUCT;

 typedef struct ldb_result LDAPMessage;
-typedef struct void ** ADS_MODLIST;
+typedef void ** ADS_MODLIST;

 /* there are 3 possible types of errors the ads subsystem can produce */
 enum ads_error_type { ENUM_ADS_ERROR_LDAP, ENUM_ADS_ERROR_SYSTEM, ENUM_ADS_ERROR_NT};
@ -58,4 +62,32 @@ typedef struct {
 	int minor_status;
 } ADS_STATUS;

+
+/* Prototypes from ads_convenience.c */
+ADS_STATUS ads_build_nt_error(NTSTATUS);
+ADS_STATUS ads_build_ldap_error(int);
+
+ADS_STATUS ads_startup (struct libnet_context *netctx, ADS_STRUCT **ads);
+const char *ads_errstr(ADS_STATUS status);
+const char * ads_get_dn(ADS_STRUCT *ads, LDAPMessage *res);
+bool ads_pull_sd(ADS_STRUCT *ads, TALLOC_CTX *ctx, LDAPMessage *res, const char *field, struct security_descriptor **sd);
+const char * ads_pull_string(ADS_STRUCT *ads, TALLOC_CTX *ctx, LDAPMessage *res, const char *field);
+bool ads_pull_uint32(ADS_STRUCT *ads, LDAPMessage *res, const char *field, uint32_t *ret);
+int ads_count_replies(ADS_STRUCT *ads, LDAPMessage *res);
+ADS_STATUS ads_do_search_all_sd_flags (ADS_STRUCT *ads, const char *dn, int scope,
+                                              const char *filter, const char **attrs,
+                                              uint32_t sd_flags, LDAPMessage **res);
+ADS_STATUS ads_search_dn(ADS_STRUCT *ads, LDAPMessage **res,
+                         const char *dn, const char **attrs);
+ADS_STATUS ads_search_retry_dn_sd_flags(ADS_STRUCT *ads, LDAPMessage **res, uint32_t sd_flags,
+                                        const char *dn, const char **attrs);
+ADS_STATUS ads_msgfree(ADS_STRUCT *ads, LDAPMessage *res);
+NTSTATUS ads_ntstatus(ADS_STATUS status);
+ADS_STATUS ads_build_ldap_error(int ldb_error);
+ADS_STATUS ads_build_nt_error(NTSTATUS nt_status);
+ADS_MODLIST ads_init_mods(TALLOC_CTX *ctx);
+ADS_STATUS ads_mod_str(TALLOC_CTX *ctx, ADS_MODLIST *mods, const char *name, const char *val);
+ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods);
+
+
 #endif