s3-librpc: add ads.idl and convert ads_struct to talloc.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib/param/loadparm.h

@@ -203,17 +203,6 @@ enum printing_types {PRINT_BSD,PRINT_SYSV,PRINT_AIX,PRINT_HPUX,
 
 
 
-/* ads auth control flags */
-#define ADS_AUTH_DISABLE_KERBEROS 0x0001
-#define ADS_AUTH_NO_BIND          0x0002
-#define ADS_AUTH_ANON_BIND        0x0004
-#define ADS_AUTH_SIMPLE_BIND      0x0008
-#define ADS_AUTH_ALLOW_NTLMSSP    0x0010
-#define ADS_AUTH_SASL_SIGN        0x0020
-#define ADS_AUTH_SASL_SEAL        0x0040
-#define ADS_AUTH_SASL_FORCE       0x0080
-#define ADS_AUTH_USER_CREDS       0x0100
-
 enum ldap_server_require_strong_auth {
 	LDAP_SERVER_REQUIRE_STRONG_AUTH_NO,
 	LDAP_SERVER_REQUIRE_STRONG_AUTH_ALLOW_SASL_OVER_TLS,

lib/param/param_table.c

@@ -36,6 +36,7 @@
 #include "libds/common/roles.h"
 #include "source4/lib/tls/tls.h"
 #include "auth/credentials/credentials.h"
+#include "source3/librpc/gen_ndr/ads.h"
 
 #ifndef N_
 #define N_(x) x

libgpo/pygpo.c

@@ -229,9 +229,9 @@ static PyObject* py_ads_connect(ADS *self,
 		PyErr_SetString(PyExc_RuntimeError, "Uninitialized");
 		return NULL;
 	}
-	TALLOC_FREE(self->ads_ptr->auth.user_name);
-	TALLOC_FREE(self->ads_ptr->auth.password);
-	TALLOC_FREE(self->ads_ptr->auth.realm);
+	ADS_TALLOC_CONST_FREE(self->ads_ptr->auth.user_name);
+	ADS_TALLOC_CONST_FREE(self->ads_ptr->auth.password);
+	ADS_TALLOC_CONST_FREE(self->ads_ptr->auth.realm);
 	if (self->cli_creds) {
 		self->ads_ptr->auth.user_name = talloc_strdup(self->ads_ptr,
 			cli_credentials_get_username(self->cli_creds));

source3/include/ads.h

@@ -8,6 +8,7 @@
 
 #include "libads/ads_status.h"
 #include "smb_ldap.h"
+#include "librpc/gen_ndr/ads.h"
 
 struct ads_saslwrap;
 
@@ -18,92 +19,7 @@ struct ads_saslwrap_ops {
 	void (*disconnect)(struct ads_saslwrap *);
 };
 
-enum ads_saslwrap_type {
-	ADS_SASLWRAP_TYPE_PLAIN = 1,
-	ADS_SASLWRAP_TYPE_SIGN = 2,
-	ADS_SASLWRAP_TYPE_SEAL = 4
-};
-
-struct ads_saslwrap {
-	/* expected SASL wrapping type */
-	enum ads_saslwrap_type wrap_type;
-	/* SASL wrapping operations */
-	const struct ads_saslwrap_ops *wrap_ops;
-#ifdef HAVE_LDAP_SASL_WRAPPING
-	Sockbuf_IO_Desc *sbiod; /* lowlevel state for LDAP wrapping */
-#endif /* HAVE_LDAP_SASL_WRAPPING */
-	TALLOC_CTX *mem_ctx;
-	void *wrap_private_data;
-	struct {
-		uint32_t ofs;
-		uint32_t needed;
-		uint32_t left;
-#define        ADS_SASL_WRAPPING_IN_MAX_WRAPPED        0x0FFFFFFF
-		uint32_t max_wrapped;
-		uint32_t min_wrapped;
-		uint32_t size;
-		uint8_t *buf;
-	} in;
-	struct {
-		uint32_t ofs;
-		uint32_t left;
-#define        ADS_SASL_WRAPPING_OUT_MAX_WRAPPED       0x00A00000
-		uint32_t max_unwrapped;
-		uint32_t sig_size;
-		uint32_t size;
-		uint8_t *buf;
-	} out;
-};
-
-typedef struct ads_struct {
-	/* info needed to find the server */
-	struct {
-		char *realm;
-		char *workgroup;
-		char *ldap_server;
-		bool gc;     /* Is this a global catalog server? */
-		bool no_fallback; /* Bail if the ldap_server is not available */
-	} server;
-
-	/* info needed to authenticate */
-	struct {
-		char *realm;
-		char *password;
-		char *user_name;
-		char *kdc_server;
-		unsigned flags;
-		int time_offset;
-		char *ccache_name;
-		time_t tgt_expire;
-		time_t tgs_expire;
-		time_t renewable;
-	} auth;
-
-	/* info derived from the servers config */
-	struct {
-		uint32_t flags; /* cldap flags identifying the services. */
-		char *realm;
-		char *bind_path;
-		char *ldap_server_name;
-		char *server_site_name;
-		char *client_site_name;
-		time_t current_time;
-		char *schema_path;
-		char *config_path;
-		int ldap_page_size;
-	} config;
-
-	/* info about the current LDAP connection */
-#ifdef HAVE_LDAP
-	struct ads_saslwrap ldap_wrap_data;
-	struct {
-		LDAP *ld;
-		struct sockaddr_storage ss; /* the ip of the active connection, if any */
-		time_t last_attempt; /* last attempt to reconnect, monotonic clock */
-		int port;
-	} ldap;
-#endif /* HAVE_LDAP */
-} ADS_STRUCT;
+typedef struct ads_struct ADS_STRUCT;
 
 #ifdef HAVE_ADS
 typedef LDAPMod **ADS_MODLIST;
@@ -151,4 +67,6 @@ typedef struct {
 
 #include "libads/kerberos_proto.h"
 
+#define ADS_TALLOC_CONST_FREE(PTR) do { talloc_free(discard_const(PTR)); PTR = NULL; } while (0);
+
 #endif	/* _INCLUDE_ADS_H_ */

source3/lib/netapi/joindomain.c

@@ -434,7 +434,7 @@ WERROR NetGetJoinableOUs_l(struct libnetapi_ctx *ctx,
 		goto out;
 	}
 
-	TALLOC_FREE(ads->auth.user_name);
+	ADS_TALLOC_CONST_FREE(ads->auth.user_name);
 	if (r->in.account) {
 		ads->auth.user_name = talloc_strdup(ads, r->in.account);
 		if (ads->auth.user_name == NULL) {
@@ -454,7 +454,7 @@ WERROR NetGetJoinableOUs_l(struct libnetapi_ctx *ctx,
 		}
 	}
 
-	TALLOC_FREE(ads->auth.password);
+	ADS_TALLOC_CONST_FREE(ads->auth.password);
 	if (r->in.password) {
 		ads->auth.password = talloc_strdup(ads, r->in.password);
 		if (ads->auth.password == NULL) {

source3/libads/ads_proto.h

@@ -199,11 +199,6 @@ ADS_STATUS ads_ranged_search(ADS_STRUCT *ads,
 			     char ***strings,
 			     size_t *num_strings);
 
-/* The following definitions come from libads/ndr.c  */
-
-struct ndr_print;
-void ndr_print_ads_struct(struct ndr_print *ndr, const char *name, const struct ads_struct *r);
-
 /* The following definitions come from libads/sasl.c  */
 
 ADS_STATUS ads_sasl_bind(ADS_STRUCT *ads);

source3/libads/ldap.c

@@ -33,6 +33,7 @@
 #include "../librpc/gen_ndr/netlogon.h"
 #include "lib/param/loadparm.h"
 #include "libsmb/namequery.h"
+#include "../librpc/gen_ndr/ndr_ads.h"
 
 #ifdef HAVE_LDAP
 
@@ -259,6 +260,7 @@ static bool ads_fill_cldap_reply(ADS_STRUCT *ads,
 	bool ret = false;
 	char addr[INET6_ADDRSTRLEN];
 	ADS_STATUS status;
+	char *dn;
 
 	print_sockaddr(addr, sizeof(addr), ss);
 
@@ -273,12 +275,12 @@ static bool ads_fill_cldap_reply(ADS_STRUCT *ads,
 
 	/* Fill in the ads->config values */
 
-	TALLOC_FREE(ads->config.realm);
-	TALLOC_FREE(ads->config.bind_path);
-	TALLOC_FREE(ads->config.ldap_server_name);
-	TALLOC_FREE(ads->config.server_site_name);
-	TALLOC_FREE(ads->config.client_site_name);
-	TALLOC_FREE(ads->server.workgroup);
+	ADS_TALLOC_CONST_FREE(ads->config.realm);
+	ADS_TALLOC_CONST_FREE(ads->config.bind_path);
+	ADS_TALLOC_CONST_FREE(ads->config.ldap_server_name);
+	ADS_TALLOC_CONST_FREE(ads->config.server_site_name);
+	ADS_TALLOC_CONST_FREE(ads->config.client_site_name);
+	ADS_TALLOC_CONST_FREE(ads->server.workgroup);
 
 	if (!check_cldap_reply_required_flags(cldap_reply->server_type,
 					      ads->config.flags)) {
@@ -303,13 +305,14 @@ static bool ads_fill_cldap_reply(ADS_STRUCT *ads,
 		goto out;
 	}
 
-	status = ads_build_dn(ads->config.realm, ads, &ads->config.bind_path);
+	status = ads_build_dn(ads->config.realm, ads, &dn);
 	if (!ADS_ERR_OK(status)) {
 		DBG_DEBUG("Failed to build bind path: %s\n",
 			  ads_errstr(status));
 		ret = false;
 		goto out;
 	}
+	ads->config.bind_path = dn;
 
 	if (*cldap_reply->server_site) {
 		ads->config.server_site_name =

source3/libads/ndr.c

@@ -1,97 +0,0 @@
-/*
-   Unix SMB/CIFS implementation.
-
-   debug print helpers
-
-   Copyright (C) Guenther Deschner 2008
-
-   This program is free software; you can redistribute it and/or modify
-   it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
-   (at your option) any later version.
-
-   This program is distributed in the hope that it will be useful,
-   but WITHOUT ANY WARRANTY; without even the implied warranty of
-   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-   GNU General Public License for more details.
-
-   You should have received a copy of the GNU General Public License
-   along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "ads.h"
-#include "../librpc/gen_ndr/ndr_netlogon.h"
-#include "../librpc/ndr/libndr.h"
-#include "lib/param/loadparm.h"
-
-static void ndr_print_ads_auth_flags(struct ndr_print *ndr, const char *name, uint32_t r)
-{
-	ndr_print_uint32(ndr, name, r);
-	ndr->depth++;
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_DISABLE_KERBEROS", ADS_AUTH_DISABLE_KERBEROS, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_NO_BIND", ADS_AUTH_NO_BIND, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_ANON_BIND", ADS_AUTH_ANON_BIND, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_SIMPLE_BIND", ADS_AUTH_SIMPLE_BIND, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_ALLOW_NTLMSSP", ADS_AUTH_ALLOW_NTLMSSP, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_SASL_SIGN", ADS_AUTH_SASL_SIGN, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_SASL_SEAL", ADS_AUTH_SASL_SEAL, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_SASL_FORCE", ADS_AUTH_SASL_FORCE, r);
-	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "ADS_AUTH_USER_CREDS", ADS_AUTH_USER_CREDS, r);
-	ndr->depth--;
-}
-
-void ndr_print_ads_struct(struct ndr_print *ndr, const char *name, const struct ads_struct *r)
-{
-	ndr_print_struct(ndr, name, "ads_struct");
-	ndr->depth++;
-	ndr_print_struct(ndr, name, "server");
-	ndr->depth++;
-	ndr_print_string(ndr, "realm", r->server.realm);
-	ndr_print_string(ndr, "workgroup", r->server.workgroup);
-	ndr_print_string(ndr, "ldap_server", r->server.ldap_server);
-	ndr_print_bool(ndr, "gc", r->server.gc);
-	ndr_print_bool(ndr, "no_fallback", r->server.no_fallback);
-	ndr->depth--;
-	ndr_print_struct(ndr, name, "auth");
-	ndr->depth++;
-	ndr_print_string(ndr, "realm", r->auth.realm);
-#ifdef DEBUG_PASSWORD
-	ndr_print_string(ndr, "password", r->auth.password);
-#else
-	ndr_print_string(ndr, "password", "(PASSWORD omitted)");
-#endif
-	ndr_print_string(ndr, "user_name", r->auth.user_name);
-	ndr_print_string(ndr, "kdc_server", r->auth.kdc_server);
-	ndr_print_ads_auth_flags(ndr, "flags", r->auth.flags);
-	ndr_print_uint32(ndr, "time_offset", r->auth.time_offset);
-	ndr_print_string(ndr, "ccache_name", r->auth.ccache_name);
-	ndr_print_time_t(ndr, "tgt_expire", r->auth.tgt_expire);
-	ndr_print_time_t(ndr, "tgs_expire", r->auth.tgs_expire);
-	ndr_print_time_t(ndr, "renewable", r->auth.renewable);
-	ndr->depth--;
-	ndr_print_struct(ndr, name, "config");
-	ndr->depth++;
-	ndr_print_netr_DsR_DcFlags(ndr, "flags", r->config.flags);
-	ndr_print_string(ndr, "realm", r->config.realm);
-	ndr_print_string(ndr, "bind_path", r->config.bind_path);
-	ndr_print_string(ndr, "ldap_server_name", r->config.ldap_server_name);
-	ndr_print_string(ndr, "server_site_name", r->config.server_site_name);
-	ndr_print_string(ndr, "client_site_name", r->config.client_site_name);
-	ndr_print_time_t(ndr, "current_time", r->config.current_time);
-	ndr_print_string(ndr, "schema_path", r->config.schema_path);
-	ndr_print_string(ndr, "config_path", r->config.config_path);
-	ndr->depth--;
-#ifdef HAVE_LDAP
-	ndr_print_struct(ndr, name, "ldap");
-	ndr->depth++;
-	ndr_print_ptr(ndr, "ld", r->ldap.ld);
-	ndr_print_sockaddr_storage(ndr, "ss", &r->ldap.ss);
-	ndr_print_time_t(ndr, "last_attempt", r->ldap.last_attempt);
-	ndr_print_uint32(ndr, "port", r->ldap.port);
-	ndr_print_ads_saslwrap_struct(ndr, "saslwrap", &(r->ldap_wrap_data));
-	ndr->depth--;
-	ndr->depth--;
-#endif /* HAVE_LDAP */
-	ndr->depth--;
-}

source3/libads/sasl_wrapping.c

@@ -58,7 +58,7 @@ static int ads_saslwrap_setup(Sockbuf_IO_Desc *sbiod, void *arg)
 {
 	struct ads_saslwrap *wrap = (struct ads_saslwrap *)arg;
 
-	wrap->sbiod	= sbiod;
+	wrap->sbiod	= (struct Sockbuf_IO_Desc *)sbiod;
 
 	sbiod->sbiod_pvt = wrap;
 
@@ -336,7 +336,7 @@ ADS_STATUS ads_setup_sasl_wrapping(struct ads_saslwrap *wrap, LDAP *ld,
 		return status;
 	}
 
-	wrap->wrap_ops		= ops;
+	wrap->wrap_ops		= discard_const(ops);
 	wrap->wrap_private_data	= private_data;
 
 	return ADS_SUCCESS;

source3/libnet/libnet_join.c

@@ -171,7 +171,7 @@ static ADS_STATUS libnet_connect_ads(const char *dns_domain_name,
 	}
 
 	if (user_name) {
-		TALLOC_FREE(my_ads->auth.user_name);
+		ADS_TALLOC_CONST_FREE(my_ads->auth.user_name);
 		my_ads->auth.user_name = talloc_strdup(my_ads, user_name);
 		if (my_ads->auth.user_name == NULL) {
 			status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
@@ -179,7 +179,7 @@ static ADS_STATUS libnet_connect_ads(const char *dns_domain_name,
 		}
 		if ((cp = strchr_m(my_ads->auth.user_name, '@'))!=0) {
 			*cp++ = '\0';
-			TALLOC_FREE(my_ads->auth.realm);
+			ADS_TALLOC_CONST_FREE(my_ads->auth.realm);
 			my_ads->auth.realm = talloc_asprintf_strupper_m(my_ads, "%s", cp);
 			if (my_ads->auth.realm == NULL) {
 				status = ADS_ERROR_LDAP(LDAP_NO_MEMORY);
@@ -189,7 +189,7 @@ static ADS_STATUS libnet_connect_ads(const char *dns_domain_name,
 	}
 
 	if (password) {
-		TALLOC_FREE(my_ads->auth.password);
+		ADS_TALLOC_CONST_FREE(my_ads->auth.password);
 		my_ads->auth.password = talloc_strdup(my_ads, password);
 		if (my_ads->auth.password == NULL) {
 			status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
@@ -198,7 +198,7 @@ static ADS_STATUS libnet_connect_ads(const char *dns_domain_name,
 	}
 
 	if (ccname != NULL) {
-		TALLOC_FREE(my_ads->auth.ccache_name);
+		ADS_TALLOC_CONST_FREE(my_ads->auth.ccache_name);
 		my_ads->auth.ccache_name = talloc_strdup(my_ads, ccname);
 		if (my_ads->auth.ccache_name == NULL) {
 			status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
@@ -1045,7 +1045,7 @@ static ADS_STATUS libnet_join_post_processing_ads_modify(TALLOC_CTX *mem_ctx,
 
 		if (r->in.ads->auth.ccache_name != NULL) {
 			ads_kdestroy(r->in.ads->auth.ccache_name);
-			TALLOC_FREE(r->in.ads->auth.ccache_name);
+			ADS_TALLOC_CONST_FREE(r->in.ads->auth.ccache_name);
 		}
 
 		TALLOC_FREE(r->in.ads);

source3/librpc/idl/ads.idl

@@ -0,0 +1,128 @@
+#include "idl_types.h"
+#include "config.h"
+
+/*
+  ads interface definition
+*/
+
+cpp_quote("#include <system/network.h>")
+
+[
+	pointer_default(unique)
+]
+interface ads
+{
+	typedef [public] enum {
+		ADS_SASLWRAP_TYPE_PLAIN = 1,
+		ADS_SASLWRAP_TYPE_SIGN = 2,
+		ADS_SASLWRAP_TYPE_SEAL = 4
+	} ads_saslwrap_type;
+
+	/* ads auth control flags */
+	typedef [public] bitmap {
+		ADS_AUTH_DISABLE_KERBEROS	= 0x0001,
+		ADS_AUTH_NO_BIND		= 0x0002,
+		ADS_AUTH_ANON_BIND		= 0x0004,
+		ADS_AUTH_SIMPLE_BIND		= 0x0008,
+		ADS_AUTH_ALLOW_NTLMSSP		= 0x0010,
+		ADS_AUTH_SASL_SIGN		= 0x0020,
+		ADS_AUTH_SASL_SEAL		= 0x0040,
+		ADS_AUTH_SASL_FORCE		= 0x0080,
+		ADS_AUTH_USER_CREDS		= 0x0100
+	} ads_auth_flags;
+
+	const int ADS_SASL_WRAPPING_IN_MAX_WRAPPED = 0x0FFFFFFF;
+	const int ADS_SASL_WRAPPING_OUT_MAX_WRAPPED = 0x00A00000;
+
+	typedef [nopull,nopush] struct {
+		string realm;
+		string workgroup;
+		string ldap_server;
+		boolean8 gc;     /* Is this a global catalog server? */
+		boolean8 no_fallback; /* Bail if the ldap_server is not available */
+	} ads_server;
+
+	typedef [nopull,nopush] struct {
+		string realm;
+		string password;
+		string user_name;
+		string kdc_server;
+		ads_auth_flags flags;
+		int time_offset;
+		string ccache_name;
+		time_t tgt_expire;
+		time_t tgs_expire;
+		time_t renewable;
+	} ads_auth;
+
+	typedef [nopull,nopush] struct {
+		uint32 flags; /* cldap flags identifying the services. */
+		string realm;
+		string bind_path;
+		string ldap_server_name;
+		string server_site_name;
+		string client_site_name;
+		time_t current_time;
+		string schema_path;
+		string config_path;
+		int ldap_page_size;
+	} ads_config;
+
+	typedef [nopull,nopush] struct {
+		uint32 ofs;
+		uint32 needed;
+		uint32 left;
+		uint32 max_wrapped;
+		uint32 min_wrapped;
+		uint32 size;
+		uint8 *buf;
+	} ads_ldap_buf_in;
+
+	typedef [nopull,nopush] struct {
+		uint32 ofs;
+		uint32 left;
+		uint32 max_unwrapped;
+		uint32 sig_size;
+		uint32 size;
+		uint8 *buf;
+	} ads_ldap_buf_out;
+
+	typedef [nopull,nopush] struct {
+		ads_saslwrap_type wrap_type;
+		[ignore] ads_saslwrap_ops *wrap_ops;
+#ifdef HAVE_LDAP_SASL_WRAPPING
+		[ignore] Sockbuf_IO_Desc *sbiod; /* lowlevel state for LDAP wrapping */
+#endif /* HAVE_LDAP_SASL_WRAPPING */
+		[ignore] TALLOC_CTX *mem_ctx;
+		[ignore] void *wrap_private_data;
+		ads_ldap_buf_in in;
+		ads_ldap_buf_out out;
+	} ads_saslwrap;
+
+	typedef [nopull,nopush] struct {
+		[ignore] ldap *ld;
+		sockaddr_storage ss; /* the ip of the active connection, if any */
+		time_t last_attempt; /* last attempt to reconnect, monotonic clock */
+		int port;
+	} ads_ldap;
+
+	typedef [public,nopull,nopush] struct {
+		/* info needed to find the server */
+		ads_server server;
+
+		/* info needed to authenticate */
+		ads_auth auth;
+
+		/* info derived from the servers config */
+		ads_config config;
+
+#ifdef HAVE_LDAP
+		ads_saslwrap ldap_wrap_data;
+		/* info about the current LDAP connection */
+		ads_ldap ldap;
+#endif /* HAVE_LDAP */
+
+	} ads_struct;
+}
+
+

source3/librpc/idl/libnet_join.idl

@@ -1,14 +1,13 @@
 #include "idl_types.h"
 
-import "wkssvc.idl", "security.idl", "misc.idl", "netlogon.idl", "ODJ.idl";
+import "wkssvc.idl", "security.idl", "misc.idl", "netlogon.idl", "ODJ.idl", "ads.idl";
 
 /*
   libnetjoin interface definition
 */
 
 [
-	pointer_default(unique),
-	helper("ads.h")
+	pointer_default(unique)
 ]
 interface libnetjoin
 {

source3/librpc/idl/wscript_build

@@ -22,3 +22,12 @@ bld.SAMBA_PIDL_LIST('PIDL',
                     options='--includedir=%s --header --ndr-parser' % topinclude,
                     output_dir='../gen_ndr',
                     generate_tables=False)
+
+absinclude=os.path.join(bld.srcnode.abspath(), 'bin/default/include')
+
+bld.SAMBA_PIDL_LIST('PIDL',
+                    '''
+                       ads.idl
+                    ''',
+                    options='--includedir=%s --includedir=%s --header --ndr-parser' % (topinclude, absinclude),
+                    output_dir='../gen_ndr')

source3/librpc/ndr/ndr_ads.c

@@ -0,0 +1,32 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   routines for marshalling/unmarshalling ads structures
+
+   Copyright (C) Guenther Deschner 2020
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "librpc/gen_ndr/ndr_ads.h"
+
+enum ndr_err_code ndr_pull_ads_struct(struct ndr_pull *ndr, int ndr_flags, struct ads_struct *r)
+{
+	return NDR_ERR_SUCCESS;
+}
+enum ndr_err_code ndr_push_ads_struct(struct ndr_push *ndr, int ndr_flags, const struct ads_struct *r)
+{
+	return NDR_ERR_SUCCESS;
+}

source3/librpc/wscript_build

@@ -9,7 +9,7 @@ bld.SAMBA3_SUBSYSTEM('NDR_LIBNETAPI',
 
 bld.SAMBA3_SUBSYSTEM('NDR_LIBNET_JOIN',
 	source='gen_ndr/ndr_libnet_join.c',
-	public_deps='ndr krb5samba NDR_ODJ'
+	public_deps='ndr krb5samba NDR_ODJ NDR_ADS'
 	)
 
 bld.SAMBA3_SUBSYSTEM("NDR_RPC_HOST",
@@ -41,3 +41,8 @@ bld.SAMBA3_SUBSYSTEM('NDR_PERFCOUNT',
 	public_deps='ndr'
 	)
 
+bld.SAMBA3_SUBSYSTEM('NDR_ADS',
+	source='gen_ndr/ndr_ads.c ndr/ndr_ads.c',
+	public_deps='ndr'
+	)
+

source3/param/loadparm.c

@@ -78,6 +78,7 @@
 #include "lib/util/string_wrappers.h"
 #include "auth/credentials/credentials.h"
 #include "source3/lib/substitute.h"
+#include "source3/librpc/gen_ndr/ads.h"
 
 #ifdef HAVE_SYS_SYSCTL_H
 #include <sys/sysctl.h>

source3/printing/nt_printing_ads.c

@@ -235,7 +235,7 @@ WERROR nt_printer_guid_retrieve(TALLOC_CTX *mem_ctx, const char *printer,
 
 	old_krb5ccname = getenv(KRB5_ENV_CCNAME);
 	setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1);
-	TALLOC_FREE(ads->auth.password);
+	ADS_TALLOC_CONST_FREE(ads->auth.password);
 	machine_password = secrets_fetch_machine_password(lp_workgroup(),
 							    NULL, NULL);
 	if (machine_password != NULL) {
@@ -698,7 +698,7 @@ WERROR nt_printer_publish(TALLOC_CTX *mem_ctx,
 	}
 	old_krb5ccname = getenv(KRB5_ENV_CCNAME);
 	setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1);
-	TALLOC_FREE(ads->auth.password);
+	ADS_TALLOC_CONST_FREE(ads->auth.password);
 	machine_password = secrets_fetch_machine_password(lp_workgroup(),
 		NULL, NULL);
 	if (machine_password != NULL) {
@@ -768,7 +768,7 @@ WERROR check_published_printers(struct messaging_context *msg_ctx)
 	}
 	old_krb5ccname = getenv(KRB5_ENV_CCNAME);
 	setenv(KRB5_ENV_CCNAME, "MEMORY:prtpub_cache", 1);
-	TALLOC_FREE(ads->auth.password);
+	ADS_TALLOC_CONST_FREE(ads->auth.password);
 	machine_password = secrets_fetch_machine_password(lp_workgroup(),
 		NULL, NULL);
 	if (machine_password != NULL) {

source3/utils/net_ads.c

@@ -663,7 +663,7 @@ retry:
 
 	if (c->opt_password) {
 		use_in_memory_ccache();
-		TALLOC_FREE(ads->auth.password);
+		ADS_TALLOC_CONST_FREE(ads->auth.password);
 		ads->auth.password = talloc_strdup(ads, c->opt_password);
 		if (ads->auth.password == NULL) {
 			TALLOC_FREE(ads);
@@ -671,7 +671,7 @@ retry:
 		}
 	}
 
-	TALLOC_FREE(ads->auth.user_name);
+	ADS_TALLOC_CONST_FREE(ads->auth.user_name);
 	ads->auth.user_name = talloc_strdup(ads, c->opt_user_name);
 	if (ads->auth.user_name == NULL) {
 		TALLOC_FREE(ads);
@@ -704,7 +704,7 @@ retry:
         */
        if ((cp = strchr_m(ads->auth.user_name, '@'))!=0) {
 		*cp++ = '\0';
-		TALLOC_FREE(ads->auth.realm);
+		ADS_TALLOC_CONST_FREE(ads->auth.realm);
 		ads->auth.realm = talloc_asprintf_strupper_m(ads, "%s", cp);
 		if (ads->auth.realm == NULL) {
 			TALLOC_FREE(ads);

source3/winbindd/idmap_ad.c

@@ -33,6 +33,7 @@
 #include "libcli/security/dom_sid.h"
 #include "source3/libads/sitename_cache.h"
 #include "source3/libads/kerberos_proto.h"
+#include "source3/librpc/gen_ndr/ads.h"
 
 struct idmap_ad_schema_names;
 

source3/winbindd/winbindd_ads.c

@@ -125,8 +125,8 @@ static ADS_STATUS ads_cached_connection_connect(const char *target_realm,
 		goto out;
 	}
 
-	TALLOC_FREE(ads->auth.password);
-	TALLOC_FREE(ads->auth.realm);
+	ADS_TALLOC_CONST_FREE(ads->auth.password);
+	ADS_TALLOC_CONST_FREE(ads->auth.realm);
 
 	ads->auth.renewable = renewable;
 	ads->auth.password = talloc_strdup(ads, password);

source3/wscript_build

@@ -504,7 +504,6 @@ bld.SAMBA3_LIBRARY('ads',
                           libads/ldap_utils.c
                           libads/ldap_schema.c
                           libads/util.c
-                          libads/ndr.c
                           libads/net_ads_setspn.c
                           ''',
                    deps='''
@@ -520,6 +519,7 @@ bld.SAMBA3_LIBRARY('ads',
                         DCUTIL
                         smbldap
                         trusts_util
+                        NDR_ADS
                         ''',
                    private_library=True)
 

source4/libcli/ldap/ldap_bind.c

@@ -33,6 +33,7 @@
 #include "lib/stream/packet.h"
 #include "param/param.h"
 #include "param/loadparm.h"
+#include "librpc/gen_ndr/ads.h"
 
 struct ldap_simple_creds {
 	const char *dn;

source4/librpc/wscript_build

@@ -132,6 +132,7 @@ bld.SAMBA_SUBSYSTEM('ndr-table',
                     NDR_SECRETS
                     NDR_LEASES_DB
                     NDR_ODJ
+                    NDR_ADS
                     ''',
         depends_on='GEN_NDR_TABLES'
         )