Merge 2610c05b5b95cc7036b3d6dfb894c6cfbdb68483 as Samba-4.0alpha16samba-4.0.0alpha16

21 files changed, 334 insertions, 165 deletions

diff --git a/source3/libads/ads_ldap_protos.h b/source3/libads/ads_ldap_protos.h
index 03869fe5c99..0fb71349948 100644
--- a/source3/libads/ads_ldap_protos.h
+++ b/source3/libads/ads_ldap_protos.h
@@ -1,4 +1,30 @@
 /*
+   Unix SMB/CIFS implementation.
+   ads (active directory) utility library
+   Copyright (C) Andrew Tridgell 2001
+   Copyright (C) Remus Koos 2001
+   Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002
+   Copyright (C) Guenther Deschner 2005
+   Copyright (C) Gerald Carter 2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _LIBADS_ADS_LDAP_PROTOS_H_
+#define _LIBADS_ADS_LDAP_PROTOS_H_
+
+/*
  * Prototypes for ads
  */
 
@@ -112,3 +138,5 @@ ADS_STATUS ads_get_joinable_ous(ADS_STRUCT *ads,
 				TALLOC_CTX *mem_ctx,
 				char ***ous,
 				size_t *num_ous);
+
+#endif /* _LIBADS_ADS_LDAP_PROTOS_H_ */
diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h
index ed702de8a6c..324fa2a9cc1 100644
--- a/source3/libads/ads_proto.h
+++ b/source3/libads/ads_proto.h
@@ -1,3 +1,37 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  ads (active directory) utility library
+ *
+ *  Copyright (C) Andrew Bartlett			2001
+ *  Copyright (C) Andrew Tridgell			2001
+ *  Copyright (C) Remus Koos (remuskoos@yahoo.com)	2001
+ *  Copyright (C) Alexey Kotovich			2002
+ *  Copyright (C) Jim McDonough <jmcd@us.ibm.com>	2002-2003
+ *  Copyright (C) Luke Howard				2003
+ *  Copyright (C) Guenther Deschner			2003-2008
+ *  Copyright (C) Rakesh Patel				2004
+ *  Copyright (C) Dan Perry				2004
+ *  Copyright (C) Jeremy Allison			2004
+ *  Copyright (C) Gerald Carter				2006
+ *  Copyright (C) Stefan Metzmacher			2007
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _LIBADS_ADS_PROTO_H_
+#define _LIBADS_ADS_PROTO_H_
+
 /* The following definitions come from libads/ads_struct.c  */
 
 char *ads_build_path(const char *realm, const char *sep, const char *field, int reverse);
@@ -152,3 +186,5 @@ ADS_STATUS ads_setup_sasl_wrapping(ADS_STRUCT *ads,
 /* The following definitions come from libads/util.c  */
 
 ADS_STATUS ads_change_trust_account_password(ADS_STRUCT *ads, char *host_principal);
+
+#endif /* _LIBADS_ADS_PROTO_H_ */
diff --git a/source3/libads/ads_status.c b/source3/libads/ads_status.c
index b99464118de..a9e59edaddb 100644
--- a/source3/libads/ads_status.c
+++ b/source3/libads/ads_status.c
@@ -23,6 +23,7 @@
 #include "includes.h"
 #include "smb_krb5.h"
 #include "smb_ldap.h"
+#include "libads/ads_status.h"
 
 /*
   build a ADS_STATUS structure
diff --git a/source3/libads/ads_status.h b/source3/libads/ads_status.h
index 4c27e16f50e..ff7c1036380 100644
--- a/source3/libads/ads_status.h
+++ b/source3/libads/ads_status.h
@@ -1,3 +1,27 @@
+/*
+   Unix SMB/CIFS implementation.
+   ads (active directory) utility library
+   Copyright (C) Andrew Tridgell 2001
+   Copyright (C) Remus Koos 2001
+   Copyright (C) Andrew Bartlett 2001
+
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _LIBADS_ADS_STATUS_H_
+#define _LIBADS_ADS_STATUS_H_
 
 /* there are 5 possible types of errors the ads subsystem can produce */
 enum ads_error_type {ENUM_ADS_ERROR_KRB5, ENUM_ADS_ERROR_GSS,
@@ -40,3 +64,5 @@ ADS_STATUS ads_build_nt_error(enum ads_error_type etype,
 NTSTATUS ads_ntstatus(ADS_STATUS status);
 const char *ads_errstr(ADS_STATUS status);
 NTSTATUS gss_err_to_ntstatus(uint32 maj, uint32 min);
+
+#endif /* _LIBADS_ADS_STATUS_H_ */
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index 6f49b857da7..44279a24d77 100644
--- a/source3/libads/authdata.c
+++ b/source3/libads/authdata.c
@@ -78,7 +78,7 @@ NTSTATUS kerberos_return_pac(TALLOC_CTX *mem_ctx,
 	NT_STATUS_HAVE_NO_MEMORY(auth_princ);
 
 	local_service = talloc_asprintf(mem_ctx, "%s$@%s",
-					global_myname(), lp_realm());
+					lp_netbios_name(), lp_realm());
 	NT_STATUS_HAVE_NO_MEMORY(local_service);
 
 	ret = kerberos_kinit_password_ext(auth_princ,
diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c
index 5d2e900c05a..03fa17c26fd 100644
--- a/source3/libads/cldap.c
+++ b/source3/libads/cldap.c
@@ -30,7 +30,7 @@
 *******************************************************************/
 
 bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx,
-			const char *server,
+			struct sockaddr_storage *ss,
 			const char *realm,
 			uint32_t nt_version,
 			struct netlogon_samlogon_response **_reply)
@@ -39,18 +39,12 @@ bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx,
 	struct cldap_netlogon io;
 	struct netlogon_samlogon_response *reply;
 	NTSTATUS status;
-	struct sockaddr_storage ss;
 	char addrstr[INET6_ADDRSTRLEN];
 	const char *dest_str;
 	int ret;
 	struct tsocket_address *dest_addr;
 
-	if (!interpret_string_addr_prefer_ipv4(&ss, server, 0)) {
-		DEBUG(2,("Failed to resolve[%s] into an address for cldap\n",
-			server));
-		return false;
-	}
-	dest_str = print_sockaddr(addrstr, sizeof(addrstr), &ss);
+	dest_str = print_sockaddr(addrstr, sizeof(addrstr), ss);
 
 	ret = tsocket_address_inet_from_strings(mem_ctx, "ip",
 						dest_str, LDAP_PORT,
@@ -113,7 +107,7 @@ failed:
 *******************************************************************/
 
 bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx,
-			  const char *server,
+			  struct sockaddr_storage *ss,
 			  const char *realm,
 			  struct NETLOGON_SAM_LOGON_RESPONSE_EX *reply5)
 {
@@ -121,7 +115,7 @@ bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx,
 	struct netlogon_samlogon_response *reply = NULL;
 	bool ret;
 
-	ret = ads_cldap_netlogon(mem_ctx, server, realm, nt_version, &reply);
+	ret = ads_cldap_netlogon(mem_ctx, ss, realm, nt_version, &reply);
 	if (!ret) {
 		return false;
 	}
diff --git a/source3/libads/cldap.h b/source3/libads/cldap.h
index e2d05ce7313..60e1c56038d 100644
--- a/source3/libads/cldap.h
+++ b/source3/libads/cldap.h
@@ -1,12 +1,39 @@
+/*
+   Samba Unix/Linux SMB client library
+   net ads cldap functions
+   Copyright (C) 2001 Andrew Tridgell (tridge@samba.org)
+   Copyright (C) 2003 Jim McDonough (jmcd@us.ibm.com)
+   Copyright (C) 2008 Guenther Deschner (gd@samba.org)
+   Copyright (C) 2009 Stefan Metzmacher (metze@samba.org)
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _LIBADS_CLDAP_H_
+#define _LIBADS_CLDAP_H_
+
 #include "../libcli/netlogon/netlogon.h"
 
 /* The following definitions come from libads/cldap.c  */
 bool ads_cldap_netlogon(TALLOC_CTX *mem_ctx,
-			const char *server,
+			struct sockaddr_storage *ss,
 			const char *realm,
 			uint32_t nt_version,
 			struct netlogon_samlogon_response **reply);
 bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx,
-			  const char *server,
+			  struct sockaddr_storage *ss,
 			  const char *realm,
 			  struct NETLOGON_SAM_LOGON_RESPONSE_EX *reply5);
+
+#endif /* _LIBADS_CLDAP_H_ */
diff --git a/source3/libads/dns.c b/source3/libads/dns.c
index 113e63710bd..5eae10ec285 100644
--- a/source3/libads/dns.c
+++ b/source3/libads/dns.c
@@ -328,7 +328,7 @@ static NTSTATUS dns_send_req( TALLOC_CTX *ctx, const char *name, int q_type,
 		buf_len = resp_len * sizeof(uint8);
 
 		if (buf_len) {
-			if ((buffer = TALLOC_ARRAY(ctx, uint8, buf_len))
+			if ((buffer = talloc_array(ctx, uint8, buf_len))
 					== NULL ) {
 				DEBUG(0,("ads_dns_lookup_srv: "
 					"talloc() failed!\n"));
@@ -401,11 +401,19 @@ static NTSTATUS ads_dns_lookup_srv( TALLOC_CTX *ctx,
 	int rrnum;
 	int idx = 0;
 	NTSTATUS status;
+	const char *dns_hosts_file;
 
 	if ( !ctx || !name || !dclist ) {
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
+	dns_hosts_file = lp_parm_const_string(-1, "resolv", "host file", NULL);
+	if (dns_hosts_file) {
+		return resolve_dns_hosts_file_as_dns_rr(dns_hosts_file,
+							name, true, ctx,
+							dclist, numdcs);
+	}
+
 	/* Send the request.  May have to loop several times in case
 	   of large replies */
 
@@ -434,7 +442,7 @@ static NTSTATUS ads_dns_lookup_srv( TALLOC_CTX *ctx,
 		answer_count));
 
 	if (answer_count) {
-		if ((dcs = TALLOC_ZERO_ARRAY(ctx, struct dns_rr_srv,
+		if ((dcs = talloc_zero_array(ctx, struct dns_rr_srv,
 						answer_count)) == NULL ) {
 			DEBUG(0,("ads_dns_lookup_srv: "
 				"talloc() failure for %d char*'s\n",
@@ -526,13 +534,13 @@ static NTSTATUS ads_dns_lookup_srv( TALLOC_CTX *ctx,
 				/* allocate new memory */
 
 				if (dcs[i].num_ips == 0) {
-					if ((dcs[i].ss_s = TALLOC_ARRAY(dcs,
+					if ((dcs[i].ss_s = talloc_array(dcs,
 						struct sockaddr_storage, 1 ))
 							== NULL ) {
 						return NT_STATUS_NO_MEMORY;
 					}
 				} else {
-					if ((tmp_ss_s = TALLOC_REALLOC_ARRAY(dcs,
+					if ((tmp_ss_s = talloc_realloc(dcs,
 							dcs[i].ss_s,
 							struct sockaddr_storage,
 							dcs[i].num_ips+1))
@@ -590,11 +598,18 @@ NTSTATUS ads_dns_lookup_ns(TALLOC_CTX *ctx,
 	int rrnum;
 	int idx = 0;
 	NTSTATUS status;
+	const char *dns_hosts_file;
 
 	if ( !ctx || !dnsdomain || !nslist ) {
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
+	dns_hosts_file = lp_parm_const_string(-1, "resolv", "host file", NULL);
+	if (dns_hosts_file) {
+		DEBUG(1, ("NO 'NS' lookup available when using resolv:host file"));
+		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+	}
+
 	/* Send the request.  May have to loop several times in case
 	   of large replies */
 
@@ -623,7 +638,7 @@ NTSTATUS ads_dns_lookup_ns(TALLOC_CTX *ctx,
 		answer_count));
 
 	if (answer_count) {
-		if ((nsarray = TALLOC_ARRAY(ctx, struct dns_rr_ns,
+		if ((nsarray = talloc_array(ctx, struct dns_rr_ns,
 						answer_count)) == NULL ) {
 			DEBUG(0,("ads_dns_lookup_ns: "
 				"talloc() failure for %d char*'s\n",
diff --git a/source3/libads/dns.h b/source3/libads/dns.h
index b747e97bb77..f53153ba263 100644
--- a/source3/libads/dns.h
+++ b/source3/libads/dns.h
@@ -20,42 +20,7 @@
 #ifndef _ADS_DNS_H
 #define _ADS_DNS_H
 
-/* DNS query section in replies */
-
-struct dns_query {
-	const char *hostname;
-	uint16 type;
-	uint16 in_class;
-};
-
-/* DNS RR record in reply */
-
-struct dns_rr {
-	const char *hostname;
-	uint16 type;
-	uint16 in_class;
-	uint32 ttl;
-	uint16 rdatalen;
-	uint8 *rdata;
-};
-
-/* SRV records */
-
-struct dns_rr_srv {
-	const char *hostname;
-	uint16 priority;
-	uint16 weight;
-	uint16 port;
-	size_t num_ips;
-	struct sockaddr_storage *ss_s;	/* support multi-homed hosts */
-};
-
-/* NS records */
-
-struct dns_rr_ns {
-	const char *hostname;
-	struct sockaddr_storage ss;
-};
+#include "libcli/dns/dns.h"
 
 /* The following definitions come from libads/dns.c  */
 
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index d496ade71b0..913d6900493 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -223,8 +223,8 @@ int kerberos_kinit_password_ext(const char *principal,
 		krb5_get_init_creds_opt_set_address_list(opt, addr->addrs);
 	}
 
-	if ((code = krb5_get_init_creds_password(ctx, &my_creds, me, CONST_DISCARD(char *,password), 
-						 kerb_prompter, CONST_DISCARD(char *,password),
+	if ((code = krb5_get_init_creds_password(ctx, &my_creds, me, discard_const_p(char,password), 
+						 kerb_prompter, discard_const_p(char, password),
 						 0, NULL, opt))) {
 		goto out;
 	}
@@ -352,7 +352,7 @@ char* kerberos_standard_des_salt( void )
 {
 	fstring salt;
 
-	fstr_sprintf( salt, "host/%s.%s@", global_myname(), lp_realm() );
+	fstr_sprintf( salt, "host/%s.%s@", lp_netbios_name(), lp_realm() );
 	strlower_m( salt );
 	fstrcat( salt, lp_realm() );
 
@@ -958,22 +958,37 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
 	/* Insanity, sheer insanity..... */
 
 	if (strequal(realm, lp_realm())) {
-		char linkpath[PATH_MAX+1];
-		int lret;
-
-		lret = readlink(SYSTEM_KRB5_CONF_PATH, linkpath, sizeof(linkpath)-1);
-		if (lret != -1) {
-			linkpath[lret] = '\0';
-		}
-
-		if (lret != -1 || strcmp(linkpath, fname) == 0) {
-			/* Symlink already exists. */
-			goto done;
+		SMB_STRUCT_STAT sbuf;
+
+		if (sys_lstat(SYSTEM_KRB5_CONF_PATH, &sbuf, false) == 0) {
+			if (S_ISLNK(sbuf.st_ex_mode) && sbuf.st_ex_size) {
+				int lret;
+				size_t alloc_size = sbuf.st_ex_size + 1;
+				char *linkpath = talloc_array(talloc_tos(), char,
+						alloc_size);
+				if (!linkpath) {
+					goto done;
+				}
+				lret = readlink(SYSTEM_KRB5_CONF_PATH, linkpath,
+						alloc_size - 1);
+				if (lret == -1) {
+					TALLOC_FREE(linkpath);
+					goto done;
+				}
+				linkpath[lret] = '\0';
+
+				if (strcmp(linkpath, fname) == 0) {
+					/* Symlink already exists. */
+					TALLOC_FREE(linkpath);
+					goto done;
+				}
+				TALLOC_FREE(linkpath);
+			}
 		}
 
 		/* Try and replace with a symlink. */
 		if (symlink(fname, SYSTEM_KRB5_CONF_PATH) == -1) {
-			const char *newpath = SYSTEM_KRB5_CONF_PATH ## ".saved";
+			const char *newpath = SYSTEM_KRB5_CONF_PATH ".saved";
 			if (errno != EEXIST) {
 				DEBUG(0,("create_local_private_krb5_conf_for_domain: symlink "
 					"of %s to %s failed. Errno %s\n",
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index 6e1b7c08fe7..7654c666f4f 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -316,7 +316,7 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc)
 		goto out;
 	}
 
-	my_fqdn = ads_get_dnshostname(ads, tmpctx, global_myname());
+	my_fqdn = ads_get_dnshostname(ads, tmpctx, lp_netbios_name());
 	if (!my_fqdn) {
 		DEBUG(0, (__location__ ": unable to determine machine "
 			  "account's dns name in AD!\n"));
@@ -324,7 +324,7 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc)
 		goto out;
 	}
 
-	machine_name = ads_get_samaccountname(ads, tmpctx, global_myname());
+	machine_name = ads_get_samaccountname(ads, tmpctx, lp_netbios_name());
 	if (!machine_name) {
 		DEBUG(0, (__location__ ": unable to determine machine "
 			  "account's short name in AD!\n"));
@@ -380,7 +380,7 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc)
 				  "'%s'\n", princ_s));
 
 			aderr = ads_add_service_principal_name(ads,
-					global_myname(), my_fqdn, srvPrinc);
+					lp_netbios_name(), my_fqdn, srvPrinc);
 			if (!ADS_ERR_OK(aderr)) {
 				DEBUG(1, (__location__ ": failed to "
 					 "ads_add_service_principal_name.\n"));
@@ -389,7 +389,7 @@ int ads_keytab_add_entry(ADS_STRUCT *ads, const char *srvPrinc)
 		}
 	}
 
-	kvno = (krb5_kvno)ads_get_machine_kvno(ads, global_myname());
+	kvno = (krb5_kvno)ads_get_machine_kvno(ads, lp_netbios_name());
 	if (kvno == -1) {
 		/* -1 indicates failure, everything else is OK */
 		DEBUG(1, (__location__ ": ads_get_machine_kvno failed to "
@@ -458,7 +458,7 @@ int ads_keytab_flush(ADS_STRUCT *ads)
 		goto out;
 	}
 
-	kvno = (krb5_kvno)ads_get_machine_kvno(ads, global_myname());
+	kvno = (krb5_kvno)ads_get_machine_kvno(ads, lp_netbios_name());
 	if (kvno == -1) {
 		/* -1 indicates a failure */
 		DEBUG(1, (__location__ ": Error determining the kvno.\n"));
@@ -472,7 +472,7 @@ int ads_keytab_flush(ADS_STRUCT *ads)
 		goto out;
 	}
 
-	aderr = ads_clear_service_principal_names(ads, global_myname());
+	aderr = ads_clear_service_principal_names(ads, lp_netbios_name());
 	if (!ADS_ERR_OK(aderr)) {
 		DEBUG(1, (__location__ ": Error while clearing service "
 			  "principal listings in LDAP.\n"));
@@ -547,7 +547,7 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
 		goto done;
 	}
 
-	machine_name = talloc_strdup(tmpctx, global_myname());
+	machine_name = talloc_strdup(tmpctx, lp_netbios_name());
 	if (!machine_name) {
 		ret = -1;
 		goto done;
diff --git a/source3/libads/kerberos_proto.h b/source3/libads/kerberos_proto.h
index afd57fe220c..406669cc49f 100644
--- a/source3/libads/kerberos_proto.h
+++ b/source3/libads/kerberos_proto.h
@@ -1,5 +1,39 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *  kerberos utility library
+ *
+ *  Copyright (C) Andrew Tridgell			2001
+ *  Copyright (C) Remus Koos (remuskoos@yahoo.com)	2001
+ *  Copyright (C) Luke Howard				2002-2003
+ *  Copyright (C) Jim McDonough <jmcd@us.ibm.com>	2003
+ *  Copyright (C) Guenther Deschner			2003-2008
+ *  Copyright (C) Andrew Bartlett <abartlet@samba.org>	2004-2005
+ *  Copyright (C) Jeremy Allison			2004,2007
+ *  Copyright (C) Stefan Metzmacher			2004-2005
+ *  Copyright (C) Nalin Dahyabhai <nalin@redhat.com>	2004
+ *  Copyright (C) Gerald Carter				2006
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _LIBADS_KERBEROS_PROTO_H_
+#define _LIBADS_KERBEROS_PROTO_H_
+
 struct PAC_LOGON_INFO;
 
+#include "libads/ads_status.h"
+
 /* The following definitions come from libads/kerberos_verify.c  */
 
 NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
@@ -67,3 +101,5 @@ ADS_STATUS kerberos_set_password(const char *kpasswd_server,
 				 const char *auth_principal, const char *auth_password,
 				 const char *target_principal, const char *new_password,
 				 int time_offset);
+
+#endif /* _LIBADS_KERBEROS_PROTO_H_ */
diff --git a/source3/libads/kerberos_util.c b/source3/libads/kerberos_util.c
index 4762e1b9143..4935da8e79c 100644
--- a/source3/libads/kerberos_util.c
+++ b/source3/libads/kerberos_util.c
@@ -72,13 +72,13 @@ int ads_kinit_password(ADS_STRUCT *ads)
 		account_name = lp_workgroup();
 	} else {
 		/* always use the sAMAccountName for security = domain */
-		/* global_myname()$@REA.LM */
+		/* lp_netbios_name()$@REA.LM */
 		if ( lp_security() == SEC_DOMAIN ) {
-			fstr_sprintf( acct_name, "%s$", global_myname() );
+			fstr_sprintf( acct_name, "%s$", lp_netbios_name() );
 			account_name = acct_name;
 		}
 		else
-			/* This looks like host/global_myname()@REA.LM */
+			/* This looks like host/lp_netbios_name()@REA.LM */
 			account_name = ads->auth.user_name;
 	}
 
diff --git a/source3/libads/kerberos_verify.c b/source3/libads/kerberos_verify.c
index fab38dc4deb..f11ea884778 100644
--- a/source3/libads/kerberos_verify.c
+++ b/source3/libads/kerberos_verify.c
@@ -151,10 +151,10 @@ static bool ads_keytab_verify_ticket(krb5_context context,
 	 * clients might want to use for authenticating to the file
 	 * service.  We allow name$,{host,cifs}/{name,fqdn,name.REALM}. */
 
-	fstrcpy(my_name, global_myname());
+	fstrcpy(my_name, lp_netbios_name());
 
 	my_fqdn[0] = '\0';
-	name_to_fqdn(my_fqdn, global_myname());
+	name_to_fqdn(my_fqdn, lp_netbios_name());
 
 	err = asprintf(&valid_princ_formats[0],
 			"%s$@%s", my_name, lp_realm());
@@ -534,7 +534,7 @@ NTSTATUS ads_verify_ticket(TALLOC_CTX *mem_ctx,
 		krb5_auth_con_setflags( context, auth_context, flags );
 	}
 
-	if (asprintf(&host_princ_s, "%s$", global_myname()) == -1) {
+	if (asprintf(&host_princ_s, "%s$", lp_netbios_name()) == -1) {
 		goto out;
 	}
 
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 90c645c44ad..128c1337600 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -59,14 +59,47 @@ static void gotalarm_sig(int signum)
 	gotalarm = 1;
 }
 
- LDAP *ldap_open_with_timeout(const char *server, int port, unsigned int to)
+ LDAP *ldap_open_with_timeout(const char *server,
+			      struct sockaddr_storage *ss,
+			      int port, unsigned int to)
 {
 	LDAP *ldp = NULL;
 
-
 	DEBUG(10, ("Opening connection to LDAP server '%s:%d', timeout "
 		   "%u seconds\n", server, port, to));
 
+#if defined(HAVE_LDAP_INIT_FD) && defined(SOCKET_WRAPPER)
+	/* Only use this private LDAP function if we are in make test,
+	 * as this is the best way to get the emulated TCP socket into
+	 * OpenLDAP */
+	if (socket_wrapper_dir() != NULL) {
+		int fd, ldap_err;
+		NTSTATUS status;
+		char *uri;
+
+		status = open_socket_out(ss, port, to, &fd);
+
+		if (!NT_STATUS_IS_OK(status)) {
+			return NULL;
+		}
+
+#ifndef LDAP_PROTO_TCP
+#define LDAP_PROTO_TCP 1
+#endif
+		uri = talloc_asprintf(talloc_tos(), "ldap://%s:%u", server, port);
+		if (uri == NULL) {
+			return NULL;
+		}
+		ldap_err = ldap_init_fd(fd, LDAP_PROTO_TCP, uri, &ldp);
+		talloc_free(uri);
+
+		if (ldap_err != LDAP_SUCCESS) {
+			return NULL;
+		}
+		return ldp;
+	}
+#endif
+
 	/* Setup timeout */
 	gotalarm = 0;
 	CatchSignal(SIGALRM, gotalarm_sig);
@@ -196,45 +229,32 @@ bool ads_closest_dc(ADS_STRUCT *ads)
  */
 static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
 {
-	char *srv;
 	struct NETLOGON_SAM_LOGON_RESPONSE_EX cldap_reply;
 	TALLOC_CTX *frame = talloc_stackframe();
 	bool ret = false;
+	struct sockaddr_storage ss;
+	char addr[INET6_ADDRSTRLEN];
 
 	if (!server || !*server) {
 		TALLOC_FREE(frame);
 		return False;
 	}
 
-	if (!is_ipaddress(server)) {
-		struct sockaddr_storage ss;
-		char addr[INET6_ADDRSTRLEN];
-
-		if (!resolve_name(server, &ss, 0x20, true)) {
-			DEBUG(5,("ads_try_connect: unable to resolve name %s\n",
-				server ));
-			TALLOC_FREE(frame);
-			return false;
-		}
-		print_sockaddr(addr, sizeof(addr), &ss);
-		srv = talloc_strdup(frame, addr);
-	} else {
-		/* this copes with inet_ntoa brokenness */
-		srv = talloc_strdup(frame, server);
-	}
-
-	if (!srv) {
+	if (!resolve_name(server, &ss, 0x20, true)) {
+		DEBUG(5,("ads_try_connect: unable to resolve name %s\n",
+			 server ));
 		TALLOC_FREE(frame);
 		return false;
 	}
+	print_sockaddr(addr, sizeof(addr), &ss);
 
 	DEBUG(5,("ads_try_connect: sending CLDAP request to %s (realm: %s)\n", 
-		srv, ads->server.realm));
+		addr, ads->server.realm));
 
 	ZERO_STRUCT( cldap_reply );
 
-	if ( !ads_cldap_netlogon_5(frame, srv, ads->server.realm, &cldap_reply ) ) {
-		DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", srv));
+	if ( !ads_cldap_netlogon_5(frame, &ss, ads->server.realm, &cldap_reply ) ) {
+		DEBUG(3,("ads_try_connect: CLDAP request %s failed.\n", addr));
 		ret = false;
 		goto out;
 	}
@@ -243,7 +263,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
 
 	if ( !(cldap_reply.server_type & NBT_SERVER_LDAP) ) {
 		DEBUG(1,("ads_try_connect: %s's CLDAP reply says it is not an LDAP server!\n",
-			srv));
+			addr));
 		ret = false;
 		goto out;
 	}
@@ -273,13 +293,7 @@ static bool ads_try_connect(ADS_STRUCT *ads, const char *server, bool gc)
 	ads->server.workgroup          = SMB_STRDUP(cldap_reply.domain_name);
 
 	ads->ldap.port = gc ? LDAP_GC_PORT : LDAP_PORT;
-	if (!interpret_string_addr(&ads->ldap.ss, srv, 0)) {
-		DEBUG(1,("ads_try_connect: unable to convert %s "
-			"to an address\n",
-			srv));
-		ret = false;
-		goto out;
-	}
+	ads->ldap.ss = ss;
 
 	/* Store our site name. */
 	sitename_store( cldap_reply.domain_name, cldap_reply.client_site);
@@ -515,7 +529,7 @@ ADS_STATUS ads_connect_gc(ADS_STRUCT *ads)
 	TALLOC_CTX *frame = talloc_stackframe();
 	struct dns_rr_srv *gcs_list;
 	int num_gcs;
-	char *realm = ads->server.realm;
+	const char *realm = ads->server.realm;
 	NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
 	ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL);
 	int i;
@@ -643,7 +657,7 @@ got_connection:
 		/* Must use the userPrincipalName value here or sAMAccountName
 		   and not servicePrincipalName; found by Guenther Deschner */
 
-		if (asprintf(&ads->auth.user_name, "%s$", global_myname() ) == -1) {
+		if (asprintf(&ads->auth.user_name, "%s$", lp_netbios_name() ) == -1) {
 			DEBUG(0,("ads_connect: asprintf fail.\n"));
 			ads->auth.user_name = NULL;
 		}
@@ -658,18 +672,6 @@ got_connection:
 		ads->auth.kdc_server = SMB_STRDUP(addr);
 	}
 
-#if KRB5_DNS_HACK
-	/* this is a really nasty hack to avoid ADS DNS problems. It needs a patch
-	   to MIT kerberos to work (tridge) */
-	{
-		char *env = NULL;
-		if (asprintf(&env, "KRB5_KDC_ADDRESS_%s", ads->config.realm) > 0) {
-			setenv(env, ads->auth.kdc_server, 1);
-			free(env);
-		}
-	}
-#endif
-
 	/* If the caller() requested no LDAP bind, then we are done */
 
 	if (ads->auth.flags & ADS_AUTH_NO_BIND) {
@@ -686,6 +688,7 @@ got_connection:
 	/* Otherwise setup the TCP LDAP session */
 
 	ads->ldap.ld = ldap_open_with_timeout(ads->config.ldap_server_name,
+					      &ads->ldap.ss,
 					      ads->ldap.port, lp_ldap_timeout());
 	if (ads->ldap.ld == NULL) {
 		status = ADS_ERROR(LDAP_OPERATIONS_ERROR);
@@ -781,13 +784,13 @@ static struct berval *dup_berval(TALLOC_CTX *ctx, const struct berval *in_val)
 
 	if (!in_val) return NULL;
 
-	value = TALLOC_ZERO_P(ctx, struct berval);
+	value = talloc_zero(ctx, struct berval);
 	if (value == NULL)
 		return NULL;
 	if (in_val->bv_len == 0) return value;
 
 	value->bv_len = in_val->bv_len;
-	value->bv_val = (char *)TALLOC_MEMDUP(ctx, in_val->bv_val,
+	value->bv_val = (char *)talloc_memdup(ctx, in_val->bv_val,
 					      in_val->bv_len);
 	return value;
 }
@@ -804,7 +807,7 @@ static struct berval **ads_dup_values(TALLOC_CTX *ctx,
 	if (!in_vals) return NULL;
 	for (i=0; in_vals[i]; i++)
 		; /* count values */
-	values = TALLOC_ZERO_ARRAY(ctx, struct berval *, i+1);
+	values = talloc_zero_array(ctx, struct berval *, i+1);
 	if (!values) return NULL;
 
 	for (i=0; in_vals[i]; i++) {
@@ -825,7 +828,7 @@ static char **ads_push_strvals(TALLOC_CTX *ctx, const char **in_vals)
 	if (!in_vals) return NULL;
 	for (i=0; in_vals[i]; i++)
 		; /* count values */
-	values = TALLOC_ZERO_ARRAY(ctx, char *, i+1);
+	values = talloc_zero_array(ctx, char *, i+1);
 	if (!values) return NULL;
 
 	for (i=0; in_vals[i]; i++) {
@@ -849,7 +852,7 @@ static char **ads_pull_strvals(TALLOC_CTX *ctx, const char **in_vals)
 	if (!in_vals) return NULL;
 	for (i=0; in_vals[i]; i++)
 		; /* count values */
-	values = TALLOC_ZERO_ARRAY(ctx, char *, i+1);
+	values = talloc_zero_array(ctx, char *, i+1);
 	if (!values) return NULL;
 
 	for (i=0; in_vals[i]; i++) {
@@ -937,21 +940,21 @@ static ADS_STATUS ads_do_paged_search_args(ADS_STRUCT *ads,
 		ber_printf(cookie_be, "{io}", (ber_int_t) 1000, "", 0);
 	}
 	ber_flatten(cookie_be, &cookie_bv);
-	PagedResults.ldctl_oid = CONST_DISCARD(char *, ADS_PAGE_CTL_OID);
+	PagedResults.ldctl_oid = discard_const_p(char, ADS_PAGE_CTL_OID);
 	PagedResults.ldctl_iscritical = (char) 1;
 	PagedResults.ldctl_value.bv_len = cookie_bv->bv_len;
 	PagedResults.ldctl_value.bv_val = cookie_bv->bv_val;
 
-	NoReferrals.ldctl_oid = CONST_DISCARD(char *, ADS_NO_REFERRALS_OID);
+	NoReferrals.ldctl_oid = discard_const_p(char, ADS_NO_REFERRALS_OID);
 	NoReferrals.ldctl_iscritical = (char) 0;
 	NoReferrals.ldctl_value.bv_len = 0;
-	NoReferrals.ldctl_value.bv_val = CONST_DISCARD(char *, "");
+	NoReferrals.ldctl_value.bv_val = discard_const_p(char, "");
 
 	if (external_control && 
 	    (strequal(external_control->control, ADS_EXTENDED_DN_OID) || 
 	     strequal(external_control->control, ADS_SD_FLAGS_OID))) {
 
-		ExternalCtrl.ldctl_oid = CONST_DISCARD(char *, external_control->control);
+		ExternalCtrl.ldctl_oid = discard_const_p(char, external_control->control);
 		ExternalCtrl.ldctl_iscritical = (char) external_control->critical;
 
 		/* win2k does not accept a ldctl_value beeing passed in */
@@ -1382,7 +1385,7 @@ ADS_MODLIST ads_init_mods(TALLOC_CTX *ctx)
 #define ADS_MODLIST_ALLOC_SIZE 10
 	LDAPMod **mods;
 
-	if ((mods = TALLOC_ZERO_ARRAY(ctx, LDAPMod *, ADS_MODLIST_ALLOC_SIZE + 1)))
+	if ((mods = talloc_zero_array(ctx, LDAPMod *, ADS_MODLIST_ALLOC_SIZE + 1)))
 		/* -1 is safety to make sure we don't go over the end.
 		   need to reset it to NULL before doing ldap modify */
 		mods[ADS_MODLIST_ALLOC_SIZE] = (LDAPMod *) -1;
@@ -1419,7 +1422,7 @@ static ADS_STATUS ads_modlist_add(TALLOC_CTX *ctx, ADS_MODLIST *mods,
 	for (curmod=0; modlist[curmod] && modlist[curmod] != (LDAPMod *) -1;
 	     curmod++);
 	if (modlist[curmod] == (LDAPMod *) -1) {
-		if (!(modlist = TALLOC_REALLOC_ARRAY(ctx, modlist, LDAPMod *,
+		if (!(modlist = talloc_realloc(ctx, modlist, LDAPMod *,
 				curmod+ADS_MODLIST_ALLOC_SIZE+1)))
 			return ADS_ERROR(LDAP_NO_MEMORY);
 		memset(&modlist[curmod], 0, 
@@ -1428,7 +1431,7 @@ static ADS_STATUS ads_modlist_add(TALLOC_CTX *ctx, ADS_MODLIST *mods,
 		*mods = (ADS_MODLIST)modlist;
 	}
 
-	if (!(modlist[curmod] = TALLOC_ZERO_P(ctx, LDAPMod)))
+	if (!(modlist[curmod] = talloc_zero(ctx, LDAPMod)))
 		return ADS_ERROR(LDAP_NO_MEMORY);
 	modlist[curmod]->mod_type = talloc_strdup(ctx, name);
 	if (mod_op & LDAP_MOD_BVALUES) {
@@ -1521,7 +1524,7 @@ ADS_STATUS ads_gen_mod(ADS_STRUCT *ads, const char *mod_dn, ADS_MODLIST mods)
 	   non-existent attribute (but allowable for the object) to run
 	*/
 	LDAPControl PermitModify = {
-                CONST_DISCARD(char *, ADS_PERMIT_MODIFY_OID),
+                discard_const_p(char, ADS_PERMIT_MODIFY_OID),
 		{0, NULL},
 		(char) 1};
 	LDAPControl *controls[2];
@@ -2225,7 +2228,7 @@ static bool ads_dump_field(ADS_STRUCT *ads, char *field, void **values, void *da
 	}
 
 	for (i=0; handlers[i].name; i++) {
-		if (StrCaseCmp(handlers[i].name, field) == 0) {
+		if (strcasecmp_m(handlers[i].name, field) == 0) {
 			if (!values) /* first time, indicate string or not */
 				return handlers[i].string;
 			handlers[i].handler(ads, field, (struct berval **) values);
@@ -2430,7 +2433,7 @@ int ads_count_replies(ADS_STRUCT *ads, void *res)
 
 	*num_values = ldap_count_values(values);
 
-	ret = TALLOC_ARRAY(mem_ctx, char *, *num_values + 1);
+	ret = talloc_array(mem_ctx, char *, *num_values + 1);
 	if (!ret) {
 		ldap_value_free(values);
 		return NULL;
@@ -2543,7 +2546,7 @@ int ads_count_replies(ADS_STRUCT *ads, void *res)
 		return NULL;
 	}
 
-	strings = TALLOC_REALLOC_ARRAY(mem_ctx, current_strings, char *,
+	strings = talloc_realloc(mem_ctx, current_strings, char *,
 				 *num_strings + num_new_strings);
 
 	if (strings == NULL) {
@@ -2666,7 +2669,7 @@ int ads_count_replies(ADS_STRUCT *ads, void *res)
 		/* nop */ ;
 
 	if (i) {
-		(*sids) = TALLOC_ARRAY(mem_ctx, struct dom_sid, i);
+		(*sids) = talloc_array(mem_ctx, struct dom_sid, i);
 		if (!(*sids)) {
 			ldap_value_free_len(values);
 			return 0;
@@ -2854,7 +2857,7 @@ ADS_STATUS ads_current_time(ADS_STRUCT *ads)
 
 	if (ads->config.current_time != 0) {
 		ads->auth.time_offset = ads->config.current_time - time(NULL);
-		DEBUG(4,("time offset is %d seconds\n", ads->auth.time_offset));
+		DEBUG(4,("KDC time offset is %d seconds\n", ads->auth.time_offset));
 	}
 
 	ads_msgfree(ads, res);
@@ -3284,7 +3287,7 @@ ADS_STATUS ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx,
 		return 0;
 	}
 
-	(*sids) = TALLOC_ZERO_ARRAY(mem_ctx, struct dom_sid, dn_count + 1);
+	(*sids) = talloc_zero_array(mem_ctx, struct dom_sid, dn_count + 1);
 	if (!(*sids)) {
 		TALLOC_FREE(dn_strings);
 		return 0;
@@ -3322,10 +3325,10 @@ char* ads_get_dnshostname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine
 	int count = 0;
 	char *name = NULL;
 
-	status = ads_find_machine_acct(ads, &res, global_myname());
+	status = ads_find_machine_acct(ads, &res, lp_netbios_name());
 	if (!ADS_ERR_OK(status)) {
 		DEBUG(0,("ads_get_dnshostname: Failed to find account for %s\n",
-			global_myname()));
+			lp_netbios_name()));
 		goto out;
 	}
 
@@ -3357,7 +3360,7 @@ char* ads_get_upn( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name )
 	status = ads_find_machine_acct(ads, &res, machine_name);
 	if (!ADS_ERR_OK(status)) {
 		DEBUG(0,("ads_get_upn: Failed to find account for %s\n",
-			global_myname()));
+			lp_netbios_name()));
 		goto out;
 	}
 
@@ -3386,10 +3389,10 @@ char* ads_get_samaccountname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *mach
 	int count = 0;
 	char *name = NULL;
 
-	status = ads_find_machine_acct(ads, &res, global_myname());
+	status = ads_find_machine_acct(ads, &res, lp_netbios_name());
 	if (!ADS_ERR_OK(status)) {
 		DEBUG(0,("ads_get_dnshostname: Failed to find account for %s\n",
-			global_myname()));
+			lp_netbios_name()));
 		goto out;
 	}
 
@@ -3482,7 +3485,7 @@ ADS_STATUS ads_leave_realm(ADS_STRUCT *ads, const char *hostname)
 
 	pldap_control[0] = &ldap_control;
 	memset(&ldap_control, 0, sizeof(LDAPControl));
-	ldap_control.ldctl_oid = (char *)LDAP_SERVER_TREE_DELETE_OID;
+	ldap_control.ldctl_oid = discard_const_p(char, LDAP_SERVER_TREE_DELETE_OID);
 
 	/* hostname must be lowercase */
 	host = SMB_STRDUP(hostname);
diff --git a/source3/libads/ldap_printer.c b/source3/libads/ldap_printer.c
index 235ef7f9547..8ff9f9bdc9d 100644
--- a/source3/libads/ldap_printer.c
+++ b/source3/libads/ldap_printer.c
@@ -22,9 +22,7 @@
 #include "rpc_client/rpc_client.h"
 #include "../librpc/gen_ndr/ndr_spoolss_c.h"
 #include "rpc_client/cli_spoolss.h"
-#include "registry.h"
 #include "registry/reg_objects.h"
-#include "nt_printing.h"
 
 #ifdef HAVE_ADS
 
@@ -201,7 +199,7 @@ static bool map_multi_sz(TALLOC_CTX *ctx, ADS_MODLIST *mods,
 	};
 
 	if (num_vals) {
-		str_values = TALLOC_ARRAY(ctx, char *, num_vals + 1);
+		str_values = talloc_array(ctx, char *, num_vals + 1);
 		if (!str_values) {
 			return False;
 		}
@@ -291,7 +289,7 @@ static void map_regval_to_ads(TALLOC_CTX *ctx, ADS_MODLIST *mods,
 	int i;
 
 	for (i=0; map[i].valname; i++) {
-		if (StrCaseCmp(map[i].valname, regval_name(value)) == 0) {
+		if (strcasecmp_m(map[i].valname, regval_name(value)) == 0) {
 			if (!map[i].fn(ctx, mods, value)) {
 				DEBUG(5, ("Add of value %s to modlist failed\n", regval_name(value)));
 			} else {
diff --git a/source3/libads/ldap_schema.c b/source3/libads/ldap_schema.c
index 51aac14906c..7368be830fb 100644
--- a/source3/libads/ldap_schema.c
+++ b/source3/libads/ldap_schema.c
@@ -76,11 +76,11 @@ static ADS_STATUS ads_get_attrnames_by_oids(ADS_STRUCT *ads,
 		goto out;
 	}
 
-	if (((*names) = TALLOC_ARRAY(mem_ctx, char *, *count)) == NULL) {
+	if (((*names) = talloc_array(mem_ctx, char *, *count)) == NULL) {
 		status = ADS_ERROR(LDAP_NO_MEMORY);
 		goto out;
 	}
-	if (((*OIDs_out) = TALLOC_ARRAY(mem_ctx, char *, *count)) == NULL) {
+	if (((*OIDs_out) = talloc_array(mem_ctx, char *, *count)) == NULL) {
 		status = ADS_ERROR(LDAP_NO_MEMORY);
 		goto out;
 	}
@@ -252,7 +252,7 @@ ADS_STATUS ads_check_posix_schema_mapping(TALLOC_CTX *mem_ctx,
 		return ADS_ERROR(LDAP_NO_MEMORY);
 	}
 
-	if ( (schema = TALLOC_P(mem_ctx, struct posix_schema)) == NULL ) {
+	if ( (schema = talloc(mem_ctx, struct posix_schema)) == NULL ) {
 		TALLOC_FREE( ctx );
 		return ADS_ERROR(LDAP_NO_MEMORY);
 	}
diff --git a/source3/libads/ldap_schema.h b/source3/libads/ldap_schema.h
index 44964dd1c15..fc4ed078085 100644
--- a/source3/libads/ldap_schema.h
+++ b/source3/libads/ldap_schema.h
@@ -1,3 +1,26 @@
+/*
+   Unix SMB/CIFS implementation.
+   ads (active directory) utility library
+   Copyright (C) Guenther Deschner 2005-2007
+   Copyright (C) Gerald (Jerry) Carter 2006
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _LIBADS_LDAP_SCHEMA_H_
+#define _LIBADS_LDAP_SCHEMA_H_
+
 /* used to remember the names of the posix attributes in AD */
 /* see the rfc2307 & sfu nss backends */
 
@@ -55,3 +78,5 @@ ADS_STATUS ads_check_posix_schema_mapping(TALLOC_CTX *mem_ctx,
 					  ADS_STRUCT *ads,
 					  enum wb_posix_mapping map_type,
 					  struct posix_schema **s ) ;
+
+#endif /* _LIBADS_LDAP_SCHEMA_H_ */
diff --git a/source3/libads/ldap_utils.c b/source3/libads/ldap_utils.c
index ab77abdd16b..2f1c1b8e0a5 100644
--- a/source3/libads/ldap_utils.c
+++ b/source3/libads/ldap_utils.c
@@ -242,7 +242,7 @@ ADS_STATUS ads_ranged_search(ADS_STRUCT *ads,
 	*num_strings = 0;
 	*strings = NULL;
 
-	attrs = TALLOC_ARRAY(mem_ctx, const char *, 3);
+	attrs = talloc_array(mem_ctx, const char *, 3);
 	ADS_ERROR_HAVE_NO_MEMORY(attrs);
 
 	attrs[0] = talloc_strdup(mem_ctx, range_attr);
diff --git a/source3/libads/ndr.c b/source3/libads/ndr.c
index c6b11213961..c667aa36376 100644
--- a/source3/libads/ndr.c
+++ b/source3/libads/ndr.c
@@ -22,7 +22,7 @@
 #include "includes.h"
 #include "ads.h"
 #include "../librpc/gen_ndr/ndr_netlogon.h"
-#include "librpc/ndr/util.h"
+#include "../librpc/ndr/libndr.h"
 
 static void ndr_print_ads_auth_flags(struct ndr_print *ndr, const char *name, uint32_t r)
 {
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index e7daa8aec63..45cf569c791 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -141,7 +141,7 @@ static ADS_STATUS ads_sasl_spnego_ntlmssp_bind(ADS_STRUCT *ads)
 	struct ntlmssp_state *ntlmssp_state;
 
 	nt_status = ntlmssp_client_start(NULL,
-					 global_myname(),
+					 lp_netbios_name(),
 					 lp_workgroup(),
 					 lp_client_ntlmv2_auth(),
 					 &ntlmssp_state);
@@ -388,7 +388,7 @@ static ADS_STATUS ads_sasl_spnego_gsskrb5_bind(ADS_STRUCT *ads, const gss_name_t
 	uint32 minor_status;
 	int gss_rc, rc;
 	gss_OID_desc krb5_mech_type =
-	{9, CONST_DISCARD(char *, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") };
+	{9, discard_const_p(char, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02") };
 	gss_OID mech_type = &krb5_mech_type;
 	gss_OID actual_mech_type = GSS_C_NULL_OID;
 	const char *spnego_mechs[] = {OID_KERBEROS5_OLD, OID_KERBEROS5, OID_NTLMSSP, NULL};
@@ -722,7 +722,7 @@ static ADS_STATUS ads_generate_service_principal(ADS_STRUCT *ads,
 	gss_buffer_desc input_name;
 	/* GSS_KRB5_NT_PRINCIPAL_NAME */
 	gss_OID_desc nt_principal =
-	{10, CONST_DISCARD(char *, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01")};
+	{10, discard_const_p(char, "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x01")};
 	uint32 minor_status;
 	int gss_rc;
 #endif