Age | Commit message (Collapse) | Author | Files | Lines |
|
Michael
(This used to be commit 9391aec8d4600c685b14d3cd1624f8758f2cc80d)
|
|
This allows to control cleaning the keytab.
It will only clean old occurences of keys that are replicated in
this run. So if you want to ensure things are cleaned up, combine
this switch with --force-full-repl or --single-obj-repl (+dn list).
Michael
(This used to be commit 21385e1c635ea67215eb1da90e7dca97ae2f5d56)
|
|
Initialize it to false.
And pass it down to the libnet_keytab context in
libnet_dssync_keytab.c:keytab_startup().
Unused yet.
Michael
Note: This might not be not 100% clean design to put this into the
toplevel dssync context while it is keytab specific. But then, on the
other hand, other imaginable backends might want to use this flag, too...
(This used to be commit 12e884f227e240860e49f9e41d8c1f45e10ad3be)
|
|
Triggered by the flag clean_old_entries from the libnet_keytab_contex
(unused yet...).
Michael
(This used to be commit a5f4e3ad95c26064881918f3866efa7556055a8f)
|
|
to allow for removing all entries with given principal and enctype without
repecting the kvno (i.e. cleaning "old" entries...)
This is called with ignore_kvno == false from libnet_keytab_add_entry() to
keep the original behaviour.
Michael
(This used to be commit 6047f7b68548b33a2c132fc4333355a2c6abb19a)
|
|
Michael
(This used to be commit f40eb8cc20a297c57f6db22e0c2457ce7425d00c)
|
|
Michael
(This used to be commit d0bd9195f04ae0f45c2e571d31625b31347f13e9)
|
|
This controls whether single object replication is to be used.
This only has an effect when at least one object dn is given
on the commandline.
NOTE: Now the default is to use normal replication with uptodateness
vectors and use object dns given on the command line as a positive
write filter. Single object replication is only performed when this
new switch is specified.
Michael
(This used to be commit 0f81111ea8c049eb60f98d4939e520a5a562d2e6)
|
|
list as write filter.
I.e. only the passwords and keys of those objects whose dns are provided
are written to the keytab file. Others are skippded.
Michael
(This used to be commit a013f926ae5aadf64e02ef9254306e32aea79e80)
|
|
Michael
(This used to be commit 50b1673289f5c147bdb4953f3511a7afe783758c)
|
|
So that it is more obvious what this controls.
Michael
(This used to be commit 2360f0a19f0fb89798b814a02cfca335a4a35b6d)
|
|
This more clear.
Michael
(This used to be commit 0ddde9aae88e6244276e1c143056a4bfc7c7fcca)
|
|
Michael
(This used to be commit ec959b4609c3f4927a9f2811c46d738f9c78a914)
|
|
replication.
Just specify several DNs separated by spaces on the command line of
"net rpc vampire keytab" to get the passwords for each of these
accouns via single object replication.
Michael
(This used to be commit 6e53dc2db882d88470be5dfa1155b420fac8e6c5)
|
|
...where it belongs.
Michael
(This used to be commit 012b33f1c52df086e4f20e7494248d98fbced76a)
|
|
libnet_dssync_getncchanges().
Michael
(This used to be commit 93cda1aa0a627e81eff46547b247801aec2880a3)
|
|
Before, this used the old uptodate vector in the request...
Michael
(This used to be commit 04fb9322d5f52d5cb3d9fe2a95dbfb2481ab7f9d)
|
|
Untangle parsing of results and processing.
Make loop logic more obvious.
Call finishing operation after the loop, not inside.
Michael
(This used to be commit 47c8b3391cb1bb9656f93b55f9ea39c78b74ed36)
|
|
libnet_dssync_build_request().
Michael
(This used to be commit d745c1af405058ec23d7d0c139505576a99f9057)
|
|
I.e. replication without keeping track of the up to date vector.
Michael
(This used to be commit d4b36e447bce8692416e132ab9f53a6282f54cac)
|
|
When retreiving a diff replication, the sAMAccountName attribute is usually
not replicated. So in order to build the principle, we need to store the
sAMAccounName in the keytab, referenced by the DN of the object, so that
it can be retrieved if necessary.
It is stored in the form of SAMACCOUNTNAME/object_dn@dns_domain_name
with kvno=0 and ENCTYPE_NONE.
Michael
(This used to be commit 54e2dc1f4e0e2c7a6dcb171e51a608d831c8946e)
|
|
libnet_keytab_add_entry().
This makes libnet_keytab_remove_entries static and moves it up.
libnet_keytab_add_entry() now removes the duplicates in advance.
No special handling neede for the UTDV - this is also needed
for other entries...
Michael
(This used to be commit 3c463745445f6b64017918f442bf1021be219e83)
|
|
Michael
(This used to be commit d3354c3516b56f254583f3dd065302b27d02af2b)
|
|
Michael
(This used to be commit 9fbc3d49035123ec11cc2248f0b14661dd1e9b2d)
|
|
This will in particular allow us to store ENCTYPE_NULL.
Michael
(This used to be commit 85c7e3ae29a6f25ed0b6917ff73baea9c6c905c6)
|
|
This is a stripped down version of smb_krb5_kt_add_entry() that
takes one explicit enctype instead of an array. And it does
not neither salting of keys nor cleanup of old entries.
Michael
(This used to be commit c83e54f1eb3021d13fb0a3c3f6b556a338d2a8c3)
|
|
For debugging purposes.
Michael
(This used to be commit 6913919e3a36ebff87a882ba589d36bcd0781ee6)
|
|
new one.
Michael
(This used to be commit 717bd6f6c3ec94e3b8b5845c43717a5fbd41c38f)
|
|
This can be used to remove entries of given principal, kvno and enctype.
Michael
(This used to be commit a6f61c05b270c82f4bfce8a6850f81a09ad29087)
|
|
Michael
(This used to be commit 344428d96c9be87eae1d715a8b8fcd6ad02142f8)
|
|
Michael
(This used to be commit 484b35f319178f360e406a1bc725dca2e9d95ee3)
|
|
As with the userPrincipalName, this is for debugging purposes only (for now..).
Michael
(This used to be commit 7a1d526cba4c93bb858a60d04b6486507fc25398)
|
|
Michael
(This used to be commit d21ea83f9392c8fa002d5b924dddca4190e82d09)
|
|
Michael
(This used to be commit f3c110097f2f6c5dd329f2ca595644c6a368a552)
|
|
Not really used yet.
Note: callers use ENCTYPE_ARCFOUR_HMAC enctype for UTDV (for now).
This is what is currently stored. This is to be changed
to ENCTYPE_NULL.
Michael
(This used to be commit cb91d07413430e0e0a16846d2c44aae8c165400e)
|
|
Still unused by the libnet_keytab_add() function.
This will follow.
In preparation of supporting multiple encryption types in libnet_dssync_keytab.
Michael
(This used to be commit 447b8b1122a35d4bc0ec0f88fb46d18cddcf6eb9)
|
|
In preparation of supporting more enctyption types in libnet_dssync_keytab.
Michael
(This used to be commit 2b000a2acde8a09dabb538bdf89d7b885ce361d2)
|
|
This is triggered by setting the new "single" flag in the dssync_context
and filling the "object_dn" member with the dn of the object to be
fetched.
This call is accomplished by specifying the DRSUAPI_EXOP_REPL_OBJ
extended operation in the DsGetNCCHanges request. This variant does
honor an up-to-date-ness vectore passed in, but the answer does not
return a new up-to-dateness vector.
Call this operation as "net rpc vampire keytab /path/keytab object_dn" .
Michael
(This used to be commit f4a01178a3d8d71f416a3b67ce6b872420f211c0)
|
|
Also store the new uptodateness vector in the backend after completion
and retrieve the old vector before sending the DsGetNCChanges request.
This effectively accomplishes differential replication.
Michael
(This used to be commit a2a88808df16d153f45337b740391d419d87e87a)
|
|
It is a calculated attribute that won't get distributed via replication.
Michael
(This used to be commit d75b7a2052f1e447f2b3b63fdb054abef4403edf)
|
|
supported_extenstion
that have been recorded in the remote_info28 in the dssync_context.
Michael
(This used to be commit 3a2a69137e69c4bd0faa6af22d17e11dac022049)
|
|
This extracts the info24 data in case this is what was returned (instead of info28).
E.g. windows 2000 returns info24.
Michael
(This used to be commit 61b41aa615d5d46305653845584df7b1803f07ec)
|
|
to keep track of what the server told us upon DsBind.
Michael
(This used to be commit bf17d6af6104d20019a43e5486257085b9786793)
|
|
Michael
(This used to be commit 7fabe2567d0bd12fe3ade1d00b94b6c403fe79b5)
|
|
The startup operation should get the old up-to-date-ness vector from the backend
and the finish operation should store the new vector to the backend after replication.
This adds the change of the signatures of the operations ot the dssync_ops struct
and the implementation for the keytab ops. The up-to-date-ness vector is stored
under the principal constructed as UTDV/$naming_context_dn@$dns_domain_name.
The vector is still uninterpreted in libnet_dssync_process().
This will be the next step...
This code is essentially by Metze.
Michael
(This used to be commit 01318fb27a1aa9e5fed0d4dd882a123ab568ac37)
|
|
that searches and fetches an entry from a keytab file by principal and kvno.
This code is by metze.
Michael
(This used to be commit a51a60066b6703fc4e5db3536903abf1cdaca885)
|
|
Michael
(This used to be commit 61f071de92a7011c70f72dc31fef4430ffb1515a)
|
|
This will allow to construct principals of the form PREFIX/name@domain
Michael
(This used to be commit 7dd32b56a65574db95f4a0e136f54bd73862c59f)
|
|
Michael
(This used to be commit e6f6e61da46f02bb2676c705974adc26bdfa2623)
|
|
add_to_keytab_entries()
Michael
(This used to be commit 79151db6eae234a1f9e5131b7776689a4f03a0ef)
|