summaryrefslogtreecommitdiff
path: root/source3/libnet/libnet_dssync_keytab.c
AgeCommit message (Collapse)AuthorFilesLines
2010-08-13s3-krb5 Only build ADS support if arcfour-hmac-md5 is availableAndrew Bartlett1-2/+2
Modern Kerberos implementations have either defines or enums for these key types, which makes doing #ifdef difficult. This shows up in files such as libnet_samsync_keytab.c, the bulk of which is not compiled on current Fedora 12, for example. The downside is that this makes Samba unconditionally depend on the arcfour-hmac-md5 encryption type at build time. We will no longer support libraries that only support the DES based encryption types. However, the single-DES types that are supported in common with AD are already painfully weak - so much so that they are disabled by default in modern Kerberos libraries. If not found, ADS support will not be compiled in. This means that our 'net ads join' will no longer set the ACB_USE_DES_KEY_ONLY flag, and we will always try to use arcfour-hmac-md5. A future improvement would be to remove the use of the DES encryption types totally, but this would require that any ACB_USE_DES_KEY_ONLY flag be removed from existing joins. Andrew Bartlett Signed-off-by: Simo Sorce <idra@samba.org>
2010-07-13s3-libnet: better separate headers.Günther Deschner1-1/+4
Guenther
2010-05-18s3: Remove use of iconv_convenience.Jelmer Vernooij1-5/+4
2008-11-18s3-libnet: move add_to_keytab_entries to libnet_keytab.Günther Deschner1-72/+39
Guenther
2008-09-23s3-ndr: add stub smb_iconv_convenience to some ndr_ functions.Günther Deschner1-1/+1
Guenther
2008-09-23s3-nbt: fix remaining callers of ndr_push/pull_struct_blob.Günther Deschner1-3/+3
Guenther
2008-08-01libnet dssync: fix memory allocation for error/result messages.Michael Adam1-4/+4
Use the libnet_dssync_context as a talloc context for the result_message and error_message string members. Using the passed in mem_ctx makes the implicit assumption that mem_ctx is at least as long-lived as the libnet_dssync_context, which is wrong. Michael (This used to be commit 635baf6b7d2a1822ceb48aa4bc47569ef19d51cc)
2008-08-01dssync keytab: add comment header explaining add_to_keytab_entries().Michael Adam1-0/+4
Michael (This used to be commit 1072bd9f96ff3853e5ff58239123fc8c76a99063)
2008-08-01libnet dssync: add my C after dssync keytab changes.Michael Adam1-0/+1
Michael (This used to be commit 9391aec8d4600c685b14d3cd1624f8758f2cc80d)
2008-08-01dssync: add clean_old_entries flag to dssync_ctx.Michael Adam1-0/+1
Initialize it to false. And pass it down to the libnet_keytab context in libnet_dssync_keytab.c:keytab_startup(). Unused yet. Michael Note: This might not be not 100% clean design to put this into the toplevel dssync context while it is keytab specific. But then, on the other hand, other imaginable backends might want to use this flag, too... (This used to be commit 12e884f227e240860e49f9e41d8c1f45e10ad3be)
2008-08-01dssync keytab: when not in single object replication mode, use object dn ↵Michael Adam1-0/+28
list as write filter. I.e. only the passwords and keys of those objects whose dns are provided are written to the keytab file. Others are skippded. Michael (This used to be commit a013f926ae5aadf64e02ef9254306e32aea79e80)
2008-08-01dssync keytab: support storing kerberos keys from supplemental credentials.Michael Adam1-0/+186
Michael (This used to be commit 50b1673289f5c147bdb4953f3511a7afe783758c)
2008-08-01dssync keytab: store the samaccountname in the keytab for diff replication.Michael Adam1-5/+55
When retreiving a diff replication, the sAMAccountName attribute is usually not replicated. So in order to build the principle, we need to store the sAMAccounName in the keytab, referenced by the DN of the object, so that it can be retrieved if necessary. It is stored in the form of SAMACCOUNTNAME/object_dn@dns_domain_name with kvno=0 and ENCTYPE_NONE. Michael (This used to be commit 54e2dc1f4e0e2c7a6dcb171e51a608d831c8946e)
2008-08-01dssync keytab: move handling of removal of duplicates to ↵Michael Adam1-19/+0
libnet_keytab_add_entry(). This makes libnet_keytab_remove_entries static and moves it up. libnet_keytab_add_entry() now removes the duplicates in advance. No special handling neede for the UTDV - this is also needed for other entries... Michael (This used to be commit 3c463745445f6b64017918f442bf1021be219e83)
2008-08-01dssync keytab: store the UpToDate vector with ENCTYPE_NULL.Michael Adam1-3/+3
Michael (This used to be commit 9fbc3d49035123ec11cc2248f0b14661dd1e9b2d)
2008-08-01dssync keytab: log the DN of the object to be parsed.Michael Adam1-0/+2
For debugging purposes. Michael (This used to be commit 6913919e3a36ebff87a882ba589d36bcd0781ee6)
2008-08-01dssync keytab: remove old UpToDateNess vectors from keytab before storing ↵Michael Adam1-0/+19
new one. Michael (This used to be commit 717bd6f6c3ec94e3b8b5845c43717a5fbd41c38f)
2008-08-01dssync keytab: add parsing and logging of servicePrincipalName-sMichael Adam1-0/+22
As with the userPrincipalName, this is for debugging purposes only (for now..). Michael (This used to be commit 7a1d526cba4c93bb858a60d04b6486507fc25398)
2008-08-01dssync keytab: fix comma placement in debug outputMichael Adam1-2/+2
Michael (This used to be commit d21ea83f9392c8fa002d5b924dddca4190e82d09)
2008-08-01dssync keytab: add debugging output when skipping an object.Michael Adam1-1/+7
Michael (This used to be commit f3c110097f2f6c5dd329f2ca595644c6a368a552)
2008-08-01libnet keytab: add enctype parameter to libnet_keytab_search().Michael Adam1-2/+4
Not really used yet. Note: callers use ENCTYPE_ARCFOUR_HMAC enctype for UTDV (for now). This is what is currently stored. This is to be changed to ENCTYPE_NULL. Michael (This used to be commit cb91d07413430e0e0a16846d2c44aae8c165400e)
2008-08-01dssync keytab: add store enctypes in the libnet_keytype_entry structs.Michael Adam1-1/+6
Still unused by the libnet_keytab_add() function. This will follow. In preparation of supporting multiple encryption types in libnet_dssync_keytab. Michael (This used to be commit 447b8b1122a35d4bc0ec0f88fb46d18cddcf6eb9)
2008-08-01dssync: skip analysis of the msDS_KeyVersionNumber attribute:Michael Adam1-3/+0
It is a calculated attribute that won't get distributed via replication. Michael (This used to be commit d75b7a2052f1e447f2b3b63fdb054abef4403edf)
2008-08-01dssync keytab: wrap printing of the uptodate vector in DEBUGLEVEL >= 10 checksMichael Adam1-2/+7
Michael (This used to be commit 7fabe2567d0bd12fe3ade1d00b94b6c403fe79b5)
2008-08-01dssync keytab: add support for keeping track of the up-to-date-ness vector.Michael Adam1-4/+61
The startup operation should get the old up-to-date-ness vector from the backend and the finish operation should store the new vector to the backend after replication. This adds the change of the signatures of the operations ot the dssync_ops struct and the implementation for the keytab ops. The up-to-date-ness vector is stored under the principal constructed as UTDV/$naming_context_dn@$dns_domain_name. The vector is still uninterpreted in libnet_dssync_process(). This will be the next step... This code is essentially by Metze. Michael (This used to be commit 01318fb27a1aa9e5fed0d4dd882a123ab568ac37)
2008-08-01dssync keytab: use add_to_keytab_entries() for pwd history in parse_object().Michael Adam1-13/+5
Michael (This used to be commit 61f071de92a7011c70f72dc31fef4430ffb1515a)
2008-08-01dssync keytab: add prefix parameter to add_to_keytab_entries() for flexibility.Michael Adam1-2/+5
This will allow to construct principals of the form PREFIX/name@domain Michael (This used to be commit 7dd32b56a65574db95f4a0e136f54bd73862c59f)
2008-08-01dssync keytab: add check for success of ADD_TO_ARRAY().Michael Adam1-0/+1
Michael (This used to be commit e6f6e61da46f02bb2676c705974adc26bdfa2623)
2008-08-01dssync keytab: refactor adding entry to keytab_context out into new functionMichael Adam1-10/+28
add_to_keytab_entries() Michael (This used to be commit 79151db6eae234a1f9e5131b7776689a4f03a0ef)
2008-08-01dssync: replace the processing_fn by startup/process/finish ops.Michael Adam1-46/+67
This remove static a variable for the keytab context in the keytab processing function and simplifies the signature. The keytab context is instead in the new private data member of the dssync_context struct. This is in preparation of adding support for keeping track of the up-to-date-ness vector, in order to be able to sync diffs instead of the whole database. Michael (This used to be commit c51c3339f35e3bd921080d2e226e2422fc23e1e6)
2008-07-01net_vampire: add code to vampire to a Kerberos keytab file using DRSUAPI.Günther Deschner1-0/+240
Guenther (This used to be commit 0ef420c3a478a8adce7483f14b45e9995bfa5e5d)