summaryrefslogtreecommitdiff
path: root/source3/libnet
AgeCommit message (Collapse)AuthorFilesLines
2008-08-01libnet keytab: add function libnet_keytab_add_entry()Michael Adam1-0/+54
This is a stripped down version of smb_krb5_kt_add_entry() that takes one explicit enctype instead of an array. And it does not neither salting of keys nor cleanup of old entries. Michael (This used to be commit c83e54f1eb3021d13fb0a3c3f6b556a338d2a8c3)
2008-08-01dssync keytab: log the DN of the object to be parsed.Michael Adam1-0/+2
For debugging purposes. Michael (This used to be commit 6913919e3a36ebff87a882ba589d36bcd0781ee6)
2008-08-01dssync keytab: remove old UpToDateNess vectors from keytab before storing ↵Michael Adam1-0/+19
new one. Michael (This used to be commit 717bd6f6c3ec94e3b8b5845c43717a5fbd41c38f)
2008-08-01libnet keytab: add function libnet_keytab_remove_entries().Michael Adam2-0/+95
This can be used to remove entries of given principal, kvno and enctype. Michael (This used to be commit a6f61c05b270c82f4bfce8a6850f81a09ad29087)
2008-08-01libnet_keytab: cleanup libnet_keytab_search().Michael Adam1-28/+27
Michael (This used to be commit 344428d96c9be87eae1d715a8b8fcd6ad02142f8)
2008-08-01libnet keytab: test for matching enctype in libnet_keytab_search().Michael Adam1-0/+5
Michael (This used to be commit 484b35f319178f360e406a1bc725dca2e9d95ee3)
2008-08-01dssync keytab: add parsing and logging of servicePrincipalName-sMichael Adam1-0/+22
As with the userPrincipalName, this is for debugging purposes only (for now..). Michael (This used to be commit 7a1d526cba4c93bb858a60d04b6486507fc25398)
2008-08-01dssync keytab: fix comma placement in debug outputMichael Adam1-2/+2
Michael (This used to be commit d21ea83f9392c8fa002d5b924dddca4190e82d09)
2008-08-01dssync keytab: add debugging output when skipping an object.Michael Adam1-1/+7
Michael (This used to be commit f3c110097f2f6c5dd329f2ca595644c6a368a552)
2008-08-01libnet keytab: add enctype parameter to libnet_keytab_search().Michael Adam3-2/+6
Not really used yet. Note: callers use ENCTYPE_ARCFOUR_HMAC enctype for UTDV (for now). This is what is currently stored. This is to be changed to ENCTYPE_NULL. Michael (This used to be commit cb91d07413430e0e0a16846d2c44aae8c165400e)
2008-08-01dssync keytab: add store enctypes in the libnet_keytype_entry structs.Michael Adam1-1/+6
Still unused by the libnet_keytab_add() function. This will follow. In preparation of supporting multiple encryption types in libnet_dssync_keytab. Michael (This used to be commit 447b8b1122a35d4bc0ec0f88fb46d18cddcf6eb9)
2008-08-01libnet_keytab: add enctype field to libnet_keytab_entry struct.Michael Adam1-0/+1
In preparation of supporting more enctyption types in libnet_dssync_keytab. Michael (This used to be commit 2b000a2acde8a09dabb538bdf89d7b885ce361d2)
2008-08-01dssync: allow replications of a single obj with net rpc vampire keytab.Michael Adam2-6/+28
This is triggered by setting the new "single" flag in the dssync_context and filling the "object_dn" member with the dn of the object to be fetched. This call is accomplished by specifying the DRSUAPI_EXOP_REPL_OBJ extended operation in the DsGetNCCHanges request. This variant does honor an up-to-date-ness vectore passed in, but the answer does not return a new up-to-dateness vector. Call this operation as "net rpc vampire keytab /path/keytab object_dn" . Michael (This used to be commit f4a01178a3d8d71f416a3b67ce6b872420f211c0)
2008-08-01dssync: pass uptodateness vector into and out of DsGetNCChanges request.Michael Adam1-2/+42
Also store the new uptodateness vector in the backend after completion and retrieve the old vector before sending the DsGetNCChanges request. This effectively accomplishes differential replication. Michael (This used to be commit a2a88808df16d153f45337b740391d419d87e87a)
2008-08-01dssync: skip analysis of the msDS_KeyVersionNumber attribute:Michael Adam1-3/+0
It is a calculated attribute that won't get distributed via replication. Michael (This used to be commit d75b7a2052f1e447f2b3b63fdb054abef4403edf)
2008-08-01dssync: either use the req5 or the req8 request, depending on the ↵Michael Adam1-8/+24
supported_extenstion that have been recorded in the remote_info28 in the dssync_context. Michael (This used to be commit 3a2a69137e69c4bd0faa6af22d17e11dac022049)
2008-08-01dssync: record the bind info in the new remote_info28 in libnet_dssync_bind().Michael Adam1-0/+29
This extracts the info24 data in case this is what was returned (instead of info28). E.g. windows 2000 returns info24. Michael (This used to be commit 61b41aa615d5d46305653845584df7b1803f07ec)
2008-08-01dssync: add a drsuapi_DsBindInfo28 struct to the dssync_context structMichael Adam1-0/+1
to keep track of what the server told us upon DsBind. Michael (This used to be commit bf17d6af6104d20019a43e5486257085b9786793)
2008-08-01dssync keytab: wrap printing of the uptodate vector in DEBUGLEVEL >= 10 checksMichael Adam1-2/+7
Michael (This used to be commit 7fabe2567d0bd12fe3ade1d00b94b6c403fe79b5)
2008-08-01dssync keytab: add support for keeping track of the up-to-date-ness vector.Michael Adam3-8/+67
The startup operation should get the old up-to-date-ness vector from the backend and the finish operation should store the new vector to the backend after replication. This adds the change of the signatures of the operations ot the dssync_ops struct and the implementation for the keytab ops. The up-to-date-ness vector is stored under the principal constructed as UTDV/$naming_context_dn@$dns_domain_name. The vector is still uninterpreted in libnet_dssync_process(). This will be the next step... This code is essentially by Metze. Michael (This used to be commit 01318fb27a1aa9e5fed0d4dd882a123ab568ac37)
2008-08-01libnet_keytab: add a libnet_keytab_search() functionMichael Adam2-0/+81
that searches and fetches an entry from a keytab file by principal and kvno. This code is by metze. Michael (This used to be commit a51a60066b6703fc4e5db3536903abf1cdaca885)
2008-08-01dssync keytab: use add_to_keytab_entries() for pwd history in parse_object().Michael Adam1-13/+5
Michael (This used to be commit 61f071de92a7011c70f72dc31fef4430ffb1515a)
2008-08-01dssync keytab: add prefix parameter to add_to_keytab_entries() for flexibility.Michael Adam1-2/+5
This will allow to construct principals of the form PREFIX/name@domain Michael (This used to be commit 7dd32b56a65574db95f4a0e136f54bd73862c59f)
2008-08-01dssync keytab: add check for success of ADD_TO_ARRAY().Michael Adam1-0/+1
Michael (This used to be commit e6f6e61da46f02bb2676c705974adc26bdfa2623)
2008-08-01dssync keytab: refactor adding entry to keytab_context out into new functionMichael Adam1-10/+28
add_to_keytab_entries() Michael (This used to be commit 79151db6eae234a1f9e5131b7776689a4f03a0ef)
2008-08-01dssync: replace the processing_fn by startup/process/finish ops.Michael Adam3-69/+103
This remove static a variable for the keytab context in the keytab processing function and simplifies the signature. The keytab context is instead in the new private data member of the dssync_context struct. This is in preparation of adding support for keeping track of the up-to-date-ness vector, in order to be able to sync diffs instead of the whole database. Michael (This used to be commit c51c3339f35e3bd921080d2e226e2422fc23e1e6)
2008-07-31rpc_client: use init_samr_CryptPassword(Ex) in client tools.Günther Deschner1-24/+13
Guenther (This used to be commit 97f7f9f21f17e8414de15953cf4eaa9959dc6f75)
2008-07-30Enabled domain groups to be added to builtin groups at domain join timeTim Prouty1-0/+33
Previously this was done at token creation time if the Administrators and Users builtins hadn't been created yet. A major drawback to this approach is that if a customer is joined to a domain and decides they want to join a different domain, the domain groups from this new domain will not be added to the builtins. It would be ideal if these groups could be added exclusively at domain join time, but we can't rely solely on that because there are cases where winbindd must be running to allocate new gids for the builtins. In the future if there is a way to allocate gids for builtins without running winbindd, this code can be removed from create_local_nt_token. - Made create_builtin_users and create_builtin_administrators non-static so they can be called from libnet - Added a new function to libnet_join that will make a best effort to add domain administrators and domain users to BUILTIN\Administrators and BUILTIN\Users, respectively. If the builtins don't exist yet, winbindd must be running to allocate new gids, but if the builtins already exist, the domain groups will be added even if winbindd is not running. In the case of a failure the error will be logged, but the join will not be failed. - Plumbed libnet_join_add_dom_rids_to_builtins into the join post processing. (This used to be commit e92faf5996cadac480deb60a4f6232eea90b00f6)
2008-07-30build: fix some no previous prototype warnings.Günther Deschner1-1/+1
Guenther (This used to be commit 51062534fd58d7a914a6bbac2e52bb44e71363b7)
2008-07-22Change occurrences of the u1 member of DsBindInfo* to pid after idl change.Michael Adam1-1/+1
Michael (This used to be commit 42f3d681cac4a443347d1ed253848d45f8746f89)
2008-07-20Refactoring: Change calling conventions for cli_rpc_pipe_open_schannel_with_keyVolker Lendecke1-6/+4
Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS (This used to be commit 78e9c937ff2d2e1b70cfed4121e17feb6efafda1)
2008-07-20Refactoring: Make get_schannel_session_key return NTSTATUSVolker Lendecke1-4/+3
(This used to be commit a0793cc853d3bd43df2fc49df193a5fead6b01ab)
2008-07-20Refactoring: Change calling conventions for cli_rpc_pipe_open_noauthVolker Lendecke1-6/+9
Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS (This used to be commit 9abc9dc4dc13bd3e42f98eff64eacf24b51f5779)
2008-07-18libnetjoin: make libnet_join_rollback() static.Günther Deschner1-2/+2
Guenther (This used to be commit f1cc39e3759357344cb7abcb6bfa9d3e3f4969e6)
2008-07-18Use LDAP macros instead of attribute names.Karolin Seeger1-24/+24
Karolin (This used to be commit 7dae8b04f126d0ac86a452dcf373a690ee687ead)
2008-07-18dssync: fix missing prototype warning by including the proper header.Michael Adam1-1/+1
Michael (This used to be commit 7d7b63e89bb2a067783362a24d81e44e0d67e2ec)
2008-07-16libnet_dssync: use ctr[1|6]->more_dataStefan Metzmacher1-2/+2
metze (This used to be commit 6b7ddb6d664f5f3b62161cdb3abf12633b263a64)
2008-07-03libnetjoin: fix Bug #5570.Günther Deschner1-1/+1
Thanks to Atte Peltomäki. Guenther (This used to be commit 144d374ad9dd981430a82369ceaa2783e6dae90a)
2008-07-01net_vampire: add code to vampire to a Kerberos keytab file using DRSUAPI.Günther Deschner2-0/+246
Guenther (This used to be commit 0ef420c3a478a8adce7483f14b45e9995bfa5e5d)
2008-07-01net_vampire: keep keytab context and flush keytab only after the last query.Günther Deschner1-14/+19
Guenther (This used to be commit 48efe7dbce1cde6689f94fafe2d7756f673bc050)
2008-06-30kerberos: allow to keep entries with old kvno's while creating keytab.Günther Deschner1-0/+1
Guenther (This used to be commit 6194244bd9fcc1fb736f3d91433f107270cac1c9)
2008-06-30kerberos: rename smb_krb5_kt_add_entry to smb_krb5_kt_add_entry_ext.Günther Deschner1-7/+7
Guenther (This used to be commit 48600a0019d70d22574cf08e8fe19d44cc332a0f)
2008-06-26Fix the non-LDAP, non-krb5 build, fix gcc -O3 warnings.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 9e2ab30d3cf6950fc79152b2169e7aeae8d6a366)
2008-06-27libnet_dssync: add last_query flag to processing routine.Günther Deschner2-4/+17
Guenther (This used to be commit 22bdee7fe0cdcd95e0bade70cacb095e0b348abf)
2008-06-27libnet_dssync: add output filename and dns_domain_name to dssync struct.Günther Deschner2-0/+8
Guenther (This used to be commit c16e1820f86f105853aa855eda322ba6cbff3a84)
2008-06-27net_vampire: use bool for last_query information in samsync.Günther Deschner6-19/+26
Guenther (This used to be commit fa1976e23a33bd3fab17c3f6ab5573ee1fdf9e31)
2008-06-27net_vampire: separate keytab code from samsync code.Günther Deschner5-154/+211
Guenther (This used to be commit 69d8442bf3248f97ad23def424901d7fa87bfe48)
2008-06-26libnet_dssync: pass down drsuapi_DsReplicaOIDMapping_Ctr to callback.Günther Deschner2-0/+3
Guenther (This used to be commit cbff970facae295650742d12768f23c7f67380a6)
2008-06-26libnet_dssync: always decrypt attributes before passing them to the ↵Günther Deschner1-0/+127
processing routine. Guenther (This used to be commit 6eedd167e77969e2ab7d5abe7311de62fc413d17)
2008-06-26net_vampire: add some error output to libnet_dssync.Günther Deschner1-1/+16
Guenther (This used to be commit 891d4cca0ca5ccb075940517af25f3760a315219)