From 260bbf13d20fa94923dc8841a06267bf0ea102a7 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 29 Jul 2008 18:07:07 +0200 Subject: dssync keytab: store the samaccountname in the keytab for diff replication. When retreiving a diff replication, the sAMAccountName attribute is usually not replicated. So in order to build the principle, we need to store the sAMAccounName in the keytab, referenced by the DN of the object, so that it can be retrieved if necessary. It is stored in the form of SAMACCOUNTNAME/object_dn@dns_domain_name with kvno=0 and ENCTYPE_NONE. Michael (This used to be commit 54e2dc1f4e0e2c7a6dcb171e51a608d831c8946e) --- source3/libnet/libnet_dssync_keytab.c | 60 ++++++++++++++++++++++++++++++++--- 1 file changed, 55 insertions(+), 5 deletions(-) (limited to 'source3') diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index 4bd4a79a00..db98f63d1b 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -170,6 +170,7 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, struct drsuapi_DsReplicaAttribute *attr; bool got_pwd = false; + char *object_dn = NULL; char *upn = NULL; char **spn = NULL; uint32_t num_spns = 0; @@ -183,7 +184,12 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, ZERO_STRUCT(nt_passwd); - DEBUG(3, ("parsing object '%s'\n", cur->object.identifier->dn)); + object_dn = talloc_strdup(mem_ctx, cur->object.identifier->dn); + if (!object_dn) { + return NT_STATUS_NO_MEMORY; + } + + DEBUG(3, ("parsing object '%s'\n", object_dn)); for (i=0; i < cur->object.attribute_ctr.num_attributes; i++) { @@ -259,13 +265,57 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, } } - if (!name) { - DEBUG(10, ("no name (sAMAccountName) found - skipping.\n")); + if (!got_pwd) { + DEBUG(10, ("no password (unicodePwd) found - skipping.\n")); return NT_STATUS_OK; } - if (!got_pwd) { - DEBUG(10, ("no password (unicodePwd) found - skipping.\n")); + if (name) { + status = add_to_keytab_entries(mem_ctx, ctx, 0, object_dn, + "SAMACCOUNTNAME", + ENCTYPE_NULL, + data_blob_talloc(mem_ctx, name, + strlen(name) + 1)); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } else { + /* look into keytab ... */ + struct libnet_keytab_entry *entry = NULL; + char *principal = NULL; + + DEBUG(10, ("looking for SAMACCOUNTNAME/%s@%s in keytayb...\n", + object_dn, ctx->dns_domain_name)); + + principal = talloc_asprintf(mem_ctx, "%s/%s@%s", + "SAMACCOUNTNAME", + object_dn, + ctx->dns_domain_name); + if (!principal) { + DEBUG(1, ("talloc failed\n")); + return NT_STATUS_NO_MEMORY; + } + entry = libnet_keytab_search(ctx, principal, 0, ENCTYPE_NULL, + mem_ctx); + if (entry) { + name = (char *)TALLOC_MEMDUP(mem_ctx, + entry->password.data, + entry->password.length); + if (!name) { + DEBUG(1, ("talloc failed!")); + return NT_STATUS_NO_MEMORY; + } else { + DEBUG(10, ("found name %s\n", name)); + } + TALLOC_FREE(entry); + } else { + DEBUG(10, ("entry not found\n")); + } + TALLOC_FREE(principal); + } + + if (!name) { + DEBUG(10, ("no name (sAMAccountName) found - skipping.\n")); return NT_STATUS_OK; } -- cgit