diff options
| author | Michael Adam <obnox@samba.org> | 2008-07-29 18:07:07 +0200 |
|---|---|---|
| committer | Michael Adam <obnox@samba.org> | 2008-08-01 16:04:43 +0200 |
| commit | 54e2dc1f4e0e2c7a6dcb171e51a608d831c8946e (patch) | |
| tree | 3a260d256c8849b57e262a33160e169301e7af02 | |
| parent | 3c463745445f6b64017918f442bf1021be219e83 (diff) | |
| download | samba-54e2dc1f4e0e2c7a6dcb171e51a608d831c8946e.tar.gz | |
dssync keytab: store the samaccountname in the keytab for diff replication.
When retreiving a diff replication, the sAMAccountName attribute is usually
not replicated. So in order to build the principle, we need to store the
sAMAccounName in the keytab, referenced by the DN of the object, so that
it can be retrieved if necessary.
It is stored in the form of SAMACCOUNTNAME/object_dn@dns_domain_name
with kvno=0 and ENCTYPE_NONE.
Michael
| -rw-r--r-- | source/libnet/libnet_dssync_keytab.c | 60 |
1 files changed, 55 insertions, 5 deletions
diff --git a/source/libnet/libnet_dssync_keytab.c b/source/libnet/libnet_dssync_keytab.c index 4bd4a79a001..db98f63d1b7 100644 --- a/source/libnet/libnet_dssync_keytab.c +++ b/source/libnet/libnet_dssync_keytab.c @@ -170,6 +170,7 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, struct drsuapi_DsReplicaAttribute *attr; bool got_pwd = false; + char *object_dn = NULL; char *upn = NULL; char **spn = NULL; uint32_t num_spns = 0; @@ -183,7 +184,12 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, ZERO_STRUCT(nt_passwd); - DEBUG(3, ("parsing object '%s'\n", cur->object.identifier->dn)); + object_dn = talloc_strdup(mem_ctx, cur->object.identifier->dn); + if (!object_dn) { + return NT_STATUS_NO_MEMORY; + } + + DEBUG(3, ("parsing object '%s'\n", object_dn)); for (i=0; i < cur->object.attribute_ctr.num_attributes; i++) { @@ -259,13 +265,57 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, } } - if (!name) { - DEBUG(10, ("no name (sAMAccountName) found - skipping.\n")); + if (!got_pwd) { + DEBUG(10, ("no password (unicodePwd) found - skipping.\n")); return NT_STATUS_OK; } - if (!got_pwd) { - DEBUG(10, ("no password (unicodePwd) found - skipping.\n")); + if (name) { + status = add_to_keytab_entries(mem_ctx, ctx, 0, object_dn, + "SAMACCOUNTNAME", + ENCTYPE_NULL, + data_blob_talloc(mem_ctx, name, + strlen(name) + 1)); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } else { + /* look into keytab ... */ + struct libnet_keytab_entry *entry = NULL; + char *principal = NULL; + + DEBUG(10, ("looking for SAMACCOUNTNAME/%s@%s in keytayb...\n", + object_dn, ctx->dns_domain_name)); + + principal = talloc_asprintf(mem_ctx, "%s/%s@%s", + "SAMACCOUNTNAME", + object_dn, + ctx->dns_domain_name); + if (!principal) { + DEBUG(1, ("talloc failed\n")); + return NT_STATUS_NO_MEMORY; + } + entry = libnet_keytab_search(ctx, principal, 0, ENCTYPE_NULL, + mem_ctx); + if (entry) { + name = (char *)TALLOC_MEMDUP(mem_ctx, + entry->password.data, + entry->password.length); + if (!name) { + DEBUG(1, ("talloc failed!")); + return NT_STATUS_NO_MEMORY; + } else { + DEBUG(10, ("found name %s\n", name)); + } + TALLOC_FREE(entry); + } else { + DEBUG(10, ("entry not found\n")); + } + TALLOC_FREE(principal); + } + + if (!name) { + DEBUG(10, ("no name (sAMAccountName) found - skipping.\n")); return NT_STATUS_OK; } |