2008-06-27 17:36:19 +04:00
/*
Unix SMB / CIFS implementation .
Copyright ( C ) Guenther Deschner < gd @ samba . org > 2008
2008-08-01 16:26:46 +04:00
Copyright ( C ) Michael Adam 2008
2008-06-27 17:36:19 +04:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 3 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
# include "includes.h"
2010-07-02 02:14:04 +04:00
# include "smb_krb5.h"
# include "libnet/libnet_dssync.h"
# include "libnet/libnet_keytab.h"
2008-07-17 02:54:35 +04:00
# include "librpc/gen_ndr/ndr_drsblobs.h"
2018-11-23 14:34:50 +03:00
# include "libads/krb5_errs.h"
2008-06-27 17:36:19 +04:00
2010-08-10 02:25:02 +04:00
# if defined(HAVE_ADS)
2008-06-27 17:36:19 +04:00
2008-07-17 02:54:35 +04:00
static NTSTATUS keytab_startup ( struct dssync_context * ctx , TALLOC_CTX * mem_ctx ,
struct replUpToDateVectorBlob * * pold_utdv )
2008-07-16 19:12:04 +04:00
{
krb5_error_code ret = 0 ;
struct libnet_keytab_context * keytab_ctx ;
2008-07-17 02:54:35 +04:00
struct libnet_keytab_entry * entry ;
struct replUpToDateVectorBlob * old_utdv = NULL ;
char * principal ;
2008-07-16 19:12:04 +04:00
ret = libnet_keytab_init ( mem_ctx , ctx - > output_filename , & keytab_ctx ) ;
if ( ret ) {
return krb5_to_nt_status ( ret ) ;
}
keytab_ctx - > dns_domain_name = ctx - > dns_domain_name ;
2008-08-01 02:09:28 +04:00
keytab_ctx - > clean_old_entries = ctx - > clean_old_entries ;
2008-07-16 19:12:04 +04:00
ctx - > private_data = keytab_ctx ;
2008-07-17 02:54:35 +04:00
principal = talloc_asprintf ( mem_ctx , " UTDV/%s@%s " ,
ctx - > nc_dn , ctx - > dns_domain_name ) ;
NT_STATUS_HAVE_NO_MEMORY ( principal ) ;
2008-07-29 17:23:12 +04:00
entry = libnet_keytab_search ( keytab_ctx , principal , 0 , ENCTYPE_NULL ,
2008-07-29 12:16:37 +04:00
mem_ctx ) ;
2008-07-17 02:54:35 +04:00
if ( entry ) {
enum ndr_err_code ndr_err ;
old_utdv = talloc ( mem_ctx , struct replUpToDateVectorBlob ) ;
2010-05-10 02:42:06 +04:00
ndr_err = ndr_pull_struct_blob ( & entry - > password , old_utdv , old_utdv ,
2008-07-17 02:54:35 +04:00
( ndr_pull_flags_fn_t ) ndr_pull_replUpToDateVectorBlob ) ;
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
NTSTATUS status = ndr_map_error2ntstatus ( ndr_err ) ;
2008-08-01 19:10:59 +04:00
ctx - > error_message = talloc_asprintf ( ctx ,
2008-07-17 02:54:35 +04:00
" Failed to pull UpToDateVector: %s " ,
nt_errstr ( status ) ) ;
return status ;
}
2008-07-17 13:54:32 +04:00
if ( DEBUGLEVEL > = 10 ) {
NDR_PRINT_DEBUG ( replUpToDateVectorBlob , old_utdv ) ;
}
2008-07-17 02:54:35 +04:00
}
if ( pold_utdv ) {
* pold_utdv = old_utdv ;
}
2008-07-16 19:12:04 +04:00
return NT_STATUS_OK ;
}
2008-07-17 02:54:35 +04:00
static NTSTATUS keytab_finish ( struct dssync_context * ctx , TALLOC_CTX * mem_ctx ,
struct replUpToDateVectorBlob * new_utdv )
2008-07-16 19:12:04 +04:00
{
NTSTATUS status = NT_STATUS_OK ;
krb5_error_code ret = 0 ;
struct libnet_keytab_context * keytab_ctx =
( struct libnet_keytab_context * ) ctx - > private_data ;
2008-07-17 02:54:35 +04:00
if ( new_utdv ) {
enum ndr_err_code ndr_err ;
DATA_BLOB blob ;
2008-07-17 13:54:32 +04:00
if ( DEBUGLEVEL > = 10 ) {
NDR_PRINT_DEBUG ( replUpToDateVectorBlob , new_utdv ) ;
}
2010-05-10 02:42:06 +04:00
ndr_err = ndr_push_struct_blob ( & blob , mem_ctx , new_utdv ,
2008-07-17 02:54:35 +04:00
( ndr_push_flags_fn_t ) ndr_push_replUpToDateVectorBlob ) ;
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
status = ndr_map_error2ntstatus ( ndr_err ) ;
2008-08-01 19:10:59 +04:00
ctx - > error_message = talloc_asprintf ( ctx ,
2008-07-17 02:54:35 +04:00
" Failed to push UpToDateVector: %s " ,
nt_errstr ( status ) ) ;
goto done ;
}
2008-11-18 03:16:53 +03:00
status = libnet_keytab_add_to_keytab_entries ( mem_ctx , keytab_ctx , 0 ,
ctx - > nc_dn , " UTDV " ,
ENCTYPE_NULL ,
blob ) ;
2008-07-17 02:54:35 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto done ;
}
}
2008-07-16 19:12:04 +04:00
ret = libnet_keytab_add ( keytab_ctx ) ;
if ( ret ) {
status = krb5_to_nt_status ( ret ) ;
2008-08-01 19:10:59 +04:00
ctx - > error_message = talloc_asprintf ( ctx ,
2008-07-16 19:12:04 +04:00
" Failed to add entries to keytab %s: %s " ,
keytab_ctx - > keytab_name , error_message ( ret ) ) ;
goto done ;
}
2008-08-01 19:10:59 +04:00
ctx - > result_message = talloc_asprintf ( ctx ,
2008-07-16 19:12:04 +04:00
" Vampired %d accounts to keytab %s " ,
keytab_ctx - > count ,
keytab_ctx - > keytab_name ) ;
done :
TALLOC_FREE ( keytab_ctx ) ;
return status ;
}
2008-06-27 17:36:19 +04:00
/****************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-07-31 14:25:06 +04:00
static NTSTATUS parse_supplemental_credentials ( TALLOC_CTX * mem_ctx ,
const DATA_BLOB * blob ,
struct package_PrimaryKerberosCtr3 * * pkb3 ,
struct package_PrimaryKerberosCtr4 * * pkb4 )
{
NTSTATUS status ;
enum ndr_err_code ndr_err ;
struct supplementalCredentialsBlob scb ;
struct supplementalCredentialsPackage * scpk = NULL ;
DATA_BLOB scpk_blob ;
struct package_PrimaryKerberosBlob * pkb ;
bool newer_keys = false ;
uint32_t j ;
2010-05-10 02:42:06 +04:00
ndr_err = ndr_pull_struct_blob_all ( blob , mem_ctx , & scb ,
2008-07-31 14:25:06 +04:00
( ndr_pull_flags_fn_t ) ndr_pull_supplementalCredentialsBlob ) ;
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
status = ndr_map_error2ntstatus ( ndr_err ) ;
goto done ;
}
2016-06-03 17:34:08 +03:00
if ( ( scb . sub . signature ! = SUPPLEMENTAL_CREDENTIALS_SIGNATURE )
& & ( scb . sub . num_packages ! = 0 ) )
2008-07-31 14:25:06 +04:00
{
if ( DEBUGLEVEL > = 10 ) {
NDR_PRINT_DEBUG ( supplementalCredentialsBlob , & scb ) ;
}
status = NT_STATUS_INVALID_PARAMETER ;
goto done ;
}
for ( j = 0 ; j < scb . sub . num_packages ; j + + ) {
if ( strcmp ( " Primary:Kerberos-Newer-Keys " ,
scb . sub . packages [ j ] . name ) = = 0 )
{
scpk = & scb . sub . packages [ j ] ;
if ( ! scpk - > data | | ! scpk - > data [ 0 ] ) {
scpk = NULL ;
continue ;
}
newer_keys = true ;
break ;
} else if ( strcmp ( " Primary:Kerberos " ,
scb . sub . packages [ j ] . name ) = = 0 )
{
/*
* grab this but don ' t break here :
* there might still be newer - keys . . .
*/
scpk = & scb . sub . packages [ j ] ;
if ( ! scpk - > data | | ! scpk - > data [ 0 ] ) {
scpk = NULL ;
}
}
}
if ( ! scpk ) {
/* no data */
status = NT_STATUS_OK ;
goto done ;
}
scpk_blob = strhex_to_data_blob ( mem_ctx , scpk - > data ) ;
if ( ! scpk_blob . data ) {
status = NT_STATUS_NO_MEMORY ;
goto done ;
}
2011-06-07 05:44:43 +04:00
pkb = talloc_zero ( mem_ctx , struct package_PrimaryKerberosBlob ) ;
2008-07-31 14:25:06 +04:00
if ( ! pkb ) {
status = NT_STATUS_NO_MEMORY ;
goto done ;
}
2010-05-10 02:42:06 +04:00
ndr_err = ndr_pull_struct_blob ( & scpk_blob , mem_ctx , pkb ,
2008-07-31 14:25:06 +04:00
( ndr_pull_flags_fn_t ) ndr_pull_package_PrimaryKerberosBlob ) ;
if ( ! NDR_ERR_CODE_IS_SUCCESS ( ndr_err ) ) {
status = ndr_map_error2ntstatus ( ndr_err ) ;
goto done ;
}
if ( ! newer_keys & & pkb - > version ! = 3 ) {
status = NT_STATUS_INVALID_PARAMETER ;
goto done ;
}
if ( newer_keys & & pkb - > version ! = 4 ) {
status = NT_STATUS_INVALID_PARAMETER ;
goto done ;
}
if ( pkb - > version = = 4 & & pkb4 ) {
* pkb4 = & pkb - > ctr . ctr4 ;
} else if ( pkb - > version = = 3 & & pkb3 ) {
* pkb3 = & pkb - > ctr . ctr3 ;
}
status = NT_STATUS_OK ;
done :
return status ;
}
2008-06-27 17:36:19 +04:00
static NTSTATUS parse_object ( TALLOC_CTX * mem_ctx ,
struct libnet_keytab_context * ctx ,
struct drsuapi_DsReplicaObjectListItemEx * cur )
{
NTSTATUS status = NT_STATUS_OK ;
uchar nt_passwd [ 16 ] ;
DATA_BLOB * blob ;
int i = 0 ;
struct drsuapi_DsReplicaAttribute * attr ;
bool got_pwd = false ;
2008-07-31 14:25:06 +04:00
struct package_PrimaryKerberosCtr3 * pkb3 = NULL ;
struct package_PrimaryKerberosCtr4 * pkb4 = NULL ;
2008-07-29 20:07:07 +04:00
char * object_dn = NULL ;
2008-06-27 17:36:19 +04:00
char * upn = NULL ;
2008-07-29 14:55:19 +04:00
char * * spn = NULL ;
uint32_t num_spns = 0 ;
2008-06-27 17:36:19 +04:00
char * name = NULL ;
uint32_t kvno = 0 ;
uint32_t uacc = 0 ;
uint32_t sam_type = 0 ;
uint32_t pwd_history_len = 0 ;
uint8_t * pwd_history = NULL ;
ZERO_STRUCT ( nt_passwd ) ;
2008-07-29 20:07:07 +04:00
object_dn = talloc_strdup ( mem_ctx , cur - > object . identifier - > dn ) ;
if ( ! object_dn ) {
return NT_STATUS_NO_MEMORY ;
}
DEBUG ( 3 , ( " parsing object '%s' \n " , object_dn ) ) ;
2008-07-29 16:15:07 +04:00
2008-06-27 17:36:19 +04:00
for ( i = 0 ; i < cur - > object . attribute_ctr . num_attributes ; i + + ) {
attr = & cur - > object . attribute_ctr . attributes [ i ] ;
2010-10-29 03:22:35 +04:00
if ( attr - > attid = = DRSUAPI_ATTID_servicePrincipalName ) {
2008-07-29 14:55:19 +04:00
uint32_t count ;
num_spns = attr - > value_ctr . num_values ;
2011-06-07 05:30:12 +04:00
spn = talloc_array ( mem_ctx , char * , num_spns ) ;
2008-07-29 14:55:19 +04:00
for ( count = 0 ; count < num_spns ; count + + ) {
blob = attr - > value_ctr . values [ count ] . blob ;
pull_string_talloc ( spn , NULL , 0 ,
& spn [ count ] ,
blob - > data , blob - > length ,
STR_UNICODE ) ;
}
}
2008-06-27 17:36:19 +04:00
if ( attr - > value_ctr . num_values ! = 1 ) {
continue ;
}
if ( ! attr - > value_ctr . values [ 0 ] . blob ) {
continue ;
}
blob = attr - > value_ctr . values [ 0 ] . blob ;
switch ( attr - > attid ) {
2010-10-29 03:22:35 +04:00
case DRSUAPI_ATTID_unicodePwd :
2008-06-27 17:36:19 +04:00
if ( blob - > length ! = 16 ) {
break ;
}
memcpy ( & nt_passwd , blob - > data , 16 ) ;
got_pwd = true ;
/* pick the kvno from the meta_data version,
* thanks , metze , for explaining this */
if ( ! cur - > meta_data_ctr ) {
break ;
}
if ( cur - > meta_data_ctr - > count ! =
cur - > object . attribute_ctr . num_attributes ) {
break ;
}
kvno = cur - > meta_data_ctr - > meta_data [ i ] . version ;
break ;
2010-10-29 03:22:35 +04:00
case DRSUAPI_ATTID_ntPwdHistory :
2008-06-27 17:36:19 +04:00
pwd_history_len = blob - > length / 16 ;
pwd_history = blob - > data ;
break ;
2010-10-29 03:22:35 +04:00
case DRSUAPI_ATTID_userPrincipalName :
2008-06-27 17:36:19 +04:00
pull_string_talloc ( mem_ctx , NULL , 0 , & upn ,
blob - > data , blob - > length ,
STR_UNICODE ) ;
break ;
2010-10-29 03:22:35 +04:00
case DRSUAPI_ATTID_sAMAccountName :
2008-06-27 17:36:19 +04:00
pull_string_talloc ( mem_ctx , NULL , 0 , & name ,
blob - > data , blob - > length ,
STR_UNICODE ) ;
break ;
2010-10-29 03:22:35 +04:00
case DRSUAPI_ATTID_sAMAccountType :
2008-06-27 17:36:19 +04:00
sam_type = IVAL ( blob - > data , 0 ) ;
break ;
2010-10-29 03:22:35 +04:00
case DRSUAPI_ATTID_userAccountControl :
2008-06-27 17:36:19 +04:00
uacc = IVAL ( blob - > data , 0 ) ;
break ;
2010-10-29 03:22:35 +04:00
case DRSUAPI_ATTID_supplementalCredentials :
2008-07-31 14:25:06 +04:00
status = parse_supplemental_credentials ( mem_ctx ,
blob ,
& pkb3 ,
& pkb4 ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
DEBUG ( 2 , ( " parsing of supplemental "
" credentials failed: %s \n " ,
nt_errstr ( status ) ) ) ;
}
break ;
2008-06-27 17:36:19 +04:00
default :
break ;
}
}
2008-07-29 20:07:07 +04:00
if ( ! got_pwd ) {
DEBUG ( 10 , ( " no password (unicodePwd) found - skipping. \n " ) ) ;
2008-07-29 12:17:15 +04:00
return NT_STATUS_OK ;
}
2008-07-29 20:07:07 +04:00
if ( name ) {
2008-11-18 03:16:53 +03:00
status = libnet_keytab_add_to_keytab_entries ( mem_ctx , ctx , 0 , object_dn ,
" SAMACCOUNTNAME " ,
ENCTYPE_NULL ,
data_blob_talloc ( mem_ctx , name ,
strlen ( name ) + 1 ) ) ;
2008-07-29 20:07:07 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
} else {
/* look into keytab ... */
struct libnet_keytab_entry * entry = NULL ;
char * principal = NULL ;
DEBUG ( 10 , ( " looking for SAMACCOUNTNAME/%s@%s in keytayb... \n " ,
object_dn , ctx - > dns_domain_name ) ) ;
principal = talloc_asprintf ( mem_ctx , " %s/%s@%s " ,
" SAMACCOUNTNAME " ,
object_dn ,
ctx - > dns_domain_name ) ;
if ( ! principal ) {
DEBUG ( 1 , ( " talloc failed \n " ) ) ;
return NT_STATUS_NO_MEMORY ;
}
entry = libnet_keytab_search ( ctx , principal , 0 , ENCTYPE_NULL ,
mem_ctx ) ;
if ( entry ) {
2011-06-07 06:13:26 +04:00
name = ( char * ) talloc_memdup ( mem_ctx ,
2008-07-29 20:07:07 +04:00
entry - > password . data ,
entry - > password . length ) ;
if ( ! name ) {
DEBUG ( 1 , ( " talloc failed! " ) ) ;
return NT_STATUS_NO_MEMORY ;
} else {
DEBUG ( 10 , ( " found name %s \n " , name ) ) ;
}
TALLOC_FREE ( entry ) ;
} else {
DEBUG ( 10 , ( " entry not found \n " ) ) ;
}
TALLOC_FREE ( principal ) ;
}
if ( ! name ) {
DEBUG ( 10 , ( " no name (sAMAccountName) found - skipping. \n " ) ) ;
2008-06-27 17:36:19 +04:00
return NT_STATUS_OK ;
}
DEBUG ( 1 , ( " #%02d: %s:%d, " , ctx - > count , name , kvno ) ) ;
2008-07-29 14:54:46 +04:00
DEBUGADD ( 1 , ( " sAMAccountType: 0x%08x, userAccountControl: 0x%08x " ,
2008-06-27 17:36:19 +04:00
sam_type , uacc ) ) ;
if ( upn ) {
2008-07-29 14:54:46 +04:00
DEBUGADD ( 1 , ( " , upn: %s " , upn ) ) ;
2008-06-27 17:36:19 +04:00
}
2008-07-29 14:55:19 +04:00
if ( num_spns > 0 ) {
DEBUGADD ( 1 , ( " , spns: [ " ) ) ;
for ( i = 0 ; i < num_spns ; i + + ) {
DEBUGADD ( 1 , ( " %s%s " , spn [ i ] ,
( i + 1 = = num_spns ) ? " ] " : " , " ) ) ;
}
}
2008-06-27 17:36:19 +04:00
DEBUGADD ( 1 , ( " \n " ) ) ;
2008-11-18 03:16:53 +03:00
status = libnet_keytab_add_to_keytab_entries ( mem_ctx , ctx , kvno , name , NULL ,
ENCTYPE_ARCFOUR_HMAC ,
data_blob_talloc ( mem_ctx , nt_passwd , 16 ) ) ;
2008-06-27 17:36:19 +04:00
2008-07-17 01:08:40 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
2008-06-27 17:36:19 +04:00
2008-07-31 14:25:06 +04:00
/* add kerberos keys (if any) */
if ( pkb4 ) {
for ( i = 0 ; i < pkb4 - > num_keys ; i + + ) {
if ( ! pkb4 - > keys [ i ] . value ) {
continue ;
}
2008-11-18 03:16:53 +03:00
status = libnet_keytab_add_to_keytab_entries ( mem_ctx , ctx , kvno ,
name ,
NULL ,
pkb4 - > keys [ i ] . keytype ,
* pkb4 - > keys [ i ] . value ) ;
2008-07-31 14:25:06 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
}
for ( i = 0 ; i < pkb4 - > num_old_keys ; i + + ) {
if ( ! pkb4 - > old_keys [ i ] . value ) {
continue ;
}
2008-11-18 03:16:53 +03:00
status = libnet_keytab_add_to_keytab_entries ( mem_ctx , ctx , kvno - 1 ,
name ,
NULL ,
pkb4 - > old_keys [ i ] . keytype ,
* pkb4 - > old_keys [ i ] . value ) ;
2008-07-31 14:25:06 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
}
for ( i = 0 ; i < pkb4 - > num_older_keys ; i + + ) {
if ( ! pkb4 - > older_keys [ i ] . value ) {
continue ;
}
2008-11-18 03:16:53 +03:00
status = libnet_keytab_add_to_keytab_entries ( mem_ctx , ctx , kvno - 2 ,
name ,
NULL ,
pkb4 - > older_keys [ i ] . keytype ,
* pkb4 - > older_keys [ i ] . value ) ;
2008-07-31 14:25:06 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
}
}
if ( pkb3 ) {
for ( i = 0 ; i < pkb3 - > num_keys ; i + + ) {
if ( ! pkb3 - > keys [ i ] . value ) {
continue ;
}
2008-11-18 03:16:53 +03:00
status = libnet_keytab_add_to_keytab_entries ( mem_ctx , ctx , kvno , name ,
NULL ,
pkb3 - > keys [ i ] . keytype ,
* pkb3 - > keys [ i ] . value ) ;
2008-07-31 14:25:06 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
}
for ( i = 0 ; i < pkb3 - > num_old_keys ; i + + ) {
if ( ! pkb3 - > old_keys [ i ] . value ) {
continue ;
}
2008-11-18 03:16:53 +03:00
status = libnet_keytab_add_to_keytab_entries ( mem_ctx , ctx , kvno - 1 ,
name ,
NULL ,
pkb3 - > old_keys [ i ] . keytype ,
* pkb3 - > old_keys [ i ] . value ) ;
2008-07-31 14:25:06 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return status ;
}
}
}
2008-06-27 17:36:19 +04:00
if ( ( kvno < 0 ) & & ( kvno < pwd_history_len ) ) {
return status ;
}
/* add password history */
/* skip first entry */
if ( got_pwd ) {
kvno - - ;
i = 1 ;
} else {
i = 0 ;
}
for ( ; i < pwd_history_len ; i + + ) {
2008-11-18 03:16:53 +03:00
status = libnet_keytab_add_to_keytab_entries ( mem_ctx , ctx , kvno - - , name , NULL ,
ENCTYPE_ARCFOUR_HMAC ,
data_blob_talloc ( mem_ctx , & pwd_history [ i * 16 ] , 16 ) ) ;
2008-07-24 02:30:07 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
break ;
}
2008-06-27 17:36:19 +04:00
}
return status ;
}
2008-08-01 00:53:41 +04:00
static bool dn_is_in_object_list ( struct dssync_context * ctx ,
const char * dn )
{
uint32_t count ;
if ( ctx - > object_count = = 0 ) {
return true ;
}
for ( count = 0 ; count < ctx - > object_count ; count + + ) {
if ( strequal ( ctx - > object_dns [ count ] , dn ) ) {
return true ;
}
}
return false ;
}
2008-06-27 17:36:19 +04:00
/****************************************************************
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2008-07-16 19:12:04 +04:00
static NTSTATUS keytab_process_objects ( struct dssync_context * ctx ,
TALLOC_CTX * mem_ctx ,
struct drsuapi_DsReplicaObjectListItemEx * cur ,
struct drsuapi_DsReplicaOIDMapping_Ctr * mapping_ctr )
2008-06-27 17:36:19 +04:00
{
NTSTATUS status = NT_STATUS_OK ;
2008-07-16 19:12:04 +04:00
struct libnet_keytab_context * keytab_ctx =
( struct libnet_keytab_context * ) ctx - > private_data ;
2008-06-27 17:36:19 +04:00
for ( ; cur ; cur = cur - > next_object ) {
2008-08-01 00:53:41 +04:00
/*
* When not in single object replication mode ,
* the object_dn list is used as a positive write filter .
*/
if ( ! ctx - > single_object_replication & &
! dn_is_in_object_list ( ctx , cur - > object . identifier - > dn ) )
{
continue ;
}
2008-06-27 17:36:19 +04:00
status = parse_object ( mem_ctx , keytab_ctx , cur ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
goto out ;
}
}
out :
return status ;
}
# else
2008-07-17 02:54:35 +04:00
static NTSTATUS keytab_startup ( struct dssync_context * ctx , TALLOC_CTX * mem_ctx ,
struct replUpToDateVectorBlob * * pold_utdv )
2008-07-16 19:12:04 +04:00
{
return NT_STATUS_NOT_SUPPORTED ;
}
2008-07-17 02:54:35 +04:00
static NTSTATUS keytab_finish ( struct dssync_context * ctx , TALLOC_CTX * mem_ctx ,
struct replUpToDateVectorBlob * new_utdv )
2008-06-27 17:36:19 +04:00
{
return NT_STATUS_NOT_SUPPORTED ;
}
2008-07-16 19:12:04 +04:00
static NTSTATUS keytab_process_objects ( struct dssync_context * ctx ,
TALLOC_CTX * mem_ctx ,
struct drsuapi_DsReplicaObjectListItemEx * cur ,
struct drsuapi_DsReplicaOIDMapping_Ctr * mapping_ctr )
{
return NT_STATUS_NOT_SUPPORTED ;
}
2010-08-10 02:25:02 +04:00
# endif /* defined(HAVE_ADS) */
2008-07-16 19:12:04 +04:00
const struct dssync_ops libnet_dssync_keytab_ops = {
. startup = keytab_startup ,
. process_objects = keytab_process_objects ,
. finish = keytab_finish ,
} ;