IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
4,478 Commits 11 Branches 60 Tags 60 MiB
64dfa1b37e
Commit Graph

146 Commits

Author SHA1 Message Date
Simo Sorce
64dfa1b37e ipa-kdb: Remove unused CFLAGS/LIBS from Makefiles 2011-12-02 09:49:30 -05:00
Simo Sorce
e727dc50cc ipa-kdb: fix free() of uninitialized var 2011-11-29 16:08:59 -05:00
Simo Sorce
ba2e357ba2 ipa-kdb: Support re-signing PAC with different checksum 
Fixes: https://fedorahosted.org/freeipa/ticket/2122
 2011-11-29 09:28:25 -05:00
Simo Sorce
17cc52a154 ipa-cldap: send cldap reply 2011-11-21 18:52:59 -05:00
Simo Sorce
64ce67523f ipa-cldap: Create netlogon blob 2011-11-21 18:52:59 -05:00
Simo Sorce
046c416e90 ipa-cldap: Decode CLDAP request. 2011-11-21 18:52:59 -05:00
Simo Sorce
d709dcf8f5 ipa-cldap: Implement worker thread. 2011-11-21 18:52:59 -05:00
Simo Sorce
710f435c20 Create skeleton CLDAP server as a DS plugin 2011-11-21 18:52:48 -05:00
Simo Sorce
94a8bc1917 MS-PAC: Add support for verifying PAC in TGS requests 
Fake code for now, to be rebased later
 2011-11-07 14:25:07 -05:00
Simo Sorce
18537d55a7 Add support for generating PAC for AS requests for user principals 2011-11-07 14:25:07 -05:00
Simo Sorce
9701821227 Fix CID 11027: Wrong sizeof argument 
https://fedorahosted.org/freeipa/ticket/2037
 2011-11-07 11:13:55 -05:00
Simo Sorce
ad8c53d584 Fix CID 11026: Resource leak 
https://fedorahosted.org/freeipa/ticket/2037
 2011-11-07 11:13:55 -05:00
Simo Sorce
8cc402206a Fix CID 11025: Resource leak 
https://fedorahosted.org/freeipa/ticket/2037
 2011-11-07 11:13:55 -05:00
Simo Sorce
ea10ad1851 Fix CID 11024: Resource leak 
https://fedorahosted.org/freeipa/ticket/2037
 2011-11-07 11:13:55 -05:00
Simo Sorce
bc3fb1b3a0 Fix CID 11023: Resource leak 
https://fedorahosted.org/freeipa/ticket/2037
 2011-11-07 11:13:55 -05:00
Simo Sorce
a49cf51ee2 Fix CID 11022: Resource leak 
https://fedorahosted.org/freeipa/ticket/2037
 2011-11-07 11:13:55 -05:00
Simo Sorce
c286278aa9 Fix CID 11020: Resource leak 
https://fedorahosted.org/freeipa/ticket/2037
 2011-11-07 11:13:55 -05:00
Simo Sorce
299c91df92 Fix CID 11019: Resource leak 
https://fedorahosted.org/freeipa/ticket/2037
 2011-11-07 11:13:55 -05:00
Simo Sorce
8276d5d55f Fix CID 10745: Unchecked return value 
https://fedorahosted.org/freeipa/ticket/2036
 2011-11-07 11:13:55 -05:00
Simo Sorce
7cca50e9b5 Fix CID 10743: Unchecked return value 
https://fedorahosted.org/freeipa/ticket/2036
 2011-11-07 11:13:55 -05:00
Simo Sorce
e615bea1be Fix CID 10742: Unchecked return value 
https://fedorahosted.org/freeipa/ticket/2036
 2011-11-07 11:13:55 -05:00
Simo Sorce
9f07404fe3 ipa-kdb: Fix memory leak 2011-11-03 09:51:30 -04:00
Simo Sorce
f28ab8351f ipa-kdb: Fix legacy password hashes generation 
We were not searching for objectclass so the test to se if a user had the
posixAccount attribute was failing and the user was not marked as ipa_user.
This in turn caused us to not synchronize legacy hashes by not trying to store
the userPassword attribute.

Fixes: https://fedorahosted.org/freeipa/ticket/1820
 2011-10-06 12:15:05 -04:00
Sumit Bose
3fb40170cb ipa-pwd-extop: allow password change on all connections with SSF>1 
Instead of checking the individual SSFs for SASL, SSL/TLS and LDAPI connection
the global SSF is checked for password changes and enrollments.

https://fedorahosted.org/freeipa/ticket/1877
 2011-10-05 17:20:13 +02:00
Simo Sorce
dfc704de25 ipa-kdb: Fix expiration time calculation 
Expiration time should be enforced as per policy only for users and only when a
password change occurs, ina ll other cases we should just let kadmin decide
whther it is going to set a password expiration time or just leave it empty.

In general service tickts have strong random passwords so they do not need a
password policy or expiration at all.

https://fedorahosted.org/freeipa/ticket/1839
 2011-09-26 10:07:11 +02:00
Simo Sorce
c981627016 ipa-pwd-extop: Enforce old password checks 
If a user is changing his own password, then require the old password to be
sent for validation purposes.

https://fedorahosted.org/freeipa/ticket/1814
 2011-09-21 18:10:34 -04:00
Marko Myllynen
45aa801952 include <stdint.h> for uintptr_t 2011-09-22 09:42:11 -04:00
Simo Sorce
37836a2e6c ipa-pwd-extop: Fix segfault in password change. 
Do not pass an empty buffer to ber_init() as it will assert.
Check before hand and return an error.
 2011-09-21 16:05:02 -04:00
Simo Sorce
4167ad01d7 ipa-kdb: Properly set password expiration time. 
We do the policy check so we are the only one that can calculate the new
pwd espiration time.

Fixes: https://fedorahosted.org/freeipa/ticket/1793
 2011-09-19 12:28:35 -04:00
Rob Crittenden
5371c03c93 The precendence on the modrdn plugin was set in the wrong location. 
https://fedorahosted.org/freeipa/ticket/1370
 2011-09-13 17:36:59 +02:00
Yuri Chornoivan
1785d0a7c1 Fix typos 
Fix "The the" and "classses" in FreeIPA code and messages.

https://fedorahosted.org/freeipa/ticket/1480
 2011-09-07 13:20:42 +02:00
Simo Sorce
dfa944da24 daemons: Remove ipa_kpasswd 
Now that we have our own database we can properly enforce stricter constraints
on how the db can be changed. Stop shipping our own kpasswd daemon and instead
use the regular kadmin daemon.
 2011-08-26 08:26:08 -04:00
Simo Sorce
d8de2d1b7b ipa-kdb: Be flexible 
Although the proper values for booleans from LDAP should be only uppercase,
389ds does allow wrong cased values without complaining. And we still have some
places where the wrong case is used.
Avoid getting frustrating errors when reading these values out.
 2011-08-26 08:24:50 -04:00
Simo Sorce
35e15f6c91 ipa-pwd-extop: Allow kadmin to set krb keys 
Prevent the ipa-pwd-extop plugin from re-generating keys when kadimn is storing
a new set of keys. Only generate the userPassword and sambaXXPassword hashes.
Also avoid checking policies in this case and if history is provided avoid
regenerating the passwordHistory too.
 2011-08-26 08:24:50 -04:00
Simo Sorce
0d048d7b49 ipa-kdb: add password policy support 
Use default policy for new principals created by kadmin
 2011-08-26 08:24:50 -04:00
Simo Sorce
7ea0b5d56e ipa-pwd-extop: Use common password policy code 2011-08-26 08:24:50 -04:00
Simo Sorce
452fcdccdc ipa-kdb: implement change_pwd function 2011-08-26 08:24:49 -04:00
Simo Sorce
49c25dbdf5 ipa-kdb: implement function to retrieve password policies 2011-08-26 08:24:49 -04:00
Simo Sorce
0a4f7960b9 ipa-kdb: Get/Store Master Key directly from LDAP 2011-08-26 08:24:49 -04:00
Simo Sorce
e9e426354f ipa-kdb: add functions to change principals 2011-08-26 08:24:49 -04:00
Simo Sorce
d25370a579 ipa-kdb: add function to iterate over principals 2011-08-26 08:24:49 -04:00
Simo Sorce
2f8caeab48 ipa-kdb: add functions to delete principals 2011-08-26 08:24:49 -04:00
Simo Sorce
8d5c67a9f8 ipa-kdb: add function to free principals 2011-08-26 08:24:49 -04:00
Simo Sorce
abd424889b ipa-kdb: functions to get principal 2011-08-26 08:24:49 -04:00
Simo Sorce
46c803a08d ipa-kdb: add common utility ldap wrapper functions 2011-08-26 08:24:49 -04:00
Simo Sorce
b5ba0f7f48 ipa-kdb: implement get_time function 2011-08-26 08:24:49 -04:00
Simo Sorce
6e010fedaa ipa-kdb: initialize module functions 
Initialize module also on ipadb_create invocation. This is what
kdb5_util expects.
 2011-08-26 08:24:49 -04:00
Simo Sorce
579a159915 ipa-kdb: add exports file 
limit exported symbols only to the ones actually needed by krb5kdc
 2011-08-26 08:24:49 -04:00
Simo Sorce
bac6f2dd13 ipa-kdb: Initial plugin skeleton 2011-08-26 08:24:49 -04:00
Simo Sorce
7d41e7b4d4 ipa-pwd-extop: make encsalt parsing function common 
It is going to be used by the ipa-kdb module too.
 2011-08-26 08:24:49 -04:00