IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
4,426 Commits 11 Branches 60 Tags 60 MiB
6d9944cb93
Commit Graph

138 Commits

Author SHA1 Message Date
Simo Sorce
94a8bc1917 MS-PAC: Add support for verifying PAC in TGS requests 
Fake code for now, to be rebased later
 2011-11-07 14:25:07 -05:00
Simo Sorce
18537d55a7 Add support for generating PAC for AS requests for user principals 2011-11-07 14:25:07 -05:00
Simo Sorce
9701821227 Fix CID 11027: Wrong sizeof argument 
https://fedorahosted.org/freeipa/ticket/2037
 2011-11-07 11:13:55 -05:00
Simo Sorce
ad8c53d584 Fix CID 11026: Resource leak 
https://fedorahosted.org/freeipa/ticket/2037
 2011-11-07 11:13:55 -05:00
Simo Sorce
8cc402206a Fix CID 11025: Resource leak 
https://fedorahosted.org/freeipa/ticket/2037
 2011-11-07 11:13:55 -05:00
Simo Sorce
ea10ad1851 Fix CID 11024: Resource leak 
https://fedorahosted.org/freeipa/ticket/2037
 2011-11-07 11:13:55 -05:00
Simo Sorce
bc3fb1b3a0 Fix CID 11023: Resource leak 
https://fedorahosted.org/freeipa/ticket/2037
 2011-11-07 11:13:55 -05:00
Simo Sorce
a49cf51ee2 Fix CID 11022: Resource leak 
https://fedorahosted.org/freeipa/ticket/2037
 2011-11-07 11:13:55 -05:00
Simo Sorce
c286278aa9 Fix CID 11020: Resource leak 
https://fedorahosted.org/freeipa/ticket/2037
 2011-11-07 11:13:55 -05:00
Simo Sorce
299c91df92 Fix CID 11019: Resource leak 
https://fedorahosted.org/freeipa/ticket/2037
 2011-11-07 11:13:55 -05:00
Simo Sorce
8276d5d55f Fix CID 10745: Unchecked return value 
https://fedorahosted.org/freeipa/ticket/2036
 2011-11-07 11:13:55 -05:00
Simo Sorce
7cca50e9b5 Fix CID 10743: Unchecked return value 
https://fedorahosted.org/freeipa/ticket/2036
 2011-11-07 11:13:55 -05:00
Simo Sorce
e615bea1be Fix CID 10742: Unchecked return value 
https://fedorahosted.org/freeipa/ticket/2036
 2011-11-07 11:13:55 -05:00
Simo Sorce
9f07404fe3 ipa-kdb: Fix memory leak 2011-11-03 09:51:30 -04:00
Simo Sorce
f28ab8351f ipa-kdb: Fix legacy password hashes generation 
We were not searching for objectclass so the test to se if a user had the
posixAccount attribute was failing and the user was not marked as ipa_user.
This in turn caused us to not synchronize legacy hashes by not trying to store
the userPassword attribute.

Fixes: https://fedorahosted.org/freeipa/ticket/1820
 2011-10-06 12:15:05 -04:00
Sumit Bose
3fb40170cb ipa-pwd-extop: allow password change on all connections with SSF>1 
Instead of checking the individual SSFs for SASL, SSL/TLS and LDAPI connection
the global SSF is checked for password changes and enrollments.

https://fedorahosted.org/freeipa/ticket/1877
 2011-10-05 17:20:13 +02:00
Simo Sorce
dfc704de25 ipa-kdb: Fix expiration time calculation 
Expiration time should be enforced as per policy only for users and only when a
password change occurs, ina ll other cases we should just let kadmin decide
whther it is going to set a password expiration time or just leave it empty.

In general service tickts have strong random passwords so they do not need a
password policy or expiration at all.

https://fedorahosted.org/freeipa/ticket/1839
 2011-09-26 10:07:11 +02:00
Simo Sorce
c981627016 ipa-pwd-extop: Enforce old password checks 
If a user is changing his own password, then require the old password to be
sent for validation purposes.

https://fedorahosted.org/freeipa/ticket/1814
 2011-09-21 18:10:34 -04:00
Marko Myllynen
45aa801952 include <stdint.h> for uintptr_t 2011-09-22 09:42:11 -04:00
Simo Sorce
37836a2e6c ipa-pwd-extop: Fix segfault in password change. 
Do not pass an empty buffer to ber_init() as it will assert.
Check before hand and return an error.
 2011-09-21 16:05:02 -04:00
Simo Sorce
4167ad01d7 ipa-kdb: Properly set password expiration time. 
We do the policy check so we are the only one that can calculate the new
pwd espiration time.

Fixes: https://fedorahosted.org/freeipa/ticket/1793
 2011-09-19 12:28:35 -04:00
Rob Crittenden
5371c03c93 The precendence on the modrdn plugin was set in the wrong location. 
https://fedorahosted.org/freeipa/ticket/1370
 2011-09-13 17:36:59 +02:00
Yuri Chornoivan
1785d0a7c1 Fix typos 
Fix "The the" and "classses" in FreeIPA code and messages.

https://fedorahosted.org/freeipa/ticket/1480
 2011-09-07 13:20:42 +02:00
Simo Sorce
dfa944da24 daemons: Remove ipa_kpasswd 
Now that we have our own database we can properly enforce stricter constraints
on how the db can be changed. Stop shipping our own kpasswd daemon and instead
use the regular kadmin daemon.
 2011-08-26 08:26:08 -04:00
Simo Sorce
d8de2d1b7b ipa-kdb: Be flexible 
Although the proper values for booleans from LDAP should be only uppercase,
389ds does allow wrong cased values without complaining. And we still have some
places where the wrong case is used.
Avoid getting frustrating errors when reading these values out.
 2011-08-26 08:24:50 -04:00
Simo Sorce
35e15f6c91 ipa-pwd-extop: Allow kadmin to set krb keys 
Prevent the ipa-pwd-extop plugin from re-generating keys when kadimn is storing
a new set of keys. Only generate the userPassword and sambaXXPassword hashes.
Also avoid checking policies in this case and if history is provided avoid
regenerating the passwordHistory too.
 2011-08-26 08:24:50 -04:00
Simo Sorce
0d048d7b49 ipa-kdb: add password policy support 
Use default policy for new principals created by kadmin
 2011-08-26 08:24:50 -04:00
Simo Sorce
7ea0b5d56e ipa-pwd-extop: Use common password policy code 2011-08-26 08:24:50 -04:00
Simo Sorce
452fcdccdc ipa-kdb: implement change_pwd function 2011-08-26 08:24:49 -04:00
Simo Sorce
49c25dbdf5 ipa-kdb: implement function to retrieve password policies 2011-08-26 08:24:49 -04:00
Simo Sorce
0a4f7960b9 ipa-kdb: Get/Store Master Key directly from LDAP 2011-08-26 08:24:49 -04:00
Simo Sorce
e9e426354f ipa-kdb: add functions to change principals 2011-08-26 08:24:49 -04:00
Simo Sorce
d25370a579 ipa-kdb: add function to iterate over principals 2011-08-26 08:24:49 -04:00
Simo Sorce
2f8caeab48 ipa-kdb: add functions to delete principals 2011-08-26 08:24:49 -04:00
Simo Sorce
8d5c67a9f8 ipa-kdb: add function to free principals 2011-08-26 08:24:49 -04:00
Simo Sorce
abd424889b ipa-kdb: functions to get principal 2011-08-26 08:24:49 -04:00
Simo Sorce
46c803a08d ipa-kdb: add common utility ldap wrapper functions 2011-08-26 08:24:49 -04:00
Simo Sorce
b5ba0f7f48 ipa-kdb: implement get_time function 2011-08-26 08:24:49 -04:00
Simo Sorce
6e010fedaa ipa-kdb: initialize module functions 
Initialize module also on ipadb_create invocation. This is what
kdb5_util expects.
 2011-08-26 08:24:49 -04:00
Simo Sorce
579a159915 ipa-kdb: add exports file 
limit exported symbols only to the ones actually needed by krb5kdc
 2011-08-26 08:24:49 -04:00
Simo Sorce
bac6f2dd13 ipa-kdb: Initial plugin skeleton 2011-08-26 08:24:49 -04:00
Simo Sorce
7d41e7b4d4 ipa-pwd-extop: make encsalt parsing function common 
It is going to be used by the ipa-kdb module too.
 2011-08-26 08:24:49 -04:00
Simo Sorce
eed401306c ipa-pwd-extop: Move encoding in common too 
Also to be used by ipa-kdb
 2011-08-26 08:24:49 -04:00
Simo Sorce
4928229093 ipa-pwd-extop: Move encryption of keys in common 
This way we can reuse the same code from ipa-kdb later
 2011-08-26 08:24:49 -04:00
Simo Sorce
b4aab3d98d ipa-pwd-extop: Use common krb5 structs from kdb.h 
This removes custom structures and allows easier sharing of code with ipa-kdb
 2011-08-26 08:24:49 -04:00
Simo Sorce
672035cbba ipa-pwd-extop: re-indent code using old style 2011-08-26 08:24:49 -04:00
Simo Sorce
229b9a209c ipa-pwd-extop: Use the proper mkvno number in keys 
Setting 0 will work as MIT KDCs assume the current master key when that is
found. But it is a legacy compatibility mode and we should instead set the
proper mkvno number on keys so changeing master key becomes possible w/o
having to do a dump reload and stopping the service. This is especially
important in replicated environments.
 2011-08-26 08:24:49 -04:00
Simo Sorce
5746bbe92a ipa-pwd-extop: do not append mkvno to krbExtraData 
mkvno is actually available as part of the key material.
There is no need to store it in the krbExtraData field as it is unused there.
 2011-08-26 08:24:49 -04:00
Simo Sorce
d1cc660db2 ipa-pwd-extop: Remove unused variables and code to set them 2011-08-26 08:24:49 -04:00
Simo Sorce
c42cf02405 ipa-pwd_extop: use endian.h instead of nih function 2011-08-26 08:24:48 -04:00