mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 08:00:02 -06:00
0ce3ab36b4
Currently if a certificate mapping and matching rule has a typo or is of an unsupported type the whole rule processing is aborted and the IPA certmap plugin works without any rules effectively disabling PKINIT for users. Since each rule would only allow more certificates for PKINIT it would be more user/admin friendly to just ignore the failed rules with a log message and continue with what is left or use the default rule if nothing is left. This change is done to add more flexibility to define new mapping and matching templates which are e.g. needed to cover changes planned by Microsoft as explained in https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-windows-domain-controllers-ad2c23b0-15d8-4340-a468-4d4f3b188f16 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> |
||
---|---|---|
.. | ||
tests | ||
ipa_kdb_audit_as.c | ||
ipa_kdb_certauth.c | ||
ipa_kdb_common.c | ||
ipa_kdb_delegation.c | ||
ipa_kdb_kdcpolicy.c | ||
ipa_kdb_mkey.c | ||
ipa_kdb_mspac_private.h | ||
ipa_kdb_mspac_v6.c | ||
ipa_kdb_mspac_v9.c | ||
ipa_kdb_mspac.c | ||
ipa_kdb_passwords.c | ||
ipa_kdb_principals.c | ||
ipa_kdb_pwdpolicy.c | ||
ipa_kdb.c | ||
ipa_kdb.exports | ||
ipa_kdb.h | ||
ipa-print-pac.c | ||
Makefile.am | ||
README | ||
README.s4u2proxy.txt |
This is the ipa krb5kdc database backend. As the KDB interfaces heavily with krb5, we inherit its code style as well. However, note the following changes: - no modelines (and different file preamble) - return types don't require their own line - single-statement blocks may optionally be braced - /* and */ do not ever get their own line - C99 for-loops are permitted (and encouraged) - a restricted set of other C99 features are permitted In particular, variable-length arrays, flexible array members, compound literals, universal character names, and //-style comments are not permitted. Use of regular malloc/free is preferred over talloc for new code. By and large, existing code mostly conforms to these requirements. New code must conform to them.