IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-12 09:11:55 -06:00
Code Issues Packages Projects Releases Wiki Activity
3de5e4e1f7
freeipa/daemons/ipa-kdb
History
Julien Rische 35e94bee0e ipa-kdb: do not remove keys for hardened auth-enabled users 
Since 5d51ae5, principal keys were dropped in case user auth indicator
was not including password. Thereafter, the key removal behavior was
removed by 15ff9c8 in the context of the kdcpolicy plugin introduction.
Support for hardened pre-auth methods (FAST and SPAKE) was added in
d057040, and the removal of principal keys was restored afterwards by
f0d12b7, but not taking the new hardened auth indicator into account.

Fixes: https://pagure.io/freeipa/issue/9065
Related to: https://pagure.io/freeipa/issue/8001

Signed-off-by: Julien Rische <jrische@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
2022-02-02 15:42:45 +01:00
..
tests ipa-kdb: store SID in the principal entry 2021-11-10 15:00:27 -05:00
ipa_kdb_audit_as.c ipa-kdb: fix compiler warnings 2021-03-01 10:44:25 -05:00
ipa_kdb_certauth.c ipa-kdb: reformat ipa_kdb_certauth 2021-03-01 10:44:25 -05:00
ipa_kdb_common.c ipa-kdb: handle dates up to 2106-02-07 06:28:16 2020-12-18 20:38:40 +02:00
ipa_kdb_delegation.c ipa-kdb: use entry DN to compare aliased entries in S4U operations 2021-11-10 15:00:27 -05:00
ipa_kdb_kdcpolicy.c kdb: fix typo in ipa_kdcpolicy_check_as 2021-09-22 09:36:39 +02:00
ipa_kdb_mkey.c ipa-kdb: Get/Store Master Key directly from LDAP 2011-08-26 08:24:49 -04:00
ipa_kdb_mspac_private.h ipa-kdb: refactor KDB driver to prepare for KDB version 9 2022-01-24 17:38:24 -05:00
ipa_kdb_mspac_v6.c ipa-kdb: refactor KDB driver to prepare for KDB version 9 2022-01-24 17:38:24 -05:00
ipa_kdb_mspac_v9.c ipa-kdb: refactor KDB driver to prepare for KDB version 9 2022-01-24 17:38:24 -05:00
ipa_kdb_mspac.c ipa-kdb: refactor KDB driver to prepare for KDB version 9 2022-01-24 17:38:24 -05:00
ipa_kdb_passwords.c Add missing break statement to password quality switch 2021-01-15 10:01:28 +01:00
ipa_kdb_principals.c ipa-kdb: do not remove keys for hardened auth-enabled users 2022-02-02 15:42:45 +01:00
ipa_kdb_pwdpolicy.c ipa-kdb: fix compiler warnings 2021-03-01 10:44:25 -05:00
ipa_kdb.c ipa-kdb: refactor KDB driver to prepare for KDB version 9 2022-01-24 17:38:24 -05:00
ipa_kdb.exports Add a skeleton kdcpolicy plugin 2019-09-10 12:33:21 +03:00
ipa_kdb.h ipa-kdb: enforce SID checks when generating PAC 2021-11-10 15:00:27 -05:00
ipa-print-pac.c Fix use of comparison functions to avoid GCC bug 95189 2021-11-23 10:31:34 +01:00
Makefile.am ipa-kdb: refactor KDB driver to prepare for KDB version 9 2022-01-24 17:38:24 -05:00
README Make the coding style explicit 2020-01-15 10:00:08 +01:00
README.s4u2proxy.txt Fix s4u2proxy README and add warning 2015-06-08 14:37:29 -04:00

README 

This is the ipa krb5kdc database backend.

As the KDB interfaces heavily with krb5, we inherit its code style as well.
However, note the following changes:

- no modelines (and different file preamble)
- return types don't require their own line
- single-statement blocks may optionally be braced
- /* and */ do not ever get their own line
- C99 for-loops are permitted (and encouraged)
- a restricted set of other C99 features are permitted

In particular, variable-length arrays, flexible array members, compound
literals, universal character names, and //-style comments are not permitted.

Use of regular malloc/free is preferred over talloc for new code.

By and large, existing code mostly conforms to these requirements.  New code
must conform to them.