freeipa.git/daemons, branch gssapi-delegate FreeIPA project Don't set the password expiration to the current time 2011-08-01T01:00:45+00:00 Simo Sorce ssorce@redhat.com 2011-08-01T14:24:21+00:00 6f6679e3483a324fe739a527c9eb5a5640e69386 This fixes a regression in the previous patch in ticket #1526. 
This fixes a regression in the previous patch in ticket #1526.
When setting a host password don't set krbPasswordExpiration. 2011-07-29T08:27:15+00:00 Rob Crittenden rcritten@redhat.com 2011-07-27T14:15:00+00:00 1ebe3c1d12e8694baa00c713a60122a40a0c51a3 This can cause problems if a host is enrolled, unenrolled and a password set. The password will be marked as expired like all new passwords are. https://fedorahosted.org/freeipa/ticket/1526 
This can cause problems if a host is enrolled, unenrolled and a password
set. The password will be marked as expired like all new passwords are.

https://fedorahosted.org/freeipa/ticket/1526
Don't set krbLastPwdChange when setting a host OTP password. 2011-07-18T23:34:19+00:00 Rob Crittenden rcritten@redhat.com 2011-06-28T17:09:18+00:00 a00b03831b6a7ccb87d58c92c1072c586889508e We have no visibility into whether an entry has a keytab or not so krbLastPwdChange is used as a rough guide. If this value exists during enrollment then it fails because the host is considered already joined. This was getting set when a OTP was added to a host that had already been enrolled (e.g. you enroll a host, unenroll it, set a OTP, then try to re-enroll). The second enrollment was failing because the enrollment plugin thought it was still enrolled becaused krbLastPwdChange was set. https://fedorahosted.org/freeipa/ticket/1357 
We have no visibility into whether an entry has a keytab or not so
krbLastPwdChange is used as a rough guide.

If this value exists during enrollment then it fails because the host
is considered already joined. This was getting set when a OTP was
added to a host that had already been enrolled (e.g. you enroll a host,
unenroll it, set a OTP, then try to re-enroll). The second enrollment
was failing because the enrollment plugin thought it was still
enrolled becaused krbLastPwdChange was set.

https://fedorahosted.org/freeipa/ticket/1357
Reset failed login count to 0 when admin resets password. 2011-07-13T08:46:22+00:00 Rob Crittenden rcritten@redhat.com 2011-07-06T20:26:27+00:00 f534445e26ebfca38afe1c834ba088cbcbc24e37 https://fedorahosted.org/freeipa/ticket/1441 
https://fedorahosted.org/freeipa/ticket/1441
memory leak in ipa_winsync_get_new_ds_user_dn_cb 2011-06-28T04:11:04+00:00 Rich Megginson rmeggins@redhat.com 2011-06-25T01:44:05+00:00 cae6f1511ef81c645e1bf873b2ae975190ea5c4c The new_dn_string passed into this function is malloc'd. It must be freed before we reassign the value. 
The new_dn_string passed into this function is malloc'd.  It
must be freed before we reassign the value.
modify user deleted in AD crashes winsync 2011-06-28T04:11:04+00:00 Rich Megginson rmeggins@redhat.com 2011-06-25T01:42:47+00:00 89c67c3ad97f858ebde38a34a7b106379371c125 https://fedorahosted.org/freeipa/ticket/1382 crash in winsync if replaying a MOD and user does not exist in AD If the AD entry is deleted before the deletion can be synced back to IPA, and in the meantime an operation is performed on the corresponding entry in IPA that should be synced to AD, winsync attempts to get the AD entry and it is empty. This just means the operation will not go through, and the entry will be deleted when the sync from AD happens. The IPA winsync plugin needs to handle the case when the ad_entry is NULL. 
https://fedorahosted.org/freeipa/ticket/1382
crash in winsync if replaying a MOD and user does not exist in AD
If the AD entry is deleted before the deletion can be synced back to IPA,
and in the meantime an operation is performed on the corresponding
entry in IPA that should be synced to AD, winsync attempts to get the
AD entry and it is empty.  This just means the operation will not go
through, and the entry will be deleted when the sync from AD happens.
The IPA winsync plugin needs to handle the case when the ad_entry
is NULL.
winsync enables disabled users in AD 2011-06-28T04:11:04+00:00 Rich Megginson rmeggins@redhat.com 2011-06-25T01:38:13+00:00 d43e87e10c9ebe8ee1bc6a1481c0f238b1defc37 https://fedorahosted.org/freeipa/ticket/1379 winsync enables disabled users in AD when the AD entry changes This was likely broken when ipa switched from using CoS/groups for account inactivation to using nsAccountLock directly. The code that handled the account sync in the from AD direction was broken, but was never found before now because it had not been used. The fix is to correctly set or remove nsAccountLock. 
https://fedorahosted.org/freeipa/ticket/1379
winsync enables disabled users in AD when the AD entry changes
This was likely broken when ipa switched from using CoS/groups for account
inactivation to using nsAccountLock directly.  The code that handled the
account sync in the from AD direction was broken, but was never found before
now because it had not been used.  The fix is to correctly set or remove
nsAccountLock.
Fix issues found by Coverity. 2011-05-09T20:23:40+00:00 Jan Cholasta jcholast@redhat.com 2011-04-29T11:15:39+00:00 16d1db499676ec7070becbb73fdf73d1af5645b3 tickets 1166, 1167, 1168, 1169 
tickets 1166, 1167, 1168, 1169
Fix resource leaks. 2011-03-28T18:50:59+00:00 Simo Sorce ssorce@redhat.com 2011-03-24T18:18:54+00:00 bb9617f83867590eebef65e906f77094d1088afe Fixes: https://fedorahosted.org/freeipa/ticket/1119 
Fixes: https://fedorahosted.org/freeipa/ticket/1119
Fix uninitialized variable. 2011-03-24T19:20:03+00:00 Simo Sorce ssorce@redhat.com 2011-03-24T18:25:46+00:00 8308efeb14baa26c64e97ee5ec3a01229c563856 https://fedorahosted.org/freeipa/ticket/1118 
https://fedorahosted.org/freeipa/ticket/1118