summaryrefslogtreecommitdiffstats
path: root/daemons/ipa-slapi-plugins
Commit message (Collapse)AuthorAgeFilesLines
* Forbid overlapping primary and secondary rid rangesTomas Babej2012-10-191-14/+97
| | | | | | | | | | | Commands ipa idrange-add / idrange-mod no longer allows the user to enter primary or secondary rid range such that has non-zero intersection with primary or secondary rid range of another existing id range, as this could cause collision. Unit tests added to test_range_plugin.py https://fedorahosted.org/freeipa/ticket/3086
* extdom: handle INP_POSIX_UID and INP_POSIX_GID requestsSumit Bose2012-10-181-6/+32
| | | | Fixes https://fedorahosted.org/freeipa/ticket/3166
* Fix various issues found by CoveritySumit Bose2012-10-175-11/+21
|
* Add SIDs for existing users and groups at the end of ipa-adtrust-installSumit Bose2012-10-043-10/+11
| | | | Fixes https://fedorahosted.org/freeipa/ticket/3104
* Support the new Winsync POSIX API.Rob Crittenden2012-09-061-6/+50
| | | | | | | | | | | This will sync down the POSIX attributes from AD so we need to be careful to not mess with them when they are already set. This includes uidNumber, gidNumber, homeDirectory, loginShell and gecos. http://port389.org/wiki/WinSync_Posix http://port389.org/wiki/Windows_Sync_Plugin_API#Version_3_API_functions https://fedorahosted.org/freeipa/ticket/3007
* Make encode_ntlm_keys() publicSumit Bose2012-09-062-196/+14
|
* Change slapi_mods_init in ipa_winsync_pre_ad_mod_user_mods_cbTomas Babej2012-09-041-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/2953
* Don't generate password history error if history is set to 0.Rob Crittenden2012-08-271-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/2805
* extdom: read ranges from LDAPSumit Bose2012-08-151-0/+72
|
* Add special modify op to regen ipaNTHashSimo Sorce2012-07-301-3/+143
| | | | | | The NT Hash is the same thing as the RC4-HMAC key, so we add a function to extract it from krb5 keys if they are available to avoid forcing a password change when configuring trust relationships.
* Improve loops around slapi modsSimo Sorce2012-07-301-68/+62
| | | | | Avoid the need to allocate/free a Slapi_Mod and avoid checking for attribute equvalence after a match (use if/else)
* Do not check for DNA magic valuesSimo Sorce2012-07-262-8/+0
| | | | | | | The DNA magic value can be arbitrarily changed by admins so we cannot use a const value to check. And we relly do not need to check at all. If the DNA plugin is broken and leaves magic values to reach the post-op stage we have bigger problems. So just simply get rid of this check.
* Fix wrong check after allocation.Simo Sorce2012-07-071-1/+1
|
* Add range check preop pluginSumit Bose2012-06-294-0/+503
| | | | | | | To make sure that ID ranges do not overlap this plugin checks new additions and changes for conflicts with existing ranges. https://fedorahosted.org/freeipa/ticket/2185
* Use lower case names in LDAP to meet freeIPA conventionSumit Bose2012-06-291-11/+11
|
* Add external domain extop DS pluginSumit Bose2012-06-288-0/+1180
| | | | | | This extop can be used by clients of the IPA domain, e.g. sssd, to retrieve data from trusted external domains. It can be used e.g. to map Windows SIDs to user or groups names and back.
* Add sidgen postop and taskSumit Bose2012-06-289-0/+1377
| | | | | | | | A postop plugin is added to create the SID for new created users and groups. A directory server task allows to set the SID for existing users and groups. Fixes https://fedorahosted.org/freeipa/ticket/2825
* Normalize uid to lower case in winsync.Rob Crittenden2012-05-251-1/+32
| | | | | | This in effect fixes uid, krbPrincipalName and homeDir. https://fedorahosted.org/freeipa/ticket/2756
* Fix migration code password setting.Simo Sorce2012-05-171-0/+11
| | | | | | | | When we set a password we also need to make sure krbExtraData is set. If not kadmin will later complain that the object is corrupted at password change time. Ticket: https://fedorahosted.org/freeipa/ticket/2764
* Return LDAP_SUCCESS on mods on a referral entry.Rob Crittenden2012-05-111-0/+9
| | | | | | | | | We currently return LDAP_REFERRAL which causes the mod to fail meaning that referral entries cannot be changed. All we really want to do is escape when we don't hvae an entry to modify. https://fedorahosted.org/freeipa/ticket/2237
* Treat UPGs correctly in winsync replicationMartin Kosek2012-03-152-11/+91
| | | | | | | | | | | | | | | | | | | | | | | | IPA winsync plugin failed to replicate users when default user group was non-posix even though User Private Groups (UPG) were enabled on the server. Both their uidNumber and gidNumber were empty and they missed essential object classes. When the default user group was made posix and UPG was disabled it did not set gidNumber to the default group gidNumber. This patch improves this behavior to set gidNumber correctly according to UPG configuration and the default group status (posix/non-posix). 4 situations can occur, the following list specifies what value is assigned to user gidNumber: 1) Default group posix, UPG enabled: gidNumber = UPG gidNumber 2) Default group posix, UPG disabled: gidNumber = default group gidNumber 3) Default group non-posix, UPG enabled: gidNumber = UPG gidNumber 4) Default group non-posix, UPG disabled: an error is printed to the dirsrv log as the gidNumber cannot be retrieved. User is replicated in the same way as before this patch, i.e. without essential object classes. https://fedorahosted.org/freeipa/ticket/2436
* Improve password change error messageMartin Kosek2012-02-032-3/+3
| | | | | | | | | | | User always receives the same error message if he changes his password via "ipa passwd" command and the new password fails configured password policy. He then has to investigate on his own the actual reason why was the policy violated. This patch improves our SLAPI PWD plugins to provide a better error message explaining the violation reason. https://fedorahosted.org/freeipa/ticket/2067
* ipa-cldap: Support clients asking for default domainSimo Sorce2012-01-051-1/+21
|
* Make pwd-extop aware of new ipaNTHash attributeSumit Bose2011-12-065-29/+89
|
* ipa-cldap: send cldap replySimo Sorce2011-11-211-0/+48
|
* ipa-cldap: Create netlogon blobSimo Sorce2011-11-214-0/+344
|
* ipa-cldap: Decode CLDAP request.Simo Sorce2011-11-212-0/+191
|
* ipa-cldap: Implement worker thread.Simo Sorce2011-11-212-1/+81
|
* Create skeleton CLDAP server as a DS pluginSimo Sorce2011-11-216-0/+425
|
* Fix CID 10745: Unchecked return valueSimo Sorce2011-11-071-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/2036
* Fix CID 10743: Unchecked return valueSimo Sorce2011-11-071-2/+8
| | | | https://fedorahosted.org/freeipa/ticket/2036
* Fix CID 10742: Unchecked return valueSimo Sorce2011-11-071-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/2036
* ipa-pwd-extop: allow password change on all connections with SSF>1Sumit Bose2011-10-052-26/+12
| | | | | | | Instead of checking the individual SSFs for SASL, SSL/TLS and LDAPI connection the global SSF is checked for password changes and enrollments. https://fedorahosted.org/freeipa/ticket/1877
* ipa-pwd-extop: Enforce old password checksSimo Sorce2011-09-211-1/+64
| | | | | | | If a user is changing his own password, then require the old password to be sent for validation purposes. https://fedorahosted.org/freeipa/ticket/1814
* include <stdint.h> for uintptr_tMarko Myllynen2011-09-221-0/+1
|
* ipa-pwd-extop: Fix segfault in password change.Simo Sorce2011-09-211-0/+7
| | | | | Do not pass an empty buffer to ber_init() as it will assert. Check before hand and return an error.
* The precendence on the modrdn plugin was set in the wrong location.Rob Crittenden2011-09-131-0/+1
| | | | https://fedorahosted.org/freeipa/ticket/1370
* Fix typosYuri Chornoivan2011-09-0714-15/+15
| | | | | | Fix "The the" and "classses" in FreeIPA code and messages. https://fedorahosted.org/freeipa/ticket/1480
* ipa-pwd-extop: Allow kadmin to set krb keysSimo Sorce2011-08-262-48/+100
| | | | | | | Prevent the ipa-pwd-extop plugin from re-generating keys when kadimn is storing a new set of keys. Only generate the userPassword and sambaXXPassword hashes. Also avoid checking policies in this case and if history is provided avoid regenerating the passwordHistory too.
* ipa-pwd-extop: Use common password policy codeSimo Sorce2011-08-264-448/+127
|
* ipa-pwd-extop: make encsalt parsing function commonSimo Sorce2011-08-261-91/+20
| | | | It is going to be used by the ipa-kdb module too.
* ipa-pwd-extop: Move encoding in common tooSimo Sorce2011-08-264-202/+50
| | | | Also to be used by ipa-kdb
* ipa-pwd-extop: Move encryption of keys in commonSimo Sorce2011-08-261-202/+9
| | | | This way we can reuse the same code from ipa-kdb later
* ipa-pwd-extop: Use common krb5 structs from kdb.hSimo Sorce2011-08-264-19/+14
| | | | This removes custom structures and allows easier sharing of code with ipa-kdb
* ipa-pwd-extop: re-indent code using old styleSimo Sorce2011-08-261-30/+30
|
* ipa-pwd-extop: Use the proper mkvno number in keysSimo Sorce2011-08-264-6/+6
| | | | | | | | Setting 0 will work as MIT KDCs assume the current master key when that is found. But it is a legacy compatibility mode and we should instead set the proper mkvno number on keys so changeing master key becomes possible w/o having to do a dump reload and stopping the service. This is especially important in replicated environments.
* ipa-pwd-extop: do not append mkvno to krbExtraDataSimo Sorce2011-08-261-9/+2
| | | | | mkvno is actually available as part of the key material. There is no need to store it in the krbExtraData field as it is unused there.
* ipa-pwd-extop: Remove unused variables and code to set themSimo Sorce2011-08-261-12/+0
|
* ipa-pwd_extop: use endian.h instead of nih functionSimo Sorce2011-08-263-10/+8
|
* Fix build warningsSimo Sorce2011-08-263-13/+15
| | | | Some are actual bugs.
generated by cgit (git 2.34.1) at 2024-06-08 11:59:40 +0000