summaryrefslogtreecommitdiffstats
path: root/daemons
Commit message (Collapse)AuthorAgeFilesLines
...
* ipa-cldap: Implement worker thread.Simo Sorce2011-11-212-1/+81
|
* Create skeleton CLDAP server as a DS pluginSimo Sorce2011-11-217-0/+427
|
* MS-PAC: Add support for verifying PAC in TGS requestsSimo Sorce2011-11-071-7/+62
| | | | Fake code for now, to be rebased later
* Add support for generating PAC for AS requests for user principalsSimo Sorce2011-11-077-1/+905
|
* Fix CID 11027: Wrong sizeof argumentSimo Sorce2011-11-071-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/2037
* Fix CID 11026: Resource leakSimo Sorce2011-11-071-1/+4
| | | | https://fedorahosted.org/freeipa/ticket/2037
* Fix CID 11025: Resource leakSimo Sorce2011-11-071-2/+2
| | | | https://fedorahosted.org/freeipa/ticket/2037
* Fix CID 11024: Resource leakSimo Sorce2011-11-071-0/+1
| | | | https://fedorahosted.org/freeipa/ticket/2037
* Fix CID 11023: Resource leakSimo Sorce2011-11-071-0/+1
| | | | https://fedorahosted.org/freeipa/ticket/2037
* Fix CID 11022: Resource leakSimo Sorce2011-11-071-0/+7
| | | | https://fedorahosted.org/freeipa/ticket/2037
* Fix CID 11020: Resource leakSimo Sorce2011-11-071-0/+1
| | | | https://fedorahosted.org/freeipa/ticket/2037
* Fix CID 11019: Resource leakSimo Sorce2011-11-071-6/+7
| | | | https://fedorahosted.org/freeipa/ticket/2037
* Fix CID 10745: Unchecked return valueSimo Sorce2011-11-071-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/2036
* Fix CID 10743: Unchecked return valueSimo Sorce2011-11-071-2/+8
| | | | https://fedorahosted.org/freeipa/ticket/2036
* Fix CID 10742: Unchecked return valueSimo Sorce2011-11-071-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/2036
* ipa-kdb: Fix memory leakSimo Sorce2011-11-031-0/+1
|
* ipa-kdb: Fix legacy password hashes generationSimo Sorce2011-10-062-3/+2
| | | | | | | | | We were not searching for objectclass so the test to se if a user had the posixAccount attribute was failing and the user was not marked as ipa_user. This in turn caused us to not synchronize legacy hashes by not trying to store the userPassword attribute. Fixes: https://fedorahosted.org/freeipa/ticket/1820
* ipa-pwd-extop: allow password change on all connections with SSF>1Sumit Bose2011-10-052-26/+12
| | | | | | | Instead of checking the individual SSFs for SASL, SSL/TLS and LDAPI connection the global SSF is checked for password changes and enrollments. https://fedorahosted.org/freeipa/ticket/1877
* ipa-kdb: Fix expiration time calculationSimo Sorce2011-09-262-17/+18
| | | | | | | | | | | Expiration time should be enforced as per policy only for users and only when a password change occurs, ina ll other cases we should just let kadmin decide whther it is going to set a password expiration time or just leave it empty. In general service tickts have strong random passwords so they do not need a password policy or expiration at all. https://fedorahosted.org/freeipa/ticket/1839
* ipa-pwd-extop: Enforce old password checksSimo Sorce2011-09-211-1/+64
| | | | | | | If a user is changing his own password, then require the old password to be sent for validation purposes. https://fedorahosted.org/freeipa/ticket/1814
* include <stdint.h> for uintptr_tMarko Myllynen2011-09-221-0/+1
|
* ipa-pwd-extop: Fix segfault in password change.Simo Sorce2011-09-211-0/+7
| | | | | Do not pass an empty buffer to ber_init() as it will assert. Check before hand and return an error.
* ipa-kdb: Properly set password expiration time.Simo Sorce2011-09-193-4/+74
| | | | | | | We do the policy check so we are the only one that can calculate the new pwd espiration time. Fixes: https://fedorahosted.org/freeipa/ticket/1793
* The precendence on the modrdn plugin was set in the wrong location.Rob Crittenden2011-09-131-0/+1
| | | | https://fedorahosted.org/freeipa/ticket/1370
* Fix typosYuri Chornoivan2011-09-0715-16/+16
| | | | | | Fix "The the" and "classses" in FreeIPA code and messages. https://fedorahosted.org/freeipa/ticket/1480
* daemons: Remove ipa_kpasswdSimo Sorce2011-08-266-1554/+0
| | | | | | Now that we have our own database we can properly enforce stricter constraints on how the db can be changed. Stop shipping our own kpasswd daemon and instead use the regular kadmin daemon.
* ipa-kdb: Be flexibleSimo Sorce2011-08-261-2/+2
| | | | | | | Although the proper values for booleans from LDAP should be only uppercase, 389ds does allow wrong cased values without complaining. And we still have some places where the wrong case is used. Avoid getting frustrating errors when reading these values out.
* ipa-pwd-extop: Allow kadmin to set krb keysSimo Sorce2011-08-262-48/+100
| | | | | | | Prevent the ipa-pwd-extop plugin from re-generating keys when kadimn is storing a new set of keys. Only generate the userPassword and sambaXXPassword hashes. Also avoid checking policies in this case and if history is provided avoid regenerating the passwordHistory too.
* ipa-kdb: add password policy supportSimo Sorce2011-08-264-8/+347
| | | | Use default policy for new principals created by kadmin
* ipa-pwd-extop: Use common password policy codeSimo Sorce2011-08-264-448/+127
|
* ipa-kdb: implement change_pwd functionSimo Sorce2011-08-265-11/+116
|
* ipa-kdb: implement function to retrieve password policiesSimo Sorce2011-08-264-43/+209
|
* ipa-kdb: Get/Store Master Key directly from LDAPSimo Sorce2011-08-265-12/+264
|
* ipa-kdb: add functions to change principalsSimo Sorce2011-08-263-1/+804
|
* ipa-kdb: add function to iterate over principalsSimo Sorce2011-08-261-1/+41
|
* ipa-kdb: add functions to delete principalsSimo Sorce2011-08-261-1/+121
|
* ipa-kdb: add function to free principalsSimo Sorce2011-08-261-1/+16
|
* ipa-kdb: functions to get principalSimo Sorce2011-08-264-35/+884
|
* ipa-kdb: add common utility ldap wrapper functionsSimo Sorce2011-08-263-0/+464
|
* ipa-kdb: implement get_time functionSimo Sorce2011-08-262-1/+6
|
* ipa-kdb: initialize module functionsSimo Sorce2011-08-263-6/+384
| | | | | Initialize module also on ipadb_create invocation. This is what kdb5_util expects.
* ipa-kdb: add exports fileSimo Sorce2011-08-262-1/+14
| | | | limit exported symbols only to the ones actually needed by krb5kdc
* ipa-kdb: Initial plugin skeletonSimo Sorce2011-08-265-0/+231
|
* ipa-pwd-extop: make encsalt parsing function commonSimo Sorce2011-08-261-91/+20
| | | | It is going to be used by the ipa-kdb module too.
* ipa-pwd-extop: Move encoding in common tooSimo Sorce2011-08-264-202/+50
| | | | Also to be used by ipa-kdb
* ipa-pwd-extop: Move encryption of keys in commonSimo Sorce2011-08-261-202/+9
| | | | This way we can reuse the same code from ipa-kdb later
* ipa-pwd-extop: Use common krb5 structs from kdb.hSimo Sorce2011-08-264-19/+14
| | | | This removes custom structures and allows easier sharing of code with ipa-kdb
* ipa-pwd-extop: re-indent code using old styleSimo Sorce2011-08-261-30/+30
|
* ipa-pwd-extop: Use the proper mkvno number in keysSimo Sorce2011-08-264-6/+6
| | | | | | | | Setting 0 will work as MIT KDCs assume the current master key when that is found. But it is a legacy compatibility mode and we should instead set the proper mkvno number on keys so changeing master key becomes possible w/o having to do a dump reload and stopping the service. This is especially important in replicated environments.
* ipa-pwd-extop: do not append mkvno to krbExtraDataSimo Sorce2011-08-261-9/+2
| | | | | mkvno is actually available as part of the key material. There is no need to store it in the krbExtraData field as it is unused there.
generated by cgit (git 2.34.1) at 2024-06-01 12:37:20 +0000