Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | ipa-cldap: send cldap reply | Simo Sorce | 2011-11-21 | 1 | -0/+48 |
| | |||||
* | ipa-cldap: Create netlogon blob | Simo Sorce | 2011-11-21 | 4 | -0/+344 |
| | |||||
* | ipa-cldap: Decode CLDAP request. | Simo Sorce | 2011-11-21 | 2 | -0/+191 |
| | |||||
* | ipa-cldap: Implement worker thread. | Simo Sorce | 2011-11-21 | 2 | -1/+81 |
| | |||||
* | Create skeleton CLDAP server as a DS plugin | Simo Sorce | 2011-11-21 | 7 | -0/+427 |
| | |||||
* | MS-PAC: Add support for verifying PAC in TGS requests | Simo Sorce | 2011-11-07 | 1 | -7/+62 |
| | | | | Fake code for now, to be rebased later | ||||
* | Add support for generating PAC for AS requests for user principals | Simo Sorce | 2011-11-07 | 7 | -1/+905 |
| | |||||
* | Fix CID 11027: Wrong sizeof argument | Simo Sorce | 2011-11-07 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/freeipa/ticket/2037 | ||||
* | Fix CID 11026: Resource leak | Simo Sorce | 2011-11-07 | 1 | -1/+4 |
| | | | | https://fedorahosted.org/freeipa/ticket/2037 | ||||
* | Fix CID 11025: Resource leak | Simo Sorce | 2011-11-07 | 1 | -2/+2 |
| | | | | https://fedorahosted.org/freeipa/ticket/2037 | ||||
* | Fix CID 11024: Resource leak | Simo Sorce | 2011-11-07 | 1 | -0/+1 |
| | | | | https://fedorahosted.org/freeipa/ticket/2037 | ||||
* | Fix CID 11023: Resource leak | Simo Sorce | 2011-11-07 | 1 | -0/+1 |
| | | | | https://fedorahosted.org/freeipa/ticket/2037 | ||||
* | Fix CID 11022: Resource leak | Simo Sorce | 2011-11-07 | 1 | -0/+7 |
| | | | | https://fedorahosted.org/freeipa/ticket/2037 | ||||
* | Fix CID 11020: Resource leak | Simo Sorce | 2011-11-07 | 1 | -0/+1 |
| | | | | https://fedorahosted.org/freeipa/ticket/2037 | ||||
* | Fix CID 11019: Resource leak | Simo Sorce | 2011-11-07 | 1 | -6/+7 |
| | | | | https://fedorahosted.org/freeipa/ticket/2037 | ||||
* | Fix CID 10745: Unchecked return value | Simo Sorce | 2011-11-07 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/freeipa/ticket/2036 | ||||
* | Fix CID 10743: Unchecked return value | Simo Sorce | 2011-11-07 | 1 | -2/+8 |
| | | | | https://fedorahosted.org/freeipa/ticket/2036 | ||||
* | Fix CID 10742: Unchecked return value | Simo Sorce | 2011-11-07 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/freeipa/ticket/2036 | ||||
* | ipa-kdb: Fix memory leak | Simo Sorce | 2011-11-03 | 1 | -0/+1 |
| | |||||
* | ipa-kdb: Fix legacy password hashes generation | Simo Sorce | 2011-10-06 | 2 | -3/+2 |
| | | | | | | | | | We were not searching for objectclass so the test to se if a user had the posixAccount attribute was failing and the user was not marked as ipa_user. This in turn caused us to not synchronize legacy hashes by not trying to store the userPassword attribute. Fixes: https://fedorahosted.org/freeipa/ticket/1820 | ||||
* | ipa-pwd-extop: allow password change on all connections with SSF>1 | Sumit Bose | 2011-10-05 | 2 | -26/+12 |
| | | | | | | | Instead of checking the individual SSFs for SASL, SSL/TLS and LDAPI connection the global SSF is checked for password changes and enrollments. https://fedorahosted.org/freeipa/ticket/1877 | ||||
* | ipa-kdb: Fix expiration time calculation | Simo Sorce | 2011-09-26 | 2 | -17/+18 |
| | | | | | | | | | | | Expiration time should be enforced as per policy only for users and only when a password change occurs, ina ll other cases we should just let kadmin decide whther it is going to set a password expiration time or just leave it empty. In general service tickts have strong random passwords so they do not need a password policy or expiration at all. https://fedorahosted.org/freeipa/ticket/1839 | ||||
* | ipa-pwd-extop: Enforce old password checks | Simo Sorce | 2011-09-21 | 1 | -1/+64 |
| | | | | | | | If a user is changing his own password, then require the old password to be sent for validation purposes. https://fedorahosted.org/freeipa/ticket/1814 | ||||
* | include <stdint.h> for uintptr_t | Marko Myllynen | 2011-09-22 | 1 | -0/+1 |
| | |||||
* | ipa-pwd-extop: Fix segfault in password change. | Simo Sorce | 2011-09-21 | 1 | -0/+7 |
| | | | | | Do not pass an empty buffer to ber_init() as it will assert. Check before hand and return an error. | ||||
* | ipa-kdb: Properly set password expiration time. | Simo Sorce | 2011-09-19 | 3 | -4/+74 |
| | | | | | | | We do the policy check so we are the only one that can calculate the new pwd espiration time. Fixes: https://fedorahosted.org/freeipa/ticket/1793 | ||||
* | The precendence on the modrdn plugin was set in the wrong location. | Rob Crittenden | 2011-09-13 | 1 | -0/+1 |
| | | | | https://fedorahosted.org/freeipa/ticket/1370 | ||||
* | Fix typos | Yuri Chornoivan | 2011-09-07 | 15 | -16/+16 |
| | | | | | | Fix "The the" and "classses" in FreeIPA code and messages. https://fedorahosted.org/freeipa/ticket/1480 | ||||
* | daemons: Remove ipa_kpasswd | Simo Sorce | 2011-08-26 | 6 | -1554/+0 |
| | | | | | | Now that we have our own database we can properly enforce stricter constraints on how the db can be changed. Stop shipping our own kpasswd daemon and instead use the regular kadmin daemon. | ||||
* | ipa-kdb: Be flexible | Simo Sorce | 2011-08-26 | 1 | -2/+2 |
| | | | | | | | Although the proper values for booleans from LDAP should be only uppercase, 389ds does allow wrong cased values without complaining. And we still have some places where the wrong case is used. Avoid getting frustrating errors when reading these values out. | ||||
* | ipa-pwd-extop: Allow kadmin to set krb keys | Simo Sorce | 2011-08-26 | 2 | -48/+100 |
| | | | | | | | Prevent the ipa-pwd-extop plugin from re-generating keys when kadimn is storing a new set of keys. Only generate the userPassword and sambaXXPassword hashes. Also avoid checking policies in this case and if history is provided avoid regenerating the passwordHistory too. | ||||
* | ipa-kdb: add password policy support | Simo Sorce | 2011-08-26 | 4 | -8/+347 |
| | | | | Use default policy for new principals created by kadmin | ||||
* | ipa-pwd-extop: Use common password policy code | Simo Sorce | 2011-08-26 | 4 | -448/+127 |
| | |||||
* | ipa-kdb: implement change_pwd function | Simo Sorce | 2011-08-26 | 5 | -11/+116 |
| | |||||
* | ipa-kdb: implement function to retrieve password policies | Simo Sorce | 2011-08-26 | 4 | -43/+209 |
| | |||||
* | ipa-kdb: Get/Store Master Key directly from LDAP | Simo Sorce | 2011-08-26 | 5 | -12/+264 |
| | |||||
* | ipa-kdb: add functions to change principals | Simo Sorce | 2011-08-26 | 3 | -1/+804 |
| | |||||
* | ipa-kdb: add function to iterate over principals | Simo Sorce | 2011-08-26 | 1 | -1/+41 |
| | |||||
* | ipa-kdb: add functions to delete principals | Simo Sorce | 2011-08-26 | 1 | -1/+121 |
| | |||||
* | ipa-kdb: add function to free principals | Simo Sorce | 2011-08-26 | 1 | -1/+16 |
| | |||||
* | ipa-kdb: functions to get principal | Simo Sorce | 2011-08-26 | 4 | -35/+884 |
| | |||||
* | ipa-kdb: add common utility ldap wrapper functions | Simo Sorce | 2011-08-26 | 3 | -0/+464 |
| | |||||
* | ipa-kdb: implement get_time function | Simo Sorce | 2011-08-26 | 2 | -1/+6 |
| | |||||
* | ipa-kdb: initialize module functions | Simo Sorce | 2011-08-26 | 3 | -6/+384 |
| | | | | | Initialize module also on ipadb_create invocation. This is what kdb5_util expects. | ||||
* | ipa-kdb: add exports file | Simo Sorce | 2011-08-26 | 2 | -1/+14 |
| | | | | limit exported symbols only to the ones actually needed by krb5kdc | ||||
* | ipa-kdb: Initial plugin skeleton | Simo Sorce | 2011-08-26 | 5 | -0/+231 |
| | |||||
* | ipa-pwd-extop: make encsalt parsing function common | Simo Sorce | 2011-08-26 | 1 | -91/+20 |
| | | | | It is going to be used by the ipa-kdb module too. | ||||
* | ipa-pwd-extop: Move encoding in common too | Simo Sorce | 2011-08-26 | 4 | -202/+50 |
| | | | | Also to be used by ipa-kdb | ||||
* | ipa-pwd-extop: Move encryption of keys in common | Simo Sorce | 2011-08-26 | 1 | -202/+9 |
| | | | | This way we can reuse the same code from ipa-kdb later | ||||
* | ipa-pwd-extop: Use common krb5 structs from kdb.h | Simo Sorce | 2011-08-26 | 4 | -19/+14 |
| | | | | This removes custom structures and allows easier sharing of code with ipa-kdb |