summaryrefslogtreecommitdiffstats
path: root/daemons
Commit message (Collapse)AuthorAgeFilesLines
* Update kerberos password policy values on LDAP binds.Rob Crittenden2011-01-215-0/+706
| | | | | | | | | | | | | | | On a failed bind this will update krbLoginFailedCount and krbLastFailedAuth and will potentially fail the bind altogether. On a successful bind it will zero krbLoginFailedCount and set krbLastSuccessfulAuth. This will also enforce locked-out accounts. See http://k5wiki.kerberos.org/wiki/Projects/Lockout for details on kerberos lockout. ticket 343
* Fix ipa_uuid to not interfer with proper error reportingSimo Sorce2011-01-191-3/+2
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/813
* Mozldap-specific code removedMartin Kosek2011-01-144-55/+8
| | | | | | | | Mozldap code removed from all sources and configure source script. Now, IPA will compile even when package mozldap-devel is not installed on the system. https://fedorahosted.org/freeipa/ticket/756
* Potential memory leaks in ipa-kpasswdMartin Kosek2011-01-141-0/+6
| | | | | | | | This patch fixes 2 situations where a pointer to allocated error string could be overwritten - which could have resulted in a memory leak. https://fedorahosted.org/freeipa/ticket/716
* Unchecked return values in SLAPI pluginsMartin Kosek2011-01-144-8/+20
| | | | | | | Return values weren't checked in several cases which could have lead to unhandled errors. https://fedorahosted.org/freeipa/ticket/722
* Potential memory leaks in ipa-pwd-extopMartin Kosek2011-01-142-3/+21
| | | | | | | | | | This patch fixes several potential memory leaks in ipa-pwd-extop SLAPI plugin. Common function ipapwd_gen_hashes() now cleans after itself when it fails. Other changes are local and self-explanatory. https://fedorahosted.org/freeipa/ticket/715
* Drop dependency on mozldapRob Crittenden2011-01-121-7/+0
|
* Potential NULL dereference in ipapwd_prepostMartin Kosek2011-01-121-2/+2
| | | | | | | This patch increases robustness in PRE MOD password SLAPI module by ensuring that an uninitialized pointer is not dereferenced. https://fedorahosted.org/freeipa/ticket/719
* Unchecked return value of callocMartin Kosek2011-01-121-0/+7
| | | | | | | | Omiting return value of calloc in ipa_pwd_extop.c could lead to memory access issues when memory is full. This patch adds return value check. https://fedorahosted.org/freeipa/ticket/717
* Uninitialized pointer read in ipa-enrollmentMartin Kosek2011-01-121-1/+1
| | | | | | | This patch fixes a situation where an uninitialized pointer is passed to free(). https://fedorahosted.org/freeipa/ticket/713
* Do not use LDAP_DEPRECATED in pluginsJakub Hrozek2011-01-075-21/+75
| | | | | | | | | Remove the LDAP_DEPRECATED constant and do not use functions that are marked as deprecated in recent OpenLDAP releases. Also always define WITH_{MOZLDAP,OPENLDAP} since there are conditional header includes that depend on that constant. https://fedorahosted.org/freeipa/ticket/576
* Change FreeIPA license to GPLv3+Jakub Hrozek2010-12-2015-358/+388
| | | | | | | | | | The changes include: * Change license blobs in source files to mention GPLv3+ not GPLv2 only * Add GPLv3+ license text * Package COPYING not LICENSE as the license blobs (even the old ones) mention COPYING specifically, it is also more common, I think https://fedorahosted.org/freeipa/ticket/239
* Make use of mozldap vs openldap for plugins selectableSimo Sorce2010-12-0610-18/+36
|
* Init smods to prevent crash if encode_keys failsJakub Hrozek2010-11-291-1/+1
|
* build tweaks - use automake's foreign mode, avoid creating empty files to ↵Nalin Dahyabhai2010-11-291-1/+1
| | | | satisfy gnu mode - run autoreconf -f to ensure that everything matches
* Fix modrdn plugin crash bug.Simo Sorce2010-11-231-25/+10
| | | | | | | | | Constant values were assigned to variables gthat would later be freed with slapi_ch_free_string(). Make copies instead so the free doesn't blow. Also remove useless tests, as these functions already check for NULL on their own. Fixes: https://fedorahosted.org/freeipa/ticket/529
* Silence compilation warnings in SLAPI pluginsJakub Hrozek2010-11-229-59/+54
| | | | Signed-off-by: Simo Sorce <ssorce@redhat.com>
* Use internal implementation of internal Kerberos functionsJakub Hrozek2010-11-223-2/+6
| | | | | | | | | | | Don't use KRB5_PRIVATE. The patch implements and uses the following krb5 functions that are otherwise private in recent MIT Kerberos releases: * krb5_principal2salt_norealm * krb5_free_ktypes Signed-off-by: Simo Sorce <ssorce@redhat.com>
* Stricter compilation flagsJakub Hrozek2010-11-229-0/+17
| | | | | | | Use a little stricter compilation flags, in particular -Wall and treat implicit function declarations as errors. Signed-off-by: Simo Sorce <ssorce@redhat.com>
* Common include file for SLAPI plugin loggingJakub Hrozek2010-11-2219-449/+332
| | | | | | | | | Consolidate the common logging macros into common/util.h and use them in SLAPI plugins instead of calling slapi_log_error() directly. https://fedorahosted.org/freeipa/ticket/408 Signed-off-by: Simo Sorce <ssorce@redhat.com>
* uuid plugin: convert the plugin to use the libuuid librarySimo Sorce2010-11-153-10/+29
| | | | | | | | | | The DS guys decided not to expose the DS inetrnal functions used to generate UUIDs for DS. This means the interface is not guaranteed to be available. Switch the ipa_uuid plugin to use the system libuuid plugin instead. NOTE: This causes once again a change in the tring format used for UUIDs. fixes: https://fedorahosted.org/freeipa/ticket/465
* uuid-plugin: Fix control access bug on replicationalpha_5-1-9-0-1Simo Sorce2010-11-101-1/+17
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/468
* pwd-plugin: Always use a special salt by default.Simo Sorce2010-10-281-28/+22
| | | | | | | This should make renamed users able to keep using old credentials as the salt is not derived from the principal name but is always a random quantity. https://fedorahosted.org/freeipa/ticket/412
* pwd-plugin: fix slapi log target in logging functionsSimo Sorce2010-10-281-12/+7
|
* ipa_uuid: prevent false positives on modifiesSimo Sorce2010-10-281-0/+14
| | | | | | | If a modify operation does not specify our attribute then we need to short circuit the loop, otherwise on enforcing we will return an error by mistake if we are not Directory Manager because generate is false if the attr is not found.
* ipa_uuid: Handle generation of the uuid when it is a RDNSimo Sorce2010-10-281-10/+50
|
* ipa-uuid: Add enforce modeSimo Sorce2010-10-281-0/+23
| | | | | | | By setting the enforce flag in the configuration we prevent anyone from storing arbitrary values and allow only Directory Manager to override the plugin. Users can only set the value to the magic value (usually 0) to have the uuid regenerated, and nothing else.
* ipa-uuid: Code cleanupsSimo Sorce2010-10-281-165/+162
| | | | | | Remove one level of indentation from the main function by jumping to the end immediately if the configuration list is empty. Other minor style cleanups.
* ipa-uuid: safer unlock handlingSimo Sorce2010-10-281-2/+6
| | | | | This allows the code in the for loop to error out without worrying of forgetting to unlock the config entries.
* ipa-uuid: Reset generate flag at every cycleSimo Sorce2010-10-281-1/+3
| | | | | Avoid false positives if more than one uuid attribute is generated in the same entry.
* ipa-uuid: Remove unused functionsSimo Sorce2010-10-281-119/+0
|
* ipa-modrdn: Remove unused functionsSimo Sorce2010-10-281-146/+0
|
* Add new plugin used to modify related attributes after a modrdn operation.Simo Sorce2010-10-285-0/+1050
|
* Error out when configure finds missing dependenciesRob Crittenden2010-10-261-1/+2
| | | | ticket 315
* ipa-uuid: DNA-like plugin that generates uuidsSimo Sorce2010-10-225-0/+1309
|
* Remove ipa-memberof, memberof plugin is now included in 389 DSSimo Sorce2010-10-156-2714/+0
|
* Improve logging facilitiesSimo Sorce2010-10-075-357/+227
| | | | | Provide simplified logging macros that appropriately use __func__ __FILE__, __LINE__, or the plugin name depending on the log level.
* pwd-plugin: Fix unresolve symbolSimo Sorce2010-10-072-2/+2
| | | | This fixes a har crash when someone tries to fetch a keytab
* When dealing with samba password set also the sambaPwdLastSetSimo Sorce2010-10-072-1/+47
| | | | | | | | This attribute is required for samba to properly identify a user has changed it's password and doesn't need to change it again at next login. At the same time, if we are forcing a pssword reset we also need to let samba know the user must change its password.
* Always detect openldap and mozldap at the same timeSimo Sorce2010-10-072-44/+34
| | | | | | Slapi plugins must use mozldap because 389 ds is compiled against that. ipa_kpasswd, instead, should be linked against openldap. So always make sure both are available.
* pwd-plugin: Remove the correct password from the historySimo Sorce2010-10-051-1/+6
| | | | | | We were mistakenly removeing the latest password from the passwordHistory once the max history values were reached. Make sure we remove the oldest one instead.
* Fix ipapwd_start() styleSimo Sorce2010-10-051-48/+55
| | | | Trun tabs into quartets of spaces. Fit lines to not exceed 80 columns.
* Add options to control NTLM hashesSimo Sorce2010-10-054-13/+53
| | | | | | By default LM hash is disabled. Of course generation still depends on whether the SamAccount objectclass is present in the user object.
* pwd-plugin: format/style changesSimo Sorce2010-10-051-28/+23
| | | | | | | | | Use __func__ in log functions instead of the explicit function name so that if the function need to be renamed later logs reflect the change automatically w/o the need to change all occurrences. Also makes a grep for the function name less noisy avoiding tons of false positives.
* pwd-plugin: Remove 14 chars limitation from the NT hashSimo Sorce2010-10-051-4/+0
|
* Split ipa_pwd_extop plugin in multiple filesSimo Sorce2010-10-016-3215/+3487
| | | | | | The plugin was getting difficult to read and maintain. Split it (and apply cosmetic cleanups to some functions) in smaller pieces that perform specific tasks.
* Fix for include problems relating to NSS3, NSPR4 and SVRCORERob Crittenden2010-09-161-6/+25
| | | | | | | This addresses some problems trying to build on non-Fedora/RHEL distributions, notably Gentoo and Ubuntu/Debian. Patch contributed by Ian Kumlien <pomac@vapor.com>
* Enforce existence of 389-ds header files.Rob Crittenden2010-08-061-0/+7
| | | | ticket #82
* Include missing file from version plugin and update min version of 389-dsRob Crittenden2010-06-241-0/+50
|
* Don't try to convert a host's password into a keytab.Rob Crittenden2010-06-241-5/+15
| | | | | | | | | | The migration plugin uses a pre-op function to automatically create kerberos credentials when binding using a password. The problem is that we do a simple bind when doing password-base host enrollment. This was causing krbPasswordExpiration to be set which isn't what we want for hosts. They really shouldn't go through this code at all.
generated by cgit (git 2.34.1) at 2024-05-03 02:57:38 +0000