summaryrefslogtreecommitdiffstats
path: root/util
Commit message (Collapse)AuthorAgeFilesLines
* ipa-kdb: read SID blacklist from LDAPMartin Kosek2013-02-121-0/+32
| | | | | | | | | | | | SIDs in incoming MS-PAC were checked and filtered with a fixed list of well-known SIDs. Allow reading the SID blacklist from LDAP (ipaNTSIDBlacklistIncoming and ipaNTSIDBlacklistOutgoing) and add the list to mspac adtrust structure. Use the hardcoded SID list only if the LDAP SID list is not configured. LIMITATION: SID blacklist list is not used yet. https://fedorahosted.org/freeipa/ticket/3289
* Prevent integer overflow when setting krbPasswordExpirationTomas Babej2013-02-081-0/+3
| | | | | | | | | | | | | | | | Since in Kerberos V5 are used 32-bit unix timestamps, setting maxlife in pwpolicy to values such as 9999 days would cause integer overflow in krbPasswordExpiration attribute. This would result into unpredictable behaviour such as users not being able to log in after password expiration if password policy was changed (#3114) or new users not being able to log in at all (#3312). The timestamp value is truncated to Jan 1, 2038 in ipa-kdc driver. https://fedorahosted.org/freeipa/ticket/3312 https://fedorahosted.org/freeipa/ticket/3114
* Make encode_ntlm_keys() publicSumit Bose2012-09-063-0/+226
|
* Move code into common krb5 utilsSimo Sorce2012-07-302-0/+152
| | | | | | | | This moves the decoding function that reads the keys from the ber format into a structure in the common krb5 util code right below the function that encodes the same data structure into a ber format. This way the 2 functions are in the same place and can be both used by all ia components.
* Move some krb5 keys related functions from ipa-client to utilSumit Bose2012-06-112-0/+398
|
* Dereference pointer when comparing password history in qsort compare.Rob Crittenden2012-04-101-1/+1
| | | | | | | | | | | | The man page for qsort(3) says that the comparison function is called with pointers to pointers to char but memcmp(3) wants a pointer to void so we need to cast and dereference. Without this the qsort() call wasn't properly sorting the elements so a random password was being removed rather than the oldest when the list overflowed. https://fedorahosted.org/freeipa/ticket/2613
* ipa-kdb: add AS auditing supportSimo Sorce2012-02-141-0/+3
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/2334
* Improve password change error messageMartin Kosek2012-02-032-0/+26
| | | | | | | | | | | User always receives the same error message if he changes his password via "ipa passwd" command and the new password fails configured password policy. He then has to investigate on his own the actual reason why was the policy violated. This patch improves our SLAPI PWD plugins to provide a better error message explaining the violation reason. https://fedorahosted.org/freeipa/ticket/2067
* Add missing copyright headerSimo Sorce2011-11-171-0/+22
|
* Fix CID 11021: Resource leakSimo Sorce2011-11-071-1/+3
| | | | https://fedorahosted.org/freeipa/ticket/2037
* Amend #2038 fixSimo Sorce2011-11-051-3/+5
| | | | The math was unsafe, thanks to Nalin for spotting it.
* Modify random salt creation for interoperabilitySimo Sorce2011-11-041-8/+29
| | | | | See: https://fedorahosted.org/freeipa/ticket/2038
* util: add password policy manipulation functionsSimo Sorce2011-08-262-0/+699
|
* ipa-kdb: implement change_pwd functionSimo Sorce2011-08-262-0/+37
|
* ipa-pwd-extop: make encsalt parsing function commonSimo Sorce2011-08-262-0/+79
| | | | It is going to be used by the ipa-kdb module too.
* ipa-pwd-extop: Move encoding in common tooSimo Sorce2011-08-262-0/+124
| | | | Also to be used by ipa-kdb
* ipa-pwd-extop: Move encryption of keys in commonSimo Sorce2011-08-262-5/+235
| | | | This way we can reuse the same code from ipa-kdb later
* Use internal implementation of internal Kerberos functionsJakub Hrozek2010-11-222-0/+56
Don't use KRB5_PRIVATE. The patch implements and uses the following krb5 functions that are otherwise private in recent MIT Kerberos releases: * krb5_principal2salt_norealm * krb5_free_ktypes Signed-off-by: Simo Sorce <ssorce@redhat.com>