summaryrefslogtreecommitdiffstats
path: root/ipa-server/ipa-slapi-plugins
Commit message (Collapse)AuthorAgeFilesLines
* Mass tree reorganization for IPAv2. To view previous history of files use:Rob Crittenden2009-02-0320-10749/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | % git log --follow -- <file> renamed: ipa-server/autogen.sh -> autogen.sh renamed: ipa-server/ipa-kpasswd/Makefile.am -> daemons/ipa-kpasswd/Makefile.am renamed: ipa-server/ipa-kpasswd/README -> daemons/ipa-kpasswd/README renamed: ipa-server/ipa-kpasswd/ipa_kpasswd.c -> daemons/ipa-kpasswd/ipa_kpasswd.c renamed: ipa-server/ipa-kpasswd/ipa_kpasswd.init -> daemons/ipa-kpasswd/ipa_kpasswd.init renamed: ipa-server/ipa-slapi-plugins/Makefile.am -> daemons/ipa-slapi-plugins/Makefile.am renamed: ipa-server/ipa-slapi-plugins/README -> daemons/ipa-slapi-plugins/README renamed: ipa-server/ipa-slapi-plugins/dna/Makefile.am -> daemons/ipa-slapi-plugins/dna/Makefile.am renamed: ipa-server/ipa-slapi-plugins/dna/dna-conf.ldif -> daemons/ipa-slapi-plugins/dna/dna-conf.ldif renamed: ipa-server/ipa-slapi-plugins/dna/dna.c -> daemons/ipa-slapi-plugins/dna/dna.c renamed: ipa-server/ipa-slapi-plugins/ipa-memberof/Makefile.am -> daemons/ipa-slapi-plugins/ipa-memberof/Makefile.am renamed: ipa-server/ipa-slapi-plugins/ipa-memberof/ipa-memberof.c -> daemons/ipa-slapi-plugins/ipa-memberof/ipa-memberof.c renamed: ipa-server/ipa-slapi-plugins/ipa-memberof/ipa-memberof.h -> daemons/ipa-slapi-plugins/ipa-memberof/ipa-memberof.h renamed: ipa-server/ipa-slapi-plugins/ipa-memberof/ipa-memberof_config.c -> daemons/ipa-slapi-plugins/ipa-memberof/ipa-memberof_config.c renamed: ipa-server/ipa-slapi-plugins/ipa-memberof/memberof-conf.ldif -> daemons/ipa-slapi-plugins/ipa-memberof/memberof-conf.ldif renamed: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am -> daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am renamed: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/README -> daemons/ipa-slapi-plugins/ipa-pwd-extop/README renamed: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c -> daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c renamed: ipa-server/ipa-slapi-plugins/ipa-pwd-extop/pwd-extop-conf.ldif -> daemons/ipa-slapi-plugins/ipa-pwd-extop/pwd-extop-conf.ldif renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/Makefile.am -> daemons/ipa-slapi-plugins/ipa-winsync/Makefile.am renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/README -> daemons/ipa-slapi-plugins/ipa-winsync/README renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif -> daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-conf.ldif renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c -> daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c -> daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.c renamed: ipa-server/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h -> daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync.h renamed: ipa-server/xmlrpc-server/ipa-rewrite.conf -> install/conf/ipa-rewrite.conf renamed: ipa-server/xmlrpc-server/ipa.conf -> install/conf/ipa.conf renamed: ipa-server/xmlrpc-server/ssbrowser.html -> install/html/ssbrowser.html renamed: ipa-server/xmlrpc-server/unauthorized.html -> install/html/unauthorized.html renamed: ipa-server/ipa-install/share/60ipaconfig.ldif -> install/share/60ipaconfig.ldif renamed: ipa-server/ipa-install/share/60kerberos.ldif -> install/share/60kerberos.ldif renamed: ipa-server/ipa-install/share/60radius.ldif -> install/share/60radius.ldif renamed: ipa-server/ipa-install/share/60samba.ldif -> install/share/60samba.ldif renamed: ipa-server/ipa-install/share/Makefile.am -> install/share/Makefile.am renamed: ipa-server/ipa-install/share/bind.named.conf.template -> install/share/bind.named.conf.template renamed: ipa-server/ipa-install/share/bind.zone.db.template -> install/share/bind.zone.db.template renamed: ipa-server/ipa-install/share/bootstrap-template.ldif -> install/share/bootstrap-template.ldif renamed: ipa-server/ipa-install/share/certmap.conf.template -> install/share/certmap.conf.template renamed: ipa-server/ipa-install/share/default-aci.ldif -> install/share/default-aci.ldif renamed: ipa-server/ipa-install/share/default-keytypes.ldif -> install/share/default-keytypes.ldif renamed: ipa-server/ipa-install/share/dna-posix.ldif -> install/share/dna-posix.ldif renamed: ipa-server/ipa-install/share/encrypted_attribute.ldif -> install/share/encrypted_attribute.ldif renamed: ipa-server/ipa-install/share/fedora-ds.init.patch -> install/share/fedora-ds.init.patch renamed: ipa-server/ipa-install/share/indices.ldif -> install/share/indices.ldif renamed: ipa-server/ipa-install/share/kdc.conf.template -> install/share/kdc.conf.template renamed: ipa-server/ipa-install/share/kerberos.ldif -> install/share/kerberos.ldif renamed: ipa-server/ipa-install/share/krb.con.template -> install/share/krb.con.template renamed: ipa-server/ipa-install/share/krb5.conf.template -> install/share/krb5.conf.template renamed: ipa-server/ipa-install/share/krb5.ini.template -> install/share/krb5.ini.template renamed: ipa-server/ipa-install/share/krbrealm.con.template -> install/share/krbrealm.con.template renamed: ipa-server/ipa-install/share/master-entry.ldif -> install/share/master-entry.ldif renamed: ipa-server/ipa-install/share/memberof-task.ldif -> install/share/memberof-task.ldif renamed: ipa-server/ipa-install/share/ntp.conf.server.template -> install/share/ntp.conf.server.template renamed: ipa-server/ipa-install/share/ntpd.sysconfig.template -> install/share/ntpd.sysconfig.template renamed: ipa-server/ipa-install/share/preferences.html.template -> install/share/preferences.html.template renamed: ipa-server/ipa-install/share/referint-conf.ldif -> install/share/referint-conf.ldif renamed: ipa-server/ipa-install/share/schema_compat.uldif -> install/share/schema_compat.uldif renamed: ipa-server/ipa-install/share/unique-attributes.ldif -> install/share/unique-attributes.ldif renamed: ipa-server/ipa-install/Makefile.am -> install/tools/Makefile.am renamed: ipa-server/ipa-install/README -> install/tools/README renamed: ipa-server/ipa-compat-manage -> install/tools/ipa-compat-manage renamed: ipa-server/ipa-fix-CVE-2008-3274 -> install/tools/ipa-fix-CVE-2008-3274 renamed: ipa-server/ipa-ldap-updater -> install/tools/ipa-ldap-updater renamed: ipa-server/ipa-install/ipa-replica-install -> install/tools/ipa-replica-install renamed: ipa-server/ipa-install/ipa-replica-manage -> install/tools/ipa-replica-manage renamed: ipa-server/ipa-install/ipa-replica-prepare -> install/tools/ipa-replica-prepare renamed: ipa-server/ipa-install/ipa-server-certinstall -> install/tools/ipa-server-certinstall renamed: ipa-server/ipa-install/ipa-server-install -> install/tools/ipa-server-install renamed: ipa-server/ipa-upgradeconfig -> install/tools/ipa-upgradeconfig renamed: ipa-server/ipa-install/ipactl -> install/tools/ipactl renamed: ipa-server/man/Makefile.am -> install/tools/man/Makefile.am renamed: ipa-server/man/ipa-compat-manage.1 -> install/tools/man/ipa-compat-manage.1 renamed: ipa-server/man/ipa-ldap-updater.1 -> install/tools/man/ipa-ldap-updater.1 renamed: ipa-server/man/ipa-replica-install.1 -> install/tools/man/ipa-replica-install.1 renamed: ipa-server/man/ipa-replica-manage.1 -> install/tools/man/ipa-replica-manage.1 renamed: ipa-server/man/ipa-replica-prepare.1 -> install/tools/man/ipa-replica-prepare.1 renamed: ipa-server/man/ipa-server-certinstall.1 -> install/tools/man/ipa-server-certinstall.1 renamed: ipa-server/man/ipa-server-install.1 -> install/tools/man/ipa-server-install.1 renamed: ipa-server/man/ipa_kpasswd.8 -> install/tools/man/ipa_kpasswd.8 renamed: ipa-server/man/ipa_webgui.8 -> install/tools/man/ipa_webgui.8 renamed: ipa-server/man/ipactl.8 -> install/tools/man/ipactl.8 renamed: ipa-server/ipa-install/updates/Makefile.am -> install/updates/Makefile.am renamed: ipa-server/ipa-install/updates/RFC2307bis.update -> install/updates/RFC2307bis.update renamed: ipa-server/ipa-install/updates/RFC4876.update -> install/updates/RFC4876.update renamed: ipa-server/ipa-install/updates/indices.update -> install/updates/indices.update renamed: ipa-server/ipa-install/updates/nss_ldap.update -> install/updates/nss_ldap.update renamed: ipa-server/ipa-install/updates/replication.update -> install/updates/replication.update renamed: ipa-server/ipa-install/updates/winsync_index.update -> install/updates/winsync_index.update renamed: ipa-server/ipaserver/Makefile.am -> ipaserver/install/Makefile.am renamed: ipa-server/ipaserver/__init__.py -> ipaserver/install/__init__.py renamed: ipa-server/ipaserver/bindinstance.py -> ipaserver/install/bindinstance.py renamed: ipa-server/ipaserver/certs.py -> ipaserver/install/certs.py renamed: ipa-server/ipaserver/dsinstance.py -> ipaserver/install/dsinstance.py renamed: ipa-server/ipaserver/httpinstance.py -> ipaserver/install/httpinstance.py renamed: ipa-server/ipaserver/installutils.py -> ipaserver/install/installutils.py renamed: ipa-server/ipaserver/ipaldap.py -> ipaserver/install/ipaldap.py renamed: ipa-server/ipaserver/krbinstance.py -> ipaserver/install/krbinstance.py renamed: ipa-server/ipaserver/ldapupdate.py -> ipaserver/install/ldapupdate.py renamed: ipa-server/ipaserver/ntpinstance.py -> ipaserver/install/ntpinstance.py renamed: ipa-server/ipaserver/replication.py -> ipaserver/install/replication.py renamed: ipa-server/ipaserver/service.py -> ipaserver/install/service.py renamed: ipa-server/selinux/Makefile -> selinux/Makefile renamed: ipa-server/selinux/ipa-server-selinux.spec.in -> selinux/ipa-server-selinux.spec.in renamed: ipa-server/selinux/ipa_kpasswd/ipa_kpasswd.fc -> selinux/ipa_kpasswd/ipa_kpasswd.fc renamed: ipa-server/selinux/ipa_kpasswd/ipa_kpasswd.te -> selinux/ipa_kpasswd/ipa_kpasswd.te renamed: ipa-server/selinux/ipa_webgui/ipa_webgui.fc -> selinux/ipa_webgui/ipa_webgui.fc renamed: ipa-server/selinux/ipa_webgui/ipa_webgui.te -> selinux/ipa_webgui/ipa_webgui.te renamed: ipa-server/version.m4.in -> version.m4.in
* Fix memleaks found by valgrindSimo Sorce2008-11-201-5/+17
|
* We must always zero out the target ientry unconditionally where it is usedSimo Sorce2008-11-201-14/+6
| | | | and never free it in the destructor.
* Avoid potential crashbug on invalid DNs (not in the tree).Simo Sorce2008-11-191-25/+81
|
* Fix a free before use bug, it may lead to crashes but usually just corruptsSimo Sorce2008-11-141-3/+2
| | | | | | the changepw dn we store so that it won't match. This causes normal password changes to be interpreted as password resets instead, and the new legit password is immediately expired.
* set winsync account disable sync default value to both instead of noneRich Megginson2008-11-131-1/+1
|
* Make the list of users that can skip passwrod policies configurable.Simo Sorce2008-11-121-48/+105
| | | | | | | | | | | Addresses bz#471130 Also fix bugs in ipapwd_start. Also remove mutex, it is not necessary with the current code, we needed it when we used to change reload the configuration and keep it referenced in a static pointer. ipapwd_start runs only once and the global variables it sets are fixed in stone until DS is restarted.
* Make DNA work with internal operationsRich Megginson2008-11-101-3/+49
|
* do not store the OUs from the AD DN in the IPA user entry when flatteningRich Megginson2008-10-131-35/+0
|
* Do not depend on MMR plugin - start before MMR pluginRich Megginson2008-10-131-2/+1
| | | | | | | | The ipa-winsync plugin needs to start before the MMR plugin, so that it can register the API functions. Also, the slapi-nis schema compat plugin creates an entry that looks exactly like the default IPA group gidNumber entry, so I added an extra (objectclass=groupOfNames) to the filter since the slapi-nis entry doesn't have that.
* Do not add enabled user to activated group - clean up parse_acct_disableRich Megginson2008-10-132-19/+28
| | | | | | | | | If a user needs to be enabled, just delete the user from the inactivated group, but do not add to the activated group. If a user is in no group, the user is active by default. IPA uses the activated group for override purposes. parse_acct_disable is only used when the config changes, but I cleaned it up anyway to make the code clearer.
* Adds winsync account disable and force syncRich Megginson2008-10-134-7/+772
|
* fix issues brought up by initial review of ipa winsync enhancementsRich Megginson2008-10-131-1/+3
|
* Added support to IPA server install to install the winsync plugin ↵Rich Megginson2008-10-131-1/+6
| | | | configuration entry Added support to ipa-replica-manage to add winsync agreements. I mostly used the existing code for setting up replication agreements since replication and winsync are quite similar in their configuration. I just had to add some extra attributes to the sync agreement configuration. The tricky part was importing the Windows CA cert.
* Use dirsrv/file.h with includes by default - only use the other style if we ↵Rich Megginson2008-10-133-6/+135
| | | | are debugging within the directory server
* fix some memory leaksRich Megginson2008-10-131-1/+4
|
* Added ipa-winsync-config.c - this handles dynamic configuration via the DSE ↵Rich Megginson2008-10-132-0/+782
| | | | callbacks, and gets default values from various configuration entries in the IPA tree
* Added support for posixAccount -lookup attribute containing the ↵Rich Megginson2008-10-132-3/+184
| | | | homeDirectory prefix and use that to construct the homeDirectory attribute -lookup attribute containing the default gidNumber and use that to add the gidNumber to new users -construct the gecos field from the cn attribute
* Added the new IPA WinSync Plug-in Work done so far * added the new plugin to ↵Rich Megginson2008-10-133-18/+105
| | | | makefiles, spec file * added stubs for the api, including begin update, end update, and destroy callbacks * added config code to allow dynamic dse config changes and auto-discovery of realm and new user objectclass list
* Initial addition of ipa-winsync pluginRich Megginson2008-10-134-0/+456
|
* Retrieve the kerberos configuration every time a new, it will be a bit slowerSimo Sorce2008-09-101-252/+234
| | | | | but will allow for changing configurations without having to restart DS. Password operations are slow and rare enough this is an acceptable compromise.
* Fix segfault cause by empty target entrySimo Sorce2008-08-191-3/+22
|
* Comment out code that generates keys with a random salt, apparently this ↵Simo Sorce2008-08-151-0/+4
| | | | does not work as expected and generates faulty keys
* Implement password operation checks and key material generation for theSimo Sorce2008-08-121-93/+1018
| | | | | | | | | | | ldap add and modify operation performed on the userPassword attribute. Add helper functions to reduce code duplication. Do not enforce encrypted connections on ldap add/ldap mod for compatibility reasons. (We cannot enforce people not to send the password in the clear anyway, we can only refuse to accept it at the most which does not gain you much if someone then re-send you the same password previously exposed)
* Treat Jan 1 1970 in krbPrincipalExpiration as a special date that meansSimo Sorce2008-08-071-4/+5
| | | | the account Never Expires
* Fix a stupidty introduced recently in a fix to a segfault.Simo Sorce2008-07-241-3/+5
|
* Cleaned up comments that were mangled by vimNathan Kinder2008-07-181-7/+7
|
* Re-base memberOf plug-in off of current FDS memberOf plug-in. Resolves: ↵Nathan Kinder2008-07-184-643/+1189
| | | | 452537, 453011, 443241, 439628
* If krbPasswordExpiration or krbLastPwdChange are not present on the entrySimo Sorce2008-07-071-11/+21
| | | | | we might segfault trying a direct strcmp(), check they are not NULL. Also fix a couple of memleaks.
* Fix some small issues that caused compiler warnings, like uninitialized or ↵Martin Nagy2008-06-302-3/+5
| | | | unused variables or missing krb5 prototypes.
* slapi_pw_find_sv() expects an array, make sure we have a NULL terminatedSimo Sorce2008-06-301-5/+9
| | | | | one to avoid potential segfaults Avoid leaking memory too.
* Fix cut&paste errorSimo Sorce2008-06-111-2/+1
|
* Let DS encode the password, this will allow IPA -> AD passwordSimo Sorce2008-06-111-10/+4
| | | | synchronization to work again.
* Fedora DS 1.1.1 exposes a public task api. In order for ipa-1-0 to build ↵Rich Megginson2008-05-301-47/+90
| | | | against this, ipa-memberof.c needs to be able to use the public api or the private one.
* Use a value that is explicitly 64bit on all architecturesSimo Sorce2008-05-231-13/+13
|
* remove useless if-before-free testsJim Meyering2008-05-151-24/+12
| | | | | | | | | | | | I've been on a crusade (;-) to remove useless if-before-free tests, so ran a script that spotted some here. I think I removed the first batch (without braces) automatically, then manually removed the ones with curly braces around the free statements. You may well have doubts about the portability of removing those tests, but as long as you don't care about SunOS4 or earlier, you'll be fine. I've done similar things for e.g., coreutils, glibc, and git, and have had no problems.
* * ipa_pwd_extop.c (encrypt_encode_key): Handle malloc failure.Jim Meyering2008-05-151-0/+5
|
* If there is an error we need to send back a reply ourselves.Simo Sorce2008-05-151-2/+11
| | | | Return also an intelligible error message.
* For some unknown reason the sort control returns values sorted in reverse.Simo Sorce2008-05-151-1/+3
| | | | Ask for inverse order to get them straight ...
* Implement checks to make sure we are not assigning a number that is in use.Simo Sorce2008-05-151-181/+455
| | | | | | Change config to support a maximum value so that ranges can be defined. Add stubs to reach out and ask to swap in new ranges and notify that new chuncks are needed/used.
* Indent the plugin accordingly to our style guidelines.Simo Sorce2008-05-071-802/+758
| | | | Used indent -kr -nut dna.c for most of the changes
* This patch begins the process of replacing OpenLDAP with mozldap.W. Michael Petullo2008-05-013-3/+0
| | | | | | | | | FreeIPA relies on RedHat's Directory Server, which uses mozldap. A FreeIPA build using mozldap would reduce the project's dependencies and redundant code. In addition, mozldap uses NSS instead of OpenSSL. This is beneficial for the reasons listed in [1]. [1] http://fedoraproject.org/wiki/FedoraCryptoConsolidation
* Fixed various memory leaks in memberOf plug-in.Nathan Kinder2008-04-221-2/+9
| | | | 440474
* Password policy checks fixes.Simo Sorce2008-04-071-37/+94
| | | | | | - don't let a user set a password identical to the current one. - don't check more then the policy defined number of passwords in history - don't set an history longer than policy defined
* Some more function name errors due to merge from DS own memberof plugin thatSimo Sorce2008-03-311-6/+6
| | | | has different function names. This was a runtime linker crash bug :/
* Fix typoSimo Sorce2008-03-311-2/+2
|
* Avoid listing a group as a memberOf itself when a circular groupingNathan Kinder2008-03-281-10/+23
| | | | | | | | | | is created. We basically just need to add a check to see if we're to use a group DN as the memberOf value when performing an operation on itself for all operation types. 439450
* Fixed handling of modify operations that delete all present memberNathan Kinder2008-03-281-2/+13
| | | | | | | | | | | | | values without specifying the values to delete in the memberOf plug-in. Member entries were not being updated because the code used the values in the mod to find the member entries to update. The fix is to detect when a delete modify has no values specified and just use the replace code since it compares the pre-op and post-op copies of the group to figure out what member entries to update. 439097
* Handle MODRDN operations properly for indirect group members.Nathan Kinder2008-03-261-1/+11
| | | | | | | Without this, an entry's memberOf attribute is not updated with the new group DN when an indirect group is renamed. This is in bugzilla for FDS as bz 438891.
* Purely indentiation, trailing spaces, cosmetic fixesSimo Sorce2008-02-211-133/+173
|