freeipa.git/daemons, branch framework Unnamed repository; edit this file 'description' to name the repository. Return LDAP_SUCCESS on mods on a referral entry. 2012-05-11T06:37:41+00:00 Rob Crittenden rcritten@redhat.com 2012-05-10T14:27:50+00:00 58732a83bc4ea99ce9894f07232b890ae26682ef We currently return LDAP_REFERRAL which causes the mod to fail meaning that referral entries cannot be changed. All we really want to do is escape when we don't hvae an entry to modify. https://fedorahosted.org/freeipa/ticket/2237 
We currently return LDAP_REFERRAL which causes the mod to fail meaning
that referral entries cannot be changed.

All we really want to do is escape when we don't hvae an entry to modify.

https://fedorahosted.org/freeipa/ticket/2237
Fix theoretical leak discovered by coverity 2012-04-17T19:40:58+00:00 Simo Sorce ssorce@redhat.com 2012-04-17T19:35:59+00:00 adf16a9b1c52ea8ee1e9989b99ab7da32adddf38 This was introduced when we started checking the return from ipadb_get_context() to silence another coverity report. That condition can never be true in this function but whatever ... let's silence Coverity once again :) 
This was introduced when we started checking the return from
ipadb_get_context() to silence another coverity report.
That condition can never be true in this function but whatever ... let's
silence Coverity once again :)
Fix MS-PAC checks when using s4u2proxy 2012-04-03T13:28:50+00:00 Simo Sorce ssorce@redhat.com 2012-03-27T18:24:12+00:00 c007ac0d70ff7a3a4867a0316735e8cab9e34021 We were using the wrong principal in the s4u2proxy case. Fixes: https://fedorahosted.org/freeipa/ticket/2504 
We were using the wrong principal in the s4u2proxy case.

Fixes: https://fedorahosted.org/freeipa/ticket/2504
Fix failure count interval attribute name in query for password policy. 2012-03-29T04:52:25+00:00 Rob Crittenden rcritten@redhat.com 2012-03-29T21:40:11+00:00 56fa06fec4a841664f3ad6cbfb97979320c9bfd2 This was causing the failure count interval to not be applied so the failure count was never reset to 0. https://fedorahosted.org/freeipa/ticket/2540 
This was causing the failure count interval to not be applied so
the failure count was never reset to 0.

https://fedorahosted.org/freeipa/ticket/2540
Fix memleak and silence Coverity defects 2012-03-22T16:33:13+00:00 Simo Sorce ssorce@redhat.com 2012-03-20T13:47:52+00:00 735618a1c6aee05d1c6455320da46fc52c85ca8c Some of these are not real defects, because we are guaranteed to have valid context in some functions, and checks are not necessary. I added the checks anyway in order to silence Coverity on these issues. One meleak on error condition was fixed in daemons/ipa-kdb/ipa_kdb_pwdpolicy.c Silence errors in ipa-client/ipa-getkeytab.c, the code looks wrong, but it is actually fine as we count before hand so we never actually use the wrong value that is computed on the last pass when p == 0 Fixes: https://fedorahosted.org/freeipa/ticket/2488 
Some of these are not real defects, because we are guaranteed to have valid
context in some functions, and checks are not necessary.
I added the checks anyway in order to silence Coverity on these issues.

One meleak on error condition was fixed in
daemons/ipa-kdb/ipa_kdb_pwdpolicy.c

Silence errors in ipa-client/ipa-getkeytab.c, the code looks wrong, but it is
actually fine as we count before hand so we never actually use the wrong value
that is computed on the last pass when p == 0

Fixes: https://fedorahosted.org/freeipa/ticket/2488
Treat UPGs correctly in winsync replication 2012-03-15T08:57:37+00:00 Martin Kosek mkosek@redhat.com 2012-03-06T14:59:20+00:00 51601ac794ce589981c0cc3501d91518cea27f15 IPA winsync plugin failed to replicate users when default user group was non-posix even though User Private Groups (UPG) were enabled on the server. Both their uidNumber and gidNumber were empty and they missed essential object classes. When the default user group was made posix and UPG was disabled it did not set gidNumber to the default group gidNumber. This patch improves this behavior to set gidNumber correctly according to UPG configuration and the default group status (posix/non-posix). 4 situations can occur, the following list specifies what value is assigned to user gidNumber: 1) Default group posix, UPG enabled: gidNumber = UPG gidNumber 2) Default group posix, UPG disabled: gidNumber = default group gidNumber 3) Default group non-posix, UPG enabled: gidNumber = UPG gidNumber 4) Default group non-posix, UPG disabled: an error is printed to the dirsrv log as the gidNumber cannot be retrieved. User is replicated in the same way as before this patch, i.e. without essential object classes. https://fedorahosted.org/freeipa/ticket/2436 
IPA winsync plugin failed to replicate users when default user group
was non-posix even though User Private Groups (UPG) were enabled
on the server. Both their uidNumber and gidNumber were empty and
they missed essential object classes. When the default user group
was made posix and UPG was disabled it did not set gidNumber to
the default group gidNumber.

This patch improves this behavior to set gidNumber correctly
according to UPG configuration and the default group status
(posix/non-posix). 4 situations can occur, the following list
specifies what value is assigned to user gidNumber:
 1) Default group posix, UPG enabled: gidNumber = UPG gidNumber
 2) Default group posix, UPG disabled: gidNumber = default
    group gidNumber
 3) Default group non-posix, UPG enabled: gidNumber = UPG gidNumber
 4) Default group non-posix, UPG disabled: an error is printed to
    the dirsrv log as the gidNumber cannot be retrieved. User
    is replicated in the same way as before this patch, i.e.
    without essential object classes.

https://fedorahosted.org/freeipa/ticket/2436
ipa-kdb: fix delegation acl check 2012-02-28T18:03:22+00:00 Simo Sorce ssorce@redhat.com 2012-02-28T15:47:18+00:00 372d67ae81403cb919e3617563e8950e711623a1 We need to check for a matching acl only if one match hasn't already been found, otherwise results are unpredictable and order dependent. 
We need to check for a matching acl only if one match hasn't already been
found, otherwise results are unpredictable and order dependent.
policy: add function to check lockout policy 2012-02-20T01:43:45+00:00 Simo Sorce ssorce@redhat.com 2012-02-17T16:45:56+00:00 9942a29cab06ff99cdd3380c4daf3b41ebdf2fb8 Fixes: https://fedorahosted.org/freeipa/ticket/2393 
Fixes: https://fedorahosted.org/freeipa/ticket/2393
ipa-kdb: Fix ACL evaluator 2012-02-20T09:48:59+00:00 Simo Sorce ssorce@redhat.com 2012-02-17T23:19:01+00:00 8ec98dfcae3daf1324bf924e1bf1684007bcf9d1 Fixes: https://fedorahosted.org/freeipa/ticket/2343 
Fixes: https://fedorahosted.org/freeipa/ticket/2343
Remove compat defines 2012-02-16T19:45:23+00:00 Simo Sorce ssorce@redhat.com 2012-02-13T21:57:57+00:00 d5e4bd5c5900204fea9603807c64be2a959c2319 These definitions were needed during development to be a le to build against krb5 version < 1.10 These function headers and defintions are now available in 1.10 that is a hard dependency for freeipa 3.0, so we can safely drop them. 
These definitions were needed during development to be a le to build against
krb5 version < 1.10
These function headers and defintions are now available in 1.10 that is a hard
dependency for freeipa 3.0, so we can safely drop them.