summaryrefslogtreecommitdiffstats
path: root/daemons
Commit message (Collapse)AuthorAgeFilesLines
* Fix typosYuri Chornoivan2011-09-0715-16/+16
| | | | | | Fix "The the" and "classses" in FreeIPA code and messages. https://fedorahosted.org/freeipa/ticket/1480
* daemons: Remove ipa_kpasswdSimo Sorce2011-08-266-1554/+0
| | | | | | Now that we have our own database we can properly enforce stricter constraints on how the db can be changed. Stop shipping our own kpasswd daemon and instead use the regular kadmin daemon.
* ipa-kdb: Be flexibleSimo Sorce2011-08-261-2/+2
| | | | | | | Although the proper values for booleans from LDAP should be only uppercase, 389ds does allow wrong cased values without complaining. And we still have some places where the wrong case is used. Avoid getting frustrating errors when reading these values out.
* ipa-pwd-extop: Allow kadmin to set krb keysSimo Sorce2011-08-262-48/+100
| | | | | | | Prevent the ipa-pwd-extop plugin from re-generating keys when kadimn is storing a new set of keys. Only generate the userPassword and sambaXXPassword hashes. Also avoid checking policies in this case and if history is provided avoid regenerating the passwordHistory too.
* ipa-kdb: add password policy supportSimo Sorce2011-08-264-8/+347
| | | | Use default policy for new principals created by kadmin
* ipa-pwd-extop: Use common password policy codeSimo Sorce2011-08-264-448/+127
|
* ipa-kdb: implement change_pwd functionSimo Sorce2011-08-265-11/+116
|
* ipa-kdb: implement function to retrieve password policiesSimo Sorce2011-08-264-43/+209
|
* ipa-kdb: Get/Store Master Key directly from LDAPSimo Sorce2011-08-265-12/+264
|
* ipa-kdb: add functions to change principalsSimo Sorce2011-08-263-1/+804
|
* ipa-kdb: add function to iterate over principalsSimo Sorce2011-08-261-1/+41
|
* ipa-kdb: add functions to delete principalsSimo Sorce2011-08-261-1/+121
|
* ipa-kdb: add function to free principalsSimo Sorce2011-08-261-1/+16
|
* ipa-kdb: functions to get principalSimo Sorce2011-08-264-35/+884
|
* ipa-kdb: add common utility ldap wrapper functionsSimo Sorce2011-08-263-0/+464
|
* ipa-kdb: implement get_time functionSimo Sorce2011-08-262-1/+6
|
* ipa-kdb: initialize module functionsSimo Sorce2011-08-263-6/+384
| | | | | Initialize module also on ipadb_create invocation. This is what kdb5_util expects.
* ipa-kdb: add exports fileSimo Sorce2011-08-262-1/+14
| | | | limit exported symbols only to the ones actually needed by krb5kdc
* ipa-kdb: Initial plugin skeletonSimo Sorce2011-08-265-0/+231
|
* ipa-pwd-extop: make encsalt parsing function commonSimo Sorce2011-08-261-91/+20
| | | | It is going to be used by the ipa-kdb module too.
* ipa-pwd-extop: Move encoding in common tooSimo Sorce2011-08-264-202/+50
| | | | Also to be used by ipa-kdb
* ipa-pwd-extop: Move encryption of keys in commonSimo Sorce2011-08-261-202/+9
| | | | This way we can reuse the same code from ipa-kdb later
* ipa-pwd-extop: Use common krb5 structs from kdb.hSimo Sorce2011-08-264-19/+14
| | | | This removes custom structures and allows easier sharing of code with ipa-kdb
* ipa-pwd-extop: re-indent code using old styleSimo Sorce2011-08-261-30/+30
|
* ipa-pwd-extop: Use the proper mkvno number in keysSimo Sorce2011-08-264-6/+6
| | | | | | | | Setting 0 will work as MIT KDCs assume the current master key when that is found. But it is a legacy compatibility mode and we should instead set the proper mkvno number on keys so changeing master key becomes possible w/o having to do a dump reload and stopping the service. This is especially important in replicated environments.
* ipa-pwd-extop: do not append mkvno to krbExtraDataSimo Sorce2011-08-261-9/+2
| | | | | mkvno is actually available as part of the key material. There is no need to store it in the krbExtraData field as it is unused there.
* ipa-pwd-extop: Remove unused variables and code to set themSimo Sorce2011-08-261-12/+0
|
* ipa-pwd_extop: use endian.h instead of nih functionSimo Sorce2011-08-263-10/+8
|
* Fix build warningsSimo Sorce2011-08-263-13/+15
| | | | Some are actual bugs.
* Fix thread deadlock by using pthreads library instead of NSPR.Rob Crittenden2011-08-242-14/+12
| | | | | | | The 389-ds team is in the process of exposing slapi_rwlock which we will switch to when it is available. https://fedorahosted.org/freeipa/ticket/1630
* Search for users in all the naming contexts present on the directory server.Jan Cholasta2011-08-221-14/+25
| | | | ticket 1655, 1656
* Don't set the password expiration to the current timeSimo Sorce2011-07-311-11/+14
| | | | This fixes a regression in the previous patch in ticket #1526.
* When setting a host password don't set krbPasswordExpiration.Rob Crittenden2011-07-291-8/+12
| | | | | | | This can cause problems if a host is enrolled, unenrolled and a password set. The password will be marked as expired like all new passwords are. https://fedorahosted.org/freeipa/ticket/1526
* Don't set krbLastPwdChange when setting a host OTP password.Rob Crittenden2011-07-183-37/+70
| | | | | | | | | | | | | | We have no visibility into whether an entry has a keytab or not so krbLastPwdChange is used as a rough guide. If this value exists during enrollment then it fails because the host is considered already joined. This was getting set when a OTP was added to a host that had already been enrolled (e.g. you enroll a host, unenroll it, set a OTP, then try to re-enroll). The second enrollment was failing because the enrollment plugin thought it was still enrolled becaused krbLastPwdChange was set. https://fedorahosted.org/freeipa/ticket/1357
* Reset failed login count to 0 when admin resets password.Rob Crittenden2011-07-131-0/+6
| | | | https://fedorahosted.org/freeipa/ticket/1441
* memory leak in ipa_winsync_get_new_ds_user_dn_cbRich Megginson2011-06-281-0/+1
| | | | | The new_dn_string passed into this function is malloc'd. It must be freed before we reassign the value.
* modify user deleted in AD crashes winsyncRich Megginson2011-06-281-1/+8
| | | | | | | | | | | | https://fedorahosted.org/freeipa/ticket/1382 crash in winsync if replaying a MOD and user does not exist in AD If the AD entry is deleted before the deletion can be synced back to IPA, and in the meantime an operation is performed on the corresponding entry in IPA that should be synced to AD, winsync attempts to get the AD entry and it is empty. This just means the operation will not go through, and the entry will be deleted when the sync from AD happens. The IPA winsync plugin needs to handle the case when the ad_entry is NULL.
* winsync enables disabled users in ADRich Megginson2011-06-281-3/+5
| | | | | | | | | | https://fedorahosted.org/freeipa/ticket/1379 winsync enables disabled users in AD when the AD entry changes This was likely broken when ipa switched from using CoS/groups for account inactivation to using nsAccountLock directly. The code that handled the account sync in the from AD direction was broken, but was never found before now because it had not been used. The fix is to correctly set or remove nsAccountLock.
* Fix issues found by Coverity.Jan Cholasta2011-05-094-14/+54
| | | | tickets 1166, 1167, 1168, 1169
* Fix resource leaks.Simo Sorce2011-03-281-0/+2
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/1119
* Fix uninitialized variable.Simo Sorce2011-03-241-1/+1
| | | | https://fedorahosted.org/freeipa/ticket/1118
* Make activated/inactivated groups optionalSimo Sorce2011-03-013-34/+40
| | | | | | directly change nsAccountLock on the entry if they are not used Fixes: https://fedorahosted.org/freeipa/ticket/1021
* Fix user synchronization.Simo Sorce2011-03-011-0/+2
| | | | | | | | | We need to set uidNumber and gidNumber to the magic values so that DNA can assign appropriate Ids, otherwise the synchronization of users from AD will fail with an error about posixAccount requiring a missing (uidNumber) attribute. Fixes: https://fedorahosted.org/freeipa/ticket/1020
* Unbreak the ipa winsync plugin.Simo Sorce2011-03-011-1/+1
| | | | | | Fix RDN construction. Fixes: https://fedorahosted.org/freeipa/ticket/1015
* Set the loginShell attribute on winsynced entries if configuredSimo Sorce2011-03-014-1/+66
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/266
* Reset target DN when generated UUID is used as RDNNathan Kinder2011-02-171-0/+4
| | | | | | | | | | | | | | | When the UUID plug-in generates a value that is used in the RDN of the entry being added, the old DN is free'd and replaced with the new DN. The problem is that the operation in the pblock holds a pointer to the old DN address. This can cause other plug-ins to reference garbage, leading to incorrect results or crashes. This was causing the attribute uniqueness plug-in to not work correctly, resulting in duplicate netgroup entries. The fix is to have the UUID plug-in reset the target DN after changing the DN of the entry to be added. ticket 963
* Fix duplicate OIDsSimo Sorce2011-02-172-3/+3
| | | | | | | | | | | | | | | Apparently we forgot to check OID consistency between the schema and the extensions, and we got duplicates. Technically the schema was done later but it is easier to change the extensions OIDs than to change the schema of current beta2/rc1 installations. The only side effect is that older ipa-getkeytab and ipa-join binaries will fail. So all the admin/client tools must be upgraded at the same time as well as all the masters (otherwise some will show/accept the new OID while others won't). Fixes: https://fedorahosted.org/freeipa/ticket/976
* Let 389-ds start up even if Kerboros is not configured yet.Rob Crittenden2011-02-143-8/+29
| | | | | | | | | | | | The situation is if during installation /etc/krb5.conf either doesn't exist or configures no realms then 389-ds won't start up at all, causing the installation to fail. This will let the server start up in a degraded mode. Also need to make the sub_dict in ldapupdate.py handle no realm otherwise the installation will abort enabling the compat plugin. ticket 606
* Correctly report if this is a krb related password operationSimo Sorce2011-02-141-0/+1
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/949
* Update krbExtraData too when changing passwords.Simo Sorce2011-02-144-0/+93
| | | | Fixes: https://fedorahosted.org/freeipa/ticket/937
generated by cgit (git 2.34.1) at 2024-06-20 20:04:43 +0000