summaryrefslogtreecommitdiffstats
path: root/daemons/ipa-slapi-plugins
diff options
context:
space:
mode:
Diffstat (limited to 'daemons/ipa-slapi-plugins')
-rw-r--r--daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c4
-rw-r--r--daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c5
-rw-r--r--daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h1
3 files changed, 10 insertions, 0 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c
index 5dc606d22..f79c0b4a6 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c
@@ -232,6 +232,7 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void)
/* get the ipa etc/ipaConfig entry */
config->allow_nt_hash = false;
+ config->disable_setkeytab = false;
ret = ipapwd_getEntry(ipa_etc_config_dn, &config_entry, NULL);
if (ret != LDAP_SUCCESS) {
LOG_FATAL("No config Entry?\n");
@@ -243,6 +244,9 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void)
if (strcasecmp(tmparray[i], "AllowNThash") == 0) {
config->allow_nt_hash = true;
continue;
+ } else if (strcasecmp(tmparray[i], "DisableSetKeytab") == 0) {
+ config->disable_setkeytab = true;
+ continue;
}
}
if (tmparray) slapi_ch_array_free(tmparray);
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
index dc657cc4e..aa45ed3e7 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
@@ -1742,6 +1742,11 @@ static int ipapwd_extop(Slapi_PBlock *pb)
return ret;
}
if (strcasecmp(oid, KEYTAB_SET_OID) == 0) {
+ if (krbcfg->disable_setkeytab) {
+ errMesg = "Operation administratively disabled.\n";
+ rc = LDAP_UNWILLING_TO_PERFORM;
+ goto free_and_return;
+ }
ret = ipapwd_setkeytab(pb, krbcfg);
free_ipapwd_krbcfg(&krbcfg);
return ret;
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h
index 2e9d4fe86..a6a85d78d 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h
@@ -109,6 +109,7 @@ struct ipapwd_krbcfg {
char **passsync_mgrs;
int num_passsync_mgrs;
bool allow_nt_hash;
+ bool disable_setkeytab;
};
int ipapwd_entry_checks(Slapi_PBlock *pb, struct slapi_entry *e,
generated by cgit (git 2.34.1) at 2025-02-23 11:58:20 +0000