websms/freeipa
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Imported Upstream version 4.3.1

Browse Source
This commit is contained in:
Mario Fetka
2021-08-10 02:37:58 +02:00
parent a791de49a2
commit 2f177da8f2
2056 changed files with 421730 additions and 1668138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am
View File

@@ -1,29 +1,34 @@
NULL =
PLUGIN_COMMON_DIR = $(srcdir)/../common
MAINTAINERCLEANFILES = *~ Makefile.in
PLUGIN_COMMON_DIR = ../common
KRB5_UTIL_DIR = ../../../util
KRB5_UTIL_SRCS = $(KRB5_UTIL_DIR)/ipa_krb5.c \
$(KRB5_UTIL_DIR)/ipa_pwd.c \
$(KRB5_UTIL_DIR)/ipa_pwd_ntlm.c
ASN1_UTIL_DIR=../../../asn1
AM_CPPFLAGS = \
-I. \
-I$(srcdir) \
-I$(PLUGIN_COMMON_DIR) \
-I$(top_srcdir)/util \
-I$(top_srcdir)/asn1 \
-I$(KRB5_UTIL_DIR) \
-I$(ASN1_UTIL_DIR) \
-DPREFIX=\""$(prefix)"\" \
-DBINDIR=\""$(bindir)"\" \
-DLIBDIR=\""$(libdir)"\" \
-DLIBEXECDIR=\""$(libexecdir)"\" \
-DDATADIR=\""$(datadir)"\" \
$(DIRSRV_CFLAGS) \
$(CRYPTO_CFLAGS) \
$(LDAP_CFLAGS) \
$(LDAP_CFLAGS) \
$(KRB5_CFLAGS) \
$(NSPR_CFLAGS) \
$(SSL_CFLAGS) \
$(NSS_CFLAGS) \
$(WARN_CFLAGS) \
$(NULL)
AM_LDFLAGS = \
$(CRYPTO_LIBS) \
$(KRB5_LIBS) \
$(SSL_LIBS) \
$(LDAP_LIBS) \
$(NSPR_LIBS) \
$(NSS_LIBS) \
@@ -35,17 +40,14 @@ plugindir = $(libdir)/dirsrv/plugins
plugin_LTLIBRARIES = libipa_pwd_extop.la
libipa_pwd_extop_la_LIBADD = \
$(builddir)/../libotp/libotp.la \
$(top_builddir)/asn1/libipaasn1.la \
$(top_builddir)/util/libutil.la \
$(ASN1_UTIL_DIR)/libipaasn1.la \
$(NULL)
libipa_pwd_extop_la_SOURCES = \
common.c \
encoding.c \
prepost.c \
ipa_pwd_extop.c \
ipapwd.h \
otpctrl.c \
otpctrl.h \
syncreq.c \
$(KRB5_UTIL_SRCS) \
$(NULL)

226
daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.in
View File

@@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.16.1 from Makefile.am.
# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2018 Free Software Foundation, Inc.
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -89,17 +89,10 @@ PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = daemons/ipa-slapi-plugins/ipa-pwd-extop
subdir = ipa-slapi-plugins/ipa-pwd-extop
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/VERSION.m4 \
$(top_srcdir)/server.m4 $(top_srcdir)/configure.ac
am__aclocal_m4_deps = $(top_srcdir)/../version.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
@@ -138,11 +131,11 @@ am__installdirs = "$(DESTDIR)$(plugindir)" "$(DESTDIR)$(appdir)"
LTLIBRARIES = $(plugin_LTLIBRARIES)
am__DEPENDENCIES_1 =
libipa_pwd_extop_la_DEPENDENCIES = $(builddir)/../libotp/libotp.la \
$(top_builddir)/asn1/libipaasn1.la \
$(top_builddir)/util/libutil.la $(am__DEPENDENCIES_1)
am__objects_1 =
$(ASN1_UTIL_DIR)/libipaasn1.la $(am__DEPENDENCIES_1)
am__objects_1 = ipa_krb5.lo ipa_pwd.lo ipa_pwd_ntlm.lo
am__objects_2 =
am_libipa_pwd_extop_la_OBJECTS = common.lo encoding.lo prepost.lo \
ipa_pwd_extop.lo otpctrl.lo $(am__objects_1)
ipa_pwd_extop.lo syncreq.lo $(am__objects_1) $(am__objects_2)
libipa_pwd_extop_la_OBJECTS = $(am_libipa_pwd_extop_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
@@ -162,10 +155,7 @@ am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__maybe_remake_depfiles = depfiles
am__depfiles_remade = ./$(DEPDIR)/common.Plo ./$(DEPDIR)/encoding.Plo \
./$(DEPDIR)/ipa_pwd_extop.Plo ./$(DEPDIR)/otpctrl.Plo \
./$(DEPDIR)/prepost.Plo
am__depfiles_maybe = depfiles
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
@@ -217,7 +207,6 @@ DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
API_VERSION = @API_VERSION@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
@@ -226,15 +215,13 @@ AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CHECK_CFLAGS = @CHECK_CFLAGS@
CHECK_LIBS = @CHECK_LIBS@
CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
CMOCKA_LIBS = @CMOCKA_LIBS@
CONFIG_STATUS = @CONFIG_STATUS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CRYPTO_CFLAGS = @CRYPTO_CFLAGS@
CRYPTO_LIBS = @CRYPTO_LIBS@
CYGPATH_W = @CYGPATH_W@
DATA_VERSION = @DATA_VERSION@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DIRSRV_CFLAGS = @DIRSRV_CFLAGS@
@@ -248,37 +235,19 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GETTEXT_DOMAIN = @GETTEXT_DOMAIN@
GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GIT_BRANCH = @GIT_BRANCH@
GIT_VERSION = @GIT_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
INI_CFLAGS = @INI_CFLAGS@
INI_LIBS = @INI_LIBS@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
INTLLIBS = @INTLLIBS@
INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
IPAPLATFORM = @IPAPLATFORM@
IPA_DATA_DIR = @IPA_DATA_DIR@
IPA_SYSCONF_DIR = @IPA_SYSCONF_DIR@
JSLINT = @JSLINT@
KRAD_LIBS = @KRAD_LIBS@
KRB5KDC_SERVICE = @KRB5KDC_SERVICE@
KRB5_CFLAGS = @KRB5_CFLAGS@
KRB5_LIBS = @KRB5_LIBS@
LD = @LD@
LDAP_CFLAGS = @LDAP_CFLAGS@
LDAP_LIBS = @LDAP_LIBS@
LDFLAGS = @LDFLAGS@
LIBICONV = @LIBICONV@
LIBINTL = @LIBINTL@
LIBINTL_LIBS = @LIBINTL_LIBS@
LIBOBJS = @LIBOBJS@
LIBPDB_NAME = @LIBPDB_NAME@
LIBS = @LIBS@
@@ -287,22 +256,12 @@ LIBVERTO_CFLAGS = @LIBVERTO_CFLAGS@
LIBVERTO_LIBS = @LIBVERTO_LIBS@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAINT = @MAINT@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
MK_ASSIGN = @MK_ASSIGN@
MK_ELSE = @MK_ELSE@
MK_ENDIF = @MK_ENDIF@
MK_IFEQ = @MK_IFEQ@
MSGATTRIB = @MSGATTRIB@
MSGFMT = @MSGFMT@
MSGFMT_015 = @MSGFMT_015@
MSGMERGE = @MSGMERGE@
NAMED_GROUP = @NAMED_GROUP@
NDRNBT_CFLAGS = @NDRNBT_CFLAGS@
NDRNBT_LIBS = @NDRNBT_LIBS@
NDRPAC_CFLAGS = @NDRPAC_CFLAGS@
@@ -315,10 +274,10 @@ NSPR_CFLAGS = @NSPR_CFLAGS@
NSPR_LIBS = @NSPR_LIBS@
NSS_CFLAGS = @NSS_CFLAGS@
NSS_LIBS = @NSS_LIBS@
NUM_VERSION = @NUM_VERSION@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
ODS_USER = @ODS_USER@
OPENLDAP_CFLAGS = @OPENLDAP_CFLAGS@
OPENLDAP_LIBS = @OPENLDAP_LIBS@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
@@ -332,16 +291,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
PLATFORM_PYTHON = @PLATFORM_PYTHON@
POPT_CFLAGS = @POPT_CFLAGS@
POPT_LIBS = @POPT_LIBS@
POSUB = @POSUB@
PYLINT = @PYLINT@
PYTHON = @PYTHON@
PYTHON2 = @PYTHON2@
PYTHON3 = @PYTHON3@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_INSTALL_EXTRA_OPTIONS = @PYTHON_INSTALL_EXTRA_OPTIONS@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
@@ -349,13 +300,10 @@ RANLIB = @RANLIB@
SAMBA40EXTRA_LIBPATH = @SAMBA40EXTRA_LIBPATH@
SAMBAUTIL_CFLAGS = @SAMBAUTIL_CFLAGS@
SAMBAUTIL_LIBS = @SAMBAUTIL_LIBS@
SASL_CFLAGS = @SASL_CFLAGS@
SASL_LIBS = @SASL_LIBS@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
SSSCERTMAP_CFLAGS = @SSSCERTMAP_CFLAGS@
SSSCERTMAP_LIBS = @SSSCERTMAP_LIBS@
SSL_LIBS = @SSL_LIBS@
SSSIDMAP_CFLAGS = @SSSIDMAP_CFLAGS@
SSSIDMAP_LIBS = @SSSIDMAP_LIBS@
SSSNSSIDMAP_CFLAGS = @SSSNSSIDMAP_CFLAGS@
@@ -367,16 +315,8 @@ TEVENT_CFLAGS = @TEVENT_CFLAGS@
TEVENT_LIBS = @TEVENT_LIBS@
UNISTRING_LIBS = @UNISTRING_LIBS@
UNLINK = @UNLINK@
USE_NLS = @USE_NLS@
UUID_CFLAGS = @UUID_CFLAGS@
UUID_LIBS = @UUID_LIBS@
VENDOR_SUFFIX = @VENDOR_SUFFIX@
VERSION = @VERSION@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
XMLRPC_CFLAGS = @XMLRPC_CFLAGS@
XMLRPC_LIBS = @XMLRPC_LIBS@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
@@ -407,7 +347,6 @@ host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
i18ntests = @i18ntests@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
@@ -430,38 +369,43 @@ pythondir = @pythondir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
subdirs = @subdirs@
sysconfdir = @sysconfdir@
sysconfenvdir = @sysconfenvdir@
systemdsystemunitdir = @systemdsystemunitdir@
systemdtmpfilesdir = @systemdtmpfilesdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
NULL =
PLUGIN_COMMON_DIR = $(srcdir)/../common
MAINTAINERCLEANFILES = *~ Makefile.in
PLUGIN_COMMON_DIR = ../common
KRB5_UTIL_DIR = ../../../util
KRB5_UTIL_SRCS = $(KRB5_UTIL_DIR)/ipa_krb5.c \
$(KRB5_UTIL_DIR)/ipa_pwd.c \
$(KRB5_UTIL_DIR)/ipa_pwd_ntlm.c
ASN1_UTIL_DIR = ../../../asn1
AM_CPPFLAGS = \
-I. \
-I$(srcdir) \
-I$(PLUGIN_COMMON_DIR) \
-I$(top_srcdir)/util \
-I$(top_srcdir)/asn1 \
-I$(KRB5_UTIL_DIR) \
-I$(ASN1_UTIL_DIR) \
-DPREFIX=\""$(prefix)"\" \
-DBINDIR=\""$(bindir)"\" \
-DLIBDIR=\""$(libdir)"\" \
-DLIBEXECDIR=\""$(libexecdir)"\" \
-DDATADIR=\""$(datadir)"\" \
$(DIRSRV_CFLAGS) \
$(CRYPTO_CFLAGS) \
$(LDAP_CFLAGS) \
$(LDAP_CFLAGS) \
$(KRB5_CFLAGS) \
$(NSPR_CFLAGS) \
$(SSL_CFLAGS) \
$(NSS_CFLAGS) \
$(WARN_CFLAGS) \
$(NULL)
AM_LDFLAGS = \
$(CRYPTO_LIBS) \
$(KRB5_LIBS) \
$(SSL_LIBS) \
$(LDAP_LIBS) \
$(NSPR_LIBS) \
$(NSS_LIBS) \
@@ -474,8 +418,7 @@ plugindir = $(libdir)/dirsrv/plugins
plugin_LTLIBRARIES = libipa_pwd_extop.la
libipa_pwd_extop_la_LIBADD = \
$(builddir)/../libotp/libotp.la \
$(top_builddir)/asn1/libipaasn1.la \
$(top_builddir)/util/libutil.la \
$(ASN1_UTIL_DIR)/libipaasn1.la \
$(NULL)
libipa_pwd_extop_la_SOURCES = \
@@ -483,9 +426,7 @@ libipa_pwd_extop_la_SOURCES = \
encoding.c \
prepost.c \
ipa_pwd_extop.c \
ipapwd.h \
otpctrl.c \
otpctrl.h \
syncreq.c \
$(KRB5_UTIL_SRCS) \
$(NULL)
@@ -503,7 +444,7 @@ all: all-am
.SUFFIXES:
.SUFFIXES: .c .lo .o .obj
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
@@ -512,24 +453,24 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile'; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign ipa-slapi-plugins/ipa-pwd-extop/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile
$(AUTOMAKE) --foreign ipa-slapi-plugins/ipa-pwd-extop/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: $(am__configure_deps)
$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
@@ -577,17 +518,14 @@ mostlyclean-compile:
distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/common.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/encoding.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipa_pwd_extop.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/otpctrl.Plo@am__quote@ # am--include-marker
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/prepost.Plo@am__quote@ # am--include-marker
$(am__depfiles_remade):
@$(MKDIR_P) $(@D)
@echo '# dummy' >$@-t && $(am__mv) $@-t $@
am--depfiles: $(am__depfiles_remade)
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/common.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/encoding.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipa_krb5.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipa_pwd.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipa_pwd_extop.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipa_pwd_ntlm.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/prepost.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/syncreq.Plo@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)$(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -610,6 +548,27 @@ am--depfiles: $(am__depfiles_remade)
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
ipa_krb5.lo: $(KRB5_UTIL_DIR)/ipa_krb5.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ipa_krb5.lo -MD -MP -MF $(DEPDIR)/ipa_krb5.Tpo -c -o ipa_krb5.lo `test -f '$(KRB5_UTIL_DIR)/ipa_krb5.c' || echo '$(srcdir)/'`$(KRB5_UTIL_DIR)/ipa_krb5.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/ipa_krb5.Tpo $(DEPDIR)/ipa_krb5.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(KRB5_UTIL_DIR)/ipa_krb5.c' object='ipa_krb5.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ipa_krb5.lo `test -f '$(KRB5_UTIL_DIR)/ipa_krb5.c' || echo '$(srcdir)/'`$(KRB5_UTIL_DIR)/ipa_krb5.c
ipa_pwd.lo: $(KRB5_UTIL_DIR)/ipa_pwd.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ipa_pwd.lo -MD -MP -MF $(DEPDIR)/ipa_pwd.Tpo -c -o ipa_pwd.lo `test -f '$(KRB5_UTIL_DIR)/ipa_pwd.c' || echo '$(srcdir)/'`$(KRB5_UTIL_DIR)/ipa_pwd.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/ipa_pwd.Tpo $(DEPDIR)/ipa_pwd.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(KRB5_UTIL_DIR)/ipa_pwd.c' object='ipa_pwd.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ipa_pwd.lo `test -f '$(KRB5_UTIL_DIR)/ipa_pwd.c' || echo '$(srcdir)/'`$(KRB5_UTIL_DIR)/ipa_pwd.c
ipa_pwd_ntlm.lo: $(KRB5_UTIL_DIR)/ipa_pwd_ntlm.c
@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ipa_pwd_ntlm.lo -MD -MP -MF $(DEPDIR)/ipa_pwd_ntlm.Tpo -c -o ipa_pwd_ntlm.lo `test -f '$(KRB5_UTIL_DIR)/ipa_pwd_ntlm.c' || echo '$(srcdir)/'`$(KRB5_UTIL_DIR)/ipa_pwd_ntlm.c
@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/ipa_pwd_ntlm.Tpo $(DEPDIR)/ipa_pwd_ntlm.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$(KRB5_UTIL_DIR)/ipa_pwd_ntlm.c' object='ipa_pwd_ntlm.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ipa_pwd_ntlm.lo `test -f '$(KRB5_UTIL_DIR)/ipa_pwd_ntlm.c' || echo '$(srcdir)/'`$(KRB5_UTIL_DIR)/ipa_pwd_ntlm.c
mostlyclean-libtool:
-rm -f *.lo
@@ -689,10 +648,7 @@ cscopelist-am: $(am__tagged_files)
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) distdir-am
distdir-am: $(DISTFILES)
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
@@ -759,17 +715,14 @@ distclean-generic:
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
clean: clean-am
clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
mostlyclean-am
distclean: distclean-am
-rm -f ./$(DEPDIR)/common.Plo
-rm -f ./$(DEPDIR)/encoding.Plo
-rm -f ./$(DEPDIR)/ipa_pwd_extop.Plo
-rm -f ./$(DEPDIR)/otpctrl.Plo
-rm -f ./$(DEPDIR)/prepost.Plo
-rm -rf ./$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -815,11 +768,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -f ./$(DEPDIR)/common.Plo
-rm -f ./$(DEPDIR)/encoding.Plo
-rm -f ./$(DEPDIR)/ipa_pwd_extop.Plo
-rm -f ./$(DEPDIR)/otpctrl.Plo
-rm -f ./$(DEPDIR)/prepost.Plo
-rm -rf ./$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -840,21 +789,20 @@ uninstall-am: uninstall-appDATA uninstall-pluginLTLIBRARIES
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \
clean-generic clean-libtool clean-pluginLTLIBRARIES \
cscopelist-am ctags ctags-am distclean distclean-compile \
distclean-generic distclean-libtool distclean-tags distdir dvi \
dvi-am html html-am info info-am install install-am \
install-appDATA install-data install-data-am install-dvi \
install-dvi-am install-exec install-exec-am install-html \
install-html-am install-info install-info-am install-man \
install-pdf install-pdf-am install-pluginLTLIBRARIES \
install-ps install-ps-am install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am uninstall-appDATA \
uninstall-pluginLTLIBRARIES
.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
clean-libtool clean-pluginLTLIBRARIES cscopelist-am ctags \
ctags-am distclean distclean-compile distclean-generic \
distclean-libtool distclean-tags distdir dvi dvi-am html \
html-am info info-am install install-am install-appDATA \
install-data install-data-am install-dvi install-dvi-am \
install-exec install-exec-am install-html install-html-am \
install-info install-info-am install-man install-pdf \
install-pdf-am install-pluginLTLIBRARIES install-ps \
install-ps-am install-strip installcheck installcheck-am \
installdirs maintainer-clean maintainer-clean-generic \
mostlyclean mostlyclean-compile mostlyclean-generic \
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-appDATA uninstall-pluginLTLIBRARIES
.PRECIOUS: Makefile

134
daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c
View File

@@ -46,7 +46,6 @@
/* Type of connection for this operation;*/
#define LDAP_EXTOP_PASSMOD_CONN_SECURE
/* Uncomment the following #undef FOR TESTING:
* allows non-SSL connections to use the password change extended op */
/* #undef LDAP_EXTOP_PASSMOD_CONN_SECURE */
@@ -233,28 +232,24 @@ static struct ipapwd_krbcfg *ipapwd_getConfig(void)
/* get the ipa etc/ipaConfig entry */
config->allow_nt_hash = false;
if (ipapwd_fips_enabled()) {
LOG("FIPS mode is enabled, NT hashes are not allowed.\n");
ret = ipapwd_getEntry(ipa_etc_config_dn, &config_entry, NULL);
if (ret != LDAP_SUCCESS) {
LOG_FATAL("No config Entry?\n");
goto free_and_error;
} else {
ret = ipapwd_getEntry(ipa_etc_config_dn, &config_entry, NULL);
if (ret != LDAP_SUCCESS) {
LOG_FATAL("No config Entry?\n");
goto free_and_error;
} else {
tmparray = slapi_entry_attr_get_charray(config_entry,
"ipaConfigString");
for (i = 0; tmparray && tmparray[i]; i++) {
if (strcasecmp(tmparray[i], "AllowNThash") == 0) {
config->allow_nt_hash = true;
continue;
}
tmparray = slapi_entry_attr_get_charray(config_entry,
"ipaConfigString");
for (i = 0; tmparray && tmparray[i]; i++) {
if (strcasecmp(tmparray[i], "AllowNThash") == 0) {
config->allow_nt_hash = true;
continue;
}
if (tmparray) slapi_ch_array_free(tmparray);
}
slapi_entry_free(config_entry);
if (tmparray) slapi_ch_array_free(tmparray);
}
slapi_entry_free(config_entry);
return config;
free_and_error:
@@ -322,6 +317,7 @@ int ipapwd_getPolicy(const char *dn,
int buffer_flags=0;
Slapi_ValueSet* results = NULL;
char *actual_type_name = NULL;
int tmpint;
LOG_TRACE("Searching policy for [%s]\n", dn);
@@ -386,9 +382,15 @@ int ipapwd_getPolicy(const char *dn,
/* read data out of policy object */
policy->min_pwd_life = slapi_entry_attr_get_int(pe, "krbMinPwdLife");
policy->max_pwd_life = slapi_entry_attr_get_int(pe, "krbMaxPwdLife");
tmpint = slapi_entry_attr_get_int(pe, "krbMaxPwdLife");
if (tmpint != 0) {
policy->max_pwd_life = tmpint;
}
policy->min_pwd_length = slapi_entry_attr_get_int(pe, "krbPwdMinLength");
tmpint = slapi_entry_attr_get_int(pe, "krbPwdMinLength");
if (tmpint != 0) {
policy->min_pwd_length = tmpint;
}
policy->history_length = slapi_entry_attr_get_int(pe,
"krbPwdHistoryLength");
@@ -553,14 +555,7 @@ int ipapwd_CheckPolicy(struct ipapwd_data *data)
pol.min_pwd_length = IPAPWD_DEFAULT_MINLEN;
switch(data->changetype) {
case IPA_CHANGETYPE_NORMAL:
/* Find the entry with the password policy */
ret = ipapwd_getPolicy(data->dn, data->target, &pol);
if (ret) {
LOG_TRACE("No password policy, use defaults");
}
break;
case IPA_CHANGETYPE_ADMIN:
case IPA_CHANGETYPE_ADMIN:
/* The expiration date needs to be older than the current time
* otherwise the KDC may not immediately register the password
* as expired. The last password change needs to match the
@@ -568,11 +563,14 @@ int ipapwd_CheckPolicy(struct ipapwd_data *data)
*/
data->timeNow -= 1;
data->expireTime = data->timeNow;
/* let set the entry password property according to its
* entry password policy (done with ipapwd_getPolicy)
* For this intentional fallthrough here
*/
break;
case IPA_CHANGETYPE_NORMAL:
/* Find the entry with the password policy */
ret = ipapwd_getPolicy(data->dn, data->target, &pol);
if (ret) {
LOG_TRACE("No password policy, use defaults");
}
break;
case IPA_CHANGETYPE_DSMGR:
/* PassSync agents and Directory Manager can administratively
* change the password without expiring it.
@@ -586,7 +584,6 @@ int ipapwd_CheckPolicy(struct ipapwd_data *data)
LOG_TRACE("No password policy, use defaults");
} else {
pol.max_pwd_life = tmppol.max_pwd_life;
pol.history_length = tmppol.history_length;
}
break;
default:
@@ -623,11 +620,7 @@ int ipapwd_CheckPolicy(struct ipapwd_data *data)
slapi_ch_array_free(pwd_history);
if (data->expireTime == 0) {
if (pol.max_pwd_life > 0) {
/* max_pwd_life = 0 => never expire
* set expire time only when max_pwd_life > 0 */
data->expireTime = data->timeNow + pol.max_pwd_life;
}
data->expireTime = data->timeNow + pol.max_pwd_life;
}
data->policy = pol;
@@ -712,33 +705,6 @@ next:
return kvno;
}
int ipapwd_setdate(Slapi_Entry *source, Slapi_Mods *smods, const char *attr,
time_t date, bool remove)
{
char timestr[GENERALIZED_TIME_LENGTH+1];
struct tm utctime;
Slapi_Attr *t;
bool exists;
exists = (slapi_entry_attr_find(source, attr, &t) == 0);
if (remove) {
if (exists) {
slapi_mods_add_mod_values(smods, LDAP_MOD_DELETE, attr, NULL);
}
return LDAP_SUCCESS;
}
if (!gmtime_r(&date, &utctime)) {
LOG_FATAL("failed to convert %s date\n", attr);
return LDAP_OPERATIONS_ERROR;
}
strftime(timestr, GENERALIZED_TIME_LENGTH + 1, "%Y%m%d%H%M%SZ", &utctime);
slapi_mods_add_string(smods, exists ? LDAP_MOD_REPLACE : LDAP_MOD_ADD,
attr, timestr);
return LDAP_SUCCESS;
}
/* Modify the Password attributes of the entry */
int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg,
struct ipapwd_data *data, int is_krb)
@@ -748,6 +714,8 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg,
Slapi_Value **svals = NULL;
Slapi_Value **ntvals = NULL;
Slapi_Value **pwvals = NULL;
struct tm utctime;
char timestr[GENERALIZED_TIME_LENGTH+1];
char *nt = NULL;
int is_smb = 0;
int is_ipant = 0;
@@ -799,19 +767,29 @@ int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg,
* keytab so don't set it on hosts.
*/
if (!is_host) {
/* change Last Password Change field with the current date */
ret = ipapwd_setdate(data->target, smods, "krbLastPwdChange",
data->timeNow, false);
if (ret != LDAP_SUCCESS)
goto free_and_return;
/* change Last Password Change field with the current date */
if (!gmtime_r(&(data->timeNow), &utctime)) {
LOG_FATAL("failed to retrieve current date (buggy gmtime_r ?)\n");
ret = LDAP_OPERATIONS_ERROR;
goto free_and_return;
}
strftime(timestr, GENERALIZED_TIME_LENGTH + 1,
"%Y%m%d%H%M%SZ", &utctime);
slapi_mods_add_string(smods, LDAP_MOD_REPLACE,
"krbLastPwdChange", timestr);
/* set Password Expiration date */
ret = ipapwd_setdate(data->target, smods, "krbPasswordExpiration",
data->expireTime, (data->expireTime == 0));
if (ret != LDAP_SUCCESS)
goto free_and_return;
/* set Password Expiration date */
if (!gmtime_r(&(data->expireTime), &utctime)) {
LOG_FATAL("failed to convert expiration date\n");
ret = LDAP_OPERATIONS_ERROR;
goto free_and_return;
}
strftime(timestr, GENERALIZED_TIME_LENGTH + 1,
"%Y%m%d%H%M%SZ", &utctime);
slapi_mods_add_string(smods, LDAP_MOD_REPLACE,
"krbPasswordExpiration", timestr);
}
}
}
if (nt && is_smb) {
slapi_mods_add_string(smods, LDAP_MOD_REPLACE,
@@ -1003,7 +981,7 @@ int ipapwd_set_extradata(const char *dn,
xdata[5] = (unixtime & 0xff000000) >> 24;
/* append the principal name */
memcpy(&xdata[6], principal, p_len);
strncpy(&xdata[6], principal, p_len);
xdata[xd_len -1] = 0;

2
daemons/ipa-slapi-plugins/ipa-pwd-extop/encoding.c
View File

@@ -157,7 +157,7 @@ Slapi_Value **ipapwd_encrypt_encode_key(struct ipapwd_krbcfg *krbcfg,
pwd.length = strlen(data->password);
}
kset = (struct ipapwd_keyset *) calloc(1, sizeof(struct ipapwd_keyset));
kset = malloc(sizeof(struct ipapwd_keyset));
if (!kset) {
LOG_OOM();
goto enc_error;

64
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c
View File

@@ -207,10 +207,8 @@ static int ipapwd_chpwop(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg)
char *attrlist[] = {"*", "passwordHistory", NULL };
struct ipapwd_data pwdata;
int is_krb, is_smb, is_ipant;
char *principal = NULL;
char *principal = NULL;
Slapi_PBlock *chpwop_pb = NULL;
Slapi_DN *target_sdn = NULL;
const char *target_dn = NULL;
/* Get the ber value of the extended operation */
slapi_pblock_get(pb, SLAPI_EXT_OP_REQ_VALUE, &extop_value);
@@ -329,32 +327,14 @@ parse_req_done:
}
}
/* Determine the target DN for this operation */
slapi_pblock_get(pb, SLAPI_TARGET_SDN, &target_sdn);
if (target_sdn != NULL) {
/* If there is a TARGET_DN we are consuming it */
slapi_pblock_set(pb, SLAPI_TARGET_SDN, NULL);
target_dn = slapi_sdn_get_ndn(target_sdn);
/* Determine the target DN for this operation */
/* Did they give us a DN ? */
if (dn == NULL || *dn == '\0') {
/* Get the DN from the bind identity on this connection */
dn = slapi_ch_strdup(bindDN);
LOG_TRACE("Missing userIdentity in request, "
"using the bind DN instead.\n");
}
if (target_dn == NULL || *target_dn == '\0') {
/* Did they give us a DN ? */
if (dn == NULL || *dn == '\0') {
/* Get the DN from the bind identity on this connection */
dn = slapi_ch_strdup(bindDN);
LOG_TRACE("Missing userIdentity in request, "
"using the bind DN instead.\n");
}
LOG_TRACE("extop dn %s (from ber)\n", dn ? dn : "<empty>");
} else {
/* At this point if SLAPI_TARGET_SDN was set that means
* that a SLAPI_PLUGIN_PRE_EXTOP_FN plugin sets it
* So take this one rather that the raw one that is in the ber
*/
LOG_TRACE("extop dn %s was translated to %s\n", dn ? dn : "<empty>", target_dn);
slapi_ch_free_string(&dn);
dn = slapi_ch_strdup(target_dn);
}
slapi_sdn_free(&target_sdn);
if (slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, dn )) {
LOG_FATAL("slapi_pblock_set failed!\n");
@@ -394,30 +374,21 @@ parse_req_done:
if (dn) {
Slapi_DN *bind_sdn;
Slapi_DN *target_sdn;
/* if the user changing the password is self, we must request the
* old password and verify it matches the current one before
* proceeding with the password change */
bind_sdn = slapi_sdn_new_dn_byval(bindDN);
target_sdn = slapi_sdn_new_dn_byval(dn);
rc = (!bind_sdn || !target_sdn) ? LDAP_OPERATIONS_ERROR : 0;
bind_sdn = slapi_sdn_new_dn_byref(bindDN);
target_sdn = slapi_sdn_new_dn_byref(dn);
if (!bind_sdn || !target_sdn) {
LOG_OOM();
rc = LDAP_OPERATIONS_ERROR;
goto free_and_return;
}
/* this one will normalize and compare, so difference in case will be
* correctly handled */
ret = slapi_sdn_compare(bind_sdn, target_sdn);
slapi_sdn_free(&bind_sdn);
slapi_sdn_free(&target_sdn);
/* rc should always be 0 (else slapi_sdn_new_dn_byval should have sigsev)
* but if we end in rc==LDAP_OPERATIONS_ERROR be sure to stop here
* because ret is not significant */
if (rc != 0) {
LOG_OOM();
goto free_and_return;
}
if (ret == 0) {
Slapi_Value *cpw[2] = { NULL, NULL };
Slapi_Value *pw;
@@ -595,8 +566,7 @@ parse_req_done:
} else {
principal = slapi_ch_smprintf("root/admin@%s", krbcfg->realm);
}
if (principal)
ipapwd_set_extradata(pwdata.dn, principal, pwdata.timeNow);
ipapwd_set_extradata(pwdata.dn, principal, pwdata.timeNow);
/* Free anything that we allocated above */
free_and_return:

2
daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h
View File

@@ -119,8 +119,6 @@ int ipapwd_gen_checks(Slapi_PBlock *pb, char **errMesg,
int ipapwd_CheckPolicy(struct ipapwd_data *data);
int ipapwd_getEntry(const char *dn, Slapi_Entry **e2, char **attrlist);
int ipapwd_get_cur_kvno(Slapi_Entry *target);
int ipapwd_setdate(Slapi_Entry *source, Slapi_Mods *smods, const char *attr,
time_t date, bool remove);
int ipapwd_SetPassword(struct ipapwd_krbcfg *krbcfg,
struct ipapwd_data *data, int is_krb);
Slapi_Value **ipapwd_setPasswordHistory(Slapi_Mods *smods,

58
daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c
View File

@@ -62,7 +62,7 @@
#include "ipapwd.h"
#include "util.h"
#include "otpctrl.h"
#include "syncreq.h"
#define IPAPWD_OP_NULL 0
#define IPAPWD_OP_ADD 1
@@ -176,11 +176,7 @@ static bool has_krbprincipalkey(Slapi_Entry *entry) {
if (rc || (num_keys <= 0)) {
/* this one is not valid, ignore it */
if (keys) {
ipa_krb5_free_key_data(keys, num_keys);
keys = NULL;
num_keys = 0;
}
if (keys) ipa_krb5_free_key_data(keys, num_keys);
} else {
/* It exists at least this one that is valid, no need to continue */
if (keys) ipa_krb5_free_key_data(keys, num_keys);
@@ -766,7 +762,7 @@ static int ipapwd_pre_mod(Slapi_PBlock *pb)
/* Check this is a clear text password, or refuse operation (only if we need
* to comput other hashes */
if (! unhashedpw && (gen_krb_keys || is_smb || is_ipant)) {
if ((userpw != NULL) && ('{' == userpw[0])) {
if ('{' == userpw[0]) {
if (0 == strncasecmp(userpw, "{CLEAR}", strlen("{CLEAR}"))) {
unhashedpw = slapi_ch_strdup(&userpw[strlen("{CLEAR}")]);
if (NULL == unhashedpw) {
@@ -1032,6 +1028,8 @@ static int ipapwd_post_modadd(Slapi_PBlock *pb)
struct ipapwd_operation *pwdop = NULL;
Slapi_Mods *smods;
Slapi_Value **pwvals;
struct tm utctime;
char timestr[GENERALIZED_TIME_LENGTH+1];
int ret;
char *errMsg = "Internal operations error\n";
struct ipapwd_krbcfg *krbcfg = NULL;
@@ -1117,19 +1115,25 @@ static int ipapwd_post_modadd(Slapi_PBlock *pb)
(slapi_entry_attr_has_syntax_value(pwdop->pwdata.target,
SLAPI_ATTR_OBJECTCLASS, ipahost)) == 0) {
/* set Password Expiration date */
ret = ipapwd_setdate(pwdop->pwdata.target, smods,
"krbPasswordExpiration",
pwdop->pwdata.expireTime,
(pwdop->pwdata.expireTime == 0));
if (ret != LDAP_SUCCESS)
if (!gmtime_r(&(pwdop->pwdata.expireTime), &utctime)) {
LOG_FATAL("failed to parse expiration date (buggy gmtime_r ?)\n");
goto done;
}
strftime(timestr, GENERALIZED_TIME_LENGTH+1,
"%Y%m%d%H%M%SZ", &utctime);
slapi_mods_add_string(smods, LDAP_MOD_REPLACE,
"krbPasswordExpiration", timestr);
/* change Last Password Change field with the current date */
ret = ipapwd_setdate(pwdop->pwdata.target, smods,
"krbLastPwdChange",
pwdop->pwdata.timeNow, false);
if (ret != LDAP_SUCCESS)
if (!gmtime_r(&(pwdop->pwdata.timeNow), &utctime)) {
LOG_FATAL("failed to parse current date (buggy gmtime_r ?)\n");
slapi_value_free(&ipahost);
goto done;
}
strftime(timestr, GENERALIZED_TIME_LENGTH+1,
"%Y%m%d%H%M%SZ", &utctime);
slapi_mods_add_string(smods, LDAP_MOD_REPLACE,
"krbLastPwdChange", timestr);
}
slapi_value_free(&ipahost);
}
@@ -1168,7 +1172,7 @@ done:
* validation.
*/
static bool ipapwd_pre_bind_otp(const char *bind_dn, Slapi_Entry *entry,
struct berval *creds, bool otpreq)
struct berval *creds)
{
uint32_t auth_types;
@@ -1200,10 +1204,10 @@ static bool ipapwd_pre_bind_otp(const char *bind_dn, Slapi_Entry *entry,
return false;
}
/* With no tokens, succeed if tokens aren't required. */
/* If the user has no active tokens, succeed. */
if (tokens[0] == NULL) {
otp_token_free_array(tokens);
return !otpreq;
return true;
}
if (otp_token_validate_berval(tokens, creds, NULL)) {
@@ -1214,7 +1218,7 @@ static bool ipapwd_pre_bind_otp(const char *bind_dn, Slapi_Entry *entry,
otp_token_free_array(tokens);
}
return (auth_types & OTP_CONFIG_AUTH_TYPE_PASSWORD) && !otpreq;
return auth_types & OTP_CONFIG_AUTH_TYPE_PASSWORD;
}
static int ipapwd_authenticate(const char *dn, Slapi_Entry *entry,
@@ -1383,7 +1387,6 @@ static int ipapwd_pre_bind(Slapi_PBlock *pb)
SLAPI_USERPWD_ATTR, "ipaUserAuthType", "krbprincipalkey", "uid",
"krbprincipalname", "objectclass", "passwordexpirationtime",
"passwordhistory", "krbprincipalexpiration", "krbcanonicalname",
"krbPasswordExpiration", "krblastpwchange",
NULL
};
struct berval *credentials = NULL;
@@ -1391,7 +1394,6 @@ static int ipapwd_pre_bind(Slapi_PBlock *pb)
char *dn = NULL;
int method = 0;
bool syncreq;
bool otpreq;
int ret = 0;
time_t current_time;
time_t expire_time;
@@ -1448,9 +1450,8 @@ static int ipapwd_pre_bind(Slapi_PBlock *pb)
}
/* Try to do OTP first. */
syncreq = otpctrl_present(pb, OTP_SYNC_REQUEST_OID);
otpreq = otpctrl_present(pb, OTP_REQUIRED_OID);
if (!syncreq && !ipapwd_pre_bind_otp(dn, entry, credentials, otpreq))
syncreq = sync_request_present(pb);
if (!syncreq && !ipapwd_pre_bind_otp(dn, entry, credentials))
goto invalid_creds;
/* Ensure that there is a password. */
@@ -1465,7 +1466,7 @@ static int ipapwd_pre_bind(Slapi_PBlock *pb)
}
/* Attempt to handle a token synchronization request. */
if (syncreq && !otpctrl_sync_handle(otp_config, pb, dn))
if (syncreq && !sync_request_handle(otp_config, pb, dn))
goto invalid_creds;
/* Attempt to write out kerberos keys for the user. */
@@ -1487,11 +1488,12 @@ int ipapwd_pre_init(Slapi_PBlock *pb)
int ret;
slapi_register_supported_control(OTP_SYNC_REQUEST_OID, SLAPI_OPERATION_BIND);
slapi_register_supported_control(OTP_REQUIRED_OID, SLAPI_OPERATION_BIND);
ret = slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION, SLAPI_PLUGIN_VERSION_01);
if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION, (void *)&ipapwd_plugin_desc);
if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_BIND_FN, (void *)ipapwd_pre_bind);
if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_ADD_FN, (void *)ipapwd_pre_add);
if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_PRE_MODIFY_FN, (void *)ipapwd_pre_mod);
return ret;
}
@@ -1515,7 +1517,9 @@ int ipapwd_post_init(Slapi_PBlock *pb)
ret = slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION, SLAPI_PLUGIN_VERSION_01);
if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION, (void *)&ipapwd_plugin_desc);
if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_POST_ADD_FN, (void *)ipapwd_post_modadd);
if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_POST_DELETE_FN, (void *)ipapwd_post_updatecfg);
if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_POST_MODIFY_FN, (void *)ipapwd_post_modadd);
if (!ret) ret = slapi_pblock_set(pb, SLAPI_PLUGIN_POST_MODRDN_FN, (void *)ipapwd_post_updatecfg);
return ret;

8
daemons/ipa-slapi-plugins/ipa-pwd-extop/otpctrl.c → daemons/ipa-slapi-plugins/ipa-pwd-extop/syncreq.c
View File

@@ -38,19 +38,19 @@
* END COPYRIGHT BLOCK **/
#include "../libotp/otp_token.h"
#include "otpctrl.h"
#include "syncreq.h"
bool otpctrl_present(Slapi_PBlock *pb, const char *oid)
bool sync_request_present(Slapi_PBlock *pb)
{
LDAPControl **controls = NULL;
if (slapi_pblock_get(pb, SLAPI_REQCONTROLS, &controls) != 0)
return false;
return ldap_control_find(oid, controls, NULL) != NULL;
return ldap_control_find(OTP_SYNC_REQUEST_OID, controls, NULL) != NULL;
}
bool otpctrl_sync_handle(const struct otp_config *cfg, Slapi_PBlock *pb,
bool sync_request_handle(const struct otp_config *cfg, Slapi_PBlock *pb,
const char *user_dn)
{
struct otp_token **tokens = NULL;

13
daemons/ipa-slapi-plugins/ipa-pwd-extop/otpctrl.h → daemons/ipa-slapi-plugins/ipa-pwd-extop/syncreq.h
View File

@@ -37,7 +37,9 @@
* All rights reserved.
* END COPYRIGHT BLOCK **/
#pragma once
#ifndef SYNCREQ_H_
#define SYNCREQ_H_
#include "../libotp/otp_config.h"
#include <stdbool.h>
@@ -53,10 +55,9 @@
*/
#define OTP_SYNC_REQUEST_OID "2.16.840.1.113730.3.8.10.6"
/* This control has no data. */
#define OTP_REQUIRED_OID "2.16.840.1.113730.3.8.10.7"
bool sync_request_present(Slapi_PBlock *pb);
bool otpctrl_present(Slapi_PBlock *pb, const char *oid);
bool otpctrl_sync_handle(const struct otp_config *cfg, Slapi_PBlock *pb,
bool sync_request_handle(const struct otp_config *cfg, Slapi_PBlock *pb,
const char *user_dn);
#endif /* SYNCREQ_H_ */