websms/freeipa
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Imported Upstream version 4.6.2

Browse Source
This commit is contained in:
Mario Fetka
2021-07-25 07:32:41 +02:00
commit 8ff3be4216
1788 changed files with 1900965 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
util/Makefile.am Normal file
View File

@@ -0,0 +1,14 @@
AUTOMAKE_OPTIONS = 1.7 subdir-objects
AM_CPPFLAGS = $(CRYPTO_CFLAGS) $(KRB5_CFLAGS) $(LDAP_CFLAGS) $(NSS_CFLAGS)
noinst_LTLIBRARIES = libutil.la
libutil_la_SOURCES = ipa_krb5.c \
ipa_krb5.h \
ipa_mspac.h \
ipa_pwd.c \
ipa_pwd.h \
ipa_pwd_ntlm.c
libutil_la_LIBADD = $(CRYPTO_LIBS) $(KRB5_LIBS) $(LDAP_LIBS) $(NSS_LIBS)

711
util/Makefile.in Normal file
View File

@@ -0,0 +1,711 @@
# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
VPATH = @srcdir@
am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
false; \
elif test -n '$(MAKE_HOST)'; then \
true; \
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
true; \
else \
false; \
fi; \
}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
*) echo "am__make_running_with_option: internal error: invalid" \
"target option '$${target_option-}' specified" >&2; \
exit 1;; \
esac; \
has_opt=no; \
sane_makeflags=$$MAKEFLAGS; \
if $(am__is_gnu_make); then \
sane_makeflags=$$MFLAGS; \
else \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
bs=\\; \
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
esac; \
fi; \
skip_next=no; \
strip_trailopt () \
{ \
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
}; \
for flg in $$sane_makeflags; do \
test $$skip_next = yes && { skip_next=no; continue; }; \
case $$flg in \
*=*|--*) continue;; \
-*I) strip_trailopt 'I'; skip_next=yes;; \
-*I?*) strip_trailopt 'I';; \
-*O) strip_trailopt 'O'; skip_next=yes;; \
-*O?*) strip_trailopt 'O';; \
-*l) strip_trailopt 'l'; skip_next=yes;; \
-*l?*) strip_trailopt 'l';; \
-[dEDm]) skip_next=yes;; \
-[JT]) skip_next=yes;; \
esac; \
case $$flg in \
*$$target_option*) has_opt=yes; break;; \
esac; \
done; \
test $$has_opt = yes
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = util
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/gettext.m4 \
$(top_srcdir)/m4/iconv.m4 $(top_srcdir)/m4/intlmacosx.m4 \
$(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \
$(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/m4/nls.m4 $(top_srcdir)/m4/po.m4 \
$(top_srcdir)/m4/progtest.m4 $(top_srcdir)/VERSION.m4 \
$(top_srcdir)/server.m4 $(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
LTLIBRARIES = $(noinst_LTLIBRARIES)
am__DEPENDENCIES_1 =
libutil_la_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
am_libutil_la_OBJECTS = ipa_krb5.lo ipa_pwd.lo ipa_pwd_ntlm.lo
libutil_la_OBJECTS = $(am_libutil_la_OBJECTS)
AM_V_lt = $(am__v_lt_@AM_V@)
am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
am__v_lt_0 = --silent
am__v_lt_1 =
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
am__mv = mv -f
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \
$(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
$(AM_CFLAGS) $(CFLAGS)
AM_V_CC = $(am__v_CC_@AM_V@)
am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@)
am__v_CC_0 = @echo " CC " $@;
am__v_CC_1 =
CCLD = $(CC)
LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
$(AM_LDFLAGS) $(LDFLAGS) -o $@
AM_V_CCLD = $(am__v_CCLD_@AM_V@)
am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
am__v_CCLD_0 = @echo " CCLD " $@;
am__v_CCLD_1 =
SOURCES = $(libutil_la_SOURCES)
DIST_SOURCES = $(libutil_la_SOURCES)
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
# *not* preserved.
am__uniquify_input = $(AWK) '\
BEGIN { nonempty = 0; } \
{ items[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in items) print i; }; } \
'
# Make sure the list of sources is unique. This is necessary because,
# e.g., the same source file might be shared among _SOURCES variables
# for different programs/libraries.
am__define_uniq_tagged_files = \
list='$(am__tagged_files)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
API_VERSION = @API_VERSION@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CMOCKA_CFLAGS = @CMOCKA_CFLAGS@
CMOCKA_LIBS = @CMOCKA_LIBS@
CONFIG_STATUS = @CONFIG_STATUS@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CRYPTO_CFLAGS = @CRYPTO_CFLAGS@
CRYPTO_LIBS = @CRYPTO_LIBS@
CYGPATH_W = @CYGPATH_W@
DATA_VERSION = @DATA_VERSION@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DIRSRV_CFLAGS = @DIRSRV_CFLAGS@
DIRSRV_LIBS = @DIRSRV_LIBS@
DLLTOOL = @DLLTOOL@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GETTEXT_DOMAIN = @GETTEXT_DOMAIN@
GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GIT_BRANCH = @GIT_BRANCH@
GIT_VERSION = @GIT_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
INI_CFLAGS = @INI_CFLAGS@
INI_LIBS = @INI_LIBS@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
INTLLIBS = @INTLLIBS@
INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
IPAPLATFORM = @IPAPLATFORM@
IPA_DATA_DIR = @IPA_DATA_DIR@
IPA_SYSCONF_DIR = @IPA_SYSCONF_DIR@
JSLINT = @JSLINT@
KRAD_LIBS = @KRAD_LIBS@
KRB5KDC_SERVICE = @KRB5KDC_SERVICE@
KRB5_CFLAGS = @KRB5_CFLAGS@
KRB5_LIBS = @KRB5_LIBS@
LD = @LD@
LDAP_CFLAGS = @LDAP_CFLAGS@
LDAP_LIBS = @LDAP_LIBS@
LDFLAGS = @LDFLAGS@
LIBICONV = @LIBICONV@
LIBINTL = @LIBINTL@
LIBINTL_LIBS = @LIBINTL_LIBS@
LIBOBJS = @LIBOBJS@
LIBPDB_NAME = @LIBPDB_NAME@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
LIBVERTO_CFLAGS = @LIBVERTO_CFLAGS@
LIBVERTO_LIBS = @LIBVERTO_LIBS@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBICONV = @LTLIBICONV@
LTLIBINTL = @LTLIBINTL@
LTLIBOBJS = @LTLIBOBJS@
LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
MK_ASSIGN = @MK_ASSIGN@
MK_ELSE = @MK_ELSE@
MK_ENDIF = @MK_ENDIF@
MK_IFEQ = @MK_IFEQ@
MSGATTRIB = @MSGATTRIB@
MSGFMT = @MSGFMT@
MSGFMT_015 = @MSGFMT_015@
MSGMERGE = @MSGMERGE@
NAMED_GROUP = @NAMED_GROUP@
NDRNBT_CFLAGS = @NDRNBT_CFLAGS@
NDRNBT_LIBS = @NDRNBT_LIBS@
NDRPAC_CFLAGS = @NDRPAC_CFLAGS@
NDRPAC_LIBS = @NDRPAC_LIBS@
NDR_CFLAGS = @NDR_CFLAGS@
NDR_LIBS = @NDR_LIBS@
NM = @NM@
NMEDIT = @NMEDIT@
NSPR_CFLAGS = @NSPR_CFLAGS@
NSPR_LIBS = @NSPR_LIBS@
NSS_CFLAGS = @NSS_CFLAGS@
NSS_LIBS = @NSS_LIBS@
NUM_VERSION = @NUM_VERSION@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
ODS_USER = @ODS_USER@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PKG_CONFIG = @PKG_CONFIG@
PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
POPT_CFLAGS = @POPT_CFLAGS@
POPT_LIBS = @POPT_LIBS@
POSUB = @POSUB@
PYLINT = @PYLINT@
PYTHON = @PYTHON@
PYTHON2 = @PYTHON2@
PYTHON3 = @PYTHON3@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
PYTHON_INSTALL_EXTRA_OPTIONS = @PYTHON_INSTALL_EXTRA_OPTIONS@
PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
SAMBA40EXTRA_LIBPATH = @SAMBA40EXTRA_LIBPATH@
SAMBAUTIL_CFLAGS = @SAMBAUTIL_CFLAGS@
SAMBAUTIL_LIBS = @SAMBAUTIL_LIBS@
SASL_CFLAGS = @SASL_CFLAGS@
SASL_LIBS = @SASL_LIBS@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
SSSCERTMAP_CFLAGS = @SSSCERTMAP_CFLAGS@
SSSCERTMAP_LIBS = @SSSCERTMAP_LIBS@
SSSIDMAP_CFLAGS = @SSSIDMAP_CFLAGS@
SSSIDMAP_LIBS = @SSSIDMAP_LIBS@
SSSNSSIDMAP_CFLAGS = @SSSNSSIDMAP_CFLAGS@
SSSNSSIDMAP_LIBS = @SSSNSSIDMAP_LIBS@
STRIP = @STRIP@
TALLOC_CFLAGS = @TALLOC_CFLAGS@
TALLOC_LIBS = @TALLOC_LIBS@
TEVENT_CFLAGS = @TEVENT_CFLAGS@
TEVENT_LIBS = @TEVENT_LIBS@
UNISTRING_LIBS = @UNISTRING_LIBS@
UNLINK = @UNLINK@
USE_NLS = @USE_NLS@
UUID_CFLAGS = @UUID_CFLAGS@
UUID_LIBS = @UUID_LIBS@
VENDOR_SUFFIX = @VENDOR_SUFFIX@
VERSION = @VERSION@
XGETTEXT = @XGETTEXT@
XGETTEXT_015 = @XGETTEXT_015@
XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@
XMLRPC_CFLAGS = @XMLRPC_CFLAGS@
XMLRPC_LIBS = @XMLRPC_LIBS@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
i18ntests = @i18ntests@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
krb5rundir = @krb5rundir@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
pkgpyexecdir = @pkgpyexecdir@
pkgpythondir = @pkgpythondir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
pyexecdir = @pyexecdir@
pythondir = @pythondir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
sysconfenvdir = @sysconfenvdir@
systemdsystemunitdir = @systemdsystemunitdir@
systemdtmpfilesdir = @systemdtmpfilesdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
AUTOMAKE_OPTIONS = 1.7 subdir-objects
AM_CPPFLAGS = $(CRYPTO_CFLAGS) $(KRB5_CFLAGS) $(LDAP_CFLAGS) $(NSS_CFLAGS)
noinst_LTLIBRARIES = libutil.la
libutil_la_SOURCES = ipa_krb5.c \
ipa_krb5.h \
ipa_mspac.h \
ipa_pwd.c \
ipa_pwd.h \
ipa_pwd_ntlm.c
libutil_la_LIBADD = $(CRYPTO_LIBS) $(KRB5_LIBS) $(LDAP_LIBS) $(NSS_LIBS)
all: all-am
.SUFFIXES:
.SUFFIXES: .c .lo .o .obj
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
&& { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign util/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign util/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
clean-noinstLTLIBRARIES:
-test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES)
@list='$(noinst_LTLIBRARIES)'; \
locs=`for p in $$list; do echo $$p; done | \
sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
sort -u`; \
test -z "$$locs" || { \
echo rm -f $${locs}; \
rm -f $${locs}; \
}
libutil.la: $(libutil_la_OBJECTS) $(libutil_la_DEPENDENCIES) $(EXTRA_libutil_la_DEPENDENCIES)
$(AM_V_CCLD)$(LINK) $(libutil_la_OBJECTS) $(libutil_la_LIBADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipa_krb5.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipa_pwd.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipa_pwd_ntlm.Plo@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $<
.c.obj:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
.c.lo:
@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $<
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
ID: $(am__tagged_files)
$(am__define_uniq_tagged_files); mkid -fID $$unique
tags: tags-am
TAGS: tags
tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
set x; \
here=`pwd`; \
$(am__define_uniq_tagged_files); \
shift; \
if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
if test $$# -gt 0; then \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
"$$@" $$unique; \
else \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
$$unique; \
fi; \
fi
ctags: ctags-am
CTAGS: ctags
ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
$(am__define_uniq_tagged_files); \
test -z "$(CTAGS_ARGS)$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
$$unique
GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
&& $(am__cd) $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) "$$here"
cscopelist: cscopelist-am
cscopelist-am: $(am__tagged_files)
list='$(am__tagged_files)'; \
case "$(srcdir)" in \
[\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
*) sdir=$(subdir)/$(srcdir) ;; \
esac; \
for i in $$list; do \
if test -f "$$i"; then \
echo "$(subdir)/$$i"; \
else \
echo "$$sdir/$$i"; \
fi; \
done >> $(top_builddir)/cscope.files
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
check-am: all-am
check: check-am
all-am: Makefile $(LTLIBRARIES)
installdirs:
install: install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-am
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
install; \
else \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
clean: clean-am
clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \
mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
dvi: dvi-am
dvi-am:
html: html-am
html-am:
info: info-am
info-am:
install-data-am:
install-dvi: install-dvi-am
install-dvi-am:
install-exec-am:
install-html: install-html-am
install-html-am:
install-info: install-info-am
install-info-am:
install-man:
install-pdf: install-pdf-am
install-pdf-am:
install-ps: install-ps-am
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -rf ./$(DEPDIR)
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-compile mostlyclean-generic \
mostlyclean-libtool
pdf: pdf-am
pdf-am:
ps: ps-am
ps-am:
uninstall-am:
.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \
clean-libtool clean-noinstLTLIBRARIES cscopelist-am ctags \
ctags-am distclean distclean-compile distclean-generic \
distclean-libtool distclean-tags distdir dvi dvi-am html \
html-am info info-am install install-am install-data \
install-data-am install-dvi install-dvi-am install-exec \
install-exec-am install-html install-html-am install-info \
install-info-am install-man install-pdf install-pdf-am \
install-ps install-ps-am install-strip installcheck \
installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags tags-am uninstall uninstall-am
.PRECIOUS: Makefile
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:

1221
util/ipa_krb5.c Normal file
View File

File diff suppressed because it is too large Load Diff

84
util/ipa_krb5.h Normal file
View File

@@ -0,0 +1,84 @@
#pragma once
#include <lber.h>
#include <krb5/krb5.h>
#include <kdb.h>
struct krb_key_salt {
krb5_enctype enctype;
krb5_int32 salttype;
krb5_keyblock key;
krb5_data salt;
};
struct keys_container {
krb5_int32 nkeys;
struct krb_key_salt *ksdata;
};
/* Salt types */
#define NO_SALT -1
#define KRB5_KDB_SALTTYPE_NORMAL 0
#define KRB5_KDB_SALTTYPE_V4 1
#define KRB5_KDB_SALTTYPE_NOREALM 2
#define KRB5_KDB_SALTTYPE_ONLYREALM 3
#define KRB5_KDB_SALTTYPE_SPECIAL 4
#define KRB5_KDB_SALTTYPE_AFS3 5
#define KEYTAB_SET_OID "2.16.840.1.113730.3.8.10.1"
#define KEYTAB_RET_OID "2.16.840.1.113730.3.8.10.2"
#define KEYTAB_GET_OID "2.16.840.1.113730.3.8.10.5"
int krb5_klog_syslog(int, const char *, ...);
void
ipa_krb5_free_ktypes(krb5_context context, krb5_enctype *val);
krb5_error_code ipa_krb5_principal2salt_norealm(krb5_context context,
krb5_const_principal pr,
krb5_data *ret);
krb5_error_code ipa_krb5_generate_key_data(krb5_context krbctx,
krb5_principal principal,
krb5_data pwd, int kvno,
krb5_keyblock *kmkey,
int num_encsalts,
krb5_key_salt_tuple *encsalts,
int *_num_keys,
krb5_key_data **_keys);
void ipa_krb5_free_key_data(krb5_key_data *keys, int num_keys);
int ber_encode_krb5_key_data(krb5_key_data *data,
int numk, int mkvno,
struct berval **encoded);
int ber_decode_krb5_key_data(struct berval *encoded, int *m_kvno,
int *numk, krb5_key_data **data);
krb5_error_code parse_bval_key_salt_tuples(krb5_context kcontext,
const char * const *vals,
int n_vals,
krb5_key_salt_tuple **kst,
int *n_kst);
krb5_error_code filter_key_salt_tuples(krb5_context context,
krb5_key_salt_tuple *req, int n_req,
krb5_key_salt_tuple *supp, int n_supp,
krb5_key_salt_tuple **res, int *n_res);
void free_keys_contents(krb5_context krbctx, struct keys_container *keys);
struct berval *create_key_control(struct keys_container *keys,
const char *principalName);
int ipa_string_to_enctypes(const char *str, struct krb_key_salt **encsalts,
int *num_encsalts, char **err_msg);
int create_keys(krb5_context krbctx,
krb5_principal princ,
char *password,
const char *enctypes_string,
struct keys_container *keys,
char **err_msg);
int ipa_kstuples_to_string(krb5_key_salt_tuple *kst, int n_kst, char **str);

29
util/ipa_mspac.h Normal file
View File

@@ -0,0 +1,29 @@
#pragma once
char *ipa_mspac_well_known_sids[] = {
"S-1-0",
"S-1-1",
"S-1-2",
"S-1-3",
"S-1-5-1",
"S-1-5-2",
"S-1-5-3",
"S-1-5-4",
"S-1-5-5",
"S-1-5-6",
"S-1-5-7",
"S-1-5-8",
"S-1-5-9",
"S-1-5-10",
"S-1-5-11",
"S-1-5-12",
"S-1-5-13",
"S-1-5-14",
"S-1-5-15",
"S-1-5-16",
"S-1-5-17",
"S-1-5-18",
"S-1-5-19",
"S-1-5-20",
NULL
};

658
util/ipa_pwd.c Normal file
View File

@@ -0,0 +1,658 @@
/*
* Password related utils for FreeIPA
*
* Authors: Simo Sorce <ssorce@redhat.com>
*
* Copyright (C) 2011 Simo Sorce, Red Hat
* see file 'COPYING' for use and warranty information
*
* This program is free software you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _GNU_SOURCE
#define _GNU_SOURCE
#endif
#include <stdbool.h>
#include <stdio.h>
#include <time.h>
#include <ctype.h>
#include <nss.h>
#include <nssb64.h>
#include <hasht.h>
#include <pk11pub.h>
#include <errno.h>
#include "ipa_pwd.h"
#define GENERALIZED_TIME_LENGTH 15
#define DEFAULT_HASH_TYPE "{SHA512}"
/**
* @brief Calculate utf8 string length
*
* @param str The string
* @param blength Integer into which returns the length in bytes
*
* @return Returns the number of utf8 characters, optionally if blength
* is not NULL it will contain the legth in bytes too.
*/
static int strlen_utf8(char *str, int *blength)
{
int i, j = 0;
for (i = 0; str[i]; i++) {
if ((str[i] & 0xC0) != 0x80) {
j++;
}
}
if (blength) {
*blength = i;
}
return j;
}
/**
* @brief Get the next utf8 code point
*
* @param cp The utf8 string
*
* @return ther pointer to the next code point or NULL
*/
static char *utf8_next(char *cp)
{
int t, c, i;
int ct = (unsigned char)*cp;
if (ct == 0) {
return NULL;
}
if (ct < 0x80) {
return cp + 1;
}
t = 0xE0;
c = 2;
while (t != 0xFF) {
if (ct < t) {
for (i = 0; i < c && cp[i]; i++) ;
if (i != c) {
return NULL;
}
return cp + c;
}
t = (t >> 1) | 0x80;
c++;
}
return NULL;
}
static bool utf8_isdigit(char *p)
{
if (*p & 0x80) {
return false;
}
return isdigit(*p);
}
static bool utf8_isalpha(char *p)
{
if (*p & 0x80) {
return false;
}
return isalpha(*p);
}
/**
* @brief Get a string in generalize time format and returns time_t
*
* @param timestr The input string
*
* @return the time represented by the string or 0 on error
*/
time_t ipapwd_gentime_to_time_t(char *timestr)
{
struct tm tm;
time_t rtime = 0;
int ret;
if (timestr != NULL) {
memset(&tm, 0, sizeof(struct tm));
ret = sscanf(timestr, "%04u%02u%02u%02u%02u%02u",
&tm.tm_year, &tm.tm_mon, &tm.tm_mday,
&tm.tm_hour, &tm.tm_min, &tm.tm_sec);
if (ret == 6) {
tm.tm_year -= 1900;
tm.tm_mon -= 1;
rtime = timegm(&tm);
}
}
return rtime;
}
static int ipapwd_gentime_cmp(const void *p1, const void *p2)
{
/* generalized time can be compared directly as ASCII codes
* are ordered numerically so a higher char value corresponds to
* a higher letter or number */
/* return youngest first by inverting terms */
return memcmp(*(void * const *)p2, *(void * const *)p1, GENERALIZED_TIME_LENGTH);
}
#define SHA_SALT_LENGTH 8
/* SHA*_LENGTH leghts come from nss3/hasht.h */
#define SHA_HASH_MAX_LENGTH SHA512_LENGTH
static int ipapwd_hash_type_to_alg(char *hash_type,
SECOidTag *hash_alg,
unsigned int *hash_alg_len)
{
if (strncmp("{SSHA}", hash_type, 6) == 0) {
*hash_alg = SEC_OID_SHA1;
*hash_alg_len = SHA1_LENGTH;
return 0;
}
if (strncmp("{SHA256}", hash_type, 8) == 0) {
*hash_alg = SEC_OID_SHA256;
*hash_alg_len = SHA256_LENGTH;
return 0;
}
if (strncmp("{SHA384}", hash_type, 8) == 0) {
*hash_alg = SEC_OID_SHA384;
*hash_alg_len = SHA384_LENGTH;
return 0;
}
if (strncmp("{SHA512}", hash_type, 8) == 0) {
*hash_alg = SEC_OID_SHA512;
*hash_alg_len = SHA512_LENGTH;
return 0;
}
return -1;
}
/**
* @brief Hashes a password using the hash_type requested
*
* @param password The cleartext password to hash
* @param psalt An 8 byte salt, if NULL a random one is used
* @param hash_type The hash type ({SSHA}, {SHA256}, {SHA384}, {SHA512})
* @param full_hash The resulting hash with the salt appended
*
* @return 0 on success, -1 on error.
*/
static int ipapwd_hash_password(char *password,
char *hash_type,
unsigned char *salt,
unsigned char **full_hash,
unsigned int *full_hash_len)
{
unsigned char *fh = NULL;
unsigned int fhl = 0;
unsigned char *pwd = (unsigned char *)password;
unsigned int pwdlen = strlen(password);
unsigned char saltbuf[SHA_SALT_LENGTH];
unsigned char hash[SHA_HASH_MAX_LENGTH];
unsigned int hash_len;
SECOidTag hash_alg;
unsigned int hash_alg_len;
PK11Context *ctx = NULL;
int ret;
NSS_NoDB_Init(".");
if (!salt) {
PK11_GenerateRandom(saltbuf, SHA_SALT_LENGTH);
salt = saltbuf;
}
ret = ipapwd_hash_type_to_alg(hash_type, &hash_alg, &hash_alg_len);
if (ret) {
return -1;
}
ctx = PK11_CreateDigestContext(hash_alg);
if (ctx == NULL) {
return -1;
}
memset(hash, 0, sizeof(hash));
ret = PK11_DigestBegin(ctx);
if (ret == SECSuccess) {
ret = PK11_DigestOp(ctx, pwd, pwdlen);
}
if (ret == SECSuccess) {
ret = PK11_DigestOp(ctx, salt, SHA_SALT_LENGTH);
}
if (ret == SECSuccess) {
ret = PK11_DigestFinal(ctx, hash, &hash_len, hash_alg_len);
}
if (ret != SECSuccess) {
ret = -1;
goto done;
}
if (hash_len != hash_alg_len) {
ret = -1;
goto done;
}
fhl = hash_len + SHA_SALT_LENGTH;
fh = malloc(fhl + 1);
if (!fh) {
ret = -1;
goto done;
}
memcpy(fh, hash, hash_len);
memcpy(fh + hash_len, salt, SHA_SALT_LENGTH);
memset(fh + fhl, '\0', 1);
done:
PK11_DestroyContext(ctx, 1);
*full_hash = fh;
*full_hash_len = fhl;
return ret;
}
/**
* @brief Compares the provided password with a history element
*
* @param password A cleartext password
* @param historyString A history element.
*
* A history element is a base64 string of a hash+salt buffer, prepended
* by the hash type enclosed within curly braces.
*
* @return 0 if password matches, 1 if it doesn't and -1 on errors.
*/
static int ipapwd_cmp_password(char *password, char *historyString)
{
char *hash_type;
char *b64part;
size_t b64_len;
SECItem *item;
unsigned char *salt;
unsigned char *hash = NULL;
unsigned int hash_len;
int ret;
NSS_NoDB_Init(".");
hash_type = historyString;
b64part = strchr(historyString, '}');
if (!b64part) {
return -1;
}
b64part++;
b64_len = strlen(b64part);
item = NSSBase64_DecodeBuffer(NULL, NULL, b64part, b64_len);
if (!item) {
return -1;
}
if (item->len <= SHA_SALT_LENGTH) {
ret = -1;
goto done;
}
salt = item->data + (item->len - SHA_SALT_LENGTH);
ret = ipapwd_hash_password(password, hash_type, salt, &hash, &hash_len);
if (ret != 0) {
goto done;
}
if (hash_len != item->len) {
ret = 1;
goto done;
}
if (memcmp(item->data, hash, hash_len)) {
ret = 1;
goto done;
}
ret = 0;
done:
SECITEM_FreeItem(item, 1);
free(hash);
return ret;
}
/**
* @brief Returns a history element string
*
* A history element is a base64 string of a hash+salt buffer, prepended
* by the hash type enclosed within curly braces.
*
* @param hash_time The time at which the hash has been created
* @param hash_type The hash type ({SSHA}, {SHA256}, {SHA384}, {SHA512})
* @param hash A binary buffer containing hash+salt
* @param hash_len The length of the hash binary buffer
*
* @return A history element string or NULL on error.
*/
static char *ipapwd_hash_to_history(time_t hash_time,
char *hash_type,
unsigned char *hash,
unsigned int hash_len)
{
struct tm utctime;
char timestr[GENERALIZED_TIME_LENGTH+1];
SECItem item;
char *encoded;
char *history;
int ret;
if (!gmtime_r(&hash_time, &utctime)) {
return NULL;
}
strftime(timestr, GENERALIZED_TIME_LENGTH+1, "%Y%m%d%H%M%SZ", &utctime);
NSS_NoDB_Init(".");
item.type = siBuffer;
item.data = hash;
item.len = hash_len;
encoded = NSSBase64_EncodeItem(NULL, NULL, 0, &item);
if (!encoded) {
return NULL;
}
ret = asprintf(&history, "%s%s%s", timestr, hash_type, encoded);
if (ret == -1) {
history = NULL;
}
free(encoded);
return history;
}
/**
* @brief Funtion used to check password policies on a password change.
*
* @param policy The policy to check against
* @param password The new password
* @param cur_time The current time, usually set to time(NULL)
* @param acct_expiration Account expiration
* @param pwd_expiration Password expiration
* @param last_pwd_change Last Password change
* @param pwd_history Password history (must include current password)
*
* @return 0 if ok, or appropriate IPAPWD error otherwise.
*/
int ipapwd_check_policy(struct ipapwd_policy *policy,
char *password,
time_t cur_time,
time_t acct_expiration,
time_t pwd_expiration,
time_t last_pwd_change,
char **pwd_history)
{
int pwdlen, blen;
int ret;
if (!policy || !password) {
return IPAPWD_POLICY_ERROR;
}
/* check account is not expired. Ignore unixtime = 0 (Jan 1 1970) */
if (acct_expiration != 0) {
/* if expiration date is set check it */
if (cur_time > acct_expiration) {
return IPAPWD_POLICY_ACCOUNT_EXPIRED;
}
}
if (policy->min_pwd_life != 0) {
/* check for reset cases */
if (last_pwd_change != 0 && pwd_expiration != last_pwd_change) {
/* Expiration and last change time are the same or
* missing this happens only when a password is reset
* by an admin or the account is new or no expiration
* policy is set */
if (cur_time < last_pwd_change + policy->min_pwd_life) {
return IPAPWD_POLICY_PWD_TOO_YOUNG;
}
}
}
pwdlen = strlen_utf8(password, &blen);
if (policy->min_pwd_length) {
if (pwdlen < policy->min_pwd_length) {
return IPAPWD_POLICY_PWD_TOO_SHORT;
}
}
if (policy->min_complexity) {
int num_digits = 0;
int num_alphas = 0;
int num_uppers = 0;
int num_lowers = 0;
int num_specials = 0;
int num_8bit = 0;
int num_repeated = 0;
int max_repeated = 0;
int num_categories = 0;
char *p, *n;
int size, len;
/* we want the actual lenght in bytes here */
len = blen;
p = password;
while (p && *p) {
if (utf8_isdigit(p)) {
num_digits++;
/* alpha/lower/upper, is checked only for pure ASCII chars */
} else if (utf8_isalpha(p)) {
num_alphas++;
if (islower(*p)) {
num_lowers++;
} else {
num_uppers++;
}
} else {
if (*p & 0x80) {
num_8bit++;
} else {
num_specials++;
}
}
n = utf8_next(p);
if (n != NULL) {
size = n - p;
len -= size;
if ((len > size) && (memcmp(p, n, size) == 0)) {
num_repeated++;
if (max_repeated < num_repeated) {
max_repeated = num_repeated;
}
} else {
num_repeated = 0;
}
}
p = n;
}
/* tally up the number of character categories */
if (num_digits > 0) {
num_categories++;
}
if (num_uppers > 0) {
num_categories++;
}
if (num_lowers > 0) {
num_categories++;
}
if (num_specials > 0) {
num_categories++;
}
if (num_8bit > 0) {
num_categories++;
}
if (max_repeated > 1) {
num_categories--;
}
if (num_categories < policy->min_complexity) {
return IPAPWD_POLICY_PWD_COMPLEXITY;
}
}
if (pwd_history) {
char *hash;
int i;
for (i = 0; pwd_history[i]; i++) {
hash = pwd_history[i] + GENERALIZED_TIME_LENGTH;
ret = ipapwd_cmp_password(password, hash);
if (ret == 0) {
return IPAPWD_POLICY_PWD_IN_HISTORY;
}
}
}
return IPAPWD_POLICY_OK;
}
char * IPAPWD_ERROR_STRINGS[] = {
"Password is OK",
"Account expired",
"Too soon to change password",
"Password is too short",
"Password reuse not permitted",
"Password is too simple"
};
char * IPAPWD_ERROR_STRING_GENERAL = "Password does not meet the policy requirements";
char * ipapwd_error2string(enum ipapwd_error err) {
if (err < 0 || err > IPAPWD_POLICY_PWD_COMPLEXITY) {
/* IPAPWD_POLICY_ERROR or out of boundary, return general error */
return IPAPWD_ERROR_STRING_GENERAL;
}
return IPAPWD_ERROR_STRINGS[err];
}
/**
* @brief Generate a new password history using the new password
*
* @param password Clear text password
* @param cur_time Current time, usually time(NULL)
* @param history_length The history max length
* @param pwd_history The current password history array (can be NULL)
* @param new_pwd_history The new password history array (must be freed by
* caller)
*
* @return 0 on success, IPAPWD_POLICY_ERROR on error.
*/
int ipapwd_generate_new_history(char *password,
time_t cur_time,
int history_length,
char **pwd_history,
char ***new_pwd_history,
int *new_pwd_hlen)
{
unsigned char *hash = NULL;
unsigned int hash_len;
char *new_element;
char **ordered = NULL;
int c, i, n;
int len;
int ret;
if (history_length == 0) {
return EINVAL;
}
/* hardcode best hash we know about for now */
ret = ipapwd_hash_password(password, DEFAULT_HASH_TYPE, NULL,
&hash, &hash_len);
if (ret != 0) {
return IPAPWD_POLICY_ERROR;
}
new_element = ipapwd_hash_to_history(cur_time, DEFAULT_HASH_TYPE,
hash, hash_len);
if (!new_element) {
ret = IPAPWD_POLICY_ERROR;
goto done;
}
for (c = 0; pwd_history && pwd_history[c]; c++) /* count */ ;
if (c < history_length) {
c = history_length;
}
ordered = calloc(c + 1, sizeof(char *));
if (!ordered) {
ret = IPAPWD_POLICY_ERROR;
goto done;
}
for (i = 0, n = 0; pwd_history && pwd_history[i]; i++) {
len = strlen(pwd_history[i]);
if (len < GENERALIZED_TIME_LENGTH) {
/* garbage, ignore */
continue;
}
ordered[n] = strdup(pwd_history[i]);
if (!ordered[n]) {
ret = IPAPWD_POLICY_ERROR;
goto done;
}
n++;
}
if (n) {
qsort(ordered, n, sizeof(char *), ipapwd_gentime_cmp);
}
if (n >= history_length) {
for (i = history_length; i < n; i++) {
free(ordered[i]);
}
n = history_length;
} else {
n++;
}
ordered[n - 1] = new_element;
ordered[n] = NULL;
*new_pwd_history = ordered;
*new_pwd_hlen = n;
ordered = NULL;
ret = IPAPWD_POLICY_OK;
done:
free(ordered);
free(hash);
return ret;
}

79
util/ipa_pwd.h Normal file
View File

@@ -0,0 +1,79 @@
/*
* Password related utils for FreeIPA
*
* Authors: Simo Sorce <ssorce@redhat.com>
*
* Copyright (C) 2011 Simo Sorce, Red Hat
* see file 'COPYING' for use and warranty information
*
* This program is free software you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <stdint.h>
#include <time.h> /* for time_t */
/* 90 days default pwd max lifetime */
#define IPAPWD_DEFAULT_PWDLIFE (90 * 24 *3600)
#define IPAPWD_DEFAULT_MINLEN 0
/* 1 Jan 2038, 00:00 GMT */
#define IPAPWD_END_OF_TIME 2145916800
/*
* IMPORTANT: please update error string table in ipa_pwd.c if you change this
* error code table.
*/
enum ipapwd_error {
IPAPWD_POLICY_ERROR = -1,
IPAPWD_POLICY_OK = 0,
IPAPWD_POLICY_ACCOUNT_EXPIRED = 1,
IPAPWD_POLICY_PWD_TOO_YOUNG = 2,
IPAPWD_POLICY_PWD_TOO_SHORT = 3,
IPAPWD_POLICY_PWD_IN_HISTORY = 4,
IPAPWD_POLICY_PWD_COMPLEXITY = 5
};
struct ipapwd_policy {
int min_pwd_life;
int max_pwd_life;
int min_pwd_length;
int history_length;
int min_complexity;
int max_fail;
int failcnt_interval;
int lockout_duration;
};
time_t ipapwd_gentime_to_time_t(char *timestr);
int ipapwd_check_policy(struct ipapwd_policy *policy,
char *password,
time_t cur_time,
time_t acct_expiration,
time_t pwd_expiration,
time_t last_pwd_change,
char **pwd_history);
char * ipapwd_error2string(enum ipapwd_error err);
int ipapwd_generate_new_history(char *password,
time_t cur_time,
int history_length,
char **pwd_history,
char ***new_pwd_history,
int *new_pwd_hlen);
int encode_nt_key(char *newPasswd, uint8_t *nt_key);

109
util/ipa_pwd_ntlm.c Normal file
View File

@@ -0,0 +1,109 @@
/*
* Password related utils for FreeIPA
*
* Authors: Simo Sorce <ssorce@redhat.com>
*
* Copyright (C) 2011,2012 Simo Sorce, Red Hat
* see file 'COPYING' for use and warranty information
*
* This program is free software you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* This file includes an "OpenSSL license exception", see the
* COPYING.openssl file for details.
*
*/
#include <stdlib.h>
#include <stdbool.h>
#include <string.h>
#include <iconv.h>
#include <openssl/md4.h>
#include "ipa_pwd.h"
#define KTF_DOS_CHARSET "CP850" /* same default as samba */
#define KTF_UTF8 "UTF-8"
#define KTF_UCS2 "UCS-2LE"
/* create the nt hash
newPassword: the clear text utf8 password
nt_key[out]: array with generated hash
*/
int encode_nt_key(char *newPasswd, uint8_t *nt_key)
{
int ret = 0;
iconv_t cd;
size_t cs, il, ol, sl;
char *inc, *outc;
char *ucs2Passwd;
MD4_CTX md4ctx;
/* TODO: must store the dos charset somewhere in the directory */
cd = iconv_open(KTF_UCS2, KTF_UTF8);
if (cd == (iconv_t)(-1)) {
ret = -1;
goto done;
}
il = strlen(newPasswd);
/* an ucs2 string can be at most double than an utf8 one */
sl = ol = (il+1)*2;
ucs2Passwd = calloc(ol, 1);
if (!ucs2Passwd) {
ret = -1;
iconv_close(cd);
goto done;
}
inc = newPasswd;
outc = ucs2Passwd;
cs = iconv(cd, &inc, &il, &outc, &ol);
if (cs == -1) {
ret = -1;
free(ucs2Passwd);
iconv_close(cd);
goto done;
}
/* done with it */
iconv_close(cd);
/* get the final ucs2 string length */
sl -= ol;
ret = MD4_Init(&md4ctx);
if (ret == 0) {
ret = -1;
free(ucs2Passwd);
goto done;
}
ret = MD4_Update(&md4ctx, ucs2Passwd, sl);
if (ret == 0) {
ret = -1;
free(ucs2Passwd);
goto done;
}
ret = MD4_Final(nt_key, &md4ctx);
if (ret == 0) {
ret = -1;
free(ucs2Passwd);
goto done;
}
ret = 0;
done:
return ret;
}