websms/freeipa
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Import Upstream version 4.12.4

Browse Source
This commit is contained in:
geos_one
2025-08-12 22:28:56 +02:00
parent 03a8170b15
commit 9181ee2487
1629 changed files with 874094 additions and 554378 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
daemons/ipa-slapi-plugins/ipa-otp-lasttoken/Makefile.in
View File

@@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.16.2 from Makefile.am.
# Makefile.in generated by automake 1.17 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2020 Free Software Foundation, Inc.
# Copyright (C) 1994-2024 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@@ -70,6 +70,8 @@ am__make_running_with_option = \
test $$has_opt = yes
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
am__rm_f = rm -f $(am__rm_f_notfound)
am__rm_rf = rm -rf $(am__rm_f_notfound)
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
@@ -128,10 +130,9 @@ am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__uninstall_files_from_dir = { \
test -z "$$files" \
|| { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && rm -f $$files; }; \
{ test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && echo $$files | $(am__xargs_n) 40 $(am__rm_f); }; \
}
am__installdirs = "$(DESTDIR)$(plugindir)"
LTLIBRARIES = $(plugin_LTLIBRARIES)
@@ -208,8 +209,6 @@ am__define_uniq_tagged_files = \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
@@ -231,6 +230,8 @@ CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CRYPTO_CFLAGS = @CRYPTO_CFLAGS@
CRYPTO_LIBS = @CRYPTO_LIBS@
CSCOPE = @CSCOPE@
CTAGS = @CTAGS@
CYGPATH_W = @CYGPATH_W@
DATA_VERSION = @DATA_VERSION@
DEFS = @DEFS@
@@ -244,8 +245,10 @@ ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
ETAGS = @ETAGS@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
FILECMD = @FILECMD@
GETTEXT_DOMAIN = @GETTEXT_DOMAIN@
GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@
GIT_BRANCH = @GIT_BRANCH@
@@ -253,6 +256,7 @@ GIT_VERSION = @GIT_VERSION@
GMSGFMT = @GMSGFMT@
GMSGFMT_015 = @GMSGFMT_015@
GREP = @GREP@
HTTPD_GROUP = @HTTPD_GROUP@
INI_CFLAGS = @INI_CFLAGS@
INI_LIBS = @INI_LIBS@
INSTALL = @INSTALL@
@@ -265,9 +269,12 @@ INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@
IPAPLATFORM = @IPAPLATFORM@
IPA_DATA_DIR = @IPA_DATA_DIR@
IPA_SYSCONF_DIR = @IPA_SYSCONF_DIR@
JANSSON_CFLAGS = @JANSSON_CFLAGS@
JANSSON_LIBS = @JANSSON_LIBS@
JSLINT = @JSLINT@
KRAD_LIBS = @KRAD_LIBS@
KRB5KDC_SERVICE = @KRB5KDC_SERVICE@
KRB5_BUILD_VERSION = @KRB5_BUILD_VERSION@
KRB5_CFLAGS = @KRB5_CFLAGS@
KRB5_GSSAPI_CFLAGS = @KRB5_GSSAPI_CFLAGS@
KRB5_GSSAPI_LIBS = @KRB5_GSSAPI_LIBS@
@@ -276,6 +283,8 @@ LD = @LD@
LDAP_CFLAGS = @LDAP_CFLAGS@
LDAP_LIBS = @LDAP_LIBS@
LDFLAGS = @LDFLAGS@
LIBCURL_CFLAGS = @LIBCURL_CFLAGS@
LIBCURL_LIBS = @LIBCURL_LIBS@
LIBICONV = @LIBICONV@
LIBINTL = @LIBINTL@
LIBINTL_LIBS = @LIBINTL_LIBS@
@@ -335,6 +344,8 @@ PLATFORM_PYTHON = @PLATFORM_PYTHON@
POPT_CFLAGS = @POPT_CFLAGS@
POPT_LIBS = @POPT_LIBS@
POSUB = @POSUB@
PWQUALITY_CFLAGS = @PWQUALITY_CFLAGS@
PWQUALITY_LIBS = @PWQUALITY_LIBS@
PYLINT = @PYLINT@
PYTHON = @PYTHON@
PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
@@ -343,9 +354,12 @@ PYTHON_PLATFORM = @PYTHON_PLATFORM@
PYTHON_PREFIX = @PYTHON_PREFIX@
PYTHON_VERSION = @PYTHON_VERSION@
RANLIB = @RANLIB@
RESOLV_LIBS = @RESOLV_LIBS@
RPMLINT = @RPMLINT@
SAMBA40EXTRA_LIBPATH = @SAMBA40EXTRA_LIBPATH@
SAMBAUTIL_CFLAGS = @SAMBAUTIL_CFLAGS@
SAMBAUTIL_LIBS = @SAMBAUTIL_LIBS@
SAMBA_SECURITY_LIBS = @SAMBA_SECURITY_LIBS@
SASL_CFLAGS = @SASL_CFLAGS@
SASL_LIBS = @SASL_LIBS@
SED = @SED@
@@ -384,8 +398,10 @@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__rm_f_notfound = @am__rm_f_notfound@
am__tar = @am__tar@
am__untar = @am__untar@
am__xargs_n = @am__xargs_n@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
@@ -431,6 +447,7 @@ sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
sysconfenvdir = @sysconfenvdir@
systemdcatalogdir = @systemdcatalogdir@
systemdsystemunitdir = @systemdsystemunitdir@
systemdtmpfilesdir = @systemdtmpfilesdir@
target_alias = @target_alias@
@@ -518,15 +535,13 @@ uninstall-pluginLTLIBRARIES:
done
clean-pluginLTLIBRARIES:
-test -z "$(plugin_LTLIBRARIES)" || rm -f $(plugin_LTLIBRARIES)
-$(am__rm_f) $(plugin_LTLIBRARIES)
@list='$(plugin_LTLIBRARIES)'; \
locs=`for p in $$list; do echo $$p; done | \
sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \
sort -u`; \
test -z "$$locs" || { \
echo rm -f $${locs}; \
rm -f $${locs}; \
}
echo rm -f $${locs}; \
$(am__rm_f) $${locs}
libipa_otp_lasttoken.la: $(libipa_otp_lasttoken_la_OBJECTS) $(libipa_otp_lasttoken_la_DEPENDENCIES) $(EXTRA_libipa_otp_lasttoken_la_DEPENDENCIES)
$(AM_V_CCLD)$(libipa_otp_lasttoken_la_LINK) -rpath $(plugindir) $(libipa_otp_lasttoken_la_OBJECTS) $(libipa_otp_lasttoken_la_LIBADD) $(LIBS)
@@ -541,7 +556,7 @@ distclean-compile:
$(am__depfiles_remade):
@$(MKDIR_P) $(@D)
@echo '# dummy' >$@-t && $(am__mv) $@-t $@
@: >>$@
am--depfiles: $(am__depfiles_remade)
@@ -623,7 +638,6 @@ cscopelist-am: $(am__tagged_files)
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) distdir-am
@@ -688,8 +702,8 @@ mostlyclean-generic:
clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
-$(am__rm_f) $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || $(am__rm_f) $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@@ -700,7 +714,7 @@ clean-am: clean-generic clean-libtool clean-pluginLTLIBRARIES \
mostlyclean-am
distclean: distclean-am
-rm -f ./$(DEPDIR)/ipa_otp_lasttoken.Plo
-rm -f ./$(DEPDIR)/ipa_otp_lasttoken.Plo
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
distclean-tags
@@ -746,7 +760,7 @@ install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -f ./$(DEPDIR)/ipa_otp_lasttoken.Plo
-rm -f ./$(DEPDIR)/ipa_otp_lasttoken.Plo
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
@@ -788,3 +802,10 @@ uninstall-am: uninstall-pluginLTLIBRARIES
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
# Tell GNU make to disable its built-in pattern rules.
%:: %,v
%:: RCS/%,v
%:: RCS/%
%:: s.%
%:: SCCS/s.%

63
daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c
View File

@@ -33,7 +33,7 @@
* Authors:
* Nathaniel McCallum <npmccallum@redhat.com>
*
* Copyright (C) 2013 Red Hat, Inc.
* Copyright (C) 2013-2023 Red Hat, Inc.
* All rights reserved.
* END COPYRIGHT BLOCK **/
@@ -46,7 +46,7 @@
#include "util.h"
#define PLUGIN_NAME "ipa-otp-lasttoken"
#define IPA_PLUGIN_NAME "ipa-otp-lasttoken"
#define OTP_CONTAINER "cn=otp,%s"
static struct otp_config *otp_config;
@@ -54,7 +54,7 @@ void *ipa_otp_lasttoken_plugin_id;
static bool entry_is_token(Slapi_Entry *entry)
{
char **ocls;
char **ocls = NULL;
ocls = slapi_entry_attr_get_charray(entry, SLAPI_ATTR_OBJECTCLASS);
for (size_t i = 0; ocls != NULL && ocls[i] != NULL; i++) {
@@ -64,6 +64,7 @@ static bool entry_is_token(Slapi_Entry *entry)
}
}
slapi_ch_array_free(ocls);
return false;
}
@@ -138,7 +139,8 @@ static bool is_pwd_enabled(const char *user_dn)
static bool is_allowed(Slapi_PBlock *pb, Slapi_Entry *entry)
{
Slapi_DN *target_sdn = NULL;
const char *bind_dn;
char *bind_dn;
bool rv = false;
/* Ignore internal operations. */
if (slapi_op_internal(pb))
@@ -147,23 +149,35 @@ static bool is_allowed(Slapi_PBlock *pb, Slapi_Entry *entry)
/* Load parameters. */
(void) slapi_pblock_get(pb, SLAPI_TARGET_SDN, &target_sdn);
(void) slapi_pblock_get(pb, SLAPI_CONN_DN, &bind_dn);
if (target_sdn == NULL || bind_dn == NULL) {
LOG_FATAL("Missing parameters!\n");
return false;
if (bind_dn == NULL) {
LOG_FATAL("bind_dn parameter missing!\n");
goto done;
}
if (target_sdn == NULL) {
LOG_FATAL("target_sdn parameter missing!\n");
goto done;
}
if (entry != NULL
? !entry_is_token(entry)
: !sdn_in_otp_container(target_sdn))
return true;
: !sdn_in_otp_container(target_sdn)) {
rv = true;
goto done;
}
if (!sdn_is_only_enabled_token(target_sdn, bind_dn))
return true;
if (!sdn_is_only_enabled_token(target_sdn, bind_dn)) {
rv = true;
goto done;
}
if (is_pwd_enabled(bind_dn))
return true;
if (is_pwd_enabled(bind_dn)) {
rv = true;
goto done;
}
return false;
done:
slapi_ch_free_string(&bind_dn);
return rv;
}
static inline int send_error(Slapi_PBlock *pb, int rc, const char *errstr)
@@ -177,9 +191,14 @@ static inline int send_error(Slapi_PBlock *pb, int rc, const char *errstr)
static int preop_del(Slapi_PBlock *pb)
{
char *dn = NULL;
if (is_allowed(pb, NULL))
return 0;
slapi_pblock_get(pb, SLAPI_TARGET_DN, &dn);
LOG("Can't delete last active token (%s)", dn);
return send_error(pb, LDAP_UNWILLING_TO_PERFORM,
"Can't delete last active token");
}
@@ -207,10 +226,12 @@ static int preop_mod(Slapi_PBlock *pb)
return 0;
/* If a protected attribute is modified, deny. */
for (int i = 0; mods != NULL && mods[i] != NULL; i++) {
for (int j = 0; errors[j].attr != NULL; j++) {
if (strcasecmp(mods[i]->mod_type, errors[j].attr) == 0)
for (size_t i = 0; mods != NULL && mods[i] != NULL; i++) {
for (size_t j = 0; errors[j].attr != NULL; j++) {
if (strcasecmp(mods[i]->mod_type, errors[j].attr) == 0) {
LOG("%s (%s)", errors[j].msg, slapi_entry_get_dn_const(entry));
return send_error(pb, LDAP_UNWILLING_TO_PERFORM, errors[j].msg);
}
}
}
@@ -270,7 +291,7 @@ static int ipa_otp_lasttoken_start(Slapi_PBlock *pb)
int ipa_otp_lasttoken_init(Slapi_PBlock *pb)
{
static const Slapi_PluginDesc preop_desc = {
PLUGIN_NAME,
IPA_PLUGIN_NAME,
"FreeIPA",
"FreeIPA/1.0",
"Protect the user's last active token"
@@ -283,14 +304,14 @@ int ipa_otp_lasttoken_init(Slapi_PBlock *pb)
ret |= slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION, SLAPI_PLUGIN_VERSION_01);
ret |= slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION, (void *) &preop_desc);
ret |= slapi_register_plugin("betxnpreoperation", 1, __func__, preop_init,
PLUGIN_NAME " betxnpreoperation", NULL,
IPA_PLUGIN_NAME " betxnpreoperation", NULL,
ipa_otp_lasttoken_plugin_id);
ret |= slapi_register_plugin("postoperation", 1, __func__, postop_init,
PLUGIN_NAME " postoperation", NULL,
IPA_PLUGIN_NAME " postoperation", NULL,
ipa_otp_lasttoken_plugin_id);
ret |= slapi_register_plugin("internalpostoperation", 1, __func__,
intpostop_init,
PLUGIN_NAME " internalpostoperation", NULL,
IPA_PLUGIN_NAME " internalpostoperation", NULL,
ipa_otp_lasttoken_plugin_id);
ret |= slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN,
(void *)ipa_otp_lasttoken_start);