oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
27,600 Commits 2 Branches 2 Tags
dba026b5ef703d625abd7c5d2471bb474f6b8128
Commit Graph

90 Commits

Author SHA1 Message Date
Jeffrey Clark
c1c7da7f79 Fix compiling hdb ldap as a module 
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
 2014-01-31 08:49:51 +01:00
Landon Fuller
6fb9bc86b7 Add a configuration option to enable LDAP Start TLS. 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-24 16:21:15 -07:00
Landon Fuller
96e9025675 Add support for specifying bind DN and password. 
This uses a seperate hdb-ldap-secret-file configuration value, which
specifies an external file that may be used to supply the LDAP bind dn
and password. This allows that specific file to be configured with more
restrictive permissions than the global krb5.conf.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-24 16:21:15 -07:00
Landon Fuller
8cb8a8932e Remove unnecessary strdup() (and resulting leak) 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-24 16:21:15 -07:00
Landon Fuller
e58308e2a6 Add support for specifying an LDAP URL. 
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-04-24 16:21:14 -07:00
Love Hornquist Astrand
3cba540a5f fix prototypes 2013-03-04 10:24:35 -08:00
Love Hornquist Astrand
1eb4e2516e unify hdb_so_method and hdb_method 2013-03-04 10:18:16 -08:00
Arvid Requate
3cf3708950 honour krb5PasswordEnd also if sambaPwdLastSet 
Commit 9f696b11c2 changed the
behaviour of key expiry for principals that have an sambaPwdLastSet
attribute in LDAP. The change was twofold:

* if "password_lifetime" is not set in kdc.conf a default lifetime
  of 1 year is enforced

* krb5PasswordEnd is not honoured.

This patch causes pw_end to be modified only if sambaPwdLastSet
*and* "password_lifetime" is defined in kdc.conf.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2013-03-04 09:47:46 -08:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Love Hornquist Astrand
6c6726d76c drop hdb_fetch 2010-11-28 11:46:46 -08:00
Love Hornquist Astrand
917920e8cd implement fetch_kvno 2010-11-28 11:34:33 -08:00
Cédric Schieli
901d655ba7 Make sure existing entries can be found by userid 
A typo in LDAP__lookup_princ makes using existing LDAP entries broken,
a new entry is always created even if an entry with proper uid and
structural objectclass can be found.

Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
 2010-08-08 08:23:12 -07:00
Love Hornquist Astrand
d36402a671 Don't assume ldap_bv2escaped_filter_value() is exported 2009-10-11 11:17:56 -07:00
Love Hornquist Astrand
ff87429593 Make LDAP code fetch less attributes from LDAP server when KDC is asking 
Johan Gadsjö did a awesome analysis of the LDAP access pattens
and sent us a patch that reduced the calls the ldap server by 4
times as many. The patch was adopted and change to avoid compile
time depencies and make the determination runtime instead. Thanks!
 2009-10-03 13:20:41 -07:00
Love Hörnquist Åstrand
5a9dd54e95 drop RCSID 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25319 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-05 05:09:16 +00:00
Love Hörnquist Åstrand
4ff6ed4652 set hdb_capability_flags = 0 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@25312 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-07-05 05:07:52 +00:00
Love Hörnquist Åstrand
597f9dbdfa make module private functions static 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24976 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-28 17:08:46 +00:00
Love Hörnquist Åstrand
883bf6e6d8 quote userid too 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23956 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-10-26 18:20:37 +00:00
Love Hörnquist Åstrand
18e483856b Use ldap_bv2escaped_filter_value to filter the search query. Idea from Michael Ströder. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23955 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-10-26 18:20:23 +00:00
Love Hörnquist Åstrand
21fdd30824 Filter out searches for *@REALM, which takes very long time, and other 
ldap special characters, this should really be quoting instead.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23941 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-10-19 01:32:04 +00:00
Love Hörnquist Åstrand
9f696b11c2 Patch to handle sambaPwdLastSet, sambaPwdMustChange was drop some Samba versions ago. 
From David Markey

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23929 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-10-18 21:16:35 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
0c425c680b Malloc enough memory, from Brian Scott. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23726 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-02 09:11:48 +00:00
Love Hörnquist Åstrand
7fcd266fdd use krb5_set_error_message 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23316 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-06-23 04:32:32 +00:00
Love Hörnquist Åstrand
746ad99b8c Use the _ext api for OpenLDAP, from Honza Machacek (gentoo). 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23153 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-04-30 11:25:57 +00:00
Love Hörnquist Åstrand
1c9234c4f7 Use malloc() instead of static buffer. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22588 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-02-11 21:46:45 +00:00
Love Hörnquist Åstrand
9215d6ea7b Use ldap_get_values_len, from LaMont Jones via Brian May and Debian. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22587 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-02-11 21:43:27 +00:00
Love Hörnquist Åstrand
5fed824f37 its vs it\'s etc. From Bjorn Sandell 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@22071 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-11-14 20:04:50 +00:00
Love Hörnquist Åstrand
ca152336fa When using sambaNTPassword, avoid adding more then one enctype 23 to 
krb5EncryptionType.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21500 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-07-11 15:20:18 +00:00
Love Hörnquist Åstrand
393f98a743 Make work again. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20219 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-02-15 00:03:42 +00:00
Love Hörnquist Åstrand
0c91a6f74e update (c) 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20113 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-02-01 14:34:15 +00:00
Love Hörnquist Åstrand
7d5e25b4ba Set hdb->hdb_db for ldap. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@20110 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-02-01 13:18:22 +00:00
Love Hörnquist Åstrand
238e717568 Clear errno before calling the strtol functions. From Paul Stoeber to 
OpenBSD by Ray Lai and Björn Sandell.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19215 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-12-04 23:41:18 +00:00
Love Hörnquist Åstrand
5518871b9c Make build again from the hdb_entry wrapping. Patch from Andreas Hasenack. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19173 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-28 14:23:13 +00:00
Love Hörnquist Åstrand
2f0c4b1f20 Make compile. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18714 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-20 21:05:10 +00:00
Love Hörnquist Åstrand
3e112be2cc don't use the sambaNTPassword if there is ARCFOUR key already. 
Idea from Andreas Hasenack.
While here, set pw change time using sambaPwdLastSet


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17654 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-06-14 21:02:46 +00:00
Love Hörnquist Åstrand
f9160af5a1 (LDAP_message2entry): in declaration set variable_name as "hdb_entry_ex" 
(hdb_ldap_common): change "arg" in condition (if) to "search_base"
(hdb_ldapi_create): change "serach_base" to "search_base"
From Alex V. Labuta.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16862 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-03-30 09:03:27 +00:00
Love Hörnquist Åstrand
b81ea8dcbc Log the filter string to the error message. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16690 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-02-03 12:17:10 +00:00
Love Hörnquist Åstrand
eb128f4928 Wrap hdb_entry with hdb_entry_ex, add url support, add ldapi support. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16377 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-12-12 12:34:23 +00:00
Love Hörnquist Åstrand
8822335041 only add krb5EncryptionType for already existing entries or heidmal entries 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15938 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-08-19 13:07:04 +00:00
Love Hörnquist Åstrand
e621738b3a drop <ctype.h>, no longer use any of the is* macros in this file 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14820 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-04-18 08:03:54 +00:00
Love Hörnquist Åstrand
6058abac27 use the newly written hex function from roken and remove the old implementation 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14616 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-03-04 15:13:01 +00:00
Love Hörnquist Åstrand
5e2d8fe7ba Add account expiration for samba from James F. Hranicky <jfh@cise.ufl.edu>. 
Add LDAP_addmod_integer and use it.


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14414 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-12-28 12:59:11 +00:00
Love Hörnquist Åstrand
c932cd471a add (c) kth 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14393 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-12-13 16:29:53 +00:00
Love Hörnquist Åstrand
09647068e1 (pos): uppercase in character 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14392 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-12-13 08:46:07 +00:00
Love Hörnquist Åstrand
62b865cdd2 (LDAP__bytes2hex,LDAP__hex2bytes): encode nibbels in the other order 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14390 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-12-12 23:29:42 +00:00
Love Hörnquist Åstrand
cd395c78ad s/objectclass/objectClass/ 
check if attribute exists before we try to delete it
LDAP__bytes2hex encodes in strange byte order, is this really right ?


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14389 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-12-12 21:37:35 +00:00
Love Hörnquist Åstrand
17649d29d8 (LDAP_firstkey): When iterating over all entries, search for samba 
accounts too, From: "James F. Hranicky" <jfh@cise.ufl.edu>


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14386 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-12-11 22:41:46 +00:00
Love Hörnquist Åstrand
ca797bb5d5 (krb5kdcentry_attrs): ask for attribute uid too 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14384 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-12-11 19:17:02 +00:00