On Fri, 2012-07-27 at 18:54 -0400, Simo Sorce wrote: > On Fri, 2012-07-27 at 07:15 +0300, Alexander Bokovoy wrote: > > On Thu, 12 Jul 2012, Alexander Bokovoy wrote: > > >On Thu, 12 Jul 2012, Simo Sorce wrote: > > >>On Thu, 2012-07-12 at 10:48 +0300, Alexander Bokovoy wrote: > > >>>On Wed, 11 Jul 2012, Simo Sorce wrote: > > >>>>From 84ef09a1193ff42fc301fb71354055c5039f51a5 Mon Sep 17 00:00:00 2001 > > >>>>From: Simo Sorce <sso...@redhat.com> > > >>>>Date: Fri, 6 Jul 2012 16:18:29 -0400 > > >>>>Subject: [PATCH] Add special modify op to regen ipaNTHash > > >>>> > > >>>>The NT Hash is the same thing as the RC4-HMAC key, so we add a function > > >>>>to > > >>>>extract it from krb5 keys if they are available to avoid forcing a > > >>>>password > > >>>>change when configuring trust relationships. > > >>>>--- > > >>>> .../ipa-pwd-extop/ipapwd_prepost.c | 147 > > >>>> +++++++++++++++++++- > > >>>> 1 file changed, 144 insertions(+), 3 deletions(-) > > >>>> > > >>>>diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c > > >>>>b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c > > >>>>index > > >>>>deae6477772f82edcc4674a1c9580661c3dae94b..24fa52eb9ac92004576ccdba4f576162c358770d > > >>>> 100644 > > >>>>--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c > > >>>>+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c > > >>>>@@ -41,7 +41,12 @@ > > >>>> # include <config.h> > > >>>> #endif > > >>>> > > >>>>-#define _XOPEN_SOURCE /* strptime needs this */ > > >>>>+/* strptime needs _XOPEN_SOURCE and endian.h needs __USE_BSD > > >>>>+ * _GNU_SOURCE imply both, and we use it elsewhere, so use this */ > > >>>>+#ifndef _GNU_SOURCE > > >>>>+#define _GNU_SOURCE 1 > > >>>>+#endif > > >>>>+ > > >>>> #include <stdio.h> > > >>>> #include <string.h> > > >>>> #include <strings.h> > > >>>>@@ -53,6 +58,7 @@ > > >>>> #include <dirsrv/slapi-plugin.h> > > >>>> #include <lber.h> > > >>>> #include <time.h> > > >>>>+#include <endian.h> > > >>>> > > >>>> #include "ipapwd.h" > > >>>> #include "util.h" > > >>>>@@ -379,6 +385,12 @@ done: > > >>>> return 0; > > >>>> } > > >>>> > > >>>>+#define NTHASH_REGEN_VAL "MagicRegen" > > >>>>+#define NTHASH_REGEN_LEN sizeof(NTHASH_REGEN_VAL) > > >>>>+static int ipapwd_regen_nthash(Slapi_PBlock *pb, Slapi_Mods *smods, > > >>>>+ char *dn, struct slapi_entry *entry, > > >>>>+ struct ipapwd_krbcfg *krbcfg); > > >>>>+ > > >>>> /* PRE MOD Operation: > > >>>> * Gets the clean text password (fail the operation if the password > > >>>> came > > >>>> * pre-hashed, unless this is a replicated operation). > > >>>>@@ -407,6 +419,7 @@ static int ipapwd_pre_mod(Slapi_PBlock *pb) > > >>>> int has_krb_keys = 0; > > >>>> int has_history = 0; > > >>>> int gen_krb_keys = 0; > > >>>>+ int is_magic_regen = 0; > > >>>> int ret, rc; > > >>>> > > >>>> LOG_TRACE( "=>\n"); > > >>>>@@ -447,6 +460,27 @@ static int ipapwd_pre_mod(Slapi_PBlock *pb) > > >>>> default: > > >>>> break; > > >>>> } > > >>>>+ } else if (slapi_attr_types_equivalent(lmod->mod_type, > > >>>>"ipaNTHash")) { > > >>>>+ /* check op filtering out LDAP_MOD_BVALUES */ > > >>>>+ switch (lmod->mod_op & 0x0f) { > > >>>>+ case LDAP_MOD_REPLACE: > > >>>This is still LDAP_MOD_REPLACE, not LDAP_MOD_ADD. > > >> > > >>This is because I resent the old patch :( > > >> > > >>Hopefully the correct patch is now attached. > > >Yes, now it is updated, thanks. > > > > > >I'm going to experiment a bit with these patches, adding ipasam > > >responder to test them. > > Here is ipasam part. > > ACK the ipasam part.
Pushed all 4 patches to master. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel