freeIPA 4.10.0 upstream release
Release notes: https://www.freeipa.org/page/Releases/4.10.0 Signed-off-by: Rob Crittenden <rcritten@redhat.com>
This commit is contained in:
parent
6d962d6a46
commit
e304b9f95e
2
.gitignore
vendored
2
.gitignore
vendored
@ -120,3 +120,5 @@
|
|||||||
/freeipa-4.9.9.tar.gz.asc
|
/freeipa-4.9.9.tar.gz.asc
|
||||||
/freeipa-4.9.10.tar.gz
|
/freeipa-4.9.10.tar.gz
|
||||||
/freeipa-4.9.10.tar.gz.asc
|
/freeipa-4.9.10.tar.gz.asc
|
||||||
|
/freeipa-4.10.0.tar.gz
|
||||||
|
/freeipa-4.10.0.tar.gz.asc
|
||||||
|
@ -0,0 +1,56 @@
|
|||||||
|
From 22d1392a8a0d2887c389dcd78be06104cff88d30 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Rob Crittenden <rcritten@redhat.com>
|
||||||
|
Date: Wed, 29 Jun 2022 13:25:55 +0000
|
||||||
|
Subject: [PATCH] Only calculate LDAP password grace when the password is
|
||||||
|
expired
|
||||||
|
|
||||||
|
The user's pwd expiration was retrieved but inadvertently was never
|
||||||
|
compared to current time. So any LDAP bind, including from the
|
||||||
|
IPA API, counted against the grace period. There is no need to go
|
||||||
|
through the graceperiod code for non-expired passwords.
|
||||||
|
|
||||||
|
https://pagure.io/freeipa/issue/1539
|
||||||
|
|
||||||
|
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
|
||||||
|
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
|
||||||
|
---
|
||||||
|
.../ipa-graceperiod/ipa_graceperiod.c | 12 +++++++++---
|
||||||
|
1 file changed, 9 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/daemons/ipa-slapi-plugins/ipa-graceperiod/ipa_graceperiod.c b/daemons/ipa-slapi-plugins/ipa-graceperiod/ipa_graceperiod.c
|
||||||
|
index 0860b5c20..a3f57cb4b 100644
|
||||||
|
--- a/daemons/ipa-slapi-plugins/ipa-graceperiod/ipa_graceperiod.c
|
||||||
|
+++ b/daemons/ipa-slapi-plugins/ipa-graceperiod/ipa_graceperiod.c
|
||||||
|
@@ -359,7 +359,8 @@ static int ipagraceperiod_preop(Slapi_PBlock *pb)
|
||||||
|
Slapi_ValueSet *values = NULL;
|
||||||
|
long grace_limit = 0;
|
||||||
|
int grace_user_time;
|
||||||
|
- char *pwd_expiration = NULL;
|
||||||
|
+ char *tmpstr = NULL;
|
||||||
|
+ time_t pwd_expiration;
|
||||||
|
int pwresponse_requested = 0;
|
||||||
|
Slapi_PBlock *pbtm = NULL;
|
||||||
|
Slapi_Mods *smods = NULL;
|
||||||
|
@@ -414,12 +415,17 @@ static int ipagraceperiod_preop(Slapi_PBlock *pb)
|
||||||
|
}
|
||||||
|
slapi_value_free(&objectclass);
|
||||||
|
|
||||||
|
- pwd_expiration = slapi_entry_attr_get_charptr(target_entry, "krbPasswordExpiration");
|
||||||
|
- if (pwd_expiration == NULL) {
|
||||||
|
+ tmpstr = slapi_entry_attr_get_charptr(target_entry, "krbPasswordExpiration");
|
||||||
|
+ if (tmpstr == NULL) {
|
||||||
|
/* No expiration means nothing to do */
|
||||||
|
LOG_TRACE("No krbPasswordExpiration for %s, nothing to do\n", dn);
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
+ pwd_expiration = ipapwd_gentime_to_time_t(tmpstr);
|
||||||
|
+ if (pwd_expiration > time(NULL)) {
|
||||||
|
+ /* Not expired, nothing to see here */
|
||||||
|
+ goto done;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
ldrc = ipagraceperiod_getpolicy(target_entry, &policy_entry,
|
||||||
|
&values, &actual_type_name,
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -175,7 +175,7 @@
|
|||||||
|
|
||||||
# Work-around fact that RPM SPEC parser does not accept
|
# Work-around fact that RPM SPEC parser does not accept
|
||||||
# "Version: @VERSION@" in freeipa.spec.in used for Autoconf string replacement
|
# "Version: @VERSION@" in freeipa.spec.in used for Autoconf string replacement
|
||||||
%define IPA_VERSION 4.9.10
|
%define IPA_VERSION 4.10.0
|
||||||
# Release candidate version -- uncomment with one percent for RC versions
|
# Release candidate version -- uncomment with one percent for RC versions
|
||||||
#%%global rc_version %%nil
|
#%%global rc_version %%nil
|
||||||
%define AT_SIGN @
|
%define AT_SIGN @
|
||||||
@ -188,7 +188,7 @@
|
|||||||
|
|
||||||
Name: %{package_name}
|
Name: %{package_name}
|
||||||
Version: %{IPA_VERSION}
|
Version: %{IPA_VERSION}
|
||||||
Release: 1%{?rc_version:.%rc_version}%{?dist}.1
|
Release: 1%{?rc_version:.%rc_version}%{?dist}
|
||||||
Summary: The Identity, Policy and Audit system
|
Summary: The Identity, Policy and Audit system
|
||||||
|
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
@ -205,6 +205,8 @@ Source1: https://releases.pagure.org/freeipa/freeipa-%{version}%{?rc_vers
|
|||||||
# product-name.png
|
# product-name.png
|
||||||
# RHEL spec file only: END: Change branding to IPA and Identity Management
|
# RHEL spec file only: END: Change branding to IPA and Identity Management
|
||||||
|
|
||||||
|
Patch0001: 0001-Only-calculate-LDAP-password-grace-when-the-password.patch
|
||||||
|
|
||||||
# RHEL spec file only: START
|
# RHEL spec file only: START
|
||||||
%if %{NON_DEVELOPER_BUILD}
|
%if %{NON_DEVELOPER_BUILD}
|
||||||
%if 0%{?rhel} >= 8
|
%if 0%{?rhel} >= 8
|
||||||
@ -1716,6 +1718,9 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Jun 30 2022 Rob Crittenden <rcritten@redhat.com> - 4.10.0-1
|
||||||
|
- Upstream release FreeIPA 4.10.0
|
||||||
|
|
||||||
* Thu Jun 16 2022 Python Maint <python-maint@redhat.com> - 4.9.10-1.1
|
* Thu Jun 16 2022 Python Maint <python-maint@redhat.com> - 4.9.10-1.1
|
||||||
- Rebuilt for Python 3.11
|
- Rebuilt for Python 3.11
|
||||||
|
|
||||||
|
4
sources
4
sources
@ -1,2 +1,2 @@
|
|||||||
SHA512 (freeipa-4.9.10.tar.gz) = d2da42dc70684aecd4fc3685c71f58ad5fcd4a0a096deaa2af0a720f9cac566b3976f688c8c119bdcd39e94c9b114b9b7de67a562455c37c55686f64651c73a4
|
SHA512 (freeipa-4.10.0.tar.gz) = e2e2e07263a5ae35149a7f320f41efa51c36d07d050c19c047350f764d8d2ba67c01f0d317c18e54d8d7ee0c750d15d14c5d49eafea650d94d6b833ff8aa6edc
|
||||||
SHA512 (freeipa-4.9.10.tar.gz.asc) = 23732343fce7ba4bf958b178c68259f1f8419f28a02f27fa0b3950354f5b62fb2c7ec74aec688fc0d759592d4bab037b658ce3e29b1ffb062ae2189b4be0af62
|
SHA512 (freeipa-4.10.0.tar.gz.asc) = e53de8b9dd9d4c84aab6b7c604142389a53c42f42774a912c58d46bc84fa0556bf565434d786395a5730d9d1c15fb01739b305aeba163559ae7edbe827b73112
|
||||||
|
Loading…
Reference in New Issue
Block a user