e57a97aa67
- Resolves: RHEL-12589 ipa: Invalid CSRF protection - Resolves: RHEL-19748 ipa hbac-test did not report that it hit an arbitrary search limit - Resolves: RHEL-21059 'DogtagCertsConfigCheck' fails, displaying the error message 'Malformed directive: ca.signing.certnickname=caSigningCert cert-pki-ca' - Resolves: RHEL-21804 ipa client 4.10.2 - Failed to obtain host TGT - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix - Resolves: RHEL-21810 ipa-client-install --automount-location does not work - Resolves: RHEL-21811 Handle change in behavior of pki-server ca-config-show in pki 11.5.0 - Resolves: RHEL-21812 Backport latest test fixes in ipa - Resolves: RHEL-21813 krb5kdc fails to start when pkinit and otp auth type is enabled in ipa - Resolves: RHEL-21815 IPA 389ds plugins need to have better logging and tracing - Resolves: RHEL-21937 Make sure a default NetBIOS name is set if not passed in by ADTrust instance constructor Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
97 lines
4.0 KiB
Diff
97 lines
4.0 KiB
Diff
From 5eb6af01873d0f70ff5b02c972867877da8e7c50 Mon Sep 17 00:00:00 2001
|
|
From: Mark Reynolds <mreynolds@redhat.com>
|
|
Date: Tue, 12 Dec 2023 08:40:13 -0500
|
|
Subject: [PATCH] Issue 9497 - update debug logging in ipa_otp_lasttoken
|
|
|
|
Fixes: https://pagure.io/freeipa/issue/9497
|
|
|
|
Signed-off-by: Mark Reynolds <mreynolds@redhat.com>
|
|
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
---
|
|
.../ipa-otp-lasttoken/ipa_otp_lasttoken.c | 25 ++++++++++++-------
|
|
1 file changed, 16 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c b/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c
|
|
index 11106b239f9de9074125979cfae7c02e434936e1..c1318f8eb19a5ff7da016eb145eece2f56925235 100644
|
|
--- a/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c
|
|
+++ b/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c
|
|
@@ -33,7 +33,7 @@
|
|
* Authors:
|
|
* Nathaniel McCallum <npmccallum@redhat.com>
|
|
*
|
|
- * Copyright (C) 2013 Red Hat, Inc.
|
|
+ * Copyright (C) 2013-2023 Red Hat, Inc.
|
|
* All rights reserved.
|
|
* END COPYRIGHT BLOCK **/
|
|
|
|
@@ -46,7 +46,7 @@
|
|
|
|
#include "util.h"
|
|
|
|
-#define PLUGIN_NAME "ipa-otp-lasttoken"
|
|
+#define IPA_PLUGIN_NAME "ipa-otp-lasttoken"
|
|
#define OTP_CONTAINER "cn=otp,%s"
|
|
|
|
static struct otp_config *otp_config;
|
|
@@ -191,9 +191,14 @@ static inline int send_error(Slapi_PBlock *pb, int rc, const char *errstr)
|
|
|
|
static int preop_del(Slapi_PBlock *pb)
|
|
{
|
|
+ char *dn = NULL;
|
|
+
|
|
if (is_allowed(pb, NULL))
|
|
return 0;
|
|
|
|
+ slapi_pblock_get(pb, SLAPI_TARGET_DN, &dn);
|
|
+ LOG("Can't delete last active token (%s)", dn);
|
|
+
|
|
return send_error(pb, LDAP_UNWILLING_TO_PERFORM,
|
|
"Can't delete last active token");
|
|
}
|
|
@@ -221,10 +226,12 @@ static int preop_mod(Slapi_PBlock *pb)
|
|
return 0;
|
|
|
|
/* If a protected attribute is modified, deny. */
|
|
- for (int i = 0; mods != NULL && mods[i] != NULL; i++) {
|
|
- for (int j = 0; errors[j].attr != NULL; j++) {
|
|
- if (strcasecmp(mods[i]->mod_type, errors[j].attr) == 0)
|
|
+ for (size_t i = 0; mods != NULL && mods[i] != NULL; i++) {
|
|
+ for (size_t j = 0; errors[j].attr != NULL; j++) {
|
|
+ if (strcasecmp(mods[i]->mod_type, errors[j].attr) == 0) {
|
|
+ LOG("%s (%s)", errors[j].msg, slapi_entry_get_dn_const(entry));
|
|
return send_error(pb, LDAP_UNWILLING_TO_PERFORM, errors[j].msg);
|
|
+ }
|
|
}
|
|
}
|
|
|
|
@@ -284,7 +291,7 @@ static int ipa_otp_lasttoken_start(Slapi_PBlock *pb)
|
|
int ipa_otp_lasttoken_init(Slapi_PBlock *pb)
|
|
{
|
|
static const Slapi_PluginDesc preop_desc = {
|
|
- PLUGIN_NAME,
|
|
+ IPA_PLUGIN_NAME,
|
|
"FreeIPA",
|
|
"FreeIPA/1.0",
|
|
"Protect the user's last active token"
|
|
@@ -297,14 +304,14 @@ int ipa_otp_lasttoken_init(Slapi_PBlock *pb)
|
|
ret |= slapi_pblock_set(pb, SLAPI_PLUGIN_VERSION, SLAPI_PLUGIN_VERSION_01);
|
|
ret |= slapi_pblock_set(pb, SLAPI_PLUGIN_DESCRIPTION, (void *) &preop_desc);
|
|
ret |= slapi_register_plugin("betxnpreoperation", 1, __func__, preop_init,
|
|
- PLUGIN_NAME " betxnpreoperation", NULL,
|
|
+ IPA_PLUGIN_NAME " betxnpreoperation", NULL,
|
|
ipa_otp_lasttoken_plugin_id);
|
|
ret |= slapi_register_plugin("postoperation", 1, __func__, postop_init,
|
|
- PLUGIN_NAME " postoperation", NULL,
|
|
+ IPA_PLUGIN_NAME " postoperation", NULL,
|
|
ipa_otp_lasttoken_plugin_id);
|
|
ret |= slapi_register_plugin("internalpostoperation", 1, __func__,
|
|
intpostop_init,
|
|
- PLUGIN_NAME " internalpostoperation", NULL,
|
|
+ IPA_PLUGIN_NAME " internalpostoperation", NULL,
|
|
ipa_otp_lasttoken_plugin_id);
|
|
ret |= slapi_pblock_set(pb, SLAPI_PLUGIN_START_FN,
|
|
(void *)ipa_otp_lasttoken_start);
|
|
--
|
|
2.43.0
|
|
|