389-ds-base

Clone
Source Code
GIT

38fe768 Ticket 48707 - ldapssotoken for authentication

28 files Authored by firstyear 4 years ago, Committed by firstyear 4 years ago,
raw patch tree parent
28 files changed. 1116 lines added. 275 lines removed.
Makefile.am
file modified
+35 -4
configure.ac
file modified
+3 -0
dirsrvtests/tests/suites/auth_token/__init__.py
file added
+0
dirsrvtests/tests/suites/auth_token/basic_auth_test.py
file added
+240
ldap/admin/src/defaults.inf.in
file modified
+1 -0
ldap/servers/slapd/bind.c
file modified
+26 -4
ldap/servers/slapd/extendop.c
file modified
+88 -1
ldap/servers/slapd/libglobs.c
file modified
+379 -227
ldap/servers/slapd/proto-slap.h
file modified
+9 -0
ldap/servers/slapd/pw_verify.c
file modified
+29 -0
ldap/servers/slapd/pw_verify.h
file modified
+1 -0
ldap/servers/slapd/slap.h
file modified
+17 -2
rpm.mk
file modified
+3 -6
src/Cargo.toml
file added
+8
src/lib389/lib389/extended_operations.py
file modified
+8 -25
src/lib389/lib389/idm/account.py
file modified
+29 -0
src/lib389/lib389/paths.py
file modified
+10 -0
src/librnsslapd/Cargo.toml
file added
+25
src/librnsslapd/README.md
file added
+4
src/librnsslapd/build.rs
file added
+15
src/librnsslapd/src/lib.rs
file added
+70
src/librslapd/Cargo.toml
file modified
+2 -1
src/librslapd/README.md
file added
+3
src/librslapd/src/lib.rs
file modified
+49 -5
src/slapd/Cargo.toml
file added
+10
src/slapd/src/error.rs
file added
+8
src/slapd/src/fernet.rs
file added
+39
src/slapd/src/lib.rs
file added
+5 
    Ticket 48707 - ldapssotoken for authentication
    
    Bug Description: This implements LDAP ssotokens, a simple
    but cryptographically strong method of providing "cookies" to clients
    on request so that they can re-bind to a session at a later time. This
    is required for the web portal so that the portal may remain "isolated"
    without a strict security audit as the 389-ds server provides all
    security features.
    
    Fix Description: This adds the features for cookies with time limits up
    to one day to be generated from a rust library. These can be "revoked"
    globally by regeneration of the fernet key. Multiple DS servers can
    accept the tokens if they all have the same key configured. The TTL
    is adjustable based on site preferences. Additionally, sites that do
    not compile rust features will not have the feature enabled.
    
    https://pagure.io/389-ds-base/issue/48707
    
    Author: William Brown <william@blackhats.net.au>
    
    Review by: mreynolds
file modified
+35 -4
file modified
+3 -0
file added
+0
empty file added
file added
+240
file modified
+1 -0
file modified
+26 -4
file modified
+88 -1
file modified
+379 -227
file modified
+9 -0
file modified
+29 -0
file modified
+1 -0
file modified
+17 -2
file modified
+3 -6
file added
+8
file modified
+8 -25
file modified
+29 -0
file modified
+10 -0
file added
+25
file added
+4
file added
+15
file added
+70
file modified
+2 -1
file added
+3
file modified
+49 -5
file added
+10
file added
+8
file added
+39
file added
+5
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.