ncache: add calls for certificate based searches

Related to https://fedorahosted.org/sssd/ticket/2596 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
author: Sumit Bose <sbose@redhat.com> 2015-06-03 16:18:05 +0200
committer: Jakub Hrozek <jhrozek@redhat.com> 2015-06-19 18:48:13 +0200
commit: 8d4dedea12e2b71f83a1b0e5f0fc5cdb706dcf98 (patch)
tree: 3cfba2ea6cae424523da326c9d4d32b5a74fdf6a
parent: caacea0dbfdc92613ae992681053b1d2665b80ca (diff)
download: sssd-8d4dedea12e2b71f83a1b0e5f0fc5cdb706dcf98.tar.gz
sssd-8d4dedea12e2b71f83a1b0e5f0fc5cdb706dcf98.tar.xz
sssd-8d4dedea12e2b71f83a1b0e5f0fc5cdb706dcf98.zip
3 files changed, 76 insertions, 0 deletions
diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c
index cf70dc52f..64270f467 100644
--- a/src/responder/common/negcache.c
+++ b/src/responder/common/negcache.c
@@ -35,6 +35,7 @@
 #define NC_UID_PREFIX NC_ENTRY_PREFIX"UID"
 #define NC_GID_PREFIX NC_ENTRY_PREFIX"GID"
 #define NC_SID_PREFIX NC_ENTRY_PREFIX"SID"
+#define NC_CERT_PREFIX NC_ENTRY_PREFIX"CERT"
 
 struct sss_nc_ctx {
     struct tdb_context *tdb;
@@ -417,6 +418,21 @@ int sss_ncache_check_sid(struct sss_nc_ctx *ctx, int ttl, const char *sid)
     return ret;
 }
 
+int sss_ncache_check_cert(struct sss_nc_ctx *ctx, int ttl, const char *cert)
+{
+    char *str;
+    int ret;
+
+    str = talloc_asprintf(ctx, "%s/%s", NC_CERT_PREFIX, cert);
+    if (!str) return ENOMEM;
+
+    ret = sss_ncache_check_str(ctx, str, ttl);
+
+    talloc_free(str);
+    return ret;
+}
+
+
 static int sss_ncache_set_user_int(struct sss_nc_ctx *ctx, bool permanent,
                                    const char *domain, const char *name)
 {
@@ -548,6 +564,21 @@ int sss_ncache_set_sid(struct sss_nc_ctx *ctx, bool permanent, const char *sid)
     return ret;
 }
 
+int sss_ncache_set_cert(struct sss_nc_ctx *ctx, bool permanent,
+                        const char *cert)
+{
+    char *str;
+    int ret;
+
+    str = talloc_asprintf(ctx, "%s/%s", NC_CERT_PREFIX, cert);
+    if (!str) return ENOMEM;
+
+    ret = sss_ncache_set_str(ctx, str, permanent);
+
+    talloc_free(str);
+    return ret;
+}
+
 static int delete_permanent(struct tdb_context *tdb,
                             TDB_DATA key, TDB_DATA data, void *state)
 {
diff --git a/src/responder/common/negcache.h b/src/responder/common/negcache.h
index b96fbfda5..e7cbfe114 100644
--- a/src/responder/common/negcache.h
+++ b/src/responder/common/negcache.h
@@ -37,6 +37,7 @@ int sss_ncache_check_netgr(struct sss_nc_ctx *ctx, int ttl,
 int sss_ncache_check_uid(struct sss_nc_ctx *ctx, int ttl, uid_t uid);
 int sss_ncache_check_gid(struct sss_nc_ctx *ctx, int ttl, gid_t gid);
 int sss_ncache_check_sid(struct sss_nc_ctx *ctx, int ttl, const char *sid);
+int sss_ncache_check_cert(struct sss_nc_ctx *ctx, int ttl, const char *cert);
 
 int sss_ncache_check_service(struct sss_nc_ctx *ctx, int ttl,
                              struct sss_domain_info *dom,
@@ -60,6 +61,8 @@ int sss_ncache_set_netgr(struct sss_nc_ctx *ctx, bool permanent,
 int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent, uid_t uid);
 int sss_ncache_set_gid(struct sss_nc_ctx *ctx, bool permanent, gid_t gid);
 int sss_ncache_set_sid(struct sss_nc_ctx *ctx, bool permanent, const char *sid);
+int sss_ncache_set_cert(struct sss_nc_ctx *ctx, bool permanent,
+                        const char *cert);
 int sss_ncache_set_service_name(struct sss_nc_ctx *ctx, bool permanent,
                                 struct sss_domain_info *dom,
                                 const char *name, const char *proto);
diff --git a/src/tests/cmocka/test_negcache.c b/src/tests/cmocka/test_negcache.c
index 6f9802a38..fa07ea248 100644
--- a/src/tests/cmocka/test_negcache.c
+++ b/src/tests/cmocka/test_negcache.c
@@ -45,6 +45,7 @@
 
 #define PORT 21
 #define SID "S-1-2-3-4-5"
+#define CERT "MIIECTCCAvGgAwIBAgIBCTANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlJUEEuREVWRUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNTA0MjgxMDIxMTFaFw0xNzA0MjgxMDIxMTFaMDIxEjAQBgNVBAoMCUlQQS5ERVZFTDEcMBoGA1UEAwwTaXBhLWRldmVsLmlwYS5kZXZlbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALIykqtHuAwTVEofHikG/9BQy/dfeZFlsTkBg2qtnnc78w3XufbcnkpJp9Bmcsy/d9beqf5nlsxJ8TcjLsRQ9Ou6YtQjTfM3OILuOz8s0ICbF6qb66bd9hX/BrLO/9+KnpWFSR+E/YEmzgYyDTbKfBWBaGuPPrOi/K6vwkRYFZVA/FYZkYDtQhFmBO884HYzS4P6frRH3PvtRqWNCmaHpe97dGKsvnM2ybT+IMSB8/54GajQr3+BciRh2XaT4wvSTxkXM1fUgrDxqAP2AZmpuIyDyboZh+rWOwbrTPfx5SipELZG3uHhP8HMcr4qQ8b20LWgxCRuT73sIooHET350xUCAwEAAaOCASYwggEiMB8GA1UdIwQYMBaAFPKdQk4PxEglWC8czg+hPyLIVciRMDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAYYfaHR0cDovL2lwYS1jYS5pcGEuZGV2ZWwvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHQGA1UdHwRtMGswaaAxoC+GLWh0dHA6Ly9pcGEtY2EuaXBhLmRldmVsL2lwYS9jcmwvTWFzdGVyQ1JMLmJpbqI0pDIwMDEOMAwGA1UECgwFaXBhY2ExHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAdBgNVHQ4EFgQULSs/y/Wy/zIsqMIc3b2MgB7dMYIwDQYJKoZIhvcNAQELBQADggEBAJpHLlCnTR1TD8lxQgzl2n1JZOeryN/fAsGH0Vve2m8r5PC+ugnfAoULiuabBn1pOGxy/0x7Kg0/Iy8WRv8Fk7DqJCjXEqFXuFkZJfNDCtP9DzeNuMoV50iKoMfHS38BPFjXN+X/fSsBrA2fUWrlQCTmXlUN97gvQqxt5Slrxgukvxm9OSfu/sWz22LUvtJHupYwWv1iALgnXS86lAuVNYVALLxn34r58XsZlj5CSBMjBJWpaxEzgUdag3L2IPqOQXuPd0d8x11G9E/9gQquOSe2aiZjsdO/VYOCmzZsM2QPUMBVlBPDhfTVcWXQwN385uycW/ARtSzzSME2jKKWSIQ="
 #define PROTO "TCP"
 #define LIFETIME 200
 #define SHORTSPAN 1
@@ -317,6 +318,46 @@ static void test_sss_ncache_sid(void **state)
     assert_int_equal(ret, EEXIST);
 }
 
+/* @test_sss_ncache_cert : test following functions
+ * sss_ncache_set_cert
+ * sss_ncache_check_cert_
+ */
+static void test_sss_ncache_cert(void **state)
+{
+    int ret, ttl;
+    bool permanent;
+    const char *cert = NULL;
+    struct test_state *ts;
+
+    ttl = LIFETIME;
+    cert = CERT;
+    ts = talloc_get_type_abort(*state, struct test_state);
+
+    /*test when cert in not present in database */
+    ret = sss_ncache_check_cert(ts->ctx, ttl, cert);
+    assert_int_equal(ret, ENOENT);
+
+    /* test when cert is present in database */
+    permanent = true;
+    ret = sss_ncache_set_cert(ts->ctx, permanent, cert);
+    assert_int_equal(ret, EOK);
+
+    ret = sss_ncache_check_cert(ts->ctx, ttl, cert);
+    assert_int_equal(ret, EEXIST);
+
+    permanent = false;
+    ret = sss_ncache_set_cert(ts->ctx, permanent, cert);
+    assert_int_equal(ret, EOK);
+
+    ret = sss_ncache_check_cert(ts->ctx, ttl, cert);
+    assert_int_equal(ret, EEXIST);
+
+    /* test when ttl is -1 with cert present in database*/
+    ttl = -1;
+    ret = sss_ncache_check_cert(ts->ctx, ttl, cert);
+    assert_int_equal(ret, EEXIST);
+}
+
 /* @test_sss_ncache_user : test following functions
  * sss_ncache_check_user
  * sss_ncache_set_user
@@ -809,6 +850,7 @@ int main(void)
         cmocka_unit_test_setup_teardown(test_sss_ncache_uid, setup, teardown),
         cmocka_unit_test_setup_teardown(test_sss_ncache_gid, setup, teardown),
         cmocka_unit_test_setup_teardown(test_sss_ncache_sid, setup, teardown),
+        cmocka_unit_test_setup_teardown(test_sss_ncache_cert, setup, teardown),
         cmocka_unit_test_setup_teardown(test_sss_ncache_user, setup, teardown),
         cmocka_unit_test_setup_teardown(test_sss_ncache_group, setup, teardown),
         cmocka_unit_test_setup_teardown(test_sss_ncache_netgr, setup, teardown),
author	Sumit Bose <sbose@redhat.com>	2015-06-03 16:18:05 +0200
committer	Jakub Hrozek <jhrozek@redhat.com>	2015-06-19 18:48:13 +0200
commit	8d4dedea12e2b71f83a1b0e5f0fc5cdb706dcf98 (patch)
tree	3cfba2ea6cae424523da326c9d4d32b5a74fdf6a
parent	caacea0dbfdc92613ae992681053b1d2665b80ca (diff)
download	sssd-8d4dedea12e2b71f83a1b0e5f0fc5cdb706dcf98.tar.gz sssd-8d4dedea12e2b71f83a1b0e5f0fc5cdb706dcf98.tar.xz sssd-8d4dedea12e2b71f83a1b0e5f0fc5cdb706dcf98.zip