diff options
author | Sumit Bose <sbose@redhat.com> | 2015-05-26 14:29:17 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-06-19 18:48:13 +0200 |
commit | 827a016a07d5f911cc4195be89896a376fd71f59 (patch) | |
tree | cffbe41134143e97a2a073041e7d760dae1af112 /src/responder/ifp | |
parent | a99845006f96f9d1e7af871ec67c71cee8408a62 (diff) | |
download | sssd-827a016a07d5f911cc4195be89896a376fd71f59.tar.gz sssd-827a016a07d5f911cc4195be89896a376fd71f59.tar.xz sssd-827a016a07d5f911cc4195be89896a376fd71f59.zip |
IFP: add FindByCertificate method for User objects
Related to https://fedorahosted.org/sssd/ticket/2596
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src/responder/ifp')
-rw-r--r-- | src/responder/ifp/ifp_iface.c | 1 | ||||
-rw-r--r-- | src/responder/ifp/ifp_iface.xml | 4 | ||||
-rw-r--r-- | src/responder/ifp/ifp_iface_generated.c | 26 | ||||
-rw-r--r-- | src/responder/ifp/ifp_iface_generated.h | 5 | ||||
-rw-r--r-- | src/responder/ifp/ifp_users.c | 87 | ||||
-rw-r--r-- | src/responder/ifp/ifp_users.h | 4 | ||||
-rw-r--r-- | src/responder/ifp/ifpsrv_cmd.c | 4 |
7 files changed, 129 insertions, 2 deletions
diff --git a/src/responder/ifp/ifp_iface.c b/src/responder/ifp/ifp_iface.c index 015c66dc5..86d8d338c 100644 --- a/src/responder/ifp/ifp_iface.c +++ b/src/responder/ifp/ifp_iface.c @@ -82,6 +82,7 @@ struct iface_ifp_users iface_ifp_users = { { &iface_ifp_users_meta, 0 }, .FindByName = ifp_users_find_by_name, .FindByID = ifp_users_find_by_id, + .FindByCertificate = ifp_users_find_by_cert, .ListByName = ifp_users_list_by_name, .ListByDomainAndName = ifp_users_list_by_domain_and_name }; diff --git a/src/responder/ifp/ifp_iface.xml b/src/responder/ifp/ifp_iface.xml index 628692af6..5a56b624a 100644 --- a/src/responder/ifp/ifp_iface.xml +++ b/src/responder/ifp/ifp_iface.xml @@ -136,6 +136,10 @@ <arg name="id" type="u" direction="in" /> <arg name="result" type="o" direction="out" /> </method> + <method name="FindByCertificate"> + <arg name="pem_cert" type="s" direction="in" /> + <arg name="result" type="o" direction="out" /> + </method> <method name="ListByName"> <arg name="name_filter" type="s" direction="in" /> <arg name="limit" type="u" direction="in" /> diff --git a/src/responder/ifp/ifp_iface_generated.c b/src/responder/ifp/ifp_iface_generated.c index 8255cbea7..a4fdd5d12 100644 --- a/src/responder/ifp/ifp_iface_generated.c +++ b/src/responder/ifp/ifp_iface_generated.c @@ -685,6 +685,25 @@ int iface_ifp_users_FindByID_finish(struct sbus_request *req, const char *arg_re DBUS_TYPE_INVALID); } +/* arguments for org.freedesktop.sssd.infopipe.Users.FindByCertificate */ +const struct sbus_arg_meta iface_ifp_users_FindByCertificate__in[] = { + { "pem_cert", "s" }, + { NULL, } +}; + +/* arguments for org.freedesktop.sssd.infopipe.Users.FindByCertificate */ +const struct sbus_arg_meta iface_ifp_users_FindByCertificate__out[] = { + { "result", "o" }, + { NULL, } +}; + +int iface_ifp_users_FindByCertificate_finish(struct sbus_request *req, const char *arg_result) +{ + return sbus_request_return_and_finish(req, + DBUS_TYPE_OBJECT_PATH, &arg_result, + DBUS_TYPE_INVALID); +} + /* arguments for org.freedesktop.sssd.infopipe.Users.ListByName */ const struct sbus_arg_meta iface_ifp_users_ListByName__in[] = { { "name_filter", "s" }, @@ -743,6 +762,13 @@ const struct sbus_method_meta iface_ifp_users__methods[] = { invoke_u_method, }, { + "FindByCertificate", /* name */ + iface_ifp_users_FindByCertificate__in, + iface_ifp_users_FindByCertificate__out, + offsetof(struct iface_ifp_users, FindByCertificate), + invoke_s_method, + }, + { "ListByName", /* name */ iface_ifp_users_ListByName__in, iface_ifp_users_ListByName__out, diff --git a/src/responder/ifp/ifp_iface_generated.h b/src/responder/ifp/ifp_iface_generated.h index d2e5cdd3a..4dfe61ddf 100644 --- a/src/responder/ifp/ifp_iface_generated.h +++ b/src/responder/ifp/ifp_iface_generated.h @@ -68,6 +68,7 @@ #define IFACE_IFP_USERS "org.freedesktop.sssd.infopipe.Users" #define IFACE_IFP_USERS_FINDBYNAME "FindByName" #define IFACE_IFP_USERS_FINDBYID "FindByID" +#define IFACE_IFP_USERS_FINDBYCERTIFICATE "FindByCertificate" #define IFACE_IFP_USERS_LISTBYNAME "ListByName" #define IFACE_IFP_USERS_LISTBYDOMAINANDNAME "ListByDomainAndName" @@ -235,6 +236,7 @@ struct iface_ifp_users { struct sbus_vtable vtable; /* derive from sbus_vtable */ int (*FindByName)(struct sbus_request *req, void *data, const char *arg_name); int (*FindByID)(struct sbus_request *req, void *data, uint32_t arg_id); + int (*FindByCertificate)(struct sbus_request *req, void *data, const char *arg_pem_cert); int (*ListByName)(struct sbus_request *req, void *data, const char *arg_name_filter, uint32_t arg_limit); int (*ListByDomainAndName)(struct sbus_request *req, void *data, const char *arg_domain_name, const char *arg_name_filter, uint32_t arg_limit); }; @@ -245,6 +247,9 @@ int iface_ifp_users_FindByName_finish(struct sbus_request *req, const char *arg_ /* finish function for FindByID */ int iface_ifp_users_FindByID_finish(struct sbus_request *req, const char *arg_result); +/* finish function for FindByCertificate */ +int iface_ifp_users_FindByCertificate_finish(struct sbus_request *req, const char *arg_result); + /* finish function for ListByName */ int iface_ifp_users_ListByName_finish(struct sbus_request *req, const char *arg_result[], int len_result); diff --git a/src/responder/ifp/ifp_users.c b/src/responder/ifp/ifp_users.c index fa6f47f0d..2ec74c30b 100644 --- a/src/responder/ifp/ifp_users.c +++ b/src/responder/ifp/ifp_users.c @@ -25,6 +25,7 @@ #include "db/sysdb.h" #include "util/util.h" #include "util/strtonum.h" +#include "util/cert.h" #include "sbus/sssd_dbus_errors.h" #include "responder/common/responder.h" #include "responder/common/responder_cache_req.h" @@ -222,6 +223,92 @@ done: return; } +static void ifp_users_find_by_cert_done(struct tevent_req *req); + +int ifp_users_find_by_cert(struct sbus_request *sbus_req, void *data, + const char *pem_cert) +{ + struct ifp_ctx *ctx; + struct tevent_req *req; + int ret; + char *derb64; + DBusError *error; + + ctx = talloc_get_type(data, struct ifp_ctx); + if (ctx == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Invalid pointer!\n"); + return ERR_INTERNAL; + } + + ret = sss_cert_pem_to_derb64(sbus_req, pem_cert, &derb64); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "sss_cert_pem_to_derb64 failed.\n"); + + if (ret == ENOMEM) { + return ret; + } + + error = sbus_error_new(sbus_req, DBUS_ERROR_INVALID_ARGS, + "Invalid certificate format"); + sbus_request_fail_and_finish(sbus_req, error); + /* the connection is already terminated with an error message, hence + * we have to return EOK to not terminate the connection twice. */ + return EOK; + } + + req = cache_req_user_by_cert_send(sbus_req, ctx->rctx->ev, ctx->rctx, + ctx->ncache, ctx->neg_timeout, 0, + NULL, derb64); + if (req == NULL) { + return ENOMEM; + } + + tevent_req_set_callback(req, ifp_users_find_by_cert_done, sbus_req); + + return EOK; +} + +static void ifp_users_find_by_cert_done(struct tevent_req *req) +{ + DBusError *error; + struct sbus_request *sbus_req; + struct sss_domain_info *domain; + struct ldb_result *result; + char *object_path; + errno_t ret; + + sbus_req = tevent_req_callback_data(req, struct sbus_request); + + ret = cache_req_user_by_cert_recv(sbus_req, req, &result, &domain, NULL); + talloc_zfree(req); + if (ret == ENOENT) { + error = sbus_error_new(sbus_req, SBUS_ERROR_NOT_FOUND, + "User not found"); + goto done; + } else if (ret != EOK) { + error = sbus_error_new(sbus_req, DBUS_ERROR_FAILED, "Failed to fetch " + "user [%d]: %s\n", ret, sss_strerror(ret)); + goto done; + } + + object_path = ifp_users_build_path_from_msg(sbus_req, domain, + result->msgs[0]); + if (object_path == NULL) { + error = sbus_error_new(sbus_req, SBUS_ERROR_INTERNAL, + "Failed to compose object path"); + goto done; + } + +done: + if (ret != EOK) { + sbus_request_fail_and_finish(sbus_req, error); + return; + } + + iface_ifp_users_FindByCertificate_finish(sbus_req, object_path); + return; +} + int ifp_users_list_by_name(struct sbus_request *sbus_req, void *data, const char *filter, diff --git a/src/responder/ifp/ifp_users.h b/src/responder/ifp/ifp_users.h index 4da0a7347..471c3fb01 100644 --- a/src/responder/ifp/ifp_users.h +++ b/src/responder/ifp/ifp_users.h @@ -43,6 +43,10 @@ int ifp_users_find_by_id(struct sbus_request *sbus_req, void *data, uint32_t id); +int ifp_users_find_by_cert(struct sbus_request *sbus_req, + void *data, + const char *pem_cert); + int ifp_users_list_by_name(struct sbus_request *sbus_req, void *data, const char *filter, diff --git a/src/responder/ifp/ifpsrv_cmd.c b/src/responder/ifp/ifpsrv_cmd.c index d4d5dc640..ab6156fd6 100644 --- a/src/responder/ifp/ifpsrv_cmd.c +++ b/src/responder/ifp/ifpsrv_cmd.c @@ -497,11 +497,11 @@ ifp_user_get_attr_lookup(struct tevent_req *subreq) switch (state->search_type) { case SSS_DP_USER: input = cache_req_input_create(state, CACHE_REQ_USER_BY_NAME, - state->name, 0); + state->name, 0, NULL); break; case SSS_DP_INITGROUPS: input = cache_req_input_create(state, CACHE_REQ_INITGROUPS, - state->name, 0); + state->name, 0, NULL); break; default: DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported search type [%d]!\n", |