diff options
| author | Sumit Bose <sbose@redhat.com> | 2016-04-26 13:22:40 +0200 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-06-09 14:28:47 +0200 |
| commit | aa734da49440c5d12c0f8d4566505adaeef254e8 (patch) | |
| tree | ae04af06c2048c628b4d250673e0830358766140 /daemons | |
| parent | b1df1cfe71129075a010a0a3a38f1595d79cf412 (diff) | |
| download | freeipa-aa734da49440c5d12c0f8d4566505adaeef254e8.tar.gz freeipa-aa734da49440c5d12c0f8d4566505adaeef254e8.tar.xz freeipa-aa734da49440c5d12c0f8d4566505adaeef254e8.zip | |
extdom: add certificate request
Related to https://fedorahosted.org/freeipa/ticket/4955
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'daemons')
| -rw-r--r-- | daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h | 4 | ||||
| -rw-r--r-- | daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c | 31 |
2 files changed, 27 insertions, 8 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h index e121b8ba5..34e2d3c79 100644 --- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h +++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h @@ -79,7 +79,8 @@ enum input_types { INP_SID = 1, INP_NAME, INP_POSIX_UID, - INP_POSIX_GID + INP_POSIX_GID, + INP_CERT }; enum request_types { @@ -114,6 +115,7 @@ struct extdom_req { char *domain_name; gid_t gid; } posix_gid; + char *cert; } data; char *err_msg; }; diff --git a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c index 445624f39..84b1b9af4 100644 --- a/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c +++ b/daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c @@ -349,6 +349,9 @@ int parse_request_data(struct berval *req_val, struct extdom_req **_req) &id); req->data.posix_gid.gid = (gid_t) id; break; + case INP_CERT: + tag = ber_scanf(ber, "a}", &req->data.cert); + break; default: ber_free(ber, 1); set_err_msg(req, "Unknown input type"); @@ -383,6 +386,9 @@ void free_req_data(struct extdom_req *req) case INP_POSIX_GID: ber_memfree(req->data.posix_gid.domain_name); break; + case INP_CERT: + ber_memfree(req->data.cert); + break; } free(req->err_msg); @@ -861,10 +867,12 @@ done: return ret; } -static int handle_sid_request(struct ipa_extdom_ctx *ctx, - struct extdom_req *req, - enum request_types request_type, const char *sid, - struct berval **berval) +static int handle_sid_or_cert_request(struct ipa_extdom_ctx *ctx, + struct extdom_req *req, + enum request_types request_type, + enum input_types input_type, + const char *input, + struct berval **berval) { int ret; struct passwd pwd; @@ -878,7 +886,11 @@ static int handle_sid_request(struct ipa_extdom_ctx *ctx, enum sss_id_type id_type; struct sss_nss_kv *kv_list = NULL; - ret = sss_nss_getnamebysid(sid, &fq_name, &id_type); + if (input_type == INP_SID) { + ret = sss_nss_getnamebysid(input, &fq_name, &id_type); + } else { + ret = sss_nss_getnamebycert(input, &fq_name, &id_type); + } if (ret != 0) { if (ret == ENOENT) { ret = LDAP_NO_SUCH_OBJECT; @@ -1130,8 +1142,13 @@ int handle_request(struct ipa_extdom_ctx *ctx, struct extdom_req *req, break; case INP_SID: - ret = handle_sid_request(ctx, req, req->request_type, req->data.sid, - berval); + case INP_CERT: + ret = handle_sid_or_cert_request(ctx, req, req->request_type, + req->input_type, + req->input_type == INP_SID ? + req->data.sid : + req->data.cert, + berval); break; case INP_NAME: ret = handle_name_request(ctx, req, req->request_type, |