diff options
| author | Sumit Bose <sbose@redhat.com> | 2015-06-03 16:18:05 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-06-19 18:48:13 +0200 |
| commit | 8d4dedea12e2b71f83a1b0e5f0fc5cdb706dcf98 (patch) | |
| tree | 3cfba2ea6cae424523da326c9d4d32b5a74fdf6a | |
| parent | caacea0dbfdc92613ae992681053b1d2665b80ca (diff) | |
| download | sssd-8d4dedea12e2b71f83a1b0e5f0fc5cdb706dcf98.tar.gz sssd-8d4dedea12e2b71f83a1b0e5f0fc5cdb706dcf98.tar.xz sssd-8d4dedea12e2b71f83a1b0e5f0fc5cdb706dcf98.zip | |
ncache: add calls for certificate based searches
Related to https://fedorahosted.org/sssd/ticket/2596
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
| -rw-r--r-- | src/responder/common/negcache.c | 31 | ||||
| -rw-r--r-- | src/responder/common/negcache.h | 3 | ||||
| -rw-r--r-- | src/tests/cmocka/test_negcache.c | 42 |
3 files changed, 76 insertions, 0 deletions
diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c index cf70dc52f..64270f467 100644 --- a/src/responder/common/negcache.c +++ b/src/responder/common/negcache.c @@ -35,6 +35,7 @@ #define NC_UID_PREFIX NC_ENTRY_PREFIX"UID" #define NC_GID_PREFIX NC_ENTRY_PREFIX"GID" #define NC_SID_PREFIX NC_ENTRY_PREFIX"SID" +#define NC_CERT_PREFIX NC_ENTRY_PREFIX"CERT" struct sss_nc_ctx { struct tdb_context *tdb; @@ -417,6 +418,21 @@ int sss_ncache_check_sid(struct sss_nc_ctx *ctx, int ttl, const char *sid) return ret; } +int sss_ncache_check_cert(struct sss_nc_ctx *ctx, int ttl, const char *cert) +{ + char *str; + int ret; + + str = talloc_asprintf(ctx, "%s/%s", NC_CERT_PREFIX, cert); + if (!str) return ENOMEM; + + ret = sss_ncache_check_str(ctx, str, ttl); + + talloc_free(str); + return ret; +} + + static int sss_ncache_set_user_int(struct sss_nc_ctx *ctx, bool permanent, const char *domain, const char *name) { @@ -548,6 +564,21 @@ int sss_ncache_set_sid(struct sss_nc_ctx *ctx, bool permanent, const char *sid) return ret; } +int sss_ncache_set_cert(struct sss_nc_ctx *ctx, bool permanent, + const char *cert) +{ + char *str; + int ret; + + str = talloc_asprintf(ctx, "%s/%s", NC_CERT_PREFIX, cert); + if (!str) return ENOMEM; + + ret = sss_ncache_set_str(ctx, str, permanent); + + talloc_free(str); + return ret; +} + static int delete_permanent(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void *state) { diff --git a/src/responder/common/negcache.h b/src/responder/common/negcache.h index b96fbfda5..e7cbfe114 100644 --- a/src/responder/common/negcache.h +++ b/src/responder/common/negcache.h @@ -37,6 +37,7 @@ int sss_ncache_check_netgr(struct sss_nc_ctx *ctx, int ttl, int sss_ncache_check_uid(struct sss_nc_ctx *ctx, int ttl, uid_t uid); int sss_ncache_check_gid(struct sss_nc_ctx *ctx, int ttl, gid_t gid); int sss_ncache_check_sid(struct sss_nc_ctx *ctx, int ttl, const char *sid); +int sss_ncache_check_cert(struct sss_nc_ctx *ctx, int ttl, const char *cert); int sss_ncache_check_service(struct sss_nc_ctx *ctx, int ttl, struct sss_domain_info *dom, @@ -60,6 +61,8 @@ int sss_ncache_set_netgr(struct sss_nc_ctx *ctx, bool permanent, int sss_ncache_set_uid(struct sss_nc_ctx *ctx, bool permanent, uid_t uid); int sss_ncache_set_gid(struct sss_nc_ctx *ctx, bool permanent, gid_t gid); int sss_ncache_set_sid(struct sss_nc_ctx *ctx, bool permanent, const char *sid); +int sss_ncache_set_cert(struct sss_nc_ctx *ctx, bool permanent, + const char *cert); int sss_ncache_set_service_name(struct sss_nc_ctx *ctx, bool permanent, struct sss_domain_info *dom, const char *name, const char *proto); diff --git a/src/tests/cmocka/test_negcache.c b/src/tests/cmocka/test_negcache.c index 6f9802a38..fa07ea248 100644 --- a/src/tests/cmocka/test_negcache.c +++ b/src/tests/cmocka/test_negcache.c @@ -45,6 +45,7 @@ #define PORT 21 #define SID "S-1-2-3-4-5" +#define CERT "MIIECTCCAvGgAwIBAgIBCTANBgkqhkiG9w0BAQsFADA0MRIwEAYDVQQKDAlJUEEuREVWRUwxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAeFw0xNTA0MjgxMDIxMTFaFw0xNzA0MjgxMDIxMTFaMDIxEjAQBgNVBAoMCUlQQS5ERVZFTDEcMBoGA1UEAwwTaXBhLWRldmVsLmlwYS5kZXZlbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALIykqtHuAwTVEofHikG/9BQy/dfeZFlsTkBg2qtnnc78w3XufbcnkpJp9Bmcsy/d9beqf5nlsxJ8TcjLsRQ9Ou6YtQjTfM3OILuOz8s0ICbF6qb66bd9hX/BrLO/9+KnpWFSR+E/YEmzgYyDTbKfBWBaGuPPrOi/K6vwkRYFZVA/FYZkYDtQhFmBO884HYzS4P6frRH3PvtRqWNCmaHpe97dGKsvnM2ybT+IMSB8/54GajQr3+BciRh2XaT4wvSTxkXM1fUgrDxqAP2AZmpuIyDyboZh+rWOwbrTPfx5SipELZG3uHhP8HMcr4qQ8b20LWgxCRuT73sIooHET350xUCAwEAAaOCASYwggEiMB8GA1UdIwQYMBaAFPKdQk4PxEglWC8czg+hPyLIVciRMDsGCCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAYYfaHR0cDovL2lwYS1jYS5pcGEuZGV2ZWwvY2Evb2NzcDAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHQGA1UdHwRtMGswaaAxoC+GLWh0dHA6Ly9pcGEtY2EuaXBhLmRldmVsL2lwYS9jcmwvTWFzdGVyQ1JMLmJpbqI0pDIwMDEOMAwGA1UECgwFaXBhY2ExHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAdBgNVHQ4EFgQULSs/y/Wy/zIsqMIc3b2MgB7dMYIwDQYJKoZIhvcNAQELBQADggEBAJpHLlCnTR1TD8lxQgzl2n1JZOeryN/fAsGH0Vve2m8r5PC+ugnfAoULiuabBn1pOGxy/0x7Kg0/Iy8WRv8Fk7DqJCjXEqFXuFkZJfNDCtP9DzeNuMoV50iKoMfHS38BPFjXN+X/fSsBrA2fUWrlQCTmXlUN97gvQqxt5Slrxgukvxm9OSfu/sWz22LUvtJHupYwWv1iALgnXS86lAuVNYVALLxn34r58XsZlj5CSBMjBJWpaxEzgUdag3L2IPqOQXuPd0d8x11G9E/9gQquOSe2aiZjsdO/VYOCmzZsM2QPUMBVlBPDhfTVcWXQwN385uycW/ARtSzzSME2jKKWSIQ=" #define PROTO "TCP" #define LIFETIME 200 #define SHORTSPAN 1 @@ -317,6 +318,46 @@ static void test_sss_ncache_sid(void **state) assert_int_equal(ret, EEXIST); } +/* @test_sss_ncache_cert : test following functions + * sss_ncache_set_cert + * sss_ncache_check_cert_ + */ +static void test_sss_ncache_cert(void **state) +{ + int ret, ttl; + bool permanent; + const char *cert = NULL; + struct test_state *ts; + + ttl = LIFETIME; + cert = CERT; + ts = talloc_get_type_abort(*state, struct test_state); + + /*test when cert in not present in database */ + ret = sss_ncache_check_cert(ts->ctx, ttl, cert); + assert_int_equal(ret, ENOENT); + + /* test when cert is present in database */ + permanent = true; + ret = sss_ncache_set_cert(ts->ctx, permanent, cert); + assert_int_equal(ret, EOK); + + ret = sss_ncache_check_cert(ts->ctx, ttl, cert); + assert_int_equal(ret, EEXIST); + + permanent = false; + ret = sss_ncache_set_cert(ts->ctx, permanent, cert); + assert_int_equal(ret, EOK); + + ret = sss_ncache_check_cert(ts->ctx, ttl, cert); + assert_int_equal(ret, EEXIST); + + /* test when ttl is -1 with cert present in database*/ + ttl = -1; + ret = sss_ncache_check_cert(ts->ctx, ttl, cert); + assert_int_equal(ret, EEXIST); +} + /* @test_sss_ncache_user : test following functions * sss_ncache_check_user * sss_ncache_set_user @@ -809,6 +850,7 @@ int main(void) cmocka_unit_test_setup_teardown(test_sss_ncache_uid, setup, teardown), cmocka_unit_test_setup_teardown(test_sss_ncache_gid, setup, teardown), cmocka_unit_test_setup_teardown(test_sss_ncache_sid, setup, teardown), + cmocka_unit_test_setup_teardown(test_sss_ncache_cert, setup, teardown), cmocka_unit_test_setup_teardown(test_sss_ncache_user, setup, teardown), cmocka_unit_test_setup_teardown(test_sss_ncache_group, setup, teardown), cmocka_unit_test_setup_teardown(test_sss_ncache_netgr, setup, teardown), |