diff options
author | Sumit Bose <sbose@redhat.com> | 2016-04-22 17:56:05 +0200 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2016-06-09 16:12:25 +0200 |
commit | 21513e51a4a2eb08f245333bf8f223713a3d7cb3 (patch) | |
tree | d5b7c2bce5dd34a9789204a746902a8340e47ba3 /src/providers/ipa/ipa_s2n_exop.c | |
parent | 2f90ec2e16f0c14c789d9ed20e008e3103337210 (diff) | |
download | sssd-21513e51a4a2eb08f245333bf8f223713a3d7cb3.tar.gz sssd-21513e51a4a2eb08f245333bf8f223713a3d7cb3.tar.xz sssd-21513e51a4a2eb08f245333bf8f223713a3d7cb3.zip |
IPA: allow lookups by cert in sub-domains on the client
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/providers/ipa/ipa_s2n_exop.c')
-rw-r--r-- | src/providers/ipa/ipa_s2n_exop.c | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index 0ff7d928b..84f1c5ad0 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -36,7 +36,8 @@ enum input_types { INP_SID = 1, INP_NAME, INP_POSIX_UID, - INP_POSIX_GID + INP_POSIX_GID, + INP_CERT }; enum request_types { @@ -354,11 +355,22 @@ static errno_t s2n_encode_request(TALLOC_CTX *mem_ctx, break; case BE_REQ_BY_SECID: if (req_input->type == REQ_INP_SECID) { - ret = ber_printf(ber, "{ees}", INP_SID, request_type, - req_input->inp.secid); + ret = ber_printf(ber, "{ees}", INP_SID, request_type, + req_input->inp.secid); } else { DEBUG(SSSDBG_OP_FAILURE, "Unexpected input type [%d].\n", - req_input->type == REQ_INP_ID); + req_input->type == REQ_INP_ID); + ret = EINVAL; + goto done; + } + break; + case BE_REQ_BY_CERT: + if (req_input->type == REQ_INP_CERT) { + ret = ber_printf(ber, "{ees}", INP_CERT, request_type, + req_input->inp.cert); + } else { + DEBUG(SSSDBG_OP_FAILURE, "Unexpected input type [%d].\n", + req_input->type); ret = EINVAL; goto done; } @@ -1535,6 +1547,11 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq) talloc_zfree(subreq); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "s2n exop request failed.\n"); + if (state->req_input->type == REQ_INP_CERT) { + DEBUG(SSSDBG_OP_FAILURE, + "Maybe the server does not support lookups by " + "certificates.\n"); + } goto done; } |