ipa: save cert as blob in the cache

The IPA extdom plugin returns the user certificate base64 encoded. Before the IPA client can store it in the cache it must be decoded so that it is stored as a binary as the certificate from other sources. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
author: Sumit Bose <sbose@redhat.com> 2016-04-06 18:07:37 +0200
committer: Lukas Slebodnik <lslebodn@redhat.com> 2016-06-09 16:12:25 +0200
commit: cf89f552f06b95bd69d8c61aaa55a330a5d9f6e6 (patch)
tree: ef2c3ee42bee45971f00a3c37161ef86a06b18b7 /src/providers
parent: dc936929c01647c0fc116a112cee200156328037 (diff)
download: sssd-cf89f552f06b95bd69d8c61aaa55a330a5d9f6e6.tar.gz
sssd-cf89f552f06b95bd69d8c61aaa55a330a5d9f6e6.tar.xz
sssd-cf89f552f06b95bd69d8c61aaa55a330a5d9f6e6.zip
1 files changed, 17 insertions, 2 deletions
diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c
index c1bc42ff1..0ff7d928b 100644
--- a/src/providers/ipa/ipa_s2n_exop.c
+++ b/src/providers/ipa/ipa_s2n_exop.c
@@ -22,6 +22,7 @@
 #include "util/util.h"
 #include "util/sss_nss.h"
 #include "util/strtonum.h"
+#include "util/crypto/sss_crypto.h"
 #include "providers/ldap/sdap_async_private.h"
 #include "providers/ldap/sdap_async_ad.h"
 #include "providers/ldap/ldap_common.h"
@@ -497,8 +498,22 @@ static errno_t get_extra_attrs(BerElement *ber, struct resp_attrs *resp_attrs)
 
         for (c = 0; values[c] != NULL; c++) {
 
-            v.data = (uint8_t *) values[c]->bv_val;
-            v.length = values[c]->bv_len;
+            if (strcmp(name, SYSDB_USER_CERT) == 0) {
+                if (values[c]->bv_val[values[c]->bv_len] != '\0') {
+                    DEBUG(SSSDBG_OP_FAILURE,
+                          "base64 encoded certificate not 0-terminated.\n");
+                    return EINVAL;
+                }
+
+                v.data = sss_base64_decode(NULL, values[c]->bv_val, &v.length);
+                if (v.data == NULL) {
+                    DEBUG(SSSDBG_OP_FAILURE, "sss_base64_decode failed.\n");
+                    return EINVAL;
+                }
+            } else {
+                v.data = (uint8_t *)values[c]->bv_val;
+                v.length = values[c]->bv_len;
+            }
 
             ret = sysdb_attrs_add_val(resp_attrs->sysdb_attrs, name, &v);
             if (ret != EOK) {
author	Sumit Bose <sbose@redhat.com>	2016-04-06 18:07:37 +0200
committer	Lukas Slebodnik <lslebodn@redhat.com>	2016-06-09 16:12:25 +0200
commit	cf89f552f06b95bd69d8c61aaa55a330a5d9f6e6 (patch)
tree	ef2c3ee42bee45971f00a3c37161ef86a06b18b7 /src/providers
parent	dc936929c01647c0fc116a112cee200156328037 (diff)
download	sssd-cf89f552f06b95bd69d8c61aaa55a330a5d9f6e6.tar.gz sssd-cf89f552f06b95bd69d8c61aaa55a330a5d9f6e6.tar.xz sssd-cf89f552f06b95bd69d8c61aaa55a330a5d9f6e6.zip