diff options
author | Simo Sorce <simo@redhat.com> | 2016-03-17 15:48:01 -0400 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-06-29 21:46:57 +0200 |
commit | e625eb47a3091d92eda2271b123f8aab06227b63 (patch) | |
tree | b87f78d1e97f14ed3845d75f107c2e1381698f42 /src/responder/secrets/local.c | |
parent | 8f2a34cc6964a1f80a1434e05315a7ae0bb5774e (diff) | |
download | sssd-e625eb47a3091d92eda2271b123f8aab06227b63.tar.gz sssd-e625eb47a3091d92eda2271b123f8aab06227b63.tar.xz sssd-e625eb47a3091d92eda2271b123f8aab06227b63.zip |
Local secrets provider Content-Type handling
Properly handle and enforce ithe presence of the content-type header
in the local and proxy providers to conform to the Custoida protocol.
Avoids different behavior between the local provider and a remote server
that may cause developers to have an application working against the
local storage and then fail when the administrator configures a remote
storage.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/responder/secrets/local.c')
-rw-r--r-- | src/responder/secrets/local.c | 46 |
1 files changed, 38 insertions, 8 deletions
diff --git a/src/responder/secrets/local.c b/src/responder/secrets/local.c index 6451ef95b..6fb46c3ce 100644 --- a/src/responder/secrets/local.c +++ b/src/responder/secrets/local.c @@ -405,6 +405,8 @@ struct tevent_req *local_secret_req(TALLOC_CTX *mem_ctx, struct local_secret_state *state; struct local_context *lctx; struct sec_data body = { 0 }; + const char *content_type; + bool body_is_json; char *req_path; char *secret; char **keys; @@ -423,6 +425,19 @@ struct tevent_req *local_secret_req(TALLOC_CTX *mem_ctx, goto done; } + if (sec_req_has_header(secreq, "Content-Type", + "application/json")) { + body_is_json = true; + content_type = "application/json"; + } else if (sec_req_has_header(secreq, "Content-Type", + "application/octet-stream")) { + body_is_json = false; + content_type = "application/octet-stream"; + } else { + ret = EINVAL; + goto done; + } + ret = local_secrets_map_path(state, secreq, &req_path); if (ret) goto done; @@ -434,21 +449,36 @@ struct tevent_req *local_secret_req(TALLOC_CTX *mem_ctx, ret = sec_array_to_json(state, keys, nkeys, &body.data); if (ret) goto done; - } else { - ret = local_db_get_simple(state, lctx, req_path, &secret); - if (ret) goto done; + body.length = strlen(body.data); + break; + } + + ret = local_db_get_simple(state, lctx, req_path, &secret); + if (ret) goto done; + + if (body_is_json) { ret = sec_simple_secret_to_json(state, secret, &body.data); if (ret) goto done; + + body.length = strlen(body.data); + } else { + body.data = (void *)sss_base64_decode(state, secret, &body.length); + ret = body.data ? EOK : ENOMEM; } + if (ret) goto done; - body.length = strlen(body.data); break; case HTTP_PUT: - /*FIXME: check fot content-type */ - - ret = sec_json_to_simple_secret(state, secreq->body.data, &secret); + if (body_is_json) { + ret = sec_json_to_simple_secret(state, secreq->body.data, + &secret); + } else { + secret = sss_base64_encode(state, (uint8_t *)secreq->body.data, + secreq->body.length); + ret = secret ? EOK : ENOMEM; + } if (ret) goto done; ret = local_db_put_simple(state, lctx, req_path, secret); @@ -467,7 +497,7 @@ struct tevent_req *local_secret_req(TALLOC_CTX *mem_ctx, if (body.data) { ret = sec_http_reply_with_body(secreq, &secreq->reply, STATUS_200, - "application/json", &body); + content_type, &body); } else { ret = sec_http_status_reply(secreq, &secreq->reply, STATUS_200); } |