diff options
author | Sumit Bose <sbose@redhat.com> | 2016-04-06 18:07:37 +0200 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2016-06-09 16:12:25 +0200 |
commit | cf89f552f06b95bd69d8c61aaa55a330a5d9f6e6 (patch) | |
tree | ef2c3ee42bee45971f00a3c37161ef86a06b18b7 /src | |
parent | dc936929c01647c0fc116a112cee200156328037 (diff) | |
download | sssd-cf89f552f06b95bd69d8c61aaa55a330a5d9f6e6.tar.gz sssd-cf89f552f06b95bd69d8c61aaa55a330a5d9f6e6.tar.xz sssd-cf89f552f06b95bd69d8c61aaa55a330a5d9f6e6.zip |
ipa: save cert as blob in the cache
The IPA extdom plugin returns the user certificate base64 encoded.
Before the IPA client can store it in the cache it must be decoded so
that it is stored as a binary as the certificate from other sources.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/ipa/ipa_s2n_exop.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index c1bc42ff1..0ff7d928b 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -22,6 +22,7 @@ #include "util/util.h" #include "util/sss_nss.h" #include "util/strtonum.h" +#include "util/crypto/sss_crypto.h" #include "providers/ldap/sdap_async_private.h" #include "providers/ldap/sdap_async_ad.h" #include "providers/ldap/ldap_common.h" @@ -497,8 +498,22 @@ static errno_t get_extra_attrs(BerElement *ber, struct resp_attrs *resp_attrs) for (c = 0; values[c] != NULL; c++) { - v.data = (uint8_t *) values[c]->bv_val; - v.length = values[c]->bv_len; + if (strcmp(name, SYSDB_USER_CERT) == 0) { + if (values[c]->bv_val[values[c]->bv_len] != '\0') { + DEBUG(SSSDBG_OP_FAILURE, + "base64 encoded certificate not 0-terminated.\n"); + return EINVAL; + } + + v.data = sss_base64_decode(NULL, values[c]->bv_val, &v.length); + if (v.data == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "sss_base64_decode failed.\n"); + return EINVAL; + } + } else { + v.data = (uint8_t *)values[c]->bv_val; + v.length = values[c]->bv_len; + } ret = sysdb_attrs_add_val(resp_attrs->sysdb_attrs, name, &v); if (ret != EOK) { |