IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

extdom: add certificate request

Browse Source 
Related to https://fedorahosted.org/freeipa/ticket/4955

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Jakub Hrozek <jhrozek@redhat.com>
This commit is contained in:
Sumit Bose 2016-04-26 13:22:40 +02:00 committed by Martin Basti
parent b1df1cfe71
commit aa734da494
2 changed files with 27 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h
View File

@ -79,7 +79,8 @@ enum input_types {
INP_SID = 1, INP_SID = 1,
INP_NAME, INP_NAME,
INP_POSIX_UID, INP_POSIX_UID,
INP_POSIX_GID INP_POSIX_GID,
INP_CERT
}; };
enum request_types { enum request_types {
@ -114,6 +115,7 @@ struct extdom_req {
char *domain_name; char *domain_name;
gid_t gid; gid_t gid;
} posix_gid; } posix_gid;
char *cert;
} data; } data;
char *err_msg; char *err_msg;
}; };

31
daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c
View File

@ -349,6 +349,9 @@ int parse_request_data(struct berval *req_val, struct extdom_req **_req)
&id); &id);
req->data.posix_gid.gid = (gid_t) id; req->data.posix_gid.gid = (gid_t) id;
break; break;
case INP_CERT:
tag = ber_scanf(ber, "a}", &req->data.cert);
break;
default: default:
ber_free(ber, 1); ber_free(ber, 1);
set_err_msg(req, "Unknown input type"); set_err_msg(req, "Unknown input type");
@ -383,6 +386,9 @@ void free_req_data(struct extdom_req *req)
case INP_POSIX_GID: case INP_POSIX_GID:
ber_memfree(req->data.posix_gid.domain_name); ber_memfree(req->data.posix_gid.domain_name);
break; break;
case INP_CERT:
ber_memfree(req->data.cert);
break;
} }
free(req->err_msg); free(req->err_msg);
@ -861,10 +867,12 @@ done:
return ret; return ret;
} }
static int handle_sid_request(struct ipa_extdom_ctx *ctx, static int handle_sid_or_cert_request(struct ipa_extdom_ctx *ctx,
struct extdom_req *req, struct extdom_req *req,
enum request_types request_type, const char *sid, enum request_types request_type,
struct berval **berval) enum input_types input_type,
const char *input,
struct berval **berval)
{ {
int ret; int ret;
struct passwd pwd; struct passwd pwd;
@ -878,7 +886,11 @@ static int handle_sid_request(struct ipa_extdom_ctx *ctx,
enum sss_id_type id_type; enum sss_id_type id_type;
struct sss_nss_kv *kv_list = NULL; struct sss_nss_kv *kv_list = NULL;
ret = sss_nss_getnamebysid(sid, &fq_name, &id_type); if (input_type == INP_SID) {
ret = sss_nss_getnamebysid(input, &fq_name, &id_type);
} else {
ret = sss_nss_getnamebycert(input, &fq_name, &id_type);
}
if (ret != 0) { if (ret != 0) {
if (ret == ENOENT) { if (ret == ENOENT) {
ret = LDAP_NO_SUCH_OBJECT; ret = LDAP_NO_SUCH_OBJECT;
@ -1130,8 +1142,13 @@ int handle_request(struct ipa_extdom_ctx *ctx, struct extdom_req *req,
break; break;
case INP_SID: case INP_SID:
ret = handle_sid_request(ctx, req, req->request_type, req->data.sid, case INP_CERT:
berval); ret = handle_sid_or_cert_request(ctx, req, req->request_type,
req->input_type,
req->input_type == INP_SID ?
req->data.sid :
req->data.cert,
berval);
break; break;
case INP_NAME: case INP_NAME:
ret = handle_name_request(ctx, req, req->request_type, ret = handle_name_request(ctx, req, req->request_type,