Clean up: fn_secdata is actually a filename, not security data. Name the field something that makes more sense. An accessor function for this field is also provided.
Signed-off-by: Chuck Lever <[email protected]> --- src/include/nsdb.h | 1 + src/libnsdb/nsdb-internal.h | 2 +- src/libnsdb/nsdb.c | 41 ++++++++++++++++++++++++++++------------- 3 files changed, 30 insertions(+), 14 deletions(-) diff --git a/src/include/nsdb.h b/src/include/nsdb.h index 81b1bd6..46f87ee 100644 --- a/src/include/nsdb.h +++ b/src/include/nsdb.h @@ -242,6 +242,7 @@ void nsdb_free_nsdb(nsdb_t host); const char *nsdb_hostname(const nsdb_t host); size_t nsdb_hostname_len(const nsdb_t host); unsigned short nsdb_port(const nsdb_t host); +const char *nsdb_certfile(const nsdb_t host); const char *nsdb_default_binddn(const nsdb_t host); const char *nsdb_default_nce(const nsdb_t host); _Bool nsdb_follow_referrals(const nsdb_t host); diff --git a/src/libnsdb/nsdb-internal.h b/src/libnsdb/nsdb-internal.h index 6cf96c9..82d707a 100644 --- a/src/libnsdb/nsdb-internal.h +++ b/src/libnsdb/nsdb-internal.h @@ -39,7 +39,7 @@ struct fedfs_nsdb { char * fn_hostname; unsigned short fn_port; unsigned int fn_sectype; - char * fn_secdata; + char * fn_certfile; LDAP * fn_ldap; char ** fn_naming_contexts; char * fn_default_binddn; diff --git a/src/libnsdb/nsdb.c b/src/libnsdb/nsdb.c index e5fb09a..888c6a5 100644 --- a/src/libnsdb/nsdb.c +++ b/src/libnsdb/nsdb.c @@ -292,6 +292,21 @@ unsigned short nsdb_port(const nsdb_t host) } /** + * Return filename containing nsdb_t's certificate + * + * @param host pointer to initialized nsdb_t + * @return NUL-terminated C string containing filename, or NULL + * + * Lifetime of this string is the same as the lifetime of the + * nsdb_t. Caller must not free this string, and must not use + * it after the nsdb_t is freed. + */ +const char *nsdb_certfile(const nsdb_t host) +{ + return host->fn_certfile; +} + +/** * Convert string form of integer into an IP port number * * @param string a NUL-terminated C string containing number to convert @@ -617,7 +632,7 @@ static FedFsStatus nsdb_read_nsdbname(sqlite3 *db, nsdb_t host) { const char *domainname = host->fn_hostname; - char *secdata, *def_binddn, *def_nce; + char *certfile, *def_binddn, *def_nce; unsigned int port = host->fn_port; int rc, follow_referrals; FedFsStatus retval; @@ -648,8 +663,8 @@ nsdb_read_nsdbname(sqlite3 *db, nsdb_t host) switch (sqlite3_step(stmt)) { case SQLITE_ROW: xlog(D_GENERAL, "Found row for '%s:%u'", domainname, port); - secdata = strdup((const char *)sqlite3_column_text(stmt, 1)); - if (secdata == NULL) { + certfile = strdup((const char *)sqlite3_column_text(stmt, 1)); + if (certfile == NULL) { retval = FEDFS_ERR_SVRFAULT; break; } @@ -657,7 +672,7 @@ nsdb_read_nsdbname(sqlite3 *db, nsdb_t host) if (def_binddn != NULL) { def_binddn = strdup(def_binddn); if (def_binddn == NULL) { - free(secdata); + free(certfile); retval = FEDFS_ERR_SVRFAULT; break; } @@ -667,7 +682,7 @@ nsdb_read_nsdbname(sqlite3 *db, nsdb_t host) def_nce = strdup(def_nce); if (def_nce == NULL) { free(def_binddn); - free(secdata); + free(certfile); retval = FEDFS_ERR_SVRFAULT; break; } @@ -678,7 +693,7 @@ nsdb_read_nsdbname(sqlite3 *db, nsdb_t host) else host->fn_follow_referrals = true; host->fn_sectype = sqlite3_column_int(stmt, 0); - host->fn_secdata = secdata; + host->fn_certfile = certfile; host->fn_default_binddn = def_binddn; host->fn_default_nce = def_nce; retval = FEDFS_OK; @@ -764,14 +779,14 @@ out: * @param db an open sqlite3 database descriptor * @param host an instantiated nsdb_t object * @param sectype an integer value representing the security type - * @param secdata a NUL-terminated UTF-8 C string containing the name of a file containing security data + * @param certfile a NUL-terminated UTF-8 C string containing the name of a file containing an x.509 certificate * @return a FedFsStatus code * * Information is copied from the nsdb_t object to the cert store. */ static FedFsStatus nsdb_update_nsdbname(sqlite3 *db, const nsdb_t host, - unsigned int sectype, const char *secdata) + unsigned int sectype, const char *certfile) { const char *domainname = host->fn_hostname; const int port = host->fn_port; @@ -792,7 +807,7 @@ nsdb_update_nsdbname(sqlite3 *db, const nsdb_t host, goto out_finalize; } - rc = sqlite3_bind_text(stmt, 2, secdata, -1, SQLITE_STATIC); + rc = sqlite3_bind_text(stmt, 2, certfile, -1, SQLITE_STATIC); if (rc != SQLITE_OK) { xlog(L_ERROR, "Failed to bind security data value: %s", sqlite3_errmsg(db)); @@ -1103,7 +1118,7 @@ nsdb_read_nsdbparams(nsdb_t host, struct fedfs_secdata *sec) if (sec != NULL) { if (host->fn_sectype != FEDFS_SEC_NONE) { - retval = nsdb_read_certfile(host->fn_secdata, + retval = nsdb_read_certfile(nsdb_certfile(host), &sec->data, &sec->len); if (retval != FEDFS_OK) goto out_close; @@ -1256,7 +1271,7 @@ nsdb_update_nsdbparams(nsdb_t host, const struct fedfs_secdata *sec) } host->fn_sectype = (unsigned int)sec->type; - host->fn_secdata = certfile; + host->fn_certfile = certfile; retval = FEDFS_OK; out_close: @@ -1556,7 +1571,7 @@ nsdb_open_nsdb(nsdb_t host, const char *binddn, const char *passwd, case FEDFS_SEC_NONE: break; case FEDFS_SEC_TLS: - retval = nsdb_start_tls(ld, host->fn_secdata, ldap_err); + retval = nsdb_start_tls(ld, nsdb_certfile(host), ldap_err); if (retval != FEDFS_OK) goto out_unbind; break; @@ -1605,7 +1620,7 @@ nsdb_free_nsdb(nsdb_t host) return; free(host->fn_hostname); - free(host->fn_secdata); + free(host->fn_certfile); nsdb_free_string_array(host->fn_naming_contexts); free(host->fn_default_binddn); free(host->fn_default_nce); _______________________________________________ fedfs-utils-devel mailing list [email protected] https://oss.oracle.com/mailman/listinfo/fedfs-utils-devel
