[Freeipa-devel] [freeipa PR#575][synchronized] IPA certauth plugin
URL: https://github.com/freeipa/freeipa/pull/575
Author: sumit-bose
Title: #575: IPA certauth plugin
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/575/head:pr575
git checkout pr575
From e84f70cceec2421968977e4012bbf747e060b5f4 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Wed, 15 Feb 2017 12:09:20 +0100
Subject: [PATCH 1/2] ipa-kdb: add ipadb_fetch_principals_with_extra_filter()
Additionally make ipadb_find_principal public.
Related to https://pagure.io/freeipa/issue/4905
---
daemons/ipa-kdb/ipa_kdb.h| 11 +++
daemons/ipa-kdb/ipa_kdb_principals.c | 58
2 files changed, 56 insertions(+), 13 deletions(-)
diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h
index 8a3f7d3..72f2675 100644
--- a/daemons/ipa-kdb/ipa_kdb.h
+++ b/daemons/ipa-kdb/ipa_kdb.h
@@ -198,6 +198,17 @@ krb5_error_code ipadb_put_principal(krb5_context kcontext,
char **db_args);
krb5_error_code ipadb_delete_principal(krb5_context kcontext,
krb5_const_principal search_for);
+krb5_error_code
+ipadb_fetch_principals_with_extra_filter(struct ipadb_context *ipactx,
+ unsigned int flags,
+ const char *principal,
+ const char *filter,
+ LDAPMessage **result);
+krb5_error_code ipadb_find_principal(krb5_context kcontext,
+ unsigned int flags,
+ LDAPMessage *res,
+ char **principal,
+ LDAPMessage **entry);
#if KRB5_KDB_API_VERSION < 8
krb5_error_code ipadb_iterate(krb5_context kcontext,
char *match_entry,
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
index 3bd8fb8..82c8574 100644
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
@@ -37,6 +37,17 @@
"(objectclass=krbprincipal))" \
"(krbprincipalname=%s))"
+#define PRINC_TGS_SEARCH_FILTER_EXTRA "(&(|(objectclass=krbprincipalaux)" \
+ "(objectclass=krbprincipal)" \
+ "(objectclass=ipakrbprincipal))" \
+"(|(ipakrbprincipalalias=%s)" \
+ "(krbprincipalname:caseIgnoreIA5Match:=%s))" \
+ "%s)"
+
+#define PRINC_SEARCH_FILTER_EXTRA "(&(|(objectclass=krbprincipalaux)" \
+ "(objectclass=krbprincipal))" \
+"(krbprincipalname=%s)" \
+"%s)"
static char *std_principal_attrs[] = {
"krbPrincipalName",
"krbCanonicalName",
@@ -864,10 +875,12 @@ static krb5_error_code ipadb_parse_ldap_entry(krb5_context kcontext,
return kerr;
}
-static krb5_error_code ipadb_fetch_principals(struct ipadb_context *ipactx,
- unsigned int flags,
- char *principal,
- LDAPMessage **result)
+krb5_error_code
+ipadb_fetch_principals_with_extra_filter(struct ipadb_context *ipactx,
+ unsigned int flags,
+ const char *principal,
+ const char *filter,
+ LDAPMessage **result)
{
krb5_error_code kerr;
char *src_filter = NULL;
@@ -890,11 +903,21 @@ static krb5_error_code ipadb_fetch_principals(struct ipadb_context *ipactx,
goto done;
}
-if (flags & KRB5_KDB_FLAG_ALIAS_OK) {
-ret = asprintf(&src_filter, PRINC_TGS_SEARCH_FILTER,
- esc_original_princ, esc_original_princ);
+if (filter == NULL) {
+if (flags & KRB5_KDB_FLAG_ALIAS_OK) {
+ret = asprintf(&src_filter, PRINC_TGS_SEARCH_FILTER,
+ esc_original_princ, esc_original_princ);
+} else {
+ret = asprintf(&src_filter, PRINC_SEARCH_FILTER, esc_original_princ);
+}
} else {
-ret = asprintf(&src_filter, PRINC_SEARCH_FILTER, esc_original_princ);
+if (flags & KRB5_KDB_FLAG_ALIAS_OK) {
+ret = asprintf(&src_filter, PRINC_TGS_SEARCH_FILTER_EXTRA,
+ esc_original_princ, esc_original_princ, filter);
+} else {
+ret = asprintf(&src_filter, PRINC_SEARCH_FILTER_EXTRA,
+ esc_original_princ, filter);
+}
}
if (ret == -1) {
@@ -913,11 +936,20 @
[Freeipa-devel] [freeipa PR#575][synchronized] IPA certauth plugin
URL: https://github.com/freeipa/freeipa/pull/575
Author: sumit-bose
Title: #575: IPA certauth plugin
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/575/head:pr575
git checkout pr575
From e84f70cceec2421968977e4012bbf747e060b5f4 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Wed, 15 Feb 2017 12:09:20 +0100
Subject: [PATCH 1/3] ipa-kdb: add ipadb_fetch_principals_with_extra_filter()
Additionally make ipadb_find_principal public.
Related to https://pagure.io/freeipa/issue/4905
---
daemons/ipa-kdb/ipa_kdb.h| 11 +++
daemons/ipa-kdb/ipa_kdb_principals.c | 58
2 files changed, 56 insertions(+), 13 deletions(-)
diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h
index 8a3f7d3..72f2675 100644
--- a/daemons/ipa-kdb/ipa_kdb.h
+++ b/daemons/ipa-kdb/ipa_kdb.h
@@ -198,6 +198,17 @@ krb5_error_code ipadb_put_principal(krb5_context kcontext,
char **db_args);
krb5_error_code ipadb_delete_principal(krb5_context kcontext,
krb5_const_principal search_for);
+krb5_error_code
+ipadb_fetch_principals_with_extra_filter(struct ipadb_context *ipactx,
+ unsigned int flags,
+ const char *principal,
+ const char *filter,
+ LDAPMessage **result);
+krb5_error_code ipadb_find_principal(krb5_context kcontext,
+ unsigned int flags,
+ LDAPMessage *res,
+ char **principal,
+ LDAPMessage **entry);
#if KRB5_KDB_API_VERSION < 8
krb5_error_code ipadb_iterate(krb5_context kcontext,
char *match_entry,
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
index 3bd8fb8..82c8574 100644
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
@@ -37,6 +37,17 @@
"(objectclass=krbprincipal))" \
"(krbprincipalname=%s))"
+#define PRINC_TGS_SEARCH_FILTER_EXTRA "(&(|(objectclass=krbprincipalaux)" \
+ "(objectclass=krbprincipal)" \
+ "(objectclass=ipakrbprincipal))" \
+"(|(ipakrbprincipalalias=%s)" \
+ "(krbprincipalname:caseIgnoreIA5Match:=%s))" \
+ "%s)"
+
+#define PRINC_SEARCH_FILTER_EXTRA "(&(|(objectclass=krbprincipalaux)" \
+ "(objectclass=krbprincipal))" \
+"(krbprincipalname=%s)" \
+"%s)"
static char *std_principal_attrs[] = {
"krbPrincipalName",
"krbCanonicalName",
@@ -864,10 +875,12 @@ static krb5_error_code ipadb_parse_ldap_entry(krb5_context kcontext,
return kerr;
}
-static krb5_error_code ipadb_fetch_principals(struct ipadb_context *ipactx,
- unsigned int flags,
- char *principal,
- LDAPMessage **result)
+krb5_error_code
+ipadb_fetch_principals_with_extra_filter(struct ipadb_context *ipactx,
+ unsigned int flags,
+ const char *principal,
+ const char *filter,
+ LDAPMessage **result)
{
krb5_error_code kerr;
char *src_filter = NULL;
@@ -890,11 +903,21 @@ static krb5_error_code ipadb_fetch_principals(struct ipadb_context *ipactx,
goto done;
}
-if (flags & KRB5_KDB_FLAG_ALIAS_OK) {
-ret = asprintf(&src_filter, PRINC_TGS_SEARCH_FILTER,
- esc_original_princ, esc_original_princ);
+if (filter == NULL) {
+if (flags & KRB5_KDB_FLAG_ALIAS_OK) {
+ret = asprintf(&src_filter, PRINC_TGS_SEARCH_FILTER,
+ esc_original_princ, esc_original_princ);
+} else {
+ret = asprintf(&src_filter, PRINC_SEARCH_FILTER, esc_original_princ);
+}
} else {
-ret = asprintf(&src_filter, PRINC_SEARCH_FILTER, esc_original_princ);
+if (flags & KRB5_KDB_FLAG_ALIAS_OK) {
+ret = asprintf(&src_filter, PRINC_TGS_SEARCH_FILTER_EXTRA,
+ esc_original_princ, esc_original_princ, filter);
+} else {
+ret = asprintf(&src_filter, PRINC_SEARCH_FILTER_EXTRA,
+ esc_original_princ, filter);
+}
}
if (ret == -1) {
@@ -913,11 +936,20 @
[Freeipa-devel] [freeipa PR#575][synchronized] IPA certauth plugin
URL: https://github.com/freeipa/freeipa/pull/575
Author: sumit-bose
Title: #575: IPA certauth plugin
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/575/head:pr575
git checkout pr575
From e84f70cceec2421968977e4012bbf747e060b5f4 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Wed, 15 Feb 2017 12:09:20 +0100
Subject: [PATCH 1/2] ipa-kdb: add ipadb_fetch_principals_with_extra_filter()
Additionally make ipadb_find_principal public.
Related to https://pagure.io/freeipa/issue/4905
---
daemons/ipa-kdb/ipa_kdb.h| 11 +++
daemons/ipa-kdb/ipa_kdb_principals.c | 58
2 files changed, 56 insertions(+), 13 deletions(-)
diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h
index 8a3f7d3..72f2675 100644
--- a/daemons/ipa-kdb/ipa_kdb.h
+++ b/daemons/ipa-kdb/ipa_kdb.h
@@ -198,6 +198,17 @@ krb5_error_code ipadb_put_principal(krb5_context kcontext,
char **db_args);
krb5_error_code ipadb_delete_principal(krb5_context kcontext,
krb5_const_principal search_for);
+krb5_error_code
+ipadb_fetch_principals_with_extra_filter(struct ipadb_context *ipactx,
+ unsigned int flags,
+ const char *principal,
+ const char *filter,
+ LDAPMessage **result);
+krb5_error_code ipadb_find_principal(krb5_context kcontext,
+ unsigned int flags,
+ LDAPMessage *res,
+ char **principal,
+ LDAPMessage **entry);
#if KRB5_KDB_API_VERSION < 8
krb5_error_code ipadb_iterate(krb5_context kcontext,
char *match_entry,
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
index 3bd8fb8..82c8574 100644
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
@@ -37,6 +37,17 @@
"(objectclass=krbprincipal))" \
"(krbprincipalname=%s))"
+#define PRINC_TGS_SEARCH_FILTER_EXTRA "(&(|(objectclass=krbprincipalaux)" \
+ "(objectclass=krbprincipal)" \
+ "(objectclass=ipakrbprincipal))" \
+"(|(ipakrbprincipalalias=%s)" \
+ "(krbprincipalname:caseIgnoreIA5Match:=%s))" \
+ "%s)"
+
+#define PRINC_SEARCH_FILTER_EXTRA "(&(|(objectclass=krbprincipalaux)" \
+ "(objectclass=krbprincipal))" \
+"(krbprincipalname=%s)" \
+"%s)"
static char *std_principal_attrs[] = {
"krbPrincipalName",
"krbCanonicalName",
@@ -864,10 +875,12 @@ static krb5_error_code ipadb_parse_ldap_entry(krb5_context kcontext,
return kerr;
}
-static krb5_error_code ipadb_fetch_principals(struct ipadb_context *ipactx,
- unsigned int flags,
- char *principal,
- LDAPMessage **result)
+krb5_error_code
+ipadb_fetch_principals_with_extra_filter(struct ipadb_context *ipactx,
+ unsigned int flags,
+ const char *principal,
+ const char *filter,
+ LDAPMessage **result)
{
krb5_error_code kerr;
char *src_filter = NULL;
@@ -890,11 +903,21 @@ static krb5_error_code ipadb_fetch_principals(struct ipadb_context *ipactx,
goto done;
}
-if (flags & KRB5_KDB_FLAG_ALIAS_OK) {
-ret = asprintf(&src_filter, PRINC_TGS_SEARCH_FILTER,
- esc_original_princ, esc_original_princ);
+if (filter == NULL) {
+if (flags & KRB5_KDB_FLAG_ALIAS_OK) {
+ret = asprintf(&src_filter, PRINC_TGS_SEARCH_FILTER,
+ esc_original_princ, esc_original_princ);
+} else {
+ret = asprintf(&src_filter, PRINC_SEARCH_FILTER, esc_original_princ);
+}
} else {
-ret = asprintf(&src_filter, PRINC_SEARCH_FILTER, esc_original_princ);
+if (flags & KRB5_KDB_FLAG_ALIAS_OK) {
+ret = asprintf(&src_filter, PRINC_TGS_SEARCH_FILTER_EXTRA,
+ esc_original_princ, esc_original_princ, filter);
+} else {
+ret = asprintf(&src_filter, PRINC_SEARCH_FILTER_EXTRA,
+ esc_original_princ, filter);
+}
}
if (ret == -1) {
@@ -913,11 +936,20 @
[Freeipa-devel] [freeipa PR#575][synchronized] IPA certauth plugin
URL: https://github.com/freeipa/freeipa/pull/575
Author: sumit-bose
Title: #575: IPA certauth plugin
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/575/head:pr575
git checkout pr575
From 27bcf2baab5129ce3f49e1ff74d9489753211c93 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Wed, 15 Feb 2017 12:09:20 +0100
Subject: [PATCH 1/2] ipa-kdb: add ipadb_fetch_principals_with_extra_filter()
Additionally make ipadb_find_principal public.
Related to https://pagure.io/freeipa/issue/4905
---
daemons/ipa-kdb/ipa_kdb.h| 11 +++
daemons/ipa-kdb/ipa_kdb_principals.c | 58
2 files changed, 56 insertions(+), 13 deletions(-)
diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h
index 8a3f7d3..72f2675 100644
--- a/daemons/ipa-kdb/ipa_kdb.h
+++ b/daemons/ipa-kdb/ipa_kdb.h
@@ -198,6 +198,17 @@ krb5_error_code ipadb_put_principal(krb5_context kcontext,
char **db_args);
krb5_error_code ipadb_delete_principal(krb5_context kcontext,
krb5_const_principal search_for);
+krb5_error_code
+ipadb_fetch_principals_with_extra_filter(struct ipadb_context *ipactx,
+ unsigned int flags,
+ const char *principal,
+ const char *filter,
+ LDAPMessage **result);
+krb5_error_code ipadb_find_principal(krb5_context kcontext,
+ unsigned int flags,
+ LDAPMessage *res,
+ char **principal,
+ LDAPMessage **entry);
#if KRB5_KDB_API_VERSION < 8
krb5_error_code ipadb_iterate(krb5_context kcontext,
char *match_entry,
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
index 3bd8fb8..82c8574 100644
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
@@ -37,6 +37,17 @@
"(objectclass=krbprincipal))" \
"(krbprincipalname=%s))"
+#define PRINC_TGS_SEARCH_FILTER_EXTRA "(&(|(objectclass=krbprincipalaux)" \
+ "(objectclass=krbprincipal)" \
+ "(objectclass=ipakrbprincipal))" \
+"(|(ipakrbprincipalalias=%s)" \
+ "(krbprincipalname:caseIgnoreIA5Match:=%s))" \
+ "%s)"
+
+#define PRINC_SEARCH_FILTER_EXTRA "(&(|(objectclass=krbprincipalaux)" \
+ "(objectclass=krbprincipal))" \
+"(krbprincipalname=%s)" \
+"%s)"
static char *std_principal_attrs[] = {
"krbPrincipalName",
"krbCanonicalName",
@@ -864,10 +875,12 @@ static krb5_error_code ipadb_parse_ldap_entry(krb5_context kcontext,
return kerr;
}
-static krb5_error_code ipadb_fetch_principals(struct ipadb_context *ipactx,
- unsigned int flags,
- char *principal,
- LDAPMessage **result)
+krb5_error_code
+ipadb_fetch_principals_with_extra_filter(struct ipadb_context *ipactx,
+ unsigned int flags,
+ const char *principal,
+ const char *filter,
+ LDAPMessage **result)
{
krb5_error_code kerr;
char *src_filter = NULL;
@@ -890,11 +903,21 @@ static krb5_error_code ipadb_fetch_principals(struct ipadb_context *ipactx,
goto done;
}
-if (flags & KRB5_KDB_FLAG_ALIAS_OK) {
-ret = asprintf(&src_filter, PRINC_TGS_SEARCH_FILTER,
- esc_original_princ, esc_original_princ);
+if (filter == NULL) {
+if (flags & KRB5_KDB_FLAG_ALIAS_OK) {
+ret = asprintf(&src_filter, PRINC_TGS_SEARCH_FILTER,
+ esc_original_princ, esc_original_princ);
+} else {
+ret = asprintf(&src_filter, PRINC_SEARCH_FILTER, esc_original_princ);
+}
} else {
-ret = asprintf(&src_filter, PRINC_SEARCH_FILTER, esc_original_princ);
+if (flags & KRB5_KDB_FLAG_ALIAS_OK) {
+ret = asprintf(&src_filter, PRINC_TGS_SEARCH_FILTER_EXTRA,
+ esc_original_princ, esc_original_princ, filter);
+} else {
+ret = asprintf(&src_filter, PRINC_SEARCH_FILTER_EXTRA,
+ esc_original_princ, filter);
+}
}
if (ret == -1) {
@@ -913,11 +936,20 @
