On 06/04/2015 11:06 AM, Sumit Bose wrote:
Hi,
this patch-set aims to solve https://fedorahosted.org/sssd/ticket/2596.
The first patch is unrelated but needed to make the changes in the
second patch properly aligned.
Patches 3,4 and 6 add some certificate related utilities while patch 5
adds the backend changes and patch 7 the changes for InfoPipe.
bye,
Sumit
+errno_t sysdb_search_object_by_cert(TALLOC_CTX *mem_ctx,
+ struct sss_domain_info *domain,
+ const char *cert,
+ const char **attrs,
+ struct ldb_result **res)
+{
+ int ret;
+ char *user_filter;
+
+ ret = sss_cert_derb64_to_ldap_filter(mem_ctx, cert, SYSDB_USER_CERT,
+ &user_filter);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "sss_cert_derb64_to_ldap_filter failed.\n");
+ return ret;
+ }
+
vv two spaces here
+ ret = sysdb_search_object_by_str_attr(mem_ctx, domain,
+ SYSDB_USER_CERT_FILTER,
+ user_filter, attrs, res);
+ talloc_free(user_filter);
+
+ return ret;
+}
+
+errno_t sysdb_search_user_by_cert(TALLOC_CTX *mem_ctx,
+ struct sss_domain_info *domain,
+ const char *cert,
+ struct ldb_result **res)
+{
+ const char *user_attrs[] = SYSDB_PW_ATTRS;
+
+ return sysdb_search_object_by_cert(mem_ctx, domain, cert, user_attrs,
res);
^^ two spaces here
+}
cache_req:
search_str = state->input->type == CACHE_REQ_USER_BY_CERT ?
state->input->orig_name : state->input->dom_objname;
I think it will be better to create a new field in cache_req_input, say
'cert', to not abuse fields that resemble object names. The code will be
cleaner and you can get rid of few parts like:
if (state->input->orig_name != NULL && domain == NULL
&& (input->type == CACHE_REQ_USER_BY_NAME
|| input->type == CACHE_REQ_GROUP_BY_NAME
|| input->type == CACHE_REQ_INITGROUPS))
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
