On (09/06/16 11:41), Sumit Bose wrote: >On Thu, Jun 09, 2016 at 11:20:14AM +0200, Lukas Slebodnik wrote: >> On (08/06/16 15:39), Sumit Bose wrote: >> >On Tue, Jun 07, 2016 at 04:40:42PM +0200, Jakub Hrozek wrote: >> >> On Tue, Jun 07, 2016 at 02:55:40PM +0200, Sumit Bose wrote: >> >> > On Tue, Jun 07, 2016 at 01:56:10PM +0200, Jakub Hrozek wrote: >> >> > > On Tue, Jun 07, 2016 at 12:28:22PM +0200, Sumit Bose wrote: >> >> > > > sure, here you are. >> >> > > > >> >> > > > bye, >> >> > > > Sumit >> >> > > >> >> > > Hmm, are these the correct patches? >> >> > > >> >> > > /home/remote/jhrozek/devel/sssd/src/db/sysdb_views.c: In function >> >> > > 'sysdb_search_override_by_cert': >> >> > > /home/remote/jhrozek/devel/sssd/src/db/sysdb_views.c:880:11: error: >> >> > > too many arguments to function 'sss_cert_derb64_to_ldap_filter' >> >> > > ret = sss_cert_derb64_to_ldap_filter(tmp_ctx, cert, >> >> > > SYSDB_USER_CERT, NULL, >> >> > > ^ >> >> > > In file included from >> >> > > /home/remote/jhrozek/devel/sssd/src/db/sysdb_views.c:23:0: >> >> > > /home/remote/jhrozek/devel/sssd/src/util/cert.h:40:9: note: declared >> >> > > here >> >> > > errno_t sss_cert_derb64_to_ldap_filter(TALLOC_CTX *mem_ctx, const >> >> > > char *derb64, >> >> > > ^ >> >> > >> >> > ah, sorry, I picked the patches from a wrong branch. >> >> > >> >> > Please try the new version. >> >> >> >> OK, this looks better, but there CI still complains on Debian: >> >> /bin/bash ./libtool --tag=CC --mode=link gcc -Wall -Wshadow >> >> -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align >> >> -Wwrite-strings -Wundef -Werror-implicit-function-declaration >> >> -Winit-self -Wmissing-include-dirs -fno-strict-aliasing -std=gnu99 -g3 >> >> -O2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE >> >> -o proxy_child src/providers/proxy/proxy_child-proxy_child.o >> >> src/providers/proxy_child-data_provider_iface_generated.o -lpam -ltalloc >> >> -ltevent -ltalloc -lpopt -lldb -ldbus-1 -lpcre -lini_config >> >> -lbasicobjects -lref_array -lcollection -lcollection -ldhash -llber >> >> -lldap -lselinux -ltdb libsss_util.la libsss_crypt.la libsss_debug.la >> >> libsss_child.la >> >> /usr/bin/ld: src/responder/nss/nsssrv_cmd.o: undefined reference to >> >> symbol 'sss_cert_derb64_to_pem' >> >> //var/lib/jenkins/workspace/ci/label/debian_testing/ci-build-debug/.libs/libsss_cert.so: >> >> //error adding symbols: DSO missing from command line >> >> collect2: error: ld returned 1 exit status >> >> Makefile:10585: recipe for target 'sssd_nss' failed >> >> make[2]: *** [sssd_nss] Error 1 >> >> make[2]: *** Waiting for unfinished jobs... >> >> >> >> CI link: >> >> http://sssd-ci.duckdns.org/logs/job/44/61/debian_testing/ci-build-debug/ci-make-tests.log >> > >> >ok, I added libsss_cert.la to the nss responder binary and the test. >> > >> >New version attached. >> > >> >bye, >> >Sumit >> > >> >> >From cb3f7bc55b22140b997d6b94f76893798731d79f Mon Sep 17 00:00:00 2001 >> >From: Sumit Bose <sb...@redhat.com> >> >Date: Tue, 26 Apr 2016 13:13:43 +0200 >> >Subject: [PATCH 12/12] nss-idmap: add sss_nss_getnamebycert() >> > >> >--- >> > Makefile.am | 2 +- >> > src/python/pysss_nss_idmap.c | 47 >> > ++++++++++++++++++++++++++++-- >> > src/responder/nss/nsssrv_cmd.c | 1 + >> > src/sss_client/idmap/sss_nss_idmap.c | 26 ++++++++++++++++- >> > src/sss_client/idmap/sss_nss_idmap.exports | 6 ++++ >> > src/sss_client/idmap/sss_nss_idmap.h | 15 ++++++++++ >> > 6 files changed, 93 insertions(+), 4 deletions(-) >> > >> >diff --git a/Makefile.am b/Makefile.am >> >index >> >fdd129d326d092989a92506cc86694dded58ff72..a504a4f613b881afcbc096a03de0f284ebf34896 >> > 100644 >> >--- a/Makefile.am >> >+++ b/Makefile.am >> >@@ -989,7 +989,7 @@ libsss_nss_idmap_la_LIBADD = \ >> > $(CLIENT_LIBS) >> > libsss_nss_idmap_la_LDFLAGS = \ >> > >> > -Wl,--version-script,$(srcdir)/src/sss_client/idmap/sss_nss_idmap.exports \ >> >- -version-info 1:0:1 >> >+ -version-info 2:0:2 >> > >> > dist_noinst_DATA += src/sss_client/idmap/sss_nss_idmap.exports >> > >> >diff --git a/src/python/pysss_nss_idmap.c b/src/python/pysss_nss_idmap.c >> >index >> >36d66f405442d63e430f92862990f1656486112d..a88ef77a3c8056e4962c35811de3dbbb18f4c9a4 >> > 100644 >> >--- a/src/python/pysss_nss_idmap.c >> >+++ b/src/python/pysss_nss_idmap.c >> >@@ -33,7 +33,8 @@ enum lookup_type { >> > SIDBYNAME, >> > SIDBYID, >> > NAMEBYSID, >> >- IDBYSID >> >+ IDBYSID, >> >+ NAMEBYCERT >> > }; >> > >> > static int add_dict(PyObject *py_result, PyObject *key, PyObject *res_type, >> >@@ -166,6 +167,28 @@ static int do_getsidbyid(PyObject *py_result, PyObject >> >*py_id) >> > return ret; >> > } >> > >> >+static int do_getnamebycert(PyObject *py_result, PyObject *py_cert) >> >+{ >> >+ int ret; >> >+ const char *cert; >> >+ char *name = NULL; >> >+ enum sss_id_type id_type; >> >+ >> >+ cert = py_string_or_unicode_as_string(py_cert); >> >+ if (cert == NULL) { >> >+ return EINVAL; >> >+ } >> >+ >> >+ ret = sss_nss_getnamebycert(cert, &name, &id_type); >> >+ if (ret == 0) { >> >+ ret = add_dict(py_result, py_cert, >> >PyBytes_FromString(SSS_NAME_KEY), >> >+ PyUnicode_FromString(name), >> >PYNUMBER_FROMLONG(id_type)); >> >+ } >> >+ free(name); >> >+ >> >+ return ret; >> >+} >> >+ >> > static int do_getidbysid(PyObject *py_result, PyObject *py_sid) >> > { >> > const char *sid; >> >@@ -203,6 +226,9 @@ static int do_lookup(enum lookup_type type, PyObject >> >*py_result, >> > case IDBYSID: >> > return do_getidbysid(py_result, py_inp); >> > break; >> >+ case NAMEBYCERT: >> >+ return do_getnamebycert(py_result, py_inp); >> >+ break; >> > default: >> > return ENOSYS; >> > } >> >@@ -260,7 +286,7 @@ static PyObject *check_args(enum lookup_type type, >> >PyObject *args) >> > case ENOENT: /* nothing found, return empty dict */ >> > break; >> > case EINVAL: >> >- PyErr_Format(PyExc_ValueError, "Unable to retrieve >> >argument\n"); >> >+ PyErr_Format(PyExc_ValueError, "Unable to retrieve result\n"); >> > Py_XDECREF(py_result); >> > return NULL; >> > break; >> >@@ -339,6 +365,21 @@ static PyObject * py_getidbysid(PyObject *module, >> >PyObject *args) >> > return check_args(IDBYSID, args); >> > } >> > >> >+PyDoc_STRVAR(getnamebycert_doc, >> >+"getnamebycert(sid or list/tuple of certificates) -> dict(sid => >> >dict(results))\n\ >> >+\n\ >> >+Returns a dictionary with a dictonary of results for each given >> >certificates.\n\ >> >+The result dictonary contain the name and the type of the object which can >> >be\n\ >> >+accessed with the key constants NAME_KEY and TYPE_KEY, respectively.\n\ >> >+\n\ >> >+NOTE: getnamebycert currently works only with id_provider set as \"ad\" or >> >\"ipa\"" >> >+); >> >+ >> >+static PyObject * py_getnamebycert(PyObject *module, PyObject *args) >> >+{ >> >+ return check_args(NAMEBYCERT, args); >> >+} >> >+ >> > static PyMethodDef methods[] = { >> > { sss_py_const_p(char, "getsidbyname"), (PyCFunction) py_getsidbyname, >> > METH_VARARGS, getsidbyname_doc }, >> >@@ -348,6 +389,8 @@ static PyMethodDef methods[] = { >> > METH_VARARGS, getnamebysid_doc }, >> > { sss_py_const_p(char, "getidbysid"), (PyCFunction) py_getidbysid, >> > METH_VARARGS, getidbysid_doc }, >> >+ { sss_py_const_p(char, "getnamebycert"), (PyCFunction) >> >py_getnamebycert, >> >+ METH_VARARGS, getnamebycert_doc }, >> > { NULL,NULL, 0, NULL } >> > }; >> > >> >diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c >> >index >> >762c26b74581acb5568b602caaef2586521f6903..64e2945a99a6f3262517aa7c817475904418a1ed >> > 100644 >> >--- a/src/responder/nss/nsssrv_cmd.c >> >+++ b/src/responder/nss/nsssrv_cmd.c >> >@@ -5525,6 +5525,7 @@ static int nss_cmd_getbycert(enum sss_cli_command >> >cmd, struct cli_ctx *cctx) >> > } >> > >> > derb64 = (const char *) body; >> >+ DEBUG(SSSDBG_TRACE_ALL, "cert [%s]\n", derb64); >> > >> > /* check input */ >> > ret = sss_cert_derb64_to_pem(cctx, derb64, &pem_cert, &pem_size); >> >diff --git a/src/sss_client/idmap/sss_nss_idmap.c >> >b/src/sss_client/idmap/sss_nss_idmap.c >> >index >> >55d8043bd992bebf82a46206a9f3aecbe1e88238..fa5a499e3606f7e45a406de4d63002ba35365cb1 >> > 100644 >> >--- a/src/sss_client/idmap/sss_nss_idmap.c >> >+++ b/src/sss_client/idmap/sss_nss_idmap.c >> >@@ -159,7 +159,8 @@ static int sss_nss_getyyybyxxx(union input inp, enum >> >sss_cli_command cmd , >> > case SSS_NSS_GETNAMEBYSID: >> > case SSS_NSS_GETIDBYSID: >> > case SSS_NSS_GETORIGBYNAME: >> >- ret = sss_strnlen(inp.str, SSS_NAME_MAX, &inp_len); >> >+ case SSS_NSS_GETNAMEBYCERT: >> >+ ret = sss_strnlen(inp.str, 2048, &inp_len); >> > if (ret != EOK) { >> > return EINVAL; >> > } >> >@@ -209,6 +210,7 @@ static int sss_nss_getyyybyxxx(union input inp, enum >> >sss_cli_command cmd , >> > case SSS_NSS_GETSIDBYID: >> > case SSS_NSS_GETSIDBYNAME: >> > case SSS_NSS_GETNAMEBYSID: >> >+ case SSS_NSS_GETNAMEBYCERT: >> > if (data_len <= 1 || repbuf[replen - 1] != '\0') { >> > ret = EBADMSG; >> > goto done; >> >@@ -368,3 +370,25 @@ int sss_nss_getorigbyname(const char *fq_name, struct >> >sss_nss_kv **kv_list, >> > >> > return ret; >> > } >> >+ >> >+int sss_nss_getnamebycert(const char *cert, char **fq_name, >> >+ enum sss_id_type *type) >> >+{ >> >+ int ret; >> >+ union input inp; >> >+ struct output out; >> >+ >> >+ if (fq_name == NULL || cert == NULL || *cert == '\0') { >> >+ return EINVAL; >> >+ } >> >+ >> >+ inp.str = cert; >> >+ >> >+ ret = sss_nss_getyyybyxxx(inp, SSS_NSS_GETNAMEBYCERT, &out); >> >+ if (ret == EOK) { >> >+ *fq_name = out.d.str; >> >+ *type = out.type; >> >+ } >> >+ >> >+ return ret; >> >+} >> >diff --git a/src/sss_client/idmap/sss_nss_idmap.exports >> >b/src/sss_client/idmap/sss_nss_idmap.exports >> >index >> >8aa4702416534c49176d29cee381e1c9292c4847..bd5d80212017d38334c3cdeefa47d6029f42aebb >> > 100644 >> >--- a/src/sss_client/idmap/sss_nss_idmap.exports >> >+++ b/src/sss_client/idmap/sss_nss_idmap.exports >> >@@ -19,3 +19,9 @@ SSS_NSS_IDMAP_0.1.0 { >> > sss_nss_getorigbyname; >> > sss_nss_free_kv; >> > } SSS_NSS_IDMAP_0.0.1; >> >+ >> >+SSS_NSS_IDMAP_0.2.0 { >> >+ # public functions >> >+ global: >> >+ sss_nss_getnamebycert; >> >+} SSS_NSS_IDMAP_0.1.0; >> I wanted to push these patches. >> But I noticed that this function does not suit to this library. >> >> Summary and description says something else. >> >> sh$ rpm -q --info libsss_nss_idmap | tail -n4 >> URL : http://fedorahosted.org/sssd/ >> Summary : Library for SID based lookups >> Description : >> Utility library for SID based lookups > >Would you agree if I change summary and description to '... for SID and >certificate based ...' >
that would be the easiest solution and I am not against :-) I just wanted to hear other optinions. BTW feel free to send just diff for spec file. I can squash it before pushing to master. LS _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
