On Thu, Jun 09, 2016 at 12:09:49PM +0200, Lukas Slebodnik wrote:
> On (09/06/16 11:41), Sumit Bose wrote:
> >On Thu, Jun 09, 2016 at 11:20:14AM +0200, Lukas Slebodnik wrote:
> >> On (08/06/16 15:39), Sumit Bose wrote:
> >> >On Tue, Jun 07, 2016 at 04:40:42PM +0200, Jakub Hrozek wrote:
> >> >> On Tue, Jun 07, 2016 at 02:55:40PM +0200, Sumit Bose wrote:
> >> >> > On Tue, Jun 07, 2016 at 01:56:10PM +0200, Jakub Hrozek wrote:
> >> >> > > On Tue, Jun 07, 2016 at 12:28:22PM +0200, Sumit Bose wrote:
> >> >> > > > sure, here you are.
> >> >> > > >
> >> >> > > > bye,
> >> >> > > > Sumit
> >> >> > >
> >> >> > > Hmm, are these the correct patches?
> >> >> > >
> >> >> > > /home/remote/jhrozek/devel/sssd/src/db/sysdb_views.c: In function
> >> >> > > 'sysdb_search_override_by_cert':
> >> >> > > /home/remote/jhrozek/devel/sssd/src/db/sysdb_views.c:880:11: error:
> >> >> > > too many arguments to function 'sss_cert_derb64_to_ldap_filter'
> >> >> > > ret = sss_cert_derb64_to_ldap_filter(tmp_ctx, cert,
> >> >> > > SYSDB_USER_CERT, NULL,
> >> >> > > ^
> >> >> > > In file included from
> >> >> > > /home/remote/jhrozek/devel/sssd/src/db/sysdb_views.c:23:0:
> >> >> > > /home/remote/jhrozek/devel/sssd/src/util/cert.h:40:9: note:
> >> >> > > declared here
> >> >> > > errno_t sss_cert_derb64_to_ldap_filter(TALLOC_CTX *mem_ctx, const
> >> >> > > char *derb64,
> >> >> > > ^
> >> >> >
> >> >> > ah, sorry, I picked the patches from a wrong branch.
> >> >> >
> >> >> > Please try the new version.
> >> >>
> >> >> OK, this looks better, but there CI still complains on Debian:
> >> >> /bin/bash ./libtool --tag=CC --mode=link gcc -Wall -Wshadow
> >> >> -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align
> >> >> -Wwrite-strings -Wundef -Werror-implicit-function-declaration
> >> >> -Winit-self -Wmissing-include-dirs -fno-strict-aliasing -std=gnu99 -g3
> >> >> -O2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
> >> >> -o proxy_child src/providers/proxy/proxy_child-proxy_child.o
> >> >> src/providers/proxy_child-data_provider_iface_generated.o -lpam -ltalloc
> >> >> -ltevent -ltalloc -lpopt -lldb -ldbus-1 -lpcre -lini_config
> >> >> -lbasicobjects -lref_array -lcollection -lcollection -ldhash -llber
> >> >> -lldap -lselinux -ltdb libsss_util.la libsss_crypt.la libsss_debug.la
> >> >> libsss_child.la
> >> >> /usr/bin/ld: src/responder/nss/nsssrv_cmd.o: undefined reference to
> >> >> symbol 'sss_cert_derb64_to_pem'
> >> >> //var/lib/jenkins/workspace/ci/label/debian_testing/ci-build-debug/.libs/libsss_cert.so:
> >> >> //error adding symbols: DSO missing from command line
> >> >> collect2: error: ld returned 1 exit status
> >> >> Makefile:10585: recipe for target 'sssd_nss' failed
> >> >> make[2]: *** [sssd_nss] Error 1
> >> >> make[2]: *** Waiting for unfinished jobs...
> >> >>
> >> >> CI link:
> >> >> http://sssd-ci.duckdns.org/logs/job/44/61/debian_testing/ci-build-debug/ci-make-tests.log
> >> >
> >> >ok, I added libsss_cert.la to the nss responder binary and the test.
> >> >
> >> >New version attached.
> >> >
> >> >bye,
> >> >Sumit
> >> >
> >>
> >> >From cb3f7bc55b22140b997d6b94f76893798731d79f Mon Sep 17 00:00:00 2001
> >> >From: Sumit Bose <sb...@redhat.com>
> >> >Date: Tue, 26 Apr 2016 13:13:43 +0200
> >> >Subject: [PATCH 12/12] nss-idmap: add sss_nss_getnamebycert()
> >> >
> >> >---
> >> > Makefile.am | 2 +-
> >> > src/python/pysss_nss_idmap.c | 47
> >> > ++++++++++++++++++++++++++++--
> >> > src/responder/nss/nsssrv_cmd.c | 1 +
> >> > src/sss_client/idmap/sss_nss_idmap.c | 26 ++++++++++++++++-
> >> > src/sss_client/idmap/sss_nss_idmap.exports | 6 ++++
> >> > src/sss_client/idmap/sss_nss_idmap.h | 15 ++++++++++
> >> > 6 files changed, 93 insertions(+), 4 deletions(-)
> >> >
> >> >diff --git a/Makefile.am b/Makefile.am
> >> >index
> >> >fdd129d326d092989a92506cc86694dded58ff72..a504a4f613b881afcbc096a03de0f284ebf34896
> >> > 100644
> >> >--- a/Makefile.am
> >> >+++ b/Makefile.am
> >> >@@ -989,7 +989,7 @@ libsss_nss_idmap_la_LIBADD = \
> >> > $(CLIENT_LIBS)
> >> > libsss_nss_idmap_la_LDFLAGS = \
> >> >
> >> > -Wl,--version-script,$(srcdir)/src/sss_client/idmap/sss_nss_idmap.exports
> >> > \
> >> >- -version-info 1:0:1
> >> >+ -version-info 2:0:2
> >> >
> >> > dist_noinst_DATA += src/sss_client/idmap/sss_nss_idmap.exports
> >> >
> >> >diff --git a/src/python/pysss_nss_idmap.c b/src/python/pysss_nss_idmap.c
> >> >index
> >> >36d66f405442d63e430f92862990f1656486112d..a88ef77a3c8056e4962c35811de3dbbb18f4c9a4
> >> > 100644
> >> >--- a/src/python/pysss_nss_idmap.c
> >> >+++ b/src/python/pysss_nss_idmap.c
> >> >@@ -33,7 +33,8 @@ enum lookup_type {
> >> > SIDBYNAME,
> >> > SIDBYID,
> >> > NAMEBYSID,
> >> >- IDBYSID
> >> >+ IDBYSID,
> >> >+ NAMEBYCERT
> >> > };
> >> >
> >> > static int add_dict(PyObject *py_result, PyObject *key, PyObject
> >> > *res_type,
> >> >@@ -166,6 +167,28 @@ static int do_getsidbyid(PyObject *py_result,
> >> >PyObject *py_id)
> >> > return ret;
> >> > }
> >> >
> >> >+static int do_getnamebycert(PyObject *py_result, PyObject *py_cert)
> >> >+{
> >> >+ int ret;
> >> >+ const char *cert;
> >> >+ char *name = NULL;
> >> >+ enum sss_id_type id_type;
> >> >+
> >> >+ cert = py_string_or_unicode_as_string(py_cert);
> >> >+ if (cert == NULL) {
> >> >+ return EINVAL;
> >> >+ }
> >> >+
> >> >+ ret = sss_nss_getnamebycert(cert, &name, &id_type);
> >> >+ if (ret == 0) {
> >> >+ ret = add_dict(py_result, py_cert,
> >> >PyBytes_FromString(SSS_NAME_KEY),
> >> >+ PyUnicode_FromString(name),
> >> >PYNUMBER_FROMLONG(id_type));
> >> >+ }
> >> >+ free(name);
> >> >+
> >> >+ return ret;
> >> >+}
> >> >+
> >> > static int do_getidbysid(PyObject *py_result, PyObject *py_sid)
> >> > {
> >> > const char *sid;
> >> >@@ -203,6 +226,9 @@ static int do_lookup(enum lookup_type type, PyObject
> >> >*py_result,
> >> > case IDBYSID:
> >> > return do_getidbysid(py_result, py_inp);
> >> > break;
> >> >+ case NAMEBYCERT:
> >> >+ return do_getnamebycert(py_result, py_inp);
> >> >+ break;
> >> > default:
> >> > return ENOSYS;
> >> > }
> >> >@@ -260,7 +286,7 @@ static PyObject *check_args(enum lookup_type type,
> >> >PyObject *args)
> >> > case ENOENT: /* nothing found, return empty dict */
> >> > break;
> >> > case EINVAL:
> >> >- PyErr_Format(PyExc_ValueError, "Unable to retrieve
> >> >argument\n");
> >> >+ PyErr_Format(PyExc_ValueError, "Unable to retrieve
> >> >result\n");
> >> > Py_XDECREF(py_result);
> >> > return NULL;
> >> > break;
> >> >@@ -339,6 +365,21 @@ static PyObject * py_getidbysid(PyObject *module,
> >> >PyObject *args)
> >> > return check_args(IDBYSID, args);
> >> > }
> >> >
> >> >+PyDoc_STRVAR(getnamebycert_doc,
> >> >+"getnamebycert(sid or list/tuple of certificates) -> dict(sid =>
> >> >dict(results))\n\
> >> >+\n\
> >> >+Returns a dictionary with a dictonary of results for each given
> >> >certificates.\n\
> >> >+The result dictonary contain the name and the type of the object which
> >> >can be\n\
> >> >+accessed with the key constants NAME_KEY and TYPE_KEY, respectively.\n\
> >> >+\n\
> >> >+NOTE: getnamebycert currently works only with id_provider set as \"ad\"
> >> >or \"ipa\""
> >> >+);
> >> >+
> >> >+static PyObject * py_getnamebycert(PyObject *module, PyObject *args)
> >> >+{
> >> >+ return check_args(NAMEBYCERT, args);
> >> >+}
> >> >+
> >> > static PyMethodDef methods[] = {
> >> > { sss_py_const_p(char, "getsidbyname"), (PyCFunction)
> >> > py_getsidbyname,
> >> > METH_VARARGS, getsidbyname_doc },
> >> >@@ -348,6 +389,8 @@ static PyMethodDef methods[] = {
> >> > METH_VARARGS, getnamebysid_doc },
> >> > { sss_py_const_p(char, "getidbysid"), (PyCFunction) py_getidbysid,
> >> > METH_VARARGS, getidbysid_doc },
> >> >+ { sss_py_const_p(char, "getnamebycert"), (PyCFunction)
> >> >py_getnamebycert,
> >> >+ METH_VARARGS, getnamebycert_doc },
> >> > { NULL,NULL, 0, NULL }
> >> > };
> >> >
> >> >diff --git a/src/responder/nss/nsssrv_cmd.c
> >> >b/src/responder/nss/nsssrv_cmd.c
> >> >index
> >> >762c26b74581acb5568b602caaef2586521f6903..64e2945a99a6f3262517aa7c817475904418a1ed
> >> > 100644
> >> >--- a/src/responder/nss/nsssrv_cmd.c
> >> >+++ b/src/responder/nss/nsssrv_cmd.c
> >> >@@ -5525,6 +5525,7 @@ static int nss_cmd_getbycert(enum sss_cli_command
> >> >cmd, struct cli_ctx *cctx)
> >> > }
> >> >
> >> > derb64 = (const char *) body;
> >> >+ DEBUG(SSSDBG_TRACE_ALL, "cert [%s]\n", derb64);
> >> >
> >> > /* check input */
> >> > ret = sss_cert_derb64_to_pem(cctx, derb64, &pem_cert, &pem_size);
> >> >diff --git a/src/sss_client/idmap/sss_nss_idmap.c
> >> >b/src/sss_client/idmap/sss_nss_idmap.c
> >> >index
> >> >55d8043bd992bebf82a46206a9f3aecbe1e88238..fa5a499e3606f7e45a406de4d63002ba35365cb1
> >> > 100644
> >> >--- a/src/sss_client/idmap/sss_nss_idmap.c
> >> >+++ b/src/sss_client/idmap/sss_nss_idmap.c
> >> >@@ -159,7 +159,8 @@ static int sss_nss_getyyybyxxx(union input inp, enum
> >> >sss_cli_command cmd ,
> >> > case SSS_NSS_GETNAMEBYSID:
> >> > case SSS_NSS_GETIDBYSID:
> >> > case SSS_NSS_GETORIGBYNAME:
> >> >- ret = sss_strnlen(inp.str, SSS_NAME_MAX, &inp_len);
> >> >+ case SSS_NSS_GETNAMEBYCERT:
> >> >+ ret = sss_strnlen(inp.str, 2048, &inp_len);
> >> > if (ret != EOK) {
> >> > return EINVAL;
> >> > }
> >> >@@ -209,6 +210,7 @@ static int sss_nss_getyyybyxxx(union input inp, enum
> >> >sss_cli_command cmd ,
> >> > case SSS_NSS_GETSIDBYID:
> >> > case SSS_NSS_GETSIDBYNAME:
> >> > case SSS_NSS_GETNAMEBYSID:
> >> >+ case SSS_NSS_GETNAMEBYCERT:
> >> > if (data_len <= 1 || repbuf[replen - 1] != '\0') {
> >> > ret = EBADMSG;
> >> > goto done;
> >> >@@ -368,3 +370,25 @@ int sss_nss_getorigbyname(const char *fq_name,
> >> >struct sss_nss_kv **kv_list,
> >> >
> >> > return ret;
> >> > }
> >> >+
> >> >+int sss_nss_getnamebycert(const char *cert, char **fq_name,
> >> >+ enum sss_id_type *type)
> >> >+{
> >> >+ int ret;
> >> >+ union input inp;
> >> >+ struct output out;
> >> >+
> >> >+ if (fq_name == NULL || cert == NULL || *cert == '\0') {
> >> >+ return EINVAL;
> >> >+ }
> >> >+
> >> >+ inp.str = cert;
> >> >+
> >> >+ ret = sss_nss_getyyybyxxx(inp, SSS_NSS_GETNAMEBYCERT, &out);
> >> >+ if (ret == EOK) {
> >> >+ *fq_name = out.d.str;
> >> >+ *type = out.type;
> >> >+ }
> >> >+
> >> >+ return ret;
> >> >+}
> >> >diff --git a/src/sss_client/idmap/sss_nss_idmap.exports
> >> >b/src/sss_client/idmap/sss_nss_idmap.exports
> >> >index
> >> >8aa4702416534c49176d29cee381e1c9292c4847..bd5d80212017d38334c3cdeefa47d6029f42aebb
> >> > 100644
> >> >--- a/src/sss_client/idmap/sss_nss_idmap.exports
> >> >+++ b/src/sss_client/idmap/sss_nss_idmap.exports
> >> >@@ -19,3 +19,9 @@ SSS_NSS_IDMAP_0.1.0 {
> >> > sss_nss_getorigbyname;
> >> > sss_nss_free_kv;
> >> > } SSS_NSS_IDMAP_0.0.1;
> >> >+
> >> >+SSS_NSS_IDMAP_0.2.0 {
> >> >+ # public functions
> >> >+ global:
> >> >+ sss_nss_getnamebycert;
> >> >+} SSS_NSS_IDMAP_0.1.0;
> >> I wanted to push these patches.
> >> But I noticed that this function does not suit to this library.
> >>
> >> Summary and description says something else.
> >>
> >> sh$ rpm -q --info libsss_nss_idmap | tail -n4
> >> URL : http://fedorahosted.org/sssd/
> >> Summary : Library for SID based lookups
> >> Description :
> >> Utility library for SID based lookups
> >
> >Would you agree if I change summary and description to '... for SID and
> >certificate based ...'
> >
>
> that would be the easiest solution and I am not against :-)
>
> I just wanted to hear other optinions.
>
>
> BTW feel free to send just diff for spec file.
> I can squash it before pushing to master.
>
Please find attached an updated version of the 12th patch.
bye,
Sumit
From 1decd1940a4278cb6c2b19c3f995e8e601c15d75 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Tue, 26 Apr 2016 13:13:43 +0200
Subject: [PATCH 12/12] nss-idmap: add sss_nss_getnamebycert()
---
Makefile.am | 2 +-
contrib/sssd.spec.in | 8 ++---
src/python/pysss_nss_idmap.c | 47 ++++++++++++++++++++++++++++--
src/responder/nss/nsssrv_cmd.c | 1 +
src/sss_client/idmap/sss_nss_idmap.c | 26 ++++++++++++++++-
src/sss_client/idmap/sss_nss_idmap.exports | 6 ++++
src/sss_client/idmap/sss_nss_idmap.h | 15 ++++++++++
7 files changed, 97 insertions(+), 8 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index
fdd129d326d092989a92506cc86694dded58ff72..a504a4f613b881afcbc096a03de0f284ebf34896
100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -989,7 +989,7 @@ libsss_nss_idmap_la_LIBADD = \
$(CLIENT_LIBS)
libsss_nss_idmap_la_LDFLAGS = \
-Wl,--version-script,$(srcdir)/src/sss_client/idmap/sss_nss_idmap.exports \
- -version-info 1:0:1
+ -version-info 2:0:2
dist_noinst_DATA += src/sss_client/idmap/sss_nss_idmap.exports
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index
355b9510994b2f5ea470febca670d8982ad4bfce..ad072204cec41e764c6f46263fb5af8f2a37913e
100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -467,23 +467,23 @@ used by Python applications.
%endif
%package -n libsss_nss_idmap
-Summary: Library for SID based lookups
+Summary: Library for SID and certificate based lookups
Group: Development/Libraries
License: LGPLv3+
Requires(post): /sbin/ldconfig
Requires(postun): /sbin/ldconfig
%description -n libsss_nss_idmap
-Utility library for SID based lookups
+Utility library for SID and certificate based lookups
%package -n libsss_nss_idmap-devel
-Summary: Library for SID based lookups
+Summary: Library for SID and certificate based lookups
Group: Development/Libraries
License: LGPLv3+
Requires: libsss_nss_idmap = %{version}-%{release}
%description -n libsss_nss_idmap-devel
-Utility library for SID based lookups
+Utility library for SID and certificate based lookups
%package -n python-libsss_nss_idmap
Summary: Python2 bindings for libsss_nss_idmap
diff --git a/src/python/pysss_nss_idmap.c b/src/python/pysss_nss_idmap.c
index
36d66f405442d63e430f92862990f1656486112d..a88ef77a3c8056e4962c35811de3dbbb18f4c9a4
100644
--- a/src/python/pysss_nss_idmap.c
+++ b/src/python/pysss_nss_idmap.c
@@ -33,7 +33,8 @@ enum lookup_type {
SIDBYNAME,
SIDBYID,
NAMEBYSID,
- IDBYSID
+ IDBYSID,
+ NAMEBYCERT
};
static int add_dict(PyObject *py_result, PyObject *key, PyObject *res_type,
@@ -166,6 +167,28 @@ static int do_getsidbyid(PyObject *py_result, PyObject
*py_id)
return ret;
}
+static int do_getnamebycert(PyObject *py_result, PyObject *py_cert)
+{
+ int ret;
+ const char *cert;
+ char *name = NULL;
+ enum sss_id_type id_type;
+
+ cert = py_string_or_unicode_as_string(py_cert);
+ if (cert == NULL) {
+ return EINVAL;
+ }
+
+ ret = sss_nss_getnamebycert(cert, &name, &id_type);
+ if (ret == 0) {
+ ret = add_dict(py_result, py_cert, PyBytes_FromString(SSS_NAME_KEY),
+ PyUnicode_FromString(name), PYNUMBER_FROMLONG(id_type));
+ }
+ free(name);
+
+ return ret;
+}
+
static int do_getidbysid(PyObject *py_result, PyObject *py_sid)
{
const char *sid;
@@ -203,6 +226,9 @@ static int do_lookup(enum lookup_type type, PyObject
*py_result,
case IDBYSID:
return do_getidbysid(py_result, py_inp);
break;
+ case NAMEBYCERT:
+ return do_getnamebycert(py_result, py_inp);
+ break;
default:
return ENOSYS;
}
@@ -260,7 +286,7 @@ static PyObject *check_args(enum lookup_type type, PyObject
*args)
case ENOENT: /* nothing found, return empty dict */
break;
case EINVAL:
- PyErr_Format(PyExc_ValueError, "Unable to retrieve argument\n");
+ PyErr_Format(PyExc_ValueError, "Unable to retrieve result\n");
Py_XDECREF(py_result);
return NULL;
break;
@@ -339,6 +365,21 @@ static PyObject * py_getidbysid(PyObject *module, PyObject
*args)
return check_args(IDBYSID, args);
}
+PyDoc_STRVAR(getnamebycert_doc,
+"getnamebycert(sid or list/tuple of certificates) -> dict(sid =>
dict(results))\n\
+\n\
+Returns a dictionary with a dictonary of results for each given
certificates.\n\
+The result dictonary contain the name and the type of the object which can
be\n\
+accessed with the key constants NAME_KEY and TYPE_KEY, respectively.\n\
+\n\
+NOTE: getnamebycert currently works only with id_provider set as \"ad\" or
\"ipa\""
+);
+
+static PyObject * py_getnamebycert(PyObject *module, PyObject *args)
+{
+ return check_args(NAMEBYCERT, args);
+}
+
static PyMethodDef methods[] = {
{ sss_py_const_p(char, "getsidbyname"), (PyCFunction) py_getsidbyname,
METH_VARARGS, getsidbyname_doc },
@@ -348,6 +389,8 @@ static PyMethodDef methods[] = {
METH_VARARGS, getnamebysid_doc },
{ sss_py_const_p(char, "getidbysid"), (PyCFunction) py_getidbysid,
METH_VARARGS, getidbysid_doc },
+ { sss_py_const_p(char, "getnamebycert"), (PyCFunction) py_getnamebycert,
+ METH_VARARGS, getnamebycert_doc },
{ NULL,NULL, 0, NULL }
};
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index
762c26b74581acb5568b602caaef2586521f6903..64e2945a99a6f3262517aa7c817475904418a1ed
100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -5525,6 +5525,7 @@ static int nss_cmd_getbycert(enum sss_cli_command cmd,
struct cli_ctx *cctx)
}
derb64 = (const char *) body;
+ DEBUG(SSSDBG_TRACE_ALL, "cert [%s]\n", derb64);
/* check input */
ret = sss_cert_derb64_to_pem(cctx, derb64, &pem_cert, &pem_size);
diff --git a/src/sss_client/idmap/sss_nss_idmap.c
b/src/sss_client/idmap/sss_nss_idmap.c
index
55d8043bd992bebf82a46206a9f3aecbe1e88238..fa5a499e3606f7e45a406de4d63002ba35365cb1
100644
--- a/src/sss_client/idmap/sss_nss_idmap.c
+++ b/src/sss_client/idmap/sss_nss_idmap.c
@@ -159,7 +159,8 @@ static int sss_nss_getyyybyxxx(union input inp, enum
sss_cli_command cmd ,
case SSS_NSS_GETNAMEBYSID:
case SSS_NSS_GETIDBYSID:
case SSS_NSS_GETORIGBYNAME:
- ret = sss_strnlen(inp.str, SSS_NAME_MAX, &inp_len);
+ case SSS_NSS_GETNAMEBYCERT:
+ ret = sss_strnlen(inp.str, 2048, &inp_len);
if (ret != EOK) {
return EINVAL;
}
@@ -209,6 +210,7 @@ static int sss_nss_getyyybyxxx(union input inp, enum
sss_cli_command cmd ,
case SSS_NSS_GETSIDBYID:
case SSS_NSS_GETSIDBYNAME:
case SSS_NSS_GETNAMEBYSID:
+ case SSS_NSS_GETNAMEBYCERT:
if (data_len <= 1 || repbuf[replen - 1] != '\0') {
ret = EBADMSG;
goto done;
@@ -368,3 +370,25 @@ int sss_nss_getorigbyname(const char *fq_name, struct
sss_nss_kv **kv_list,
return ret;
}
+
+int sss_nss_getnamebycert(const char *cert, char **fq_name,
+ enum sss_id_type *type)
+{
+ int ret;
+ union input inp;
+ struct output out;
+
+ if (fq_name == NULL || cert == NULL || *cert == '\0') {
+ return EINVAL;
+ }
+
+ inp.str = cert;
+
+ ret = sss_nss_getyyybyxxx(inp, SSS_NSS_GETNAMEBYCERT, &out);
+ if (ret == EOK) {
+ *fq_name = out.d.str;
+ *type = out.type;
+ }
+
+ return ret;
+}
diff --git a/src/sss_client/idmap/sss_nss_idmap.exports
b/src/sss_client/idmap/sss_nss_idmap.exports
index
8aa4702416534c49176d29cee381e1c9292c4847..bd5d80212017d38334c3cdeefa47d6029f42aebb
100644
--- a/src/sss_client/idmap/sss_nss_idmap.exports
+++ b/src/sss_client/idmap/sss_nss_idmap.exports
@@ -19,3 +19,9 @@ SSS_NSS_IDMAP_0.1.0 {
sss_nss_getorigbyname;
sss_nss_free_kv;
} SSS_NSS_IDMAP_0.0.1;
+
+SSS_NSS_IDMAP_0.2.0 {
+ # public functions
+ global:
+ sss_nss_getnamebycert;
+} SSS_NSS_IDMAP_0.1.0;
diff --git a/src/sss_client/idmap/sss_nss_idmap.h
b/src/sss_client/idmap/sss_nss_idmap.h
index
78a8a11c1d597e7d19bb692dcaeb566b770b900e..8a6299194e7b91e084b26c0c96e2f93875a832e7
100644
--- a/src/sss_client/idmap/sss_nss_idmap.h
+++ b/src/sss_client/idmap/sss_nss_idmap.h
@@ -124,6 +124,21 @@ int sss_nss_getorigbyname(const char *fq_name, struct
sss_nss_kv **kv_list,
enum sss_id_type *type);
/**
+ * @brief Return the fully qualified name for the given base64 encoded
+ * X.509 certificate in DER format
+ *
+ * @param[in] cert base64 encoded certificate
+ * @param[out] fq_name Fully qualified name of a user or a group,
+ * must be freed by the caller
+ * @param[out] type Type of the object related to the SID
+ *
+ * @return
+ * - see #sss_nss_getsidbyname
+ */
+int sss_nss_getnamebycert(const char *cert, char **fq_name,
+ enum sss_id_type *type);
+
+/**
* @brief Free key-value list returned by sss_nss_getorigbyname()
*
* @param[in] kv_list Key-value list returned by sss_nss_getorigbyname().
--
2.1.0
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
