|
|
483b06 |
From 7a115884d370d8e9b2c7b110a0565fe5b78446a9 Mon Sep 17 00:00:00 2001
|
|
|
483b06 |
From: Sumit Bose <sbose@redhat.com>
|
|
|
483b06 |
Date: Wed, 15 Feb 2017 12:09:20 +0100
|
|
|
483b06 |
Subject: [PATCH] ipa-kdb: add ipadb_fetch_principals_with_extra_filter()
|
|
|
483b06 |
|
|
|
483b06 |
Additionally make ipadb_find_principal public.
|
|
|
483b06 |
|
|
|
483b06 |
Related to https://pagure.io/freeipa/issue/4905
|
|
|
483b06 |
|
|
|
483b06 |
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
483b06 |
Reviewed-By: David Kupka <dkupka@redhat.com>
|
|
|
483b06 |
---
|
|
|
483b06 |
daemons/ipa-kdb/ipa_kdb.h | 11 +++++++
|
|
|
483b06 |
daemons/ipa-kdb/ipa_kdb_principals.c | 58 ++++++++++++++++++++++++++++--------
|
|
|
483b06 |
2 files changed, 56 insertions(+), 13 deletions(-)
|
|
|
483b06 |
|
|
|
483b06 |
diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h
|
|
|
483b06 |
index 8a3f7d3c012186fd73b27abef09602b0d0e96e8d..72f2675809a3267cce30bc06c77335697c7287ad 100644
|
|
|
483b06 |
--- a/daemons/ipa-kdb/ipa_kdb.h
|
|
|
483b06 |
+++ b/daemons/ipa-kdb/ipa_kdb.h
|
|
|
483b06 |
@@ -198,6 +198,17 @@ krb5_error_code ipadb_put_principal(krb5_context kcontext,
|
|
|
483b06 |
char **db_args);
|
|
|
483b06 |
krb5_error_code ipadb_delete_principal(krb5_context kcontext,
|
|
|
483b06 |
krb5_const_principal search_for);
|
|
|
483b06 |
+krb5_error_code
|
|
|
483b06 |
+ipadb_fetch_principals_with_extra_filter(struct ipadb_context *ipactx,
|
|
|
483b06 |
+ unsigned int flags,
|
|
|
483b06 |
+ const char *principal,
|
|
|
483b06 |
+ const char *filter,
|
|
|
483b06 |
+ LDAPMessage **result);
|
|
|
483b06 |
+krb5_error_code ipadb_find_principal(krb5_context kcontext,
|
|
|
483b06 |
+ unsigned int flags,
|
|
|
483b06 |
+ LDAPMessage *res,
|
|
|
483b06 |
+ char **principal,
|
|
|
483b06 |
+ LDAPMessage **entry);
|
|
|
483b06 |
#if KRB5_KDB_API_VERSION < 8
|
|
|
483b06 |
krb5_error_code ipadb_iterate(krb5_context kcontext,
|
|
|
483b06 |
char *match_entry,
|
|
|
483b06 |
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
|
|
|
483b06 |
index 3bd8fb8c70c61b056a714bc0a8149bd8524beb1d..82c857430b11279b4029fa72a6d430610524ba43 100644
|
|
|
483b06 |
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
|
|
|
483b06 |
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
|
|
|
483b06 |
@@ -37,6 +37,17 @@
|
|
|
483b06 |
"(objectclass=krbprincipal))" \
|
|
|
483b06 |
"(krbprincipalname=%s))"
|
|
|
483b06 |
|
|
|
483b06 |
+#define PRINC_TGS_SEARCH_FILTER_EXTRA "(&(|(objectclass=krbprincipalaux)" \
|
|
|
483b06 |
+ "(objectclass=krbprincipal)" \
|
|
|
483b06 |
+ "(objectclass=ipakrbprincipal))" \
|
|
|
483b06 |
+ "(|(ipakrbprincipalalias=%s)" \
|
|
|
483b06 |
+ "(krbprincipalname:caseIgnoreIA5Match:=%s))" \
|
|
|
483b06 |
+ "%s)"
|
|
|
483b06 |
+
|
|
|
483b06 |
+#define PRINC_SEARCH_FILTER_EXTRA "(&(|(objectclass=krbprincipalaux)" \
|
|
|
483b06 |
+ "(objectclass=krbprincipal))" \
|
|
|
483b06 |
+ "(krbprincipalname=%s)" \
|
|
|
483b06 |
+ "%s)"
|
|
|
483b06 |
static char *std_principal_attrs[] = {
|
|
|
483b06 |
"krbPrincipalName",
|
|
|
483b06 |
"krbCanonicalName",
|
|
|
483b06 |
@@ -864,10 +875,12 @@ done:
|
|
|
483b06 |
return kerr;
|
|
|
483b06 |
}
|
|
|
483b06 |
|
|
|
483b06 |
-static krb5_error_code ipadb_fetch_principals(struct ipadb_context *ipactx,
|
|
|
483b06 |
- unsigned int flags,
|
|
|
483b06 |
- char *principal,
|
|
|
483b06 |
- LDAPMessage **result)
|
|
|
483b06 |
+krb5_error_code
|
|
|
483b06 |
+ipadb_fetch_principals_with_extra_filter(struct ipadb_context *ipactx,
|
|
|
483b06 |
+ unsigned int flags,
|
|
|
483b06 |
+ const char *principal,
|
|
|
483b06 |
+ const char *filter,
|
|
|
483b06 |
+ LDAPMessage **result)
|
|
|
483b06 |
{
|
|
|
483b06 |
krb5_error_code kerr;
|
|
|
483b06 |
char *src_filter = NULL;
|
|
|
483b06 |
@@ -890,11 +903,21 @@ static krb5_error_code ipadb_fetch_principals(struct ipadb_context *ipactx,
|
|
|
483b06 |
goto done;
|
|
|
483b06 |
}
|
|
|
483b06 |
|
|
|
483b06 |
- if (flags & KRB5_KDB_FLAG_ALIAS_OK) {
|
|
|
483b06 |
- ret = asprintf(&src_filter, PRINC_TGS_SEARCH_FILTER,
|
|
|
483b06 |
- esc_original_princ, esc_original_princ);
|
|
|
483b06 |
+ if (filter == NULL) {
|
|
|
483b06 |
+ if (flags & KRB5_KDB_FLAG_ALIAS_OK) {
|
|
|
483b06 |
+ ret = asprintf(&src_filter, PRINC_TGS_SEARCH_FILTER,
|
|
|
483b06 |
+ esc_original_princ, esc_original_princ);
|
|
|
483b06 |
+ } else {
|
|
|
483b06 |
+ ret = asprintf(&src_filter, PRINC_SEARCH_FILTER, esc_original_princ);
|
|
|
483b06 |
+ }
|
|
|
483b06 |
} else {
|
|
|
483b06 |
- ret = asprintf(&src_filter, PRINC_SEARCH_FILTER, esc_original_princ);
|
|
|
483b06 |
+ if (flags & KRB5_KDB_FLAG_ALIAS_OK) {
|
|
|
483b06 |
+ ret = asprintf(&src_filter, PRINC_TGS_SEARCH_FILTER_EXTRA,
|
|
|
483b06 |
+ esc_original_princ, esc_original_princ, filter);
|
|
|
483b06 |
+ } else {
|
|
|
483b06 |
+ ret = asprintf(&src_filter, PRINC_SEARCH_FILTER_EXTRA,
|
|
|
483b06 |
+ esc_original_princ, filter);
|
|
|
483b06 |
+ }
|
|
|
483b06 |
}
|
|
|
483b06 |
|
|
|
483b06 |
if (ret == -1) {
|
|
|
483b06 |
@@ -913,11 +936,20 @@ done:
|
|
|
483b06 |
return kerr;
|
|
|
483b06 |
}
|
|
|
483b06 |
|
|
|
483b06 |
-static krb5_error_code ipadb_find_principal(krb5_context kcontext,
|
|
|
483b06 |
- unsigned int flags,
|
|
|
483b06 |
- LDAPMessage *res,
|
|
|
483b06 |
- char **principal,
|
|
|
483b06 |
- LDAPMessage **entry)
|
|
|
483b06 |
+static krb5_error_code ipadb_fetch_principals(struct ipadb_context *ipactx,
|
|
|
483b06 |
+ unsigned int flags,
|
|
|
483b06 |
+ char *principal,
|
|
|
483b06 |
+ LDAPMessage **result)
|
|
|
483b06 |
+{
|
|
|
483b06 |
+ return ipadb_fetch_principals_with_extra_filter(ipactx, flags, principal,
|
|
|
483b06 |
+ NULL, result);
|
|
|
483b06 |
+}
|
|
|
483b06 |
+
|
|
|
483b06 |
+krb5_error_code ipadb_find_principal(krb5_context kcontext,
|
|
|
483b06 |
+ unsigned int flags,
|
|
|
483b06 |
+ LDAPMessage *res,
|
|
|
483b06 |
+ char **principal,
|
|
|
483b06 |
+ LDAPMessage **entry)
|
|
|
483b06 |
{
|
|
|
483b06 |
struct ipadb_context *ipactx;
|
|
|
483b06 |
bool found = false;
|
|
|
483b06 |
--
|
|
|
483b06 |
2.12.1
|
|
|
483b06 |
|