Blame SOURCES/0014-MS-cert-template-add-D-Bus-property-and-storage.patch

20746d
From afe1fc05a5da349c3e24e8c96b1e185e4da53613 Mon Sep 17 00:00:00 2001
20746d
From: Fraser Tweedale <ftweedal@redhat.com>
20746d
Date: Thu, 17 Aug 2017 11:38:43 +1000
20746d
Subject: [PATCH] MS cert template: add D-Bus property and storage
20746d
20746d
Add a D-Bus property and storage for a new template attribute, which
20746d
will hold data to be included in CSRs in the MS V2 certificate
20746d
template extension.
20746d
20746d
The server does not validate the extension data (validation
20746d
behaviour is implemented in a subsequent commit).
20746d
20746d
Part of: https://pagure.io/certmonger/issue/78
20746d
---
20746d
 doc/api.txt                 |  2 ++
20746d
 src/store-files.c           | 10 ++++++++++
20746d
 src/store-int.h             |  1 +
20746d
 src/tdbus.h                 |  1 +
20746d
 src/tdbush.c                | 29 ++++++++++++++++++++++++++++-
20746d
 tests/028-dbus/expected.out |  1 +
20746d
 6 files changed, 43 insertions(+), 1 deletion(-)
20746d
20746d
diff --git a/doc/api.txt b/doc/api.txt
20746d
index 31016be..83cf375 100644
20746d
--- a/doc/api.txt
20746d
+++ b/doc/api.txt
20746d
@@ -56,6 +56,7 @@ o object layout
20746d
                {("template-crldp"),array-of-string (CRL distribution point URIs)}
20746d
                {("template-ns-comment"),string (Netscape comment)}
20746d
                {("template-profile"),string (certificate profile)}
20746d
+               {("template-ms-certificate-template"),string (MS V2 template specifier; format: <oid>:<major-version>[:<minor-version>] )}
20746d
                {("template-issuer"),string (requested issuer)}
20746d
                {("template-challenge-password"),string (password to add to CSR)}
20746d
                {("template-challenge-password-file"),string (password file)
20746d
@@ -165,6 +166,7 @@ o object layout
20746d
                {("template-crldp"),array-of-string (CRL distribution point URIs)}
20746d
                {("template-ns-comment"),string (Netscape comment)}
20746d
                {("template-profile"),string (certificate profile)}
20746d
+               {("template-ms-certificate-template"),string (MS V2 template specifier; format: <oid>:<major-version>[:<minor-version>] )}
20746d
                {("template-issuer"),string (requested issuer)}
20746d
                {("template-challenge-password"),string (password to add to CSR)}
20746d
                {("template-challenge-password-file"),string (password file)
20746d
diff --git a/src/store-files.c b/src/store-files.c
20746d
index 889829c..977e896 100644
20746d
--- a/src/store-files.c
20746d
+++ b/src/store-files.c
20746d
@@ -130,6 +130,7 @@ enum cm_store_file_field {
20746d
 	cm_store_entry_field_template_ns_comment,
20746d
 	cm_store_entry_field_template_profile,
20746d
 	cm_store_entry_field_template_issuer,
20746d
+	cm_store_entry_field_template_certificate_template,
20746d
 	cm_store_entry_field_template_no_ocsp_check,
20746d
 	cm_store_entry_field_template_ns_certtype,
20746d
 
20746d
@@ -305,6 +306,7 @@ static struct cm_store_file_field_list {
20746d
 	{cm_store_entry_field_template_profile, "template_profile"}, /* right */
20746d
 	{cm_store_entry_field_template_profile, "ca_profile"}, /* wrong */
20746d
 	{cm_store_entry_field_template_issuer, "template_issuer"},
20746d
+	{cm_store_entry_field_template_certificate_template, "template_certificate_template"},
20746d
 	{cm_store_entry_field_template_no_ocsp_check, "template_no_ocsp_check"},
20746d
 	{cm_store_entry_field_template_ns_certtype, "template_ns_certtype"},
20746d
 
20746d
@@ -1129,6 +1131,9 @@ cm_store_entry_read(void *parent, const char *filename, FILE *fp)
20746d
 			case cm_store_entry_field_template_profile:
20746d
 				ret->cm_template_profile = free_if_empty(p);
20746d
 				break;
20746d
+			case cm_store_entry_field_template_certificate_template:
20746d
+				ret->cm_template_certificate_template = free_if_empty(p);
20746d
+				break;
20746d
 			case cm_store_entry_field_template_issuer:
20746d
 				ret->cm_template_issuer = free_if_empty(p);
20746d
 				break;
20746d
@@ -1375,6 +1380,7 @@ cm_store_ca_read(void *parent, const char *filename, FILE *fp)
20746d
 			case cm_store_entry_field_template_ocsp_location:
20746d
 			case cm_store_entry_field_template_ns_comment:
20746d
 			case cm_store_entry_field_template_profile:
20746d
+			case cm_store_entry_field_template_certificate_template:
20746d
 			case cm_store_entry_field_template_issuer:
20746d
 			case cm_store_entry_field_template_no_ocsp_check:
20746d
 			case cm_store_entry_field_template_ns_certtype:
20746d
@@ -1984,6 +1990,8 @@ cm_store_entry_write(FILE *fp, struct cm_store_entry *entry)
20746d
 				entry->cm_template_no_ocsp_check ? 1 : 0);
20746d
 	cm_store_file_write_str(fp, cm_store_entry_field_template_ns_certtype,
20746d
 				entry->cm_template_ns_certtype);
20746d
+	cm_store_file_write_str(fp, cm_store_entry_field_template_certificate_template,
20746d
+				entry->cm_template_certificate_template);
20746d
 
20746d
 	cm_store_file_write_str(fp, cm_store_entry_field_challenge_password,
20746d
 				entry->cm_template_challenge_password);
20746d
@@ -2745,6 +2753,8 @@ cm_store_entry_dup(void *parent, struct cm_store_entry *entry)
20746d
 	ret->cm_template_profile = cm_store_maybe_strdup(ret, entry->cm_template_profile);
20746d
 	ret->cm_template_issuer = cm_store_maybe_strdup(ret, entry->cm_template_issuer);
20746d
 	ret->cm_template_no_ocsp_check = entry->cm_template_no_ocsp_check;
20746d
+	ret->cm_template_certificate_template =
20746d
+		cm_store_maybe_strdup(ret, entry->cm_template_certificate_template);
20746d
 	ret->cm_template_ns_certtype = cm_store_maybe_strdup(ret,
20746d
 							     entry->cm_template_ns_certtype);
20746d
 
20746d
diff --git a/src/store-int.h b/src/store-int.h
20746d
index 2d3a353..98b37e6 100644
20746d
--- a/src/store-int.h
20746d
+++ b/src/store-int.h
20746d
@@ -144,6 +144,7 @@ struct cm_store_entry {
20746d
 	char *cm_template_profile;
20746d
 	char *cm_template_issuer;
20746d
 	char *cm_template_ns_certtype;
20746d
+	char *cm_template_certificate_template;
20746d
 	unsigned int cm_template_no_ocsp_check: 1;
20746d
 	/* A challenge password, which may be included (in cleartext form!) in
20746d
 	 * a CSR. */
20746d
diff --git a/src/tdbus.h b/src/tdbus.h
20746d
index 496f2dd..7164f11 100644
20746d
--- a/src/tdbus.h
20746d
+++ b/src/tdbus.h
20746d
@@ -110,6 +110,7 @@
20746d
 #define CM_DBUS_PROP_TEMPLATE_PROFILE "template-profile"
20746d
 #define CM_DBUS_PROP_TEMPLATE_ISSUER "template-issuer"
20746d
 #define CM_DBUS_PROP_TEMPLATE_NS_CERTTYPE "template-ns-certtype"
20746d
+#define CM_DBUS_PROP_TEMPLATE_MS_CERTIFICATE_TEMPLATE "template-ms-certificate-template"
20746d
 #define CM_DBUS_SIGNAL_REQUEST_CERT_SAVED "SavedCertificate"
20746d
 #define CM_DBUS_PROP_CA_PRESAVE_COMMAND "ca-presave-command"
20746d
 #define CM_DBUS_PROP_CA_PRESAVE_UID "ca-presave-uid"
20746d
diff --git a/src/tdbush.c b/src/tdbush.c
20746d
index 631da3e..94bf793 100644
20746d
--- a/src/tdbush.c
20746d
+++ b/src/tdbush.c
20746d
@@ -1568,6 +1568,14 @@ base_add_request(DBusConnection *conn, DBusMessage *msg,
20746d
 		new_entry->cm_template_issuer = maybe_strdup(new_entry,
20746d
 							     param->value.s);
20746d
 	}
20746d
+	param = cm_tdbusm_find_dict_entry(d,
20746d
+					  CM_DBUS_PROP_TEMPLATE_MS_CERTIFICATE_TEMPLATE,
20746d
+					  cm_tdbusm_dict_s);
20746d
+	if (param != NULL) {
20746d
+		// TODO check validity
20746d
+		new_entry->cm_template_certificate_template = maybe_strdup(new_entry,
20746d
+									   param->value.s);
20746d
+	}
20746d
 	param = cm_tdbusm_find_dict_entry(d,
20746d
 					  CM_DBUS_PROP_TEMPLATE_CHALLENGE_PASSWORD,
20746d
 					  cm_tdbusm_dict_s);
20746d
@@ -3320,6 +3328,17 @@ request_modify(DBusConnection *conn, DBusMessage *msg,
20746d
 					propname[n_propname++] = CM_DBUS_PROP_TEMPLATE_ISSUER;
20746d
 				}
20746d
 			} else
20746d
+			if ((param->value_type == cm_tdbusm_dict_s) &&
20746d
+			    (strcasecmp(param->key, CM_DBUS_PROP_TEMPLATE_MS_CERTIFICATE_TEMPLATE) == 0)) {
20746d
+				talloc_free(entry->cm_template_certificate_template);
20746d
+				// TODO check validity
20746d
+				entry->cm_template_certificate_template =
20746d
+					maybe_strdup(entry, param->value.s);
20746d
+				if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) {
20746d
+					propname[n_propname++] =
20746d
+						CM_DBUS_PROP_TEMPLATE_MS_CERTIFICATE_TEMPLATE;
20746d
+				}
20746d
+			} else
20746d
 			if ((param->value_type == cm_tdbusm_dict_s) &&
20746d
 			    (strcasecmp(param->key, CM_DBUS_PROP_TEMPLATE_CHALLENGE_PASSWORD) == 0)) {
20746d
 				talloc_free(entry->cm_template_challenge_password);
20746d
@@ -6734,6 +6753,14 @@ cm_tdbush_iface_request(void)
20746d
 								       offsetof(struct cm_store_entry, cm_template_issuer),
20746d
 								       NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
20746d
 								       NULL),
20746d
+				     make_interface_item(cm_tdbush_interface_property,
20746d
+							 make_property(CM_DBUS_PROP_TEMPLATE_MS_CERTIFICATE_TEMPLATE,
20746d
+								       cm_tdbush_property_string,
20746d
+								       cm_tdbush_property_readwrite,
20746d
+								       cm_tdbush_property_char_p,
20746d
+								       offsetof(struct cm_store_entry, cm_template_certificate_template),
20746d
+								       NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
20746d
+								       NULL),
20746d
 				     make_interface_item(cm_tdbush_interface_property,
20746d
 							 make_property(CM_DBUS_PROP_TEMPLATE_NS_CERTTYPE,
20746d
 								       cm_tdbush_property_string,
20746d
@@ -7179,7 +7206,7 @@ cm_tdbush_iface_request(void)
20746d
 				     make_interface_item(cm_tdbush_interface_signal,
20746d
 							 make_signal(CM_DBUS_SIGNAL_REQUEST_CERT_SAVED,
20746d
 								     NULL),
20746d
-							 NULL))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))));
20746d
+							 NULL)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))));
20746d
 	}
20746d
 	return ret;
20746d
 }
20746d
diff --git a/tests/028-dbus/expected.out b/tests/028-dbus/expected.out
20746d
index 93cc4d1..8a81a7f 100644
20746d
--- a/tests/028-dbus/expected.out
20746d
+++ b/tests/028-dbus/expected.out
20746d
@@ -330,6 +330,7 @@ OK
20746d
   <property name="template-ns-comment" type="s" access="readwrite"/>
20746d
   <property name="template-profile" type="s" access="readwrite"/>
20746d
   <property name="template-issuer" type="s" access="readwrite"/>
20746d
+  <property name="template-ms-certificate-template" type="s" access="readwrite"/>
20746d
   <property name="template-ns-certtype" type="s" access="readwrite"/>
20746d
   <property name="template-challenge-password" type="s" access="readwrite"/>
20746d
   <property name="template-challenge-password-file" type="s" access="readwrite"/>
20746d
-- 
20746d
2.14.4
20746d