rpms / ipa

Clone
Source Code
GIT

Blame SOURCES/0018-ipa-kdb-add-ipadb_fetch_principals_with_extra_filter.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   483b06d68cbb3facb2f1fcff4d857d3e3233a2e0
  2.   SOURCES
  3.   0018-ipa-kdb-add-ipadb_fetch_principals_with_extra_filter.patch
Blob History Raw
483b06 
From 7a115884d370d8e9b2c7b110a0565fe5b78446a9 Mon Sep 17 00:00:00 2001
483b06 
From: Sumit Bose <sbose@redhat.com>
483b06 
Date: Wed, 15 Feb 2017 12:09:20 +0100
483b06 
Subject: [PATCH] ipa-kdb: add ipadb_fetch_principals_with_extra_filter()
483b06
483b06 
Additionally make ipadb_find_principal public.
483b06
483b06 
Related to https://pagure.io/freeipa/issue/4905
483b06
483b06 
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
483b06 
Reviewed-By: David Kupka <dkupka@redhat.com>
483b06 
---
483b06 
 daemons/ipa-kdb/ipa_kdb.h            | 11 +++++++
483b06 
 daemons/ipa-kdb/ipa_kdb_principals.c | 58 ++++++++++++++++++++++++++++--------
483b06 
 2 files changed, 56 insertions(+), 13 deletions(-)
483b06
483b06 
diff --git a/daemons/ipa-kdb/ipa_kdb.h b/daemons/ipa-kdb/ipa_kdb.h
483b06 
index 8a3f7d3c012186fd73b27abef09602b0d0e96e8d..72f2675809a3267cce30bc06c77335697c7287ad 100644
483b06 
--- a/daemons/ipa-kdb/ipa_kdb.h
483b06 
+++ b/daemons/ipa-kdb/ipa_kdb.h
483b06 
@@ -198,6 +198,17 @@ krb5_error_code ipadb_put_principal(krb5_context kcontext,
483b06 
                                     char **db_args);
483b06 
 krb5_error_code ipadb_delete_principal(krb5_context kcontext,
483b06 
                                        krb5_const_principal search_for);
483b06 
+krb5_error_code
483b06 
+ipadb_fetch_principals_with_extra_filter(struct ipadb_context *ipactx,
483b06 
+                                         unsigned int flags,
483b06 
+                                         const char *principal,
483b06 
+                                         const char *filter,
483b06 
+                                         LDAPMessage **result);
483b06 
+krb5_error_code ipadb_find_principal(krb5_context kcontext,
483b06 
+                                     unsigned int flags,
483b06 
+                                     LDAPMessage *res,
483b06 
+                                     char **principal,
483b06 
+                                     LDAPMessage **entry);
483b06 
 #if KRB5_KDB_API_VERSION < 8
483b06 
 krb5_error_code ipadb_iterate(krb5_context kcontext,
483b06 
                               char *match_entry,
483b06 
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
483b06 
index 3bd8fb8c70c61b056a714bc0a8149bd8524beb1d..82c857430b11279b4029fa72a6d430610524ba43 100644
483b06 
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
483b06 
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
483b06 
@@ -37,6 +37,17 @@
483b06 
                                 "(objectclass=krbprincipal))" \
483b06 
                               "(krbprincipalname=%s))"
483b06
483b06 
+#define PRINC_TGS_SEARCH_FILTER_EXTRA "(&(|(objectclass=krbprincipalaux)" \
483b06 
+                                          "(objectclass=krbprincipal)" \
483b06 
+                                          "(objectclass=ipakrbprincipal))" \
483b06 
+                                        "(|(ipakrbprincipalalias=%s)" \
483b06 
+                                          "(krbprincipalname:caseIgnoreIA5Match:=%s))" \
483b06 
+                                         "%s)"
483b06 
+
483b06 
+#define PRINC_SEARCH_FILTER_EXTRA "(&(|(objectclass=krbprincipalaux)" \
483b06 
+                                      "(objectclass=krbprincipal))" \
483b06 
+                                    "(krbprincipalname=%s)" \
483b06 
+                                    "%s)"
483b06 
 static char *std_principal_attrs[] = {
483b06 
     "krbPrincipalName",
483b06 
     "krbCanonicalName",
483b06 
@@ -864,10 +875,12 @@ done:
483b06 
     return kerr;
483b06 
 }
483b06
483b06 
-static krb5_error_code ipadb_fetch_principals(struct ipadb_context *ipactx,
483b06 
-                                              unsigned int flags,
483b06 
-                                              char *principal,
483b06 
-                                              LDAPMessage **result)
483b06 
+krb5_error_code
483b06 
+ipadb_fetch_principals_with_extra_filter(struct ipadb_context *ipactx,
483b06 
+                                         unsigned int flags,
483b06 
+                                         const char *principal,
483b06 
+                                         const char *filter,
483b06 
+                                         LDAPMessage **result)
483b06 
 {
483b06 
     krb5_error_code kerr;
483b06 
     char *src_filter = NULL;
483b06 
@@ -890,11 +903,21 @@ static krb5_error_code ipadb_fetch_principals(struct ipadb_context *ipactx,
483b06 
         goto done;
483b06 
     }
483b06
483b06 
-    if (flags & KRB5_KDB_FLAG_ALIAS_OK) {
483b06 
-        ret = asprintf(&src_filter, PRINC_TGS_SEARCH_FILTER,
483b06 
-                       esc_original_princ, esc_original_princ);
483b06 
+    if (filter == NULL) {
483b06 
+        if (flags & KRB5_KDB_FLAG_ALIAS_OK) {
483b06 
+            ret = asprintf(&src_filter, PRINC_TGS_SEARCH_FILTER,
483b06 
+                           esc_original_princ, esc_original_princ);
483b06 
+        } else {
483b06 
+            ret = asprintf(&src_filter, PRINC_SEARCH_FILTER, esc_original_princ);
483b06 
+        }
483b06 
     } else {
483b06 
-        ret = asprintf(&src_filter, PRINC_SEARCH_FILTER, esc_original_princ);
483b06 
+        if (flags & KRB5_KDB_FLAG_ALIAS_OK) {
483b06 
+            ret = asprintf(&src_filter, PRINC_TGS_SEARCH_FILTER_EXTRA,
483b06 
+                           esc_original_princ, esc_original_princ, filter);
483b06 
+        } else {
483b06 
+            ret = asprintf(&src_filter, PRINC_SEARCH_FILTER_EXTRA,
483b06 
+                           esc_original_princ, filter);
483b06 
+        }
483b06 
     }
483b06
483b06 
     if (ret == -1) {
483b06 
@@ -913,11 +936,20 @@ done:
483b06 
     return kerr;
483b06 
 }
483b06
483b06 
-static krb5_error_code ipadb_find_principal(krb5_context kcontext,
483b06 
-                                            unsigned int flags,
483b06 
-                                            LDAPMessage *res,
483b06 
-                                            char **principal,
483b06 
-                                            LDAPMessage **entry)
483b06 
+static krb5_error_code ipadb_fetch_principals(struct ipadb_context *ipactx,
483b06 
+                                              unsigned int flags,
483b06 
+                                              char *principal,
483b06 
+                                              LDAPMessage **result)
483b06 
+{
483b06 
+    return ipadb_fetch_principals_with_extra_filter(ipactx, flags, principal,
483b06 
+                                                    NULL, result);
483b06 
+}
483b06 
+
483b06 
+krb5_error_code ipadb_find_principal(krb5_context kcontext,
483b06 
+                                     unsigned int flags,
483b06 
+                                     LDAPMessage *res,
483b06 
+                                     char **principal,
483b06 
+                                     LDAPMessage **entry)
483b06 
 {
483b06 
     struct ipadb_context *ipactx;
483b06 
     bool found = false;
483b06 
--
483b06 
2.12.1
483b06

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation