From 702e83f19bb77dfe0f0a35a8901f3f686f003d9a Mon Sep 17 00:00:00 2001 From: Sumit Bose Date: Wed, 6 Apr 2016 18:07:37 +0200 Subject: [PATCH 06/12] ipa: save cert as blob in the cache The IPA extdom plugin returns the user certificate base64 encoded. Before the IPA client can store it in the cache it must be decoded so that it is stored as a binary as the certificate from other sources. --- src/providers/ipa/ipa_s2n_exop.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c index c1bc42ff14e7217eba258bbfa1a170dfee2ac972..b6136befaa78ac30e7bf2ca52ef1875e16a74304 100644 --- a/src/providers/ipa/ipa_s2n_exop.c +++ b/src/providers/ipa/ipa_s2n_exop.c @@ -22,6 +22,7 @@ #include "util/util.h" #include "util/sss_nss.h" #include "util/strtonum.h" +#include "util/crypto/sss_crypto.h" #include "providers/ldap/sdap_async_private.h" #include "providers/ldap/sdap_async_ad.h" #include "providers/ldap/ldap_common.h" @@ -497,8 +498,22 @@ static errno_t get_extra_attrs(BerElement *ber, struct resp_attrs *resp_attrs) for (c = 0; values[c] != NULL; c++) { - v.data = (uint8_t *) values[c]->bv_val; - v.length = values[c]->bv_len; + if (strcmp(name, SYSDB_USER_CERT) == 0) { + if (values[c]->bv_val[values[c]->bv_len] != '\0') { + DEBUG(SSSDBG_OP_FAILURE, + "base64 encoded certificate not 0-terminated.\n"); + return EINVAL; + } + + v.data = sss_base64_decode(NULL,values[c]->bv_val, &v.length); + if (v.data == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "sss_base64_decode failed.\n"); + return EINVAL; + } + } else { + v.data = (uint8_t *) values[c]->bv_val; + v.length = values[c]->bv_len; + } ret = sysdb_attrs_add_val(resp_attrs->sysdb_attrs, name, &v); if (ret != EOK) { -- 2.1.0