On (08/06/16 15:39), Sumit Bose wrote:
>On Tue, Jun 07, 2016 at 04:40:42PM +0200, Jakub Hrozek wrote:
>> On Tue, Jun 07, 2016 at 02:55:40PM +0200, Sumit Bose wrote:
>> > On Tue, Jun 07, 2016 at 01:56:10PM +0200, Jakub Hrozek wrote:
>> > > On Tue, Jun 07, 2016 at 12:28:22PM +0200, Sumit Bose wrote:
>> > > > sure, here you are.
>> > > >
>> > > > bye,
>> > > > Sumit
>> > >
>> > > Hmm, are these the correct patches?
>> > >
>> > > /home/remote/jhrozek/devel/sssd/src/db/sysdb_views.c: In function
'sysdb_search_override_by_cert':
>> > > /home/remote/jhrozek/devel/sssd/src/db/sysdb_views.c:880:11: error:
too many arguments to function 'sss_cert_derb64_to_ldap_filter'
>> > > ret = sss_cert_derb64_to_ldap_filter(tmp_ctx, cert,
SYSDB_USER_CERT, NULL,
>> > > ^
>> > > In file included from
/home/remote/jhrozek/devel/sssd/src/db/sysdb_views.c:23:0:
>> > > /home/remote/jhrozek/devel/sssd/src/util/cert.h:40:9: note: declared
here
>> > > errno_t sss_cert_derb64_to_ldap_filter(TALLOC_CTX *mem_ctx, const
char *derb64,
>> > > ^
>> >
>> > ah, sorry, I picked the patches from a wrong branch.
>> >
>> > Please try the new version.
>>
>> OK, this looks better, but there CI still complains on Debian:
>> /bin/bash ./libtool --tag=CC --mode=link gcc -Wall -Wshadow
>> -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align
>> -Wwrite-strings -Wundef -Werror-implicit-function-declaration
>> -Winit-self -Wmissing-include-dirs -fno-strict-aliasing -std=gnu99 -g3
>> -O2 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
>> -o proxy_child src/providers/proxy/proxy_child-proxy_child.o
>> src/providers/proxy_child-data_provider_iface_generated.o -lpam -ltalloc
>> -ltevent -ltalloc -lpopt -lldb -ldbus-1 -lpcre -lini_config
>> -lbasicobjects -lref_array -lcollection -lcollection -ldhash -llber
>> -lldap -lselinux -ltdb libsss_util.la libsss_crypt.la libsss_debug.la
>> libsss_child.la
>> /usr/bin/ld: src/responder/nss/nsssrv_cmd.o: undefined reference to
>> symbol 'sss_cert_derb64_to_pem'
>>
//var/lib/jenkins/workspace/ci/label/debian_testing/ci-build-debug/.libs/libsss_cert.so:
>> //error adding symbols: DSO missing from command line
>> collect2: error: ld returned 1 exit status
>> Makefile:10585: recipe for target 'sssd_nss' failed
>> make[2]: *** [sssd_nss] Error 1
>> make[2]: *** Waiting for unfinished jobs...
>>
>> CI link:
>>
http://sssd-ci.duckdns.org/logs/job/44/61/debian_testing/ci-build-debug/c...
>
>ok, I added libsss_cert.la to the nss responder binary and the test.
>
>New version attached.
>
>bye,
>Sumit
>
>From cb3f7bc55b22140b997d6b94f76893798731d79f Mon Sep 17 00:00:00 2001
>From: Sumit Bose <sbose(a)redhat.com>
>Date: Tue, 26 Apr 2016 13:13:43 +0200
>Subject: [PATCH 12/12] nss-idmap: add sss_nss_getnamebycert()
>
>---
> Makefile.am | 2 +-
> src/python/pysss_nss_idmap.c | 47 ++++++++++++++++++++++++++++--
> src/responder/nss/nsssrv_cmd.c | 1 +
> src/sss_client/idmap/sss_nss_idmap.c | 26 ++++++++++++++++-
> src/sss_client/idmap/sss_nss_idmap.exports | 6 ++++
> src/sss_client/idmap/sss_nss_idmap.h | 15 ++++++++++
> 6 files changed, 93 insertions(+), 4 deletions(-)
>
>diff --git a/Makefile.am b/Makefile.am
>index
fdd129d326d092989a92506cc86694dded58ff72..a504a4f613b881afcbc096a03de0f284ebf34896 100644
>--- a/Makefile.am
>+++ b/Makefile.am
>@@ -989,7 +989,7 @@ libsss_nss_idmap_la_LIBADD = \
> $(CLIENT_LIBS)
> libsss_nss_idmap_la_LDFLAGS = \
> -Wl,--version-script,$(srcdir)/src/sss_client/idmap/sss_nss_idmap.exports \
>- -version-info 1:0:1
>+ -version-info 2:0:2
>
> dist_noinst_DATA += src/sss_client/idmap/sss_nss_idmap.exports
>
>diff --git a/src/python/pysss_nss_idmap.c b/src/python/pysss_nss_idmap.c
>index
36d66f405442d63e430f92862990f1656486112d..a88ef77a3c8056e4962c35811de3dbbb18f4c9a4 100644
>--- a/src/python/pysss_nss_idmap.c
>+++ b/src/python/pysss_nss_idmap.c
>@@ -33,7 +33,8 @@ enum lookup_type {
> SIDBYNAME,
> SIDBYID,
> NAMEBYSID,
>- IDBYSID
>+ IDBYSID,
>+ NAMEBYCERT
> };
>
> static int add_dict(PyObject *py_result, PyObject *key, PyObject *res_type,
>@@ -166,6 +167,28 @@ static int do_getsidbyid(PyObject *py_result, PyObject *py_id)
> return ret;
> }
>
>+static int do_getnamebycert(PyObject *py_result, PyObject *py_cert)
>+{
>+ int ret;
>+ const char *cert;
>+ char *name = NULL;
>+ enum sss_id_type id_type;
>+
>+ cert = py_string_or_unicode_as_string(py_cert);
>+ if (cert == NULL) {
>+ return EINVAL;
>+ }
>+
>+ ret = sss_nss_getnamebycert(cert, &name, &id_type);
>+ if (ret == 0) {
>+ ret = add_dict(py_result, py_cert, PyBytes_FromString(SSS_NAME_KEY),
>+ PyUnicode_FromString(name), PYNUMBER_FROMLONG(id_type));
>+ }
>+ free(name);
>+
>+ return ret;
>+}
>+
> static int do_getidbysid(PyObject *py_result, PyObject *py_sid)
> {
> const char *sid;
>@@ -203,6 +226,9 @@ static int do_lookup(enum lookup_type type, PyObject *py_result,
> case IDBYSID:
> return do_getidbysid(py_result, py_inp);
> break;
>+ case NAMEBYCERT:
>+ return do_getnamebycert(py_result, py_inp);
>+ break;
> default:
> return ENOSYS;
> }
>@@ -260,7 +286,7 @@ static PyObject *check_args(enum lookup_type type, PyObject
*args)
> case ENOENT: /* nothing found, return empty dict */
> break;
> case EINVAL:
>- PyErr_Format(PyExc_ValueError, "Unable to retrieve
argument\n");
>+ PyErr_Format(PyExc_ValueError, "Unable to retrieve
result\n");
> Py_XDECREF(py_result);
> return NULL;
> break;
>@@ -339,6 +365,21 @@ static PyObject * py_getidbysid(PyObject *module, PyObject
*args)
> return check_args(IDBYSID, args);
> }
>
>+PyDoc_STRVAR(getnamebycert_doc,
>+"getnamebycert(sid or list/tuple of certificates) -> dict(sid =>
dict(results))\n\
>+\n\
>+Returns a dictionary with a dictonary of results for each given certificates.\n\
>+The result dictonary contain the name and the type of the object which can be\n\
>+accessed with the key constants NAME_KEY and TYPE_KEY, respectively.\n\
>+\n\
>+NOTE: getnamebycert currently works only with id_provider set as \"ad\" or
\"ipa\""
>+);
>+
>+static PyObject * py_getnamebycert(PyObject *module, PyObject *args)
>+{
>+ return check_args(NAMEBYCERT, args);
>+}
>+
> static PyMethodDef methods[] = {
> { sss_py_const_p(char, "getsidbyname"), (PyCFunction)
py_getsidbyname,
> METH_VARARGS, getsidbyname_doc },
>@@ -348,6 +389,8 @@ static PyMethodDef methods[] = {
> METH_VARARGS, getnamebysid_doc },
> { sss_py_const_p(char, "getidbysid"), (PyCFunction) py_getidbysid,
> METH_VARARGS, getidbysid_doc },
>+ { sss_py_const_p(char, "getnamebycert"), (PyCFunction)
py_getnamebycert,
>+ METH_VARARGS, getnamebycert_doc },
> { NULL,NULL, 0, NULL }
> };
>
>diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
>index
762c26b74581acb5568b602caaef2586521f6903..64e2945a99a6f3262517aa7c817475904418a1ed 100644
>--- a/src/responder/nss/nsssrv_cmd.c
>+++ b/src/responder/nss/nsssrv_cmd.c
>@@ -5525,6 +5525,7 @@ static int nss_cmd_getbycert(enum sss_cli_command cmd, struct
cli_ctx *cctx)
> }
>
> derb64 = (const char *) body;
>+ DEBUG(SSSDBG_TRACE_ALL, "cert [%s]\n", derb64);
>
> /* check input */
> ret = sss_cert_derb64_to_pem(cctx, derb64, &pem_cert, &pem_size);
>diff --git a/src/sss_client/idmap/sss_nss_idmap.c
b/src/sss_client/idmap/sss_nss_idmap.c
>index
55d8043bd992bebf82a46206a9f3aecbe1e88238..fa5a499e3606f7e45a406de4d63002ba35365cb1 100644
>--- a/src/sss_client/idmap/sss_nss_idmap.c
>+++ b/src/sss_client/idmap/sss_nss_idmap.c
>@@ -159,7 +159,8 @@ static int sss_nss_getyyybyxxx(union input inp, enum
sss_cli_command cmd ,
> case SSS_NSS_GETNAMEBYSID:
> case SSS_NSS_GETIDBYSID:
> case SSS_NSS_GETORIGBYNAME:
>- ret = sss_strnlen(inp.str, SSS_NAME_MAX, &inp_len);
>+ case SSS_NSS_GETNAMEBYCERT:
>+ ret = sss_strnlen(inp.str, 2048, &inp_len);
> if (ret != EOK) {
> return EINVAL;
> }
>@@ -209,6 +210,7 @@ static int sss_nss_getyyybyxxx(union input inp, enum
sss_cli_command cmd ,
> case SSS_NSS_GETSIDBYID:
> case SSS_NSS_GETSIDBYNAME:
> case SSS_NSS_GETNAMEBYSID:
>+ case SSS_NSS_GETNAMEBYCERT:
> if (data_len <= 1 || repbuf[replen - 1] != '\0') {
> ret = EBADMSG;
> goto done;
>@@ -368,3 +370,25 @@ int sss_nss_getorigbyname(const char *fq_name, struct sss_nss_kv
**kv_list,
>
> return ret;
> }
>+
>+int sss_nss_getnamebycert(const char *cert, char **fq_name,
>+ enum sss_id_type *type)
>+{
>+ int ret;
>+ union input inp;
>+ struct output out;
>+
>+ if (fq_name == NULL || cert == NULL || *cert == '\0') {
>+ return EINVAL;
>+ }
>+
>+ inp.str = cert;
>+
>+ ret = sss_nss_getyyybyxxx(inp, SSS_NSS_GETNAMEBYCERT, &out);
>+ if (ret == EOK) {
>+ *fq_name = out.d.str;
>+ *type = out.type;
>+ }
>+
>+ return ret;
>+}
>diff --git a/src/sss_client/idmap/sss_nss_idmap.exports
b/src/sss_client/idmap/sss_nss_idmap.exports
>index
8aa4702416534c49176d29cee381e1c9292c4847..bd5d80212017d38334c3cdeefa47d6029f42aebb 100644
>--- a/src/sss_client/idmap/sss_nss_idmap.exports
>+++ b/src/sss_client/idmap/sss_nss_idmap.exports
>@@ -19,3 +19,9 @@ SSS_NSS_IDMAP_0.1.0 {
> sss_nss_getorigbyname;
> sss_nss_free_kv;
> } SSS_NSS_IDMAP_0.0.1;
>+
>+SSS_NSS_IDMAP_0.2.0 {
>+ # public functions
>+ global:
>+ sss_nss_getnamebycert;
>+} SSS_NSS_IDMAP_0.1.0;
I wanted to push these patches.
But I noticed that this function does not suit to this library.
Summary and description says something else.
sh$ rpm -q --info libsss_nss_idmap | tail -n4
URL :
http://fedorahosted.org/sssd/
Summary : Library for SID based lookups
Description :
Utility library for SID based lookups
Would you agree if I change summary and description to '... for SID and
certificate based ...'
bye,
Sumit
>
> But it might be convenient to have all nss responder
> related lookups in one library.
>
> LS
> _______________________________________________
> sssd-devel mailing list
> sssd-devel(a)lists.fedorahosted.org
>