a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose/*
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose SSSD - certificate handling utils
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose The calls defined here should be useable outside of SSSD as well, e.g. in
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose libsss_certmap.
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose Copyright (C) Sumit Bose <sbose@redhat.com> 2017
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose This program is free software; you can redistribute it and/or modify
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose it under the terms of the GNU General Public License as published by
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose the Free Software Foundation; either version 3 of the License, or
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose (at your option) any later version.
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose This program is distributed in the hope that it will be useful,
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose but WITHOUT ANY WARRANTY; without even the implied warranty of
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose GNU General Public License for more details.
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose You should have received a copy of the GNU General Public License
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose along with this program. If not, see <http://www.gnu.org/licenses/>.
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose*/
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose#include <stdbool.h>
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose#include <errno.h>
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose#include <string.h>
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose#include "lib/certmap/sss_certmap_int.h"
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Boseint get_short_name(TALLOC_CTX *mem_ctx, const char *full_name,
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose char delim, char **short_name)
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose{
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose char *at;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose char *s;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose if (full_name == NULL || delim == '\0' || short_name == NULL) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose return EINVAL;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose }
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose at = strchr(full_name, delim);
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose if (at != NULL) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose s = talloc_strndup(mem_ctx, full_name, (at - full_name));
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose } else {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose s = talloc_strdup(mem_ctx, full_name);
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose }
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose if (s == NULL) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose return ENOMEM;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose }
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose *short_name = s;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose return 0;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose}
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Boseint add_to_san_list(TALLOC_CTX *mem_ctx, bool is_bin,
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose enum san_opt san_opt, const uint8_t *data, size_t len,
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose struct san_list **item)
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose{
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose struct san_list *i;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose if (data == NULL || len == 0 || san_opt == SAN_INVALID) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose return EINVAL;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose }
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose i = talloc_zero(mem_ctx, struct san_list);
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose if (i == NULL) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose return ENOMEM;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose }
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose i->san_opt = san_opt;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose if (is_bin) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose i->bin_val = talloc_memdup(i, data, len);
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose i->bin_val_len = len;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose } else {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose i->val = talloc_strndup(i, (const char *) data, len);
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose }
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose if (i->val == NULL) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose talloc_free(i);
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose return ENOMEM;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose }
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose *item = i;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose return 0;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose}
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Boseint add_principal_to_san_list(TALLOC_CTX *mem_ctx, enum san_opt san_opt,
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose const char *princ, struct san_list **item)
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose{
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose struct san_list *i = NULL;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose int ret;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose i = talloc_zero(mem_ctx, struct san_list);
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose if (i == NULL) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose return ENOMEM;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose }
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose i->san_opt = san_opt;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose i->val = talloc_strdup(i, princ);
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose if (i->val == NULL) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose ret = ENOMEM;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose goto done;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose }
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose ret = get_short_name(i, i->val, '@', &(i->short_name));
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose if (ret != 0) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose goto done;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose }
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose ret = 0;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bosedone:
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose if (ret == 0) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose *item = i;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose } else {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose talloc_free(i);
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose }
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose return ret;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose}
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Boseint rdn_list_2_dn_str(TALLOC_CTX *mem_ctx, const char *conversion,
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose const char **rdn_list, char **result)
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose{
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose char *str = NULL;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose size_t c;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose int ret;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose char *conv = NULL;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose str = talloc_strdup(mem_ctx, "");
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose if (str == NULL) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose ret = ENOMEM;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose goto done;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose }
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose if (conversion == NULL || strcmp(conversion, "nss_ldap") == 0
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose || strcmp(conversion, "nss") == 0) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose for (c = 0; rdn_list[c] != NULL; c++);
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose while (c != 0) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose c--;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose str = talloc_asprintf_append(str, "%s%s",
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose (rdn_list[c + 1] == NULL) ? "" : ",",
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose rdn_list[c]);
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose if (str == NULL) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose ret = ENOMEM;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose goto done;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose }
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose };
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose } else if (strcmp(conversion, "ad_ldap") == 0) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose for (c = 0; rdn_list[c] != NULL; c++);
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose while (c != 0) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose c--;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose conv = check_ad_attr_name(str, rdn_list[c]);
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose str = talloc_asprintf_append(str, "%s%s",
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose (rdn_list[c + 1] == NULL) ? "" : ",",
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose conv == NULL ? rdn_list[c] : conv);
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose talloc_free(conv);
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose conv = NULL;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose if (str == NULL) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose ret = ENOMEM;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose goto done;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose }
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose };
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose } else if (strcmp(conversion, "nss_x500") == 0) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose for (c = 0; rdn_list[c] != NULL; c++) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose str = talloc_asprintf_append(str, "%s%s", (c == 0) ? "" : ",",
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose rdn_list[c]);
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose if (str == NULL) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose ret = ENOMEM;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose goto done;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose }
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose }
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose } else if (strcmp(conversion, "ad_x500") == 0
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose || strcmp(conversion, "ad") == 0) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose for (c = 0; rdn_list[c] != NULL; c++) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose conv = check_ad_attr_name(str, rdn_list[c]);
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose str = talloc_asprintf_append(str, "%s%s",
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose (c == 0) ? "" : ",",
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose conv == NULL ? rdn_list[c] : conv);
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose talloc_free(conv);
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose conv = NULL;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose if (str == NULL) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose ret = ENOMEM;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose goto done;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose }
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose }
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose } else {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose ret = EINVAL;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose goto done;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose }
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose ret = 0;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bosedone:
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose if (ret == 0) {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose *result = str;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose } else {
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose talloc_free(str);
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose }
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose return ret;
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose}