local.c revision efc65e78fa4e01e6cecc8690a9899af61213be62
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen Secrets Responder
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen Copyright (C) Simo Sorce <ssorce@redhat.com> 2016
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen This program is free software; you can redistribute it and/or modify
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen it under the terms of the GNU General Public License as published by
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen the Free Software Foundation; either version 3 of the License, or
82eadbc4311faf7719d5db33fddaa06cb3a7010bTimo Sirainen (at your option) any later version.
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen This program is distributed in the hope that it will be useful,
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen but WITHOUT ANY WARRANTY; without even the implied warranty of
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen GNU General Public License for more details.
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen You should have received a copy of the GNU General Public License
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen along with this program. If not, see <http://www.gnu.org/licenses/>.
48afa4224df2a6bcfe75fec11a59c224426dcdc1Teemu Huovilastatic int local_decrypt(struct local_context *lctx, TALLOC_CTX *mem_ctx,
48afa4224df2a6bcfe75fec11a59c224426dcdc1Teemu Huovila if (enctype && strcmp(enctype, "masterkey") == 0) {
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen _secret.data = (char *)sss_base64_decode(mem_ctx, secret,
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen ret = sss_decrypt(mem_ctx, AES256CBC_HMAC_SHA256,
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen if (((strnlen(output, outlen) + 1) != outlen) ||
a9b3887f4d9ed75a76fed964c1930432bf84f4f5Timo Sirainenstatic int local_encrypt(struct local_context *lctx, TALLOC_CTX *mem_ctx,
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen if (!enctype || strcmp(enctype, "masterkey") != 0) return EINVAL;
a9b3887f4d9ed75a76fed964c1930432bf84f4f5Timo Sirainen ret = sss_encrypt(mem_ctx, AES256CBC_HMAC_SHA256,
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen const char *s, *e;
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen while (s && *s) {
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen if (e == s) {
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen if (!ldb_dn_add_child_fmt(dn, "cn=%.*s", (int)(e - s), s)) {
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainenstatic char *local_dn_to_path(TALLOC_CTX *mem_ctx,
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen for (int i = dncomps - basecomps; i > 0; i--) {
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen path = talloc_strdup_append_buffer(path, "/");
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen path = talloc_strndup_append_buffer(path, (char *)val->data,
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen path = talloc_strndup(mem_ctx, (char *)val->data, val->length);
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen#define LOCAL_CONTAINER_FILTER "(type=container)"
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainenstatic int local_db_get_simple(TALLOC_CTX *mem_ctx,
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen static const char *attrs[] = { "secret", "enctype", NULL };
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen ret = local_db_dn(tmp_ctx, lctx->ldb, req_path, &dn);
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen ret = ldb_search(lctx->ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE,
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen attr_secret = ldb_msg_find_attr_as_string(res->msgs[0], "secret", NULL);
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen attr_enctype = ldb_msg_find_attr_as_string(res->msgs[0], "enctype", NULL);
82eadbc4311faf7719d5db33fddaa06cb3a7010bTimo Sirainen ret = local_decrypt(lctx, mem_ctx, attr_secret, attr_enctype, secret);
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen *secret = talloc_strdup(mem_ctx, attr_secret);
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainenstatic int local_db_list_keys(TALLOC_CTX *mem_ctx,
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen static const char *attrs[] = { "secret", NULL };
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen ret = local_db_dn(tmp_ctx, lctx->ldb, req_path, &dn);
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen ret = ldb_search(lctx->ldb, tmp_ctx, &res, dn, LDB_SCOPE_SUBTREE,
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen keys = talloc_array(mem_ctx, char *, res->count);
c865b0e9c65fd77f7b2ab6f8616d3def5501ecb3Timo Sirainen keys[i] = local_dn_to_path(keys, dn, res->msgs[i]->dn);
done:
return ret;
int num;
int ret;
if (!dn) {
goto done;
for (int i = 0; i < num; i++) {
goto done;
goto done;
done:
return ret;
int nest_level;
return EOK;
const char *req_path,
const char *secret)
char *enc_secret;
int ret;
if (!msg) {
goto done;
goto done;
done:
return ret;
const char *req_path)
int ret;
goto done;
done:
return ret;
const char *req_path)
int ret;
if (!msg) {
goto done;
goto done;
done:
return ret;
char **local_db_path)
int ret;
return EINVAL;
return EINVAL;
if (ret != 0) {
return EINVAL;
if (!*local_db_path) {
return ENOMEM;
return EOK;
struct local_secret_state {
void *provider_ctx,
const char *content_type;
bool body_is_json;
char *req_path;
char *secret;
char **keys;
int nkeys;
int plen;
int ret;
if (!lctx) {
goto done;
"application/json")) {
body_is_json = true;
"application/octet-stream")) {
body_is_json = false;
goto done;
case HTTP_GET:
if (body_is_json) {
case HTTP_PUT:
if (body_is_json) {
&secret);
case HTTP_DELETE:
case HTTP_POST:
goto done;
goto done;
done:
int ret;
int fd;
return EFAULT;
return EOK;
int mfd;
int ret;
return EIO;
return EOK;