From patchwork Tue Jan 8 17:28:26 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 210456 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from aserp1040.oracle.com (aserp1040.oracle.com [141.146.126.69]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "aserp1040.oracle.com", Issuer "VeriSign Class 3 International Server CA - G3" (not verified)) by ozlabs.org (Postfix) with ESMTPS id 0C9042C008D for ; Wed, 9 Jan 2013 04:28:33 +1100 (EST) Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by aserp1040.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id r08HSU9Z007858 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 8 Jan 2013 17:28:31 GMT Received: from oss.oracle.com (oss-external.oracle.com [137.254.96.51]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r08HSUNh009977 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 8 Jan 2013 17:28:30 GMT Received: from localhost ([127.0.0.1] helo=oss.oracle.com) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1TscyU-0001It-HH; Tue, 08 Jan 2013 09:28:30 -0800 Received: from ucsinet21.oracle.com ([156.151.31.93]) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1TscyT-0001Im-Hn for fedfs-utils-devel@oss.oracle.com; Tue, 08 Jan 2013 09:28:29 -0800 Received: from userp1030.oracle.com (userp1030.oracle.com [156.151.31.80]) by ucsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id r08HSST4005554 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Tue, 8 Jan 2013 17:28:29 GMT Received: from mail-ia0-f178.google.com (mail-ia0-f178.google.com [209.85.210.178]) by userp1030.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id r08HSSNu017257 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=OK) for ; Tue, 8 Jan 2013 17:28:28 GMT Received: by mail-ia0-f178.google.com with SMTP id k25so593117iah.9 for ; Tue, 08 Jan 2013 09:28:28 -0800 (PST) X-Received: by 10.50.42.169 with SMTP id p9mr9792166igl.17.1357666107873; Tue, 08 Jan 2013 09:28:27 -0800 (PST) Received: from seurat.1015granger.net (adsl-99-26-161-222.dsl.sfldmi.sbcglobal.net. [99.26.161.222]) by mx.google.com with ESMTPS id hg2sm10245113igc.3.2013.01.08.09.28.26 (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 08 Jan 2013 09:28:27 -0800 (PST) From: Chuck Lever To: fedfs-utils-devel@oss.oracle.com Date: Tue, 08 Jan 2013 12:28:26 -0500 Message-ID: <20130108172825.65133.27710.stgit@seurat.1015granger.net> In-Reply-To: <20130108172057.65133.25145.stgit@seurat.1015granger.net> References: <20130108172057.65133.25145.stgit@seurat.1015granger.net> User-Agent: StGIT/0.14.3 MIME-Version: 1.0 X-Flow-Control-Info: class=Default reputation=ipRepBelow100 ip=209.85.210.178 ct-class=R5 ct-vol1=0 ct-vol2=8 ct-vol3=7 ct-risk=47 ct-spam1=75 ct-spam2=7 ct-bulk=6 rcpts=1 size=6115 X-MM-CT-Classification: not spam X-MM-CT-RefID: str=0001.0A090208.50EC573C.00D4,ss=1,re=0.000,fgs=0 Subject: [fedfs-utils] [PATCH 09/13] libnsdb: Rename fn_secdata field X-BeenThere: fedfs-utils-devel@oss.oracle.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: fedfs-utils Developers List-Id: fedfs-utils Developers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: fedfs-utils-devel-bounces@oss.oracle.com Errors-To: fedfs-utils-devel-bounces@oss.oracle.com X-Source-IP: acsinet21.oracle.com [141.146.126.237] Clean up: fn_secdata is actually a filename, not security data. Name the field something that makes more sense. An accessor function for this field is also provided. Signed-off-by: Chuck Lever --- src/include/nsdb.h | 1 + src/libnsdb/nsdb-internal.h | 2 +- src/libnsdb/nsdb.c | 41 ++++++++++++++++++++++++++++------------- 3 files changed, 30 insertions(+), 14 deletions(-) diff --git a/src/include/nsdb.h b/src/include/nsdb.h index 81b1bd6..46f87ee 100644 --- a/src/include/nsdb.h +++ b/src/include/nsdb.h @@ -242,6 +242,7 @@ void nsdb_free_nsdb(nsdb_t host); const char *nsdb_hostname(const nsdb_t host); size_t nsdb_hostname_len(const nsdb_t host); unsigned short nsdb_port(const nsdb_t host); +const char *nsdb_certfile(const nsdb_t host); const char *nsdb_default_binddn(const nsdb_t host); const char *nsdb_default_nce(const nsdb_t host); _Bool nsdb_follow_referrals(const nsdb_t host); diff --git a/src/libnsdb/nsdb-internal.h b/src/libnsdb/nsdb-internal.h index 6cf96c9..82d707a 100644 --- a/src/libnsdb/nsdb-internal.h +++ b/src/libnsdb/nsdb-internal.h @@ -39,7 +39,7 @@ struct fedfs_nsdb { char * fn_hostname; unsigned short fn_port; unsigned int fn_sectype; - char * fn_secdata; + char * fn_certfile; LDAP * fn_ldap; char ** fn_naming_contexts; char * fn_default_binddn; diff --git a/src/libnsdb/nsdb.c b/src/libnsdb/nsdb.c index e5fb09a..888c6a5 100644 --- a/src/libnsdb/nsdb.c +++ b/src/libnsdb/nsdb.c @@ -292,6 +292,21 @@ unsigned short nsdb_port(const nsdb_t host) } /** + * Return filename containing nsdb_t's certificate + * + * @param host pointer to initialized nsdb_t + * @return NUL-terminated C string containing filename, or NULL + * + * Lifetime of this string is the same as the lifetime of the + * nsdb_t. Caller must not free this string, and must not use + * it after the nsdb_t is freed. + */ +const char *nsdb_certfile(const nsdb_t host) +{ + return host->fn_certfile; +} + +/** * Convert string form of integer into an IP port number * * @param string a NUL-terminated C string containing number to convert @@ -617,7 +632,7 @@ static FedFsStatus nsdb_read_nsdbname(sqlite3 *db, nsdb_t host) { const char *domainname = host->fn_hostname; - char *secdata, *def_binddn, *def_nce; + char *certfile, *def_binddn, *def_nce; unsigned int port = host->fn_port; int rc, follow_referrals; FedFsStatus retval; @@ -648,8 +663,8 @@ nsdb_read_nsdbname(sqlite3 *db, nsdb_t host) switch (sqlite3_step(stmt)) { case SQLITE_ROW: xlog(D_GENERAL, "Found row for '%s:%u'", domainname, port); - secdata = strdup((const char *)sqlite3_column_text(stmt, 1)); - if (secdata == NULL) { + certfile = strdup((const char *)sqlite3_column_text(stmt, 1)); + if (certfile == NULL) { retval = FEDFS_ERR_SVRFAULT; break; } @@ -657,7 +672,7 @@ nsdb_read_nsdbname(sqlite3 *db, nsdb_t host) if (def_binddn != NULL) { def_binddn = strdup(def_binddn); if (def_binddn == NULL) { - free(secdata); + free(certfile); retval = FEDFS_ERR_SVRFAULT; break; } @@ -667,7 +682,7 @@ nsdb_read_nsdbname(sqlite3 *db, nsdb_t host) def_nce = strdup(def_nce); if (def_nce == NULL) { free(def_binddn); - free(secdata); + free(certfile); retval = FEDFS_ERR_SVRFAULT; break; } @@ -678,7 +693,7 @@ nsdb_read_nsdbname(sqlite3 *db, nsdb_t host) else host->fn_follow_referrals = true; host->fn_sectype = sqlite3_column_int(stmt, 0); - host->fn_secdata = secdata; + host->fn_certfile = certfile; host->fn_default_binddn = def_binddn; host->fn_default_nce = def_nce; retval = FEDFS_OK; @@ -764,14 +779,14 @@ out: * @param db an open sqlite3 database descriptor * @param host an instantiated nsdb_t object * @param sectype an integer value representing the security type - * @param secdata a NUL-terminated UTF-8 C string containing the name of a file containing security data + * @param certfile a NUL-terminated UTF-8 C string containing the name of a file containing an x.509 certificate * @return a FedFsStatus code * * Information is copied from the nsdb_t object to the cert store. */ static FedFsStatus nsdb_update_nsdbname(sqlite3 *db, const nsdb_t host, - unsigned int sectype, const char *secdata) + unsigned int sectype, const char *certfile) { const char *domainname = host->fn_hostname; const int port = host->fn_port; @@ -792,7 +807,7 @@ nsdb_update_nsdbname(sqlite3 *db, const nsdb_t host, goto out_finalize; } - rc = sqlite3_bind_text(stmt, 2, secdata, -1, SQLITE_STATIC); + rc = sqlite3_bind_text(stmt, 2, certfile, -1, SQLITE_STATIC); if (rc != SQLITE_OK) { xlog(L_ERROR, "Failed to bind security data value: %s", sqlite3_errmsg(db)); @@ -1103,7 +1118,7 @@ nsdb_read_nsdbparams(nsdb_t host, struct fedfs_secdata *sec) if (sec != NULL) { if (host->fn_sectype != FEDFS_SEC_NONE) { - retval = nsdb_read_certfile(host->fn_secdata, + retval = nsdb_read_certfile(nsdb_certfile(host), &sec->data, &sec->len); if (retval != FEDFS_OK) goto out_close; @@ -1256,7 +1271,7 @@ nsdb_update_nsdbparams(nsdb_t host, const struct fedfs_secdata *sec) } host->fn_sectype = (unsigned int)sec->type; - host->fn_secdata = certfile; + host->fn_certfile = certfile; retval = FEDFS_OK; out_close: @@ -1556,7 +1571,7 @@ nsdb_open_nsdb(nsdb_t host, const char *binddn, const char *passwd, case FEDFS_SEC_NONE: break; case FEDFS_SEC_TLS: - retval = nsdb_start_tls(ld, host->fn_secdata, ldap_err); + retval = nsdb_start_tls(ld, nsdb_certfile(host), ldap_err); if (retval != FEDFS_OK) goto out_unbind; break; @@ -1605,7 +1620,7 @@ nsdb_free_nsdb(nsdb_t host) return; free(host->fn_hostname); - free(host->fn_secdata); + free(host->fn_certfile); nsdb_free_string_array(host->fn_naming_contexts); free(host->fn_default_binddn); free(host->fn_default_nce);