|
|
7a8c6d |
From 2187e205da4fb2fcfdc2d8b9e4a4117f849041f7 Mon Sep 17 00:00:00 2001
|
|
|
7a8c6d |
From: Fraser Tweedale <ftweedal@redhat.com>
|
|
|
7a8c6d |
Date: Fri, 3 Jun 2016 10:22:23 +1000
|
|
|
7a8c6d |
Subject: [PATCH] Add 'issuer' request option for specifying issuer
|
|
|
7a8c6d |
|
|
|
7a8c6d |
FreeIPA is implementing a 'lightweight CAs' feature where a single
|
|
|
7a8c6d |
Dogtag instance can host multiple CAs. Add the '--issuer' / '-X'
|
|
|
7a8c6d |
getcert-request option for specifying a particular CA, and the
|
|
|
7a8c6d |
'CERTMONGER_CA_ISSUER' environment variable for passing the value to
|
|
|
7a8c6d |
submit helpers. Also update the 'ipa-submit' helper to set the 'ca'
|
|
|
7a8c6d |
argument if the environment variable is set.
|
|
|
7a8c6d |
|
|
|
7a8c6d |
Reviewed-by: Nalin Dahyabhai <nalin@redhat.com>
|
|
|
7a8c6d |
---
|
|
|
7a8c6d |
doc/api.txt | 2 ++
|
|
|
7a8c6d |
doc/submit.txt | 1 +
|
|
|
7a8c6d |
src/cadata.c | 1 +
|
|
|
7a8c6d |
src/getcert-request.1.in | 3 +++
|
|
|
7a8c6d |
src/getcert-resubmit.1.in | 3 +++
|
|
|
7a8c6d |
src/getcert-start-tracking.1.in | 3 +++
|
|
|
7a8c6d |
src/getcert.c | 44 ++++++++++++++++++++++++++++++++++++-----
|
|
|
7a8c6d |
src/ipa.c | 25 +++++++++++++++++------
|
|
|
7a8c6d |
src/store-files.c | 9 +++++++++
|
|
|
7a8c6d |
src/store-int.h | 1 +
|
|
|
7a8c6d |
src/submit-e.c | 1 +
|
|
|
7a8c6d |
src/submit-e.h | 1 +
|
|
|
7a8c6d |
src/tdbus.h | 1 +
|
|
|
7a8c6d |
src/tdbush.c | 25 ++++++++++++++++++++++-
|
|
|
7a8c6d |
tests/028-dbus/expected.out | 1 +
|
|
|
7a8c6d |
15 files changed, 109 insertions(+), 12 deletions(-)
|
|
|
7a8c6d |
|
|
|
7a8c6d |
diff --git a/doc/api.txt b/doc/api.txt
|
|
|
7a8c6d |
index e11f944de5861663d742c8b91129f7b592e7f72c..31016bec004f0b7f00db4cb3baefd236d485dc85 100644
|
|
|
7a8c6d |
--- a/doc/api.txt
|
|
|
7a8c6d |
+++ b/doc/api.txt
|
|
|
7a8c6d |
@@ -56,6 +56,7 @@ o object layout
|
|
|
7a8c6d |
{("template-crldp"),array-of-string (CRL distribution point URIs)}
|
|
|
7a8c6d |
{("template-ns-comment"),string (Netscape comment)}
|
|
|
7a8c6d |
{("template-profile"),string (certificate profile)}
|
|
|
7a8c6d |
+ {("template-issuer"),string (requested issuer)}
|
|
|
7a8c6d |
{("template-challenge-password"),string (password to add to CSR)}
|
|
|
7a8c6d |
{("template-challenge-password-file"),string (password file)
|
|
|
7a8c6d |
{("cert-presave-command"),string}
|
|
|
7a8c6d |
@@ -164,6 +165,7 @@ o object layout
|
|
|
7a8c6d |
{("template-crldp"),array-of-string (CRL distribution point URIs)}
|
|
|
7a8c6d |
{("template-ns-comment"),string (Netscape comment)}
|
|
|
7a8c6d |
{("template-profile"),string (certificate profile)}
|
|
|
7a8c6d |
+ {("template-issuer"),string (requested issuer)}
|
|
|
7a8c6d |
{("template-challenge-password"),string (password to add to CSR)}
|
|
|
7a8c6d |
{("template-challenge-password-file"),string (password file)
|
|
|
7a8c6d |
{("cert-presave-command"),string}
|
|
|
7a8c6d |
diff --git a/doc/submit.txt b/doc/submit.txt
|
|
|
7a8c6d |
index dbf5319dc29bd9adb4054d4e76e90f028bad5fa6..7444f88c078b7453ae350268482832485259348a 100644
|
|
|
7a8c6d |
--- a/doc/submit.txt
|
|
|
7a8c6d |
+++ b/doc/submit.txt
|
|
|
7a8c6d |
@@ -13,6 +13,7 @@ An external CA helper has a few jobs:
|
|
|
7a8c6d |
* $CERTMONGER_REQ_PRINCIPAL -> Kerberos principal name subjectAltName values
|
|
|
7a8c6d |
* $CERTMONGER_REQ_IP_ADDRESS-> IP address subjectAltName values (since 0.78)
|
|
|
7a8c6d |
* $CERTMONGER_CA_PROFILE -> requested enrollment profile/template/certtype
|
|
|
7a8c6d |
+ * $CERTMONGER_CA_ISSUER -> requested issuer for enrollment
|
|
|
7a8c6d |
* $CERTMONGER_CSR -> certificate signing request
|
|
|
7a8c6d |
* $CERTMONGER_CERTIFICATE -> previously-issued certificate, if there is one
|
|
|
7a8c6d |
* $CERTMONGER_CA_NICKNAME -> nickname of CA (since 0.73)
|
|
|
7a8c6d |
diff --git a/src/cadata.c b/src/cadata.c
|
|
|
7a8c6d |
index 947b2e68d3e74abf688aebd48344bfbf964e5656..7861fe73104143d6a9135fcb50b3ead583b03bf7 100644
|
|
|
7a8c6d |
--- a/src/cadata.c
|
|
|
7a8c6d |
+++ b/src/cadata.c
|
|
|
7a8c6d |
@@ -50,6 +50,7 @@ const char *attribute_map[] = {
|
|
|
7a8c6d |
CM_SUBMIT_REQ_EMAIL_ENV, CM_DBUS_PROP_TEMPLATE_EMAIL,
|
|
|
7a8c6d |
CM_SUBMIT_REQ_IP_ADDRESS_ENV, CM_DBUS_PROP_TEMPLATE_IP_ADDRESS,
|
|
|
7a8c6d |
CM_SUBMIT_PROFILE_ENV, CM_DBUS_PROP_TEMPLATE_PROFILE,
|
|
|
7a8c6d |
+ CM_SUBMIT_ISSUER_ENV, CM_DBUS_PROP_TEMPLATE_ISSUER,
|
|
|
7a8c6d |
NULL,
|
|
|
7a8c6d |
};
|
|
|
7a8c6d |
|
|
|
7a8c6d |
diff --git a/src/getcert-request.1.in b/src/getcert-request.1.in
|
|
|
7a8c6d |
index f11f1ffa35ccb6eb3d6aeea149353f55d5266534..b6578dce4b06fd60f9e784ba5665489eb3dd3982 100644
|
|
|
7a8c6d |
--- a/src/getcert-request.1.in
|
|
|
7a8c6d |
+++ b/src/getcert-request.1.in
|
|
|
7a8c6d |
@@ -87,6 +87,9 @@ the CA should correspond to one listed by \fIgetcert list-cas\fR.
|
|
|
7a8c6d |
\fB\-T\fR NAME
|
|
|
7a8c6d |
Request a certificate using the named profile, template, or certtype,
|
|
|
7a8c6d |
from the specified CA.
|
|
|
7a8c6d |
+.TP
|
|
|
7a8c6d |
+\fB\-X\fR NAME
|
|
|
7a8c6d |
+Request a certificate using the named issuer from the specified CA.
|
|
|
7a8c6d |
|
|
|
7a8c6d |
.SH SIGNING REQUEST OPTIONS
|
|
|
7a8c6d |
|
|
|
7a8c6d |
diff --git a/src/getcert-resubmit.1.in b/src/getcert-resubmit.1.in
|
|
|
7a8c6d |
index ad31da9995194280d79c2ce6bb2311291d37072d..165940eab1e625ecd3db63a1cf0bd822ae6abf72 100644
|
|
|
7a8c6d |
--- a/src/getcert-resubmit.1.in
|
|
|
7a8c6d |
+++ b/src/getcert-resubmit.1.in
|
|
|
7a8c6d |
@@ -48,6 +48,9 @@ the CA should correspond to one listed by \fIgetcert list-cas\fR.
|
|
|
7a8c6d |
Request a certificate using the named profile, template, or certtype,
|
|
|
7a8c6d |
from the specified CA.
|
|
|
7a8c6d |
.TP
|
|
|
7a8c6d |
+\fB\-X\fR NAME
|
|
|
7a8c6d |
+Request a certificate using the named issuer from the specified CA.
|
|
|
7a8c6d |
+.TP
|
|
|
7a8c6d |
\fB\-I\fR NAME
|
|
|
7a8c6d |
Assign the specified nickname to this task, replacing the previous nickname.
|
|
|
7a8c6d |
|
|
|
7a8c6d |
diff --git a/src/getcert-start-tracking.1.in b/src/getcert-start-tracking.1.in
|
|
|
7a8c6d |
index 6cd24e77dd578662e4b18b8ae18dd26b6faa7122..a46f53578626bc62abaeb22e77500548c34ac3c0 100644
|
|
|
7a8c6d |
--- a/src/getcert-start-tracking.1.in
|
|
|
7a8c6d |
+++ b/src/getcert-start-tracking.1.in
|
|
|
7a8c6d |
@@ -85,6 +85,9 @@ useful in combination with \fB\-r\fR.
|
|
|
7a8c6d |
\fB\-T\fR NAME
|
|
|
7a8c6d |
Request a certificate using the named profile, template, or certtype,
|
|
|
7a8c6d |
from the specified CA.
|
|
|
7a8c6d |
+.TP
|
|
|
7a8c6d |
+\fB\-X\fR NAME
|
|
|
7a8c6d |
+Request a certificate using the named issuer from the specified CA.
|
|
|
7a8c6d |
|
|
|
7a8c6d |
.SH SIGNING REQUEST OPTIONS
|
|
|
7a8c6d |
If and when \fIcertmonger\fR attempts to obtain a new certificate to replace
|
|
|
7a8c6d |
diff --git a/src/getcert.c b/src/getcert.c
|
|
|
7a8c6d |
index 49840dd968a75929ef55c6b77966187f0c59fa78..cfa36fb1a7ea16c9c9bacc8f40360efa594b7830 100644
|
|
|
7a8c6d |
--- a/src/getcert.c
|
|
|
7a8c6d |
+++ b/src/getcert.c
|
|
|
7a8c6d |
@@ -691,7 +691,7 @@ request(const char *argv0, int argc, const char **argv)
|
|
|
7a8c6d |
char *pin = NULL, *pinfile = NULL, *cpass = NULL, *cpassfile = NULL;
|
|
|
7a8c6d |
int keysize = 0, auto_renew = 1, verbose = 0, ku = 0, kubit, c, i, j;
|
|
|
7a8c6d |
char *ca = DEFAULT_CA, *subject = NULL, **eku = NULL, *oid, *id = NULL;
|
|
|
7a8c6d |
- char *profile = NULL, kustring[16];
|
|
|
7a8c6d |
+ char *profile = NULL, *issuer = NULL, kustring[16];
|
|
|
7a8c6d |
char **principal = NULL, **dns = NULL, **email = NULL, **ipaddr = NULL;
|
|
|
7a8c6d |
char *key_owner = NULL, *key_perms = NULL;
|
|
|
7a8c6d |
char *cert_owner = NULL, *cert_perms = NULL;
|
|
|
7a8c6d |
@@ -732,6 +732,7 @@ request(const char *argv0, int argc, const char **argv)
|
|
|
7a8c6d |
{"ca", 'c', POPT_ARG_STRING, &ca, 0, _("use the specified CA configuration rather than the default"), HELP_TYPE_NAME},
|
|
|
7a8c6d |
#endif
|
|
|
7a8c6d |
{"profile", 'T', POPT_ARG_STRING, NULL, 'T', _("ask the CA to process the request using the named profile or template"), HELP_TYPE_NAME},
|
|
|
7a8c6d |
+ {"issuer", 'X', POPT_ARG_STRING, NULL, 'X', _("ask the CA to process the request using the named issuer"), HELP_TYPE_NAME},
|
|
|
7a8c6d |
{"subject-name", 'N', POPT_ARG_STRING, NULL, 'N', _("set requested subject name (default: CN=<hostname>)"), HELP_TYPE_SUBJECT},
|
|
|
7a8c6d |
{"key-usage", 'u', POPT_ARG_STRING, NULL, 'u', _("set requested key usage value"), HELP_TYPE_KU},
|
|
|
7a8c6d |
{"extended-key-usage", 'U', POPT_ARG_STRING, NULL, 'U', _("set requested extended key usage OID"), HELP_TYPE_EKU},
|
|
|
7a8c6d |
@@ -858,6 +859,9 @@ request(const char *argv0, int argc, const char **argv)
|
|
|
7a8c6d |
case 'T':
|
|
|
7a8c6d |
profile = talloc_strdup(globals.tctx, poptarg);
|
|
|
7a8c6d |
break;
|
|
|
7a8c6d |
+ case 'X':
|
|
|
7a8c6d |
+ issuer = talloc_strdup(globals.tctx, poptarg);
|
|
|
7a8c6d |
+ break;
|
|
|
7a8c6d |
case 'N':
|
|
|
7a8c6d |
subject = talloc_strdup(globals.tctx, poptarg);
|
|
|
7a8c6d |
break;
|
|
|
7a8c6d |
@@ -1289,6 +1293,13 @@ request(const char *argv0, int argc, const char **argv)
|
|
|
7a8c6d |
params[i] = ¶m[i];
|
|
|
7a8c6d |
i++;
|
|
|
7a8c6d |
}
|
|
|
7a8c6d |
+ if (issuer != NULL) {
|
|
|
7a8c6d |
+ param[i].key = CM_DBUS_PROP_TEMPLATE_ISSUER;
|
|
|
7a8c6d |
+ param[i].value_type = cm_tdbusm_dict_s;
|
|
|
7a8c6d |
+ param[i].value.s = issuer;
|
|
|
7a8c6d |
+ params[i] = ¶m[i];
|
|
|
7a8c6d |
+ i++;
|
|
|
7a8c6d |
+ }
|
|
|
7a8c6d |
if (precommand != NULL) {
|
|
|
7a8c6d |
param[i].key = CM_DBUS_PROP_CERT_PRESAVE_COMMAND;
|
|
|
7a8c6d |
param[i].value_type = cm_tdbusm_dict_s;
|
|
|
7a8c6d |
@@ -1480,7 +1491,7 @@ add_basic_request(enum cm_tdbus_type bus, char *id,
|
|
|
7a8c6d |
char *key_perms, char *cert_perms,
|
|
|
7a8c6d |
char *pin, char *pinfile,
|
|
|
7a8c6d |
char *cpass, char *cpassfile,
|
|
|
7a8c6d |
- char *ca, char *profile,
|
|
|
7a8c6d |
+ char *ca, char *profile, char *issuer,
|
|
|
7a8c6d |
char *precommand, char *postcommand,
|
|
|
7a8c6d |
char **anchor_dbs, char **anchor_files,
|
|
|
7a8c6d |
dbus_bool_t auto_renew_stop, int waitreq,
|
|
|
7a8c6d |
@@ -1644,6 +1655,13 @@ add_basic_request(enum cm_tdbus_type bus, char *id,
|
|
|
7a8c6d |
params[i] = ¶m[i];
|
|
|
7a8c6d |
i++;
|
|
|
7a8c6d |
}
|
|
|
7a8c6d |
+ if (issuer != NULL) {
|
|
|
7a8c6d |
+ param[i].key = CM_DBUS_PROP_TEMPLATE_ISSUER;
|
|
|
7a8c6d |
+ param[i].value_type = cm_tdbusm_dict_s;
|
|
|
7a8c6d |
+ param[i].value.s = issuer;
|
|
|
7a8c6d |
+ params[i] = ¶m[i];
|
|
|
7a8c6d |
+ i++;
|
|
|
7a8c6d |
+ }
|
|
|
7a8c6d |
if (precommand != NULL) {
|
|
|
7a8c6d |
param[i].key = CM_DBUS_PROP_CERT_PRESAVE_COMMAND;
|
|
|
7a8c6d |
param[i].value_type = cm_tdbusm_dict_s;
|
|
|
7a8c6d |
@@ -1726,7 +1744,7 @@ set_tracking(const char *argv0, const char *category,
|
|
|
7a8c6d |
char **anchor_dbs = NULL, **anchor_files = NULL;
|
|
|
7a8c6d |
char *id = NULL, *new_id = NULL, *new_request;
|
|
|
7a8c6d |
char *keyfile = NULL, *certfile = NULL, *ca = DEFAULT_CA;
|
|
|
7a8c6d |
- char *profile = NULL;
|
|
|
7a8c6d |
+ char *profile = NULL, *issuer = NULL;
|
|
|
7a8c6d |
char *pin = NULL, *pinfile = NULL, *cpass = NULL, *cpassfile = NULL;
|
|
|
7a8c6d |
char *key_owner = NULL, *key_perms = NULL;
|
|
|
7a8c6d |
char *cert_owner = NULL, *cert_perms = NULL;
|
|
|
7a8c6d |
@@ -1767,6 +1785,7 @@ set_tracking(const char *argv0, const char *category,
|
|
|
7a8c6d |
{"ca", 'c', POPT_ARG_STRING, &ca, 0, _("use the specified CA configuration rather than the default"), HELP_TYPE_NAME},
|
|
|
7a8c6d |
#endif
|
|
|
7a8c6d |
{"profile", 'T', POPT_ARG_STRING, NULL, 'T', _("ask the CA to process the request using the named profile or template"), HELP_TYPE_NAME},
|
|
|
7a8c6d |
+ {"issuer", 'X', POPT_ARG_STRING, NULL, 'X', _("ask the CA to process the request using the named issuer"), HELP_TYPE_NAME},
|
|
|
7a8c6d |
{"key-usage", 'u', POPT_ARG_STRING, NULL, 'u', _("override requested key usage value"), HELP_TYPE_KU},
|
|
|
7a8c6d |
{"extended-key-usage", 'U', POPT_ARG_STRING, NULL, 'U', _("override requested extended key usage OID"), HELP_TYPE_EKU},
|
|
|
7a8c6d |
{"principal", 'K', POPT_ARG_STRING, NULL, 'K', _("override requested principal name"), HELP_TYPE_PRINCIPAL},
|
|
|
7a8c6d |
@@ -2291,7 +2310,7 @@ set_tracking(const char *argv0, const char *category,
|
|
|
7a8c6d |
key_perms, cert_perms,
|
|
|
7a8c6d |
pin, pinfile,
|
|
|
7a8c6d |
cpass, cpassfile,
|
|
|
7a8c6d |
- ca, profile,
|
|
|
7a8c6d |
+ ca, profile, issuer,
|
|
|
7a8c6d |
precommand, postcommand,
|
|
|
7a8c6d |
anchor_dbs, anchor_files,
|
|
|
7a8c6d |
(auto_renew_stop > 0),
|
|
|
7a8c6d |
@@ -2366,7 +2385,7 @@ rekey_or_resubmit(const char *argv0, const char *category, int argc,
|
|
|
7a8c6d |
char *id = NULL, *new_id = NULL, *ca = NULL, *new_request, *nss_scheme;
|
|
|
7a8c6d |
char *subject = NULL, **eku = NULL, *oid = NULL;
|
|
|
7a8c6d |
char **principal = NULL, **dns = NULL, **email = NULL, **ipaddr = NULL;
|
|
|
7a8c6d |
- char *profile = NULL, kustring[16];
|
|
|
7a8c6d |
+ char *profile = NULL, *issuer = NULL, kustring[16];
|
|
|
7a8c6d |
char *key_owner = NULL, *key_perms = NULL;
|
|
|
7a8c6d |
char *cert_owner = NULL, *cert_perms = NULL;
|
|
|
7a8c6d |
char *keytype = NULL;
|
|
|
7a8c6d |
@@ -2403,6 +2422,7 @@ rekey_or_resubmit(const char *argv0, const char *category, int argc,
|
|
|
7a8c6d |
{"ca", 'c', POPT_ARG_STRING, &ca, 0, _("use the specified CA configuration rather than the current one"), HELP_TYPE_NAME},
|
|
|
7a8c6d |
#endif
|
|
|
7a8c6d |
{"profile", 'T', POPT_ARG_STRING, NULL, 'T', _("ask the CA to process the request using the named profile or template"), HELP_TYPE_NAME},
|
|
|
7a8c6d |
+ {"issuer", 'X', POPT_ARG_STRING, NULL, 'X', _("ask the CA to process the request using the named issuer"), HELP_TYPE_NAME},
|
|
|
7a8c6d |
{"subject-name", 'N', POPT_ARG_STRING, NULL, 'N', _("set requested subject name (default: CN=<hostname>)"), HELP_TYPE_SUBJECT},
|
|
|
7a8c6d |
{"key-usage", 'u', POPT_ARG_STRING, NULL, 'u', _("set requested key usage value"), HELP_TYPE_KU},
|
|
|
7a8c6d |
{"extended-key-usage", 'U', POPT_ARG_STRING, NULL, 'U', _("set requested extended key usage OID"), HELP_TYPE_EKU},
|
|
|
7a8c6d |
@@ -2477,6 +2497,9 @@ rekey_or_resubmit(const char *argv0, const char *category, int argc,
|
|
|
7a8c6d |
case 'T':
|
|
|
7a8c6d |
profile = talloc_strdup(globals.tctx, poptarg);
|
|
|
7a8c6d |
break;
|
|
|
7a8c6d |
+ case 'X':
|
|
|
7a8c6d |
+ issuer = talloc_strdup(globals.tctx, poptarg);
|
|
|
7a8c6d |
+ break;
|
|
|
7a8c6d |
case 'i':
|
|
|
7a8c6d |
id = talloc_strdup(globals.tctx, poptarg);
|
|
|
7a8c6d |
break;
|
|
|
7a8c6d |
@@ -2838,6 +2861,13 @@ rekey_or_resubmit(const char *argv0, const char *category, int argc,
|
|
|
7a8c6d |
params[i] = ¶m[i];
|
|
|
7a8c6d |
i++;
|
|
|
7a8c6d |
}
|
|
|
7a8c6d |
+ if (issuer != NULL) {
|
|
|
7a8c6d |
+ param[i].key = CM_DBUS_PROP_TEMPLATE_ISSUER;
|
|
|
7a8c6d |
+ param[i].value_type = cm_tdbusm_dict_s;
|
|
|
7a8c6d |
+ param[i].value.s = issuer;
|
|
|
7a8c6d |
+ params[i] = ¶m[i];
|
|
|
7a8c6d |
+ i++;
|
|
|
7a8c6d |
+ }
|
|
|
7a8c6d |
if (precommand != NULL) {
|
|
|
7a8c6d |
param[i].key = CM_DBUS_PROP_CERT_PRESAVE_COMMAND;
|
|
|
7a8c6d |
param[i].value_type = cm_tdbusm_dict_s;
|
|
|
7a8c6d |
@@ -4647,6 +4677,7 @@ help(const char *twopartcmd, const char *category)
|
|
|
7a8c6d |
N_(" -c CA use the specified CA rather than the default\n"),
|
|
|
7a8c6d |
#endif
|
|
|
7a8c6d |
N_(" -T PROFILE ask the CA to process the request using the named profile or template\n"),
|
|
|
7a8c6d |
+ N_(" -X ISSUER ask the CA to process the request using the named issuer\n"),
|
|
|
7a8c6d |
N_("* Parameters for the signing request:\n"),
|
|
|
7a8c6d |
N_(" -N NAME set requested subject name (default: CN=<hostname>)\n"),
|
|
|
7a8c6d |
N_(" -U EXTUSAGE set requested extended key usage OID\n"),
|
|
|
7a8c6d |
@@ -4695,6 +4726,7 @@ help(const char *twopartcmd, const char *category)
|
|
|
7a8c6d |
N_(" -c CA use the specified CA rather than the default\n"),
|
|
|
7a8c6d |
#endif
|
|
|
7a8c6d |
N_(" -T PROFILE ask the CA to process the request using the named profile or template\n"),
|
|
|
7a8c6d |
+ N_(" -X ISSUER ask the CA to process the request using the named issuer\n"),
|
|
|
7a8c6d |
N_("* Parameters for the signing request at renewal time:\n"),
|
|
|
7a8c6d |
N_(" -U EXTUSAGE override requested extended key usage OID\n"),
|
|
|
7a8c6d |
N_(" -u KEYUSAGE set requested key usage value\n"),
|
|
|
7a8c6d |
@@ -4773,6 +4805,7 @@ help(const char *twopartcmd, const char *category)
|
|
|
7a8c6d |
N_(" -c CA use the specified CA rather than the current one\n"),
|
|
|
7a8c6d |
#endif
|
|
|
7a8c6d |
N_(" -T PROFILE ask the CA to process the request using the named profile or template\n"),
|
|
|
7a8c6d |
+ N_(" -X ISSUER ask the CA to process the request using the named issuer\n"),
|
|
|
7a8c6d |
N_("* Bus options:\n"),
|
|
|
7a8c6d |
N_(" -S connect to the certmonger service on the system bus\n"),
|
|
|
7a8c6d |
N_(" -s connect to the certmonger service on the session bus\n"),
|
|
|
7a8c6d |
@@ -4820,6 +4853,7 @@ help(const char *twopartcmd, const char *category)
|
|
|
7a8c6d |
N_(" -c CA use the specified CA rather than the current one\n"),
|
|
|
7a8c6d |
#endif
|
|
|
7a8c6d |
N_(" -T PROFILE ask the CA to process the request using the named profile or template\n"),
|
|
|
7a8c6d |
+ N_(" -X ISSUER ask the CA to process the request using the named issuer\n"),
|
|
|
7a8c6d |
N_(" -G TYPE type of new key to be generated\n"),
|
|
|
7a8c6d |
N_(" -g SIZE size of new key to be generated\n"),
|
|
|
7a8c6d |
N_("* Bus options:\n"),
|
|
|
7a8c6d |
diff --git a/src/ipa.c b/src/ipa.c
|
|
|
7a8c6d |
index 5236abb40246c270d1b14c5cfbc467dbd6e8f7a4..72cdda6b07ea5a4850fb404497196c46a6bbbd6d 100644
|
|
|
7a8c6d |
--- a/src/ipa.c
|
|
|
7a8c6d |
+++ b/src/ipa.c
|
|
|
7a8c6d |
@@ -332,7 +332,8 @@ cm_locate_xmlrpc_service(const char *server,
|
|
|
7a8c6d |
/* Make an XML-RPC request to the "cert_request" method. */
|
|
|
7a8c6d |
static int
|
|
|
7a8c6d |
submit_or_poll_uri(const char *uri, const char *cainfo, const char *capath,
|
|
|
7a8c6d |
- const char *csr, const char *reqprinc, const char *profile)
|
|
|
7a8c6d |
+ const char *csr, const char *reqprinc,
|
|
|
7a8c6d |
+ const char *profile, const char *issuer)
|
|
|
7a8c6d |
{
|
|
|
7a8c6d |
struct cm_submit_x_context *ctx;
|
|
|
7a8c6d |
const char *args[2];
|
|
|
7a8c6d |
@@ -366,6 +367,10 @@ submit:
|
|
|
7a8c6d |
if (profile != NULL) {
|
|
|
7a8c6d |
cm_submit_x_add_named_arg_s(ctx, "profile_id", profile);
|
|
|
7a8c6d |
}
|
|
|
7a8c6d |
+ /* Add the requested CA named argument. */
|
|
|
7a8c6d |
+ if (issuer != NULL) {
|
|
|
7a8c6d |
+ cm_submit_x_add_named_arg_s(ctx, "ca", issuer);
|
|
|
7a8c6d |
+ }
|
|
|
7a8c6d |
/* Tell the server to add entries for a principal if one
|
|
|
7a8c6d |
* doesn't exist yet. */
|
|
|
7a8c6d |
cm_submit_x_add_named_arg_b(ctx, "add", 1);
|
|
|
7a8c6d |
@@ -440,12 +445,14 @@ static int
|
|
|
7a8c6d |
submit_or_poll(const char *uri, const char *cainfo, const char *capath,
|
|
|
7a8c6d |
const char *server, int ldap_uri_cmd, const char *ldap_uri,
|
|
|
7a8c6d |
const char *host, const char *domain, char *basedn,
|
|
|
7a8c6d |
- const char *csr, const char *reqprinc, const char *profile)
|
|
|
7a8c6d |
+ const char *csr, const char *reqprinc,
|
|
|
7a8c6d |
+ const char *profile, const char *issuer)
|
|
|
7a8c6d |
{
|
|
|
7a8c6d |
int i, u;
|
|
|
7a8c6d |
char **uris;
|
|
|
7a8c6d |
|
|
|
7a8c6d |
- i = submit_or_poll_uri(uri, cainfo, capath, csr, reqprinc, profile);
|
|
|
7a8c6d |
+ i = submit_or_poll_uri(uri, cainfo, capath, csr, reqprinc, profile,
|
|
|
7a8c6d |
+ issuer);
|
|
|
7a8c6d |
if ((i == CM_SUBMIT_STATUS_UNREACHABLE) ||
|
|
|
7a8c6d |
(i == CM_SUBMIT_STATUS_UNCONFIGURED)) {
|
|
|
7a8c6d |
u = cm_locate_xmlrpc_service(server, ldap_uri_cmd, ldap_uri,
|
|
|
7a8c6d |
@@ -456,7 +463,8 @@ submit_or_poll(const char *uri, const char *cainfo, const char *capath,
|
|
|
7a8c6d |
continue;
|
|
|
7a8c6d |
}
|
|
|
7a8c6d |
i = submit_or_poll_uri(uris[u], cainfo, capath,
|
|
|
7a8c6d |
- csr, reqprinc, profile);
|
|
|
7a8c6d |
+ csr, reqprinc, profile,
|
|
|
7a8c6d |
+ issuer);
|
|
|
7a8c6d |
if ((i != CM_SUBMIT_STATUS_UNREACHABLE) &&
|
|
|
7a8c6d |
(i != CM_SUBMIT_STATUS_UNCONFIGURED)) {
|
|
|
7a8c6d |
talloc_free(uris);
|
|
|
7a8c6d |
@@ -556,7 +564,7 @@ main(int argc, const char **argv)
|
|
|
7a8c6d |
const char *xmlrpc_uri = NULL, *ldap_uri = NULL, *server = NULL, *csrfile;
|
|
|
7a8c6d |
int xmlrpc_uri_cmd = 0, ldap_uri_cmd = 0, verbose = 0;
|
|
|
7a8c6d |
const char *mode = CM_OP_SUBMIT;
|
|
|
7a8c6d |
- char ldn[LINE_MAX], *basedn = NULL, *profile = NULL;
|
|
|
7a8c6d |
+ char ldn[LINE_MAX], *basedn = NULL, *profile = NULL, *issuer = NULL;
|
|
|
7a8c6d |
krb5_error_code kret;
|
|
|
7a8c6d |
poptContext pctx;
|
|
|
7a8c6d |
struct poptOption popts[] = {
|
|
|
7a8c6d |
@@ -571,6 +579,7 @@ main(int argc, const char **argv)
|
|
|
7a8c6d |
{"use-ccache-creds", 'K', POPT_ARG_NONE, NULL, 'K', "use default ccache instead of creating a new one using keytab", NULL},
|
|
|
7a8c6d |
{"principal-of-request", 'P', POPT_ARG_STRING, &reqprinc, 0, "principal name in signing request", "PRINCIPAL"},
|
|
|
7a8c6d |
{"profile", 'T', POPT_ARG_STRING, &profile, 0, "request enrollment using the specified profile", "NAME"},
|
|
|
7a8c6d |
+ {"issuer", 'X', POPT_ARG_STRING, &issuer, 0, "request enrollment using the specified CA", "NAME"},
|
|
|
7a8c6d |
{"basedn", 'b', POPT_ARG_STRING, &basedn, 0, "IPA domain LDAP base DN", "DN"},
|
|
|
7a8c6d |
{"verbose", 'v', POPT_ARG_NONE, NULL, 'v', NULL, NULL},
|
|
|
7a8c6d |
POPT_AUTOHELP
|
|
|
7a8c6d |
@@ -729,6 +738,10 @@ main(int argc, const char **argv)
|
|
|
7a8c6d |
(getenv(CM_SUBMIT_PROFILE_ENV) != NULL)) {
|
|
|
7a8c6d |
profile = strdup(getenv(CM_SUBMIT_PROFILE_ENV));
|
|
|
7a8c6d |
}
|
|
|
7a8c6d |
+ if ((issuer == NULL) &&
|
|
|
7a8c6d |
+ (getenv(CM_SUBMIT_ISSUER_ENV) != NULL)) {
|
|
|
7a8c6d |
+ issuer = strdup(getenv(CM_SUBMIT_ISSUER_ENV));
|
|
|
7a8c6d |
+ }
|
|
|
7a8c6d |
if ((server != NULL) && !xmlrpc_uri_cmd) {
|
|
|
7a8c6d |
snprintf(uri, sizeof(uri),
|
|
|
7a8c6d |
"https://%s/ipa/xml", server);
|
|
|
7a8c6d |
@@ -835,7 +848,7 @@ main(int argc, const char **argv)
|
|
|
7a8c6d |
return submit_or_poll(uri, cainfo, capath,
|
|
|
7a8c6d |
server, ldap_uri_cmd, ldap_uri,
|
|
|
7a8c6d |
host, domain, basedn,
|
|
|
7a8c6d |
- csr, reqprinc, profile);
|
|
|
7a8c6d |
+ csr, reqprinc, profile, issuer);
|
|
|
7a8c6d |
} else
|
|
|
7a8c6d |
if (strcasecmp(mode, CM_OP_FETCH_ROOTS) == 0) {
|
|
|
7a8c6d |
return fetch_roots(server, ldap_uri_cmd, ldap_uri, host,
|
|
|
7a8c6d |
diff --git a/src/store-files.c b/src/store-files.c
|
|
|
7a8c6d |
index 961d03b7d1724a2cdb1fc4a26d8f1e25e474824f..889829ca62a035a758288aac158cbe17b0fd9e6d 100644
|
|
|
7a8c6d |
--- a/src/store-files.c
|
|
|
7a8c6d |
+++ b/src/store-files.c
|
|
|
7a8c6d |
@@ -129,6 +129,7 @@ enum cm_store_file_field {
|
|
|
7a8c6d |
cm_store_entry_field_template_ocsp_location,
|
|
|
7a8c6d |
cm_store_entry_field_template_ns_comment,
|
|
|
7a8c6d |
cm_store_entry_field_template_profile,
|
|
|
7a8c6d |
+ cm_store_entry_field_template_issuer,
|
|
|
7a8c6d |
cm_store_entry_field_template_no_ocsp_check,
|
|
|
7a8c6d |
cm_store_entry_field_template_ns_certtype,
|
|
|
7a8c6d |
|
|
|
7a8c6d |
@@ -303,6 +304,7 @@ static struct cm_store_file_field_list {
|
|
|
7a8c6d |
{cm_store_entry_field_template_ns_comment, "template_ns_comment"},
|
|
|
7a8c6d |
{cm_store_entry_field_template_profile, "template_profile"}, /* right */
|
|
|
7a8c6d |
{cm_store_entry_field_template_profile, "ca_profile"}, /* wrong */
|
|
|
7a8c6d |
+ {cm_store_entry_field_template_issuer, "template_issuer"},
|
|
|
7a8c6d |
{cm_store_entry_field_template_no_ocsp_check, "template_no_ocsp_check"},
|
|
|
7a8c6d |
{cm_store_entry_field_template_ns_certtype, "template_ns_certtype"},
|
|
|
7a8c6d |
|
|
|
7a8c6d |
@@ -1127,6 +1129,9 @@ cm_store_entry_read(void *parent, const char *filename, FILE *fp)
|
|
|
7a8c6d |
case cm_store_entry_field_template_profile:
|
|
|
7a8c6d |
ret->cm_template_profile = free_if_empty(p);
|
|
|
7a8c6d |
break;
|
|
|
7a8c6d |
+ case cm_store_entry_field_template_issuer:
|
|
|
7a8c6d |
+ ret->cm_template_issuer = free_if_empty(p);
|
|
|
7a8c6d |
+ break;
|
|
|
7a8c6d |
case cm_store_entry_field_template_no_ocsp_check:
|
|
|
7a8c6d |
ret->cm_template_no_ocsp_check = atoi(p) != 0;
|
|
|
7a8c6d |
talloc_free(p);
|
|
|
7a8c6d |
@@ -1370,6 +1375,7 @@ cm_store_ca_read(void *parent, const char *filename, FILE *fp)
|
|
|
7a8c6d |
case cm_store_entry_field_template_ocsp_location:
|
|
|
7a8c6d |
case cm_store_entry_field_template_ns_comment:
|
|
|
7a8c6d |
case cm_store_entry_field_template_profile:
|
|
|
7a8c6d |
+ case cm_store_entry_field_template_issuer:
|
|
|
7a8c6d |
case cm_store_entry_field_template_no_ocsp_check:
|
|
|
7a8c6d |
case cm_store_entry_field_template_ns_certtype:
|
|
|
7a8c6d |
case cm_store_entry_field_challenge_password:
|
|
|
7a8c6d |
@@ -1972,6 +1978,8 @@ cm_store_entry_write(FILE *fp, struct cm_store_entry *entry)
|
|
|
7a8c6d |
entry->cm_template_ns_comment);
|
|
|
7a8c6d |
cm_store_file_write_str(fp, cm_store_entry_field_template_profile,
|
|
|
7a8c6d |
entry->cm_template_profile);
|
|
|
7a8c6d |
+ cm_store_file_write_str(fp, cm_store_entry_field_template_issuer,
|
|
|
7a8c6d |
+ entry->cm_template_issuer);
|
|
|
7a8c6d |
cm_store_file_write_int(fp, cm_store_entry_field_template_no_ocsp_check,
|
|
|
7a8c6d |
entry->cm_template_no_ocsp_check ? 1 : 0);
|
|
|
7a8c6d |
cm_store_file_write_str(fp, cm_store_entry_field_template_ns_certtype,
|
|
|
7a8c6d |
@@ -2735,6 +2743,7 @@ cm_store_entry_dup(void *parent, struct cm_store_entry *entry)
|
|
|
7a8c6d |
ret->cm_template_ocsp_location = cm_store_maybe_strdupv(ret, entry->cm_template_ocsp_location);
|
|
|
7a8c6d |
ret->cm_template_ns_comment = cm_store_maybe_strdup(ret, entry->cm_template_ns_comment);
|
|
|
7a8c6d |
ret->cm_template_profile = cm_store_maybe_strdup(ret, entry->cm_template_profile);
|
|
|
7a8c6d |
+ ret->cm_template_issuer = cm_store_maybe_strdup(ret, entry->cm_template_issuer);
|
|
|
7a8c6d |
ret->cm_template_no_ocsp_check = entry->cm_template_no_ocsp_check;
|
|
|
7a8c6d |
ret->cm_template_ns_certtype = cm_store_maybe_strdup(ret,
|
|
|
7a8c6d |
entry->cm_template_ns_certtype);
|
|
|
7a8c6d |
diff --git a/src/store-int.h b/src/store-int.h
|
|
|
7a8c6d |
index d7d3fc86306b103b0a90faef7396697743b9c8da..2d3a35387516c48ab81a6422e42d57d5741593f6 100644
|
|
|
7a8c6d |
--- a/src/store-int.h
|
|
|
7a8c6d |
+++ b/src/store-int.h
|
|
|
7a8c6d |
@@ -142,6 +142,7 @@ struct cm_store_entry {
|
|
|
7a8c6d |
char **cm_template_ocsp_location;
|
|
|
7a8c6d |
char *cm_template_ns_comment;
|
|
|
7a8c6d |
char *cm_template_profile;
|
|
|
7a8c6d |
+ char *cm_template_issuer;
|
|
|
7a8c6d |
char *cm_template_ns_certtype;
|
|
|
7a8c6d |
unsigned int cm_template_no_ocsp_check: 1;
|
|
|
7a8c6d |
/* A challenge password, which may be included (in cleartext form!) in
|
|
|
7a8c6d |
diff --git a/src/submit-e.c b/src/submit-e.c
|
|
|
7a8c6d |
index 6997b436e42aa4f77c421040070ee2484467dea5..befd01e0fd00b8f9e239752ffbd80c985fae5057 100644
|
|
|
7a8c6d |
--- a/src/submit-e.c
|
|
|
7a8c6d |
+++ b/src/submit-e.c
|
|
|
7a8c6d |
@@ -876,6 +876,7 @@ cm_submit_e_helper_main(int fd, struct cm_store_ca *ca,
|
|
|
7a8c6d |
maybe_setenv(CM_SUBMIT_COOKIE_ENV, entry->cm_ca_cookie);
|
|
|
7a8c6d |
maybe_setenv(CM_SUBMIT_CA_NICKNAME_ENV, entry->cm_ca_nickname);
|
|
|
7a8c6d |
maybe_setenv(CM_SUBMIT_PROFILE_ENV, entry->cm_template_profile);
|
|
|
7a8c6d |
+ maybe_setenv(CM_SUBMIT_ISSUER_ENV, entry->cm_template_issuer);
|
|
|
7a8c6d |
maybe_setenv(CM_SUBMIT_CERTIFICATE_ENV, entry->cm_cert);
|
|
|
7a8c6d |
/* Only pass SCEP data to the helper if we haven't used this set of
|
|
|
7a8c6d |
* nonced data before. It'll ask for fresh data if it needs it. */
|
|
|
7a8c6d |
diff --git a/src/submit-e.h b/src/submit-e.h
|
|
|
7a8c6d |
index 2e325cf7d36436b89287e9933db83a6d853abfd1..0148d4da07507a000d8e6e8aca98f2ed84669eca 100644
|
|
|
7a8c6d |
--- a/src/submit-e.h
|
|
|
7a8c6d |
+++ b/src/submit-e.h
|
|
|
7a8c6d |
@@ -48,6 +48,7 @@ const char *cm_submit_e_status_text(enum cm_external_status status);
|
|
|
7a8c6d |
#define CM_SUBMIT_COOKIE_ENV "CERTMONGER_CA_COOKIE"
|
|
|
7a8c6d |
#define CM_SUBMIT_CA_NICKNAME_ENV "CERTMONGER_CA_NICKNAME"
|
|
|
7a8c6d |
#define CM_SUBMIT_PROFILE_ENV "CERTMONGER_CA_PROFILE"
|
|
|
7a8c6d |
+#define CM_SUBMIT_ISSUER_ENV "CERTMONGER_CA_ISSUER"
|
|
|
7a8c6d |
#define CM_SUBMIT_CERTIFICATE_ENV "CERTMONGER_CERTIFICATE"
|
|
|
7a8c6d |
#define CM_SUBMIT_SCEP_CA_IDENTIFIER_ENV "CERTMONGER_SCEP_CA_IDENTIFIER"
|
|
|
7a8c6d |
#define CM_SUBMIT_SCEP_RA_CERTIFICATE_ENV "CERTMONGER_SCEP_RA_CERTIFICATE"
|
|
|
7a8c6d |
diff --git a/src/tdbus.h b/src/tdbus.h
|
|
|
7a8c6d |
index c9b3afeb59548c2dc1260cfd7c76b39327a42f89..496f2dd289a0bd9b4d66451ea5eb0acf83d0cf5f 100644
|
|
|
7a8c6d |
--- a/src/tdbus.h
|
|
|
7a8c6d |
+++ b/src/tdbus.h
|
|
|
7a8c6d |
@@ -108,6 +108,7 @@
|
|
|
7a8c6d |
#define CM_DBUS_PROP_TEMPLATE_FRESHEST_CRL "template-freshest-crl"
|
|
|
7a8c6d |
#define CM_DBUS_PROP_TEMPLATE_NS_COMMENT "template-ns-comment"
|
|
|
7a8c6d |
#define CM_DBUS_PROP_TEMPLATE_PROFILE "template-profile"
|
|
|
7a8c6d |
+#define CM_DBUS_PROP_TEMPLATE_ISSUER "template-issuer"
|
|
|
7a8c6d |
#define CM_DBUS_PROP_TEMPLATE_NS_CERTTYPE "template-ns-certtype"
|
|
|
7a8c6d |
#define CM_DBUS_SIGNAL_REQUEST_CERT_SAVED "SavedCertificate"
|
|
|
7a8c6d |
#define CM_DBUS_PROP_CA_PRESAVE_COMMAND "ca-presave-command"
|
|
|
7a8c6d |
diff --git a/src/tdbush.c b/src/tdbush.c
|
|
|
7a8c6d |
index 4660f80f26669d31b2629c543384fe95bbec1ea9..05a503e06a553c566dcff5e053cbd8aa16c20f14 100644
|
|
|
7a8c6d |
--- a/src/tdbush.c
|
|
|
7a8c6d |
+++ b/src/tdbush.c
|
|
|
7a8c6d |
@@ -1562,6 +1562,13 @@ base_add_request(DBusConnection *conn, DBusMessage *msg,
|
|
|
7a8c6d |
param->value.s);
|
|
|
7a8c6d |
}
|
|
|
7a8c6d |
param = cm_tdbusm_find_dict_entry(d,
|
|
|
7a8c6d |
+ CM_DBUS_PROP_TEMPLATE_ISSUER,
|
|
|
7a8c6d |
+ cm_tdbusm_dict_s);
|
|
|
7a8c6d |
+ if (param != NULL) {
|
|
|
7a8c6d |
+ new_entry->cm_template_issuer = maybe_strdup(new_entry,
|
|
|
7a8c6d |
+ param->value.s);
|
|
|
7a8c6d |
+ }
|
|
|
7a8c6d |
+ param = cm_tdbusm_find_dict_entry(d,
|
|
|
7a8c6d |
CM_DBUS_PROP_TEMPLATE_CHALLENGE_PASSWORD,
|
|
|
7a8c6d |
cm_tdbusm_dict_s);
|
|
|
7a8c6d |
if ((param != NULL) &&
|
|
|
7a8c6d |
@@ -3306,6 +3313,14 @@ request_modify(DBusConnection *conn, DBusMessage *msg,
|
|
|
7a8c6d |
}
|
|
|
7a8c6d |
} else
|
|
|
7a8c6d |
if ((param->value_type == cm_tdbusm_dict_s) &&
|
|
|
7a8c6d |
+ (strcasecmp(param->key, CM_DBUS_PROP_TEMPLATE_ISSUER) == 0)) {
|
|
|
7a8c6d |
+ talloc_free(entry->cm_template_issuer);
|
|
|
7a8c6d |
+ entry->cm_template_issuer = maybe_strdup(entry, param->value.s);
|
|
|
7a8c6d |
+ if (n_propname + 2 < sizeof(propname) / sizeof(propname[0])) {
|
|
|
7a8c6d |
+ propname[n_propname++] = CM_DBUS_PROP_TEMPLATE_ISSUER;
|
|
|
7a8c6d |
+ }
|
|
|
7a8c6d |
+ } else
|
|
|
7a8c6d |
+ if ((param->value_type == cm_tdbusm_dict_s) &&
|
|
|
7a8c6d |
(strcasecmp(param->key, CM_DBUS_PROP_TEMPLATE_CHALLENGE_PASSWORD) == 0)) {
|
|
|
7a8c6d |
talloc_free(entry->cm_template_challenge_password);
|
|
|
7a8c6d |
entry->cm_template_challenge_password = maybe_strdup(entry,
|
|
|
7a8c6d |
@@ -6712,6 +6727,14 @@ cm_tdbush_iface_request(void)
|
|
|
7a8c6d |
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
|
|
|
7a8c6d |
NULL),
|
|
|
7a8c6d |
make_interface_item(cm_tdbush_interface_property,
|
|
|
7a8c6d |
+ make_property(CM_DBUS_PROP_TEMPLATE_ISSUER,
|
|
|
7a8c6d |
+ cm_tdbush_property_string,
|
|
|
7a8c6d |
+ cm_tdbush_property_readwrite,
|
|
|
7a8c6d |
+ cm_tdbush_property_char_p,
|
|
|
7a8c6d |
+ offsetof(struct cm_store_entry, cm_template_issuer),
|
|
|
7a8c6d |
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL,
|
|
|
7a8c6d |
+ NULL),
|
|
|
7a8c6d |
+ make_interface_item(cm_tdbush_interface_property,
|
|
|
7a8c6d |
make_property(CM_DBUS_PROP_TEMPLATE_NS_CERTTYPE,
|
|
|
7a8c6d |
cm_tdbush_property_string,
|
|
|
7a8c6d |
cm_tdbush_property_readwrite,
|
|
|
7a8c6d |
@@ -7156,7 +7179,7 @@ cm_tdbush_iface_request(void)
|
|
|
7a8c6d |
make_interface_item(cm_tdbush_interface_signal,
|
|
|
7a8c6d |
make_signal(CM_DBUS_SIGNAL_REQUEST_CERT_SAVED,
|
|
|
7a8c6d |
NULL),
|
|
|
7a8c6d |
- NULL)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))));
|
|
|
7a8c6d |
+ NULL))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))));
|
|
|
7a8c6d |
}
|
|
|
7a8c6d |
return ret;
|
|
|
7a8c6d |
}
|
|
|
7a8c6d |
diff --git a/tests/028-dbus/expected.out b/tests/028-dbus/expected.out
|
|
|
7a8c6d |
index ba55dd5ce97c74475dbebb761c41dd2e64e64365..b2660317b3102373f2a5a877a7224f727929412c 100644
|
|
|
7a8c6d |
--- a/tests/028-dbus/expected.out
|
|
|
7a8c6d |
+++ b/tests/028-dbus/expected.out
|
|
|
7a8c6d |
@@ -328,6 +328,7 @@ OK
|
|
|
7a8c6d |
<property name="template-freshest-crl" type="as" access="readwrite"/>
|
|
|
7a8c6d |
<property name="template-ns-comment" type="s" access="readwrite"/>
|
|
|
7a8c6d |
<property name="template-profile" type="s" access="readwrite"/>
|
|
|
7a8c6d |
+ <property name="template-issuer" type="s" access="readwrite"/>
|
|
|
7a8c6d |
<property name="template-ns-certtype" type="s" access="readwrite"/>
|
|
|
7a8c6d |
<property name="template-challenge-password" type="s" access="readwrite"/>
|
|
|
7a8c6d |
<property name="template-challenge-password-file" type="s" access="readwrite"/>
|
|
|
7a8c6d |
--
|
|
|
7a8c6d |
2.9.0
|
|
|
7a8c6d |
|