From 2ee84a6166d42b7413f64c0d9bd9327767f15273 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: May 26 2015 23:41:14 +0000 Subject: Provide requested IP addresses to helpers When invoking enrollment helpers, we tend to expose most of the naming information from the enrollment request, but we didn't extend that to IP addresses when we learned to request them. Go back and fix that. --- diff --git a/doc/submit.txt b/doc/submit.txt index 9580de5..75ca23d 100644 --- a/doc/submit.txt +++ b/doc/submit.txt @@ -11,6 +11,7 @@ An external CA helper has a few jobs: * $CERTMONGER_REQ_EMAIL -> email address subjectAltName values * $CERTMONGER_REQ_HOSTNAME -> DNS name subjectAltName values * $CERTMONGER_REQ_PRINCIPAL -> Kerberos principal name subjectAltName values + * $CERTMONGER_REQ_IP_ADDRESS-> IP address subjectAltName values (since 0.78) * $CERTMONGER_CA_PROFILE -> requested enrollment profile/template/certtype * $CERTMONGER_CSR -> certificate signing request * $CERTMONGER_CERTIFICATE -> previously-issued certificate, if there is one diff --git a/src/submit-e.c b/src/submit-e.c index 86536cf..2e2930b 100644 --- a/src/submit-e.c +++ b/src/submit-e.c @@ -566,6 +566,12 @@ cm_submit_e_helper_main(int fd, struct cm_store_ca *ca, entry->cm_scep_gic_next, 1); } } + if (entry->cm_template_ipaddress != NULL) { + setenv(CM_SUBMIT_REQ_IP_ADDRESS_ENV, + cm_submit_maybe_joinv(NULL, "\n", + entry->cm_template_ipaddress), + 1); + } if (dup2(fd, STDOUT_FILENO) == -1) { u = errno; cm_log(1, "Error redirecting standard out for " diff --git a/src/submit-e.h b/src/submit-e.h index 0c948a6..cd166ee 100644 --- a/src/submit-e.h +++ b/src/submit-e.h @@ -38,6 +38,7 @@ const char *cm_submit_e_status_text(enum cm_external_status status); #define CM_SUBMIT_REQ_HOSTNAME_ENV "CERTMONGER_REQ_HOSTNAME" #define CM_SUBMIT_REQ_PRINCIPAL_ENV "CERTMONGER_REQ_PRINCIPAL" #define CM_SUBMIT_REQ_EMAIL_ENV "CERTMONGER_REQ_EMAIL" +#define CM_SUBMIT_REQ_IP_ADDRESS_ENV "CERTMONGER_REQ_IP_ADDRESS" #define CM_SUBMIT_OPERATION_ENV "CERTMONGER_OPERATION" #define CM_SUBMIT_CSR_ENV "CERTMONGER_CSR" #define CM_SUBMIT_SPKAC_ENV "CERTMONGER_SPKAC"