From af5a58fc3811af8521721f731d8234d983042cea Mon Sep 17 00:00:00 2001 From: Jan Cholasta Date: Fri, 3 Feb 2012 22:29:47 +0100 Subject: LDAP: Add support for SSH user public keys --- src/providers/ldap/ldap_common.c | 6 ++++-- src/providers/ldap/sdap.c | 20 ++++++++++++++++++-- src/providers/ldap/sdap.h | 1 + 3 files changed, 23 insertions(+), 4 deletions(-) (limited to 'src/providers/ldap') diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index ce8848384..c92eb282a 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -151,7 +151,8 @@ struct sdap_attr_map rfc2307_user_map[] = { { "ldap_user_authorized_host", "host", SYSDB_AUTHORIZED_HOST, NULL }, { "ldap_user_nds_login_disabled", "loginDisabled", SYSDB_NDS_LOGIN_DISABLED, NULL }, { "ldap_user_nds_login_expiration_time", "loginExpirationTime", SYSDB_NDS_LOGIN_EXPIRATION_TIME, NULL }, - { "ldap_user_nds_login_allowed_time_map", "loginAllowedTimeMap", SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL } + { "ldap_user_nds_login_allowed_time_map", "loginAllowedTimeMap", SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL }, + { "ldap_user_ssh_public_key", NULL, SYSDB_SSH_PUBKEY, NULL } }; struct sdap_attr_map rfc2307_group_map[] = { @@ -198,7 +199,8 @@ struct sdap_attr_map rfc2307bis_user_map[] = { { "ldap_user_authorized_host", "host", SYSDB_AUTHORIZED_HOST, NULL }, { "ldap_user_nds_login_disabled", "loginDisabled", SYSDB_NDS_LOGIN_DISABLED, NULL }, { "ldap_user_nds_login_expiration_time", "loginExpirationTime", SYSDB_NDS_LOGIN_EXPIRATION_TIME, NULL }, - { "ldap_user_nds_login_allowed_time_map", "loginAllowedTimeMap", SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL } + { "ldap_user_nds_login_allowed_time_map", "loginAllowedTimeMap", SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL }, + { "ldap_user_ssh_public_key", NULL, SYSDB_SSH_PUBKEY, NULL } }; struct sdap_attr_map rfc2307bis_group_map[] = { diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c index 1f97f554d..3ac19498a 100644 --- a/src/providers/ldap/sdap.c +++ b/src/providers/ldap/sdap.c @@ -20,6 +20,7 @@ */ #include "util/util.h" +#include "util/crypto/sss_crypto.h" #include "confdb/confdb.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap.h" @@ -101,6 +102,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx, int a, i, ret; const char *name; bool store; + bool base64; lerrno = 0; ret = ldap_set_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); @@ -171,6 +173,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx, } } while (str) { + base64 = false; if (map) { for (a = 1; a < attrs_num; a++) { /* check if this attr is valid with the chosen schema */ @@ -182,6 +185,9 @@ int sdap_parse_entry(TALLOC_CTX *memctx, if (a < attrs_num) { store = true; name = map[a].sys_name; + if (strcmp(name, SYSDB_SSH_PUBKEY) == 0) { + base64 = true; + } } else { store = false; name = NULL; @@ -217,8 +223,18 @@ int sdap_parse_entry(TALLOC_CTX *memctx, goto fail; } for (i = 0; vals[i]; i++) { - v.data = (uint8_t *)vals[i]->bv_val; - v.length = vals[i]->bv_len; + if (base64) { + v.data = (uint8_t *)sss_base64_encode(attrs, + (uint8_t *)vals[i]->bv_val, vals[i]->bv_len); + if (!v.data) { + ret = ENOMEM; + goto fail; + } + v.length = strlen((const char *)v.data); + } else { + v.data = (uint8_t *)vals[i]->bv_val; + v.length = vals[i]->bv_len; + } ret = sysdb_attrs_add_val(attrs, name, &v); if (ret) goto fail; diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index 2a63ea830..5d4238466 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -256,6 +256,7 @@ enum sdap_user_attrs { SDAP_AT_NDS_LOGIN_DISABLED, SDAP_AT_NDS_LOGIN_EXPIRATION_TIME, SDAP_AT_NDS_LOGIN_ALLOWED_TIME_MAP, + SDAP_AT_USER_SSH_PUBLIC_KEY, SDAP_OPTS_USER /* attrs counter */ }; -- cgit