ssh: add support for certificates from non-default views

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

1 files changed, 19 insertions, 1 deletions

diff --git a/src/responder/ssh/ssh_reply.c b/src/responder/ssh/ssh_reply.c
index 7093e4725..1bb9d3318 100644
--- a/src/responder/ssh/ssh_reply.c
+++ b/src/responder/ssh/ssh_reply.c
@@ -204,7 +204,7 @@ ssh_get_output_keys(TALLOC_CTX *mem_ctx,
     uint32_t i = 0;
     errno_t ret;
 
-    elements = talloc_zero_array(mem_ctx, struct ldb_message_element *, 5);
+    elements = talloc_zero_array(mem_ctx, struct ldb_message_element *, 6);
     if (elements == NULL) {
         return ENOMEM;
     }
@@ -244,6 +244,24 @@ ssh_get_output_keys(TALLOC_CTX *mem_ctx,
         }
     }
 
+    if (DOM_HAS_VIEWS(domain)) {
+        user_cert = ldb_msg_find_element(msg, OVERRIDE_PREFIX SYSDB_USER_CERT);
+        if (user_cert != NULL) {
+            ret = get_valid_certs_keys(elements, ssh_ctx, user_cert,
+                                       &elements[i]);
+            if (ret != EOK) {
+                DEBUG(SSSDBG_OP_FAILURE, "get_valid_certs_keys failed.\n");
+                goto done;
+            }
+
+            if (elements[i] != NULL) {
+                elements[i]->flags |= SSS_EL_FLAG_BIN_DATA;
+                num_keys += elements[i]->num_values;
+                i++;
+            }
+        }
+    }
+
     *_elements = elements;
     *_num_keys = num_keys;