diff options
author | Sumit Bose <sbose@redhat.com> | 2017-03-16 13:00:48 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-03-29 15:01:26 +0200 |
commit | 1b5d6b1afc9c3dc696b7b45f2d73b2634f42800a (patch) | |
tree | 736b1f1c5b0e4e92def9237fbd71b440683b4907 | |
parent | bd1fa0ec90be717c3b7796d74b6f243f40178d16 (diff) | |
download | sssd-1b5d6b1afc9c3dc696b7b45f2d73b2634f42800a.tar.gz sssd-1b5d6b1afc9c3dc696b7b45f2d73b2634f42800a.tar.xz sssd-1b5d6b1afc9c3dc696b7b45f2d73b2634f42800a.zip |
ssh: add support for certificates from non-default views
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
-rw-r--r-- | src/responder/ssh/ssh_reply.c | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/src/responder/ssh/ssh_reply.c b/src/responder/ssh/ssh_reply.c index 7093e4725..1bb9d3318 100644 --- a/src/responder/ssh/ssh_reply.c +++ b/src/responder/ssh/ssh_reply.c @@ -204,7 +204,7 @@ ssh_get_output_keys(TALLOC_CTX *mem_ctx, uint32_t i = 0; errno_t ret; - elements = talloc_zero_array(mem_ctx, struct ldb_message_element *, 5); + elements = talloc_zero_array(mem_ctx, struct ldb_message_element *, 6); if (elements == NULL) { return ENOMEM; } @@ -244,6 +244,24 @@ ssh_get_output_keys(TALLOC_CTX *mem_ctx, } } + if (DOM_HAS_VIEWS(domain)) { + user_cert = ldb_msg_find_element(msg, OVERRIDE_PREFIX SYSDB_USER_CERT); + if (user_cert != NULL) { + ret = get_valid_certs_keys(elements, ssh_ctx, user_cert, + &elements[i]); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "get_valid_certs_keys failed.\n"); + goto done; + } + + if (elements[i] != NULL) { + elements[i]->flags |= SSS_EL_FLAG_BIN_DATA; + num_keys += elements[i]->num_values; + i++; + } + } + } + *_elements = elements; *_num_keys = num_keys; |