diff options
| author | Sumit Bose <sbose@redhat.com> | 2017-04-27 09:28:55 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-04-28 09:12:44 +0200 |
| commit | 2e5fc89ef25434fab7febe2c52e97ef989b50d5b (patch) | |
| tree | 4148c6b6459c9b7d8d405c026066c699ad7f2b5d | |
| parent | feeabf273aa7af580552366ce58655e6a482a0cd (diff) | |
| download | sssd-2e5fc89ef25434fab7febe2c52e97ef989b50d5b.tar.gz sssd-2e5fc89ef25434fab7febe2c52e97ef989b50d5b.tar.xz sssd-2e5fc89ef25434fab7febe2c52e97ef989b50d5b.zip | |
overrides: add certificates to mapped attribute
Certificates in overrides are explicitly used to map users to
certificates, so we add them to SYSDB_USER_MAPPED_CERT as well.
Resolves https://pagure.io/SSSD/sssd/issue/3373
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
| -rw-r--r-- | src/db/sysdb_views.c | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/src/db/sysdb_views.c b/src/db/sysdb_views.c index 20db9b061..3773dda77 100644 --- a/src/db/sysdb_views.c +++ b/src/db/sysdb_views.c @@ -777,6 +777,7 @@ errno_t sysdb_apply_default_override(struct sss_domain_info *domain, int ret; TALLOC_CTX *tmp_ctx; struct sysdb_attrs *attrs; + struct sysdb_attrs *mapped_attrs = NULL; size_t c; size_t d; size_t num_values; @@ -791,6 +792,7 @@ errno_t sysdb_apply_default_override(struct sss_domain_info *domain, SYSDB_USER_CERT, NULL }; bool override_attrs_found = false; + bool is_cert = false; if (override_attrs == NULL) { /* nothing to do */ @@ -846,6 +848,24 @@ errno_t sysdb_apply_default_override(struct sss_domain_info *domain, num_values = 1; } + is_cert = false; + if (strcmp(allowed_attrs[c], SYSDB_USER_CERT) == 0) { + /* Certificates in overrides are explicitly used to map + * users to certificates, so we add them to + * SYSDB_USER_MAPPED_CERT as well. */ + is_cert = true; + + if (mapped_attrs == NULL) { + mapped_attrs = sysdb_new_attrs(tmp_ctx); + if (mapped_attrs == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + "sysdb_new_attrs failed.\n"); + ret = ENOMEM; + goto done; + } + } + } + for (d = 0; d < num_values; d++) { ret = sysdb_attrs_add_val(attrs, allowed_attrs[c], &el->values[d]); @@ -854,6 +874,18 @@ errno_t sysdb_apply_default_override(struct sss_domain_info *domain, "sysdb_attrs_add_val failed.\n"); goto done; } + + if (is_cert) { + ret = sysdb_attrs_add_val(mapped_attrs, + SYSDB_USER_MAPPED_CERT, + &el->values[d]); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "sysdb_attrs_add_val failed.\n"); + goto done; + } + } + DEBUG(SSSDBG_TRACE_ALL, "Override [%s] with [%.*s] for [%s].\n", allowed_attrs[c], (int) el->values[d].length, @@ -878,6 +910,15 @@ errno_t sysdb_apply_default_override(struct sss_domain_info *domain, DEBUG(SSSDBG_OP_FAILURE, "sysdb_set_entry_attr failed.\n"); goto done; } + + if (mapped_attrs != NULL) { + ret = sysdb_set_entry_attr(domain->sysdb, obj_dn, mapped_attrs, + SYSDB_MOD_ADD); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "sysdb_set_entry_attr failed, ignored.\n"); + } + } } ret = EOK; |