diff options
author | Sumit Bose <sbose@redhat.com> | 2015-11-30 12:14:55 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-03-23 17:19:07 +0100 |
commit | 81c564a0692aa4b719af2219f52894e6cd4bdf9f (patch) | |
tree | 15488a535a68d194f7244d610530c3120015f16a /src/db | |
parent | 70c0648f021ded3d31313eb962e1ad140f242673 (diff) | |
download | sssd-81c564a0692aa4b719af2219f52894e6cd4bdf9f.tar.gz sssd-81c564a0692aa4b719af2219f52894e6cd4bdf9f.tar.xz sssd-81c564a0692aa4b719af2219f52894e6cd4bdf9f.zip |
LDAP: always store the certificate from the request
Store the certificate used to lookup a user as mapped attribute in the
cached user object.
Related to https://pagure.io/SSSD/sssd/issue/3050
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Diffstat (limited to 'src/db')
-rw-r--r-- | src/db/sysdb.h | 1 | ||||
-rw-r--r-- | src/db/sysdb_ops.c | 4 |
2 files changed, 3 insertions, 2 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 098f47f91..3db22b368 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -139,6 +139,7 @@ #define SYSDB_AUTH_TYPE "authType" #define SYSDB_USER_CERT "userCertificate" +#define SYSDB_USER_MAPPED_CERT "userMappedCertificate" #define SYSDB_USER_EMAIL "mail" #define SYSDB_SUBDOMAIN_REALM "realmName" diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 6c2254df2..8ae257644 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -4660,7 +4660,7 @@ errno_t sysdb_search_object_by_cert(TALLOC_CTX *mem_ctx, int ret; char *user_filter; - ret = sss_cert_derb64_to_ldap_filter(mem_ctx, cert, SYSDB_USER_CERT, + ret = sss_cert_derb64_to_ldap_filter(mem_ctx, cert, SYSDB_USER_MAPPED_CERT, &user_filter); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "sss_cert_derb64_to_ldap_filter failed.\n"); @@ -4749,7 +4749,7 @@ errno_t sysdb_remove_mapped_data(struct sss_domain_info *domain, errno_t sysdb_remove_cert(struct sss_domain_info *domain, const char *cert) { - struct ldb_message_element el = { 0, SYSDB_USER_CERT, 0, NULL }; + struct ldb_message_element el = { 0, SYSDB_USER_MAPPED_CERT, 0, NULL }; struct sysdb_attrs del_attrs = { 1, &el }; const char *attrs[] = {SYSDB_NAME, NULL}; struct ldb_result *res = NULL; |