diff options
author | Sumit Bose <sbose@redhat.com> | 2016-04-06 11:15:32 +0200 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2016-06-09 16:12:25 +0200 |
commit | a1210c8db81a1cc0b45eb62a8450abcdea3afc7b (patch) | |
tree | 91a6def945dccbee7059ad35ed3d474d12637377 /src/providers/ipa/ipa_views.c | |
parent | cdc3e9dc42e13f01d8e2623e92dd046a5bb169f1 (diff) | |
download | sssd-a1210c8db81a1cc0b45eb62a8450abcdea3afc7b.tar.gz sssd-a1210c8db81a1cc0b45eb62a8450abcdea3afc7b.tar.xz sssd-a1210c8db81a1cc0b45eb62a8450abcdea3afc7b.zip |
ipa: add support for certificate overrides
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/providers/ipa/ipa_views.c')
-rw-r--r-- | src/providers/ipa/ipa_views.c | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/src/providers/ipa/ipa_views.c b/src/providers/ipa/ipa_views.c index 00dcbeb75..76528a60c 100644 --- a/src/providers/ipa/ipa_views.c +++ b/src/providers/ipa/ipa_views.c @@ -24,6 +24,7 @@ #include "util/util.h" #include "util/strtonum.h" +#include "util/cert.h" #include "providers/ldap/sdap_async.h" #include "providers/ipa/ipa_id.h" @@ -35,6 +36,8 @@ static errno_t be_acct_req_to_override_filter(TALLOC_CTX *mem_ctx, char *filter; uint32_t id; char *endptr; + char *cert_filter; + int ret; switch (ar->filter_type) { case BE_FILTER_NAME: @@ -140,6 +143,28 @@ static errno_t be_acct_req_to_override_filter(TALLOC_CTX *mem_ctx, } break; + case BE_FILTER_CERT: + if ((ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_BY_CERT) { + ret = sss_cert_derb64_to_ldap_filter(mem_ctx, ar->filter_value, + ipa_opts->override_map[IPA_AT_OVERRIDE_USER_CERT].name, + &cert_filter); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "sss_cert_derb64_to_ldap_filter failed.\n"); + return ret; + } + filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)%s)", + ipa_opts->override_map[IPA_OC_OVERRIDE_USER].name, + cert_filter); + talloc_free(cert_filter); + } else { + DEBUG(SSSDBG_CRIT_FAILURE, + "Unexpected entry type [%d] for certificate filter.\n", + ar->entry_type); + return EINVAL; + } + break; + default: DEBUG(SSSDBG_OP_FAILURE, "Invalid sub-domain filter type.\n"); return EINVAL; |