summaryrefslogtreecommitdiffstats
path: root/src/providers
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers')
-rw-r--r--src/providers/ipa/ipa_s2n_exop.c19
1 files changed, 17 insertions, 2 deletions
diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c
index c1bc42ff1..0ff7d928b 100644
--- a/src/providers/ipa/ipa_s2n_exop.c
+++ b/src/providers/ipa/ipa_s2n_exop.c
@@ -22,6 +22,7 @@
#include "util/util.h"
#include "util/sss_nss.h"
#include "util/strtonum.h"
+#include "util/crypto/sss_crypto.h"
#include "providers/ldap/sdap_async_private.h"
#include "providers/ldap/sdap_async_ad.h"
#include "providers/ldap/ldap_common.h"
@@ -497,8 +498,22 @@ static errno_t get_extra_attrs(BerElement *ber, struct resp_attrs *resp_attrs)
for (c = 0; values[c] != NULL; c++) {
- v.data = (uint8_t *) values[c]->bv_val;
- v.length = values[c]->bv_len;
+ if (strcmp(name, SYSDB_USER_CERT) == 0) {
+ if (values[c]->bv_val[values[c]->bv_len] != '\0') {
+ DEBUG(SSSDBG_OP_FAILURE,
+ "base64 encoded certificate not 0-terminated.\n");
+ return EINVAL;
+ }
+
+ v.data = sss_base64_decode(NULL, values[c]->bv_val, &v.length);
+ if (v.data == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "sss_base64_decode failed.\n");
+ return EINVAL;
+ }
+ } else {
+ v.data = (uint8_t *)values[c]->bv_val;
+ v.length = values[c]->bv_len;
+ }
ret = sysdb_attrs_add_val(resp_attrs->sysdb_attrs, name, &v);
if (ret != EOK) {
generated by cgit (git 2.34.1) at 2024-06-16 11:42:10 +0000