|
 |
bb7cd1 |
From 4a3f3c675e360c888da7d23ab6ec4cca10876b08 Mon Sep 17 00:00:00 2001
|
|
|
bb7cd1 |
From: Sumit Bose <sbose@redhat.com>
|
|
|
bb7cd1 |
Date: Thu, 27 Apr 2017 09:28:55 +0200
|
|
|
bb7cd1 |
Subject: [PATCH 118/118] overrides: add certificates to mapped attribute
|
|
|
bb7cd1 |
MIME-Version: 1.0
|
|
|
bb7cd1 |
Content-Type: text/plain; charset=UTF-8
|
|
|
bb7cd1 |
Content-Transfer-Encoding: 8bit
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
Certificates in overrides are explicitly used to map users to
|
|
|
bb7cd1 |
certificates, so we add them to SYSDB_USER_MAPPED_CERT as well.
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
Resolves https://pagure.io/SSSD/sssd/issue/3373
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
bb7cd1 |
(cherry picked from commit 2e5fc89ef25434fab7febe2c52e97ef989b50d5b)
|
|
|
bb7cd1 |
---
|
|
|
bb7cd1 |
src/db/sysdb_views.c | 41 +++++++++++++++++++++++++++++++++++++++++
|
|
|
bb7cd1 |
1 file changed, 41 insertions(+)
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
diff --git a/src/db/sysdb_views.c b/src/db/sysdb_views.c
|
|
|
bb7cd1 |
index 20db9b06183d68b33bb19f498513d7f5cf84b1cf..3773dda77e16b35fa217be0aa7974da7e34c09f4 100644
|
|
|
bb7cd1 |
--- a/src/db/sysdb_views.c
|
|
|
bb7cd1 |
+++ b/src/db/sysdb_views.c
|
|
|
bb7cd1 |
@@ -777,6 +777,7 @@ errno_t sysdb_apply_default_override(struct sss_domain_info *domain,
|
|
|
bb7cd1 |
int ret;
|
|
|
bb7cd1 |
TALLOC_CTX *tmp_ctx;
|
|
|
bb7cd1 |
struct sysdb_attrs *attrs;
|
|
|
bb7cd1 |
+ struct sysdb_attrs *mapped_attrs = NULL;
|
|
|
bb7cd1 |
size_t c;
|
|
|
bb7cd1 |
size_t d;
|
|
|
bb7cd1 |
size_t num_values;
|
|
|
bb7cd1 |
@@ -791,6 +792,7 @@ errno_t sysdb_apply_default_override(struct sss_domain_info *domain,
|
|
|
bb7cd1 |
SYSDB_USER_CERT,
|
|
|
bb7cd1 |
NULL };
|
|
|
bb7cd1 |
bool override_attrs_found = false;
|
|
|
bb7cd1 |
+ bool is_cert = false;
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
if (override_attrs == NULL) {
|
|
|
bb7cd1 |
/* nothing to do */
|
|
|
bb7cd1 |
@@ -846,6 +848,24 @@ errno_t sysdb_apply_default_override(struct sss_domain_info *domain,
|
|
|
bb7cd1 |
num_values = 1;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
+ is_cert = false;
|
|
|
bb7cd1 |
+ if (strcmp(allowed_attrs[c], SYSDB_USER_CERT) == 0) {
|
|
|
bb7cd1 |
+ /* Certificates in overrides are explicitly used to map
|
|
|
bb7cd1 |
+ * users to certificates, so we add them to
|
|
|
bb7cd1 |
+ * SYSDB_USER_MAPPED_CERT as well. */
|
|
|
bb7cd1 |
+ is_cert = true;
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ if (mapped_attrs == NULL) {
|
|
|
bb7cd1 |
+ mapped_attrs = sysdb_new_attrs(tmp_ctx);
|
|
|
bb7cd1 |
+ if (mapped_attrs == NULL) {
|
|
|
bb7cd1 |
+ DEBUG(SSSDBG_OP_FAILURE,
|
|
|
bb7cd1 |
+ "sysdb_new_attrs failed.\n");
|
|
|
bb7cd1 |
+ ret = ENOMEM;
|
|
|
bb7cd1 |
+ goto done;
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
for (d = 0; d < num_values; d++) {
|
|
|
bb7cd1 |
ret = sysdb_attrs_add_val(attrs, allowed_attrs[c],
|
|
|
bb7cd1 |
&el->values[d]);
|
|
|
bb7cd1 |
@@ -854,6 +874,18 @@ errno_t sysdb_apply_default_override(struct sss_domain_info *domain,
|
|
|
bb7cd1 |
"sysdb_attrs_add_val failed.\n");
|
|
|
bb7cd1 |
goto done;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ if (is_cert) {
|
|
|
bb7cd1 |
+ ret = sysdb_attrs_add_val(mapped_attrs,
|
|
|
bb7cd1 |
+ SYSDB_USER_MAPPED_CERT,
|
|
|
bb7cd1 |
+ &el->values[d]);
|
|
|
bb7cd1 |
+ if (ret != EOK) {
|
|
|
bb7cd1 |
+ DEBUG(SSSDBG_OP_FAILURE,
|
|
|
bb7cd1 |
+ "sysdb_attrs_add_val failed.\n");
|
|
|
bb7cd1 |
+ goto done;
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
DEBUG(SSSDBG_TRACE_ALL,
|
|
|
bb7cd1 |
"Override [%s] with [%.*s] for [%s].\n",
|
|
|
bb7cd1 |
allowed_attrs[c], (int) el->values[d].length,
|
|
|
bb7cd1 |
@@ -878,6 +910,15 @@ errno_t sysdb_apply_default_override(struct sss_domain_info *domain,
|
|
|
bb7cd1 |
DEBUG(SSSDBG_OP_FAILURE, "sysdb_set_entry_attr failed.\n");
|
|
|
bb7cd1 |
goto done;
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
+
|
|
|
bb7cd1 |
+ if (mapped_attrs != NULL) {
|
|
|
bb7cd1 |
+ ret = sysdb_set_entry_attr(domain->sysdb, obj_dn, mapped_attrs,
|
|
|
bb7cd1 |
+ SYSDB_MOD_ADD);
|
|
|
bb7cd1 |
+ if (ret != EOK) {
|
|
|
bb7cd1 |
+ DEBUG(SSSDBG_OP_FAILURE,
|
|
|
bb7cd1 |
+ "sysdb_set_entry_attr failed, ignored.\n");
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
+ }
|
|
|
bb7cd1 |
}
|
|
|
bb7cd1 |
|
|
|
bb7cd1 |
ret = EOK;
|
|
|
bb7cd1 |
--
|
|
|
bb7cd1 |
2.9.3
|
|
|
bb7cd1 |
|