From 61c2661fe7445531f53ef298a98a21ae0278397c Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 16 Mar 2017 13:00:48 +0100
Subject: [PATCH 56/60] ssh: add support for certificates from non-default
views
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
src/responder/ssh/ssh_reply.c | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/src/responder/ssh/ssh_reply.c b/src/responder/ssh/ssh_reply.c
index 7093e47253b5687bab387feed5299c2d0841d43c..1bb9d331868cc18488718c24fd82f32af780b525 100644
--- a/src/responder/ssh/ssh_reply.c
+++ b/src/responder/ssh/ssh_reply.c
@@ -204,7 +204,7 @@ ssh_get_output_keys(TALLOC_CTX *mem_ctx,
uint32_t i = 0;
errno_t ret;
- elements = talloc_zero_array(mem_ctx, struct ldb_message_element *, 5);
+ elements = talloc_zero_array(mem_ctx, struct ldb_message_element *, 6);
if (elements == NULL) {
return ENOMEM;
}
@@ -244,6 +244,24 @@ ssh_get_output_keys(TALLOC_CTX *mem_ctx,
}
}
+ if (DOM_HAS_VIEWS(domain)) {
+ user_cert = ldb_msg_find_element(msg, OVERRIDE_PREFIX SYSDB_USER_CERT);
+ if (user_cert != NULL) {
+ ret = get_valid_certs_keys(elements, ssh_ctx, user_cert,
+ &elements[i]);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "get_valid_certs_keys failed.\n");
+ goto done;
+ }
+
+ if (elements[i] != NULL) {
+ elements[i]->flags |= SSS_EL_FLAG_BIN_DATA;
+ num_keys += elements[i]->num_values;
+ i++;
+ }
+ }
+ }
+
*_elements = elements;
*_num_keys = num_keys;
--
2.9.3