dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone
Blob Blame History Raw
From 61c2661fe7445531f53ef298a98a21ae0278397c Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 16 Mar 2017 13:00:48 +0100
Subject: [PATCH 56/60] ssh: add support for certificates from non-default
 views

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
 src/responder/ssh/ssh_reply.c | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/src/responder/ssh/ssh_reply.c b/src/responder/ssh/ssh_reply.c
index 7093e47253b5687bab387feed5299c2d0841d43c..1bb9d331868cc18488718c24fd82f32af780b525 100644
--- a/src/responder/ssh/ssh_reply.c
+++ b/src/responder/ssh/ssh_reply.c
@@ -204,7 +204,7 @@ ssh_get_output_keys(TALLOC_CTX *mem_ctx,
     uint32_t i = 0;
     errno_t ret;
 
-    elements = talloc_zero_array(mem_ctx, struct ldb_message_element *, 5);
+    elements = talloc_zero_array(mem_ctx, struct ldb_message_element *, 6);
     if (elements == NULL) {
         return ENOMEM;
     }
@@ -244,6 +244,24 @@ ssh_get_output_keys(TALLOC_CTX *mem_ctx,
         }
     }
 
+    if (DOM_HAS_VIEWS(domain)) {
+        user_cert = ldb_msg_find_element(msg, OVERRIDE_PREFIX SYSDB_USER_CERT);
+        if (user_cert != NULL) {
+            ret = get_valid_certs_keys(elements, ssh_ctx, user_cert,
+                                       &elements[i]);
+            if (ret != EOK) {
+                DEBUG(SSSDBG_OP_FAILURE, "get_valid_certs_keys failed.\n");
+                goto done;
+            }
+
+            if (elements[i] != NULL) {
+                elements[i]->flags |= SSS_EL_FLAG_BIN_DATA;
+                num_keys += elements[i]->num_values;
+                i++;
+            }
+        }
+    }
+
     *_elements = elements;
     *_num_keys = num_keys;
 
-- 
2.9.3