diff options
author | Jan Cholasta <jcholast@redhat.com> | 2012-02-03 22:29:47 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-02-07 00:26:57 +0100 |
commit | af5a58fc3811af8521721f731d8234d983042cea (patch) | |
tree | 612316c32255519ee2145e71f5bca8f259ebe34b /src/providers/ldap | |
parent | 34c78b745eb349eef2b0f13ef2b722632aebe619 (diff) | |
download | sssd-af5a58fc3811af8521721f731d8234d983042cea.tar.gz sssd-af5a58fc3811af8521721f731d8234d983042cea.tar.bz2 sssd-af5a58fc3811af8521721f731d8234d983042cea.zip |
LDAP: Add support for SSH user public keys
Diffstat (limited to 'src/providers/ldap')
-rw-r--r-- | src/providers/ldap/ldap_common.c | 6 | ||||
-rw-r--r-- | src/providers/ldap/sdap.c | 20 | ||||
-rw-r--r-- | src/providers/ldap/sdap.h | 1 |
3 files changed, 23 insertions, 4 deletions
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index ce884838..c92eb282 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -151,7 +151,8 @@ struct sdap_attr_map rfc2307_user_map[] = { { "ldap_user_authorized_host", "host", SYSDB_AUTHORIZED_HOST, NULL }, { "ldap_user_nds_login_disabled", "loginDisabled", SYSDB_NDS_LOGIN_DISABLED, NULL }, { "ldap_user_nds_login_expiration_time", "loginExpirationTime", SYSDB_NDS_LOGIN_EXPIRATION_TIME, NULL }, - { "ldap_user_nds_login_allowed_time_map", "loginAllowedTimeMap", SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL } + { "ldap_user_nds_login_allowed_time_map", "loginAllowedTimeMap", SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL }, + { "ldap_user_ssh_public_key", NULL, SYSDB_SSH_PUBKEY, NULL } }; struct sdap_attr_map rfc2307_group_map[] = { @@ -198,7 +199,8 @@ struct sdap_attr_map rfc2307bis_user_map[] = { { "ldap_user_authorized_host", "host", SYSDB_AUTHORIZED_HOST, NULL }, { "ldap_user_nds_login_disabled", "loginDisabled", SYSDB_NDS_LOGIN_DISABLED, NULL }, { "ldap_user_nds_login_expiration_time", "loginExpirationTime", SYSDB_NDS_LOGIN_EXPIRATION_TIME, NULL }, - { "ldap_user_nds_login_allowed_time_map", "loginAllowedTimeMap", SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL } + { "ldap_user_nds_login_allowed_time_map", "loginAllowedTimeMap", SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL }, + { "ldap_user_ssh_public_key", NULL, SYSDB_SSH_PUBKEY, NULL } }; struct sdap_attr_map rfc2307bis_group_map[] = { diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c index 1f97f554..3ac19498 100644 --- a/src/providers/ldap/sdap.c +++ b/src/providers/ldap/sdap.c @@ -20,6 +20,7 @@ */ #include "util/util.h" +#include "util/crypto/sss_crypto.h" #include "confdb/confdb.h" #include "providers/ldap/ldap_common.h" #include "providers/ldap/sdap.h" @@ -101,6 +102,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx, int a, i, ret; const char *name; bool store; + bool base64; lerrno = 0; ret = ldap_set_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); @@ -171,6 +173,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx, } } while (str) { + base64 = false; if (map) { for (a = 1; a < attrs_num; a++) { /* check if this attr is valid with the chosen schema */ @@ -182,6 +185,9 @@ int sdap_parse_entry(TALLOC_CTX *memctx, if (a < attrs_num) { store = true; name = map[a].sys_name; + if (strcmp(name, SYSDB_SSH_PUBKEY) == 0) { + base64 = true; + } } else { store = false; name = NULL; @@ -217,8 +223,18 @@ int sdap_parse_entry(TALLOC_CTX *memctx, goto fail; } for (i = 0; vals[i]; i++) { - v.data = (uint8_t *)vals[i]->bv_val; - v.length = vals[i]->bv_len; + if (base64) { + v.data = (uint8_t *)sss_base64_encode(attrs, + (uint8_t *)vals[i]->bv_val, vals[i]->bv_len); + if (!v.data) { + ret = ENOMEM; + goto fail; + } + v.length = strlen((const char *)v.data); + } else { + v.data = (uint8_t *)vals[i]->bv_val; + v.length = vals[i]->bv_len; + } ret = sysdb_attrs_add_val(attrs, name, &v); if (ret) goto fail; diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index 2a63ea83..5d423846 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -256,6 +256,7 @@ enum sdap_user_attrs { SDAP_AT_NDS_LOGIN_DISABLED, SDAP_AT_NDS_LOGIN_EXPIRATION_TIME, SDAP_AT_NDS_LOGIN_ALLOWED_TIME_MAP, + SDAP_AT_USER_SSH_PUBLIC_KEY, SDAP_OPTS_USER /* attrs counter */ }; |