summaryrefslogtreecommitdiff
path: root/src/providers/ldap
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2012-02-03 22:29:47 +0100
committerJakub Hrozek <jhrozek@redhat.com>2012-02-07 00:26:57 +0100
commitaf5a58fc3811af8521721f731d8234d983042cea (patch)
tree612316c32255519ee2145e71f5bca8f259ebe34b /src/providers/ldap
parent34c78b745eb349eef2b0f13ef2b722632aebe619 (diff)
downloadsssd-af5a58fc3811af8521721f731d8234d983042cea.tar.gz
sssd-af5a58fc3811af8521721f731d8234d983042cea.tar.bz2
sssd-af5a58fc3811af8521721f731d8234d983042cea.zip
LDAP: Add support for SSH user public keys
Diffstat (limited to 'src/providers/ldap')
-rw-r--r--src/providers/ldap/ldap_common.c6
-rw-r--r--src/providers/ldap/sdap.c20
-rw-r--r--src/providers/ldap/sdap.h1
3 files changed, 23 insertions, 4 deletions
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index ce884838..c92eb282 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -151,7 +151,8 @@ struct sdap_attr_map rfc2307_user_map[] = {
{ "ldap_user_authorized_host", "host", SYSDB_AUTHORIZED_HOST, NULL },
{ "ldap_user_nds_login_disabled", "loginDisabled", SYSDB_NDS_LOGIN_DISABLED, NULL },
{ "ldap_user_nds_login_expiration_time", "loginExpirationTime", SYSDB_NDS_LOGIN_EXPIRATION_TIME, NULL },
- { "ldap_user_nds_login_allowed_time_map", "loginAllowedTimeMap", SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL }
+ { "ldap_user_nds_login_allowed_time_map", "loginAllowedTimeMap", SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL },
+ { "ldap_user_ssh_public_key", NULL, SYSDB_SSH_PUBKEY, NULL }
};
struct sdap_attr_map rfc2307_group_map[] = {
@@ -198,7 +199,8 @@ struct sdap_attr_map rfc2307bis_user_map[] = {
{ "ldap_user_authorized_host", "host", SYSDB_AUTHORIZED_HOST, NULL },
{ "ldap_user_nds_login_disabled", "loginDisabled", SYSDB_NDS_LOGIN_DISABLED, NULL },
{ "ldap_user_nds_login_expiration_time", "loginExpirationTime", SYSDB_NDS_LOGIN_EXPIRATION_TIME, NULL },
- { "ldap_user_nds_login_allowed_time_map", "loginAllowedTimeMap", SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL }
+ { "ldap_user_nds_login_allowed_time_map", "loginAllowedTimeMap", SYSDB_NDS_LOGIN_ALLOWED_TIME_MAP, NULL },
+ { "ldap_user_ssh_public_key", NULL, SYSDB_SSH_PUBKEY, NULL }
};
struct sdap_attr_map rfc2307bis_group_map[] = {
diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c
index 1f97f554..3ac19498 100644
--- a/src/providers/ldap/sdap.c
+++ b/src/providers/ldap/sdap.c
@@ -20,6 +20,7 @@
*/
#include "util/util.h"
+#include "util/crypto/sss_crypto.h"
#include "confdb/confdb.h"
#include "providers/ldap/ldap_common.h"
#include "providers/ldap/sdap.h"
@@ -101,6 +102,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx,
int a, i, ret;
const char *name;
bool store;
+ bool base64;
lerrno = 0;
ret = ldap_set_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
@@ -171,6 +173,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx,
}
}
while (str) {
+ base64 = false;
if (map) {
for (a = 1; a < attrs_num; a++) {
/* check if this attr is valid with the chosen schema */
@@ -182,6 +185,9 @@ int sdap_parse_entry(TALLOC_CTX *memctx,
if (a < attrs_num) {
store = true;
name = map[a].sys_name;
+ if (strcmp(name, SYSDB_SSH_PUBKEY) == 0) {
+ base64 = true;
+ }
} else {
store = false;
name = NULL;
@@ -217,8 +223,18 @@ int sdap_parse_entry(TALLOC_CTX *memctx,
goto fail;
}
for (i = 0; vals[i]; i++) {
- v.data = (uint8_t *)vals[i]->bv_val;
- v.length = vals[i]->bv_len;
+ if (base64) {
+ v.data = (uint8_t *)sss_base64_encode(attrs,
+ (uint8_t *)vals[i]->bv_val, vals[i]->bv_len);
+ if (!v.data) {
+ ret = ENOMEM;
+ goto fail;
+ }
+ v.length = strlen((const char *)v.data);
+ } else {
+ v.data = (uint8_t *)vals[i]->bv_val;
+ v.length = vals[i]->bv_len;
+ }
ret = sysdb_attrs_add_val(attrs, name, &v);
if (ret) goto fail;
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index 2a63ea83..5d423846 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -256,6 +256,7 @@ enum sdap_user_attrs {
SDAP_AT_NDS_LOGIN_DISABLED,
SDAP_AT_NDS_LOGIN_EXPIRATION_TIME,
SDAP_AT_NDS_LOGIN_ALLOWED_TIME_MAP,
+ SDAP_AT_USER_SSH_PUBLIC_KEY,
SDAP_OPTS_USER /* attrs counter */
};