URL: https://github.com/SSSD/sssd/pull/251 Author: sumit-bose Title: #251: overrides: add certificates to mapped attribute Action: opened
PR body: """ Certificates in overrides are explicitly used to map users to certificates, so we add them to SYSDB_USER_MAPPED_CERT as well. Resolves https://pagure.io/SSSD/sssd/issue/3373 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/251/head:pr251 git checkout pr251
From 68b3fda778dd182cca51e6db683a57209d48a43b Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Thu, 27 Apr 2017 09:28:55 +0200 Subject: [PATCH] overrides: add certificates to mapped attribute Certificates in overrides are explicitly used to map users to certificates, so we add them to SYSDB_USER_MAPPED_CERT as well. Resolves https://pagure.io/SSSD/sssd/issue/3373 --- src/db/sysdb_views.c | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/src/db/sysdb_views.c b/src/db/sysdb_views.c index 20db9b0..3773dda 100644 --- a/src/db/sysdb_views.c +++ b/src/db/sysdb_views.c @@ -777,6 +777,7 @@ errno_t sysdb_apply_default_override(struct sss_domain_info *domain, int ret; TALLOC_CTX *tmp_ctx; struct sysdb_attrs *attrs; + struct sysdb_attrs *mapped_attrs = NULL; size_t c; size_t d; size_t num_values; @@ -791,6 +792,7 @@ errno_t sysdb_apply_default_override(struct sss_domain_info *domain, SYSDB_USER_CERT, NULL }; bool override_attrs_found = false; + bool is_cert = false; if (override_attrs == NULL) { /* nothing to do */ @@ -846,6 +848,24 @@ errno_t sysdb_apply_default_override(struct sss_domain_info *domain, num_values = 1; } + is_cert = false; + if (strcmp(allowed_attrs[c], SYSDB_USER_CERT) == 0) { + /* Certificates in overrides are explicitly used to map + * users to certificates, so we add them to + * SYSDB_USER_MAPPED_CERT as well. */ + is_cert = true; + + if (mapped_attrs == NULL) { + mapped_attrs = sysdb_new_attrs(tmp_ctx); + if (mapped_attrs == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + "sysdb_new_attrs failed.\n"); + ret = ENOMEM; + goto done; + } + } + } + for (d = 0; d < num_values; d++) { ret = sysdb_attrs_add_val(attrs, allowed_attrs[c], &el->values[d]); @@ -854,6 +874,18 @@ errno_t sysdb_apply_default_override(struct sss_domain_info *domain, "sysdb_attrs_add_val failed.\n"); goto done; } + + if (is_cert) { + ret = sysdb_attrs_add_val(mapped_attrs, + SYSDB_USER_MAPPED_CERT, + &el->values[d]); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "sysdb_attrs_add_val failed.\n"); + goto done; + } + } + DEBUG(SSSDBG_TRACE_ALL, "Override [%s] with [%.*s] for [%s].\n", allowed_attrs[c], (int) el->values[d].length, @@ -878,6 +910,15 @@ errno_t sysdb_apply_default_override(struct sss_domain_info *domain, DEBUG(SSSDBG_OP_FAILURE, "sysdb_set_entry_attr failed.\n"); goto done; } + + if (mapped_attrs != NULL) { + ret = sysdb_set_entry_attr(domain->sysdb, obj_dn, mapped_attrs, + SYSDB_MOD_ADD); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "sysdb_set_entry_attr failed, ignored.\n"); + } + } } ret = EOK;
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
