Skip to content

Commit

Permalink
confdb: add new option for confdb_certmap_to_sysdb()
Browse files Browse the repository at this point in the history
With this new boolean options the backends calling
confdb_certmap_to_sysdb() can indicate if the certificate mapping rules
should be applied for local users or not, which currently means LDAP
based mapping with a search filter string.
  • Loading branch information
sumit-bose committed Sep 18, 2023
1 parent ca2f821 commit 476a751
Show file tree
Hide file tree
Showing 6 changed files with 12 additions and 22 deletions.
23 changes: 6 additions & 17 deletions src/confdb/confdb.c
Original file line number Diff line number Diff line change
Expand Up @@ -2581,6 +2581,7 @@ static errno_t certmap_local_check(struct ldb_message *msg)
static errno_t confdb_get_all_certmaps(TALLOC_CTX *mem_ctx,
struct confdb_ctx *cdb,
struct sss_domain_info *dom,
bool certmaps_for_local_users,
struct certmap_info ***_certmap_list)
{
TALLOC_CTX *tmp_ctx = NULL;
Expand Down Expand Up @@ -2626,21 +2627,7 @@ static errno_t confdb_get_all_certmaps(TALLOC_CTX *mem_ctx,
}

for (c = 0; c < res->count; c++) {
#ifdef BUILD_FILES_PROVIDER
if (is_files_provider(dom)) {
ret = certmap_local_check(res->msgs[c]);
if (ret != EOK) {
DEBUG(SSSDBG_CONF_SETTINGS,
"Invalid certificate mapping [%s] for local user, "
"ignored.\n", ldb_dn_get_linearized(res->msgs[c]->dn));
continue;
}
}
#endif
/* It might be better to not check the provider name but add a new
* option to confdb_certmap_to_sysdb() and here to call
* certmap_local_check(). */
if (dom != NULL && dom->provider != NULL && strcasecmp(dom->provider, "proxy") == 0) {
if (certmaps_for_local_users) {
ret = certmap_local_check(res->msgs[c]);
if (ret != EOK) {
DEBUG(SSSDBG_CONF_SETTINGS,
Expand Down Expand Up @@ -2668,7 +2655,8 @@ static errno_t confdb_get_all_certmaps(TALLOC_CTX *mem_ctx,
}

int confdb_certmap_to_sysdb(struct confdb_ctx *cdb,
struct sss_domain_info *dom)
struct sss_domain_info *dom,
bool certmaps_for_local_users)
{
int ret;
TALLOC_CTX *tmp_ctx;
Expand All @@ -2680,7 +2668,8 @@ int confdb_certmap_to_sysdb(struct confdb_ctx *cdb,
return ENOMEM;
}

ret = confdb_get_all_certmaps(tmp_ctx, cdb, dom, &certmap_list);
ret = confdb_get_all_certmaps(tmp_ctx, cdb, dom, certmaps_for_local_users,
&certmap_list);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "confdb_get_all_certmaps failed.\n");
goto done;
Expand Down
3 changes: 2 additions & 1 deletion src/confdb/confdb.h
Original file line number Diff line number Diff line change
Expand Up @@ -772,7 +772,8 @@ int confdb_get_sub_sections(TALLOC_CTX *mem_ctx,
* @return EINVAL - Typically internal processing error
*/
int confdb_certmap_to_sysdb(struct confdb_ctx *cdb,
struct sss_domain_info *dom);
struct sss_domain_info *dom,
bool certmaps_for_local_users);

/**
* @}
Expand Down
2 changes: 1 addition & 1 deletion src/providers/ad/ad_init.c
Original file line number Diff line number Diff line change
Expand Up @@ -421,7 +421,7 @@ static errno_t ad_init_misc(struct be_ctx *be_ctx,
return ret;
}

ret = confdb_certmap_to_sysdb(be_ctx->cdb, be_ctx->domain);
ret = confdb_certmap_to_sysdb(be_ctx->cdb, be_ctx->domain, false);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Failed to initialize certificate mapping rules. "
Expand Down
2 changes: 1 addition & 1 deletion src/providers/files/files_init.c
Original file line number Diff line number Diff line change
Expand Up @@ -195,7 +195,7 @@ int sssm_files_init(TALLOC_CTX *mem_ctx,
goto done;
}

ret = confdb_certmap_to_sysdb(be_ctx->cdb, be_ctx->domain);
ret = confdb_certmap_to_sysdb(be_ctx->cdb, be_ctx->domain, true);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Failed to initialize certificate mapping rules. "
Expand Down
2 changes: 1 addition & 1 deletion src/providers/ldap/ldap_init.c
Original file line number Diff line number Diff line change
Expand Up @@ -220,7 +220,7 @@ static errno_t ldap_init_misc(struct be_ctx *be_ctx,
"[%d]: %s\n", ret, sss_strerror(ret));
}

ret = confdb_certmap_to_sysdb(be_ctx->cdb, be_ctx->domain);
ret = confdb_certmap_to_sysdb(be_ctx->cdb, be_ctx->domain, false);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Failed to initialize certificate mapping rules. "
Expand Down
2 changes: 1 addition & 1 deletion src/providers/proxy/proxy_init.c
Original file line number Diff line number Diff line change
Expand Up @@ -382,7 +382,7 @@ errno_t sssm_proxy_id_init(TALLOC_CTX *mem_ctx,
goto done;
}

ret = confdb_certmap_to_sysdb(be_ctx->cdb, be_ctx->domain);
ret = confdb_certmap_to_sysdb(be_ctx->cdb, be_ctx->domain, true);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Failed to initialize certificate mapping rules. "
Expand Down

0 comments on commit 476a751

Please sign in to comment.