From 61c2661fe7445531f53ef298a98a21ae0278397c Mon Sep 17 00:00:00 2001

From: Sumit Bose <sbose@redhat.com>

Date: Thu, 16 Mar 2017 13:00:48 +0100

Subject: [PATCH 56/60] ssh: add support for certificates from non-default

 views

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

---

 src/responder/ssh/ssh_reply.c | 20 +++++++++++++++++++-

 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/src/responder/ssh/ssh_reply.c b/src/responder/ssh/ssh_reply.c

index 7093e47253b5687bab387feed5299c2d0841d43c..1bb9d331868cc18488718c24fd82f32af780b525 100644

--- a/src/responder/ssh/ssh_reply.c

+++ b/src/responder/ssh/ssh_reply.c

@@ -204,7 +204,7 @@ ssh_get_output_keys(TALLOC_CTX *mem_ctx,

     uint32_t i = 0;

     errno_t ret;

-    elements = talloc_zero_array(mem_ctx, struct ldb_message_element *, 5);

+    elements = talloc_zero_array(mem_ctx, struct ldb_message_element *, 6);

     if (elements == NULL) {

         return ENOMEM;

     }

@@ -244,6 +244,24 @@ ssh_get_output_keys(TALLOC_CTX *mem_ctx,

         }

     }

+    if (DOM_HAS_VIEWS(domain)) {

+        user_cert = ldb_msg_find_element(msg, OVERRIDE_PREFIX SYSDB_USER_CERT);

+        if (user_cert != NULL) {

+            ret = get_valid_certs_keys(elements, ssh_ctx, user_cert,

+                                       &elements[i]);

+            if (ret != EOK) {

+                DEBUG(SSSDBG_OP_FAILURE, "get_valid_certs_keys failed.\n");

+                goto done;

+            }

+

+            if (elements[i] != NULL) {

+                elements[i]->flags |= SSS_EL_FLAG_BIN_DATA;

+                num_keys += elements[i]->num_values;

+                i++;

+            }

+        }

+    }

+

     *_elements = elements;

     *_num_keys = num_keys;

-- 

2.9.3