- Generated by
1.16.1
|
sss_certmap
|
Macros | |
| #define | SSS_CERTMAP_MIN_PRIO UINT32_MAX |
Typedefs | |
| typedef void | sss_certmap_ext_debug(void *pvt, const char *file, long line, const char *function, const char *format,...) |
Functions | |
| int | sss_certmap_init (TALLOC_CTX *mem_ctx, sss_certmap_ext_debug *debug, void *debug_priv, struct sss_certmap_ctx **ctx) |
| Initialize certmap context. | |
| void | sss_certmap_free_ctx (struct sss_certmap_ctx *ctx) |
| Free certmap context. | |
| int | sss_certmap_add_rule (struct sss_certmap_ctx *ctx, uint32_t priority, const char *match_rule, const char *map_rule, const char **domains) |
| Add a rule to the certmap context. | |
| int | sss_certmap_match_cert (struct sss_certmap_ctx *ctx, const uint8_t *der_cert, size_t der_size) |
| Check if a certificate matches any of the applied rules. | |
| int | sss_certmap_get_search_filter (struct sss_certmap_ctx *ctx, const uint8_t *der_cert, size_t der_size, char **filter, char ***domains) |
| Get the LDAP filter string for a certificate. | |
| int | sss_certmap_expand_mapping_rule (struct sss_certmap_ctx *ctx, const uint8_t *der_cert, size_t der_size, char **_expanded, char ***_domains) |
| Expand the mapping rule by replacing the templates. | |
| void | sss_certmap_free_filter_and_domains (char *filter, char **domains) |
| Free data returned by sss_certmap_get_search_filter and sss_certmap_expand_mapping_rule. | |
| int | sss_certmap_display_cert_content (TALLOC_CTX *mem_cxt, const uint8_t *der_cert, size_t der_size, char **desc) |
| Get a string with the content of the certificate used by the library. | |
Libsss_certmap provides a mechanism to map X509 certificate to users based on rules.
| #define SSS_CERTMAP_MIN_PRIO UINT32_MAX |
Lowest priority of a rule
| typedef void sss_certmap_ext_debug(void *pvt, const char *file, long line, const char *function, const char *format,...) |
Typedef for external debug callback
| int sss_certmap_add_rule | ( | struct sss_certmap_ctx * | ctx, |
| uint32_t | priority, | ||
| const char * | match_rule, | ||
| const char * | map_rule, | ||
| const char ** | domains ) |
Add a rule to the certmap context.
| [in] | ctx | certmap context previously initialized with sss_certmap_init |
| [in] | priority | priority of the rule, 0 is the highest priority, the lowest is SSS_CERTMAP_MIN_PRIO |
| [in] | match_rule | String with the matching rule |
| [in] | map_rule | String with the mapping rule |
| [in] | domains | NULL-terminated string array with a list of domains the rule should be valid for, i.e. only this domains should be searched for matching users |
| int sss_certmap_display_cert_content | ( | TALLOC_CTX * | mem_cxt, |
| const uint8_t * | der_cert, | ||
| size_t | der_size, | ||
| char ** | desc ) |
Get a string with the content of the certificate used by the library.
| [in] | mem_ctx | Talloc memory context, may be NULL |
| [in] | der_cert | binary blob with the DER encoded certificate |
| [in] | der_size | size of the certificate blob |
| [out] | desc | Multiline string showing the certificate content which is used by libsss_certmap |
| int sss_certmap_expand_mapping_rule | ( | struct sss_certmap_ctx * | ctx, |
| const uint8_t * | der_cert, | ||
| size_t | der_size, | ||
| char ** | _expanded, | ||
| char *** | _domains ) |
Expand the mapping rule by replacing the templates.
| [in] | ctx | certmap context previously initialized with sss_certmap_init |
| [in] | der_cert | binary blob with the DER encoded certificate |
| [in] | der_size | size of the certificate blob |
| [out] | expanded | expanded mapping rule, templates are filled in verbatim in contrast to sss_certmap_get_search_filter, caller should free the data by calling sss_certmap_free_filter_and_domains |
| [out] | domains | NULL-terminated array of strings with the domains the rule applies, caller should free the data by calling sss_certmap_free_filter_and_domains |
| void sss_certmap_free_ctx | ( | struct sss_certmap_ctx * | ctx | ) |
Free certmap context.
| [in] | ctx | certmap context previously initialized with sss_certmap_init, may be NULL |
| void sss_certmap_free_filter_and_domains | ( | char * | filter, |
| char ** | domains ) |
Free data returned by sss_certmap_get_search_filter and sss_certmap_expand_mapping_rule.
| [in] | filter | LDAP filter strings returned by sss_certmap_get_search_filter |
| [in] | domains | string array of domains returned by sss_certmap_get_search_filter |
| int sss_certmap_get_search_filter | ( | struct sss_certmap_ctx * | ctx, |
| const uint8_t * | der_cert, | ||
| size_t | der_size, | ||
| char ** | filter, | ||
| char *** | domains ) |
Get the LDAP filter string for a certificate.
| [in] | ctx | certmap context previously initialized with sss_certmap_init |
| [in] | der_cert | binary blob with the DER encoded certificate |
| [in] | der_size | size of the certificate blob |
| [out] | filter | LDAP filter string, expanded templates are sanitized, caller should free the data by calling sss_certmap_free_filter_and_domains |
| [out] | domains | NULL-terminated array of strings with the domains the rule applies, caller should free the data by calling sss_certmap_free_filter_and_domains |
| int sss_certmap_init | ( | TALLOC_CTX * | mem_ctx, |
| sss_certmap_ext_debug * | debug, | ||
| void * | debug_priv, | ||
| struct sss_certmap_ctx ** | ctx ) |
Initialize certmap context.
| [in] | mem_ctx | Talloc memory context, may be NULL |
| [in] | debug | Callback to handle debug output, may be NULL |
| [in] | debug_priv | Private data for debugging callback, may be NULL |
| [out] | ctx | New certmap context |
| int sss_certmap_match_cert | ( | struct sss_certmap_ctx * | ctx, |
| const uint8_t * | der_cert, | ||
| size_t | der_size ) |
Check if a certificate matches any of the applied rules.
| [in] | ctx | certmap context previously initialized with sss_certmap_init |
| [in] | der_cert | binary blob with the DER encoded certificate |
| [in] | der_size | size of the certificate blob |
1.16.1