<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
<meta name="generator" content="Doxygen 1.8.15"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<title>sss_certmap: Allow rule-based mapping of certificates to users</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="dynsections.js"></script>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="search/searchdata.js"></script>
<script type="text/javascript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
<div id="titlearea">
<table cellspacing="0" cellpadding="0">
<tbody>
<tr style="height: 56px;">
<td id="projectalign" style="padding-left: 0.5em;">
<div id="projectname">sss_certmap
</div>
</td>
</tr>
</tbody>
</table>
</div>
<!-- end header part -->
<!-- Generated by Doxygen 1.8.15 -->
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-v2 */
var searchBox = new SearchBox("searchBox", "search",false,'Search');
/* @license-end */
</script>
<script type="text/javascript" src="menudata.js"></script>
<script type="text/javascript" src="menu.js"></script>
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-v2 */
$(function() {
initMenu('',true,false,'search.php','Search');
$(document).ready(function() { init_search(); });
});
/* @license-end */</script>
<div id="main-nav"></div>
</div><!-- top -->
<!-- window showing the filter options -->
<div id="MSearchSelectWindow"
onmouseover="return searchBox.OnSearchSelectShow()"
onmouseout="return searchBox.OnSearchSelectHide()"
onkeydown="return searchBox.OnSearchSelectKey(event)">
</div>
<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="javascript:void(0)" frameborder="0"
name="MSearchResults" id="MSearchResults">
</iframe>
</div>
<div class="header">
<div class="summary">
<a href="#define-members">Macros</a> |
<a href="#typedef-members">Typedefs</a> |
<a href="#func-members">Functions</a> </div>
<div class="headertitle">
<div class="title">Allow rule-based mapping of certificates to users</div> </div>
</div><!--header-->
<div class="contents">
<table class="memberdecls">
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="define-members"></a>
Macros</h2></td></tr>
<tr class="memitem:ga647ab117b6efe243171efc0a8115ae3b"><td class="memItemLeft" align="right" valign="top">#define </td><td class="memItemRight" valign="bottom"><a class="el" href="group__sss__certmap.html#ga647ab117b6efe243171efc0a8115ae3b">SSS_CERTMAP_MIN_PRIO</a>   UINT32_MAX</td></tr>
<tr class="separator:ga647ab117b6efe243171efc0a8115ae3b"><td class="memSeparator" colspan="2"> </td></tr>
</table><table class="memberdecls">
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="typedef-members"></a>
Typedefs</h2></td></tr>
<tr class="memitem:gac80bf9c5fb28d4507e89ff7a36957c11"><td class="memItemLeft" align="right" valign="top">typedef void() </td><td class="memItemRight" valign="bottom"><a class="el" href="group__sss__certmap.html#gac80bf9c5fb28d4507e89ff7a36957c11">sss_certmap_ext_debug</a>(void *pvt, const char *file, long line, const char *function, const char *format,...)</td></tr>
<tr class="separator:gac80bf9c5fb28d4507e89ff7a36957c11"><td class="memSeparator" colspan="2"> </td></tr>
</table><table class="memberdecls">
<tr class="heading"><td colspan="2"><h2 class="groupheader"><a name="func-members"></a>
Functions</h2></td></tr>
<tr class="memitem:ga9c2cd86a51d26536d64b6e2830fa7ac8"><td class="memItemLeft" align="right" valign="top">int </td><td class="memItemRight" valign="bottom"><a class="el" href="group__sss__certmap.html#ga9c2cd86a51d26536d64b6e2830fa7ac8">sss_certmap_init</a> (TALLOC_CTX *mem_ctx, <a class="el" href="group__sss__certmap.html#gac80bf9c5fb28d4507e89ff7a36957c11">sss_certmap_ext_debug</a> *debug, void *debug_priv, struct sss_certmap_ctx **ctx)</td></tr>
<tr class="memdesc:ga9c2cd86a51d26536d64b6e2830fa7ac8"><td class="mdescLeft"> </td><td class="mdescRight">Initialize certmap context. <a href="#ga9c2cd86a51d26536d64b6e2830fa7ac8">More...</a><br /></td></tr>
<tr class="separator:ga9c2cd86a51d26536d64b6e2830fa7ac8"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:ga0eeecccf37d34dafb78ef0482e84926a"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="group__sss__certmap.html#ga0eeecccf37d34dafb78ef0482e84926a">sss_certmap_free_ctx</a> (struct sss_certmap_ctx *ctx)</td></tr>
<tr class="memdesc:ga0eeecccf37d34dafb78ef0482e84926a"><td class="mdescLeft"> </td><td class="mdescRight">Free certmap context. <a href="#ga0eeecccf37d34dafb78ef0482e84926a">More...</a><br /></td></tr>
<tr class="separator:ga0eeecccf37d34dafb78ef0482e84926a"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:ga0c23fb2d13a0371eb63464679719525d"><td class="memItemLeft" align="right" valign="top">int </td><td class="memItemRight" valign="bottom"><a class="el" href="group__sss__certmap.html#ga0c23fb2d13a0371eb63464679719525d">sss_certmap_add_rule</a> (struct sss_certmap_ctx *ctx, uint32_t priority, const char *match_rule, const char *map_rule, const char **domains)</td></tr>
<tr class="memdesc:ga0c23fb2d13a0371eb63464679719525d"><td class="mdescLeft"> </td><td class="mdescRight">Add a rule to the certmap context. <a href="#ga0c23fb2d13a0371eb63464679719525d">More...</a><br /></td></tr>
<tr class="separator:ga0c23fb2d13a0371eb63464679719525d"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:ga0a1d6c73648130a76b5d2aa3792ebd11"><td class="memItemLeft" align="right" valign="top">int </td><td class="memItemRight" valign="bottom"><a class="el" href="group__sss__certmap.html#ga0a1d6c73648130a76b5d2aa3792ebd11">sss_certmap_match_cert</a> (struct sss_certmap_ctx *ctx, const uint8_t *der_cert, size_t der_size)</td></tr>
<tr class="memdesc:ga0a1d6c73648130a76b5d2aa3792ebd11"><td class="mdescLeft"> </td><td class="mdescRight">Check if a certificate matches any of the applied rules. <a href="#ga0a1d6c73648130a76b5d2aa3792ebd11">More...</a><br /></td></tr>
<tr class="separator:ga0a1d6c73648130a76b5d2aa3792ebd11"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:ga5b3549a0b8bb1343351a0154eaf9d5c5"><td class="memItemLeft" align="right" valign="top">int </td><td class="memItemRight" valign="bottom"><a class="el" href="group__sss__certmap.html#ga5b3549a0b8bb1343351a0154eaf9d5c5">sss_certmap_get_search_filter</a> (struct sss_certmap_ctx *ctx, const uint8_t *der_cert, size_t der_size, char **filter, char ***domains)</td></tr>
<tr class="memdesc:ga5b3549a0b8bb1343351a0154eaf9d5c5"><td class="mdescLeft"> </td><td class="mdescRight">Get the LDAP filter string for a certificate. <a href="#ga5b3549a0b8bb1343351a0154eaf9d5c5">More...</a><br /></td></tr>
<tr class="separator:ga5b3549a0b8bb1343351a0154eaf9d5c5"><td class="memSeparator" colspan="2"> </td></tr>
<tr class="memitem:ga7944c89e92883b7c2fe8c279b02bd1a8"><td class="memItemLeft" align="right" valign="top">void </td><td class="memItemRight" valign="bottom"><a class="el" href="group__sss__certmap.html#ga7944c89e92883b7c2fe8c279b02bd1a8">sss_certmap_free_filter_and_domains</a> (char *filter, char **domains)</td></tr>
<tr class="memdesc:ga7944c89e92883b7c2fe8c279b02bd1a8"><td class="mdescLeft"> </td><td class="mdescRight">Free data returned by <a class="el" href="group__sss__certmap.html#ga5b3549a0b8bb1343351a0154eaf9d5c5">sss_certmap_get_search_filter</a>. <a href="#ga7944c89e92883b7c2fe8c279b02bd1a8">More...</a><br /></td></tr>
<tr class="separator:ga7944c89e92883b7c2fe8c279b02bd1a8"><td class="memSeparator" colspan="2"> </td></tr>
</table>
<a name="details" id="details"></a><h2 class="groupheader">Detailed Description</h2>
<p>Libsss_certmap provides a mechanism to map X509 certificate to users based on rules. </p>
<h2 class="groupheader">Macro Definition Documentation</h2>
<a id="ga647ab117b6efe243171efc0a8115ae3b"></a>
<h2 class="memtitle"><span class="permalink"><a href="#ga647ab117b6efe243171efc0a8115ae3b">◆ </a></span>SSS_CERTMAP_MIN_PRIO</h2>
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">#define SSS_CERTMAP_MIN_PRIO   UINT32_MAX</td>
</tr>
</table>
</div><div class="memdoc">
<p>Lowest priority of a rule </p>
</div>
</div>
<h2 class="groupheader">Typedef Documentation</h2>
<a id="gac80bf9c5fb28d4507e89ff7a36957c11"></a>
<h2 class="memtitle"><span class="permalink"><a href="#gac80bf9c5fb28d4507e89ff7a36957c11">◆ </a></span>sss_certmap_ext_debug</h2>
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">typedef void() sss_certmap_ext_debug(void *pvt, const char *file, long line, const char *function, const char *format,...)</td>
</tr>
</table>
</div><div class="memdoc">
<p>Typedef for external debug callback </p>
</div>
</div>
<h2 class="groupheader">Function Documentation</h2>
<a id="ga0c23fb2d13a0371eb63464679719525d"></a>
<h2 class="memtitle"><span class="permalink"><a href="#ga0c23fb2d13a0371eb63464679719525d">◆ </a></span>sss_certmap_add_rule()</h2>
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">int sss_certmap_add_rule </td>
<td>(</td>
<td class="paramtype">struct sss_certmap_ctx * </td>
<td class="paramname"><em>ctx</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">uint32_t </td>
<td class="paramname"><em>priority</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">const char * </td>
<td class="paramname"><em>match_rule</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">const char * </td>
<td class="paramname"><em>map_rule</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">const char ** </td>
<td class="paramname"><em>domains</em> </td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td>
</tr>
</table>
</div><div class="memdoc">
<p>Add a rule to the certmap context. </p>
<dl class="params"><dt>Parameters</dt><dd>
<table class="params">
<tr><td class="paramdir">[in]</td><td class="paramname">ctx</td><td>certmap context previously initialized with <a class="el" href="group__sss__certmap.html#ga9c2cd86a51d26536d64b6e2830fa7ac8">sss_certmap_init</a> </td></tr>
<tr><td class="paramdir">[in]</td><td class="paramname">priority</td><td>priority of the rule, 0 is the hightest priority, the lowest is SSS_CERTMAP_MIN_PRIO </td></tr>
<tr><td class="paramdir">[in]</td><td class="paramname">match_rule</td><td>String with the matching rule </td></tr>
<tr><td class="paramdir">[in]</td><td class="paramname">map_rule</td><td>String with the mapping rule </td></tr>
<tr><td class="paramdir">[in]</td><td class="paramname">domains</td><td>NULL-terminated string array with a list of domains the rule should be valid for, i.e. only this domains should be searched for matching users</td></tr>
</table>
</dd>
</dl>
<dl class="section return"><dt>Returns</dt><dd><ul>
<li>0: success </li>
</ul>
</dd></dl>
</div>
</div>
<a id="ga0eeecccf37d34dafb78ef0482e84926a"></a>
<h2 class="memtitle"><span class="permalink"><a href="#ga0eeecccf37d34dafb78ef0482e84926a">◆ </a></span>sss_certmap_free_ctx()</h2>
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void sss_certmap_free_ctx </td>
<td>(</td>
<td class="paramtype">struct sss_certmap_ctx * </td>
<td class="paramname"><em>ctx</em></td><td>)</td>
<td></td>
</tr>
</table>
</div><div class="memdoc">
<p>Free certmap context. </p>
<dl class="params"><dt>Parameters</dt><dd>
<table class="params">
<tr><td class="paramdir">[in]</td><td class="paramname">ctx</td><td>certmap context previously initialized with <a class="el" href="group__sss__certmap.html#ga9c2cd86a51d26536d64b6e2830fa7ac8">sss_certmap_init</a>, may be NULL </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a id="ga7944c89e92883b7c2fe8c279b02bd1a8"></a>
<h2 class="memtitle"><span class="permalink"><a href="#ga7944c89e92883b7c2fe8c279b02bd1a8">◆ </a></span>sss_certmap_free_filter_and_domains()</h2>
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">void sss_certmap_free_filter_and_domains </td>
<td>(</td>
<td class="paramtype">char * </td>
<td class="paramname"><em>filter</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">char ** </td>
<td class="paramname"><em>domains</em> </td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td>
</tr>
</table>
</div><div class="memdoc">
<p>Free data returned by <a class="el" href="group__sss__certmap.html#ga5b3549a0b8bb1343351a0154eaf9d5c5">sss_certmap_get_search_filter</a>. </p>
<dl class="params"><dt>Parameters</dt><dd>
<table class="params">
<tr><td class="paramdir">[in]</td><td class="paramname">filter</td><td>LDAP filter strings returned by sss_certmap_get_search_filter </td></tr>
<tr><td class="paramdir">[in]</td><td class="paramname">domains</td><td>string array of domains returned by sss_certmap_get_search_filter </td></tr>
</table>
</dd>
</dl>
</div>
</div>
<a id="ga5b3549a0b8bb1343351a0154eaf9d5c5"></a>
<h2 class="memtitle"><span class="permalink"><a href="#ga5b3549a0b8bb1343351a0154eaf9d5c5">◆ </a></span>sss_certmap_get_search_filter()</h2>
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">int sss_certmap_get_search_filter </td>
<td>(</td>
<td class="paramtype">struct sss_certmap_ctx * </td>
<td class="paramname"><em>ctx</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">const uint8_t * </td>
<td class="paramname"><em>der_cert</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">size_t </td>
<td class="paramname"><em>der_size</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">char ** </td>
<td class="paramname"><em>filter</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">char *** </td>
<td class="paramname"><em>domains</em> </td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td>
</tr>
</table>
</div><div class="memdoc">
<p>Get the LDAP filter string for a certificate. </p>
<dl class="params"><dt>Parameters</dt><dd>
<table class="params">
<tr><td class="paramdir">[in]</td><td class="paramname">ctx</td><td>certmap context previously initialized with <a class="el" href="group__sss__certmap.html#ga9c2cd86a51d26536d64b6e2830fa7ac8">sss_certmap_init</a> </td></tr>
<tr><td class="paramdir">[in]</td><td class="paramname">der_cert</td><td>binary blog with the DER encoded certificate </td></tr>
<tr><td class="paramdir">[in]</td><td class="paramname">der_size</td><td>size of the certificate blob </td></tr>
<tr><td class="paramdir">[out]</td><td class="paramname">filter</td><td>LDAP filter string, caller should free the data by calling sss_certmap_free_filter_and_domains </td></tr>
<tr><td class="paramdir">[out]</td><td class="paramname">domains</td><td>NULL-terminated array of strings with the domains the rule applies, caller should free the data by calling sss_certmap_free_filter_and_domains</td></tr>
</table>
</dd>
</dl>
<dl class="section return"><dt>Returns</dt><dd><ul>
<li>0: certificate matches a rule</li>
<li>ENOENT: certificate does not match</li>
<li>EINVAL: internal error </li>
</ul>
</dd></dl>
</div>
</div>
<a id="ga9c2cd86a51d26536d64b6e2830fa7ac8"></a>
<h2 class="memtitle"><span class="permalink"><a href="#ga9c2cd86a51d26536d64b6e2830fa7ac8">◆ </a></span>sss_certmap_init()</h2>
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">int sss_certmap_init </td>
<td>(</td>
<td class="paramtype">TALLOC_CTX * </td>
<td class="paramname"><em>mem_ctx</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype"><a class="el" href="group__sss__certmap.html#gac80bf9c5fb28d4507e89ff7a36957c11">sss_certmap_ext_debug</a> * </td>
<td class="paramname"><em>debug</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">void * </td>
<td class="paramname"><em>debug_priv</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">struct sss_certmap_ctx ** </td>
<td class="paramname"><em>ctx</em> </td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td>
</tr>
</table>
</div><div class="memdoc">
<p>Initialize certmap context. </p>
<dl class="params"><dt>Parameters</dt><dd>
<table class="params">
<tr><td class="paramdir">[in]</td><td class="paramname">mem_ctx</td><td>Talloc memory context, may be NULL </td></tr>
<tr><td class="paramdir">[in]</td><td class="paramname">debug</td><td>Callback to handle debug output, may be NULL </td></tr>
<tr><td class="paramdir">[in]</td><td class="paramname">debug_priv</td><td>Private data for debugging callback, may be NULL </td></tr>
<tr><td class="paramdir">[out]</td><td class="paramname">ctx</td><td>New certmap context</td></tr>
</table>
</dd>
</dl>
<dl class="section return"><dt>Returns</dt><dd><ul>
<li>0: success</li>
<li>ENOMEM: failed to allocate internal Talloc context</li>
<li>EINVAL: ctx is NULL </li>
</ul>
</dd></dl>
</div>
</div>
<a id="ga0a1d6c73648130a76b5d2aa3792ebd11"></a>
<h2 class="memtitle"><span class="permalink"><a href="#ga0a1d6c73648130a76b5d2aa3792ebd11">◆ </a></span>sss_certmap_match_cert()</h2>
<div class="memitem">
<div class="memproto">
<table class="memname">
<tr>
<td class="memname">int sss_certmap_match_cert </td>
<td>(</td>
<td class="paramtype">struct sss_certmap_ctx * </td>
<td class="paramname"><em>ctx</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">const uint8_t * </td>
<td class="paramname"><em>der_cert</em>, </td>
</tr>
<tr>
<td class="paramkey"></td>
<td></td>
<td class="paramtype">size_t </td>
<td class="paramname"><em>der_size</em> </td>
</tr>
<tr>
<td></td>
<td>)</td>
<td></td><td></td>
</tr>
</table>
</div><div class="memdoc">
<p>Check if a certificate matches any of the applied rules. </p>
<dl class="params"><dt>Parameters</dt><dd>
<table class="params">
<tr><td class="paramdir">[in]</td><td class="paramname">ctx</td><td>certmap context previously initialized with <a class="el" href="group__sss__certmap.html#ga9c2cd86a51d26536d64b6e2830fa7ac8">sss_certmap_init</a> </td></tr>
<tr><td class="paramdir">[in]</td><td class="paramname">der_cert</td><td>binary blog with the DER encoded certificate </td></tr>
<tr><td class="paramdir">[in]</td><td class="paramname">der_size</td><td>size of the certificate blob</td></tr>
</table>
</dd>
</dl>
<dl class="section return"><dt>Returns</dt><dd><ul>
<li>0: certificate matches a rule</li>
<li>ENOENT: certificate does not match</li>
<li>EINVAL: internal error </li>
</ul>
</dd></dl>
</div>
</div>
</div><!-- contents -->
<!-- start footer part -->
<hr class="footer"/><address class="footer"><small>
Generated by  <a href="http://www.doxygen.org/index.html">
<img class="footer" src="doxygen.png" alt="doxygen"/>
</a> 1.8.15
</small></address>
</body>
</html>
