Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

certmap: add LDAPU1 mapping rules - sssd-2-8 #6467

Closed
wants to merge 12 commits into from
Closed

certmap: add LDAPU1 mapping rules - sssd-2-8 #6467

wants to merge 12 commits into from

Conversation

sumit-bose
Copy link
Contributor

Add mapping rule templates for the new discovered attributes, templates for
certificate hashes and templates to select individual DN components. To
avoid issues with older versions of the library the new templates must use
the prefix LDAPU1.

:feature: New mapping template for serial number, subject key id, SID,
certificate hashes and DN components are added to
libsss_certmap.

Resolves: #6403
Resolves: #6404

@sumit-bose
certmap: add support for serial number
58371a2 
Read the serial number of the certificate and make it available.

Resolves: SSSD#6403

(cherry picked from commit 3f8bc87)
@sumit-bose
certamp: add support for subject key id
7deb689 
Read the subject key id from the certificate and make it available.

Resolves: SSSD#6403

(cherry picked from commit 10d977a)
@sumit-bose
certmap: add support for SID extension
5661431 
Check if the SID extension is available, read the SID and make it
available.

Resolves: SSSD#6403

(cherry picked from commit 9e1b711)
@sumit-bose
certmap: fix for SAN URI
d6a8af6 
The URI was not added to the list of subject alternative names.

(cherry picked from commit f293507)
@sumit-bose
certmap: add bin_to_hex() helper function
01f6295 
This patch adds a helper function to format hexadecimal strings of
binary data.

Resolves: SSSD#6403

(cherry picked from commit c4085c9)
@sumit-bose
sssctl: add cert-eval-rule sub-command
93d7793 
The new 'cert-eval-rule' sub-command of sssctl show the results of given
matching and mapping rules on a given certificate. This should help to
find suitable mapping and matching rules and to understand why given
certificate is matched or not.

Resolves: SSSD#6403

(cherry picked from commit 11483f1)
@sumit-bose
certmap: add get_digest_list() and get_hash()
53223fe 
Add support to calculate hash/digest values of binary data, e.g. of a
certificate.

Resolves: SSSD#6404

(cherry picked from commit 3676a4f)
@sumit-bose
certmap: dump new attributes in sss_cert_dump_content()
8c751ca 
Add the newly discovered certificate values, i.e. serial number, subject
key id and SID to the output of sss_cert_dump_content() which is used
e.g. by 'sssctl cert-show'.

Resolves: SSSD#6403

(cherry picked from commit 0a90610)
@sumit-bose
certmap: add LDAPU1 mapping rules
353e949 
Add mapping rule templates for the new discovered attributes, templates
for certificate hashes and templates to select individual DN components.
To avoid issues with older versions of the library the new templates
must use the prefix LDAPU1.

:feature: New mapping template for serial number, subject key id, SID,
          certificate hashes and DN components are added to
          libsss_certmap.

Resolves: SSSD#6403

(cherry picked from commit 1303c62)
@sumit-bose
certmap: add tests for new attributes and LDAPU1 rules
98e7e6f 
Resolves: SSSD#6403

(cherry picked from commit 4ac53fb)
@sumit-bose
certmap: add LDAPU1 rules to man page
62d51d7 
This patch adds the new LDAPU1 mapping rule templates to the sss-certmap
man page.

Resolves: SSSD#6403

(cherry picked from commit 882f560)
@sumit-bose
certmap: Add documentation for some internal functions
4070e8e 
Resolves: SSSD#6403

(cherry picked from commit b0bdf71)
@sumit-bose sumit-bose mentioned this pull request Dec 2, 2022
Closed
@alexey-tikhonov
Copy link
Member

Pushed PR: #6467

  • sssd-2-8
    • 12e39a4 - certmap: Add documentation for some internal functions
    • 925d8a9 - certmap: add LDAPU1 rules to man page
    • 1714206 - certmap: add tests for new attributes and LDAPU1 rules
    • 698d568 - certmap: add LDAPU1 mapping rules
    • 8a6a874 - certmap: dump new attributes in sss_cert_dump_content()
    • 3f336da - certmap: add get_digest_list() and get_hash()
    • 9a45e61 - sssctl: add cert-eval-rule sub-command
    • 6ad29f9 - certmap: add bin_to_hex() helper function
    • 8d8e3c7 - certmap: fix for SAN URI
    • 47f3408 - certmap: add support for SID extension
    • a2bca35 - certamp: add support for subject key id
    • cca0233 - certmap: add support for serial number

This was referenced Dec 2, 2022
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@justin-stephenson justin-stephenson justin-stephenson approved these changes

@alexey-tikhonov alexey-tikhonov alexey-tikhonov approved these changes

Assignees

@justin-stephenson justin-stephenson

@alexey-tikhonov alexey-tikhonov

Labels
Bugzilla Pushed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sumit-bose @alexey-tikhonov @justin-stephenson