/*
SSSD
Library for rule based certificate to user mapping
Authors:
Sumit Bose <sbose@redhat.com>
Copyright (C) 2017 Red Hat
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _SSS_CERTMAP_H_
#define _SSS_CERTMAP_H_
#include <stdlib.h>
#include <stdint.h>
#include <talloc.h>
/**
* @defgroup sss_certmap Allow rule-based mapping of certificates to users
* Libsss_certmap provides a mechanism to map X509 certificate to users based
* on rules.
* @{
*/
/**
* Opaque type for the idmap context
*/
struct sss_certmap_ctx;
/**
* Lowest priority of a rule
*/
/**
* Typedef for external debug callback
*/
const char *function,
const char *format, ...);
/**
* @brief Initialize certmap context
*
* @param[in] mem_ctx Talloc memory context, may be NULL
* @param[in] debug Callback to handle debug output, may be NULL
* @param[in] debug_priv Private data for debugging callback, may be NULL
* @param[out] ctx New certmap context
*
* @return
* - 0: success
* - ENOMEM: failed to allocate internal Talloc context
* - EINVAL: ctx is NULL
*/
struct sss_certmap_ctx **ctx);
/**
* @brief Free certmap context
*
* @param[in] ctx certmap context previously initialized with
* @ref sss_certmap_init, may be NULL
*/
/**
* @brief Add a rule to the certmap context
*
* @param[in] ctx certmap context previously initialized with
* @ref sss_certmap_init
* @param[in] priority priority of the rule, 0 is the hightest priority, the
* lowest is SSS_CERTMAP_MIN_PRIO
* @param[in] match_rule String with the matching rule
* @param[in] map_rule String with the mapping rule
* @param[in] domains NULL-terminated string array with a list of domains
* the rule should be valid for, i.e. only this domains
* should be searched for matching users
*
* @return
* - 0: success
*/
/**
* @brief Check if a certificate matches any of the applied rules
*
* @param[in] ctx certmap context previously initialized with
* @ref sss_certmap_init
* @param[in] der_cert binary blog with the DER encoded certificate
* @param[in] der_size size of the certificate blob
*
* @return
* - 0: certificate matches a rule
* - ENOENT: certificate does not match
* - EINVAL: internal error
*/
/**
* @brief Get the LDAP filter string for a certificate
*
* @param[in] ctx certmap context previously initialized with
* @ref sss_certmap_init
* @param[in] der_cert binary blog with the DER encoded certificate
* @param[in] der_size size of the certificate blob
* @param[out] filter LDAP filter string, caller should free the data by
* calling sss_certmap_free_filter_and_domains
* @param[out] domains NULL-terminated array of strings with the domains the
* rule applies, caller should free the data by calling
* sss_certmap_free_filter_and_domains
*
* @return
* - 0: certificate matches a rule
* - ENOENT: certificate does not match
* - EINVAL: internal error
*/
/**
* @brief Free data returned by @ref sss_certmap_get_search_filter
*
* @param[in] filter LDAP filter strings returned by
* sss_certmap_get_search_filter
* @param[in] domains string array of domains returned by
* sss_certmap_get_search_filter
*/
/**
* @}
*/
#endif /* _SSS_CERTMAP_H_ */