summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2011-07-01 17:45:05 +0200
committerStephen Gallagher <sgallagh@redhat.com>2011-07-11 16:52:52 -0400
commit97c93859e310bc8e4ad5f011e42a5fccd4a7f369 (patch)
treea2aca7d7913f656fe2044ea80af5f278af6ade00
parent2e1973b90ea87b343d39fef1f6393cc201989ecd (diff)
downloadsssd-97c93859e310bc8e4ad5f011e42a5fccd4a7f369.tar.gz
sssd-97c93859e310bc8e4ad5f011e42a5fccd4a7f369.tar.bz2
sssd-97c93859e310bc8e4ad5f011e42a5fccd4a7f369.zip
Escape IP address in kdcinfo
https://fedorahosted.org/sssd/ticket/909
-rw-r--r--src/providers/ipa/ipa_common.c20
-rw-r--r--src/providers/krb5/krb5_common.c30
2 files changed, 36 insertions, 14 deletions
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index 6301355d..8f4eeb6b 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -639,15 +639,6 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server)
return;
}
- safe_address = sss_escape_ip_address(tmp_ctx,
- srvaddr->family,
- address);
- if (safe_address == NULL) {
- DEBUG(1, ("sss_ldap_escape_ip_address failed.\n"));
- talloc_free(tmp_ctx);
- return;
- }
-
new_uri = talloc_asprintf(service, "ldap://%s", fo_get_server_name(server));
if (!new_uri) {
DEBUG(2, ("Failed to copy URI ...\n"));
@@ -664,7 +655,16 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server)
talloc_zfree(service->krb5_service->address);
service->krb5_service->address = talloc_steal(service, address);
- ret = write_krb5info_file(service->krb5_service->realm, address,
+ safe_address = sss_escape_ip_address(tmp_ctx,
+ srvaddr->family,
+ address);
+ if (safe_address == NULL) {
+ DEBUG(1, ("sss_escape_ip_address failed.\n"));
+ talloc_free(tmp_ctx);
+ return;
+ }
+
+ ret = write_krb5info_file(service->krb5_service->realm, safe_address,
SSS_KRB5KDC_FO_SRV);
if (ret != EOK) {
DEBUG(2, ("write_krb5info_file failed, authentication might fail.\n"));
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
index b3d8d222..2a3e7c21 100644
--- a/src/providers/krb5/krb5_common.c
+++ b/src/providers/krb5/krb5_common.c
@@ -379,11 +379,20 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server)
struct krb5_service *krb5_service;
struct resolv_hostent *srvaddr;
char *address;
+ char *safe_address;
int ret;
+ TALLOC_CTX *tmp_ctx = NULL;
+
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ DEBUG(1, ("talloc_new failed\n"));
+ return;
+ }
krb5_service = talloc_get_type(private_data, struct krb5_service);
if (!krb5_service) {
DEBUG(1, ("FATAL: Bad private_data\n"));
+ talloc_free(tmp_ctx);
return;
}
@@ -391,31 +400,44 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server)
if (!srvaddr) {
DEBUG(1, ("FATAL: No hostent available for server (%s)\n",
fo_get_server_name(server)));
+ talloc_free(tmp_ctx);
return;
}
address = resolv_get_string_address(krb5_service, srvaddr);
if (address == NULL) {
DEBUG(1, ("resolv_get_string_address failed.\n"));
+ talloc_free(tmp_ctx);
return;
}
- address = talloc_asprintf_append(address, ":%d",
- fo_get_server_port(server));
- if (address == NULL) {
+ safe_address = sss_escape_ip_address(tmp_ctx,
+ srvaddr->family,
+ address);
+ if (safe_address == NULL) {
+ DEBUG(1, ("sss_escape_ip_address failed.\n"));
+ talloc_free(tmp_ctx);
+ return;
+ }
+
+ safe_address = talloc_asprintf_append(safe_address, ":%d",
+ fo_get_server_port(server));
+ if (safe_address == NULL) {
DEBUG(1, ("talloc_asprintf_append failed.\n"));
+ talloc_free(tmp_ctx);
return;
}
talloc_zfree(krb5_service->address);
krb5_service->address = address;
- ret = write_krb5info_file(krb5_service->realm, address,
+ ret = write_krb5info_file(krb5_service->realm, safe_address,
krb5_service->name);
if (ret != EOK) {
DEBUG(2, ("write_krb5info_file failed, authentication might fail.\n"));
}
+ talloc_free(tmp_ctx);
return;
}