diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2011-07-01 17:45:05 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-07-11 16:52:52 -0400 |
commit | 97c93859e310bc8e4ad5f011e42a5fccd4a7f369 (patch) | |
tree | a2aca7d7913f656fe2044ea80af5f278af6ade00 | |
parent | 2e1973b90ea87b343d39fef1f6393cc201989ecd (diff) | |
download | sssd-97c93859e310bc8e4ad5f011e42a5fccd4a7f369.tar.gz sssd-97c93859e310bc8e4ad5f011e42a5fccd4a7f369.tar.bz2 sssd-97c93859e310bc8e4ad5f011e42a5fccd4a7f369.zip |
Escape IP address in kdcinfo
https://fedorahosted.org/sssd/ticket/909
-rw-r--r-- | src/providers/ipa/ipa_common.c | 20 | ||||
-rw-r--r-- | src/providers/krb5/krb5_common.c | 30 |
2 files changed, 36 insertions, 14 deletions
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 6301355d..8f4eeb6b 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -639,15 +639,6 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) return; } - safe_address = sss_escape_ip_address(tmp_ctx, - srvaddr->family, - address); - if (safe_address == NULL) { - DEBUG(1, ("sss_ldap_escape_ip_address failed.\n")); - talloc_free(tmp_ctx); - return; - } - new_uri = talloc_asprintf(service, "ldap://%s", fo_get_server_name(server)); if (!new_uri) { DEBUG(2, ("Failed to copy URI ...\n")); @@ -664,7 +655,16 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) talloc_zfree(service->krb5_service->address); service->krb5_service->address = talloc_steal(service, address); - ret = write_krb5info_file(service->krb5_service->realm, address, + safe_address = sss_escape_ip_address(tmp_ctx, + srvaddr->family, + address); + if (safe_address == NULL) { + DEBUG(1, ("sss_escape_ip_address failed.\n")); + talloc_free(tmp_ctx); + return; + } + + ret = write_krb5info_file(service->krb5_service->realm, safe_address, SSS_KRB5KDC_FO_SRV); if (ret != EOK) { DEBUG(2, ("write_krb5info_file failed, authentication might fail.\n")); diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index b3d8d222..2a3e7c21 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -379,11 +379,20 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server) struct krb5_service *krb5_service; struct resolv_hostent *srvaddr; char *address; + char *safe_address; int ret; + TALLOC_CTX *tmp_ctx = NULL; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(1, ("talloc_new failed\n")); + return; + } krb5_service = talloc_get_type(private_data, struct krb5_service); if (!krb5_service) { DEBUG(1, ("FATAL: Bad private_data\n")); + talloc_free(tmp_ctx); return; } @@ -391,31 +400,44 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server) if (!srvaddr) { DEBUG(1, ("FATAL: No hostent available for server (%s)\n", fo_get_server_name(server))); + talloc_free(tmp_ctx); return; } address = resolv_get_string_address(krb5_service, srvaddr); if (address == NULL) { DEBUG(1, ("resolv_get_string_address failed.\n")); + talloc_free(tmp_ctx); return; } - address = talloc_asprintf_append(address, ":%d", - fo_get_server_port(server)); - if (address == NULL) { + safe_address = sss_escape_ip_address(tmp_ctx, + srvaddr->family, + address); + if (safe_address == NULL) { + DEBUG(1, ("sss_escape_ip_address failed.\n")); + talloc_free(tmp_ctx); + return; + } + + safe_address = talloc_asprintf_append(safe_address, ":%d", + fo_get_server_port(server)); + if (safe_address == NULL) { DEBUG(1, ("talloc_asprintf_append failed.\n")); + talloc_free(tmp_ctx); return; } talloc_zfree(krb5_service->address); krb5_service->address = address; - ret = write_krb5info_file(krb5_service->realm, address, + ret = write_krb5info_file(krb5_service->realm, safe_address, krb5_service->name); if (ret != EOK) { DEBUG(2, ("write_krb5info_file failed, authentication might fail.\n")); } + talloc_free(tmp_ctx); return; } |