diff options
author | Pavel Březina <pbrezina@redhat.com> | 2013-02-01 12:17:47 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-02-14 19:33:23 +0100 |
commit | ad65d4ef017e87c1be4b1054e1276f5256a77bfc (patch) | |
tree | 91b1d6b2fa79774c971049fdebb244a8bda689a9 /src/providers/ipa/ipa_subdomains.c | |
parent | 58c11aa20c7a9c4ead79f4e1241d4e13c16af0a8 (diff) | |
download | sssd-ad65d4ef017e87c1be4b1054e1276f5256a77bfc.tar.gz sssd-ad65d4ef017e87c1be4b1054e1276f5256a77bfc.tar.bz2 sssd-ad65d4ef017e87c1be4b1054e1276f5256a77bfc.zip |
subdomains: replace invalid characters with underscore in krb5 mapping file name
https://fedorahosted.org/sssd/ticket/1795
Only alpha-numeric chars, dashes and underscores are allowed in
krb5 include directory.
Diffstat (limited to 'src/providers/ipa/ipa_subdomains.c')
-rw-r--r-- | src/providers/ipa/ipa_subdomains.c | 27 |
1 files changed, 26 insertions, 1 deletions
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index 28811ae7..7d6e5958 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -245,21 +245,46 @@ ipa_subdomains_write_mappings(struct sss_domain_info *domain) errno_t err; TALLOC_CTX *tmp_ctx; const char *mapping_file; + char *sanitized_domain; char *tmp_file = NULL; int fd = -1; mode_t old_mode; FILE *fstream = NULL; + int i; + + if (domain == NULL || domain->name == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("No domain name provided\n")); + return EINVAL; + } tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; + sanitized_domain = talloc_strdup(tmp_ctx, domain->name); + if (sanitized_domain == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup() failed\n")); + return ENOMEM; + } + + /* only alpha-numeric chars, dashes and underscores are allowed in + * krb5 include directory */ + for (i = 0; sanitized_domain[i] != '\0'; i++) { + if (!isalnum(sanitized_domain[i]) + && sanitized_domain[i] != '-' && sanitized_domain[i] != '_') { + sanitized_domain[i] = '_'; + } + } + mapping_file = talloc_asprintf(tmp_ctx, "%s/domain_realm_%s", - IPA_SUBDOMAIN_MAPPING_DIR, domain->name); + IPA_SUBDOMAIN_MAPPING_DIR, sanitized_domain); if (!mapping_file) { ret = ENOMEM; goto done; } + DEBUG(SSSDBG_FUNC_DATA, ("Mapping file for domain [%s] is [%s]\n", + domain->name, mapping_file)); + tmp_file = talloc_asprintf(tmp_ctx, "%sXXXXXX", mapping_file); if (tmp_file == NULL) { ret = ENOMEM; |