summaryrefslogtreecommitdiff
path: root/src/providers
diff options
context:
space:
mode:
authorPavel Březina <pbrezina@redhat.com>2013-02-01 12:17:47 +0100
committerJakub Hrozek <jhrozek@redhat.com>2013-02-14 19:33:23 +0100
commitad65d4ef017e87c1be4b1054e1276f5256a77bfc (patch)
tree91b1d6b2fa79774c971049fdebb244a8bda689a9 /src/providers
parent58c11aa20c7a9c4ead79f4e1241d4e13c16af0a8 (diff)
downloadsssd-ad65d4ef017e87c1be4b1054e1276f5256a77bfc.tar.gz
sssd-ad65d4ef017e87c1be4b1054e1276f5256a77bfc.tar.bz2
sssd-ad65d4ef017e87c1be4b1054e1276f5256a77bfc.zip
subdomains: replace invalid characters with underscore in krb5 mapping file name
https://fedorahosted.org/sssd/ticket/1795 Only alpha-numeric chars, dashes and underscores are allowed in krb5 include directory.
Diffstat (limited to 'src/providers')
-rw-r--r--src/providers/ipa/ipa_subdomains.c27
1 files changed, 26 insertions, 1 deletions
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index 28811ae7..7d6e5958 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -245,21 +245,46 @@ ipa_subdomains_write_mappings(struct sss_domain_info *domain)
errno_t err;
TALLOC_CTX *tmp_ctx;
const char *mapping_file;
+ char *sanitized_domain;
char *tmp_file = NULL;
int fd = -1;
mode_t old_mode;
FILE *fstream = NULL;
+ int i;
+
+ if (domain == NULL || domain->name == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("No domain name provided\n"));
+ return EINVAL;
+ }
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) return ENOMEM;
+ sanitized_domain = talloc_strdup(tmp_ctx, domain->name);
+ if (sanitized_domain == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup() failed\n"));
+ return ENOMEM;
+ }
+
+ /* only alpha-numeric chars, dashes and underscores are allowed in
+ * krb5 include directory */
+ for (i = 0; sanitized_domain[i] != '\0'; i++) {
+ if (!isalnum(sanitized_domain[i])
+ && sanitized_domain[i] != '-' && sanitized_domain[i] != '_') {
+ sanitized_domain[i] = '_';
+ }
+ }
+
mapping_file = talloc_asprintf(tmp_ctx, "%s/domain_realm_%s",
- IPA_SUBDOMAIN_MAPPING_DIR, domain->name);
+ IPA_SUBDOMAIN_MAPPING_DIR, sanitized_domain);
if (!mapping_file) {
ret = ENOMEM;
goto done;
}
+ DEBUG(SSSDBG_FUNC_DATA, ("Mapping file for domain [%s] is [%s]\n",
+ domain->name, mapping_file));
+
tmp_file = talloc_asprintf(tmp_ctx, "%sXXXXXX", mapping_file);
if (tmp_file == NULL) {
ret = ENOMEM;