summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2011-05-27 12:52:58 +0200
committerStephen Gallagher <sgallagh@redhat.com>2011-06-02 14:07:45 -0400
commit11ce5aed0bd637e036e743e3f6ab276c7107f641 (patch)
tree0e2a0a393035259a3aad4f774abe33a18ea25aec /src
parent65d6947bc1f6bbe59c95ff3120b435a8acccc1d3 (diff)
downloadsssd-11ce5aed0bd637e036e743e3f6ab276c7107f641.tar.gz
sssd-11ce5aed0bd637e036e743e3f6ab276c7107f641.tar.bz2
sssd-11ce5aed0bd637e036e743e3f6ab276c7107f641.zip
Escape IPv6 IP addresses in the IPA provider
https://fedorahosted.org/sssd/ticket/880
Diffstat (limited to 'src')
-rw-r--r--src/providers/ipa/ipa_common.c30
1 files changed, 26 insertions, 4 deletions
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index eadbda35..6d8a02f2 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -590,15 +590,24 @@ done:
static void ipa_resolve_callback(void *private_data, struct fo_server *server)
{
+ TALLOC_CTX *tmp_ctx = NULL;
struct ipa_service *service;
struct hostent *srvaddr;
char *address;
+ const char *safe_address;
char *new_uri;
int ret;
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ DEBUG(1, ("talloc_new failed\n"));
+ return;
+ }
+
service = talloc_get_type(private_data, struct ipa_service);
if (!service) {
DEBUG(1, ("FATAL: Bad private_data\n"));
+ talloc_free(tmp_ctx);
return;
}
@@ -606,27 +615,39 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server)
if (!srvaddr) {
DEBUG(1, ("FATAL: No hostent available for server (%s)\n",
fo_get_server_name(server)));
+ talloc_free(tmp_ctx);
return;
}
- address = resolv_get_string_address(service, srvaddr);
+ address = resolv_get_string_address(tmp_ctx, srvaddr);
if (address == NULL) {
DEBUG(1, ("resolv_get_string_address failed.\n"));
+ talloc_free(tmp_ctx);
+ return;
+ }
+
+ safe_address = sss_ldap_escape_ip_address(tmp_ctx,
+ srvaddr->h_addrtype,
+ address);
+ if (safe_address == NULL) {
+ DEBUG(1, ("sss_ldap_escape_ip_address failed.\n"));
+ talloc_free(tmp_ctx);
return;
}
- new_uri = talloc_asprintf(service, "ldap://%s", address);
+ new_uri = talloc_asprintf(service, "ldap://%s", safe_address);
if (!new_uri) {
DEBUG(2, ("Failed to copy URI ...\n"));
- talloc_free(address);
+ talloc_free(tmp_ctx);
return;
}
+ DEBUG(6, ("Constructed uri '%s'\n", new_uri));
/* free old one and replace with new one */
talloc_zfree(service->sdap->uri);
service->sdap->uri = new_uri;
talloc_zfree(service->krb5_service->address);
- service->krb5_service->address = address;
+ service->krb5_service->address = talloc_steal(service, address);
ret = write_krb5info_file(service->krb5_service->realm, address,
SSS_KRB5KDC_FO_SRV);
@@ -634,6 +655,7 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server)
DEBUG(2, ("write_krb5info_file failed, authentication might fail.\n"));
}
+ talloc_free(tmp_ctx);
}
int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,