diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2011-05-27 12:52:58 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-06-02 14:07:45 -0400 |
commit | 11ce5aed0bd637e036e743e3f6ab276c7107f641 (patch) | |
tree | 0e2a0a393035259a3aad4f774abe33a18ea25aec /src | |
parent | 65d6947bc1f6bbe59c95ff3120b435a8acccc1d3 (diff) | |
download | sssd-11ce5aed0bd637e036e743e3f6ab276c7107f641.tar.gz sssd-11ce5aed0bd637e036e743e3f6ab276c7107f641.tar.bz2 sssd-11ce5aed0bd637e036e743e3f6ab276c7107f641.zip |
Escape IPv6 IP addresses in the IPA provider
https://fedorahosted.org/sssd/ticket/880
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/ipa/ipa_common.c | 30 |
1 files changed, 26 insertions, 4 deletions
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index eadbda35..6d8a02f2 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -590,15 +590,24 @@ done: static void ipa_resolve_callback(void *private_data, struct fo_server *server) { + TALLOC_CTX *tmp_ctx = NULL; struct ipa_service *service; struct hostent *srvaddr; char *address; + const char *safe_address; char *new_uri; int ret; + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(1, ("talloc_new failed\n")); + return; + } + service = talloc_get_type(private_data, struct ipa_service); if (!service) { DEBUG(1, ("FATAL: Bad private_data\n")); + talloc_free(tmp_ctx); return; } @@ -606,27 +615,39 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) if (!srvaddr) { DEBUG(1, ("FATAL: No hostent available for server (%s)\n", fo_get_server_name(server))); + talloc_free(tmp_ctx); return; } - address = resolv_get_string_address(service, srvaddr); + address = resolv_get_string_address(tmp_ctx, srvaddr); if (address == NULL) { DEBUG(1, ("resolv_get_string_address failed.\n")); + talloc_free(tmp_ctx); + return; + } + + safe_address = sss_ldap_escape_ip_address(tmp_ctx, + srvaddr->h_addrtype, + address); + if (safe_address == NULL) { + DEBUG(1, ("sss_ldap_escape_ip_address failed.\n")); + talloc_free(tmp_ctx); return; } - new_uri = talloc_asprintf(service, "ldap://%s", address); + new_uri = talloc_asprintf(service, "ldap://%s", safe_address); if (!new_uri) { DEBUG(2, ("Failed to copy URI ...\n")); - talloc_free(address); + talloc_free(tmp_ctx); return; } + DEBUG(6, ("Constructed uri '%s'\n", new_uri)); /* free old one and replace with new one */ talloc_zfree(service->sdap->uri); service->sdap->uri = new_uri; talloc_zfree(service->krb5_service->address); - service->krb5_service->address = address; + service->krb5_service->address = talloc_steal(service, address); ret = write_krb5info_file(service->krb5_service->realm, address, SSS_KRB5KDC_FO_SRV); @@ -634,6 +655,7 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) DEBUG(2, ("write_krb5info_file failed, authentication might fail.\n")); } + talloc_free(tmp_ctx); } int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, |