From 97c93859e310bc8e4ad5f011e42a5fccd4a7f369 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Fri, 1 Jul 2011 17:45:05 +0200 Subject: Escape IP address in kdcinfo https://fedorahosted.org/sssd/ticket/909 --- src/providers/ipa/ipa_common.c | 20 ++++++++++---------- src/providers/krb5/krb5_common.c | 30 ++++++++++++++++++++++++++---- 2 files changed, 36 insertions(+), 14 deletions(-) (limited to 'src/providers') diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 6301355d..8f4eeb6b 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -639,15 +639,6 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) return; } - safe_address = sss_escape_ip_address(tmp_ctx, - srvaddr->family, - address); - if (safe_address == NULL) { - DEBUG(1, ("sss_ldap_escape_ip_address failed.\n")); - talloc_free(tmp_ctx); - return; - } - new_uri = talloc_asprintf(service, "ldap://%s", fo_get_server_name(server)); if (!new_uri) { DEBUG(2, ("Failed to copy URI ...\n")); @@ -664,7 +655,16 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) talloc_zfree(service->krb5_service->address); service->krb5_service->address = talloc_steal(service, address); - ret = write_krb5info_file(service->krb5_service->realm, address, + safe_address = sss_escape_ip_address(tmp_ctx, + srvaddr->family, + address); + if (safe_address == NULL) { + DEBUG(1, ("sss_escape_ip_address failed.\n")); + talloc_free(tmp_ctx); + return; + } + + ret = write_krb5info_file(service->krb5_service->realm, safe_address, SSS_KRB5KDC_FO_SRV); if (ret != EOK) { DEBUG(2, ("write_krb5info_file failed, authentication might fail.\n")); diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c index b3d8d222..2a3e7c21 100644 --- a/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_common.c @@ -379,11 +379,20 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server) struct krb5_service *krb5_service; struct resolv_hostent *srvaddr; char *address; + char *safe_address; int ret; + TALLOC_CTX *tmp_ctx = NULL; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(1, ("talloc_new failed\n")); + return; + } krb5_service = talloc_get_type(private_data, struct krb5_service); if (!krb5_service) { DEBUG(1, ("FATAL: Bad private_data\n")); + talloc_free(tmp_ctx); return; } @@ -391,31 +400,44 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server) if (!srvaddr) { DEBUG(1, ("FATAL: No hostent available for server (%s)\n", fo_get_server_name(server))); + talloc_free(tmp_ctx); return; } address = resolv_get_string_address(krb5_service, srvaddr); if (address == NULL) { DEBUG(1, ("resolv_get_string_address failed.\n")); + talloc_free(tmp_ctx); return; } - address = talloc_asprintf_append(address, ":%d", - fo_get_server_port(server)); - if (address == NULL) { + safe_address = sss_escape_ip_address(tmp_ctx, + srvaddr->family, + address); + if (safe_address == NULL) { + DEBUG(1, ("sss_escape_ip_address failed.\n")); + talloc_free(tmp_ctx); + return; + } + + safe_address = talloc_asprintf_append(safe_address, ":%d", + fo_get_server_port(server)); + if (safe_address == NULL) { DEBUG(1, ("talloc_asprintf_append failed.\n")); + talloc_free(tmp_ctx); return; } talloc_zfree(krb5_service->address); krb5_service->address = address; - ret = write_krb5info_file(krb5_service->realm, address, + ret = write_krb5info_file(krb5_service->realm, safe_address, krb5_service->name); if (ret != EOK) { DEBUG(2, ("write_krb5info_file failed, authentication might fail.\n")); } + talloc_free(tmp_ctx); return; } -- cgit