diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2011-05-27 11:44:16 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-06-02 15:23:33 -0400 |
commit | 807402e4e9ac43d0fe7a7533698102a74e23844b (patch) | |
tree | 4b434d4f4613412b4a5280697fe5f687974b04f4 /src/providers/ipa | |
parent | 9e082d13d8b1b66092747db8454de3a0d50ce51f (diff) | |
download | sssd-807402e4e9ac43d0fe7a7533698102a74e23844b.tar.gz sssd-807402e4e9ac43d0fe7a7533698102a74e23844b.tar.xz sssd-807402e4e9ac43d0fe7a7533698102a74e23844b.zip |
Properly support IPv6 in LDAP URIs for IPA and LDAP providers
Add utility function to return IP address as string
Add a utility function to escape IPv6 address for use in URIs
Use escaped IP addresses in LDAP provider
Escape IPv6 IP addresses in the IPA provider
https://fedorahosted.org/sssd/ticket/880
Fix bad merge
We merged in a patch, but missed that it missed a dependency added
by another earlier patch.
Diffstat (limited to 'src/providers/ipa')
-rw-r--r-- | src/providers/ipa/ipa_common.c | 32 |
1 files changed, 24 insertions, 8 deletions
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 7d7f04665..1a81bea75 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -555,15 +555,24 @@ done: static void ipa_resolve_callback(void *private_data, struct fo_server *server) { + TALLOC_CTX *tmp_ctx = NULL; struct ipa_service *service; struct hostent *srvaddr; char *address; + const char *safe_address; char *new_uri; int ret; + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(1, ("talloc_new failed\n")); + return; + } + service = talloc_get_type(private_data, struct ipa_service); if (!service) { DEBUG(1, ("FATAL: Bad private_data\n")); + talloc_free(tmp_ctx); return; } @@ -571,33 +580,39 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) if (!srvaddr) { DEBUG(1, ("FATAL: No hostent available for server (%s)\n", fo_get_server_name(server))); + talloc_free(tmp_ctx); return; } - address = talloc_zero_size(service, 128); + address = resolv_get_string_address(tmp_ctx, srvaddr); if (address == NULL) { - DEBUG(1, ("talloc_zero failed.\n")); + DEBUG(1, ("resolv_get_string_address failed.\n")); + talloc_free(tmp_ctx); return; } - if (inet_ntop(srvaddr->h_addrtype, srvaddr->h_addr_list[0], - address, 128) == NULL) { - DEBUG(1, ("inet_ntop failed [%d][%s].\n", errno, strerror(errno))); + safe_address = sss_ldap_escape_ip_address(tmp_ctx, + srvaddr->h_addrtype, + address); + if (safe_address == NULL) { + DEBUG(1, ("sss_ldap_escape_ip_address failed.\n")); + talloc_free(tmp_ctx); return; } - new_uri = talloc_asprintf(service, "ldap://%s", address); + new_uri = talloc_asprintf(service, "ldap://%s", safe_address); if (!new_uri) { DEBUG(2, ("Failed to copy URI ...\n")); - talloc_free(address); + talloc_free(tmp_ctx); return; } + DEBUG(6, ("Constructed uri '%s'\n", new_uri)); /* free old one and replace with new one */ talloc_zfree(service->sdap->uri); service->sdap->uri = new_uri; talloc_zfree(service->krb5_service->address); - service->krb5_service->address = address; + service->krb5_service->address = talloc_steal(service, address); ret = write_krb5info_file(service->krb5_service->realm, address, SSS_KRB5KDC_FO_SRV); @@ -605,6 +620,7 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) DEBUG(2, ("write_krb5info_file failed, authentication might fail.\n")); } + talloc_free(tmp_ctx); } int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, |