summaryrefslogtreecommitdiffstats
path: root/src/providers/ipa
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2011-06-27 10:03:03 +0200
committerStephen Gallagher <sgallagh@redhat.com>2011-07-13 12:35:45 -0400
commitddcbb85ed4402b6e877b22d60610d206b1a19bc8 (patch)
treeac80de4a876a046945e0a17b99d1cde5b5710920 /src/providers/ipa
parent90f150f678347f1f73ee4280cd523021e307d861 (diff)
downloadsssd-ddcbb85ed4402b6e877b22d60610d206b1a19bc8.tar.gz
sssd-ddcbb85ed4402b6e877b22d60610d206b1a19bc8.tar.xz
sssd-ddcbb85ed4402b6e877b22d60610d206b1a19bc8.zip
Fix TLS/SSL validation after switch to ldap_init_fd
Add sockaddr_storage to sdap_service Add sdap_call_conn_cb() to call add connection callback directly Use name based URI instead of IP address based URIs Use ldap_init_fd() instead of ldap_initialize() if available Do not access state after tevent_req_done() is called. Call ldap_install_tls() on ldaps connections
Diffstat (limited to 'src/providers/ipa')
-rw-r--r--src/providers/ipa/ipa_common.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index 647c1c187..c1581305d 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -558,6 +558,7 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server)
TALLOC_CTX *tmp_ctx = NULL;
struct ipa_service *service;
struct resolv_hostent *srvaddr;
+ struct sockaddr_storage *sockaddr;
char *address;
const char *safe_address;
char *new_uri;
@@ -584,6 +585,13 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server)
return;
}
+ sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, LDAP_PORT);
+ if (sockaddr == NULL) {
+ DEBUG(1, ("resolv_get_sockaddr_address failed.\n"));
+ talloc_free(tmp_ctx);
+ return;
+ }
+
address = resolv_get_string_address(tmp_ctx, srvaddr);
if (address == NULL) {
DEBUG(1, ("resolv_get_string_address failed.\n"));
@@ -600,7 +608,7 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server)
return;
}
- new_uri = talloc_asprintf(service, "ldap://%s", safe_address);
+ new_uri = talloc_asprintf(service, "ldap://%s", fo_get_server_name(server));
if (!new_uri) {
DEBUG(2, ("Failed to copy URI ...\n"));
talloc_free(tmp_ctx);
@@ -611,6 +619,8 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server)
/* free old one and replace with new one */
talloc_zfree(service->sdap->uri);
service->sdap->uri = new_uri;
+ talloc_zfree(service->sdap->sockaddr);
+ service->sdap->sockaddr = talloc_steal(service, sockaddr);
talloc_zfree(service->krb5_service->address);
service->krb5_service->address = talloc_steal(service, address);