diff options
author | Sumit Bose <sbose@redhat.com> | 2011-06-27 10:03:03 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-07-13 12:35:45 -0400 |
commit | ddcbb85ed4402b6e877b22d60610d206b1a19bc8 (patch) | |
tree | ac80de4a876a046945e0a17b99d1cde5b5710920 /src/providers/ipa | |
parent | 90f150f678347f1f73ee4280cd523021e307d861 (diff) | |
download | sssd-ddcbb85ed4402b6e877b22d60610d206b1a19bc8.tar.gz sssd-ddcbb85ed4402b6e877b22d60610d206b1a19bc8.tar.xz sssd-ddcbb85ed4402b6e877b22d60610d206b1a19bc8.zip |
Fix TLS/SSL validation after switch to ldap_init_fd
Add sockaddr_storage to sdap_service
Add sdap_call_conn_cb() to call add connection callback directly
Use name based URI instead of IP address based URIs
Use ldap_init_fd() instead of ldap_initialize() if available
Do not access state after tevent_req_done() is called.
Call ldap_install_tls() on ldaps connections
Diffstat (limited to 'src/providers/ipa')
-rw-r--r-- | src/providers/ipa/ipa_common.c | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 647c1c187..c1581305d 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -558,6 +558,7 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) TALLOC_CTX *tmp_ctx = NULL; struct ipa_service *service; struct resolv_hostent *srvaddr; + struct sockaddr_storage *sockaddr; char *address; const char *safe_address; char *new_uri; @@ -584,6 +585,13 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) return; } + sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, LDAP_PORT); + if (sockaddr == NULL) { + DEBUG(1, ("resolv_get_sockaddr_address failed.\n")); + talloc_free(tmp_ctx); + return; + } + address = resolv_get_string_address(tmp_ctx, srvaddr); if (address == NULL) { DEBUG(1, ("resolv_get_string_address failed.\n")); @@ -600,7 +608,7 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) return; } - new_uri = talloc_asprintf(service, "ldap://%s", safe_address); + new_uri = talloc_asprintf(service, "ldap://%s", fo_get_server_name(server)); if (!new_uri) { DEBUG(2, ("Failed to copy URI ...\n")); talloc_free(tmp_ctx); @@ -611,6 +619,8 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) /* free old one and replace with new one */ talloc_zfree(service->sdap->uri); service->sdap->uri = new_uri; + talloc_zfree(service->sdap->sockaddr); + service->sdap->sockaddr = talloc_steal(service, sockaddr); talloc_zfree(service->krb5_service->address); service->krb5_service->address = talloc_steal(service, address); |