diff options
| author | Sumit Bose <sbose@redhat.com> | 2011-06-27 10:03:03 +0200 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-07-13 12:35:45 -0400 |
| commit | ddcbb85ed4402b6e877b22d60610d206b1a19bc8 (patch) | |
| tree | ac80de4a876a046945e0a17b99d1cde5b5710920 /src/providers/ldap/ldap_common.c | |
| parent | 90f150f678347f1f73ee4280cd523021e307d861 (diff) | |
| download | sssd-ddcbb85ed4402b6e877b22d60610d206b1a19bc8.tar.gz sssd-ddcbb85ed4402b6e877b22d60610d206b1a19bc8.tar.xz sssd-ddcbb85ed4402b6e877b22d60610d206b1a19bc8.zip | |
Fix TLS/SSL validation after switch to ldap_init_fd
Add sockaddr_storage to sdap_service
Add sdap_call_conn_cb() to call add connection callback directly
Use name based URI instead of IP address based URIs
Use ldap_init_fd() instead of ldap_initialize() if available
Do not access state after tevent_req_done() is called.
Call ldap_install_tls() on ldaps connections
Diffstat (limited to 'src/providers/ldap/ldap_common.c')
| -rw-r--r-- | src/providers/ldap/ldap_common.c | 42 |
1 files changed, 9 insertions, 33 deletions
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 950c6e5aa..17b85c3f0 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -530,12 +530,9 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server) TALLOC_CTX *tmp_ctx = NULL; struct sdap_service *service; struct resolv_hostent *srvaddr; - char *address; - const char *safe_address; + struct sockaddr_storage *sockaddr; const char *tmp; char *new_uri; - LDAPURLDesc *lud; - int ret; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { @@ -559,19 +556,10 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server) return; } - address = resolv_get_string_address(tmp_ctx, srvaddr); - if (address == NULL) { - DEBUG(1, ("resolv_get_string_address failed.\n")); - talloc_free(tmp_ctx); - return; - } - - safe_address = sss_ldap_escape_ip_address(tmp_ctx, - srvaddr->family, - address); - talloc_zfree(address); - if (safe_address == NULL) { - DEBUG(1, ("sss_ldap_escape_ip_address failed.\n")); + sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, + fo_get_server_port(server)); + if (sockaddr == NULL) { + DEBUG(1, ("resolv_get_sockaddr_address failed.\n")); talloc_free(tmp_ctx); return; } @@ -582,24 +570,10 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server) tmp = SSS_LDAP_SRV_NAME; } new_uri = talloc_asprintf(service, "%s://%s:%d", - tmp, safe_address, + tmp, fo_get_server_name(server), fo_get_server_port(server)); } else { - if (tmp && ldap_is_ldap_url(tmp)) { - ret = ldap_url_parse(tmp, &lud); - if (ret != LDAP_SUCCESS) { - DEBUG(0, ("Failed to parse ldap URI (%s)!\n", tmp)); - talloc_free(tmp_ctx); - return; - } - new_uri = talloc_asprintf(service, "%s://%s:%d", - lud->lud_scheme, - safe_address, - fo_get_server_port(server)); - ldap_free_urldesc(lud); - } else { - new_uri = talloc_asprintf(service, "ldap://%s", safe_address); - } + new_uri = talloc_strdup(service, tmp); } if (!new_uri) { @@ -613,6 +587,8 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server) /* free old one and replace with new one */ talloc_zfree(service->uri); service->uri = new_uri; + talloc_zfree(service->sockaddr); + service->sockaddr = talloc_steal(service, sockaddr); talloc_free(tmp_ctx); } |