diff options
| author | Pavel Březina <pbrezina@redhat.com> | 2013-02-01 12:17:47 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-02-14 19:38:46 +0100 |
| commit | 270d7141a34d9a175b1e21b8cdb85bf6f3715d23 (patch) | |
| tree | 78c8003e7c4c0adbf32ce7149fd3de0cdc6638a5 /src/providers | |
| parent | fb91c1c9275ae93293d0b182c6ba892438d9cdcf (diff) | |
| download | sssd-270d7141a34d9a175b1e21b8cdb85bf6f3715d23.tar.gz sssd-270d7141a34d9a175b1e21b8cdb85bf6f3715d23.tar.xz sssd-270d7141a34d9a175b1e21b8cdb85bf6f3715d23.zip | |
subdomains: replace invalid characters with underscore in krb5 mapping file name
https://fedorahosted.org/sssd/ticket/1795
Only alpha-numeric chars, dashes and underscores are allowed in
krb5 include directory.
Diffstat (limited to 'src/providers')
| -rw-r--r-- | src/providers/ipa/ipa_subdomains.c | 26 |
1 files changed, 25 insertions, 1 deletions
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index 0bf2e5d8e..45b5a1688 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -294,22 +294,46 @@ ipa_subdomains_write_mappings(struct sss_domain_info *domain, errno_t err; TALLOC_CTX *tmp_ctx; const char *mapping_file; + char *sanitized_domain; char *tmp_file = NULL; int fd = -1; mode_t old_mode; FILE *fstream = NULL; size_t i; + if (domain == NULL || domain->name == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("No domain name provided\n")); + return EINVAL; + } + tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; + sanitized_domain = talloc_strdup(tmp_ctx, domain->name); + if (sanitized_domain == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup() failed\n")); + return ENOMEM; + } + + /* only alpha-numeric chars, dashes and underscores are allowed in + * krb5 include directory */ + for (i = 0; sanitized_domain[i] != '\0'; i++) { + if (!isalnum(sanitized_domain[i]) + && sanitized_domain[i] != '-' && sanitized_domain[i] != '_') { + sanitized_domain[i] = '_'; + } + } + mapping_file = talloc_asprintf(tmp_ctx, "%s/domain_realm_%s", - IPA_SUBDOMAIN_MAPPING_DIR, domain->name); + IPA_SUBDOMAIN_MAPPING_DIR, sanitized_domain); if (!mapping_file) { ret = ENOMEM; goto done; } + DEBUG(SSSDBG_FUNC_DATA, ("Mapping file for domain [%s] is [%s]\n", + domain->name, mapping_file)); + tmp_file = talloc_asprintf(tmp_ctx, "%sXXXXXX", mapping_file); if (tmp_file == NULL) { ret = ENOMEM; |