diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2011-05-27 12:44:19 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-06-02 14:07:45 -0400 |
commit | 65d6947bc1f6bbe59c95ff3120b435a8acccc1d3 (patch) | |
tree | d7718573a13c6bf60567d840ec09f9b96dd36a35 /src | |
parent | f8202685c80ca49734d554999062c58f4f470c37 (diff) | |
download | sssd-65d6947bc1f6bbe59c95ff3120b435a8acccc1d3.tar.gz sssd-65d6947bc1f6bbe59c95ff3120b435a8acccc1d3.tar.xz sssd-65d6947bc1f6bbe59c95ff3120b435a8acccc1d3.zip |
Use escaped IP addresses in LDAP provider
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/ldap/ldap_common.c | 62 |
1 files changed, 56 insertions, 6 deletions
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 5c5958380..453e7d762 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -531,35 +531,84 @@ int sdap_id_setup_tasks(struct sdap_id_ctx *ctx) static void sdap_uri_callback(void *private_data, struct fo_server *server) { + TALLOC_CTX *tmp_ctx = NULL; struct sdap_service *service; + struct hostent *srvaddr; + char *address; + const char *safe_address; const char *tmp; char *new_uri; + LDAPURLDesc *lud; + int ret; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(1, ("talloc_new failed\n")); + return; + } service = talloc_get_type(private_data, struct sdap_service); - if (!service) return; + if (!service) { + talloc_free(tmp_ctx); + return; + } tmp = (const char *)fo_get_server_user_data(server); + srvaddr = fo_get_server_hostent(server); + if (!srvaddr) { + DEBUG(1, ("FATAL: No hostent available for server (%s)\n", + fo_get_server_name(server))); + talloc_free(tmp_ctx); + return; + } + + address = resolv_get_string_address(tmp_ctx, srvaddr); + if (address == NULL) { + DEBUG(1, ("resolv_get_string_address failed.\n")); + talloc_free(tmp_ctx); + return; + } + + safe_address = sss_ldap_escape_ip_address(tmp_ctx, + srvaddr->h_addrtype, + address); + talloc_zfree(address); + if (safe_address == NULL) { + DEBUG(1, ("sss_ldap_escape_ip_address failed.\n")); + talloc_free(tmp_ctx); + return; + } + if (fo_is_srv_lookup(server)) { if (!tmp) { DEBUG(1, ("Unknown service, using ldap\n")); tmp = SSS_LDAP_SRV_NAME; } new_uri = talloc_asprintf(service, "%s://%s:%d", - tmp, - fo_get_server_name(server), + tmp, safe_address, fo_get_server_port(server)); } else { if (tmp && ldap_is_ldap_url(tmp)) { - new_uri = talloc_strdup(service, tmp); + ret = ldap_url_parse(tmp, &lud); + if (ret != LDAP_SUCCESS) { + DEBUG(0, ("Failed to parse ldap URI (%s)!\n", tmp)); + talloc_free(tmp_ctx); + return; + } + new_uri = talloc_asprintf(service, "%s://%s:%d", + lud->lud_scheme, + safe_address, + fo_get_server_port(server)); + ldap_free_urldesc(lud); } else { - new_uri = talloc_asprintf(service, "ldap://%s", - fo_get_server_name(server)); + new_uri = talloc_asprintf(service, "ldap://%s", safe_address); } } if (!new_uri) { DEBUG(2, ("Failed to copy URI ...\n")); + talloc_free(tmp_ctx); return; } @@ -568,6 +617,7 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server) /* free old one and replace with new one */ talloc_zfree(service->uri); service->uri = new_uri; + talloc_free(tmp_ctx); } static void sdap_finalize(struct tevent_context *ev, |