diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2011-05-27 12:52:58 +0200 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-06-02 14:12:42 -0400 |
| commit | 6635e492615e83a19b74ccac05efe7b2e31a14e5 (patch) | |
| tree | 559feff81a4647f07c2cbe2115c573f1d5cdebb7 /src | |
| parent | e364b9bd3cd6cda1d51b7ee305988eb9958baab6 (diff) | |
| download | sssd-6635e492615e83a19b74ccac05efe7b2e31a14e5.tar.gz sssd-6635e492615e83a19b74ccac05efe7b2e31a14e5.tar.xz sssd-6635e492615e83a19b74ccac05efe7b2e31a14e5.zip | |
Escape IPv6 IP addresses in the IPA provider
https://fedorahosted.org/sssd/ticket/880
Diffstat (limited to 'src')
| -rw-r--r-- | src/providers/ipa/ipa_common.c | 30 |
1 files changed, 26 insertions, 4 deletions
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 2e54aa9e4..1a81bea75 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -555,15 +555,24 @@ done: static void ipa_resolve_callback(void *private_data, struct fo_server *server) { + TALLOC_CTX *tmp_ctx = NULL; struct ipa_service *service; struct hostent *srvaddr; char *address; + const char *safe_address; char *new_uri; int ret; + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(1, ("talloc_new failed\n")); + return; + } + service = talloc_get_type(private_data, struct ipa_service); if (!service) { DEBUG(1, ("FATAL: Bad private_data\n")); + talloc_free(tmp_ctx); return; } @@ -571,27 +580,39 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) if (!srvaddr) { DEBUG(1, ("FATAL: No hostent available for server (%s)\n", fo_get_server_name(server))); + talloc_free(tmp_ctx); return; } - address = resolv_get_string_address(service, srvaddr); + address = resolv_get_string_address(tmp_ctx, srvaddr); if (address == NULL) { DEBUG(1, ("resolv_get_string_address failed.\n")); + talloc_free(tmp_ctx); + return; + } + + safe_address = sss_ldap_escape_ip_address(tmp_ctx, + srvaddr->h_addrtype, + address); + if (safe_address == NULL) { + DEBUG(1, ("sss_ldap_escape_ip_address failed.\n")); + talloc_free(tmp_ctx); return; } - new_uri = talloc_asprintf(service, "ldap://%s", address); + new_uri = talloc_asprintf(service, "ldap://%s", safe_address); if (!new_uri) { DEBUG(2, ("Failed to copy URI ...\n")); - talloc_free(address); + talloc_free(tmp_ctx); return; } + DEBUG(6, ("Constructed uri '%s'\n", new_uri)); /* free old one and replace with new one */ talloc_zfree(service->sdap->uri); service->sdap->uri = new_uri; talloc_zfree(service->krb5_service->address); - service->krb5_service->address = address; + service->krb5_service->address = talloc_steal(service, address); ret = write_krb5info_file(service->krb5_service->realm, address, SSS_KRB5KDC_FO_SRV); @@ -599,6 +620,7 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server) DEBUG(2, ("write_krb5info_file failed, authentication might fail.\n")); } + talloc_free(tmp_ctx); } int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, |