summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2011-05-27 12:44:19 +0200
committerStephen Gallagher <sgallagh@redhat.com>2011-06-02 14:07:45 -0400
commit65d6947bc1f6bbe59c95ff3120b435a8acccc1d3 (patch)
treed7718573a13c6bf60567d840ec09f9b96dd36a35 /src
parentf8202685c80ca49734d554999062c58f4f470c37 (diff)
downloadsssd-65d6947bc1f6bbe59c95ff3120b435a8acccc1d3.tar.gz
sssd-65d6947bc1f6bbe59c95ff3120b435a8acccc1d3.tar.xz
sssd-65d6947bc1f6bbe59c95ff3120b435a8acccc1d3.zip
Use escaped IP addresses in LDAP provider
Diffstat (limited to 'src')
-rw-r--r--src/providers/ldap/ldap_common.c62
1 files changed, 56 insertions, 6 deletions
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 5c5958380..453e7d762 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -531,35 +531,84 @@ int sdap_id_setup_tasks(struct sdap_id_ctx *ctx)
static void sdap_uri_callback(void *private_data, struct fo_server *server)
{
+ TALLOC_CTX *tmp_ctx = NULL;
struct sdap_service *service;
+ struct hostent *srvaddr;
+ char *address;
+ const char *safe_address;
const char *tmp;
char *new_uri;
+ LDAPURLDesc *lud;
+ int ret;
+
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ DEBUG(1, ("talloc_new failed\n"));
+ return;
+ }
service = talloc_get_type(private_data, struct sdap_service);
- if (!service) return;
+ if (!service) {
+ talloc_free(tmp_ctx);
+ return;
+ }
tmp = (const char *)fo_get_server_user_data(server);
+ srvaddr = fo_get_server_hostent(server);
+ if (!srvaddr) {
+ DEBUG(1, ("FATAL: No hostent available for server (%s)\n",
+ fo_get_server_name(server)));
+ talloc_free(tmp_ctx);
+ return;
+ }
+
+ address = resolv_get_string_address(tmp_ctx, srvaddr);
+ if (address == NULL) {
+ DEBUG(1, ("resolv_get_string_address failed.\n"));
+ talloc_free(tmp_ctx);
+ return;
+ }
+
+ safe_address = sss_ldap_escape_ip_address(tmp_ctx,
+ srvaddr->h_addrtype,
+ address);
+ talloc_zfree(address);
+ if (safe_address == NULL) {
+ DEBUG(1, ("sss_ldap_escape_ip_address failed.\n"));
+ talloc_free(tmp_ctx);
+ return;
+ }
+
if (fo_is_srv_lookup(server)) {
if (!tmp) {
DEBUG(1, ("Unknown service, using ldap\n"));
tmp = SSS_LDAP_SRV_NAME;
}
new_uri = talloc_asprintf(service, "%s://%s:%d",
- tmp,
- fo_get_server_name(server),
+ tmp, safe_address,
fo_get_server_port(server));
} else {
if (tmp && ldap_is_ldap_url(tmp)) {
- new_uri = talloc_strdup(service, tmp);
+ ret = ldap_url_parse(tmp, &lud);
+ if (ret != LDAP_SUCCESS) {
+ DEBUG(0, ("Failed to parse ldap URI (%s)!\n", tmp));
+ talloc_free(tmp_ctx);
+ return;
+ }
+ new_uri = talloc_asprintf(service, "%s://%s:%d",
+ lud->lud_scheme,
+ safe_address,
+ fo_get_server_port(server));
+ ldap_free_urldesc(lud);
} else {
- new_uri = talloc_asprintf(service, "ldap://%s",
- fo_get_server_name(server));
+ new_uri = talloc_asprintf(service, "ldap://%s", safe_address);
}
}
if (!new_uri) {
DEBUG(2, ("Failed to copy URI ...\n"));
+ talloc_free(tmp_ctx);
return;
}
@@ -568,6 +617,7 @@ static void sdap_uri_callback(void *private_data, struct fo_server *server)
/* free old one and replace with new one */
talloc_zfree(service->uri);
service->uri = new_uri;
+ talloc_free(tmp_ctx);
}
static void sdap_finalize(struct tevent_context *ev,