From 807402e4e9ac43d0fe7a7533698102a74e23844b Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Fri, 27 May 2011 11:44:16 +0200
Subject: Properly support IPv6 in LDAP URIs for IPA and LDAP providers

Add utility function to return IP address as string

Add a utility function to escape IPv6 address for use in URIs

Use escaped IP addresses in LDAP provider

Escape IPv6 IP addresses in the IPA provider

https://fedorahosted.org/sssd/ticket/880

Fix bad merge

We merged in a patch, but missed that it missed a dependency added
by another earlier patch.
---
 src/providers/ipa/ipa_common.c | 32 ++++++++++++++++++++++++--------
 1 file changed, 24 insertions(+), 8 deletions(-)

(limited to 'src/providers/ipa/ipa_common.c')

diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index 7d7f0466..1a81bea7 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -555,15 +555,24 @@ done:
 
 static void ipa_resolve_callback(void *private_data, struct fo_server *server)
 {
+    TALLOC_CTX *tmp_ctx = NULL;
     struct ipa_service *service;
     struct hostent *srvaddr;
     char *address;
+    const char *safe_address;
     char *new_uri;
     int ret;
 
+    tmp_ctx = talloc_new(NULL);
+    if (tmp_ctx == NULL) {
+        DEBUG(1, ("talloc_new failed\n"));
+        return;
+    }
+
     service = talloc_get_type(private_data, struct ipa_service);
     if (!service) {
         DEBUG(1, ("FATAL: Bad private_data\n"));
+        talloc_free(tmp_ctx);
         return;
     }
 
@@ -571,33 +580,39 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server)
     if (!srvaddr) {
         DEBUG(1, ("FATAL: No hostent available for server (%s)\n",
                   fo_get_server_name(server)));
+        talloc_free(tmp_ctx);
         return;
     }
 
-    address = talloc_zero_size(service, 128);
+    address = resolv_get_string_address(tmp_ctx, srvaddr);
     if (address == NULL) {
-        DEBUG(1, ("talloc_zero failed.\n"));
+        DEBUG(1, ("resolv_get_string_address failed.\n"));
+        talloc_free(tmp_ctx);
         return;
     }
 
-    if (inet_ntop(srvaddr->h_addrtype, srvaddr->h_addr_list[0],
-                  address, 128) == NULL) {
-        DEBUG(1, ("inet_ntop failed [%d][%s].\n", errno, strerror(errno)));
+    safe_address = sss_ldap_escape_ip_address(tmp_ctx,
+                                              srvaddr->h_addrtype,
+                                              address);
+    if (safe_address == NULL) {
+        DEBUG(1, ("sss_ldap_escape_ip_address failed.\n"));
+        talloc_free(tmp_ctx);
         return;
     }
 
-    new_uri = talloc_asprintf(service, "ldap://%s", address);
+    new_uri = talloc_asprintf(service, "ldap://%s", safe_address);
     if (!new_uri) {
         DEBUG(2, ("Failed to copy URI ...\n"));
-        talloc_free(address);
+        talloc_free(tmp_ctx);
         return;
     }
+    DEBUG(6, ("Constructed uri '%s'\n", new_uri));
 
     /* free old one and replace with new one */
     talloc_zfree(service->sdap->uri);
     service->sdap->uri = new_uri;
     talloc_zfree(service->krb5_service->address);
-    service->krb5_service->address = address;
+    service->krb5_service->address = talloc_steal(service, address);
 
     ret = write_krb5info_file(service->krb5_service->realm, address,
                               SSS_KRB5KDC_FO_SRV);
@@ -605,6 +620,7 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server)
         DEBUG(2, ("write_krb5info_file failed, authentication might fail.\n"));
     }
 
+    talloc_free(tmp_ctx);
 }
 
 int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
-- 
cgit