From a0388dc52f5461f72f8221c9bb7c92008e1fe2c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= Date: Fri, 1 Feb 2013 12:17:47 +0100 Subject: [PATCH] subdomains: replace invalid characters with underscore in krb5 mapping file name https://fedorahosted.org/sssd/ticket/1795 Only alpha-numeric chars, dashes and underscores are allowed in krb5 include directory. --- src/providers/ipa/ipa_subdomains.c | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index ef6195d19de72be7fd2b12a309b33fcf20e0e3a1..f959c4e6eb1d830e3990f552c9f4cf962298ef48 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -287,22 +287,46 @@ ipa_subdomains_write_mappings(struct sss_domain_info *domain, errno_t err; TALLOC_CTX *tmp_ctx; const char *mapping_file; + char *sanitized_domain; char *tmp_file = NULL; int fd = -1; mode_t old_mode; FILE *fstream = NULL; size_t i; + if (domain == NULL || domain->name == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("No domain name provided\n")); + return EINVAL; + } + tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; + sanitized_domain = talloc_strdup(tmp_ctx, domain->name); + if (sanitized_domain == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup() failed\n")); + return ENOMEM; + } + + /* only alpha-numeric chars, dashes and underscores are allowed in + * krb5 include directory */ + for (i = 0; sanitized_domain[i] != '\0'; i++) { + if (!isalnum(sanitized_domain[i]) + && sanitized_domain[i] != '-' && sanitized_domain[i] != '_') { + sanitized_domain[i] = '_'; + } + } + mapping_file = talloc_asprintf(tmp_ctx, "%s/domain_realm_%s", - IPA_SUBDOMAIN_MAPPING_DIR, domain->name); + IPA_SUBDOMAIN_MAPPING_DIR, sanitized_domain); if (!mapping_file) { ret = ENOMEM; goto done; } + DEBUG(SSSDBG_FUNC_DATA, ("Mapping file for domain [%s] is [%s]\n", + domain->name, mapping_file)); + tmp_file = talloc_asprintf(tmp_ctx, "%sXXXXXX", mapping_file); if (tmp_file == NULL) { ret = ENOMEM; -- 1.7.11.7