From 73f452058c8ac83117cb86c12d4d266c8caccc57 Mon Sep 17 00:00:00 2001

From: Jakub Hrozek <jhrozek@redhat.com>

Date: Tue, 26 Jun 2018 10:35:15 +0200

Subject: [PATCH] KRB5: Allow writing multiple addresses to the kdcinfo plugin

Turns the previous write_krb5info_file() function into a static function

that writes whatever input it recevies. Adds a wrapper around it that

accepts a list of strings, turns that into a newline-separated string

which is then passed to the original function.

Related:

https://pagure.io/SSSD/sssd/issue/3291

Reviewed-by: Sumit Bose <sbose@redhat.com>

(cherry picked from commit 8971399c872c21769d5c62cf753c5f9df4caf8cb)

---

 src/providers/ad/ad_common.c     | 12 ++---

 src/providers/ipa/ipa_common.c   |  8 ++--

 src/providers/krb5/krb5_common.c | 75 +++++++++++++++++++++++++-------

 src/providers/krb5/krb5_common.h |  2 +-

 4 files changed, 70 insertions(+), 27 deletions(-)

diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c

index b103410e5915a380d0404e18da869517e4d4e355..eaf0814f1aaf51a5085e992efa633240f32c498e 100644

--- a/src/providers/ad/ad_common.c

+++ b/src/providers/ad/ad_common.c

@@ -848,7 +848,7 @@ ad_resolve_callback(void *private_data, struct fo_server *server)

     struct resolv_hostent *srvaddr;

     struct sockaddr_storage *sockaddr;

     char *address;

-    const char *safe_address;

+    char *safe_addr_list[2] = { NULL, NULL };

     char *new_uri;

     int new_port;

     const char *srv_name;

@@ -957,17 +957,17 @@ ad_resolve_callback(void *private_data, struct fo_server *server)

     if ((sdata == NULL || sdata->gc == false) &&

         service->krb5_service->write_kdcinfo) {

         /* Write krb5 info files */

-        safe_address = sss_escape_ip_address(tmp_ctx,

-                                            srvaddr->family,

-                                            address);

-        if (safe_address == NULL) {

+        safe_addr_list[0] = sss_escape_ip_address(tmp_ctx,

+                                                  srvaddr->family,

+                                                  address);

+        if (safe_addr_list[0] == NULL) {

             DEBUG(SSSDBG_CRIT_FAILURE, "sss_escape_ip_address failed.\n");

             ret = ENOMEM;

             goto done;

         }

         ret = write_krb5info_file(service->krb5_service,

-                                  safe_address,

+                                  safe_addr_list,

                                   SSS_KRB5KDC_FO_SRV);

         if (ret != EOK) {

             DEBUG(SSSDBG_MINOR_FAILURE,

diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c

index 5808513bfd570c43bc1712114aabba5749ba0fec..0614019764287e5114aa8b8b5c670b717732068b 100644

--- a/src/providers/ipa/ipa_common.c

+++ b/src/providers/ipa/ipa_common.c

@@ -766,7 +766,7 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server)

     struct resolv_hostent *srvaddr;

     struct sockaddr_storage *sockaddr;

     char *address;

-    const char *safe_address;

+    char *safe_addr_list[2] = { NULL, NULL };

     char *new_uri;

     const char *srv_name;

     int ret;

@@ -829,17 +829,17 @@ static void ipa_resolve_callback(void *private_data, struct fo_server *server)

     service->sdap->sockaddr = talloc_steal(service, sockaddr);

     if (service->krb5_service->write_kdcinfo) {

-        safe_address = sss_escape_ip_address(tmp_ctx,

+        safe_addr_list[0] = sss_escape_ip_address(tmp_ctx,

                                              srvaddr->family,

                                              address);

-        if (safe_address == NULL) {

+        if (safe_addr_list[0] == NULL) {

             DEBUG(SSSDBG_CRIT_FAILURE, "sss_escape_ip_address failed.\n");

             talloc_free(tmp_ctx);

             return;

         }

         ret = write_krb5info_file(service->krb5_service,

-                                  safe_address,

+                                  safe_addr_list,

                                   SSS_KRB5KDC_FO_SRV);

         if (ret != EOK) {

             DEBUG(SSSDBG_OP_FAILURE,

diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c

index 2a50dfec55c29b8d7f8b8751c904977c22aa906a..2b003e1642b449e8db20ba4259ba13273e21212f 100644

--- a/src/providers/krb5/krb5_common.c

+++ b/src/providers/krb5/krb5_common.c

@@ -466,10 +466,9 @@ done:

     return ret;

 }

-

-errno_t write_krb5info_file(struct krb5_service *krb5_service,

-                            const char *server,

-                            const char *service)

+static errno_t write_krb5info_file_contents(struct krb5_service *krb5_service,

+                                            const char *contents,

+                                            const char *service)

 {

     int ret;

     int fd = -1;

@@ -482,7 +481,7 @@ errno_t write_krb5info_file(struct krb5_service *krb5_service,

     if (krb5_service == NULL || krb5_service->realm == NULL

                              || *krb5_service->realm == '\0'

-                             || server == NULL || *server == '\0'

+                             || contents == NULL || *contents == '\0'

                              || service == NULL || *service == '\0') {

         DEBUG(SSSDBG_CRIT_FAILURE,

               "Missing or empty realm, server or service.\n");

@@ -505,7 +504,7 @@ errno_t write_krb5info_file(struct krb5_service *krb5_service,

         return EINVAL;

     }

-    server_len = strlen(server);

+    server_len = strlen(contents);

     tmp_ctx = talloc_new(NULL);

     if (tmp_ctx == NULL) {

@@ -535,7 +534,7 @@ errno_t write_krb5info_file(struct krb5_service *krb5_service,

     }

     errno = 0;

-    written = sss_atomic_write_s(fd, discard_const(server), server_len);

+    written = sss_atomic_write_s(fd, discard_const(contents), server_len);

     if (written == -1) {

         ret = errno;

         DEBUG(SSSDBG_CRIT_FAILURE,

@@ -592,12 +591,56 @@ done:

     return ret;

 }

+errno_t write_krb5info_file(struct krb5_service *krb5_service,

+                            char **server_list,

+                            const char *service)

+{

+    int i;

+    errno_t ret;

+    TALLOC_CTX *tmp_ctx = NULL;

+    char *contents = NULL;

+

+    if (krb5_service == NULL || server_list == NULL || service == NULL) {

+        return EINVAL;

+    }

+

+    if (server_list[0] == NULL) {

+        return EOK;

+    }

+

+    tmp_ctx = talloc_new(NULL);

+    if (tmp_ctx == NULL) {

+        return ENOMEM;

+    }

+

+    contents = talloc_strdup(tmp_ctx, "");

+    if (contents == NULL) {

+        ret = ENOMEM;

+        goto done;

+    }

+

+    i = 0;

+    do {

+        contents = talloc_asprintf_append(contents, "%s\n", server_list[i]);

+        if (contents == NULL) {

+            ret = ENOMEM;

+            goto done;

+        }

+        i++;

+    } while (server_list[i] != NULL);

+

+    ret = write_krb5info_file_contents(krb5_service, contents, service);

+done:

+    talloc_free(tmp_ctx);

+    return ret;

+}

+

 static void krb5_resolve_callback(void *private_data, struct fo_server *server)

 {

     struct krb5_service *krb5_service;

     struct resolv_hostent *srvaddr;

     char *address;

-    char *safe_address;

+    char *safe_addr_list[2] = { NULL, NULL };

     int ret;

     TALLOC_CTX *tmp_ctx = NULL;

@@ -630,26 +673,26 @@ static void krb5_resolve_callback(void *private_data, struct fo_server *server)

         return;

     }

-    safe_address = sss_escape_ip_address(tmp_ctx,

-                                         srvaddr->family,

-                                         address);

-    if (safe_address == NULL) {

+    safe_addr_list[0] = sss_escape_ip_address(tmp_ctx,

+                                              srvaddr->family,

+                                              address);

+    if (safe_addr_list[0] == NULL) {

         DEBUG(SSSDBG_CRIT_FAILURE, "sss_escape_ip_address failed.\n");

         talloc_free(tmp_ctx);

         return;

     }

     if (krb5_service->write_kdcinfo) {

-        safe_address = talloc_asprintf_append(safe_address, ":%d",

-                                            fo_get_server_port(server));

-        if (safe_address == NULL) {

+        safe_addr_list[0] = talloc_asprintf_append(safe_addr_list[0], ":%d",

+                                                   fo_get_server_port(server));

+        if (safe_addr_list[0] == NULL) {

             DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n");

             talloc_free(tmp_ctx);

             return;

         }

         ret = write_krb5info_file(krb5_service,

-                                  safe_address,

+                                  safe_addr_list,

                                   krb5_service->name);

         if (ret != EOK) {

             DEBUG(SSSDBG_OP_FAILURE,

diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h

index 1c12d5652ccef7e1738177eedad1c9de543916b7..bf36a551a92877ec838d8d3a041903144f22bc8f 100644

--- a/src/providers/krb5/krb5_common.h

+++ b/src/providers/krb5/krb5_common.h

@@ -161,7 +161,7 @@ errno_t sss_krb5_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb,

                              const char *conf_path, struct dp_option **_opts);

 errno_t write_krb5info_file(struct krb5_service *krb5_service,

-                            const char *server,

+                            char **server_list,

                             const char *service);

 struct krb5_service *krb5_service_new(TALLOC_CTX *mem_ctx,

-- 

2.17.1