Escaping the IPv6 address with "[" and "]" makes it compliant with RFC2732 and allows the URI to be parsed with libldap routines.
On Thu, 2011-05-26 at 18:02 +0200, Jakub Hrozek wrote:
Escaping the IPv6 address with "[" and "]" makes it compliant with RFC2732 and allows the URI to be parsed with libldap routines.
Nack.
This fix is incomplete. It's a bug that the LDAP provider does not encode the IP address as returned by the failover resolution. The sdap_uri_callback() routine should be creating the new_uri with the returned address and escaping IPv6.
On 05/26/2011 06:46 PM, Stephen Gallagher wrote:
On Thu, 2011-05-26 at 18:02 +0200, Jakub Hrozek wrote:
Escaping the IPv6 address with "[" and "]" makes it compliant with RFC2732 and allows the URI to be parsed with libldap routines.
Nack.
This fix is incomplete. It's a bug that the LDAP provider does not encode the IP address as returned by the failover resolution. The sdap_uri_callback() routine should be creating the new_uri with the returned address and escaping IPv6.
Attached are patches that deal with both providers:
[PATCH 1/4] Add utility function to return IP address as string Removes code duplication we had between Kerberos and IPA providers and would have in the LDAP provider
[PATCH 2/4] Add a utility function to escape IPv6 address for use in URIs A utility function that would be used later on
[PATCH 3/4] Use escaped IP addresses in LDAP provider Instead of hostname, construct the URI based on IP address, escaped if needed. When a URI is passed in, we break it down and reconstruct it with address.
[PATCH 4/4] Escape IPv6 IP addresses in the IPA provider https://fedorahosted.org/sssd/ticket/880
On Fri, 2011-05-27 at 13:38 +0200, Jakub Hrozek wrote:
On 05/26/2011 06:46 PM, Stephen Gallagher wrote:
On Thu, 2011-05-26 at 18:02 +0200, Jakub Hrozek wrote:
Escaping the IPv6 address with "[" and "]" makes it compliant with RFC2732 and allows the URI to be parsed with libldap routines.
Nack.
This fix is incomplete. It's a bug that the LDAP provider does not encode the IP address as returned by the failover resolution. The sdap_uri_callback() routine should be creating the new_uri with the returned address and escaping IPv6.
Attached are patches that deal with both providers:
[PATCH 1/4] Add utility function to return IP address as string Removes code duplication we had between Kerberos and IPA providers and would have in the LDAP provider
Ack
[PATCH 2/4] Add a utility function to escape IPv6 address for use in URIs A utility function that would be used later on
Ack
[PATCH 3/4] Use escaped IP addresses in LDAP provider Instead of hostname, construct the URI based on IP address, escaped if needed. When a URI is passed in, we break it down and reconstruct it with address.
Ack
[PATCH 4/4] Escape IPv6 IP addresses in the IPA provider https://fedorahosted.org/sssd/ticket/880
Ack
On Thu, 2011-06-02 at 13:41 -0400, Stephen Gallagher wrote:
On Fri, 2011-05-27 at 13:38 +0200, Jakub Hrozek wrote:
On 05/26/2011 06:46 PM, Stephen Gallagher wrote:
On Thu, 2011-05-26 at 18:02 +0200, Jakub Hrozek wrote:
Escaping the IPv6 address with "[" and "]" makes it compliant with RFC2732 and allows the URI to be parsed with libldap routines.
Nack.
This fix is incomplete. It's a bug that the LDAP provider does not encode the IP address as returned by the failover resolution. The sdap_uri_callback() routine should be creating the new_uri with the returned address and escaping IPv6.
Attached are patches that deal with both providers:
[PATCH 1/4] Add utility function to return IP address as string Removes code duplication we had between Kerberos and IPA providers and would have in the LDAP provider
Ack
[PATCH 2/4] Add a utility function to escape IPv6 address for use in URIs A utility function that would be used later on
Ack
[PATCH 3/4] Use escaped IP addresses in LDAP provider Instead of hostname, construct the URI based on IP address, escaped if needed. When a URI is passed in, we break it down and reconstruct it with address.
Ack
[PATCH 4/4] Escape IPv6 IP addresses in the IPA provider https://fedorahosted.org/sssd/ticket/880
Ack
Pushed to master and sssd-1-5.
sssd-devel@lists.fedorahosted.org
-
Jakub Hrozek -
Stephen Gallagher