Bug 89207

Summary: Strictly validate info destined for config files
Product: realmd Reporter: Stef Walter <stefw>
Component: realmdAssignee: Stef Walter <stefw>
Status: RESOLVED FIXED QA Contact: yelley
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Stef Walter 2015-02-18 14:38:02 UTC 
realmd configures sssd.conf and smb.conf. No data that was retrieved before join (and the point where mutual trust, sealing is established) should be used when configuring sssd.conf and/or smb.conf.

Such data should be retrieved again. I need to check exactly which fields this affects.
Comment 1 Stef Walter 2015-04-14 09:25:34 UTC 
After discussing this further, due to the mutual trust inherent in the keytab, we need to make sure that the configuration fields do not contain invalid characters, and are properly parseable. We'll do this in two ways, restricting input from LDAP, and cleaning output to sssd.conf.
Comment 2 Stef Walter 2015-04-14 09:30:02 UTC 
Values output to samba.conf and sssd.conf is already clean of newlines, which are the problematic character here.
Comment 3 Stef Walter 2015-04-14 09:45:20 UTC 
Fixed with these commits:

commit 6d5ac47cc22c273a55bea89dffbe537a3c86ad2c
Author: Stef Walter <stefw@redhat.com>
Date:   Tue Apr 14 11:30:53 2015 +0200

    service: Limit the characters we read from LDAP
    
    We strictly limit this to characters expected in domain names.

commit 502980a8a17eddb5fe3d16bcad229a6d0ba11065
Author: Stef Walter <stefw@redhat.com>
Date:   Sat Apr 11 13:29:40 2015 +0200

    service: Only accept specific characters when parsing MSCLDAP response
    
    This provides an extra layer of protection against injecting
    odd characters into configuration files.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.