From c7ed4e1efe8a08593ee5a1f0aefbcb0b88ec0e7d Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Thu, 14 Feb 2013 19:47:00 +0100
Subject: [PATCH] Do not write out dots in the domain-realm mapping file
 (#905650)

---
 ...ce-invalid-characters-with-underscor.patch | 69 +++++++++++++++++++
 sssd.spec                                     |  6 +-
 2 files changed, 74 insertions(+), 1 deletion(-)
 create mode 100644 0004-subdomains-replace-invalid-characters-with-underscor.patch

diff --git a/0004-subdomains-replace-invalid-characters-with-underscor.patch b/0004-subdomains-replace-invalid-characters-with-underscor.patch
new file mode 100644
index 0000000..c2564cc
--- /dev/null
+++ b/0004-subdomains-replace-invalid-characters-with-underscor.patch
@@ -0,0 +1,69 @@
+From a0388dc52f5461f72f8221c9bb7c92008e1fe2c5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
+Date: Fri, 1 Feb 2013 12:17:47 +0100
+Subject: [PATCH] subdomains: replace invalid characters with underscore in
+ krb5 mapping file name
+
+https://fedorahosted.org/sssd/ticket/1795
+
+Only alpha-numeric chars, dashes and underscores are allowed in
+krb5 include directory.
+---
+ src/providers/ipa/ipa_subdomains.c | 26 +++++++++++++++++++++++++-
+ 1 file changed, 25 insertions(+), 1 deletion(-)
+
+diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
+index ef6195d19de72be7fd2b12a309b33fcf20e0e3a1..f959c4e6eb1d830e3990f552c9f4cf962298ef48 100644
+--- a/src/providers/ipa/ipa_subdomains.c
++++ b/src/providers/ipa/ipa_subdomains.c
+@@ -287,22 +287,46 @@ ipa_subdomains_write_mappings(struct sss_domain_info *domain,
+     errno_t err;
+     TALLOC_CTX *tmp_ctx;
+     const char *mapping_file;
++    char *sanitized_domain;
+     char *tmp_file = NULL;
+     int fd = -1;
+     mode_t old_mode;
+     FILE *fstream = NULL;
+     size_t i;
+ 
++    if (domain == NULL || domain->name == NULL) {
++        DEBUG(SSSDBG_CRIT_FAILURE, ("No domain name provided\n"));
++        return EINVAL;
++    }
++
+     tmp_ctx = talloc_new(NULL);
+     if (!tmp_ctx) return ENOMEM;
+ 
++    sanitized_domain = talloc_strdup(tmp_ctx, domain->name);
++    if (sanitized_domain == NULL) {
++        DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup() failed\n"));
++        return ENOMEM;
++    }
++
++    /* only alpha-numeric chars, dashes and underscores are allowed in
++     * krb5 include directory */
++    for (i = 0; sanitized_domain[i] != '\0'; i++) {
++        if (!isalnum(sanitized_domain[i])
++                && sanitized_domain[i] != '-' && sanitized_domain[i] != '_') {
++            sanitized_domain[i] = '_';
++        }
++    }
++
+     mapping_file = talloc_asprintf(tmp_ctx, "%s/domain_realm_%s",
+-                                   IPA_SUBDOMAIN_MAPPING_DIR, domain->name);
++                                   IPA_SUBDOMAIN_MAPPING_DIR, sanitized_domain);
+     if (!mapping_file) {
+         ret = ENOMEM;
+         goto done;
+     }
+ 
++    DEBUG(SSSDBG_FUNC_DATA, ("Mapping file for domain [%s] is [%s]\n",
++                             domain->name, mapping_file));
++
+     tmp_file = talloc_asprintf(tmp_ctx, "%sXXXXXX", mapping_file);
+     if (tmp_file == NULL) {
+         ret = ENOMEM;
+-- 
+1.7.11.7
+
diff --git a/sssd.spec b/sssd.spec
index 7e8987d..6e3dde1 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -16,7 +16,7 @@
 
 Name: sssd
 Version: 1.9.4
-Release: 6%{?dist}
+Release: 7%{?dist}
 Group: Applications/System
 Summary: System Security Services Daemon
 License: GPLv3+
@@ -28,6 +28,7 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 Patch0001:  0001-krb-recreate-ccache-if-it-was-deleted.patch
 Patch0002:  0002-Don-t-use-srcdir-with-tests.patch
 Patch0003:  0003-krb5-include-backwards-compatible-declaration-of-krb.patch
+Patch0004:  0004-subdomains-replace-invalid-characters-with-underscor.patch
 
 Patch0501:  0501-FEDORA-Switch-the-default-ccache-location.patch
 
@@ -527,6 +528,9 @@ fi
 %postun -n libsss_sudo -p /sbin/ldconfig
 
 %changelog
+* Thu Feb 14 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-7
+- Do not write out dots in the domain-realm mapping file (#905650)
+
 * Mon Feb 11 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-6
 - Include upstream patch to build with krb5-1.11