Accepting request 785694 from home:scabrero:branches:network:ldap
- Fix dynamic DNS updates not using FQDN (bsc#1160587); Add 0001-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch OBS-URL: https://build.opensuse.org/request/show/785694 OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=231
This commit is contained in:
parent
69df5c74e6
commit
a37a1b4320
114
0001-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch
Normal file
114
0001-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch
Normal file
@ -0,0 +1,114 @@
|
|||||||
|
From 2143c7276c7603520e2575ef6c9d93a5fc031256 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Samuel Cabrero <scabrero@suse.de>
|
||||||
|
Date: Mon, 13 Jan 2020 13:52:34 +0100
|
||||||
|
Subject: [PATCH] AD: use getaddrinfo with AI_CANONNAME to find the FQDN
|
||||||
|
|
||||||
|
In systems where gethostbyname() does not return the FQDN try calling
|
||||||
|
getaddrinfo().
|
||||||
|
|
||||||
|
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
|
||||||
|
|
||||||
|
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
||||||
|
---
|
||||||
|
src/man/sssd-ad.5.xml | 14 ++++++------
|
||||||
|
src/providers/ad/ad_common.c | 42 ++++++++++++++++++++++++++++++++++++
|
||||||
|
2 files changed, 50 insertions(+), 6 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
|
||||||
|
index c30e5b9db..23e351fc0 100644
|
||||||
|
--- a/src/man/sssd-ad.5.xml
|
||||||
|
+++ b/src/man/sssd-ad.5.xml
|
||||||
|
@@ -193,15 +193,17 @@ ad_enabled_domains = sales.example.com, eng.example.com
|
||||||
|
<term>ad_hostname (string)</term>
|
||||||
|
<listitem>
|
||||||
|
<para>
|
||||||
|
- Optional. May be set on machines where the
|
||||||
|
- hostname(5) does not reflect the fully qualified
|
||||||
|
- name used in the Active Directory domain to
|
||||||
|
- identify this host.
|
||||||
|
+ Optional. On machines where the hostname(5) does
|
||||||
|
+ not reflect the fully qualified name, sssd will try
|
||||||
|
+ to expand the short name. If it is not possible or
|
||||||
|
+ the short name should be really used instead, set
|
||||||
|
+ this parameter explicitly.
|
||||||
|
</para>
|
||||||
|
<para>
|
||||||
|
This field is used to determine the host principal
|
||||||
|
- in use in the keytab. It must match the hostname
|
||||||
|
- for which the keytab was issued.
|
||||||
|
+ in use in the keytab and to perform dynamic DNS
|
||||||
|
+ updates. It must match the hostname for which the
|
||||||
|
+ keytab was issued.
|
||||||
|
</para>
|
||||||
|
</listitem>
|
||||||
|
</varlistentry>
|
||||||
|
diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
|
||||||
|
index 51300f5b2..e5fa83595 100644
|
||||||
|
--- a/src/providers/ad/ad_common.c
|
||||||
|
+++ b/src/providers/ad/ad_common.c
|
||||||
|
@@ -406,6 +406,34 @@ ad_create_1way_trust_options(TALLOC_CTX *mem_ctx,
|
||||||
|
return ad_options;
|
||||||
|
}
|
||||||
|
|
||||||
|
+static errno_t
|
||||||
|
+ad_try_to_get_fqdn(const char *hostname,
|
||||||
|
+ char *buf,
|
||||||
|
+ size_t buflen)
|
||||||
|
+{
|
||||||
|
+ int ret;
|
||||||
|
+ struct addrinfo *res;
|
||||||
|
+ struct addrinfo hints;
|
||||||
|
+
|
||||||
|
+ memset(&hints, 0, sizeof(struct addrinfo));
|
||||||
|
+ hints.ai_socktype = SOCK_DGRAM;
|
||||||
|
+ hints.ai_flags = AI_CANONNAME;
|
||||||
|
+
|
||||||
|
+ ret = getaddrinfo(hostname, NULL, &hints, &res);
|
||||||
|
+ if (ret != 0) {
|
||||||
|
+ DEBUG(SSSDBG_CRIT_FAILURE,
|
||||||
|
+ "getaddrinfo failed: %s\n",
|
||||||
|
+ gai_strerror(ret));
|
||||||
|
+ return ret;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ strncpy(buf, res->ai_canonname, buflen);
|
||||||
|
+
|
||||||
|
+ freeaddrinfo(res);
|
||||||
|
+
|
||||||
|
+ return EOK;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
errno_t
|
||||||
|
ad_get_common_options(TALLOC_CTX *mem_ctx,
|
||||||
|
struct confdb_ctx *cdb,
|
||||||
|
@@ -421,6 +449,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
|
||||||
|
char *realm;
|
||||||
|
char *ad_hostname;
|
||||||
|
char hostname[HOST_NAME_MAX + 1];
|
||||||
|
+ char fqdn[HOST_NAME_MAX + 1];
|
||||||
|
char *case_sensitive_opt;
|
||||||
|
const char *opt_override;
|
||||||
|
|
||||||
|
@@ -468,6 +497,19 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
hostname[HOST_NAME_MAX] = '\0';
|
||||||
|
+
|
||||||
|
+ if (strchr(hostname, '.') == NULL) {
|
||||||
|
+ ret = ad_try_to_get_fqdn(hostname, fqdn, sizeof(fqdn));
|
||||||
|
+ if (ret == EOK) {
|
||||||
|
+ DEBUG(SSSDBG_CONF_SETTINGS,
|
||||||
|
+ "The hostname [%s] has been expanded to FQDN [%s]. "
|
||||||
|
+ "If sssd should really use the short hostname, please "
|
||||||
|
+ "set ad_hostname explicitly.\n", hostname, fqdn);
|
||||||
|
+ strncpy(hostname, fqdn, sizeof(hostname));
|
||||||
|
+ hostname[HOST_NAME_MAX] = '\0';
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
DEBUG(SSSDBG_CONF_SETTINGS,
|
||||||
|
"Setting ad_hostname to [%s].\n", hostname);
|
||||||
|
ret = dp_opt_set_string(opts->basic, AD_HOSTNAME, hostname);
|
||||||
|
--
|
||||||
|
2.25.1
|
||||||
|
|
@ -1,3 +1,9 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Mar 16 16:44:23 UTC 2020 - Samuel Cabrero <scabrero@suse.de>
|
||||||
|
|
||||||
|
- Fix dynamic DNS updates not using FQDN (bsc#1160587); Add
|
||||||
|
0001-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sun Jan 19 23:54:34 UTC 2020 - Stefan Brüns <stefan.bruens@rwth-aachen.de>
|
Sun Jan 19 23:54:34 UTC 2020 - Stefan Brüns <stefan.bruens@rwth-aachen.de>
|
||||||
|
|
||||||
|
@ -32,6 +32,7 @@ Source5: %name.keyring
|
|||||||
Patch1: krb-noversion.diff
|
Patch1: krb-noversion.diff
|
||||||
Patch2: sssd-gpo_host_security_filter-2.2.2.patch
|
Patch2: sssd-gpo_host_security_filter-2.2.2.patch
|
||||||
Patch3: 0001-Resolve-computer-lookup-failure-when-sam-cn.patch
|
Patch3: 0001-Resolve-computer-lookup-failure-when-sam-cn.patch
|
||||||
|
Patch4: 0001-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch
|
||||||
BuildRoot: %_tmppath/%name-%version-build
|
BuildRoot: %_tmppath/%name-%version-build
|
||||||
|
|
||||||
%define servicename sssd
|
%define servicename sssd
|
||||||
|
Loading…
Reference in New Issue
Block a user