SHA256
1
0
forked from pool/sssd

Accepting request 785694 from home:scabrero:branches:network:ldap

- Fix dynamic DNS updates not using FQDN (bsc#1160587); Add
  0001-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch

OBS-URL: https://build.opensuse.org/request/show/785694
OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=231
This commit is contained in:
Jan Engelhardt 2020-03-16 18:49:22 +00:00 committed by Git OBS Bridge
parent 69df5c74e6
commit a37a1b4320
3 changed files with 121 additions and 0 deletions

View File

@ -0,0 +1,114 @@
From 2143c7276c7603520e2575ef6c9d93a5fc031256 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero@suse.de>
Date: Mon, 13 Jan 2020 13:52:34 +0100
Subject: [PATCH] AD: use getaddrinfo with AI_CANONNAME to find the FQDN
In systems where gethostbyname() does not return the FQDN try calling
getaddrinfo().
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Sumit Bose <sbose@redhat.com>
---
src/man/sssd-ad.5.xml | 14 ++++++------
src/providers/ad/ad_common.c | 42 ++++++++++++++++++++++++++++++++++++
2 files changed, 50 insertions(+), 6 deletions(-)
diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
index c30e5b9db..23e351fc0 100644
--- a/src/man/sssd-ad.5.xml
+++ b/src/man/sssd-ad.5.xml
@@ -193,15 +193,17 @@ ad_enabled_domains = sales.example.com, eng.example.com
<term>ad_hostname (string)</term>
<listitem>
<para>
- Optional. May be set on machines where the
- hostname(5) does not reflect the fully qualified
- name used in the Active Directory domain to
- identify this host.
+ Optional. On machines where the hostname(5) does
+ not reflect the fully qualified name, sssd will try
+ to expand the short name. If it is not possible or
+ the short name should be really used instead, set
+ this parameter explicitly.
</para>
<para>
This field is used to determine the host principal
- in use in the keytab. It must match the hostname
- for which the keytab was issued.
+ in use in the keytab and to perform dynamic DNS
+ updates. It must match the hostname for which the
+ keytab was issued.
</para>
</listitem>
</varlistentry>
diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
index 51300f5b2..e5fa83595 100644
--- a/src/providers/ad/ad_common.c
+++ b/src/providers/ad/ad_common.c
@@ -406,6 +406,34 @@ ad_create_1way_trust_options(TALLOC_CTX *mem_ctx,
return ad_options;
}
+static errno_t
+ad_try_to_get_fqdn(const char *hostname,
+ char *buf,
+ size_t buflen)
+{
+ int ret;
+ struct addrinfo *res;
+ struct addrinfo hints;
+
+ memset(&hints, 0, sizeof(struct addrinfo));
+ hints.ai_socktype = SOCK_DGRAM;
+ hints.ai_flags = AI_CANONNAME;
+
+ ret = getaddrinfo(hostname, NULL, &hints, &res);
+ if (ret != 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "getaddrinfo failed: %s\n",
+ gai_strerror(ret));
+ return ret;
+ }
+
+ strncpy(buf, res->ai_canonname, buflen);
+
+ freeaddrinfo(res);
+
+ return EOK;
+}
+
errno_t
ad_get_common_options(TALLOC_CTX *mem_ctx,
struct confdb_ctx *cdb,
@@ -421,6 +449,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
char *realm;
char *ad_hostname;
char hostname[HOST_NAME_MAX + 1];
+ char fqdn[HOST_NAME_MAX + 1];
char *case_sensitive_opt;
const char *opt_override;
@@ -468,6 +497,19 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
goto done;
}
hostname[HOST_NAME_MAX] = '\0';
+
+ if (strchr(hostname, '.') == NULL) {
+ ret = ad_try_to_get_fqdn(hostname, fqdn, sizeof(fqdn));
+ if (ret == EOK) {
+ DEBUG(SSSDBG_CONF_SETTINGS,
+ "The hostname [%s] has been expanded to FQDN [%s]. "
+ "If sssd should really use the short hostname, please "
+ "set ad_hostname explicitly.\n", hostname, fqdn);
+ strncpy(hostname, fqdn, sizeof(hostname));
+ hostname[HOST_NAME_MAX] = '\0';
+ }
+ }
+
DEBUG(SSSDBG_CONF_SETTINGS,
"Setting ad_hostname to [%s].\n", hostname);
ret = dp_opt_set_string(opts->basic, AD_HOSTNAME, hostname);
--
2.25.1

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Mon Mar 16 16:44:23 UTC 2020 - Samuel Cabrero <scabrero@suse.de>
- Fix dynamic DNS updates not using FQDN (bsc#1160587); Add
0001-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Jan 19 23:54:34 UTC 2020 - Stefan Brüns <stefan.bruens@rwth-aachen.de> Sun Jan 19 23:54:34 UTC 2020 - Stefan Brüns <stefan.bruens@rwth-aachen.de>

View File

@ -32,6 +32,7 @@ Source5: %name.keyring
Patch1: krb-noversion.diff Patch1: krb-noversion.diff
Patch2: sssd-gpo_host_security_filter-2.2.2.patch Patch2: sssd-gpo_host_security_filter-2.2.2.patch
Patch3: 0001-Resolve-computer-lookup-failure-when-sam-cn.patch Patch3: 0001-Resolve-computer-lookup-failure-when-sam-cn.patch
Patch4: 0001-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch
BuildRoot: %_tmppath/%name-%version-build BuildRoot: %_tmppath/%name-%version-build
%define servicename sssd %define servicename sssd