From a37a1b4320ad367f8674d38ec55e9f56aca8933b4905c25b2b547f8e70264f29 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 16 Mar 2020 18:49:22 +0000 Subject: [PATCH] Accepting request 785694 from home:scabrero:branches:network:ldap - Fix dynamic DNS updates not using FQDN (bsc#1160587); Add 0001-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch OBS-URL: https://build.opensuse.org/request/show/785694 OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=231 --- ...fo-with-AI_CANONNAME-to-find-the-FQD.patch | 114 ++++++++++++++++++ sssd.changes | 6 + sssd.spec | 1 + 3 files changed, 121 insertions(+) create mode 100644 0001-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch diff --git a/0001-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch b/0001-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch new file mode 100644 index 0000000..453996d --- /dev/null +++ b/0001-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch @@ -0,0 +1,114 @@ +From 2143c7276c7603520e2575ef6c9d93a5fc031256 Mon Sep 17 00:00:00 2001 +From: Samuel Cabrero +Date: Mon, 13 Jan 2020 13:52:34 +0100 +Subject: [PATCH] AD: use getaddrinfo with AI_CANONNAME to find the FQDN + +In systems where gethostbyname() does not return the FQDN try calling +getaddrinfo(). + +Signed-off-by: Samuel Cabrero + +Reviewed-by: Sumit Bose +--- + src/man/sssd-ad.5.xml | 14 ++++++------ + src/providers/ad/ad_common.c | 42 ++++++++++++++++++++++++++++++++++++ + 2 files changed, 50 insertions(+), 6 deletions(-) + +diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml +index c30e5b9db..23e351fc0 100644 +--- a/src/man/sssd-ad.5.xml ++++ b/src/man/sssd-ad.5.xml +@@ -193,15 +193,17 @@ ad_enabled_domains = sales.example.com, eng.example.com + ad_hostname (string) + + +- Optional. May be set on machines where the +- hostname(5) does not reflect the fully qualified +- name used in the Active Directory domain to +- identify this host. ++ Optional. On machines where the hostname(5) does ++ not reflect the fully qualified name, sssd will try ++ to expand the short name. If it is not possible or ++ the short name should be really used instead, set ++ this parameter explicitly. + + + This field is used to determine the host principal +- in use in the keytab. It must match the hostname +- for which the keytab was issued. ++ in use in the keytab and to perform dynamic DNS ++ updates. It must match the hostname for which the ++ keytab was issued. + + + +diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c +index 51300f5b2..e5fa83595 100644 +--- a/src/providers/ad/ad_common.c ++++ b/src/providers/ad/ad_common.c +@@ -406,6 +406,34 @@ ad_create_1way_trust_options(TALLOC_CTX *mem_ctx, + return ad_options; + } + ++static errno_t ++ad_try_to_get_fqdn(const char *hostname, ++ char *buf, ++ size_t buflen) ++{ ++ int ret; ++ struct addrinfo *res; ++ struct addrinfo hints; ++ ++ memset(&hints, 0, sizeof(struct addrinfo)); ++ hints.ai_socktype = SOCK_DGRAM; ++ hints.ai_flags = AI_CANONNAME; ++ ++ ret = getaddrinfo(hostname, NULL, &hints, &res); ++ if (ret != 0) { ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ "getaddrinfo failed: %s\n", ++ gai_strerror(ret)); ++ return ret; ++ } ++ ++ strncpy(buf, res->ai_canonname, buflen); ++ ++ freeaddrinfo(res); ++ ++ return EOK; ++} ++ + errno_t + ad_get_common_options(TALLOC_CTX *mem_ctx, + struct confdb_ctx *cdb, +@@ -421,6 +449,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, + char *realm; + char *ad_hostname; + char hostname[HOST_NAME_MAX + 1]; ++ char fqdn[HOST_NAME_MAX + 1]; + char *case_sensitive_opt; + const char *opt_override; + +@@ -468,6 +497,19 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, + goto done; + } + hostname[HOST_NAME_MAX] = '\0'; ++ ++ if (strchr(hostname, '.') == NULL) { ++ ret = ad_try_to_get_fqdn(hostname, fqdn, sizeof(fqdn)); ++ if (ret == EOK) { ++ DEBUG(SSSDBG_CONF_SETTINGS, ++ "The hostname [%s] has been expanded to FQDN [%s]. " ++ "If sssd should really use the short hostname, please " ++ "set ad_hostname explicitly.\n", hostname, fqdn); ++ strncpy(hostname, fqdn, sizeof(hostname)); ++ hostname[HOST_NAME_MAX] = '\0'; ++ } ++ } ++ + DEBUG(SSSDBG_CONF_SETTINGS, + "Setting ad_hostname to [%s].\n", hostname); + ret = dp_opt_set_string(opts->basic, AD_HOSTNAME, hostname); +-- +2.25.1 + diff --git a/sssd.changes b/sssd.changes index 0a2683c..91d0cac 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Mar 16 16:44:23 UTC 2020 - Samuel Cabrero + +- Fix dynamic DNS updates not using FQDN (bsc#1160587); Add + 0001-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch + ------------------------------------------------------------------- Sun Jan 19 23:54:34 UTC 2020 - Stefan BrĂ¼ns diff --git a/sssd.spec b/sssd.spec index 1691dcb..3d1f602 100644 --- a/sssd.spec +++ b/sssd.spec @@ -32,6 +32,7 @@ Source5: %name.keyring Patch1: krb-noversion.diff Patch2: sssd-gpo_host_security_filter-2.2.2.patch Patch3: 0001-Resolve-computer-lookup-failure-when-sam-cn.patch +Patch4: 0001-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch BuildRoot: %_tmppath/%name-%version-build %define servicename sssd