[SSSD] [sssd PR#5283][synchronized] Add dyndns_auth_ptr support

[joakim-tjernlund]

   URL: https://github.com/SSSD/sssd/pull/5283
Author: joakim-tjernlund
 Title: #5283: Add dyndns_auth_ptr support
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5283/head:pr5283
git checkout pr5283
From 6976ca75830175e08c9fd975fb0c27b4b203c711 Mon Sep 17 00:00:00 2001
From: Joakim Tjernlund 
Date: Sat, 15 Aug 2020 11:47:42 +0200
Subject: [PATCH] Add dyndns_auth_ptr support

Allows to specify auth method for DNS PTR updates.
Default to same as dyndns_auth.

Resolves: https://github.com/SSSD/sssd/issues/5274
---
 src/config/cfg_rules.ini |  1 +
 src/man/sssd-ad.5.xml| 15 +++
 src/man/sssd-ipa.5.xml   | 15 +++
 src/providers/ad/ad_dyndns.c |  1 +
 src/providers/ad/ad_opts.c   |  1 +
 src/providers/be_dyndns.c| 13 +
 src/providers/be_dyndns.h|  2 ++
 src/providers/ipa/ipa_dyndns.c   |  1 +
 src/providers/ipa/ipa_opts.c |  1 +
 src/providers/ldap/sdap_dyndns.c |  5 -
 src/providers/ldap/sdap_dyndns.h |  1 +
 11 files changed, 55 insertions(+), 1 deletion(-)

diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index 2874ea048b..6347024278 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -421,6 +421,7 @@ option = dyndns_refresh_interval
 option = dyndns_update_ptr
 option = dyndns_force_tcp
 option = dyndns_auth
+option = dyndns_auth_ptr
 option = dyndns_server
 
 # files provider specific options
diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
index 5c2f465462..e4712e26d9 100644
--- a/src/man/sssd-ad.5.xml
+++ b/src/man/sssd-ad.5.xml
@@ -1165,6 +1165,21 @@ ad_gpo_map_deny = +my_pam_service
 
 
 
+
+dyndns_auth_ptr (string)
+
+
+Whether the nsupdate utility should use GSS-TSIG
+authentication for secure PTR updates with the DNS
+server, insecure updates can be sent by setting
+this option to 'none'.
+
+
+Default: Same as dyndns_auth
+
+
+
+
 
 dyndns_server (string)
 
diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml
index 0de866740a..7b630493da 100644
--- a/src/man/sssd-ipa.5.xml
+++ b/src/man/sssd-ipa.5.xml
@@ -214,6 +214,21 @@
 
 
 
+
+dyndns_auth_ptr (string)
+
+
+Whether the nsupdate utility should use GSS-TSIG
+authentication for secure PTR updates with the DNS
+server, insecure updates can be sent by setting
+this option to 'none'.
+
+
+Default: Same as dyndns_auth
+
+
+
+
 
 ipa_enable_dns_sites (boolean)
 
diff --git a/src/providers/ad/ad_dyndns.c b/src/providers/ad/ad_dyndns.c
index 00e1d253ae..71ef16c0b5 100644
--- a/src/providers/ad/ad_dyndns.c
+++ b/src/providers/ad/ad_dyndns.c
@@ -238,6 +238,7 @@ static void ad_dyndns_update_connect_done(struct tevent_req *subreq)
  ctx->dyndns_ctx->opts,
  sdap_ctx,
  ctx->dyndns_ctx->auth_type,
+ ctx->dyndns_ctx->auth_ptr_type,
  dp_opt_get_string(ctx->dyndns_ctx->opts,
DP_OPT_DYNDNS_IFACE),
  dp_opt_get_string(ctx->basic,
diff --git a/src/providers/ad/ad_opts.c b/src/providers/ad/ad_opts.c
index 25b1367731..b61de2838e 100644
--- a/src/providers/ad/ad_opts.c
+++ b/src/providers/ad/ad_opts.c
@@ -309,6 +309,7 @@ struct dp_option ad_dyndns_opts[] = {
 { "dyndns_update_ptr", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
 { "dyndns_force_tcp", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
 { "dyndns_auth", DP_OPT_STRING, { "gss-tsig" }, NULL_STRING },
+{ "dyndns_auth_ptr", DP_OPT_STRING, NULL_STRING, NULL_STRING },
 { "dyndns_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },
 DP_OPTION_TERMINATOR
 };
diff --git a/src/providers/be_dyndns.c b/src/providers/be_dyndns.c
index 54f3cc08a3..2de3b11bb7 100644
--- a/src/providers/be_dyndns.c
+++ b/src/providers/be_dyndns.c
@@ -1217,6 +1217,7 @@ static struct dp_option default_dyndns_opts[] = {
 { "dyndns_update_ptr", DP_OPT_BOOL, BOOL_TRUE, BOOL_FALSE },
 { "dyndns_force_tcp", DP_OPT_BOOL, 

[SSSD] [sssd PR#5283][synchronized] Add dyndns_auth_ptr support

[joakim-tjernlund]

   URL: https://github.com/SSSD/sssd/pull/5283
Author: joakim-tjernlund
 Title: #5283: Add dyndns_auth_ptr support
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5283/head:pr5283
git checkout pr5283
From 487f3b552e6897a70572152228033d12b58a90ee Mon Sep 17 00:00:00 2001
From: Joakim Tjernlund 
Date: Sat, 15 Aug 2020 11:47:42 +0200
Subject: [PATCH] Add dyndns_auth_ptr support

Allows to specify auth method for DNS PTR updates.
Default to same as dyndns_auth.
---
 src/config/cfg_rules.ini |  1 +
 src/man/sssd-ad.5.xml| 15 +++
 src/man/sssd-ipa.5.xml   | 15 +++
 src/providers/ad/ad_dyndns.c |  1 +
 src/providers/ad/ad_opts.c   |  1 +
 src/providers/be_dyndns.c| 13 +
 src/providers/be_dyndns.h|  2 ++
 src/providers/ipa/ipa_dyndns.c   |  1 +
 src/providers/ipa/ipa_opts.c |  1 +
 src/providers/ldap/sdap_dyndns.c |  5 -
 src/providers/ldap/sdap_dyndns.h |  1 +
 11 files changed, 55 insertions(+), 1 deletion(-)

diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index 2874ea048b..6347024278 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -421,6 +421,7 @@ option = dyndns_refresh_interval
 option = dyndns_update_ptr
 option = dyndns_force_tcp
 option = dyndns_auth
+option = dyndns_auth_ptr
 option = dyndns_server
 
 # files provider specific options
diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
index 5c2f465462..e4712e26d9 100644
--- a/src/man/sssd-ad.5.xml
+++ b/src/man/sssd-ad.5.xml
@@ -1165,6 +1165,21 @@ ad_gpo_map_deny = +my_pam_service
 
 
 
+
+dyndns_auth_ptr (string)
+
+
+Whether the nsupdate utility should use GSS-TSIG
+authentication for secure PTR updates with the DNS
+server, insecure updates can be sent by setting
+this option to 'none'.
+
+
+Default: Same as dyndns_auth
+
+
+
+
 
 dyndns_server (string)
 
diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml
index 0de866740a..7b630493da 100644
--- a/src/man/sssd-ipa.5.xml
+++ b/src/man/sssd-ipa.5.xml
@@ -214,6 +214,21 @@
 
 
 
+
+dyndns_auth_ptr (string)
+
+
+Whether the nsupdate utility should use GSS-TSIG
+authentication for secure PTR updates with the DNS
+server, insecure updates can be sent by setting
+this option to 'none'.
+
+
+Default: Same as dyndns_auth
+
+
+
+
 
 ipa_enable_dns_sites (boolean)
 
diff --git a/src/providers/ad/ad_dyndns.c b/src/providers/ad/ad_dyndns.c
index 00e1d253ae..71ef16c0b5 100644
--- a/src/providers/ad/ad_dyndns.c
+++ b/src/providers/ad/ad_dyndns.c
@@ -238,6 +238,7 @@ static void ad_dyndns_update_connect_done(struct tevent_req *subreq)
  ctx->dyndns_ctx->opts,
  sdap_ctx,
  ctx->dyndns_ctx->auth_type,
+ ctx->dyndns_ctx->auth_ptr_type,
  dp_opt_get_string(ctx->dyndns_ctx->opts,
DP_OPT_DYNDNS_IFACE),
  dp_opt_get_string(ctx->basic,
diff --git a/src/providers/ad/ad_opts.c b/src/providers/ad/ad_opts.c
index 25b1367731..b61de2838e 100644
--- a/src/providers/ad/ad_opts.c
+++ b/src/providers/ad/ad_opts.c
@@ -309,6 +309,7 @@ struct dp_option ad_dyndns_opts[] = {
 { "dyndns_update_ptr", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
 { "dyndns_force_tcp", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
 { "dyndns_auth", DP_OPT_STRING, { "gss-tsig" }, NULL_STRING },
+{ "dyndns_auth_ptr", DP_OPT_STRING, NULL_STRING, NULL_STRING },
 { "dyndns_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },
 DP_OPTION_TERMINATOR
 };
diff --git a/src/providers/be_dyndns.c b/src/providers/be_dyndns.c
index 54f3cc08a3..2de3b11bb7 100644
--- a/src/providers/be_dyndns.c
+++ b/src/providers/be_dyndns.c
@@ -1217,6 +1217,7 @@ static struct dp_option default_dyndns_opts[] = {
 { "dyndns_update_ptr", DP_OPT_BOOL, BOOL_TRUE, BOOL_FALSE },
 { "dyndns_force_tcp", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
 { "dyndns_auth", 

[SSSD] [sssd PR#5283][synchronized] Add dyndns_auth_ptr support

[joakim-tjernlund]

   URL: https://github.com/SSSD/sssd/pull/5283
Author: joakim-tjernlund
 Title: #5283: Add dyndns_auth_ptr support
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5283/head:pr5283
git checkout pr5283
From a95b6c87e965c4833bc1fe045590c6ddb98f04d6 Mon Sep 17 00:00:00 2001
From: Joakim Tjernlund 
Date: Sat, 15 Aug 2020 11:47:42 +0200
Subject: [PATCH 1/2] Add dyndns_auth_ptr support

Allows to specify auth method for DNS PTR updates.
Default to same as dyndns_auth.
---
 src/config/cfg_rules.ini |  1 +
 src/man/sssd-ad.5.xml| 15 +++
 src/man/sssd-ipa.5.xml   | 15 +++
 src/providers/ad/ad_dyndns.c |  1 +
 src/providers/ad/ad_opts.c   |  1 +
 src/providers/be_dyndns.c| 13 +
 src/providers/be_dyndns.h|  2 ++
 src/providers/ipa/ipa_dyndns.c   |  1 +
 src/providers/ipa/ipa_opts.c |  1 +
 src/providers/ldap/sdap_dyndns.c |  5 -
 src/providers/ldap/sdap_dyndns.h |  1 +
 11 files changed, 55 insertions(+), 1 deletion(-)

diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index 2874ea048b..6347024278 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -421,6 +421,7 @@ option = dyndns_refresh_interval
 option = dyndns_update_ptr
 option = dyndns_force_tcp
 option = dyndns_auth
+option = dyndns_auth_ptr
 option = dyndns_server
 
 # files provider specific options
diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
index 5c2f465462..e4712e26d9 100644
--- a/src/man/sssd-ad.5.xml
+++ b/src/man/sssd-ad.5.xml
@@ -1165,6 +1165,21 @@ ad_gpo_map_deny = +my_pam_service
 
 
 
+
+dyndns_auth_ptr (string)
+
+
+Whether the nsupdate utility should use GSS-TSIG
+authentication for secure PTR updates with the DNS
+server, insecure updates can be sent by setting
+this option to 'none'.
+
+
+Default: Same as dyndns_auth
+
+
+
+
 
 dyndns_server (string)
 
diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml
index 0de866740a..7b630493da 100644
--- a/src/man/sssd-ipa.5.xml
+++ b/src/man/sssd-ipa.5.xml
@@ -214,6 +214,21 @@
 
 
 
+
+dyndns_auth_ptr (string)
+
+
+Whether the nsupdate utility should use GSS-TSIG
+authentication for secure PTR updates with the DNS
+server, insecure updates can be sent by setting
+this option to 'none'.
+
+
+Default: Same as dyndns_auth
+
+
+
+
 
 ipa_enable_dns_sites (boolean)
 
diff --git a/src/providers/ad/ad_dyndns.c b/src/providers/ad/ad_dyndns.c
index 00e1d253ae..71ef16c0b5 100644
--- a/src/providers/ad/ad_dyndns.c
+++ b/src/providers/ad/ad_dyndns.c
@@ -238,6 +238,7 @@ static void ad_dyndns_update_connect_done(struct tevent_req *subreq)
  ctx->dyndns_ctx->opts,
  sdap_ctx,
  ctx->dyndns_ctx->auth_type,
+ ctx->dyndns_ctx->auth_ptr_type,
  dp_opt_get_string(ctx->dyndns_ctx->opts,
DP_OPT_DYNDNS_IFACE),
  dp_opt_get_string(ctx->basic,
diff --git a/src/providers/ad/ad_opts.c b/src/providers/ad/ad_opts.c
index 25b1367731..9ebb9ad1a4 100644
--- a/src/providers/ad/ad_opts.c
+++ b/src/providers/ad/ad_opts.c
@@ -309,6 +309,7 @@ struct dp_option ad_dyndns_opts[] = {
 { "dyndns_update_ptr", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
 { "dyndns_force_tcp", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
 { "dyndns_auth", DP_OPT_STRING, { "gss-tsig" }, NULL_STRING },
+{ "dyndns_auth_ptr", DP_OPT_STRING, { "" }, NULL_STRING },
 { "dyndns_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },
 DP_OPTION_TERMINATOR
 };
diff --git a/src/providers/be_dyndns.c b/src/providers/be_dyndns.c
index 54f3cc08a3..f97779e1dc 100644
--- a/src/providers/be_dyndns.c
+++ b/src/providers/be_dyndns.c
@@ -1217,6 +1217,7 @@ static struct dp_option default_dyndns_opts[] = {
 { "dyndns_update_ptr", DP_OPT_BOOL, BOOL_TRUE, BOOL_FALSE },
 { "dyndns_force_tcp", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
 { "dyndns_auth",