[SSSD] [sssd PR#5283][synchronized] Add dyndns_auth_ptr support
URL: https://github.com/SSSD/sssd/pull/5283 Author: joakim-tjernlund Title: #5283: Add dyndns_auth_ptr support Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5283/head:pr5283 git checkout pr5283 From 6976ca75830175e08c9fd975fb0c27b4b203c711 Mon Sep 17 00:00:00 2001 From: Joakim Tjernlund Date: Sat, 15 Aug 2020 11:47:42 +0200 Subject: [PATCH] Add dyndns_auth_ptr support Allows to specify auth method for DNS PTR updates. Default to same as dyndns_auth. Resolves: https://github.com/SSSD/sssd/issues/5274 --- src/config/cfg_rules.ini | 1 + src/man/sssd-ad.5.xml| 15 +++ src/man/sssd-ipa.5.xml | 15 +++ src/providers/ad/ad_dyndns.c | 1 + src/providers/ad/ad_opts.c | 1 + src/providers/be_dyndns.c| 13 + src/providers/be_dyndns.h| 2 ++ src/providers/ipa/ipa_dyndns.c | 1 + src/providers/ipa/ipa_opts.c | 1 + src/providers/ldap/sdap_dyndns.c | 5 - src/providers/ldap/sdap_dyndns.h | 1 + 11 files changed, 55 insertions(+), 1 deletion(-) diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 2874ea048b..6347024278 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -421,6 +421,7 @@ option = dyndns_refresh_interval option = dyndns_update_ptr option = dyndns_force_tcp option = dyndns_auth +option = dyndns_auth_ptr option = dyndns_server # files provider specific options diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index 5c2f465462..e4712e26d9 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -1165,6 +1165,21 @@ ad_gpo_map_deny = +my_pam_service + +dyndns_auth_ptr (string) + + +Whether the nsupdate utility should use GSS-TSIG +authentication for secure PTR updates with the DNS +server, insecure updates can be sent by setting +this option to 'none'. + + +Default: Same as dyndns_auth + + + + dyndns_server (string) diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml index 0de866740a..7b630493da 100644 --- a/src/man/sssd-ipa.5.xml +++ b/src/man/sssd-ipa.5.xml @@ -214,6 +214,21 @@ + +dyndns_auth_ptr (string) + + +Whether the nsupdate utility should use GSS-TSIG +authentication for secure PTR updates with the DNS +server, insecure updates can be sent by setting +this option to 'none'. + + +Default: Same as dyndns_auth + + + + ipa_enable_dns_sites (boolean) diff --git a/src/providers/ad/ad_dyndns.c b/src/providers/ad/ad_dyndns.c index 00e1d253ae..71ef16c0b5 100644 --- a/src/providers/ad/ad_dyndns.c +++ b/src/providers/ad/ad_dyndns.c @@ -238,6 +238,7 @@ static void ad_dyndns_update_connect_done(struct tevent_req *subreq) ctx->dyndns_ctx->opts, sdap_ctx, ctx->dyndns_ctx->auth_type, + ctx->dyndns_ctx->auth_ptr_type, dp_opt_get_string(ctx->dyndns_ctx->opts, DP_OPT_DYNDNS_IFACE), dp_opt_get_string(ctx->basic, diff --git a/src/providers/ad/ad_opts.c b/src/providers/ad/ad_opts.c index 25b1367731..b61de2838e 100644 --- a/src/providers/ad/ad_opts.c +++ b/src/providers/ad/ad_opts.c @@ -309,6 +309,7 @@ struct dp_option ad_dyndns_opts[] = { { "dyndns_update_ptr", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "dyndns_force_tcp", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "dyndns_auth", DP_OPT_STRING, { "gss-tsig" }, NULL_STRING }, +{ "dyndns_auth_ptr", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "dyndns_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, DP_OPTION_TERMINATOR }; diff --git a/src/providers/be_dyndns.c b/src/providers/be_dyndns.c index 54f3cc08a3..2de3b11bb7 100644 --- a/src/providers/be_dyndns.c +++ b/src/providers/be_dyndns.c @@ -1217,6 +1217,7 @@ static struct dp_option default_dyndns_opts[] = { { "dyndns_update_ptr", DP_OPT_BOOL, BOOL_TRUE, BOOL_FALSE }, { "dyndns_force_tcp", DP_OPT_BOOL,
[SSSD] [sssd PR#5283][synchronized] Add dyndns_auth_ptr support
URL: https://github.com/SSSD/sssd/pull/5283 Author: joakim-tjernlund Title: #5283: Add dyndns_auth_ptr support Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5283/head:pr5283 git checkout pr5283 From 487f3b552e6897a70572152228033d12b58a90ee Mon Sep 17 00:00:00 2001 From: Joakim Tjernlund Date: Sat, 15 Aug 2020 11:47:42 +0200 Subject: [PATCH] Add dyndns_auth_ptr support Allows to specify auth method for DNS PTR updates. Default to same as dyndns_auth. --- src/config/cfg_rules.ini | 1 + src/man/sssd-ad.5.xml| 15 +++ src/man/sssd-ipa.5.xml | 15 +++ src/providers/ad/ad_dyndns.c | 1 + src/providers/ad/ad_opts.c | 1 + src/providers/be_dyndns.c| 13 + src/providers/be_dyndns.h| 2 ++ src/providers/ipa/ipa_dyndns.c | 1 + src/providers/ipa/ipa_opts.c | 1 + src/providers/ldap/sdap_dyndns.c | 5 - src/providers/ldap/sdap_dyndns.h | 1 + 11 files changed, 55 insertions(+), 1 deletion(-) diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 2874ea048b..6347024278 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -421,6 +421,7 @@ option = dyndns_refresh_interval option = dyndns_update_ptr option = dyndns_force_tcp option = dyndns_auth +option = dyndns_auth_ptr option = dyndns_server # files provider specific options diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index 5c2f465462..e4712e26d9 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -1165,6 +1165,21 @@ ad_gpo_map_deny = +my_pam_service + +dyndns_auth_ptr (string) + + +Whether the nsupdate utility should use GSS-TSIG +authentication for secure PTR updates with the DNS +server, insecure updates can be sent by setting +this option to 'none'. + + +Default: Same as dyndns_auth + + + + dyndns_server (string) diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml index 0de866740a..7b630493da 100644 --- a/src/man/sssd-ipa.5.xml +++ b/src/man/sssd-ipa.5.xml @@ -214,6 +214,21 @@ + +dyndns_auth_ptr (string) + + +Whether the nsupdate utility should use GSS-TSIG +authentication for secure PTR updates with the DNS +server, insecure updates can be sent by setting +this option to 'none'. + + +Default: Same as dyndns_auth + + + + ipa_enable_dns_sites (boolean) diff --git a/src/providers/ad/ad_dyndns.c b/src/providers/ad/ad_dyndns.c index 00e1d253ae..71ef16c0b5 100644 --- a/src/providers/ad/ad_dyndns.c +++ b/src/providers/ad/ad_dyndns.c @@ -238,6 +238,7 @@ static void ad_dyndns_update_connect_done(struct tevent_req *subreq) ctx->dyndns_ctx->opts, sdap_ctx, ctx->dyndns_ctx->auth_type, + ctx->dyndns_ctx->auth_ptr_type, dp_opt_get_string(ctx->dyndns_ctx->opts, DP_OPT_DYNDNS_IFACE), dp_opt_get_string(ctx->basic, diff --git a/src/providers/ad/ad_opts.c b/src/providers/ad/ad_opts.c index 25b1367731..b61de2838e 100644 --- a/src/providers/ad/ad_opts.c +++ b/src/providers/ad/ad_opts.c @@ -309,6 +309,7 @@ struct dp_option ad_dyndns_opts[] = { { "dyndns_update_ptr", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "dyndns_force_tcp", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "dyndns_auth", DP_OPT_STRING, { "gss-tsig" }, NULL_STRING }, +{ "dyndns_auth_ptr", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "dyndns_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, DP_OPTION_TERMINATOR }; diff --git a/src/providers/be_dyndns.c b/src/providers/be_dyndns.c index 54f3cc08a3..2de3b11bb7 100644 --- a/src/providers/be_dyndns.c +++ b/src/providers/be_dyndns.c @@ -1217,6 +1217,7 @@ static struct dp_option default_dyndns_opts[] = { { "dyndns_update_ptr", DP_OPT_BOOL, BOOL_TRUE, BOOL_FALSE }, { "dyndns_force_tcp", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "dyndns_auth",
[SSSD] [sssd PR#5283][synchronized] Add dyndns_auth_ptr support
URL: https://github.com/SSSD/sssd/pull/5283 Author: joakim-tjernlund Title: #5283: Add dyndns_auth_ptr support Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5283/head:pr5283 git checkout pr5283 From a95b6c87e965c4833bc1fe045590c6ddb98f04d6 Mon Sep 17 00:00:00 2001 From: Joakim Tjernlund Date: Sat, 15 Aug 2020 11:47:42 +0200 Subject: [PATCH 1/2] Add dyndns_auth_ptr support Allows to specify auth method for DNS PTR updates. Default to same as dyndns_auth. --- src/config/cfg_rules.ini | 1 + src/man/sssd-ad.5.xml| 15 +++ src/man/sssd-ipa.5.xml | 15 +++ src/providers/ad/ad_dyndns.c | 1 + src/providers/ad/ad_opts.c | 1 + src/providers/be_dyndns.c| 13 + src/providers/be_dyndns.h| 2 ++ src/providers/ipa/ipa_dyndns.c | 1 + src/providers/ipa/ipa_opts.c | 1 + src/providers/ldap/sdap_dyndns.c | 5 - src/providers/ldap/sdap_dyndns.h | 1 + 11 files changed, 55 insertions(+), 1 deletion(-) diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini index 2874ea048b..6347024278 100644 --- a/src/config/cfg_rules.ini +++ b/src/config/cfg_rules.ini @@ -421,6 +421,7 @@ option = dyndns_refresh_interval option = dyndns_update_ptr option = dyndns_force_tcp option = dyndns_auth +option = dyndns_auth_ptr option = dyndns_server # files provider specific options diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index 5c2f465462..e4712e26d9 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -1165,6 +1165,21 @@ ad_gpo_map_deny = +my_pam_service + +dyndns_auth_ptr (string) + + +Whether the nsupdate utility should use GSS-TSIG +authentication for secure PTR updates with the DNS +server, insecure updates can be sent by setting +this option to 'none'. + + +Default: Same as dyndns_auth + + + + dyndns_server (string) diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml index 0de866740a..7b630493da 100644 --- a/src/man/sssd-ipa.5.xml +++ b/src/man/sssd-ipa.5.xml @@ -214,6 +214,21 @@ + +dyndns_auth_ptr (string) + + +Whether the nsupdate utility should use GSS-TSIG +authentication for secure PTR updates with the DNS +server, insecure updates can be sent by setting +this option to 'none'. + + +Default: Same as dyndns_auth + + + + ipa_enable_dns_sites (boolean) diff --git a/src/providers/ad/ad_dyndns.c b/src/providers/ad/ad_dyndns.c index 00e1d253ae..71ef16c0b5 100644 --- a/src/providers/ad/ad_dyndns.c +++ b/src/providers/ad/ad_dyndns.c @@ -238,6 +238,7 @@ static void ad_dyndns_update_connect_done(struct tevent_req *subreq) ctx->dyndns_ctx->opts, sdap_ctx, ctx->dyndns_ctx->auth_type, + ctx->dyndns_ctx->auth_ptr_type, dp_opt_get_string(ctx->dyndns_ctx->opts, DP_OPT_DYNDNS_IFACE), dp_opt_get_string(ctx->basic, diff --git a/src/providers/ad/ad_opts.c b/src/providers/ad/ad_opts.c index 25b1367731..9ebb9ad1a4 100644 --- a/src/providers/ad/ad_opts.c +++ b/src/providers/ad/ad_opts.c @@ -309,6 +309,7 @@ struct dp_option ad_dyndns_opts[] = { { "dyndns_update_ptr", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "dyndns_force_tcp", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "dyndns_auth", DP_OPT_STRING, { "gss-tsig" }, NULL_STRING }, +{ "dyndns_auth_ptr", DP_OPT_STRING, { "" }, NULL_STRING }, { "dyndns_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, DP_OPTION_TERMINATOR }; diff --git a/src/providers/be_dyndns.c b/src/providers/be_dyndns.c index 54f3cc08a3..f97779e1dc 100644 --- a/src/providers/be_dyndns.c +++ b/src/providers/be_dyndns.c @@ -1217,6 +1217,7 @@ static struct dp_option default_dyndns_opts[] = { { "dyndns_update_ptr", DP_OPT_BOOL, BOOL_TRUE, BOOL_FALSE }, { "dyndns_force_tcp", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "dyndns_auth",