URL: https://github.com/SSSD/sssd/pull/326 Author: amitkumar50 Title: #326: IPA: check if IPA hostname is a FQDN Action: opened
PR body: """ Some users change the IPA hostname post-install which results in strange bugs. Code change make sure that the ipa_hostname contains at least one domain component. Resolves: https://pagure.io/SSSD/sssd/issue/1946 """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/326/head:pr326 git checkout pr326
From 066d723adee0a142107914ec64b001a9571e7f9c Mon Sep 17 00:00:00 2001 From: AmitKumar <amitk...@redhat.com> Date: Wed, 19 Jul 2017 22:14:24 +0530 Subject: [PATCH] IPA: check if IPA hostname is a FQDN Some users change the IPA hostname post-install which results in strange bugs. Code change make sure that the ipa_hostname contains at least one domain component. Resolves: https://pagure.io/SSSD/sssd/issue/1946 --- src/providers/ipa/ipa_access.c | 6 ++++++ src/providers/ipa/ipa_common.c | 16 ++++++++++++++++ src/providers/ipa/ipa_common.h | 1 + 3 files changed, 23 insertions(+) diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c index 9682613e9..12c570b3f 100644 --- a/src/providers/ipa/ipa_access.c +++ b/src/providers/ipa/ipa_access.c @@ -355,6 +355,12 @@ static void ipa_fetch_hbac_services_done(struct tevent_req *subreq) ret = EINVAL; goto done; } + if(!ipa_check_fqdn(ipa_hostname)){ + DEBUG(SSSDBG_CRIT_FAILURE, + "ipa_hostname is not Fully Qualified Domain Name.\n"); + ret = ERR_WRONG_NAME_FORMAT; + goto done; + } for (i = 0; i < state->host_count; i++) { ret = sysdb_attrs_get_string(state->hosts[i], SYSDB_FQDN, &hostname); diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 657994508..f27f81e8a 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -37,6 +37,16 @@ #include "providers/ipa/ipa_opts.h" +bool ipa_check_fqdn(const char *str){ + const char ch = '.'; + char *ret; + ret = strchr(str, ch); + if(ret){ + return true; + } + return false; +} + int ipa_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb, const char *conf_path, @@ -93,6 +103,12 @@ int ipa_get_options(TALLOC_CTX *memctx, goto done; } } + if(!ipa_check_fqdn(ipa_hostname)){ + DEBUG(SSSDBG_CRIT_FAILURE, + "ipa_hostname is not Fully Qualified Domain Name.\n"); + ret = ERR_WRONG_NAME_FORMAT; + goto done; + } /* First check whether the realm has been manually specified */ realm = dp_opt_get_string(opts->basic, IPA_KRB5_REALM); diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index add9df876..f9a2390b9 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -290,6 +290,7 @@ errno_t ipa_idmap_init(TALLOC_CTX *mem_ctx, struct sdap_id_ctx *id_ctx, struct sdap_idmap_ctx **_idmap_ctx); +bool ipa_check_fqdn(const char *str); struct krb5_ctx *ipa_init_get_krb5_auth_ctx(void *data); #endif /* _IPA_COMMON_H_ */
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org