URL: https://github.com/SSSD/sssd/pull/326 Author: amitkumar50 Title: #326: IPA: check if IPA hostname is a FQDN Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/326/head:pr326 git checkout pr326
From ddfe639c74406c1389966010ddc426796c3d92e9 Mon Sep 17 00:00:00 2001 From: AmitKumar <amitk...@redhat.com> Date: Thu, 10 Aug 2017 20:11:45 +0530 Subject: [PATCH 1/2] MAN: Improve ipa_hostname description The description of ipa_hostname config option doesn't mention it must be fully-qualified, although when using a non-fully qualified name IPA server may behave weirdly. Thus, let's add this info the the man page. Related: https://pagure.io/SSSD/sssd/issue/1946 --- src/man/sssd-ipa.5.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml index 4cf07142c..d53d0c3c3 100644 --- a/src/man/sssd-ipa.5.xml +++ b/src/man/sssd-ipa.5.xml @@ -113,6 +113,7 @@ Optional. May be set on machines where the hostname(5) does not reflect the fully qualified name used in the IPA domain to identify this host. + The hostname must be fully qualified. </para> </listitem> </varlistentry> From ebd0e079ac8ad76d6d7dde1e5752647298bd33cf Mon Sep 17 00:00:00 2001 From: AmitKumar <amitk...@redhat.com> Date: Thu, 10 Aug 2017 20:13:49 +0530 Subject: [PATCH 2/2] IPA: check if IPA hostname is fully qualified Some users change the IPA hostname post-install which results in strange bugs. Code change make sure that the ipa_hostname contains at least one domain component. Resolves: https://pagure.io/SSSD/sssd/issue/1946 --- src/providers/ipa/ipa_init.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index 7cae43c06..e09b37194 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -254,7 +254,6 @@ static errno_t ipa_init_server_mode(struct be_ctx *be_ctx, return ret; } - hostname = dp_opt_get_string(ipa_options->basic, IPA_HOSTNAME); ipa_servers = dp_opt_get_string(ipa_options->basic, IPA_SERVER); sites_enabled = dp_opt_get_bool(ipa_options->basic, IPA_ENABLE_DNS_SITES); dnsdomain = dp_opt_get_string(be_ctx->be_res->opts, DP_RES_OPT_DNS_DOMAIN); @@ -577,6 +576,11 @@ static errno_t ipa_init_auth_ctx(TALLOC_CTX *mem_ctx, return ret; } +static bool ipa_check_fqdn(const char *str) +{ + return strchr(str, '.'); +} + static errno_t ipa_init_misc(struct be_ctx *be_ctx, struct ipa_options *ipa_options, struct ipa_id_ctx *ipa_id_ctx, @@ -584,6 +588,12 @@ static errno_t ipa_init_misc(struct be_ctx *be_ctx, { errno_t ret; + if (!ipa_check_fqdn(dp_opt_get_string(ipa_options->basic, + IPA_HOSTNAME))) { + DEBUG(SSSDBG_CRIT_FAILURE, + "ipa_hostname is not Fully Qualified Domain Name.\n"); + } + ret = ipa_init_dyndns(be_ctx, ipa_options); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to init dyndns [%d]: %s\n",
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
