URL: https://github.com/SSSD/sssd/pull/326 Author: amitkumar50 Title: #326: IPA: check if IPA hostname is a FQDN Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/326/head:pr326 git checkout pr326
From ddfe639c74406c1389966010ddc426796c3d92e9 Mon Sep 17 00:00:00 2001 From: AmitKumar <amitk...@redhat.com> Date: Thu, 10 Aug 2017 20:11:45 +0530 Subject: [PATCH 1/2] MAN: Improve ipa_hostname description The description of ipa_hostname config option doesn't mention it must be fully-qualified, although when using a non-fully qualified name IPA server may behave weirdly. Thus, let's add this info the the man page. Related: https://pagure.io/SSSD/sssd/issue/1946 --- src/man/sssd-ipa.5.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml index 4cf07142c..d53d0c3c3 100644 --- a/src/man/sssd-ipa.5.xml +++ b/src/man/sssd-ipa.5.xml @@ -113,6 +113,7 @@ Optional. May be set on machines where the hostname(5) does not reflect the fully qualified name used in the IPA domain to identify this host. + The hostname must be fully qualified. </para> </listitem> </varlistentry> From 4e935e522545ad496553e045229c96432e3d01c4 Mon Sep 17 00:00:00 2001 From: AmitKumar <amitk...@redhat.com> Date: Thu, 10 Aug 2017 20:13:49 +0530 Subject: [PATCH 2/2] IPA: check if IPA hostname is fully qualified Some users change the IPA hostname post-install which results in strange bugs. Code change make sure that the ipa_hostname contains at least one domain component. Resolves: https://pagure.io/SSSD/sssd/issue/1946 --- src/providers/ipa/ipa_init.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index 7cae43c06..2ee954ad7 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -577,6 +577,11 @@ static errno_t ipa_init_auth_ctx(TALLOC_CTX *mem_ctx, return ret; } +static bool ipa_check_fqdn(const char *str) +{ + return strchr(str, '.'); +} + static errno_t ipa_init_misc(struct be_ctx *be_ctx, struct ipa_options *ipa_options, struct ipa_id_ctx *ipa_id_ctx, @@ -584,6 +589,12 @@ static errno_t ipa_init_misc(struct be_ctx *be_ctx, { errno_t ret; + if (!ipa_check_fqdn(dp_opt_get_string(ipa_options->basic, + IPA_HOSTNAME))) { + DEBUG(SSSDBG_CRIT_FAILURE, + "ipa_hostname is not Fully Qualified Domain Name.\n"); + } + ret = ipa_init_dyndns(be_ctx, ipa_options); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to init dyndns [%d]: %s\n",
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
