On 01/19/2012 11:10 PM, Rob Crittenden wrote:
Ondrej Hamada wrote:

Machines with hostname 'localhost.localdomain' are refused from joining
IPA domain and proper error message is shown.

This should probably check for just localhost as well.

It is good that the check is done here as ipa-join can be run outside of ipa-client-install, but I wonder if it should be checked there as well. By the time that ipa-join is called the user is potentially prompted for a bunch of data whereas we could check the hostname very early in ipa-client-install.


Hostname checking is now in both ipa-client-install and ipa-join. Also the checking is done against both the 'localhost' and 'localhost.localdomain' hostnames.


Ondrej Hamada
FreeIPA team
jabber: oh...@jabbim.cz
IRC: ohamada

From 6d0b5a6a27eea34a709b80f3fd8d1003c79d93fe Mon Sep 17 00:00:00 2001
From: Ondrej Hamada <oham...@redhat.com>
Date: Fri, 20 Jan 2012 13:44:48 +0100
Subject: [PATCH] localhost.localdomain clients refused to join

Machines with hostname 'localhost' or 'localhost.localdomain' are
refused from joining IPA domain and proper error message is shown.
The hostname check is done both in 'ipa-client-install' script and in

 ipa-client/ipa-install/ipa-client-install |    3 +++
 ipa-client/ipa-join.c                     |    6 ++++++
 2 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 8e945ce9028f67855a3ede8e96a67bd4ad3ec787..f2f4973fb365dcc11ee1db484fac791fbf765dd8 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -872,6 +872,9 @@ def install(options, env, fstore, statestore):
     if hostname != hostname.lower():
         print 'Invalid hostname \'%s\', must be lower-case.' % hostname
         return CLIENT_INSTALL_ERROR
+    if (hostname == 'localhost') or (hostname == 'localhost.localdomain'):
+        print 'Invalid hostname, \'%s\' must not be used.' % hostname
+        return CLIENT_INSTALL_ERROR
     # when installing with '--no-sssd' option, check whether nss-ldap is installed
     if not options.sssd:
diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c
index c174e2c157d0878dedf0d302e547ff176deb9e98..57c7bcb28f23fd9083900215de170cc768a26377 100644
--- a/ipa-client/ipa-join.c
+++ b/ipa-client/ipa-join.c
@@ -937,6 +937,12 @@ join(const char *server, const char *hostname, const char *bindpw, const char *b
         goto cleanup;
+    if ((!strcmp(host, "localhost")) || (!strcmp(host, "localhost.localdomain"))){
+        fprintf(stderr, _("The hostname must not be: %s\n"), host);
+        rval = 16;
+        goto cleanup;
+    }
     if (bindpw)
         rval = join_ldap(ipaserver, host, &hostdn, bindpw, basedn, &princ, &subject, quiet);
     else {

Freeipa-devel mailing list

Reply via email to