Hello community, here is the log from the commit of package sssd for openSUSE:Factory checked in at 2020-03-19 19:47:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/sssd (Old) and /work/SRC/openSUSE:Factory/.sssd.new.3160 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sssd" Thu Mar 19 19:47:15 2020 rev:101 rq:785703 version:2.2.2 Changes: -------- --- /work/SRC/openSUSE:Factory/sssd/sssd.changes 2020-01-22 22:42:03.740448675 +0100 +++ /work/SRC/openSUSE:Factory/.sssd.new.3160/sssd.changes 2020-03-19 19:50:23.916187550 +0100 @@ -1,0 +2,6 @@ +Mon Mar 16 16:44:23 UTC 2020 - Samuel Cabrero <[email protected]> + +- Fix dynamic DNS updates not using FQDN (bsc#1160587); Add + 0001-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch + +------------------------------------------------------------------- New: ---- 0001-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sssd.spec ++++++ --- /var/tmp/diff_new_pack.0wk6nS/_old 2020-03-19 19:50:24.648187972 +0100 +++ /var/tmp/diff_new_pack.0wk6nS/_new 2020-03-19 19:50:24.652187974 +0100 @@ -32,6 +32,7 @@ Patch1: krb-noversion.diff Patch2: sssd-gpo_host_security_filter-2.2.2.patch Patch3: 0001-Resolve-computer-lookup-failure-when-sam-cn.patch +Patch4: 0001-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch BuildRoot: %_tmppath/%name-%version-build %define servicename sssd ++++++ 0001-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch ++++++ >From 2143c7276c7603520e2575ef6c9d93a5fc031256 Mon Sep 17 00:00:00 2001 From: Samuel Cabrero <[email protected]> Date: Mon, 13 Jan 2020 13:52:34 +0100 Subject: [PATCH] AD: use getaddrinfo with AI_CANONNAME to find the FQDN In systems where gethostbyname() does not return the FQDN try calling getaddrinfo(). Signed-off-by: Samuel Cabrero <[email protected]> Reviewed-by: Sumit Bose <[email protected]> --- src/man/sssd-ad.5.xml | 14 ++++++------ src/providers/ad/ad_common.c | 42 ++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 6 deletions(-) diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index c30e5b9db..23e351fc0 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -193,15 +193,17 @@ ad_enabled_domains = sales.example.com, eng.example.com <term>ad_hostname (string)</term> <listitem> <para> - Optional. May be set on machines where the - hostname(5) does not reflect the fully qualified - name used in the Active Directory domain to - identify this host. + Optional. On machines where the hostname(5) does + not reflect the fully qualified name, sssd will try + to expand the short name. If it is not possible or + the short name should be really used instead, set + this parameter explicitly. </para> <para> This field is used to determine the host principal - in use in the keytab. It must match the hostname - for which the keytab was issued. + in use in the keytab and to perform dynamic DNS + updates. It must match the hostname for which the + keytab was issued. </para> </listitem> </varlistentry> diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c index 51300f5b2..e5fa83595 100644 --- a/src/providers/ad/ad_common.c +++ b/src/providers/ad/ad_common.c @@ -406,6 +406,34 @@ ad_create_1way_trust_options(TALLOC_CTX *mem_ctx, return ad_options; } +static errno_t +ad_try_to_get_fqdn(const char *hostname, + char *buf, + size_t buflen) +{ + int ret; + struct addrinfo *res; + struct addrinfo hints; + + memset(&hints, 0, sizeof(struct addrinfo)); + hints.ai_socktype = SOCK_DGRAM; + hints.ai_flags = AI_CANONNAME; + + ret = getaddrinfo(hostname, NULL, &hints, &res); + if (ret != 0) { + DEBUG(SSSDBG_CRIT_FAILURE, + "getaddrinfo failed: %s\n", + gai_strerror(ret)); + return ret; + } + + strncpy(buf, res->ai_canonname, buflen); + + freeaddrinfo(res); + + return EOK; +} + errno_t ad_get_common_options(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, @@ -421,6 +449,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, char *realm; char *ad_hostname; char hostname[HOST_NAME_MAX + 1]; + char fqdn[HOST_NAME_MAX + 1]; char *case_sensitive_opt; const char *opt_override; @@ -468,6 +497,19 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, goto done; } hostname[HOST_NAME_MAX] = '\0'; + + if (strchr(hostname, '.') == NULL) { + ret = ad_try_to_get_fqdn(hostname, fqdn, sizeof(fqdn)); + if (ret == EOK) { + DEBUG(SSSDBG_CONF_SETTINGS, + "The hostname [%s] has been expanded to FQDN [%s]. " + "If sssd should really use the short hostname, please " + "set ad_hostname explicitly.\n", hostname, fqdn); + strncpy(hostname, fqdn, sizeof(hostname)); + hostname[HOST_NAME_MAX] = '\0'; + } + } + DEBUG(SSSDBG_CONF_SETTINGS, "Setting ad_hostname to [%s].\n", hostname); ret = dp_opt_set_string(opts->basic, AD_HOSTNAME, hostname); -- 2.25.1
