Hello community, here is the log from the commit of package sssd for openSUSE:Leap:15.2 checked in at 2020-04-08 12:48:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/sssd (Old) and /work/SRC/openSUSE:Leap:15.2/.sssd.new.3248 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sssd" Wed Apr 8 12:48:09 2020 rev:48 rq:790607 version:1.16.1 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/sssd/sssd.changes 2020-03-13 10:55:50.128368811 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.sssd.new.3248/sssd.changes 2020-04-08 12:48:36.098349055 +0200 @@ -1,0 +2,6 @@ +Fri Mar 27 16:53:56 UTC 2020 - Samuel Cabrero <[email protected]> + +- Fix dynamic DNS updates not using FQDN (bsc#1160587); Add + 0032-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch + +------------------------------------------------------------------- New: ---- 0032-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ sssd.spec ++++++ --- /var/tmp/diff_new_pack.BwZIwW/_old 2020-04-08 12:48:37.574349825 +0200 +++ /var/tmp/diff_new_pack.BwZIwW/_new 2020-04-08 12:48:37.574349825 +0200 @@ -62,6 +62,7 @@ Patch29: sssd-gpo_host_security_filter-1.16.1.patch Patch30: 0001-Resolve-computer-lookup-failure-when-sam-cn.patch Patch31: 0031-ad-Add-support-for-passing-add-samba-data-to-adcli.patch +Patch32: 0032-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch %define servicename sssd %define sssdstatedir %_localstatedir/lib/sss @@ -396,37 +397,7 @@ %prep %setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 -%patch16 -p1 -%patch17 -p1 -%patch18 -p1 -%patch19 -p1 -%patch20 -p1 -%patch21 -p1 -%patch22 -p1 -%patch23 -p1 -%patch24 -p1 -%patch25 -p1 -%patch26 -p1 -%patch27 -p1 -%patch28 -p1 -%patch29 -p1 -%patch30 -p1 -%patch31 -p1 +%autopatch -p1 %build %if 0%{?suse_version} < 1210 ++++++ 0032-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch ++++++ >From 3deb385925d24bf5277e33f2031e4cabab1b3e90 Mon Sep 17 00:00:00 2001 From: Samuel Cabrero <[email protected]> Date: Mon, 13 Jan 2020 13:52:34 +0100 Subject: [PATCH] AD: use getaddrinfo with AI_CANONNAME to find the FQDN In systems where gethostbyname() does not return the FQDN try calling getaddrinfo(). Signed-off-by: Samuel Cabrero <[email protected]> Reviewed-by: Sumit Bose <[email protected]> (cherry picked from commit 2143c7276c7603520e2575ef6c9d93a5fc031256) --- src/man/sssd-ad.5.xml | 14 ++++++------ src/providers/ad/ad_common.c | 42 ++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 6 deletions(-) diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index 4618a35bd..664f9eccb 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -190,15 +190,17 @@ ad_enabled_domains = sales.example.com, eng.example.com <term>ad_hostname (string)</term> <listitem> <para> - Optional. May be set on machines where the - hostname(5) does not reflect the fully qualified - name used in the Active Directory domain to - identify this host. + Optional. On machines where the hostname(5) does + not reflect the fully qualified name, sssd will try + to expand the short name. If it is not possible or + the short name should be really used instead, set + this parameter explicitly. </para> <para> This field is used to determine the host principal - in use in the keytab. It must match the hostname - for which the keytab was issued. + in use in the keytab and to perform dynamic DNS + updates. It must match the hostname for which the + keytab was issued. </para> </listitem> </varlistentry> diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c index 2a1647173..1708ca01f 100644 --- a/src/providers/ad/ad_common.c +++ b/src/providers/ad/ad_common.c @@ -398,6 +398,34 @@ ad_create_1way_trust_options(TALLOC_CTX *mem_ctx, return ad_options; } +static errno_t +ad_try_to_get_fqdn(const char *hostname, + char *buf, + size_t buflen) +{ + int ret; + struct addrinfo *res; + struct addrinfo hints; + + memset(&hints, 0, sizeof(struct addrinfo)); + hints.ai_socktype = SOCK_DGRAM; + hints.ai_flags = AI_CANONNAME; + + ret = getaddrinfo(hostname, NULL, &hints, &res); + if (ret != 0) { + DEBUG(SSSDBG_CRIT_FAILURE, + "getaddrinfo failed: %s\n", + gai_strerror(ret)); + return ret; + } + + strncpy(buf, res->ai_canonname, buflen); + + freeaddrinfo(res); + + return EOK; +} + errno_t ad_get_common_options(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, @@ -413,6 +441,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, char *realm; char *ad_hostname; char hostname[HOST_NAME_MAX + 1]; + char fqdn[HOST_NAME_MAX + 1]; char *case_sensitive_opt; const char *opt_override; @@ -460,6 +489,19 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, goto done; } hostname[HOST_NAME_MAX] = '\0'; + + if (strchr(hostname, '.') == NULL) { + ret = ad_try_to_get_fqdn(hostname, fqdn, sizeof(fqdn)); + if (ret == EOK) { + DEBUG(SSSDBG_CONF_SETTINGS, + "The hostname [%s] has been expanded to FQDN [%s]. " + "If sssd should really use the short hostname, please " + "set ad_hostname explicitly.\n", hostname, fqdn); + strncpy(hostname, fqdn, sizeof(hostname)); + hostname[HOST_NAME_MAX] = '\0'; + } + } + DEBUG(SSSDBG_CONF_SETTINGS, "Setting ad_hostname to [%s].\n", hostname); ret = dp_opt_set_string(opts->basic, AD_HOSTNAME, hostname); -- 2.25.1
