On 06/08/2010 07:06 AM, Jakub Hrozek wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 06/04/2010 01:33 PM, Jakub Hrozek wrote:
>> The service discovery used to use the SSSD domain name to perform DNS
>> queries. This is not an optimal solution, for example from the point of
>> view of authconfig.
>>
>> This patch introduces a new option "dns_discovery_domain" that allows to
>> set the domain part of a DNS SRV query. If this option is not set, the
>> default behavior is to use the domain part of the machine's hostname.
>>
>> Fixes: #479
>
> I have amended the patch to also add the option to config file via the
> upgrade_config.py script if the SSSD domain used service discovery
Nack. If you're going to add the option to upgrade_config.py, you also
need to check for _srv_ in the ldap_uri, ipa_server and krb5_kdcip.
In the failover code, please don't use "domain". It's too easy to
confuse with SSSD domains. Please use dns_domain.
+ domptr = strchr(fqdn, '.');
+ domptr++;
+ if (!domptr) {
+ *domain = talloc_strdup(mem_ctx, fqdn);
This is a bug, if there is no '.' in the string, you will return NULL
and then increase it by one.
Also, you should check if domptr+1 (after the dot) is a NULL-terminator
before calling talloc_strdup(just to be safe, in case we somehow got
'hostname.' back as a reply from a broken DNS server)
Otherwise, this looks pretty good.
--
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
