On Wed, Feb 24, 2016 at 05:19:50PM -0500, Justin Stephenson wrote: > First patch, see attached. > > This is for easy fix from ticket > https://fedorahosted.org/sssd/ticket/2789 > > I am going on the assumption that if the first 2 characters of ad_server are > digits then it is likely an IP address and not hostname. If you have a > better idea for this please let me know.
I think the check should be more elaborate, IPv6 addreses must not start with a number and e.g. 123.com is a valid domain name. You can try to use getaddrinfo() with AI_NUMERICHOST as hint. I would expect that getaddrinfo() returns an error if the input is not a IPv4 or IPv6 address. It would be nice if you can wrap the call to getaddrinfo() in an extra function and write some unit tests for this function. This way you can easily make sure getaddrinfo() really behaves as I suspect/hope. bye, Sumit > > Kind regards, > Justin Stephenson > From 280f7af2e05304fe4eee8a1803abdb72aedad439 Mon Sep 17 00:00:00 2001 > From: Justin Stephenson <[email protected]> > Date: Wed, 24 Feb 2016 16:48:39 -0500 > Subject: [PATCH] Warn if ad_server is not a hostname due to GSSAPI problems > > Resolves: https://fedorahosted.org/sssd/ticket/2789 > --- > src/providers/ad/ad_common.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c > index > 4f8223879a504d1e34b39f4166601c53fd6a73fe..c0e1161d89b727a664826b28c59239860a497299 > 100644 > --- a/src/providers/ad/ad_common.c > +++ b/src/providers/ad/ad_common.c > @@ -378,6 +378,14 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, > > /* Did we get an explicit server name, or are we discovering it? */ > server = dp_opt_get_string(opts->basic, AD_SERVER); > + > + /* Provide warning if IP address is used instead of hostname */ > + if (isdigit(server[0]) || isdigit(server[1])) { > + DEBUG(SSSDBG_CONF_SETTINGS, > + "Warning: ad_server [%s] detected as IP address, " > + "this may cause GSSAPI problems!\n", server); > + } > + > if (!server) { > DEBUG(SSSDBG_CONF_SETTINGS, > "No AD server set, will use service discovery!\n"); > -- > 2.4.3 > > _______________________________________________ > sssd-devel mailing list > [email protected] > https://lists.fedorahosted.org/admin/lists/[email protected] _______________________________________________ sssd-devel mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
