[SSSD] [sssd PR#326][synchronized] IPA: check if IPA hostname is a FQDN

Tue, 01 Aug 2017 02:00:07 -0700 

   URL: https://github.com/SSSD/sssd/pull/326
Author: amitkumar50
 Title: #326: IPA: check if IPA hostname is a FQDN
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/326/head:pr326
git checkout pr326

From f68fcf13edea6a8d17403d12fcba9ff00b989e4b Mon Sep 17 00:00:00 2001
From: AmitKumar <amitk...@redhat.com>
Date: Wed, 19 Jul 2017 22:14:24 +0530
Subject: [PATCH] IPA: check if IPA hostname is a FQDN

Some users change the IPA hostname post-install which results in
strange bugs. Code change make sure that the ipa_hostname contains
at least one domain component.

Resolves:
https://pagure.io/SSSD/sssd/issue/1946
---
 src/providers/ipa/ipa_common.h |  1 -
 src/providers/ipa/ipa_init.c   | 17 +++++++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
index add9df876..8b34c2f75 100644
--- a/src/providers/ipa/ipa_common.h
+++ b/src/providers/ipa/ipa_common.h
@@ -290,6 +290,5 @@ errno_t ipa_idmap_init(TALLOC_CTX *mem_ctx,
                        struct sdap_id_ctx *id_ctx,
                        struct sdap_idmap_ctx **_idmap_ctx);
 
-
 struct krb5_ctx *ipa_init_get_krb5_auth_ctx(void *data);
 #endif /* _IPA_COMMON_H_ */
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
index 7dec4d1fb..f3a92aa9d 100644
--- a/src/providers/ipa/ipa_init.c
+++ b/src/providers/ipa/ipa_init.c
@@ -231,6 +231,17 @@ static errno_t ipa_init_dyndns(struct be_ctx *be_ctx,
     return EOK;
 }
 
+static bool ipa_check_fqdn(const char *str)
+{
+    const char ch = '.';
+    char *ret;
+    ret = strchr(str, ch);
+    if (ret != NULL) {
+        return true;
+    }
+    return false;
+}
+
 static errno_t ipa_init_server_mode(struct be_ctx *be_ctx,
                                     struct ipa_options *ipa_options,
                                     struct ipa_id_ctx *ipa_id_ctx)
@@ -258,6 +269,12 @@ static errno_t ipa_init_server_mode(struct be_ctx *be_ctx,
     sites_enabled = dp_opt_get_bool(ipa_options->basic, IPA_ENABLE_DNS_SITES);
     dnsdomain = dp_opt_get_string(be_ctx->be_res->opts, DP_RES_OPT_DNS_DOMAIN);
 
+    if (!ipa_check_fqdn(hostname)) {
+        DEBUG(SSSDBG_CRIT_FAILURE,
+              "ipa_hostname is not Fully Qualified Domain Name.\n");
+        return ERR_INVALID_CONFIG;
+    }
+
     if (srv_in_server_list(ipa_servers) || sites_enabled) {
         DEBUG(SSSDBG_MINOR_FAILURE, "SRV resolution or IPA sites enabled "
               "on the IPA server. Site discovery of trusted AD servers "

_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

Reply via email to