URL: https://github.com/SSSD/sssd/pull/326 Author: amitkumar50 Title: #326: IPA: check if IPA hostname is a FQDN Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/326/head:pr326 git checkout pr326
From f68fcf13edea6a8d17403d12fcba9ff00b989e4b Mon Sep 17 00:00:00 2001 From: AmitKumar <amitk...@redhat.com> Date: Wed, 19 Jul 2017 22:14:24 +0530 Subject: [PATCH] IPA: check if IPA hostname is a FQDN Some users change the IPA hostname post-install which results in strange bugs. Code change make sure that the ipa_hostname contains at least one domain component. Resolves: https://pagure.io/SSSD/sssd/issue/1946 --- src/providers/ipa/ipa_common.h | 1 - src/providers/ipa/ipa_init.c | 17 +++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index add9df876..8b34c2f75 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -290,6 +290,5 @@ errno_t ipa_idmap_init(TALLOC_CTX *mem_ctx, struct sdap_id_ctx *id_ctx, struct sdap_idmap_ctx **_idmap_ctx); - struct krb5_ctx *ipa_init_get_krb5_auth_ctx(void *data); #endif /* _IPA_COMMON_H_ */ diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index 7dec4d1fb..f3a92aa9d 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -231,6 +231,17 @@ static errno_t ipa_init_dyndns(struct be_ctx *be_ctx, return EOK; } +static bool ipa_check_fqdn(const char *str) +{ + const char ch = '.'; + char *ret; + ret = strchr(str, ch); + if (ret != NULL) { + return true; + } + return false; +} + static errno_t ipa_init_server_mode(struct be_ctx *be_ctx, struct ipa_options *ipa_options, struct ipa_id_ctx *ipa_id_ctx) @@ -258,6 +269,12 @@ static errno_t ipa_init_server_mode(struct be_ctx *be_ctx, sites_enabled = dp_opt_get_bool(ipa_options->basic, IPA_ENABLE_DNS_SITES); dnsdomain = dp_opt_get_string(be_ctx->be_res->opts, DP_RES_OPT_DNS_DOMAIN); + if (!ipa_check_fqdn(hostname)) { + DEBUG(SSSDBG_CRIT_FAILURE, + "ipa_hostname is not Fully Qualified Domain Name.\n"); + return ERR_INVALID_CONFIG; + } + if (srv_in_server_list(ipa_servers) || sites_enabled) { DEBUG(SSSDBG_MINOR_FAILURE, "SRV resolution or IPA sites enabled " "on the IPA server. Site discovery of trusted AD servers "
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org