URL: https://github.com/SSSD/sssd/pull/326
Author: amitkumar50
 Title: #326: IPA: check if IPA hostname is a FQDN
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/326/head:pr326
git checkout pr326
From 8a6ab8e2eedcad7a3df4d8acc063dc43d3a7b46f Mon Sep 17 00:00:00 2001
From: AmitKumar <amitk...@redhat.com>
Date: Wed, 19 Jul 2017 22:14:24 +0530
Subject: [PATCH] IPA: check if IPA hostname is a FQDN

Some users change the IPA hostname post-install which results in
strange bugs. Code change make sure that the ipa_hostname
contains at least one domain component.sssd-ipa man page is updated
to reflect ipa_hostname must be fully qualified.

Resolves: https://pagure.io/SSSD/sssd/issue/1946
---
 src/man/sssd-ipa.5.xml       |  3 ++-
 src/providers/ipa/ipa_init.c | 17 +++++++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml
index 5e7f8ff1a..098237bd8 100644
--- a/src/man/sssd-ipa.5.xml
+++ b/src/man/sssd-ipa.5.xml
@@ -112,7 +112,8 @@
                         <para>
                             Optional. May be set on machines where the
                             hostname(5) does not reflect the fully qualified
-                            name used in the IPA domain to identify this host.
+			    name used in the IPA domain to identify this host.
+                            The hostname must be fully qualified.
                         </para>
                     </listitem>
                 </varlistentry>
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
index 7dec4d1fb..f3a92aa9d 100644
--- a/src/providers/ipa/ipa_init.c
+++ b/src/providers/ipa/ipa_init.c
@@ -231,6 +231,17 @@ static errno_t ipa_init_dyndns(struct be_ctx *be_ctx,
     return EOK;
 }
 
+static bool ipa_check_fqdn(const char *str)
+{
+    const char ch = '.';
+    char *ret;
+    ret = strchr(str, ch);
+    if (ret != NULL) {
+        return true;
+    }
+    return false;
+}
+
 static errno_t ipa_init_server_mode(struct be_ctx *be_ctx,
                                     struct ipa_options *ipa_options,
                                     struct ipa_id_ctx *ipa_id_ctx)
@@ -258,6 +269,12 @@ static errno_t ipa_init_server_mode(struct be_ctx *be_ctx,
     sites_enabled = dp_opt_get_bool(ipa_options->basic, IPA_ENABLE_DNS_SITES);
     dnsdomain = dp_opt_get_string(be_ctx->be_res->opts, DP_RES_OPT_DNS_DOMAIN);
 
+    if (!ipa_check_fqdn(hostname)) {
+        DEBUG(SSSDBG_CRIT_FAILURE,
+              "ipa_hostname is not Fully Qualified Domain Name.\n");
+        return ERR_INVALID_CONFIG;
+    }
+
     if (srv_in_server_list(ipa_servers) || sites_enabled) {
         DEBUG(SSSDBG_MINOR_FAILURE, "SRV resolution or IPA sites enabled "
               "on the IPA server. Site discovery of trusted AD servers "
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

Reply via email to