URL: https://github.com/SSSD/sssd/pull/326
Author: amitkumar50
 Title: #326: IPA: check if IPA hostname is a FQDN
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/326/head:pr326
git checkout pr326
From 9719a1a8bdf0bea47307bf7ec321bd582a17e8e4 Mon Sep 17 00:00:00 2001
From: AmitKumar <amitk...@redhat.com>
Date: Thu, 10 Aug 2017 20:11:45 +0530
Subject: [PATCH 1/2] MAN: Improve ipa_hostname description

The description of ipa_hostname config option doesn't mention it must be
fully-qualified, although when using a  non-fully qualified name IPA
server may behave weirdly. Thus, let's add this info the the man page.

Related: https://pagure.io/SSSD/sssd/issue/1946
---
 src/man/sssd-ipa.5.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml
index 5e7f8ff1a..cd0032610 100644
--- a/src/man/sssd-ipa.5.xml
+++ b/src/man/sssd-ipa.5.xml
@@ -113,6 +113,7 @@
                             Optional. May be set on machines where the
                             hostname(5) does not reflect the fully qualified
                             name used in the IPA domain to identify this host.
+                            The hostname must be fully qualified.
                         </para>
                     </listitem>
                 </varlistentry>

From 8ef7f4580440aa37149d6fe321a2a5585fd7729f Mon Sep 17 00:00:00 2001
From: AmitKumar <amitk...@redhat.com>
Date: Thu, 10 Aug 2017 20:13:49 +0530
Subject: [PATCH 2/2] IPA: check if IPA hostname is fully qualified

Some users change the IPA hostname post-install which results in
strange bugs. Code change make sure that the ipa_hostname contains
at least one domain component.

Resolves: https://pagure.io/SSSD/sssd/issue/1946
---
 src/providers/ipa/ipa_init.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
index 7dec4d1fb..f3a92aa9d 100644
--- a/src/providers/ipa/ipa_init.c
+++ b/src/providers/ipa/ipa_init.c
@@ -231,6 +231,17 @@ static errno_t ipa_init_dyndns(struct be_ctx *be_ctx,
     return EOK;
 }
 
+static bool ipa_check_fqdn(const char *str)
+{
+    const char ch = '.';
+    char *ret;
+    ret = strchr(str, ch);
+    if (ret != NULL) {
+        return true;
+    }
+    return false;
+}
+
 static errno_t ipa_init_server_mode(struct be_ctx *be_ctx,
                                     struct ipa_options *ipa_options,
                                     struct ipa_id_ctx *ipa_id_ctx)
@@ -258,6 +269,12 @@ static errno_t ipa_init_server_mode(struct be_ctx *be_ctx,
     sites_enabled = dp_opt_get_bool(ipa_options->basic, IPA_ENABLE_DNS_SITES);
     dnsdomain = dp_opt_get_string(be_ctx->be_res->opts, DP_RES_OPT_DNS_DOMAIN);
 
+    if (!ipa_check_fqdn(hostname)) {
+        DEBUG(SSSDBG_CRIT_FAILURE,
+              "ipa_hostname is not Fully Qualified Domain Name.\n");
+        return ERR_INVALID_CONFIG;
+    }
+
     if (srv_in_server_list(ipa_servers) || sites_enabled) {
         DEBUG(SSSDBG_MINOR_FAILURE, "SRV resolution or IPA sites enabled "
               "on the IPA server. Site discovery of trusted AD servers "
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

Reply via email to