From a00b1df49dce02450b7bca874f2481eceac3f372 Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Wed, 10 Aug 2016 11:27:01 -0400 Subject: [PATCH] Part 1 of fix for 2789 Warn if IP address is used as option for ipa_server/ad_server GSSAPI is dependent on DNS with hostnames and we should warn about this --- src/providers/ad/ad_common.c | 9 +++++++++ src/providers/ipa/ipa_common.c | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c index 9f9f9f1bdac2dc47bf18f9727ccd3b4675a2bb06..9a6fece5d8b5b855e4fe48c0f9420761343f4b8a 100644 --- a/src/providers/ad/ad_common.c +++ b/src/providers/ad/ad_common.c @@ -489,6 +489,7 @@ _ad_servers_init(struct ad_service *service, bool primary) { size_t i; + size_t j; errno_t ret = 0; char **list; struct ad_server_data *sdata; @@ -504,6 +505,14 @@ _ad_servers_init(struct ad_service *service, goto done; } + for (j = 0; list[j]; j++) { + if (resolv_is_address(list[j])) { + DEBUG(SSSDBG_IMPORTANT_INFO, + "ad_server [%s] is detected as IP address, " + "this can cause GSSAPI problems\n", list[j]); + } + } + /* Add each of these servers to the failover service */ for (i = 0; list[i]; i++) { if (be_fo_is_srv_identifier(list[i])) { diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index b15ccc6ee87002a5ccb2ce8b2c195372f6b5eecd..657994508e0733e86ba474419380a0081c51ee6e 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -831,6 +831,7 @@ static errno_t _ipa_servers_init(struct be_ctx *ctx, char *ipa_domain; int ret = 0; int i; + int j; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { @@ -844,6 +845,14 @@ static errno_t _ipa_servers_init(struct be_ctx *ctx, goto done; } + for (j = 0; list[j]; j++) { + if (resolv_is_address(list[j])) { + DEBUG(SSSDBG_IMPORTANT_INFO, + "ipa_server [%s] is detected as IP address, " + "this can cause GSSAPI problems\n", list[j]); + } + } + /* now for each one add a new server to the failover service */ for (i = 0; list[i]; i++) { -- 2.7.4