On Wed, Feb 24, 2016 at 05:19:50PM -0500, Justin Stephenson wrote:
First patch, see attached.
This is for easy fix from ticket https://fedorahosted.org/sssd/ticket/2789
I am going on the assumption that if the first 2 characters of ad_server are digits then it is likely an IP address and not hostname. If you have a better idea for this please let me know.
I think the check should be more elaborate, IPv6 addreses must not start with a number and e.g. 123.com is a valid domain name.
You can try to use getaddrinfo() with AI_NUMERICHOST as hint. I would expect that getaddrinfo() returns an error if the input is not a IPv4 or IPv6 address. It would be nice if you can wrap the call to getaddrinfo() in an extra function and write some unit tests for this function. This way you can easily make sure getaddrinfo() really behaves as I suspect/hope.
bye, Sumit
Kind regards, Justin Stephenson
From 280f7af2e05304fe4eee8a1803abdb72aedad439 Mon Sep 17 00:00:00 2001 From: Justin Stephenson jstephen@redhat.com Date: Wed, 24 Feb 2016 16:48:39 -0500 Subject: [PATCH] Warn if ad_server is not a hostname due to GSSAPI problems
Resolves: https://fedorahosted.org/sssd/ticket/2789
src/providers/ad/ad_common.c | 8 ++++++++ 1 file changed, 8 insertions(+)
diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c index 4f8223879a504d1e34b39f4166601c53fd6a73fe..c0e1161d89b727a664826b28c59239860a497299 100644 --- a/src/providers/ad/ad_common.c +++ b/src/providers/ad/ad_common.c @@ -378,6 +378,14 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
/* Did we get an explicit server name, or are we discovering it? */ server = dp_opt_get_string(opts->basic, AD_SERVER);
- /* Provide warning if IP address is used instead of hostname */
- if (isdigit(server[0]) || isdigit(server[1])) {
DEBUG(SSSDBG_CONF_SETTINGS,"Warning: ad_server [%s] detected as IP address, ""this may cause GSSAPI problems!\n", server);- }
- if (!server) { DEBUG(SSSDBG_CONF_SETTINGS, "No AD server set, will use service discovery!\n");
-- 2.4.3
sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org