From 102431636b6ec4877fa17c4ff7d1897a794f0826 Mon Sep 17 00:00:00 2001 From: Samuel Cabrero Date: Tue, 25 Aug 2020 14:17:32 +0200 Subject: [PATCH 1/5] PROXY: Fix iphost not found code path in get_host_by_name_internal Return the correct error code ENOENT when the iphost is not found. Signed-off-by: Samuel Cabrero --- src/providers/proxy/proxy_hosts.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/src/providers/proxy/proxy_hosts.c b/src/providers/proxy/proxy_hosts.c index 911ecd9638..d224829303 100644 --- a/src/providers/proxy/proxy_hosts.c +++ b/src/providers/proxy/proxy_hosts.c @@ -265,26 +265,26 @@ get_host_by_name_internal(struct proxy_resolver_ctx *ctx, } ret = nss_status_to_errno(status); - if (ret != EOK && ret != ENOENT) { - DEBUG(SSSDBG_MINOR_FAILURE, - "gethostbyname2_r (%s) failed for host [%s]: %d, %s, %s.\n", - af == AF_INET ? "AF_INET" : "AF_INET6", - search_name, status, strerror(err), hstrerror(h_err)); + if (ret != EOK) { + if (ret != ENOENT) { + DEBUG(SSSDBG_CRIT_FAILURE, + "gethostbyname2_r (%s) failed for host [%s]: %d, %s, %s.\n", + af == AF_INET ? "AF_INET" : "AF_INET6", + search_name, status, strerror(err), hstrerror(h_err)); + } + goto done; } - if (ret == EOK) { - ret = parse_hostent(mem_ctx, result, domain->case_sensitive, - out_name, out_aliases, out_addresses); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, - "Failed to parse hostent [%d]: %s\n", - ret, sss_strerror(ret)); - goto done; - } + ret = parse_hostent(mem_ctx, result, domain->case_sensitive, + out_name, out_aliases, out_addresses); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to parse hostent [%d]: %s\n", + ret, sss_strerror(ret)); + goto done; } - ret = EOK; done: talloc_free(tmp_ctx); From c76b96baec7c6c653583e7ad107c8770f7f57ab6 Mon Sep 17 00:00:00 2001 From: Samuel Cabrero Date: Wed, 26 Aug 2020 11:58:04 +0200 Subject: [PATCH 2/5] NSS: Fix get ip network by address when address type is AF_UNSPEC If type is AF_UNSPEC try to parse to a IPv4 address. Resolves: https://github.com/SSSD/sssd/issues/5256 Signed-off-by: Samuel Cabrero --- src/sss_client/nss_ipnetworks.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/sss_client/nss_ipnetworks.c b/src/sss_client/nss_ipnetworks.c index 08070499d4..0e21048c7e 100644 --- a/src/sss_client/nss_ipnetworks.c +++ b/src/sss_client/nss_ipnetworks.c @@ -287,6 +287,15 @@ _nss_sss_getnetbyaddr_r(uint32_t addr, int type, size_t ctr = 0; socklen_t addrlen; + if (type == AF_UNSPEC) { + char addrbuf[INET_ADDRSTRLEN]; + + /* Try to parse to IPv4 */ + if (inet_ntop(AF_INET, &addr, addrbuf, INET_ADDRSTRLEN)) { + type = AF_INET; + } + } + if (type != AF_INET) { *errnop = EAFNOSUPPORT; *h_errnop = NETDB_INTERNAL; From c1f7564a4cf752735cf794dd486b1b098d2ed3d6 Mon Sep 17 00:00:00 2001 From: Samuel Cabrero Date: Wed, 26 Aug 2020 12:00:27 +0200 Subject: [PATCH 3/5] NSS: Fix _nss_sss_getnetbyaddr_r address byte order The address is received in host byte order, but the nss protocol parser expects it in network byte order. Resolves: https://github.com/SSSD/sssd/issues/5256 Signed-off-by: Samuel Cabrero --- src/sss_client/nss_ipnetworks.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/sss_client/nss_ipnetworks.c b/src/sss_client/nss_ipnetworks.c index 0e21048c7e..4d988e3586 100644 --- a/src/sss_client/nss_ipnetworks.c +++ b/src/sss_client/nss_ipnetworks.c @@ -287,6 +287,10 @@ _nss_sss_getnetbyaddr_r(uint32_t addr, int type, size_t ctr = 0; socklen_t addrlen; + /* addr is in host byte order, but nss_protocol_parse_addr expects the + * buffer in network byte order */ + addr = htonl(addr); + if (type == AF_UNSPEC) { char addrbuf[INET_ADDRSTRLEN]; From a5e1e8ea701fb95b044d6484029e1411f517e156 Mon Sep 17 00:00:00 2001 From: Samuel Cabrero Date: Wed, 26 Aug 2020 10:33:37 +0200 Subject: [PATCH 4/5] PROXY: getnetbyaddr_r expects the net argument in host byte order The inet_pton function returns the address in network byte order, but getnetbyaddr_r expects it in host byte order. Resolves: https://github.com/SSSD/sssd/issues/5256 Signed-off-by: Samuel Cabrero --- src/providers/proxy/proxy_ipnetworks.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/providers/proxy/proxy_ipnetworks.c b/src/providers/proxy/proxy_ipnetworks.c index 7256f27d68..d2da4f0ca8 100644 --- a/src/providers/proxy/proxy_ipnetworks.c +++ b/src/providers/proxy/proxy_ipnetworks.c @@ -304,6 +304,9 @@ get_net_byaddr(struct proxy_resolver_ctx *ctx, goto done; } + /* getnetbyaddr_r expects address in host byte order */ + addrbuf = ntohl(addrbuf); + for (status = NSS_STATUS_TRYAGAIN, err = ERANGE, h_err = 0; status == NSS_STATUS_TRYAGAIN && err == ERANGE; From 8632a060c30ba3d855943a4da30d740626ce8c49 Mon Sep 17 00:00:00 2001 From: Samuel Cabrero Date: Wed, 26 Aug 2020 11:31:11 +0200 Subject: [PATCH 5/5] TESTS: getnetbyaddr_r expects network in host byte order Resolves: https://github.com/SSSD/sssd/issues/5256 Signed-off-by: Samuel Cabrero --- src/tests/intg/sssd_nets.py | 1 + 1 file changed, 1 insertion(+) diff --git a/src/tests/intg/sssd_nets.py b/src/tests/intg/sssd_nets.py index 2f5f6213b8..5e17aaf42f 100644 --- a/src/tests/intg/sssd_nets.py +++ b/src/tests/intg/sssd_nets.py @@ -136,6 +136,7 @@ def call_sssd_getnetbyaddr(addrstr): addrstr = addrstr.decode('utf-8') addr = IPv4Address(addrstr) binaddr = unpack('