From c986a1b9c7d5730a09f9d3be5ae983f430d04961 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero@suse.de>
Date: Tue, 25 Aug 2020 14:17:32 +0200
Subject: [PATCH 1/7] PROXY: Fix iphost not found code path in
 get_host_by_name_internal

Return the correct error code ENOENT when the iphost is not found.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
---
 src/providers/proxy/proxy_hosts.c | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/src/providers/proxy/proxy_hosts.c b/src/providers/proxy/proxy_hosts.c
index 911ecd9638..d224829303 100644
--- a/src/providers/proxy/proxy_hosts.c
+++ b/src/providers/proxy/proxy_hosts.c
@@ -265,26 +265,26 @@ get_host_by_name_internal(struct proxy_resolver_ctx *ctx,
     }
 
     ret = nss_status_to_errno(status);
-    if (ret != EOK && ret != ENOENT) {
-        DEBUG(SSSDBG_MINOR_FAILURE,
-            "gethostbyname2_r (%s) failed for host [%s]: %d, %s, %s.\n",
-            af == AF_INET ? "AF_INET" : "AF_INET6",
-            search_name, status, strerror(err), hstrerror(h_err));
+    if (ret != EOK) {
+        if (ret != ENOENT) {
+            DEBUG(SSSDBG_CRIT_FAILURE,
+                "gethostbyname2_r (%s) failed for host [%s]: %d, %s, %s.\n",
+                af == AF_INET ? "AF_INET" : "AF_INET6",
+                search_name, status, strerror(err), hstrerror(h_err));
+        }
+
         goto done;
     }
 
-    if (ret == EOK) {
-        ret = parse_hostent(mem_ctx, result, domain->case_sensitive,
-                            out_name, out_aliases, out_addresses);
-        if (ret != EOK) {
-            DEBUG(SSSDBG_MINOR_FAILURE,
-                  "Failed to parse hostent [%d]: %s\n",
-                  ret, sss_strerror(ret));
-            goto done;
-        }
+    ret = parse_hostent(mem_ctx, result, domain->case_sensitive,
+                        out_name, out_aliases, out_addresses);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_CRIT_FAILURE,
+              "Failed to parse hostent [%d]: %s\n",
+              ret, sss_strerror(ret));
+        goto done;
     }
 
-    ret = EOK;
 done:
     talloc_free(tmp_ctx);
 

From a9949f137c10abae0a17a36f576503130dd3415c Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero@suse.de>
Date: Wed, 26 Aug 2020 11:58:04 +0200
Subject: [PATCH 2/7] NSS: Fix get ip network by address when address type is
 AF_UNSPEC

If type is AF_UNSPEC try to parse to a IPv4 address.

Resolves:
    https://github.com/SSSD/sssd/issues/5256

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
---
 src/sss_client/nss_ipnetworks.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/sss_client/nss_ipnetworks.c b/src/sss_client/nss_ipnetworks.c
index 08070499d4..0e21048c7e 100644
--- a/src/sss_client/nss_ipnetworks.c
+++ b/src/sss_client/nss_ipnetworks.c
@@ -287,6 +287,15 @@ _nss_sss_getnetbyaddr_r(uint32_t addr, int type,
     size_t ctr = 0;
     socklen_t addrlen;
 
+    if (type == AF_UNSPEC) {
+        char addrbuf[INET_ADDRSTRLEN];
+
+        /* Try to parse to IPv4 */
+        if (inet_ntop(AF_INET, &addr, addrbuf, INET_ADDRSTRLEN)) {
+            type = AF_INET;
+        }
+    }
+
     if (type != AF_INET) {
         *errnop = EAFNOSUPPORT;
         *h_errnop = NETDB_INTERNAL;

From 039eeca319b8661e10d0510c0ae03ec340a80e59 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero@suse.de>
Date: Wed, 26 Aug 2020 12:00:27 +0200
Subject: [PATCH 3/7] NSS: Fix _nss_sss_getnetbyaddr_r address byte order

The address is received in host byte order, but the nss protocol
parser expects it in network byte order.

Resolves:
    https://github.com/SSSD/sssd/issues/5256

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
---
 src/sss_client/nss_ipnetworks.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/sss_client/nss_ipnetworks.c b/src/sss_client/nss_ipnetworks.c
index 0e21048c7e..93d5644963 100644
--- a/src/sss_client/nss_ipnetworks.c
+++ b/src/sss_client/nss_ipnetworks.c
@@ -287,6 +287,10 @@ _nss_sss_getnetbyaddr_r(uint32_t addr, int type,
     size_t ctr = 0;
     socklen_t addrlen;
 
+    /* addr is in host byte order, but nss_protocol_parse_addr and inet_ntop
+     * expects the buffer in network byte order */
+    addr = htonl(addr);
+
     if (type == AF_UNSPEC) {
         char addrbuf[INET_ADDRSTRLEN];
 

From af6559bde8ab8b7919178e817039d42a7f3c63a3 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero@suse.de>
Date: Wed, 26 Aug 2020 10:33:37 +0200
Subject: [PATCH 4/7] PROXY: getnetbyaddr_r expects the net argument in host
 byte order

The inet_pton function returns the address in network byte order, but
getnetbyaddr_r expects it in host byte order.

Resolves:
    https://github.com/SSSD/sssd/issues/5256

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
---
 src/providers/proxy/proxy_ipnetworks.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/providers/proxy/proxy_ipnetworks.c b/src/providers/proxy/proxy_ipnetworks.c
index 7256f27d68..d2da4f0ca8 100644
--- a/src/providers/proxy/proxy_ipnetworks.c
+++ b/src/providers/proxy/proxy_ipnetworks.c
@@ -304,6 +304,9 @@ get_net_byaddr(struct proxy_resolver_ctx *ctx,
         goto done;
     }
 
+    /* getnetbyaddr_r expects address in host byte order */
+    addrbuf = ntohl(addrbuf);
+
     for (status = NSS_STATUS_TRYAGAIN,
          err = ERANGE, h_err = 0;
          status == NSS_STATUS_TRYAGAIN && err == ERANGE;

From 4c156b12ef7eeee262635336848395086769ff33 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero@suse.de>
Date: Wed, 26 Aug 2020 11:31:11 +0200
Subject: [PATCH 5/7] TESTS: getnetbyaddr_r expects network in host byte order

Resolves:
    https://github.com/SSSD/sssd/issues/5256

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
---
 src/tests/intg/sssd_nets.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/tests/intg/sssd_nets.py b/src/tests/intg/sssd_nets.py
index 2f5f6213b8..5e17aaf42f 100644
--- a/src/tests/intg/sssd_nets.py
+++ b/src/tests/intg/sssd_nets.py
@@ -136,6 +136,7 @@ def call_sssd_getnetbyaddr(addrstr):
         addrstr = addrstr.decode('utf-8')
     addr = IPv4Address(addrstr)
     binaddr = unpack('<I', addr.packed)[0]
+    binaddr = socket.ntohl(binaddr)
 
     (res, errno, h_errno, result_p) = getnetbyaddr_r(binaddr, socket.AF_INET,
                                                      result_p, buff,

From db63566d66833b427c1aaf97bc6e1a7412cb1b15 Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero@suse.de>
Date: Tue, 29 Sep 2020 11:37:24 +0200
Subject: [PATCH 6/7] TESTS: Fix resolver test calling getnetbyname instead of
 getnetbyaddr

---
 src/tests/intg/test_resolver.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tests/intg/test_resolver.py b/src/tests/intg/test_resolver.py
index efc1ee7074..456c1b923a 100644
--- a/src/tests/intg/test_resolver.py
+++ b/src/tests/intg/test_resolver.py
@@ -310,7 +310,7 @@ def test_netbyname(add_nets):
 
 
 def test_netbyaddr(add_nets):
-    (res, hres, _) = call_sssd_getnetbyname("10.2.2.1")
+    (res, hres, _) = call_sssd_getnetbyaddr("10.2.2.1")
     assert res == NssReturnCode.NOTFOUND
     assert hres == HostError.HOST_NOT_FOUND
 

From 11fe3b2a809bbe74f786f29ce7632ef381fae52d Mon Sep 17 00:00:00 2001
From: Samuel Cabrero <scabrero@suse.de>
Date: Tue, 29 Sep 2020 10:38:25 +0200
Subject: [PATCH 7/7] TESTS: Extend resolver tests to check getnetbyaddr with
 AF_UNSPEC

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
---
 src/tests/intg/sssd_nets.py     |  4 ++--
 src/tests/intg/test_resolver.py | 14 +++++++++++---
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/src/tests/intg/sssd_nets.py b/src/tests/intg/sssd_nets.py
index 5e17aaf42f..8e96871c5d 100644
--- a/src/tests/intg/sssd_nets.py
+++ b/src/tests/intg/sssd_nets.py
@@ -120,7 +120,7 @@ def call_sssd_getnetbyname(name):
     return (res, h_errno, netent_dict)
 
 
-def call_sssd_getnetbyaddr(addrstr):
+def call_sssd_getnetbyaddr(addrstr, af):
     """
     A Python wrapper to retrieve an IP network by address. Returns:
         (res, netent_dict)
@@ -138,7 +138,7 @@ def call_sssd_getnetbyaddr(addrstr):
     binaddr = unpack('<I', addr.packed)[0]
     binaddr = socket.ntohl(binaddr)
 
-    (res, errno, h_errno, result_p) = getnetbyaddr_r(binaddr, socket.AF_INET,
+    (res, errno, h_errno, result_p) = getnetbyaddr_r(binaddr, af,
                                                      result_p, buff,
                                                      IP_NETWORK_BUFLEN)
     if errno != 0:
diff --git a/src/tests/intg/test_resolver.py b/src/tests/intg/test_resolver.py
index 456c1b923a..4dc470e24c 100644
--- a/src/tests/intg/test_resolver.py
+++ b/src/tests/intg/test_resolver.py
@@ -27,7 +27,7 @@
 import ldap
 import pytest
 import ent
-
+import socket
 import config
 import ds_openldap
 import ldap_ent
@@ -310,10 +310,18 @@ def test_netbyname(add_nets):
 
 
 def test_netbyaddr(add_nets):
-    (res, hres, _) = call_sssd_getnetbyaddr("10.2.2.1")
+    (res, hres, _) = call_sssd_getnetbyaddr("10.2.2.1", socket.AF_INET)
+    assert res == NssReturnCode.NOTFOUND
+    assert hres == HostError.HOST_NOT_FOUND
+
+    (res, hres, _) = call_sssd_getnetbyaddr("10.2.2.1", socket.AF_UNSPEC)
     assert res == NssReturnCode.NOTFOUND
     assert hres == HostError.HOST_NOT_FOUND
 
-    (res, hres, _) = call_sssd_getnetbyaddr("10.2.2.2")
+    (res, hres, _) = call_sssd_getnetbyaddr("10.2.2.2", socket.AF_INET)
+    assert res == NssReturnCode.SUCCESS
+    assert hres == 0
+
+    (res, hres, _) = call_sssd_getnetbyaddr("10.2.2.2", socket.AF_UNSPEC)
     assert res == NssReturnCode.SUCCESS
     assert hres == 0