On 06/08/2010 07:06 AM, Jakub Hrozek wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/04/2010 01:33 PM, Jakub Hrozek wrote:
> The service discovery used to use the SSSD domain name to perform DNS
> queries. This is not an optimal solution, for example from the point of
> view of authconfig.
>
> This patch introduces a new option "dns_discovery_domain" that allows to
> set the domain part of a DNS SRV query. If this option is not set, the
> default behavior is to use the domain part of the machine's hostname.
>
> Fixes: #479
I have amended the patch to also add the option to config file via the
upgrade_config.py script if the SSSD domain used service discovery
Nack. If you're going to add the option to upgrade_config.py, you also
need to check for _srv_ in the ldap_uri, ipa_server and krb5_kdcip.
In the failover code, please don't use "domain". It's too easy to
confuse with SSSD domains. Please use dns_domain.
+ domptr = strchr(fqdn, '.');
+ domptr++;
+ if (!domptr) {
+ *domain = talloc_strdup(mem_ctx, fqdn);
This is a bug, if there is no '.' in the string, you will return NULL
and then increase it by one.
Also, you should check if domptr+1 (after the dot) is a NULL-terminator
before calling talloc_strdup(just to be safe, in case we somehow got
'hostname.' back as a reply from a broken DNS server)
Otherwise, this looks pretty good.
--
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/