summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPavel Reichl <preichl@redhat.com>2015-07-14 09:56:59 -0400
committerPavel Březina <pbrezina@redhat.com>2015-07-27 17:25:20 +0200
commitf43f057e7da549d048e743f8735ecfc92481e6c7 (patch)
tree40f221932184732e242690d423b9be9dba539319
parent23612dbbe76d84497d2aa30d431f9f12c576f59d (diff)
downloadsssd-f43f057e7da549d048e743f8735ecfc92481e6c7.tar.gz
sssd-f43f057e7da549d048e743f8735ecfc92481e6c7.tar.xz
sssd-f43f057e7da549d048e743f8735ecfc92481e6c7.zip
DYNDNS: support for dualstack
When dyndns_iface option was not used, address of connection to LDAP was used. This patch proposes following change: * Interface containing address of connection is found. * All A and AAAA addresses of this interface are collected. * Collected addresses are sent during DDNS update. * Function sss_iface_addr_add() is removed. Resolves: https://fedorahosted.org/sssd/ticket/2558
-rw-r--r--src/providers/dp_dyndns.c135
-rw-r--r--src/providers/dp_dyndns.h8
-rw-r--r--src/providers/ldap/sdap_dyndns.c20
-rw-r--r--src/tests/cmocka/test_dyndns.c178
4 files changed, 302 insertions, 39 deletions
diff --git a/src/providers/dp_dyndns.c b/src/providers/dp_dyndns.c
index 03389acfb..c254d7893 100644
--- a/src/providers/dp_dyndns.c
+++ b/src/providers/dp_dyndns.c
@@ -58,31 +58,6 @@ void sss_iface_addr_concatenate(struct sss_iface_addr **list,
DLIST_CONCATENATE((*list), list2, struct sss_iface_addr*);
}
-struct sss_iface_addr *
-sss_iface_addr_add(TALLOC_CTX *mem_ctx, struct sss_iface_addr **list,
- struct sockaddr_storage *ss)
-{
- struct sss_iface_addr *address;
-
- address = talloc(mem_ctx, struct sss_iface_addr);
- if (address == NULL) {
- return NULL;
- }
-
- address->addr = talloc_memdup(address, ss,
- sizeof(struct sockaddr_storage));
- if(address->addr == NULL) {
- talloc_zfree(address);
- return NULL;
- }
-
- /* steal old dlist to the new head */
- talloc_steal(address, *list);
- DLIST_ADD(*list, address);
-
- return address;
-}
-
errno_t
sss_iface_addr_list_as_str_list(TALLOC_CTX *mem_ctx,
struct sss_iface_addr *ifaddr_list,
@@ -1258,3 +1233,113 @@ errno_t be_nsupdate_init_timer(struct be_nsupdate_ctx *ctx,
return ERR_OK;
}
+
+static bool match_ip(const struct sockaddr *sa,
+ const struct sockaddr *sb)
+{
+ size_t addrsize;
+ bool res;
+ const void *addr_a;
+ const void *addr_b;
+
+ if (sa->sa_family == AF_INET) {
+ addrsize = sizeof(struct in_addr);
+ addr_a = (const void *) &((const struct sockaddr_in *) sa)->sin_addr;
+ addr_b = (const void *) &((const struct sockaddr_in *) sb)->sin_addr;
+ } else if (sa->sa_family == AF_INET6) {
+ addrsize = sizeof(struct in6_addr);
+ addr_a = (const void *) &((const struct sockaddr_in6 *) sa)->sin6_addr;
+ addr_b = (const void *) &((const struct sockaddr_in6 *) sb)->sin6_addr;
+ } else {
+ res = false;
+ goto done;
+ }
+
+ if (sa->sa_family != sb->sa_family) {
+ res = false;
+ goto done;
+ }
+
+ res = memcmp(addr_a, addr_b, addrsize) == 0;
+
+done:
+ return res;
+}
+
+static errno_t find_iface_by_addr(TALLOC_CTX *mem_ctx,
+ const struct sockaddr *ss,
+ const char **_iface_name)
+{
+ struct ifaddrs *ifaces = NULL;
+ struct ifaddrs *ifa;
+ errno_t ret;
+
+ ret = getifaddrs(&ifaces);
+ if (ret == -1) {
+ ret = errno;
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Could not read interfaces [%d][%s]\n", ret, sss_strerror(ret));
+ goto done;
+ }
+
+ for (ifa = ifaces; ifa != NULL; ifa = ifa->ifa_next) {
+
+ /* Some interfaces don't have an ifa_addr */
+ if (!ifa->ifa_addr) continue;
+
+ if (match_ip(ss, ifa->ifa_addr)) {
+ const char *iface_name;
+ iface_name = talloc_strdup(mem_ctx, ifa->ifa_name);
+ if (iface_name == NULL) {
+ ret = ENOMEM;
+ } else {
+ *_iface_name = iface_name;
+ ret = EOK;
+ }
+ goto done;
+ }
+ }
+ ret = ENOENT;
+
+done:
+ freeifaddrs(ifaces);
+ return ret;
+}
+
+errno_t sss_get_dualstack_addresses(TALLOC_CTX *mem_ctx,
+ struct sockaddr *ss,
+ struct sss_iface_addr **_iface_addrs)
+{
+ struct sss_iface_addr *iface_addrs;
+ const char *iface_name = NULL;
+ TALLOC_CTX *tmp_ctx;
+ errno_t ret;
+
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ret = find_iface_by_addr(tmp_ctx, ss, &iface_name);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_MINOR_FAILURE, "find_iface_by_addr failed: %d:[%s]\n",
+ ret, sss_strerror(ret));
+ goto done;
+ }
+
+ ret = sss_iface_addr_list_get(tmp_ctx, iface_name, &iface_addrs);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "sss_iface_addr_list_get failed: %d:[%s]\n",
+ ret, sss_strerror(ret));
+ goto done;
+ }
+
+ ret = EOK;
+ *_iface_addrs = talloc_steal(mem_ctx, iface_addrs);
+
+done:
+ talloc_free(tmp_ctx);
+ return ret;
+}
diff --git a/src/providers/dp_dyndns.h b/src/providers/dp_dyndns.h
index deba11253..a8a20ec6f 100644
--- a/src/providers/dp_dyndns.h
+++ b/src/providers/dp_dyndns.h
@@ -81,10 +81,6 @@ errno_t
sss_iface_addr_list_get(TALLOC_CTX *mem_ctx, const char *ifname,
struct sss_iface_addr **_addrlist);
-struct sss_iface_addr *
-sss_iface_addr_add(TALLOC_CTX *mem_ctx, struct sss_iface_addr **list,
- struct sockaddr_storage *ss);
-
errno_t
sss_iface_addr_list_as_str_list(TALLOC_CTX *mem_ctx,
struct sss_iface_addr *ifaddr_list,
@@ -132,4 +128,8 @@ void
sss_iface_addr_concatenate(struct sss_iface_addr **list,
struct sss_iface_addr *list2);
+errno_t
+sss_get_dualstack_addresses(TALLOC_CTX *mem_ctx,
+ struct sockaddr *ss,
+ struct sss_iface_addr **_iface_addrs);
#endif /* DP_DYNDNS_H_ */
diff --git a/src/providers/ldap/sdap_dyndns.c b/src/providers/ldap/sdap_dyndns.c
index f5929cff3..a463a2fce 100644
--- a/src/providers/ldap/sdap_dyndns.c
+++ b/src/providers/ldap/sdap_dyndns.c
@@ -644,7 +644,6 @@ sdap_dyndns_add_ldap_conn(struct sdap_dyndns_get_addrs_state *state,
{
int ret;
int fd;
- struct sss_iface_addr *address;
struct sockaddr_storage ss;
socklen_t ss_len = sizeof(ss);
@@ -666,20 +665,21 @@ sdap_dyndns_add_ldap_conn(struct sdap_dyndns_get_addrs_state *state,
return ret;
}
- switch(ss.ss_family) {
- case AF_INET:
- case AF_INET6:
- address = sss_iface_addr_add(state, &state->addresses, &ss);
- if (address == NULL) {
- return ENOMEM;
- }
- break;
- default:
+ if (ss.ss_family != AF_INET && ss.ss_family != AF_INET6) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Connection to LDAP is neither IPv4 nor IPv6\n");
return EIO;
}
+ ret = sss_get_dualstack_addresses(state, (struct sockaddr *) &ss,
+ &state->addresses);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "sss_get_dualstack_addresses failed: %d:[%s]\n",
+ ret, sss_strerror(ret));
+ return ret;
+ }
+
return EOK;
}
diff --git a/src/tests/cmocka/test_dyndns.c b/src/tests/cmocka/test_dyndns.c
index e9d42cea3..8118e9438 100644
--- a/src/tests/cmocka/test_dyndns.c
+++ b/src/tests/cmocka/test_dyndns.c
@@ -289,6 +289,173 @@ void dyndns_test_get_ifaddr_enoent(void **state)
assert_true(check_leaks_pop(dyndns_test_ctx) == true);
}
+void dyndns_test_dualstack(void **state)
+{
+ errno_t ret;
+ struct sss_iface_addr *addrlist;
+ struct sss_iface_addr *sss_if_addrs;
+ char straddr[128];
+ int i;
+
+ check_leaks_push(dyndns_test_ctx);
+
+ /* getifaddrs is called twice in sss_get_dualstack_addresses() */
+ for (i = 0; i < 2; i++) {
+ will_return_getifaddrs("eth0", "192.168.0.2", AF_INET);
+ will_return_getifaddrs("eth1", "192.168.0.1", AF_INET);
+ will_return_getifaddrs("eth0", "2001:cdba::555", AF_INET6);
+ will_return_getifaddrs("eth1", "2001:cdba::444", AF_INET6);
+ will_return_getifaddrs(NULL, NULL, 0); /* sentinel */
+ }
+
+ struct sockaddr_in sin;
+ memset (&sin, 0, sizeof (sin));
+ sin.sin_family = AF_INET;
+ sin.sin_addr.s_addr = inet_addr ("192.168.0.2");
+ ret = sss_get_dualstack_addresses(dyndns_test_ctx,
+ (struct sockaddr *) &sin,
+ &addrlist);
+ assert_int_equal(ret, EOK);
+
+ sss_if_addrs = addrlist;
+ assert_non_null(sss_if_addrs);
+ assert_non_null(sss_if_addrs->addr);
+ assert_non_null(sss_if_addrs->next);
+ assert_null(sss_if_addrs->prev);
+
+ assert_non_null(inet_ntop(AF_INET6,
+ &((struct sockaddr_in6 *) sss_if_addrs->addr)->sin6_addr,
+ straddr, INET6_ADDRSTRLEN));
+ /* ip addresses are returned in different order */
+ assert_string_equal(straddr, "2001:cdba::555");
+
+ sss_if_addrs = addrlist->next;
+ assert_non_null(sss_if_addrs);
+ assert_non_null(sss_if_addrs->addr);
+ assert_null(sss_if_addrs->next);
+ assert_non_null(sss_if_addrs->prev);
+
+ assert_non_null(inet_ntop(AF_INET,
+ &((struct sockaddr_in *) sss_if_addrs->addr)->sin_addr,
+ straddr, INET_ADDRSTRLEN));
+ /* ip addresses are returned in different order */
+ assert_string_equal(straddr, "192.168.0.2");
+
+ talloc_free(addrlist);
+
+ assert_true(check_leaks_pop(dyndns_test_ctx) == true);
+}
+
+void dyndns_test_dualstack_multiple_addresses(void **state)
+{
+ errno_t ret;
+ struct sss_iface_addr *addrlist;
+ struct sss_iface_addr *sss_if_addrs;
+ char straddr[128];
+ int i;
+
+ check_leaks_push(dyndns_test_ctx);
+
+ /* getifaddrs is called twice in sss_get_dualstack_addresses() */
+ for (i = 0; i < 2; i++) {
+ will_return_getifaddrs("eth0", "192.168.0.2", AF_INET);
+ will_return_getifaddrs("eth0", "192.168.0.1", AF_INET);
+ /* loopback - invalid for dns (should be skipped) */
+ will_return_getifaddrs("eth0", "::1", AF_INET6);
+ /* linklocal - invalid for dns (should be skipped) */
+ will_return_getifaddrs("eth0", "fe80::5054:ff:fe4a:65ae", AF_INET6);
+ will_return_getifaddrs("eth0", "2001:cdba::555", AF_INET6);
+ will_return_getifaddrs("eth0", "2001:cdba::444", AF_INET6);
+ will_return_getifaddrs(NULL, NULL, 0); /* sentinel */
+ }
+
+ struct sockaddr_in sin;
+ memset (&sin, 0, sizeof (sin));
+ sin.sin_family = AF_INET;
+ sin.sin_addr.s_addr = inet_addr ("192.168.0.2");
+ ret = sss_get_dualstack_addresses(dyndns_test_ctx,
+ (struct sockaddr *) &sin,
+ &addrlist);
+ assert_int_equal(ret, EOK);
+
+ sss_if_addrs = addrlist;
+ assert_non_null(sss_if_addrs);
+ assert_non_null(sss_if_addrs->addr);
+ assert_non_null(sss_if_addrs->next);
+ assert_null(sss_if_addrs->prev);
+
+ assert_non_null(inet_ntop(AF_INET6,
+ &((struct sockaddr_in6 *) sss_if_addrs->addr)->sin6_addr,
+ straddr, INET6_ADDRSTRLEN));
+ /* ip addresses are returned in different order */
+ assert_string_equal(straddr, "2001:cdba::444");
+
+ sss_if_addrs = sss_if_addrs->next;
+ assert_non_null(sss_if_addrs);
+ assert_non_null(sss_if_addrs->addr);
+ assert_non_null(sss_if_addrs->prev);
+ assert_non_null(sss_if_addrs->next);
+
+ assert_non_null(inet_ntop(AF_INET6,
+ &((struct sockaddr_in6 *) sss_if_addrs->addr)->sin6_addr,
+ straddr, INET6_ADDRSTRLEN));
+ /* ip addresses are returned in different order */
+ assert_string_equal(straddr, "2001:cdba::555");
+
+ sss_if_addrs = sss_if_addrs->next;
+ assert_non_null(sss_if_addrs);
+ assert_non_null(sss_if_addrs->addr);
+ assert_non_null(sss_if_addrs->next);
+ assert_non_null(sss_if_addrs->prev);
+
+ assert_non_null(inet_ntop(AF_INET,
+ &((struct sockaddr_in *) sss_if_addrs->addr)->sin_addr,
+ straddr, INET_ADDRSTRLEN));
+ /* ip addresses are returned in different order */
+ assert_string_equal(straddr, "192.168.0.1");
+
+ sss_if_addrs = sss_if_addrs->next;
+ assert_non_null(sss_if_addrs);
+ assert_non_null(sss_if_addrs->addr);
+ assert_null(sss_if_addrs->next);
+ assert_non_null(sss_if_addrs->prev);
+
+ assert_non_null(inet_ntop(AF_INET,
+ &((struct sockaddr_in *) sss_if_addrs->addr)->sin_addr,
+ straddr, INET_ADDRSTRLEN));
+ /* ip addresses are returned in different order */
+ assert_string_equal(straddr, "192.168.0.2");
+
+ talloc_free(addrlist);
+
+ assert_true(check_leaks_pop(dyndns_test_ctx) == true);
+}
+
+void dyndns_test_dualstack_no_iface(void **state)
+{
+ errno_t ret;
+ struct sss_iface_addr *addrlist;
+
+ check_leaks_push(dyndns_test_ctx);
+
+ will_return_getifaddrs("eth0", "192.168.0.2", AF_INET);
+ will_return_getifaddrs("eth1", "192.168.0.1", AF_INET);
+ will_return_getifaddrs("eth0", "2001:cdba::555", AF_INET6);
+ will_return_getifaddrs("eth1", "2001:cdba::444", AF_INET6);
+ will_return_getifaddrs(NULL, NULL, 0); /* sentinel */
+
+ struct sockaddr_in sin;
+ memset (&sin, 0, sizeof (sin));
+ sin.sin_family = AF_INET;
+ sin.sin_addr.s_addr = inet_addr ("192.168.0.3");
+ ret = sss_get_dualstack_addresses(dyndns_test_ctx,
+ (struct sockaddr *) &sin,
+ &addrlist);
+ assert_int_equal(ret, ENOENT);
+
+ assert_true(check_leaks_pop(dyndns_test_ctx) == true);
+}
+
void dyndns_test_ok(void **state)
{
struct tevent_req *req;
@@ -519,6 +686,17 @@ int main(int argc, const char *argv[])
cmocka_unit_test_setup_teardown(dyndns_test_interval,
dyndns_test_setup,
dyndns_test_teardown),
+
+ /* Dynamic DNS dualstack unit tests*/
+ cmocka_unit_test_setup_teardown(dyndns_test_dualstack,
+ dyndns_test_simple_setup,
+ dyndns_test_teardown),
+ cmocka_unit_test_setup_teardown(dyndns_test_dualstack_multiple_addresses,
+ dyndns_test_simple_setup,
+ dyndns_test_teardown),
+ cmocka_unit_test_setup_teardown(dyndns_test_dualstack_no_iface,
+ dyndns_test_simple_setup,
+ dyndns_test_teardown),
};
/* Set debug level to invalid value so we can deside if -d 0 was used. */