diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2014-07-06 22:53:27 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-08-14 23:51:02 +0200 |
| commit | 8145ab51b05aa86b2f1a21b49383f55e50b0a2e3 (patch) | |
| tree | 6889f7d6cb72299d7d778ddbb3c9157e230e1a09 | |
| parent | db5f9ab3feb85aa444eab20428ca2b98801b6783 (diff) | |
| download | sssd-8145ab51b05aa86b2f1a21b49383f55e50b0a2e3.tar.gz sssd-8145ab51b05aa86b2f1a21b49383f55e50b0a2e3.tar.xz sssd-8145ab51b05aa86b2f1a21b49383f55e50b0a2e3.zip | |
DYNDNS: Add a new option dyndns_server
Some environments use a different DNS server than identity server. For
these environments, it would be useful to be able to override the DNS
server used to perform DNS updates.
This patch adds a new option dyndns_server that, if set, would be used
to hardcode a DNS server address into the nsupdate message.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
| -rw-r--r-- | src/config/SSSDConfig/__init__.py.in | 1 | ||||
| -rwxr-xr-x | src/config/SSSDConfigTest.py | 2 | ||||
| -rw-r--r-- | src/config/etc/sssd.api.conf | 1 | ||||
| -rw-r--r-- | src/man/sssd-ad.5.xml | 20 | ||||
| -rw-r--r-- | src/man/sssd-ipa.5.xml | 19 | ||||
| -rw-r--r-- | src/providers/ad/ad_opts.h | 1 | ||||
| -rw-r--r-- | src/providers/dp_dyndns.c | 1 | ||||
| -rw-r--r-- | src/providers/dp_dyndns.h | 1 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_opts.h | 1 | ||||
| -rw-r--r-- | src/providers/ldap/sdap_dyndns.c | 7 |
10 files changed, 54 insertions, 0 deletions
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 6294d595b..f10b58c5c 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -148,6 +148,7 @@ option_strings = { 'dyndns_update_ptr' : _("Whether the provider should explicitly update the PTR record as well"), 'dyndns_force_tcp' : _("Whether the nsupdate utility should default to using TCP"), 'dyndns_auth' : _("What kind of authentication should be used to perform the DNS update"), + 'dyndns_server' : _("Override the DNS server used to perform the DNS update"), 'subdomain_enumerate' : _('Control enumeration of trusted domains'), 'subdomain_refresh_interval' : _('How often should subdomains list be refreshed'), 'subdomain_inherit' : _('List of options that should be inherited into a subdomain'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index 67289e012..4aefe6702 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -527,6 +527,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'dyndns_update_ptr', 'dyndns_force_tcp', 'dyndns_auth', + 'dyndns_server', 'subdomain_enumerate', 'override_gid', 'case_sensitive', @@ -891,6 +892,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): 'dyndns_update_ptr', 'dyndns_force_tcp', 'dyndns_auth', + 'dyndns_server', 'subdomain_enumerate', 'override_gid', 'case_sensitive', diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf index 2e5b02e3e..f28054860 100644 --- a/src/config/etc/sssd.api.conf +++ b/src/config/etc/sssd.api.conf @@ -155,6 +155,7 @@ dyndns_refresh_interval = int, None, false dyndns_update_ptr = bool, None, false dyndns_force_tcp = bool, None, false dyndns_auth = str, None, false +dyndns_server = str, None, false # Special providers [provider/permit] diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml index 3cbc10520..7ccd29794 100644 --- a/src/man/sssd-ad.5.xml +++ b/src/man/sssd-ad.5.xml @@ -812,6 +812,26 @@ ad_gpo_map_deny = +my_pam_service </listitem> </varlistentry> + <varlistentry> + <term>dyndns_server (string)</term> + <listitem> + <para> + The DNS server to use when performing a DNS + update. In most setups, it's recommended to leave + this option unset. + </para> + <para> + Setting this option makes sense for environments + where the DNS server is different from the identity + server. + </para> + <para> + Default: None (let nsupdate choose the server) + </para> + </listitem> + </varlistentry> + + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/override_homedir.xml" /> <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/homedir_substring.xml" /> diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml index 2e985991f..871c41607 100644 --- a/src/man/sssd-ipa.5.xml +++ b/src/man/sssd-ipa.5.xml @@ -263,6 +263,25 @@ </varlistentry> <varlistentry> + <term>dyndns_server (string)</term> + <listitem> + <para> + The DNS server to use when performing a DNS + update. In most setups, it's recommended to leave + this option unset. + </para> + <para> + Setting this option makes sense for environments + where the DNS server is different from the identity + server. + </para> + <para> + Default: None (let nsupdate choose the server) + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>ipa_hbac_search_base (string)</term> <listitem> <para> diff --git a/src/providers/ad/ad_opts.h b/src/providers/ad/ad_opts.h index d685edcb4..00586a7ad 100644 --- a/src/providers/ad/ad_opts.h +++ b/src/providers/ad/ad_opts.h @@ -275,6 +275,7 @@ struct dp_option ad_dyndns_opts[] = { { "dyndns_update_ptr", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "dyndns_force_tcp", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "dyndns_auth", DP_OPT_STRING, { "gss-tsig" }, NULL_STRING }, + { "dyndns_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, DP_OPTION_TERMINATOR }; diff --git a/src/providers/dp_dyndns.c b/src/providers/dp_dyndns.c index c254d7893..9a726bd43 100644 --- a/src/providers/dp_dyndns.c +++ b/src/providers/dp_dyndns.c @@ -1180,6 +1180,7 @@ static struct dp_option default_dyndns_opts[] = { { "dyndns_update_ptr", DP_OPT_BOOL, BOOL_TRUE, BOOL_FALSE }, { "dyndns_force_tcp", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "dyndns_auth", DP_OPT_STRING, { "gss-tsig" }, NULL_STRING }, + { "dyndns_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, DP_OPTION_TERMINATOR }; diff --git a/src/providers/dp_dyndns.h b/src/providers/dp_dyndns.h index a8a20ec6f..3cc8d1226 100644 --- a/src/providers/dp_dyndns.h +++ b/src/providers/dp_dyndns.h @@ -55,6 +55,7 @@ enum dp_dyndns_opts { DP_OPT_DYNDNS_UPDATE_PTR, DP_OPT_DYNDNS_FORCE_TCP, DP_OPT_DYNDNS_AUTH, + DP_OPT_DYNDNS_SERVER, DP_OPT_DYNDNS /* attrs counter */ }; diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h index f6c40dddb..78949e3dd 100644 --- a/src/providers/ipa/ipa_opts.h +++ b/src/providers/ipa/ipa_opts.h @@ -62,6 +62,7 @@ struct dp_option ipa_dyndns_opts[] = { { "dyndns_update_ptr", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "dyndns_force_tcp", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "dyndns_auth", DP_OPT_STRING, { "gss-tsig" }, NULL_STRING }, + { "dyndns_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, DP_OPTION_TERMINATOR }; diff --git a/src/providers/ldap/sdap_dyndns.c b/src/providers/ldap/sdap_dyndns.c index a463a2fce..01f4f1722 100644 --- a/src/providers/ldap/sdap_dyndns.c +++ b/src/providers/ldap/sdap_dyndns.c @@ -92,6 +92,7 @@ sdap_dyndns_update_send(TALLOC_CTX *mem_ctx, struct tevent_req *req; struct tevent_req *subreq; struct sdap_dyndns_update_state *state; + const char *conf_servername; req = tevent_req_create(mem_ctx, &state, struct sdap_dyndns_update_state); if (req == NULL) { @@ -111,6 +112,12 @@ sdap_dyndns_update_send(TALLOC_CTX *mem_ctx, state->auth_type = auth_type; state->pass_num = 0; + conf_servername = dp_opt_get_string(opts, DP_OPT_DYNDNS_SERVER); + if (conf_servername != NULL) { + state->servername = conf_servername; + state->use_server_with_nsupdate = true; + } + if (ifname) { /* Unless one family is restricted, just replace all * address families during the update |