summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2012-01-13 08:45:27 -0500
committerStephen Gallagher <sgallagh@redhat.com>2012-01-17 08:32:28 -0500
commit2be3039b8fc8ec07a323d15060123366da786dc5 (patch)
tree5291f19977f5fcf4951254582cae8964195310ed /src
parentef479645b5e038a0e06d7d10b3c924227deafa52 (diff)
downloadsssd-2be3039b8fc8ec07a323d15060123366da786dc5.tar.gz
sssd-2be3039b8fc8ec07a323d15060123366da786dc5.tar.xz
sssd-2be3039b8fc8ec07a323d15060123366da786dc5.zip
IPA: Detect nsupdate support for the realm directive
For older platforms, do not add the 'realm' line in the update message
Diffstat (limited to 'src')
-rw-r--r--src/external/nsupdate.m411
-rw-r--r--src/man/sssd-ipa.5.xml5
-rw-r--r--src/providers/ipa/ipa_dyndns.c54
3 files changed, 55 insertions, 15 deletions
diff --git a/src/external/nsupdate.m4 b/src/external/nsupdate.m4
index 6e18f017b..9ccff6159 100644
--- a/src/external/nsupdate.m4
+++ b/src/external/nsupdate.m4
@@ -1,8 +1,17 @@
AC_PATH_PROG(NSUPDATE, nsupdate)
-AC_MSG_CHECKING(for nsupdate)
+AC_MSG_CHECKING(for executable nsupdate)
if test -x "$NSUPDATE"; then
AC_DEFINE_UNQUOTED([NSUPDATE_PATH], ["$NSUPDATE"], [The path to nsupdate])
AC_MSG_RESULT(yes)
+
+ AC_MSG_CHECKING(for nsupdate 'realm' support')
+ if AC_RUN_LOG([echo realm |$NSUPDATE >&2]); then
+ AC_MSG_RESULT([yes])
+ AC_DEFINE_UNQUOTED([HAVE_NSUPDATE_REALM], 1, [Whether to use the 'realm' directive with nsupdate])
+ else
+ AC_MSG_WARN([no. Will build without the 'realm' directive])
+ fi
+
else
AC_MSG_ERROR([no. nsupdate is not available])
fi
diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml
index 8d0796afd..6e26d5ae9 100644
--- a/src/man/sssd-ipa.5.xml
+++ b/src/man/sssd-ipa.5.xml
@@ -115,6 +115,11 @@
the IP address of this client.
</para>
<para>
+ NOTE: On older systems (such as RHEL 5), for this
+ behavior to work reliably, the default Kerberos
+ realm must be set properly in /etc/krb5.conf
+ </para>
+ <para>
Default: false
</para>
</listitem>
diff --git a/src/providers/ipa/ipa_dyndns.c b/src/providers/ipa/ipa_dyndns.c
index 60bc6ec0c..0d2c34e66 100644
--- a/src/providers/ipa/ipa_dyndns.c
+++ b/src/providers/ipa/ipa_dyndns.c
@@ -797,20 +797,37 @@ static int create_nsupdate_message(struct ipa_nsupdate_ctx *ctx,
int ret, i;
char *servername = NULL;
char *realm;
+ char *realm_directive;
char *zone;
char ip_addr[INET6_ADDRSTRLEN];
const char *ip;
struct ipa_ipaddress *new_record;
+ TALLOC_CTX *tmp_ctx;
+
+ tmp_ctx = talloc_new(NULL);
+ if (!tmp_ctx) return ENOMEM;
realm = dp_opt_get_string(ctx->dyndns_ctx->ipa_ctx->basic, IPA_KRB5_REALM);
if (!realm) {
- return EIO;
+ ret = EIO;
+ goto done;
+ }
+
+#ifdef HAVE_NSUPDATE_REALM
+ realm_directive = talloc_asprintf(tmp_ctx, "realm %s\n", realm);
+#else
+ realm_directive = talloc_asprintf(tmp_ctx, "");
+#endif
+ if (!realm_directive) {
+ ret = ENOMEM;
+ goto done;
}
zone = dp_opt_get_string(ctx->dyndns_ctx->ipa_ctx->basic,
IPA_DOMAIN);
if (!zone) {
- return EIO;
+ ret = EIO;
+ goto done;
}
/* The DNS zone for IPA is the lower-case
@@ -824,26 +841,31 @@ static int create_nsupdate_message(struct ipa_nsupdate_ctx *ctx,
if (strncmp(ctx->dyndns_ctx->ipa_ctx->service->sdap->uri,
"ldap://", 7) != 0) {
DEBUG(1, ("Unexpected format of LDAP URI.\n"));
- return EIO;
+ ret = EIO;
+ goto done;
}
servername = ctx->dyndns_ctx->ipa_ctx->service->sdap->uri + 7;
if (!servername) {
- return EIO;
+ ret = EIO;
+ goto done;
}
- DEBUG(9, ("Creating update message for server [%s], realm [%s] "
- "and zone [%s].\n", servername, realm, zone));
+ DEBUG(SSSDBG_FUNC_DATA,
+ ("Creating update message for server [%s], realm [%s] "
+ "and zone [%s].\n", servername, realm, zone));
/* Add the server, realm and zone headers */
- ctx->update_msg = talloc_asprintf(ctx, "server %s\nrealm %s\nzone %s.\n",
- servername, realm, zone);
+ ctx->update_msg = talloc_asprintf(ctx, "server %s\n%szone %s.\n",
+ servername, realm_directive,
+ zone);
} else {
- DEBUG(9, ("Creating update message for realm [%s] and zone [%s].\n",
- realm, zone));
+ DEBUG(SSSDBG_FUNC_DATA,
+ ("Creating update message for realm [%s] and zone [%s].\n",
+ realm, zone));
/* Add the realm and zone headers */
- ctx->update_msg = talloc_asprintf(ctx, "realm %s\nzone %s.\n",
- realm, zone);
+ ctx->update_msg = talloc_asprintf(ctx, "%szone %s.\n",
+ realm_directive, zone);
}
if (ctx->update_msg == NULL) {
ret = ENOMEM;
@@ -917,12 +939,16 @@ static int create_nsupdate_message(struct ipa_nsupdate_ctx *ctx,
goto done;
}
- DEBUG(6, (" -- Begin nsupdate message -- \n%s", ctx->update_msg));
- DEBUG(6, (" -- End nsupdate message -- \n"));
+ DEBUG(SSSDBG_TRACE_FUNC,
+ (" -- Begin nsupdate message -- \n%s",
+ ctx->update_msg));
+ DEBUG(SSSDBG_TRACE_FUNC,
+ (" -- End nsupdate message -- \n"));
ret = EOK;
done:
+ talloc_free(tmp_ctx);
return ret;
}