localhost.localdomain clients refused to join

Machines with hostname 'localhost' or 'localhost.localdomain' are
refused from joining IPA domain and proper error message is shown.
The hostname check is done both in 'ipa-client-install' script and in
'ipa-join'.

https://fedorahosted.org/freeipa/ticket/2112

2 files changed, 9 insertions, 0 deletions

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 8e945ce90..f2f4973fb 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -872,6 +872,9 @@ def install(options, env, fstore, statestore):
     if hostname != hostname.lower():
         print 'Invalid hostname \'%s\', must be lower-case.' % hostname
         return CLIENT_INSTALL_ERROR
+    if (hostname == 'localhost') or (hostname == 'localhost.localdomain'):
+        print 'Invalid hostname, \'%s\' must not be used.' % hostname
+        return CLIENT_INSTALL_ERROR
 
     # when installing with '--no-sssd' option, check whether nss-ldap is installed
     if not options.sssd:
diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c
index c174e2c15..57c7bcb28 100644
--- a/ipa-client/ipa-join.c
+++ b/ipa-client/ipa-join.c
@@ -937,6 +937,12 @@ join(const char *server, const char *hostname, const char *bindpw, const char *b
         goto cleanup;
     }
 
+    if ((!strcmp(host, "localhost")) || (!strcmp(host, "localhost.localdomain"))){
+        fprintf(stderr, _("The hostname must not be: %s\n"), host);
+        rval = 16;
+        goto cleanup;
+    }
+
     if (bindpw)
         rval = join_ldap(ipaserver, host, &hostdn, bindpw, basedn, &princ, &subject, quiet);
     else {