diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2011-01-17 15:14:20 -0500 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-01-21 16:20:14 -0500 |
commit | 9917b96e31df3fa992d235a050ed1dc0e9939b3d (patch) | |
tree | 3b375372839cbf955d451e598b94fc0ec9c0fb8c | |
parent | ca2bc5f78bd04a20085e709717c085a84ae120c0 (diff) | |
download | sssd-9917b96e31df3fa992d235a050ed1dc0e9939b3d.tar.gz sssd-9917b96e31df3fa992d235a050ed1dc0e9939b3d.tar.bz2 sssd-9917b96e31df3fa992d235a050ed1dc0e9939b3d.zip |
Allow fallback to SSSD domain
For backwards-compatibility with older versions of the SSSD (such
as 1.2.x), we need to be able to have our DNS SRV record lookup be
capable of falling back to using the SSSD domain name as the DNS
discovery domain.
This patch modifies our DNS lookups so that they behave as
follows:
If dns_discovery_domain is specified, it is considered
authoritative. No other discovery domains will be attempted.
If dns_discovery_domain is not specified, we first attempt to look
up the SRV records using the domain portion of the machine's
hostname. If this returns "NOTFOUND", we will try performing an
SRV record query using the SSSD domain name as the DNS discovery
domain.
https://fedorahosted.org/sssd/ticket/754
-rw-r--r-- | src/providers/data_provider_fo.c | 6 | ||||
-rw-r--r-- | src/providers/fail_over.c | 48 | ||||
-rw-r--r-- | src/providers/fail_over.h | 3 |
3 files changed, 50 insertions, 7 deletions
diff --git a/src/providers/data_provider_fo.c b/src/providers/data_provider_fo.c index 0b4b2434..ddb348f6 100644 --- a/src/providers/data_provider_fo.c +++ b/src/providers/data_provider_fo.c @@ -284,7 +284,8 @@ int be_fo_add_srv_server(struct be_ctx *ctx, const char *service_name, /* Add the first protocol as the primary lookup */ ret = fo_add_srv_server(svc->fo_service, query_service, - domain, proto_table[proto], user_data); + domain, ctx->domain->name, + proto_table[proto], user_data); if (ret && ret != EEXIST) { DEBUG(1, ("Failed to add SRV lookup reference to failover service\n")); return ret; @@ -295,7 +296,8 @@ int be_fo_add_srv_server(struct be_ctx *ctx, const char *service_name, /* All the rest as fallback */ while (i != proto) { ret = fo_add_srv_server(svc->fo_service, query_service, - domain, proto_table[i], user_data); + domain, ctx->domain->name, + proto_table[i], user_data); if (ret && ret != EEXIST) { DEBUG(1, ("Failed to add SRV lookup reference to failover service\n")); return ret; diff --git a/src/providers/fail_over.c b/src/providers/fail_over.c index 331ccccd..3c560089 100644 --- a/src/providers/fail_over.c +++ b/src/providers/fail_over.c @@ -98,6 +98,8 @@ struct server_common { struct srv_data { char *dns_domain; + char *discovery_domain; + char *sssd_domain; char *proto; char *srv; @@ -498,7 +500,8 @@ create_server_common(TALLOC_CTX *mem_ctx, struct fo_ctx *ctx, const char *name) int fo_add_srv_server(struct fo_service *service, const char *srv, - const char *dns_domain, const char *proto, void *user_data) + const char *dns_domain, const char *sssd_domain, + const char *proto, void *user_data) { struct fo_server *server; @@ -539,11 +542,18 @@ fo_add_srv_server(struct fo_service *service, const char *srv, return ENOMEM; if (dns_domain) { - server->srv_data->dns_domain = talloc_strdup(server->srv_data, dns_domain); - if (server->srv_data->dns_domain == NULL) + server->srv_data->discovery_domain = talloc_strdup(server->srv_data, dns_domain); + if (server->srv_data->discovery_domain == NULL) return ENOMEM; + server->srv_data->dns_domain = + server->srv_data->discovery_domain; } + server->srv_data->sssd_domain = + talloc_strdup(server->srv_data, sssd_domain); + if (server->srv_data->sssd_domain == NULL) + return ENOMEM; + server->srv_data->meta = server; server->srv_data->srv_lookup_status = DEFAULT_SRV_STATUS; server->srv_data->last_status_change.tv_sec = 0; @@ -1063,8 +1073,38 @@ resolve_srv_done(struct tevent_req *subreq) &resolv_status, NULL, &reply_list); talloc_free(subreq); if (ret != EOK) { - DEBUG(1, ("SRV query failed %s\n", + DEBUG(1, ("SRV query failed: [%s]\n", resolv_strerror(resolv_status))); + if (resolv_status == ARES_ENOTFOUND && + state->meta->srv_data->dns_domain != + state->meta->srv_data->discovery_domain && + state->meta->srv_data->dns_domain != + state->meta->srv_data->sssd_domain) { + /* The domain name could not be identified + * If the domain wasn't specified in the config + * file, also check whether the SSSD domain + * works. + * + * Programming note: It is safe to compare + * pointers here, because we're not copying + * the data, we're just reassigning the pointer + * for the active domain. + */ + talloc_free(state->meta->srv_data->dns_domain); + state->meta->srv_data->dns_domain = + state->meta->srv_data->sssd_domain; + resolve_srv_cont(req); + return; + } + + /* We need to make sure we reset this to NULL + * so that if we go online later, we re-check + * the DNS domain + */ + if (!state->meta->srv_data->discovery_domain) { + state->meta->srv_data->dns_domain = NULL; + } + fo_set_port_status(state->meta, PORT_NOT_WORKING); goto fail; } diff --git a/src/providers/fail_over.h b/src/providers/fail_over.h index dce02dc6..6a3101fe 100644 --- a/src/providers/fail_over.h +++ b/src/providers/fail_over.h @@ -116,7 +116,8 @@ int fo_add_server(struct fo_service *service, int fo_add_srv_server(struct fo_service *service, const char *srv, - const char *domain, + const char *dns_domain, + const char *sssd_domain, const char *proto, void *user_data); |