diff options
-rw-r--r-- | src/external/nsupdate.m4 | 11 | ||||
-rw-r--r-- | src/man/sssd-ipa.5.xml | 5 | ||||
-rw-r--r-- | src/providers/ipa/ipa_dyndns.c | 54 |
3 files changed, 55 insertions, 15 deletions
diff --git a/src/external/nsupdate.m4 b/src/external/nsupdate.m4 index 6e18f017..9ccff615 100644 --- a/src/external/nsupdate.m4 +++ b/src/external/nsupdate.m4 @@ -1,8 +1,17 @@ AC_PATH_PROG(NSUPDATE, nsupdate) -AC_MSG_CHECKING(for nsupdate) +AC_MSG_CHECKING(for executable nsupdate) if test -x "$NSUPDATE"; then AC_DEFINE_UNQUOTED([NSUPDATE_PATH], ["$NSUPDATE"], [The path to nsupdate]) AC_MSG_RESULT(yes) + + AC_MSG_CHECKING(for nsupdate 'realm' support') + if AC_RUN_LOG([echo realm |$NSUPDATE >&2]); then + AC_MSG_RESULT([yes]) + AC_DEFINE_UNQUOTED([HAVE_NSUPDATE_REALM], 1, [Whether to use the 'realm' directive with nsupdate]) + else + AC_MSG_WARN([no. Will build without the 'realm' directive]) + fi + else AC_MSG_ERROR([no. nsupdate is not available]) fi diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml index 8d0796af..6e26d5ae 100644 --- a/src/man/sssd-ipa.5.xml +++ b/src/man/sssd-ipa.5.xml @@ -115,6 +115,11 @@ the IP address of this client. </para> <para> + NOTE: On older systems (such as RHEL 5), for this + behavior to work reliably, the default Kerberos + realm must be set properly in /etc/krb5.conf + </para> + <para> Default: false </para> </listitem> diff --git a/src/providers/ipa/ipa_dyndns.c b/src/providers/ipa/ipa_dyndns.c index 60bc6ec0..0d2c34e6 100644 --- a/src/providers/ipa/ipa_dyndns.c +++ b/src/providers/ipa/ipa_dyndns.c @@ -797,20 +797,37 @@ static int create_nsupdate_message(struct ipa_nsupdate_ctx *ctx, int ret, i; char *servername = NULL; char *realm; + char *realm_directive; char *zone; char ip_addr[INET6_ADDRSTRLEN]; const char *ip; struct ipa_ipaddress *new_record; + TALLOC_CTX *tmp_ctx; + + tmp_ctx = talloc_new(NULL); + if (!tmp_ctx) return ENOMEM; realm = dp_opt_get_string(ctx->dyndns_ctx->ipa_ctx->basic, IPA_KRB5_REALM); if (!realm) { - return EIO; + ret = EIO; + goto done; + } + +#ifdef HAVE_NSUPDATE_REALM + realm_directive = talloc_asprintf(tmp_ctx, "realm %s\n", realm); +#else + realm_directive = talloc_asprintf(tmp_ctx, ""); +#endif + if (!realm_directive) { + ret = ENOMEM; + goto done; } zone = dp_opt_get_string(ctx->dyndns_ctx->ipa_ctx->basic, IPA_DOMAIN); if (!zone) { - return EIO; + ret = EIO; + goto done; } /* The DNS zone for IPA is the lower-case @@ -824,26 +841,31 @@ static int create_nsupdate_message(struct ipa_nsupdate_ctx *ctx, if (strncmp(ctx->dyndns_ctx->ipa_ctx->service->sdap->uri, "ldap://", 7) != 0) { DEBUG(1, ("Unexpected format of LDAP URI.\n")); - return EIO; + ret = EIO; + goto done; } servername = ctx->dyndns_ctx->ipa_ctx->service->sdap->uri + 7; if (!servername) { - return EIO; + ret = EIO; + goto done; } - DEBUG(9, ("Creating update message for server [%s], realm [%s] " - "and zone [%s].\n", servername, realm, zone)); + DEBUG(SSSDBG_FUNC_DATA, + ("Creating update message for server [%s], realm [%s] " + "and zone [%s].\n", servername, realm, zone)); /* Add the server, realm and zone headers */ - ctx->update_msg = talloc_asprintf(ctx, "server %s\nrealm %s\nzone %s.\n", - servername, realm, zone); + ctx->update_msg = talloc_asprintf(ctx, "server %s\n%szone %s.\n", + servername, realm_directive, + zone); } else { - DEBUG(9, ("Creating update message for realm [%s] and zone [%s].\n", - realm, zone)); + DEBUG(SSSDBG_FUNC_DATA, + ("Creating update message for realm [%s] and zone [%s].\n", + realm, zone)); /* Add the realm and zone headers */ - ctx->update_msg = talloc_asprintf(ctx, "realm %s\nzone %s.\n", - realm, zone); + ctx->update_msg = talloc_asprintf(ctx, "%szone %s.\n", + realm_directive, zone); } if (ctx->update_msg == NULL) { ret = ENOMEM; @@ -917,12 +939,16 @@ static int create_nsupdate_message(struct ipa_nsupdate_ctx *ctx, goto done; } - DEBUG(6, (" -- Begin nsupdate message -- \n%s", ctx->update_msg)); - DEBUG(6, (" -- End nsupdate message -- \n")); + DEBUG(SSSDBG_TRACE_FUNC, + (" -- Begin nsupdate message -- \n%s", + ctx->update_msg)); + DEBUG(SSSDBG_TRACE_FUNC, + (" -- End nsupdate message -- \n")); ret = EOK; done: + talloc_free(tmp_ctx); return ret; } |