summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/config/SSSDConfig/__init__.py.in1
-rw-r--r--src/config/etc/sssd.api.d/sssd-ipa.conf1
-rw-r--r--src/man/sssd-ipa.5.xml14
-rw-r--r--src/providers/ipa/ipa_common.h1
-rw-r--r--src/providers/ipa/ipa_dyndns.c14
-rw-r--r--src/providers/ipa/ipa_opts.h1
6 files changed, 30 insertions, 2 deletions
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index 3c6d84c5..9bd69953 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -131,6 +131,7 @@ option_strings = {
'ipa_backup_server' : _('Address of backup IPA server'),
'ipa_hostname' : _('IPA client hostname'),
'ipa_dyndns_update' : _("Whether to automatically update the client's DNS entry in FreeIPA"),
+ 'ipa_dyndns_ttl' : _("The TTL to apply to the client's DNS entry after updating it"),
'ipa_dyndns_iface' : _("The interface whose IP should be used for dynamic DNS updates"),
'ipa_hbac_search_base' : _("Search base for HBAC related objects"),
'ipa_hbac_refresh' : _("The amount of time between lookups of the HBAC rules against the IPA server"),
diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf
index efc1e8b3..56184590 100644
--- a/src/config/etc/sssd.api.d/sssd-ipa.conf
+++ b/src/config/etc/sssd.api.d/sssd-ipa.conf
@@ -4,6 +4,7 @@ ipa_server = str, None, false
ipa_backup_server = str, None, false
ipa_hostname = str, None, false
ipa_dyndns_update = bool, None, false
+ipa_dyndns_ttl = int, None, false
ipa_dyndns_iface = str, None, false
ipa_hbac_search_base = str, None, false
ipa_host_search_base = str, None, false
diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml
index 4c4aaba4..db6aecf8 100644
--- a/src/man/sssd-ipa.5.xml
+++ b/src/man/sssd-ipa.5.xml
@@ -126,6 +126,20 @@
</varlistentry>
<varlistentry>
+ <term>ipa_dyndns_ttl (integer)</term>
+ <listitem>
+ <para>
+ The TTL to apply to the client DNS record when updating it.
+ If ipa_dyndns_update is false this has no effect. This will
+ override the TTL serverside if set by an administrator.
+ </para>
+ <para>
+ Default: 1200 (seconds)
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>ipa_dyndns_iface (string)</term>
<listitem>
<para>
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
index 01e14032..f077776b 100644
--- a/src/providers/ipa/ipa_common.h
+++ b/src/providers/ipa/ipa_common.h
@@ -38,6 +38,7 @@ enum ipa_basic_opt {
IPA_BACKUP_SERVER,
IPA_HOSTNAME,
IPA_DYNDNS_UPDATE,
+ IPA_DYNDNS_TTL,
IPA_DYNDNS_IFACE,
IPA_HBAC_SEARCH_BASE,
IPA_HOST_SEARCH_BASE,
diff --git a/src/providers/ipa/ipa_dyndns.c b/src/providers/ipa/ipa_dyndns.c
index 66515e84..3f430a33 100644
--- a/src/providers/ipa/ipa_dyndns.c
+++ b/src/providers/ipa/ipa_dyndns.c
@@ -857,7 +857,7 @@ static int create_nsupdate_message(struct ipa_nsupdate_ctx *ctx,
uint8_t remove_af,
bool use_server_with_nsupdate)
{
- int ret, i;
+ int ret, i, ttl;
char *servername = NULL;
char *realm;
char *realm_directive;
@@ -935,6 +935,15 @@ static int create_nsupdate_message(struct ipa_nsupdate_ctx *ctx,
goto done;
}
+ /* Get the TTL details for the record(s) */
+
+ ttl = dp_opt_get_int(ctx->dyndns_ctx->ipa_ctx->basic,
+ IPA_DYNDNS_TTL);
+ /* Should not happen but just in case set the default */
+ if (!ttl) {
+ ttl = 1200;
+ }
+
/* Remove existing entries as needed */
if (remove_af & IPA_DYNDNS_REMOVE_A) {
ctx->update_msg = talloc_asprintf_append(ctx->update_msg,
@@ -986,8 +995,9 @@ static int create_nsupdate_message(struct ipa_nsupdate_ctx *ctx,
/* Format the record update */
ctx->update_msg = talloc_asprintf_append(
ctx->update_msg,
- "update add %s. 86400 in %s %s\n",
+ "update add %s. %d in %s %s\n",
ctx->dyndns_ctx->hostname,
+ ttl,
new_record->addr->ss_family == AF_INET ? "A" : "AAAA",
ip_addr);
if (ctx->update_msg == NULL) {
diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h
index ae75413a..01c32f46 100644
--- a/src/providers/ipa/ipa_opts.h
+++ b/src/providers/ipa/ipa_opts.h
@@ -35,6 +35,7 @@ struct dp_option ipa_basic_opts[] = {
{ "ipa_backup_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ipa_hostname", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ipa_dyndns_update", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
+ { "ipa_dyndns_ttl", DP_OPT_NUMBER, { .number = 1200}, NULL_NUMBER},
{ "ipa_dyndns_iface", DP_OPT_STRING, NULL_STRING, NULL_STRING},
{ "ipa_hbac_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING},
{ "ipa_host_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },