From e915f42093add45a11208e871c9abdf7ab2bfbdc Mon Sep 17 00:00:00 2001 From: Justin Stephenson Date: Aug 16 2016 18:21:29 +0000 Subject: Warn if IP address is used as option for ipa_server/ad_server GSSAPI is dependent on DNS with hostnames and we should warn about this. Resolves: https://fedorahosted.org/sssd/ticket/2789 Reviewed-by: Jakub Hrozek --- diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c index 9f9f9f1..9a6fece 100644 --- a/src/providers/ad/ad_common.c +++ b/src/providers/ad/ad_common.c @@ -489,6 +489,7 @@ _ad_servers_init(struct ad_service *service, bool primary) { size_t i; + size_t j; errno_t ret = 0; char **list; struct ad_server_data *sdata; @@ -504,6 +505,14 @@ _ad_servers_init(struct ad_service *service, goto done; } + for (j = 0; list[j]; j++) { + if (resolv_is_address(list[j])) { + DEBUG(SSSDBG_IMPORTANT_INFO, + "ad_server [%s] is detected as IP address, " + "this can cause GSSAPI problems\n", list[j]); + } + } + /* Add each of these servers to the failover service */ for (i = 0; list[i]; i++) { if (be_fo_is_srv_identifier(list[i])) { diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index b15ccc6..6579945 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -831,6 +831,7 @@ static errno_t _ipa_servers_init(struct be_ctx *ctx, char *ipa_domain; int ret = 0; int i; + int j; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { @@ -844,6 +845,14 @@ static errno_t _ipa_servers_init(struct be_ctx *ctx, goto done; } + for (j = 0; list[j]; j++) { + if (resolv_is_address(list[j])) { + DEBUG(SSSDBG_IMPORTANT_INFO, + "ipa_server [%s] is detected as IP address, " + "this can cause GSSAPI problems\n", list[j]); + } + } + /* now for each one add a new server to the failover service */ for (i = 0; list[i]; i++) {