From f7b4eb6a0918c0b73d4b98f47dcd76fa4e8072f5 Mon Sep 17 00:00:00 2001
From: Ondrej Hamada <ohamada@redhat.com>
Date: Jan 23 2012 03:01:40 +0000
Subject: localhost.localdomain clients refused to join


Machines with hostname 'localhost' or 'localhost.localdomain' are
refused from joining IPA domain and proper error message is shown.
The hostname check is done both in 'ipa-client-install' script and in
'ipa-join'.

https://fedorahosted.org/freeipa/ticket/2112

---

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index 8e945ce..f2f4973 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -872,6 +872,9 @@ def install(options, env, fstore, statestore):
     if hostname != hostname.lower():
         print 'Invalid hostname \'%s\', must be lower-case.' % hostname
         return CLIENT_INSTALL_ERROR
+    if (hostname == 'localhost') or (hostname == 'localhost.localdomain'):
+        print 'Invalid hostname, \'%s\' must not be used.' % hostname
+        return CLIENT_INSTALL_ERROR
 
     # when installing with '--no-sssd' option, check whether nss-ldap is installed
     if not options.sssd:
diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c
index c174e2c..57c7bcb 100644
--- a/ipa-client/ipa-join.c
+++ b/ipa-client/ipa-join.c
@@ -937,6 +937,12 @@ join(const char *server, const char *hostname, const char *bindpw, const char *b
         goto cleanup;
     }
 
+    if ((!strcmp(host, "localhost")) || (!strcmp(host, "localhost.localdomain"))){
+        fprintf(stderr, _("The hostname must not be: %s\n"), host);
+        rval = 16;
+        goto cleanup;
+    }
+
     if (bindpw)
         rval = join_ldap(ipaserver, host, &hostdn, bindpw, basedn, &princ, &subject, quiet);
     else {