| From 85b835f8258a57e3b23de47a255dddd822d5bfb3 Mon Sep 17 00:00:00 2001 |
| From: Sumit Bose <sbose@redhat.com> |
| Date: Fri, 15 Mar 2019 17:33:44 +0100 |
| Subject: [PATCH] library: use getaddrinfo with AI_CANONNAME to find a FQDN |
| |
| Currently adcli creates service principals only with a short name if the |
| hostname of the client is a short name. This would fail is |
| Kerberos/GSSAPI clients will use the fully-qualified domain name (FQDN) |
| to access the host. |
| |
| With this patch adcli tries to expand the short name by calling |
| getaddrinfo with the AI_CANONNAME hint. |
| |
| Related to https://gitlab.freedesktop.org/realmd/adcli/issues/1 |
| |
| doc/adcli.xml | 6 +++++- |
| library/adconn.c | 30 +++++++++++++++++++++++++++++- |
| 2 files changed, 34 insertions(+), 2 deletions(-) |
| |
| diff --git a/doc/adcli.xml b/doc/adcli.xml |
| index 97dec08..4722c3a 100644 |
| |
| |
| @@ -228,7 +228,11 @@ Password for Administrator: |
| <term><option>-H, --host-fqdn=<parameter>host</parameter></option></term> |
| <listitem><para>Override the local machine's fully qualified |
| domain name. If not specified, the local machine's hostname |
| - will be retrieved via <function>gethostname()</function>.</para></listitem> |
| + will be retrieved via <function>gethostname()</function>. |
| + If <function>gethostname()</function> only returns a short name |
| + <function>getaddrinfo()</function> with the AI_CANONNAME hint |
| + is called to expand the name to a fully qualified domain |
| + name.</para></listitem> |
| </varlistentry> |
| <varlistentry> |
| <term><option>-K, --host-keytab=<parameter>/path/to/keytab</parameter></option></term> |
| diff --git a/library/adconn.c b/library/adconn.c |
| index e2250e3..f6c23d3 100644 |
| |
| |
| @@ -86,11 +86,36 @@ struct _adcli_conn_ctx { |
| krb5_keytab keytab; |
| }; |
| |
| +static char *try_to_get_fqdn (const char *host_name) |
| +{ |
| + int ret; |
| + char *fqdn = NULL; |
| + struct addrinfo *res; |
| + struct addrinfo hints; |
| + |
| + memset (&hints, 0, sizeof (struct addrinfo)); |
| + hints.ai_socktype = SOCK_DGRAM; |
| + hints.ai_flags = AI_CANONNAME; |
| + |
| + ret = getaddrinfo (host_name, NULL, &hints, &res); |
| + if (ret != 0) { |
| + _adcli_err ("Failed to find FQDN: %s", gai_strerror (ret)); |
| + return NULL; |
| + } |
| + |
| + fqdn = strdup (res->ai_canonname); |
| + |
| + freeaddrinfo (res); |
| + |
| + return fqdn; |
| +} |
| + |
| static adcli_result |
| ensure_host_fqdn (adcli_result res, |
| adcli_conn *conn) |
| { |
| char hostname[HOST_NAME_MAX + 1]; |
| + char *fqdn = NULL; |
| int ret; |
| |
| if (res != ADCLI_SUCCESS) |
| @@ -107,7 +132,10 @@ ensure_host_fqdn (adcli_result res, |
| return ADCLI_ERR_UNEXPECTED; |
| } |
| |
| - conn->host_fqdn = strdup (hostname); |
| + if (strchr (hostname, '.') == NULL) { |
| + fqdn = try_to_get_fqdn (hostname); |
| + } |
| + conn->host_fqdn = fqdn != NULL ? fqdn : strdup (hostname); |
| return_unexpected_if_fail (conn->host_fqdn != NULL); |
| return ADCLI_SUCCESS; |
| } |
| -- |
| 2.20.1 |
| |