|
|
6cf099 |
From b280fc0d8287e9bee25516eddc1a6670691c24a1 Mon Sep 17 00:00:00 2001
|
|
|
6cf099 |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
6cf099 |
Date: Sun, 6 Jul 2014 22:53:27 +0200
|
|
|
6cf099 |
Subject: [PATCH 84/90] DYNDNS: Add a new option dyndns_server
|
|
|
6cf099 |
|
|
|
6cf099 |
Some environments use a different DNS server than identity server. For
|
|
|
6cf099 |
these environments, it would be useful to be able to override the DNS
|
|
|
6cf099 |
server used to perform DNS updates.
|
|
|
6cf099 |
|
|
|
6cf099 |
This patch adds a new option dyndns_server that, if set, would be used
|
|
|
6cf099 |
to hardcode a DNS server address into the nsupdate message.
|
|
|
6cf099 |
|
|
|
6cf099 |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
6cf099 |
(cherry picked from commit 8145ab51b05aa86b2f1a21b49383f55e50b0a2e3)
|
|
|
6cf099 |
---
|
|
|
6cf099 |
src/config/SSSDConfig/__init__.py.in | 1 +
|
|
|
6cf099 |
src/config/SSSDConfigTest.py | 2 ++
|
|
|
6cf099 |
src/config/etc/sssd.api.conf | 1 +
|
|
|
6cf099 |
src/man/sssd-ad.5.xml | 20 ++++++++++++++++++++
|
|
|
6cf099 |
src/man/sssd-ipa.5.xml | 19 +++++++++++++++++++
|
|
|
6cf099 |
src/providers/ad/ad_opts.h | 1 +
|
|
|
6cf099 |
src/providers/dp_dyndns.c | 1 +
|
|
|
6cf099 |
src/providers/dp_dyndns.h | 1 +
|
|
|
6cf099 |
src/providers/ipa/ipa_opts.h | 1 +
|
|
|
6cf099 |
src/providers/ldap/sdap_dyndns.c | 7 +++++++
|
|
|
6cf099 |
10 files changed, 54 insertions(+)
|
|
|
6cf099 |
|
|
|
6cf099 |
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
|
|
|
6cf099 |
index fed2682f121103cefa27e689b29ce29b7d28f968..a7cd1dd243a53e7038dc69628475c76ccdd93260 100644
|
|
|
6cf099 |
--- a/src/config/SSSDConfig/__init__.py.in
|
|
|
6cf099 |
+++ b/src/config/SSSDConfig/__init__.py.in
|
|
|
6cf099 |
@@ -148,6 +148,7 @@ option_strings = {
|
|
|
6cf099 |
'dyndns_update_ptr' : _("Whether the provider should explicitly update the PTR record as well"),
|
|
|
6cf099 |
'dyndns_force_tcp' : _("Whether the nsupdate utility should default to using TCP"),
|
|
|
6cf099 |
'dyndns_auth' : _("What kind of authentication should be used to perform the DNS update"),
|
|
|
6cf099 |
+ 'dyndns_server' : _("Override the DNS server used to perform the DNS update"),
|
|
|
6cf099 |
'subdomain_enumerate' : _('Control enumeration of trusted domains'),
|
|
|
6cf099 |
'subdomain_refresh_interval' : _('How often should subdomains list be refreshed'),
|
|
|
6cf099 |
'subdomain_inherit' : _('List of options that should be inherited into a subdomain'),
|
|
|
6cf099 |
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
|
|
|
6cf099 |
index 1d6107ceac1bde7acbfd2682cc144a4ef0881311..166ecd0ff0f5cfb38eefb1711e4ac5dd9f805d43 100755
|
|
|
6cf099 |
--- a/src/config/SSSDConfigTest.py
|
|
|
6cf099 |
+++ b/src/config/SSSDConfigTest.py
|
|
|
6cf099 |
@@ -527,6 +527,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
|
|
|
6cf099 |
'dyndns_update_ptr',
|
|
|
6cf099 |
'dyndns_force_tcp',
|
|
|
6cf099 |
'dyndns_auth',
|
|
|
6cf099 |
+ 'dyndns_server',
|
|
|
6cf099 |
'subdomain_enumerate',
|
|
|
6cf099 |
'override_gid',
|
|
|
6cf099 |
'case_sensitive',
|
|
|
6cf099 |
@@ -891,6 +892,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
|
|
|
6cf099 |
'dyndns_update_ptr',
|
|
|
6cf099 |
'dyndns_force_tcp',
|
|
|
6cf099 |
'dyndns_auth',
|
|
|
6cf099 |
+ 'dyndns_server',
|
|
|
6cf099 |
'subdomain_enumerate',
|
|
|
6cf099 |
'override_gid',
|
|
|
6cf099 |
'case_sensitive',
|
|
|
6cf099 |
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
|
|
|
6cf099 |
index 2e5b02e3e30c13f805e172eab481f7501f57bb05..f28054860205831b0452e409c109e3c62aa8d28a 100644
|
|
|
6cf099 |
--- a/src/config/etc/sssd.api.conf
|
|
|
6cf099 |
+++ b/src/config/etc/sssd.api.conf
|
|
|
6cf099 |
@@ -155,6 +155,7 @@ dyndns_refresh_interval = int, None, false
|
|
|
6cf099 |
dyndns_update_ptr = bool, None, false
|
|
|
6cf099 |
dyndns_force_tcp = bool, None, false
|
|
|
6cf099 |
dyndns_auth = str, None, false
|
|
|
6cf099 |
+dyndns_server = str, None, false
|
|
|
6cf099 |
|
|
|
6cf099 |
# Special providers
|
|
|
6cf099 |
[provider/permit]
|
|
|
6cf099 |
diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
|
|
|
6cf099 |
index 3cbc10520098372d984d00425d03832d002d6672..7ccd29794a89fa6b69b744a47da04f908efc7ef9 100644
|
|
|
6cf099 |
--- a/src/man/sssd-ad.5.xml
|
|
|
6cf099 |
+++ b/src/man/sssd-ad.5.xml
|
|
|
6cf099 |
@@ -812,6 +812,26 @@ ad_gpo_map_deny = +my_pam_service
|
|
|
6cf099 |
</listitem>
|
|
|
6cf099 |
</varlistentry>
|
|
|
6cf099 |
|
|
|
6cf099 |
+ <varlistentry>
|
|
|
6cf099 |
+ <term>dyndns_server (string)</term>
|
|
|
6cf099 |
+ <listitem>
|
|
|
6cf099 |
+ <para>
|
|
|
6cf099 |
+ The DNS server to use when performing a DNS
|
|
|
6cf099 |
+ update. In most setups, it's recommended to leave
|
|
|
6cf099 |
+ this option unset.
|
|
|
6cf099 |
+ </para>
|
|
|
6cf099 |
+ <para>
|
|
|
6cf099 |
+ Setting this option makes sense for environments
|
|
|
6cf099 |
+ where the DNS server is different from the identity
|
|
|
6cf099 |
+ server.
|
|
|
6cf099 |
+ </para>
|
|
|
6cf099 |
+ <para>
|
|
|
6cf099 |
+ Default: None (let nsupdate choose the server)
|
|
|
6cf099 |
+ </para>
|
|
|
6cf099 |
+ </listitem>
|
|
|
6cf099 |
+ </varlistentry>
|
|
|
6cf099 |
+
|
|
|
6cf099 |
+
|
|
|
6cf099 |
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/override_homedir.xml" />
|
|
|
6cf099 |
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/homedir_substring.xml" />
|
|
|
6cf099 |
|
|
|
6cf099 |
diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml
|
|
|
6cf099 |
index 2e985991fde10827aff0e7c8e67f29a009683450..871c41607b97bd24fe5feaa282258def0fd0cc8b 100644
|
|
|
6cf099 |
--- a/src/man/sssd-ipa.5.xml
|
|
|
6cf099 |
+++ b/src/man/sssd-ipa.5.xml
|
|
|
6cf099 |
@@ -263,6 +263,25 @@
|
|
|
6cf099 |
</varlistentry>
|
|
|
6cf099 |
|
|
|
6cf099 |
<varlistentry>
|
|
|
6cf099 |
+ <term>dyndns_server (string)</term>
|
|
|
6cf099 |
+ <listitem>
|
|
|
6cf099 |
+ <para>
|
|
|
6cf099 |
+ The DNS server to use when performing a DNS
|
|
|
6cf099 |
+ update. In most setups, it's recommended to leave
|
|
|
6cf099 |
+ this option unset.
|
|
|
6cf099 |
+ </para>
|
|
|
6cf099 |
+ <para>
|
|
|
6cf099 |
+ Setting this option makes sense for environments
|
|
|
6cf099 |
+ where the DNS server is different from the identity
|
|
|
6cf099 |
+ server.
|
|
|
6cf099 |
+ </para>
|
|
|
6cf099 |
+ <para>
|
|
|
6cf099 |
+ Default: None (let nsupdate choose the server)
|
|
|
6cf099 |
+ </para>
|
|
|
6cf099 |
+ </listitem>
|
|
|
6cf099 |
+ </varlistentry>
|
|
|
6cf099 |
+
|
|
|
6cf099 |
+ <varlistentry>
|
|
|
6cf099 |
<term>ipa_hbac_search_base (string)</term>
|
|
|
6cf099 |
<listitem>
|
|
|
6cf099 |
<para>
|
|
|
6cf099 |
diff --git a/src/providers/ad/ad_opts.h b/src/providers/ad/ad_opts.h
|
|
|
6cf099 |
index d685edcb44c771b0afc7a232a82c21fc9d1c89f9..00586a7ada63ad4c89630e9589d3ff75d1726703 100644
|
|
|
6cf099 |
--- a/src/providers/ad/ad_opts.h
|
|
|
6cf099 |
+++ b/src/providers/ad/ad_opts.h
|
|
|
6cf099 |
@@ -275,6 +275,7 @@ struct dp_option ad_dyndns_opts[] = {
|
|
|
6cf099 |
{ "dyndns_update_ptr", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
|
|
|
6cf099 |
{ "dyndns_force_tcp", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
|
|
|
6cf099 |
{ "dyndns_auth", DP_OPT_STRING, { "gss-tsig" }, NULL_STRING },
|
|
|
6cf099 |
+ { "dyndns_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },
|
|
|
6cf099 |
DP_OPTION_TERMINATOR
|
|
|
6cf099 |
};
|
|
|
6cf099 |
|
|
|
6cf099 |
diff --git a/src/providers/dp_dyndns.c b/src/providers/dp_dyndns.c
|
|
|
6cf099 |
index c254d78936f412626db0533f559350de57017618..9a726bd431854342993212ce0a9759b86069cd5e 100644
|
|
|
6cf099 |
--- a/src/providers/dp_dyndns.c
|
|
|
6cf099 |
+++ b/src/providers/dp_dyndns.c
|
|
|
6cf099 |
@@ -1180,6 +1180,7 @@ static struct dp_option default_dyndns_opts[] = {
|
|
|
6cf099 |
{ "dyndns_update_ptr", DP_OPT_BOOL, BOOL_TRUE, BOOL_FALSE },
|
|
|
6cf099 |
{ "dyndns_force_tcp", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
|
|
|
6cf099 |
{ "dyndns_auth", DP_OPT_STRING, { "gss-tsig" }, NULL_STRING },
|
|
|
6cf099 |
+ { "dyndns_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },
|
|
|
6cf099 |
|
|
|
6cf099 |
DP_OPTION_TERMINATOR
|
|
|
6cf099 |
};
|
|
|
6cf099 |
diff --git a/src/providers/dp_dyndns.h b/src/providers/dp_dyndns.h
|
|
|
6cf099 |
index a8a20ec6f8a1a63cd8c85aaec3f54f9fddb42049..3cc8d122646590365a3fb6dafa6a0f699b620ad9 100644
|
|
|
6cf099 |
--- a/src/providers/dp_dyndns.h
|
|
|
6cf099 |
+++ b/src/providers/dp_dyndns.h
|
|
|
6cf099 |
@@ -55,6 +55,7 @@ enum dp_dyndns_opts {
|
|
|
6cf099 |
DP_OPT_DYNDNS_UPDATE_PTR,
|
|
|
6cf099 |
DP_OPT_DYNDNS_FORCE_TCP,
|
|
|
6cf099 |
DP_OPT_DYNDNS_AUTH,
|
|
|
6cf099 |
+ DP_OPT_DYNDNS_SERVER,
|
|
|
6cf099 |
|
|
|
6cf099 |
DP_OPT_DYNDNS /* attrs counter */
|
|
|
6cf099 |
};
|
|
|
6cf099 |
diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h
|
|
|
6cf099 |
index f6c40dddbb58cd8af1079a351137422083e26cfe..78949e3ddec95f7f4303eab905bbbf6ec14ed6ae 100644
|
|
|
6cf099 |
--- a/src/providers/ipa/ipa_opts.h
|
|
|
6cf099 |
+++ b/src/providers/ipa/ipa_opts.h
|
|
|
6cf099 |
@@ -62,6 +62,7 @@ struct dp_option ipa_dyndns_opts[] = {
|
|
|
6cf099 |
{ "dyndns_update_ptr", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
|
|
|
6cf099 |
{ "dyndns_force_tcp", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
|
|
|
6cf099 |
{ "dyndns_auth", DP_OPT_STRING, { "gss-tsig" }, NULL_STRING },
|
|
|
6cf099 |
+ { "dyndns_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },
|
|
|
6cf099 |
DP_OPTION_TERMINATOR
|
|
|
6cf099 |
};
|
|
|
6cf099 |
|
|
|
6cf099 |
diff --git a/src/providers/ldap/sdap_dyndns.c b/src/providers/ldap/sdap_dyndns.c
|
|
|
6cf099 |
index a463a2fce08f42b325010cd37c501ef23aee173f..01f4f17226f1b7dd417699403b425c571b780c3a 100644
|
|
|
6cf099 |
--- a/src/providers/ldap/sdap_dyndns.c
|
|
|
6cf099 |
+++ b/src/providers/ldap/sdap_dyndns.c
|
|
|
6cf099 |
@@ -92,6 +92,7 @@ sdap_dyndns_update_send(TALLOC_CTX *mem_ctx,
|
|
|
6cf099 |
struct tevent_req *req;
|
|
|
6cf099 |
struct tevent_req *subreq;
|
|
|
6cf099 |
struct sdap_dyndns_update_state *state;
|
|
|
6cf099 |
+ const char *conf_servername;
|
|
|
6cf099 |
|
|
|
6cf099 |
req = tevent_req_create(mem_ctx, &state, struct sdap_dyndns_update_state);
|
|
|
6cf099 |
if (req == NULL) {
|
|
|
6cf099 |
@@ -111,6 +112,12 @@ sdap_dyndns_update_send(TALLOC_CTX *mem_ctx,
|
|
|
6cf099 |
state->auth_type = auth_type;
|
|
|
6cf099 |
state->pass_num = 0;
|
|
|
6cf099 |
|
|
|
6cf099 |
+ conf_servername = dp_opt_get_string(opts, DP_OPT_DYNDNS_SERVER);
|
|
|
6cf099 |
+ if (conf_servername != NULL) {
|
|
|
6cf099 |
+ state->servername = conf_servername;
|
|
|
6cf099 |
+ state->use_server_with_nsupdate = true;
|
|
|
6cf099 |
+ }
|
|
|
6cf099 |
+
|
|
|
6cf099 |
if (ifname) {
|
|
|
6cf099 |
/* Unless one family is restricted, just replace all
|
|
|
6cf099 |
* address families during the update
|
|
|
6cf099 |
--
|
|
|
6cf099 |
2.4.3
|
|
|
6cf099 |
|