From 856cb96e313c164aa80915410ba758ad21cb6173 Mon Sep 17 00:00:00 2001

From: Pavel Reichl <preichl@redhat.com>

Date: Tue, 14 Jul 2015 09:56:59 -0400

Subject: [PATCH 19/19] DYNDNS: support for dualstack

When dyndns_iface option was not used, address of connection to LDAP

was used. This patch proposes following change:

  * Interface containing address of connection is found.

  * All A and AAAA addresses of this interface are collected.

  * Collected addresses are sent during DDNS update.

  * Function sss_iface_addr_add() is removed.

Resolves:

https://fedorahosted.org/sssd/ticket/2558

---

 src/providers/dp_dyndns.c        | 135 +++++++++++++++++++++++------

 src/providers/dp_dyndns.h        |   8 +-

 src/providers/ldap/sdap_dyndns.c |  20 ++---

 src/tests/cmocka/test_dyndns.c   | 178 +++++++++++++++++++++++++++++++++++++++

 4 files changed, 302 insertions(+), 39 deletions(-)

diff --git a/src/providers/dp_dyndns.c b/src/providers/dp_dyndns.c

index 03389acfba13e566540ca8b0570c0d009173575f..c254d78936f412626db0533f559350de57017618 100644

--- a/src/providers/dp_dyndns.c

+++ b/src/providers/dp_dyndns.c

@@ -58,31 +58,6 @@ void sss_iface_addr_concatenate(struct sss_iface_addr **list,

     DLIST_CONCATENATE((*list), list2, struct sss_iface_addr*);

 }

-struct sss_iface_addr *

-sss_iface_addr_add(TALLOC_CTX *mem_ctx, struct sss_iface_addr **list,

-                   struct sockaddr_storage *ss)

-{

-    struct sss_iface_addr *address;

-

-    address = talloc(mem_ctx, struct sss_iface_addr);

-    if (address == NULL) {

-        return NULL;

-    }

-

-    address->addr = talloc_memdup(address, ss,

-                                  sizeof(struct sockaddr_storage));

-    if(address->addr == NULL) {

-        talloc_zfree(address);

-        return NULL;

-    }

-

-    /* steal old dlist to the new head */

-    talloc_steal(address, *list);

-    DLIST_ADD(*list, address);

-

-    return address;

-}

-

 errno_t

 sss_iface_addr_list_as_str_list(TALLOC_CTX *mem_ctx,

                                 struct sss_iface_addr *ifaddr_list,

@@ -1258,3 +1233,113 @@ errno_t be_nsupdate_init_timer(struct be_nsupdate_ctx *ctx,

     return ERR_OK;

 }

+

+static bool match_ip(const struct sockaddr *sa,

+                     const struct sockaddr *sb)

+{

+    size_t addrsize;

+    bool res;

+    const void *addr_a;

+    const void *addr_b;

+

+    if (sa->sa_family == AF_INET) {

+        addrsize = sizeof(struct in_addr);

+        addr_a = (const void *) &((const struct sockaddr_in *) sa)->sin_addr;

+        addr_b = (const void *) &((const struct sockaddr_in *) sb)->sin_addr;

+    } else if (sa->sa_family == AF_INET6) {

+        addrsize = sizeof(struct in6_addr);

+        addr_a = (const void *) &((const struct sockaddr_in6 *) sa)->sin6_addr;

+        addr_b = (const void *) &((const struct sockaddr_in6 *) sb)->sin6_addr;

+    } else {

+        res = false;

+        goto done;

+    }

+

+    if (sa->sa_family != sb->sa_family) {

+        res = false;

+        goto done;

+    }

+

+    res = memcmp(addr_a, addr_b, addrsize) == 0;

+

+done:

+    return res;

+}

+

+static errno_t find_iface_by_addr(TALLOC_CTX *mem_ctx,

+                                  const struct sockaddr *ss,

+                                  const char **_iface_name)

+{

+    struct ifaddrs *ifaces = NULL;

+    struct ifaddrs *ifa;

+    errno_t ret;

+

+    ret = getifaddrs(&ifaces);

+    if (ret == -1) {

+        ret = errno;

+        DEBUG(SSSDBG_OP_FAILURE,

+              "Could not read interfaces [%d][%s]\n", ret, sss_strerror(ret));

+        goto done;

+    }

+

+    for (ifa = ifaces; ifa != NULL; ifa = ifa->ifa_next) {

+

+        /* Some interfaces don't have an ifa_addr */

+        if (!ifa->ifa_addr) continue;

+

+        if (match_ip(ss, ifa->ifa_addr)) {

+            const char *iface_name;

+            iface_name = talloc_strdup(mem_ctx, ifa->ifa_name);

+            if (iface_name == NULL) {

+                ret = ENOMEM;

+            } else {

+                *_iface_name = iface_name;

+                ret = EOK;

+            }

+            goto done;

+        }

+    }

+    ret = ENOENT;

+

+done:

+    freeifaddrs(ifaces);

+    return ret;

+}

+

+errno_t sss_get_dualstack_addresses(TALLOC_CTX *mem_ctx,

+                                    struct sockaddr *ss,

+                                    struct sss_iface_addr **_iface_addrs)

+{

+    struct sss_iface_addr *iface_addrs;

+    const char *iface_name = NULL;

+    TALLOC_CTX *tmp_ctx;

+    errno_t ret;

+

+    tmp_ctx = talloc_new(NULL);

+    if (tmp_ctx == NULL) {

+        ret = ENOMEM;

+        goto done;

+    }

+

+    ret = find_iface_by_addr(tmp_ctx, ss, &iface_name);

+    if (ret != EOK) {

+        DEBUG(SSSDBG_MINOR_FAILURE, "find_iface_by_addr failed: %d:[%s]\n",

+              ret, sss_strerror(ret));

+        goto done;

+    }

+

+    ret = sss_iface_addr_list_get(tmp_ctx, iface_name, &iface_addrs);

+    if (ret != EOK) {

+        DEBUG(SSSDBG_MINOR_FAILURE,

+              "sss_iface_addr_list_get failed: %d:[%s]\n",

+              ret, sss_strerror(ret));

+        goto done;

+    }

+

+    ret = EOK;

+    *_iface_addrs = talloc_steal(mem_ctx, iface_addrs);

+

+done:

+    talloc_free(tmp_ctx);

+    return ret;

+}

diff --git a/src/providers/dp_dyndns.h b/src/providers/dp_dyndns.h

index deba112538ad22cd7f59be07934778ee9d4361e7..a8a20ec6f8a1a63cd8c85aaec3f54f9fddb42049 100644

--- a/src/providers/dp_dyndns.h

+++ b/src/providers/dp_dyndns.h

@@ -81,10 +81,6 @@ errno_t

 sss_iface_addr_list_get(TALLOC_CTX *mem_ctx, const char *ifname,

                         struct sss_iface_addr **_addrlist);

-struct sss_iface_addr *

-sss_iface_addr_add(TALLOC_CTX *mem_ctx, struct sss_iface_addr **list,

-                   struct sockaddr_storage *ss);

-

 errno_t

 sss_iface_addr_list_as_str_list(TALLOC_CTX *mem_ctx,

                                 struct sss_iface_addr *ifaddr_list,

@@ -132,4 +128,8 @@ void

 sss_iface_addr_concatenate(struct sss_iface_addr **list,

                            struct sss_iface_addr *list2);

+errno_t

+sss_get_dualstack_addresses(TALLOC_CTX *mem_ctx,

+                            struct sockaddr *ss,

+                            struct sss_iface_addr **_iface_addrs);

 #endif /* DP_DYNDNS_H_ */

diff --git a/src/providers/ldap/sdap_dyndns.c b/src/providers/ldap/sdap_dyndns.c

index f5929cff3db6f724efcedeb963e3a12d04f6e1d3..a463a2fce08f42b325010cd37c501ef23aee173f 100644

--- a/src/providers/ldap/sdap_dyndns.c

+++ b/src/providers/ldap/sdap_dyndns.c

@@ -644,7 +644,6 @@ sdap_dyndns_add_ldap_conn(struct sdap_dyndns_get_addrs_state *state,

 {

     int ret;

     int fd;

-    struct sss_iface_addr *address;

     struct sockaddr_storage ss;

     socklen_t ss_len = sizeof(ss);

@@ -666,20 +665,21 @@ sdap_dyndns_add_ldap_conn(struct sdap_dyndns_get_addrs_state *state,

         return ret;

     }

-    switch(ss.ss_family) {

-    case AF_INET:

-    case AF_INET6:

-        address = sss_iface_addr_add(state, &state->addresses, &ss);

-        if (address == NULL) {

-            return ENOMEM;

-        }

-        break;

-    default:

+    if (ss.ss_family != AF_INET && ss.ss_family != AF_INET6) {

         DEBUG(SSSDBG_CRIT_FAILURE,

               "Connection to LDAP is neither IPv4 nor IPv6\n");

         return EIO;

     }

+    ret = sss_get_dualstack_addresses(state, (struct sockaddr *) &ss,

+                                      &state->addresses);

+    if (ret != EOK) {

+        DEBUG(SSSDBG_MINOR_FAILURE,

+              "sss_get_dualstack_addresses failed: %d:[%s]\n",

+              ret, sss_strerror(ret));

+        return ret;

+    }

+

     return EOK;

 }

diff --git a/src/tests/cmocka/test_dyndns.c b/src/tests/cmocka/test_dyndns.c

index e9d42cea37472b38ae2eb900368f2ce3f409fefc..8118e9438e89465674155c11f4523d2313f6a59c 100644

--- a/src/tests/cmocka/test_dyndns.c

+++ b/src/tests/cmocka/test_dyndns.c

@@ -289,6 +289,173 @@ void dyndns_test_get_ifaddr_enoent(void **state)

     assert_true(check_leaks_pop(dyndns_test_ctx) == true);

 }

+void dyndns_test_dualstack(void **state)

+{

+    errno_t ret;

+    struct sss_iface_addr *addrlist;

+    struct sss_iface_addr *sss_if_addrs;

+    char straddr[128];

+    int i;

+

+    check_leaks_push(dyndns_test_ctx);

+

+    /* getifaddrs is called twice in sss_get_dualstack_addresses() */

+    for (i = 0; i < 2; i++) {

+        will_return_getifaddrs("eth0", "192.168.0.2", AF_INET);

+        will_return_getifaddrs("eth1", "192.168.0.1", AF_INET);

+        will_return_getifaddrs("eth0", "2001:cdba::555", AF_INET6);

+        will_return_getifaddrs("eth1", "2001:cdba::444", AF_INET6);

+        will_return_getifaddrs(NULL, NULL, 0); /* sentinel */

+    }

+

+    struct sockaddr_in sin;

+    memset (&sin, 0, sizeof (sin));

+    sin.sin_family = AF_INET;

+    sin.sin_addr.s_addr = inet_addr ("192.168.0.2");

+    ret = sss_get_dualstack_addresses(dyndns_test_ctx,

+                                      (struct sockaddr *) &sin,

+                                      &addrlist);

+    assert_int_equal(ret, EOK);

+

+    sss_if_addrs = addrlist;

+    assert_non_null(sss_if_addrs);

+    assert_non_null(sss_if_addrs->addr);

+    assert_non_null(sss_if_addrs->next);

+    assert_null(sss_if_addrs->prev);

+

+    assert_non_null(inet_ntop(AF_INET6,

+                              &((struct sockaddr_in6 *) sss_if_addrs->addr)->sin6_addr,

+                              straddr, INET6_ADDRSTRLEN));

+    /* ip addresses are returned in different order */

+    assert_string_equal(straddr, "2001:cdba::555");

+

+    sss_if_addrs = addrlist->next;

+    assert_non_null(sss_if_addrs);

+    assert_non_null(sss_if_addrs->addr);

+    assert_null(sss_if_addrs->next);

+    assert_non_null(sss_if_addrs->prev);

+

+    assert_non_null(inet_ntop(AF_INET,

+                              &((struct sockaddr_in *) sss_if_addrs->addr)->sin_addr,

+                              straddr, INET_ADDRSTRLEN));

+    /* ip addresses are returned in different order */

+    assert_string_equal(straddr, "192.168.0.2");

+

+    talloc_free(addrlist);

+

+    assert_true(check_leaks_pop(dyndns_test_ctx) == true);

+}

+

+void dyndns_test_dualstack_multiple_addresses(void **state)

+{

+    errno_t ret;

+    struct sss_iface_addr *addrlist;

+    struct sss_iface_addr *sss_if_addrs;

+    char straddr[128];

+    int i;

+

+    check_leaks_push(dyndns_test_ctx);

+

+    /* getifaddrs is called twice in sss_get_dualstack_addresses() */

+    for (i = 0; i < 2; i++) {

+        will_return_getifaddrs("eth0", "192.168.0.2", AF_INET);

+        will_return_getifaddrs("eth0", "192.168.0.1", AF_INET);

+        /* loopback - invalid for dns (should be skipped) */

+        will_return_getifaddrs("eth0", "::1", AF_INET6);

+        /* linklocal - invalid for dns (should be skipped) */

+        will_return_getifaddrs("eth0", "fe80::5054:ff:fe4a:65ae", AF_INET6);

+        will_return_getifaddrs("eth0", "2001:cdba::555", AF_INET6);

+        will_return_getifaddrs("eth0", "2001:cdba::444", AF_INET6);

+        will_return_getifaddrs(NULL, NULL, 0); /* sentinel */

+    }

+

+    struct sockaddr_in sin;

+    memset (&sin, 0, sizeof (sin));

+    sin.sin_family = AF_INET;

+    sin.sin_addr.s_addr = inet_addr ("192.168.0.2");

+    ret = sss_get_dualstack_addresses(dyndns_test_ctx,

+                                      (struct sockaddr *) &sin,

+                                      &addrlist);

+    assert_int_equal(ret, EOK);

+

+    sss_if_addrs = addrlist;

+    assert_non_null(sss_if_addrs);

+    assert_non_null(sss_if_addrs->addr);

+    assert_non_null(sss_if_addrs->next);

+    assert_null(sss_if_addrs->prev);

+

+    assert_non_null(inet_ntop(AF_INET6,

+                              &((struct sockaddr_in6 *) sss_if_addrs->addr)->sin6_addr,

+                              straddr, INET6_ADDRSTRLEN));

+    /* ip addresses are returned in different order */

+    assert_string_equal(straddr, "2001:cdba::444");

+

+    sss_if_addrs = sss_if_addrs->next;

+    assert_non_null(sss_if_addrs);

+    assert_non_null(sss_if_addrs->addr);

+    assert_non_null(sss_if_addrs->prev);

+    assert_non_null(sss_if_addrs->next);

+

+    assert_non_null(inet_ntop(AF_INET6,

+                              &((struct sockaddr_in6 *) sss_if_addrs->addr)->sin6_addr,

+                              straddr, INET6_ADDRSTRLEN));

+    /* ip addresses are returned in different order */

+    assert_string_equal(straddr, "2001:cdba::555");

+

+    sss_if_addrs = sss_if_addrs->next;

+    assert_non_null(sss_if_addrs);

+    assert_non_null(sss_if_addrs->addr);

+    assert_non_null(sss_if_addrs->next);

+    assert_non_null(sss_if_addrs->prev);

+

+    assert_non_null(inet_ntop(AF_INET,

+                              &((struct sockaddr_in *) sss_if_addrs->addr)->sin_addr,

+                              straddr, INET_ADDRSTRLEN));

+    /* ip addresses are returned in different order */

+    assert_string_equal(straddr, "192.168.0.1");

+

+    sss_if_addrs = sss_if_addrs->next;

+    assert_non_null(sss_if_addrs);

+    assert_non_null(sss_if_addrs->addr);

+    assert_null(sss_if_addrs->next);

+    assert_non_null(sss_if_addrs->prev);

+

+    assert_non_null(inet_ntop(AF_INET,

+                              &((struct sockaddr_in *) sss_if_addrs->addr)->sin_addr,

+                              straddr, INET_ADDRSTRLEN));

+    /* ip addresses are returned in different order */

+    assert_string_equal(straddr, "192.168.0.2");

+

+    talloc_free(addrlist);

+

+    assert_true(check_leaks_pop(dyndns_test_ctx) == true);

+}

+

+void dyndns_test_dualstack_no_iface(void **state)

+{

+    errno_t ret;

+    struct sss_iface_addr *addrlist;

+

+    check_leaks_push(dyndns_test_ctx);

+

+    will_return_getifaddrs("eth0", "192.168.0.2", AF_INET);

+    will_return_getifaddrs("eth1", "192.168.0.1", AF_INET);

+    will_return_getifaddrs("eth0", "2001:cdba::555", AF_INET6);

+    will_return_getifaddrs("eth1", "2001:cdba::444", AF_INET6);

+    will_return_getifaddrs(NULL, NULL, 0); /* sentinel */

+

+    struct sockaddr_in sin;

+    memset (&sin, 0, sizeof (sin));

+    sin.sin_family = AF_INET;

+    sin.sin_addr.s_addr = inet_addr ("192.168.0.3");

+    ret = sss_get_dualstack_addresses(dyndns_test_ctx,

+                                      (struct sockaddr *) &sin,

+                                      &addrlist);

+    assert_int_equal(ret, ENOENT);

+

+    assert_true(check_leaks_pop(dyndns_test_ctx) == true);

+}

+

 void dyndns_test_ok(void **state)

 {

     struct tevent_req *req;

@@ -519,6 +686,17 @@ int main(int argc, const char *argv[])

         cmocka_unit_test_setup_teardown(dyndns_test_interval,

                                         dyndns_test_setup,

                                         dyndns_test_teardown),

+

+        /* Dynamic DNS dualstack unit tests*/

+        cmocka_unit_test_setup_teardown(dyndns_test_dualstack,

+                                        dyndns_test_simple_setup,

+                                        dyndns_test_teardown),

+        cmocka_unit_test_setup_teardown(dyndns_test_dualstack_multiple_addresses,

+                                        dyndns_test_simple_setup,

+                                        dyndns_test_teardown),

+        cmocka_unit_test_setup_teardown(dyndns_test_dualstack_no_iface,

+                                        dyndns_test_simple_setup,

+                                        dyndns_test_teardown),

     };

     /* Set debug level to invalid value so we can deside if -d 0 was used. */

-- 

2.4.3