dpward / rpms / sssd

Forked from rpms/sssd 3 years ago
Clone

Blame SOURCES/0084-DYNDNS-Add-a-new-option-dyndns_server.patch

6cf099
From b280fc0d8287e9bee25516eddc1a6670691c24a1 Mon Sep 17 00:00:00 2001
6cf099
From: Jakub Hrozek <jhrozek@redhat.com>
6cf099
Date: Sun, 6 Jul 2014 22:53:27 +0200
6cf099
Subject: [PATCH 84/90] DYNDNS: Add a new option dyndns_server
6cf099
6cf099
Some environments use a different DNS server than identity server. For
6cf099
these environments, it would be useful to be able to override the DNS
6cf099
server used to perform DNS updates.
6cf099
6cf099
This patch adds a new option dyndns_server that, if set, would be used
6cf099
to hardcode a DNS server address into the nsupdate message.
6cf099
6cf099
Reviewed-by: Pavel Reichl <preichl@redhat.com>
6cf099
(cherry picked from commit 8145ab51b05aa86b2f1a21b49383f55e50b0a2e3)
6cf099
---
6cf099
 src/config/SSSDConfig/__init__.py.in |  1 +
6cf099
 src/config/SSSDConfigTest.py         |  2 ++
6cf099
 src/config/etc/sssd.api.conf         |  1 +
6cf099
 src/man/sssd-ad.5.xml                | 20 ++++++++++++++++++++
6cf099
 src/man/sssd-ipa.5.xml               | 19 +++++++++++++++++++
6cf099
 src/providers/ad/ad_opts.h           |  1 +
6cf099
 src/providers/dp_dyndns.c            |  1 +
6cf099
 src/providers/dp_dyndns.h            |  1 +
6cf099
 src/providers/ipa/ipa_opts.h         |  1 +
6cf099
 src/providers/ldap/sdap_dyndns.c     |  7 +++++++
6cf099
 10 files changed, 54 insertions(+)
6cf099
6cf099
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
6cf099
index fed2682f121103cefa27e689b29ce29b7d28f968..a7cd1dd243a53e7038dc69628475c76ccdd93260 100644
6cf099
--- a/src/config/SSSDConfig/__init__.py.in
6cf099
+++ b/src/config/SSSDConfig/__init__.py.in
6cf099
@@ -148,6 +148,7 @@ option_strings = {
6cf099
     'dyndns_update_ptr' : _("Whether the provider should explicitly update the PTR record as well"),
6cf099
     'dyndns_force_tcp' : _("Whether the nsupdate utility should default to using TCP"),
6cf099
     'dyndns_auth' : _("What kind of authentication should be used to perform the DNS update"),
6cf099
+    'dyndns_server' : _("Override the DNS server used to perform the DNS update"),
6cf099
     'subdomain_enumerate' : _('Control enumeration of trusted domains'),
6cf099
     'subdomain_refresh_interval' : _('How often should subdomains list be refreshed'),
6cf099
     'subdomain_inherit' : _('List of options that should be inherited into a subdomain'),
6cf099
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
6cf099
index 1d6107ceac1bde7acbfd2682cc144a4ef0881311..166ecd0ff0f5cfb38eefb1711e4ac5dd9f805d43 100755
6cf099
--- a/src/config/SSSDConfigTest.py
6cf099
+++ b/src/config/SSSDConfigTest.py
6cf099
@@ -527,6 +527,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
6cf099
             'dyndns_update_ptr',
6cf099
             'dyndns_force_tcp',
6cf099
             'dyndns_auth',
6cf099
+            'dyndns_server',
6cf099
             'subdomain_enumerate',
6cf099
             'override_gid',
6cf099
             'case_sensitive',
6cf099
@@ -891,6 +892,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
6cf099
             'dyndns_update_ptr',
6cf099
             'dyndns_force_tcp',
6cf099
             'dyndns_auth',
6cf099
+            'dyndns_server',
6cf099
             'subdomain_enumerate',
6cf099
             'override_gid',
6cf099
             'case_sensitive',
6cf099
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
6cf099
index 2e5b02e3e30c13f805e172eab481f7501f57bb05..f28054860205831b0452e409c109e3c62aa8d28a 100644
6cf099
--- a/src/config/etc/sssd.api.conf
6cf099
+++ b/src/config/etc/sssd.api.conf
6cf099
@@ -155,6 +155,7 @@ dyndns_refresh_interval = int, None, false
6cf099
 dyndns_update_ptr = bool, None, false
6cf099
 dyndns_force_tcp = bool, None, false
6cf099
 dyndns_auth = str, None, false
6cf099
+dyndns_server = str, None, false
6cf099
 
6cf099
 # Special providers
6cf099
 [provider/permit]
6cf099
diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
6cf099
index 3cbc10520098372d984d00425d03832d002d6672..7ccd29794a89fa6b69b744a47da04f908efc7ef9 100644
6cf099
--- a/src/man/sssd-ad.5.xml
6cf099
+++ b/src/man/sssd-ad.5.xml
6cf099
@@ -812,6 +812,26 @@ ad_gpo_map_deny = +my_pam_service
6cf099
                     </listitem>
6cf099
                 </varlistentry>
6cf099
 
6cf099
+                <varlistentry>
6cf099
+                    <term>dyndns_server (string)</term>
6cf099
+                    <listitem>
6cf099
+                        <para>
6cf099
+                            The DNS server to use when performing a DNS
6cf099
+                            update. In most setups, it's recommended to leave
6cf099
+                            this option unset.
6cf099
+                        </para>
6cf099
+                        <para>
6cf099
+                            Setting this option makes sense for environments
6cf099
+                            where the DNS server is different from the identity
6cf099
+                            server.
6cf099
+                        </para>
6cf099
+                        <para>
6cf099
+                            Default: None (let nsupdate choose the server)
6cf099
+                        </para>
6cf099
+                    </listitem>
6cf099
+                </varlistentry>
6cf099
+
6cf099
+
6cf099
                 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/override_homedir.xml" />
6cf099
                 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" href="include/homedir_substring.xml" />
6cf099
 
6cf099
diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml
6cf099
index 2e985991fde10827aff0e7c8e67f29a009683450..871c41607b97bd24fe5feaa282258def0fd0cc8b 100644
6cf099
--- a/src/man/sssd-ipa.5.xml
6cf099
+++ b/src/man/sssd-ipa.5.xml
6cf099
@@ -263,6 +263,25 @@
6cf099
                 </varlistentry>
6cf099
 
6cf099
                 <varlistentry>
6cf099
+                    <term>dyndns_server (string)</term>
6cf099
+                    <listitem>
6cf099
+                        <para>
6cf099
+                            The DNS server to use when performing a DNS
6cf099
+                            update. In most setups, it's recommended to leave
6cf099
+                            this option unset.
6cf099
+                        </para>
6cf099
+                        <para>
6cf099
+                            Setting this option makes sense for environments
6cf099
+                            where the DNS server is different from the identity
6cf099
+                            server.
6cf099
+                        </para>
6cf099
+                        <para>
6cf099
+                            Default: None (let nsupdate choose the server)
6cf099
+                        </para>
6cf099
+                    </listitem>
6cf099
+                </varlistentry>
6cf099
+
6cf099
+                <varlistentry>
6cf099
                     <term>ipa_hbac_search_base (string)</term>
6cf099
                     <listitem>
6cf099
                         <para>
6cf099
diff --git a/src/providers/ad/ad_opts.h b/src/providers/ad/ad_opts.h
6cf099
index d685edcb44c771b0afc7a232a82c21fc9d1c89f9..00586a7ada63ad4c89630e9589d3ff75d1726703 100644
6cf099
--- a/src/providers/ad/ad_opts.h
6cf099
+++ b/src/providers/ad/ad_opts.h
6cf099
@@ -275,6 +275,7 @@ struct dp_option ad_dyndns_opts[] = {
6cf099
     { "dyndns_update_ptr", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
6cf099
     { "dyndns_force_tcp", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
6cf099
     { "dyndns_auth", DP_OPT_STRING, { "gss-tsig" }, NULL_STRING },
6cf099
+    { "dyndns_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },
6cf099
     DP_OPTION_TERMINATOR
6cf099
 };
6cf099
 
6cf099
diff --git a/src/providers/dp_dyndns.c b/src/providers/dp_dyndns.c
6cf099
index c254d78936f412626db0533f559350de57017618..9a726bd431854342993212ce0a9759b86069cd5e 100644
6cf099
--- a/src/providers/dp_dyndns.c
6cf099
+++ b/src/providers/dp_dyndns.c
6cf099
@@ -1180,6 +1180,7 @@ static struct dp_option default_dyndns_opts[] = {
6cf099
     { "dyndns_update_ptr", DP_OPT_BOOL, BOOL_TRUE, BOOL_FALSE },
6cf099
     { "dyndns_force_tcp", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
6cf099
     { "dyndns_auth", DP_OPT_STRING, { "gss-tsig" }, NULL_STRING },
6cf099
+    { "dyndns_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },
6cf099
 
6cf099
     DP_OPTION_TERMINATOR
6cf099
 };
6cf099
diff --git a/src/providers/dp_dyndns.h b/src/providers/dp_dyndns.h
6cf099
index a8a20ec6f8a1a63cd8c85aaec3f54f9fddb42049..3cc8d122646590365a3fb6dafa6a0f699b620ad9 100644
6cf099
--- a/src/providers/dp_dyndns.h
6cf099
+++ b/src/providers/dp_dyndns.h
6cf099
@@ -55,6 +55,7 @@ enum dp_dyndns_opts {
6cf099
     DP_OPT_DYNDNS_UPDATE_PTR,
6cf099
     DP_OPT_DYNDNS_FORCE_TCP,
6cf099
     DP_OPT_DYNDNS_AUTH,
6cf099
+    DP_OPT_DYNDNS_SERVER,
6cf099
 
6cf099
     DP_OPT_DYNDNS /* attrs counter */
6cf099
 };
6cf099
diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h
6cf099
index f6c40dddbb58cd8af1079a351137422083e26cfe..78949e3ddec95f7f4303eab905bbbf6ec14ed6ae 100644
6cf099
--- a/src/providers/ipa/ipa_opts.h
6cf099
+++ b/src/providers/ipa/ipa_opts.h
6cf099
@@ -62,6 +62,7 @@ struct dp_option ipa_dyndns_opts[] = {
6cf099
     { "dyndns_update_ptr", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
6cf099
     { "dyndns_force_tcp", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
6cf099
     { "dyndns_auth", DP_OPT_STRING, { "gss-tsig" }, NULL_STRING },
6cf099
+    { "dyndns_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },
6cf099
     DP_OPTION_TERMINATOR
6cf099
 };
6cf099
 
6cf099
diff --git a/src/providers/ldap/sdap_dyndns.c b/src/providers/ldap/sdap_dyndns.c
6cf099
index a463a2fce08f42b325010cd37c501ef23aee173f..01f4f17226f1b7dd417699403b425c571b780c3a 100644
6cf099
--- a/src/providers/ldap/sdap_dyndns.c
6cf099
+++ b/src/providers/ldap/sdap_dyndns.c
6cf099
@@ -92,6 +92,7 @@ sdap_dyndns_update_send(TALLOC_CTX *mem_ctx,
6cf099
     struct tevent_req *req;
6cf099
     struct tevent_req *subreq;
6cf099
     struct sdap_dyndns_update_state *state;
6cf099
+    const char *conf_servername;
6cf099
 
6cf099
     req = tevent_req_create(mem_ctx, &state, struct sdap_dyndns_update_state);
6cf099
     if (req == NULL) {
6cf099
@@ -111,6 +112,12 @@ sdap_dyndns_update_send(TALLOC_CTX *mem_ctx,
6cf099
     state->auth_type = auth_type;
6cf099
     state->pass_num = 0;
6cf099
 
6cf099
+    conf_servername = dp_opt_get_string(opts, DP_OPT_DYNDNS_SERVER);
6cf099
+    if (conf_servername != NULL) {
6cf099
+        state->servername = conf_servername;
6cf099
+        state->use_server_with_nsupdate = true;
6cf099
+    }
6cf099
+
6cf099
     if (ifname) {
6cf099
        /* Unless one family is restricted, just replace all
6cf099
         * address families during the update
6cf099
-- 
6cf099
2.4.3
6cf099