From fd5b6bd9fd2c79b438349bada2c1a80f44daae0f Mon Sep 17 00:00:00 2001

From: Sumit Bose <sbose@redhat.com>

Date: Fri, 15 Mar 2019 17:33:44 +0100

Subject: [PATCH 25/25] library: use getaddrinfo with AI_CANONNAME to find a

 FQDN

​

Currently adcli creates service principals only with a short name if the

hostname of the client is a short name. This would fail is

Kerberos/GSSAPI clients will use the fully-qualified domain name (FQDN)

to access the host.

​

With this patch adcli tries to expand the short name by calling

getaddrinfo with the AI_CANONNAME hint.

​

Related to https://gitlab.freedesktop.org/realmd/adcli/issues/1

---

 doc/adcli.xml    |  6 +++++-

 library/adconn.c | 30 +++++++++++++++++++++++++++++-

 2 files changed, 34 insertions(+), 2 deletions(-)

​

diff --git a/doc/adcli.xml b/doc/adcli.xml

index 7003e5f..2fe9309 100644

--- a/doc/adcli.xml

+++ b/doc/adcli.xml

@@ -225,7 +225,11 @@ Password for Administrator:

            <term><option>-H, --host-fqdn=<parameter>host</parameter></option></term>

            <listitem><para>Override the local machine's fully qualified

            domain name. If not specified the local machine's hostname

-           will be retrieved via <function>gethostname()</function>.</para></listitem>

+           will be retrieved via <function>gethostname()</function>.

+           If <function>gethostname()</function> only returns a short name

+           <function>getaddrinfo()</function> with the AI_CANONNAME hint

+           is called to expand the name to a fully qualified domain

+           name.</para></listitem>

        </varlistentry>

        <varlistentry>

            <term><option>-K, --host-keytab=<parameter>/path/to/keytab</parameter></option></term>

diff --git a/library/adconn.c b/library/adconn.c

index e2250e3..f6c23d3 100644

--- a/library/adconn.c

+++ b/library/adconn.c

@@ -86,11 +86,36 @@ struct _adcli_conn_ctx {

    krb5_keytab keytab;

 };

+static char *try_to_get_fqdn (const char *host_name)

+{

+   int ret;

+   char *fqdn = NULL;

+   struct addrinfo *res;

+   struct addrinfo hints;

+

+   memset (&hints, 0, sizeof (struct addrinfo));

+   hints.ai_socktype = SOCK_DGRAM;

+   hints.ai_flags = AI_CANONNAME;

+

+   ret = getaddrinfo (host_name, NULL, &hints, &res);

+   if (ret != 0) {

+       _adcli_err ("Failed to find FQDN: %s", gai_strerror (ret));

+       return NULL;

+   }

+

+   fqdn = strdup (res->ai_canonname);

+

+   freeaddrinfo (res);

+

+   return fqdn;

+}

+

 static adcli_result

 ensure_host_fqdn (adcli_result res,

                   adcli_conn *conn)

 {

    char hostname[HOST_NAME_MAX + 1];

+   char *fqdn = NULL;

    int ret;

    if (res != ADCLI_SUCCESS)

@@ -107,7 +132,10 @@ ensure_host_fqdn (adcli_result res,

        return ADCLI_ERR_UNEXPECTED;

    }

-   conn->host_fqdn = strdup (hostname);

+   if (strchr (hostname, '.') == NULL) {

+       fqdn = try_to_get_fqdn (hostname);

+   }

+   conn->host_fqdn = fqdn != NULL ? fqdn : strdup (hostname);

    return_unexpected_if_fail (conn->host_fqdn != NULL);

    return ADCLI_SUCCESS;

 }

-- 

2.16.4

​

​