Resolves: upstream#3725 - sssd not honoring dyndns_server if the DNS update process is terminated with a signal

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
This commit is contained in:
Fabiano Fidêncio 2018-05-14 09:01:15 +02:00
parent 5e1db8fc3e
commit 510134aa02
3 changed files with 132 additions and 0 deletions

View File

@ -0,0 +1,63 @@
From 4452b5e6adb03378ccb8e581e60e73c2237644cf Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 30 Apr 2018 11:16:25 +0200
Subject: [PATCH] DYNDNS: Move the retry logic into a separate function
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Let's not repeat ourselves
Related to:
https://pagure.io/SSSD/sssd/issue/3725
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 65034a715e5071ad944bf37b414c6a36bf60cf29)
---
src/providers/ldap/sdap_dyndns.c | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/src/providers/ldap/sdap_dyndns.c b/src/providers/ldap/sdap_dyndns.c
index 9d28b5758..f791ba9f3 100644
--- a/src/providers/ldap/sdap_dyndns.c
+++ b/src/providers/ldap/sdap_dyndns.c
@@ -79,6 +79,16 @@ static struct sss_iface_addr*
sdap_get_address_to_delete(struct sss_iface_addr *address_it,
uint8_t remove_af);
+static bool should_retry(int child_status)
+{
+ if (WIFEXITED(child_status)
+ && WEXITSTATUS(child_status) != 0) {
+ return true;
+ }
+
+ return false;
+}
+
struct tevent_req *
sdap_dyndns_update_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
@@ -371,8 +381,7 @@ sdap_dyndns_update_done(struct tevent_req *subreq)
if (ret != EOK) {
/* If the update didn't succeed, we can retry using the server name */
if (state->fallback_mode == false
- && WIFEXITED(child_status)
- && WEXITSTATUS(child_status) != 0) {
+ && should_retry(child_status)) {
state->fallback_mode = true;
DEBUG(SSSDBG_MINOR_FAILURE,
"nsupdate failed, retrying.\n");
@@ -514,8 +523,7 @@ sdap_dyndns_update_ptr_done(struct tevent_req *subreq)
if (ret != EOK) {
/* If the update didn't succeed, we can retry using the server name */
if (state->fallback_mode == false
- && WIFEXITED(child_status)
- && WEXITSTATUS(child_status) != 0) {
+ && should_retry(child_status)) {
state->fallback_mode = true;
DEBUG(SSSDBG_MINOR_FAILURE, "nsupdate failed, retrying\n");
ret = sdap_dyndns_update_ptr_step(req);
--
2.17.0

View File

@ -0,0 +1,65 @@
From 288c9c42534f0ae24af51ad4b439cdd2656266f9 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 30 Apr 2018 11:18:49 +0200
Subject: [PATCH] DYNDNS: Retry also on timeouts
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
There is the dyndns_server option that is supposed to make it possible
for the admin to select a server to update DNS with if the server
detected by nsupdate does not work. The fallback works OK for the case
where nsupdate fails with a non-zero return code, but doesn't work
for the case where nsupdate times out.
This patch extends the retry condition to also fallback to the
dyndns_server directive if nsupdate return ERR_DYNDNS_TIMEOUT.
Resolves:
https://pagure.io/SSSD/sssd/issue/3725
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit b57dfac8a047494162395422447ed5675806cfdc)
---
src/providers/ldap/sdap_dyndns.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/providers/ldap/sdap_dyndns.c b/src/providers/ldap/sdap_dyndns.c
index f791ba9f3..20d97ca41 100644
--- a/src/providers/ldap/sdap_dyndns.c
+++ b/src/providers/ldap/sdap_dyndns.c
@@ -79,10 +79,10 @@ static struct sss_iface_addr*
sdap_get_address_to_delete(struct sss_iface_addr *address_it,
uint8_t remove_af);
-static bool should_retry(int child_status)
+static bool should_retry(int nsupdate_ret, int child_status)
{
- if (WIFEXITED(child_status)
- && WEXITSTATUS(child_status) != 0) {
+ if ((WIFEXITED(child_status) && WEXITSTATUS(child_status) != 0)
+ || nsupdate_ret == ERR_DYNDNS_TIMEOUT) {
return true;
}
@@ -381,7 +381,7 @@ sdap_dyndns_update_done(struct tevent_req *subreq)
if (ret != EOK) {
/* If the update didn't succeed, we can retry using the server name */
if (state->fallback_mode == false
- && should_retry(child_status)) {
+ && should_retry(ret, child_status)) {
state->fallback_mode = true;
DEBUG(SSSDBG_MINOR_FAILURE,
"nsupdate failed, retrying.\n");
@@ -523,7 +523,7 @@ sdap_dyndns_update_ptr_done(struct tevent_req *subreq)
if (ret != EOK) {
/* If the update didn't succeed, we can retry using the server name */
if (state->fallback_mode == false
- && should_retry(child_status)) {
+ && should_retry(ret, child_status)) {
state->fallback_mode = true;
DEBUG(SSSDBG_MINOR_FAILURE, "nsupdate failed, retrying\n");
ret = sdap_dyndns_update_ptr_step(req);
--
2.17.0

View File

@ -96,6 +96,8 @@ Patch0051: 0051-FILES-Skip-files-that-are-not-created-yet.patch
Patch0052: 0052-FILES-Only-send-the-request-for-update-if-the-files-.patch
Patch0053: 0053-TESTS-simple-CA-to-generate-certificates-for-test.patch
Patch0054: 0054-TESTS-replace-hardcoded-certificates.patch
Patch0055: 0055-DYNDNS-Move-the-retry-logic-into-a-separate-function.patch
Patch0056: 0056-DYNDNS-Retry-also-on-timeouts.patch
Patch0502: 0502-SYSTEMD-Use-capabilities.patch
Patch0503: 0503-Disable-stopping-idle-socket-activated-responders.patch
@ -1300,6 +1302,8 @@ fi
* Mon May 14 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-5
- Related: upstream#3436 - Certificates used in unit tests have limited
lifetime
- Resolves: upstream#3725 - sssd not honoring dyndns_server if the DNS update
process is terminated with a signal
* Sat May 05 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-4
- Resolves: rhbz#1574778 - sssd fails to download known_hosts from freeipa