From b6d54af437e02f30a23fb12da13671a3f63d1a46 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
Date: Mon, 14 May 2018 09:01:15 +0200
Subject: [PATCH] Resolves: upstream#3725 - sssd not honoring dyndns_server if
 the DNS update process is terminated with a signal
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 510134aa0284b3381c8befcfca183dadbf7fba6c)
(cherry picked from commit e4e9316ad9ca11ce97ef686cba08ce837d0f7ba7)
---
 ...retry-logic-into-a-separate-function.patch | 63 ++++++++++++++++++
 0056-DYNDNS-Retry-also-on-timeouts.patch      | 65 +++++++++++++++++++
 sssd.spec                                     |  4 ++
 3 files changed, 132 insertions(+)
 create mode 100644 0055-DYNDNS-Move-the-retry-logic-into-a-separate-function.patch
 create mode 100644 0056-DYNDNS-Retry-also-on-timeouts.patch

diff --git a/0055-DYNDNS-Move-the-retry-logic-into-a-separate-function.patch b/0055-DYNDNS-Move-the-retry-logic-into-a-separate-function.patch
new file mode 100644
index 0000000..e176b6d
--- /dev/null
+++ b/0055-DYNDNS-Move-the-retry-logic-into-a-separate-function.patch
@@ -0,0 +1,63 @@
+From 4452b5e6adb03378ccb8e581e60e73c2237644cf Mon Sep 17 00:00:00 2001
+From: Jakub Hrozek <jhrozek@redhat.com>
+Date: Mon, 30 Apr 2018 11:16:25 +0200
+Subject: [PATCH] DYNDNS: Move the retry logic into a separate function
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Let's not repeat ourselves
+
+Related to:
+https://pagure.io/SSSD/sssd/issue/3725
+
+Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
+(cherry picked from commit 65034a715e5071ad944bf37b414c6a36bf60cf29)
+---
+ src/providers/ldap/sdap_dyndns.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/src/providers/ldap/sdap_dyndns.c b/src/providers/ldap/sdap_dyndns.c
+index 9d28b5758..f791ba9f3 100644
+--- a/src/providers/ldap/sdap_dyndns.c
++++ b/src/providers/ldap/sdap_dyndns.c
+@@ -79,6 +79,16 @@ static struct sss_iface_addr*
+ sdap_get_address_to_delete(struct sss_iface_addr *address_it,
+                            uint8_t remove_af);
+ 
++static bool should_retry(int child_status)
++{
++    if (WIFEXITED(child_status)
++            && WEXITSTATUS(child_status) != 0) {
++        return true;
++    }
++
++    return false;
++}
++
+ struct tevent_req *
+ sdap_dyndns_update_send(TALLOC_CTX *mem_ctx,
+                         struct tevent_context *ev,
+@@ -371,8 +381,7 @@ sdap_dyndns_update_done(struct tevent_req *subreq)
+     if (ret != EOK) {
+         /* If the update didn't succeed, we can retry using the server name */
+         if (state->fallback_mode == false
+-                && WIFEXITED(child_status)
+-                && WEXITSTATUS(child_status) != 0) {
++                && should_retry(child_status)) {
+             state->fallback_mode = true;
+             DEBUG(SSSDBG_MINOR_FAILURE,
+                   "nsupdate failed, retrying.\n");
+@@ -514,8 +523,7 @@ sdap_dyndns_update_ptr_done(struct tevent_req *subreq)
+     if (ret != EOK) {
+         /* If the update didn't succeed, we can retry using the server name */
+         if (state->fallback_mode == false
+-                && WIFEXITED(child_status)
+-                && WEXITSTATUS(child_status) != 0) {
++                && should_retry(child_status)) {
+             state->fallback_mode = true;
+             DEBUG(SSSDBG_MINOR_FAILURE, "nsupdate failed, retrying\n");
+             ret = sdap_dyndns_update_ptr_step(req);
+-- 
+2.17.0
+
diff --git a/0056-DYNDNS-Retry-also-on-timeouts.patch b/0056-DYNDNS-Retry-also-on-timeouts.patch
new file mode 100644
index 0000000..98ebfd0
--- /dev/null
+++ b/0056-DYNDNS-Retry-also-on-timeouts.patch
@@ -0,0 +1,65 @@
+From 288c9c42534f0ae24af51ad4b439cdd2656266f9 Mon Sep 17 00:00:00 2001
+From: Jakub Hrozek <jhrozek@redhat.com>
+Date: Mon, 30 Apr 2018 11:18:49 +0200
+Subject: [PATCH] DYNDNS: Retry also on timeouts
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+There is the dyndns_server option that is supposed to make it possible
+for the admin to select a server to update DNS with if the server
+detected by nsupdate does not work. The fallback works OK for the case
+where nsupdate fails with a non-zero return code, but doesn't work
+for the case where nsupdate times out.
+
+This patch extends the retry condition to also fallback to the
+dyndns_server directive if nsupdate return ERR_DYNDNS_TIMEOUT.
+
+Resolves:
+https://pagure.io/SSSD/sssd/issue/3725
+
+Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
+(cherry picked from commit b57dfac8a047494162395422447ed5675806cfdc)
+---
+ src/providers/ldap/sdap_dyndns.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/providers/ldap/sdap_dyndns.c b/src/providers/ldap/sdap_dyndns.c
+index f791ba9f3..20d97ca41 100644
+--- a/src/providers/ldap/sdap_dyndns.c
++++ b/src/providers/ldap/sdap_dyndns.c
+@@ -79,10 +79,10 @@ static struct sss_iface_addr*
+ sdap_get_address_to_delete(struct sss_iface_addr *address_it,
+                            uint8_t remove_af);
+ 
+-static bool should_retry(int child_status)
++static bool should_retry(int nsupdate_ret, int child_status)
+ {
+-    if (WIFEXITED(child_status)
+-            && WEXITSTATUS(child_status) != 0) {
++    if ((WIFEXITED(child_status) && WEXITSTATUS(child_status) != 0)
++         || nsupdate_ret == ERR_DYNDNS_TIMEOUT) {
+         return true;
+     }
+ 
+@@ -381,7 +381,7 @@ sdap_dyndns_update_done(struct tevent_req *subreq)
+     if (ret != EOK) {
+         /* If the update didn't succeed, we can retry using the server name */
+         if (state->fallback_mode == false
+-                && should_retry(child_status)) {
++                && should_retry(ret, child_status)) {
+             state->fallback_mode = true;
+             DEBUG(SSSDBG_MINOR_FAILURE,
+                   "nsupdate failed, retrying.\n");
+@@ -523,7 +523,7 @@ sdap_dyndns_update_ptr_done(struct tevent_req *subreq)
+     if (ret != EOK) {
+         /* If the update didn't succeed, we can retry using the server name */
+         if (state->fallback_mode == false
+-                && should_retry(child_status)) {
++                && should_retry(ret, child_status)) {
+             state->fallback_mode = true;
+             DEBUG(SSSDBG_MINOR_FAILURE, "nsupdate failed, retrying\n");
+             ret = sdap_dyndns_update_ptr_step(req);
+-- 
+2.17.0
+
diff --git a/sssd.spec b/sssd.spec
index c6f1e8f..11b446a 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -97,6 +97,8 @@ Patch0051: 0051-FILES-Skip-files-that-are-not-created-yet.patch
 Patch0052: 0052-FILES-Only-send-the-request-for-update-if-the-files-.patch
 Patch0053: 0053-TESTS-simple-CA-to-generate-certificates-for-test.patch
 Patch0054: 0054-TESTS-replace-hardcoded-certificates.patch
+Patch0055: 0055-DYNDNS-Move-the-retry-logic-into-a-separate-function.patch
+Patch0056: 0056-DYNDNS-Retry-also-on-timeouts.patch
 
 Patch0502: 0502-SYSTEMD-Use-capabilities.patch
 Patch0503: 0503-Disable-stopping-idle-socket-activated-responders.patch
@@ -1300,6 +1302,8 @@ fi
 * Mon May 14 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-5
 - Related: upstream#3436 - Certificates used in unit tests have limited
                            lifetime
+- Resolves: upstream#3725 - sssd not honoring dyndns_server if the DNS update
+                            process is terminated with a signal
 
 * Sat May 05 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-4
 - Resolves: rhbz#1574778 - sssd fails to download known_hosts from freeipa