ldap/admin/src/scripts/DSCreate.pm.in | 5 ++
ldap/admin/src/scripts/DSUtil.pm.in | 67 +++++++++++++++++++++++++++++-
ldap/admin/src/scripts/SetupDialogs.pm.in | 10 +++-
ldap/admin/src/scripts/setup-ds.res.in | 12 ++++-
4 files changed, 88 insertions(+), 6 deletions(-)
New commits:
commit 2af43a860bdec34e4b8368470ad9822fa8d1253b
Author: Rich Megginson <rmeggins(a)redhat.com>
Date: Wed Mar 2 15:15:22 2011 -0700
Bug 518890 - setup-ds-admin.pl - improve hostname validation
https://bugzilla.redhat.com/show_bug.cgi?id=518890
Resolves: bug 518890
Bug Description: setup-ds-admin.pl - No fully qualified domain name in brackets +
Error: failed to open an LDAP connection to host 'host.domain' port '389'
as user 'cn=Directory Manager'. Error: unknown.
Reviewed by: nhosoi, nkinder (Thanks!)
Branch: master
Fix Description: Create a new function called checkHostname. This function
will perform various checks on the given hostname:
* see if it looks like an fqdn
* see if it resolves
* see if its IP addresses resolve back to the given hostname
In interactive mode, if there are problems with the hostname, the user will
be warned, and prompted to proceed anyway with the problematic hostname.
The prompt default is No, so the user will have to type Yes to proceed with
the problematic hostname.
In silent mode, the warning messages will be printed and logged.
Platforms tested: RHEL6 x86_64
Flag Day: no
Doc impact: Yes - will need to update the install guide
diff --git a/ldap/admin/src/scripts/DSCreate.pm.in
b/ldap/admin/src/scripts/DSCreate.pm.in
index fcad74d..ed40ae1 100644
--- a/ldap/admin/src/scripts/DSCreate.pm.in
+++ b/ldap/admin/src/scripts/DSCreate.pm.in
@@ -139,6 +139,11 @@ sub sanityCheckParams {
debug(0, "WARNING: The root password is less than 8 characters long. You
should choose a longer one.\n");
}
+ my $str = checkHostname($inf->{General}->{FullMachineName});
+ if ($str) {
+ debug(0, $str);
+ }
+
return ();
}
diff --git a/ldap/admin/src/scripts/DSUtil.pm.in b/ldap/admin/src/scripts/DSUtil.pm.in
index 22f25dc..d330d0b 100644
--- a/ldap/admin/src/scripts/DSUtil.pm.in
+++ b/ldap/admin/src/scripts/DSUtil.pm.in
@@ -49,12 +49,12 @@ require Exporter;
process_maptbl check_and_add_entry getMappedEntries addErr
getHashedPassword debug createInfFromConfig shellEscape
isValidServerID isValidUser isValidGroup makePaths getLogin getGroup
- remove_tree remove_pidfile setDebugLog);
+ remove_tree remove_pidfile setDebugLog checkHostname);
@EXPORT_OK = qw(portAvailable getAvailablePort isValidDN addSuffix getMappedEntries
process_maptbl check_and_add_entry getMappedEntries addErr
getHashedPassword debug createInfFromConfig shellEscape
isValidServerID isValidUser isValidGroup makePaths getLogin getGroup
- remove_tree remove_pidfile setDebugLog);
+ remove_tree remove_pidfile setDebugLog checkHostname);
use strict;
@@ -190,6 +190,69 @@ sub isValidGroup {
return ();
}
+# arguments
+# - hostname - the hostname to look for
+# - res - the Resource object to use to construct messages
+# returns - the error message string, or "" upon success
+sub checkHostname {
+ my $hn = shift;
+ my $res = shift;
+
+ # see if hostname is an fqdn
+ if ($hn !~ /\./) {
+ if ($res) {
+ return $res->getText('warning_hostname_not_fully_qualified',
$hn);
+ } else {
+ return "Warning: hostname $hn is not a fully qualified host and domain
name\n";
+ }
+ }
+
+ # see if we can resolve the hostname
+ my ($name, $aliases, $addrtype, $length, @addrs) = gethostbyname($hn);
+ if (!$name) {
+ if ($res) {
+ return $res->getText('warning_no_such_hostname', $hn);
+ } else {
+ return "Warning: could not resolve hostname $hn\n";
+ }
+ }
+ debug(1, "found for hostname $hn: name=$name\n");
+ debug(1, "aliases=$aliases\n");
+ debug(1, "addrtype=$addrtype\n");
+ my $found = 0;
+ my @hostip = ();
+ # see if reverse resolution works
+ foreach my $ii (@addrs) {
+ my $hn2 = gethostbyaddr($ii, $addrtype);
+ my $ip = join('.', unpack('C4', $ii));
+ debug(1, "\thost=$hn2 ip=$ip\n");
+ push @hostip, [$hn2, $ip];
+ if (lc($hn) eq lc($hn2)) {
+ $found = 1;
+ last;
+ }
+ }
+ if (!$found) {
+ my $retstr = "";
+ if ($res) {
+ $retstr = $res->getText('warning_reverse_resolve', $hn, $hn);
+ } else {
+ $retstr = "Warning: Hostname $hn is valid, but none of the IP
addresses\nresolve back to $hn\n";
+ }
+ for my $ii (@hostip) {
+ if ($res) {
+ $retstr .= $res->getText('warning_reverse_resolve_sub',
$ii->[1], $ii->[0]);
+ } else {
+ $retstr .= "\taddress $ii->[1] resolves to host
$ii->[0]\n";
+ }
+ }
+ return $retstr;
+ }
+
+ debug(1, "hostname $hn resolves correctly\n");
+ return '';
+}
+
# delete the subtree starting from the passed entry
sub delete_all
{
diff --git a/ldap/admin/src/scripts/SetupDialogs.pm.in
b/ldap/admin/src/scripts/SetupDialogs.pm.in
index dd05b04..a1c1a02 100644
--- a/ldap/admin/src/scripts/SetupDialogs.pm.in
+++ b/ldap/admin/src/scripts/SetupDialogs.pm.in
@@ -134,8 +134,14 @@ my $hostdlg = new Dialog (
my $self = shift;
my $ans = shift;
my $res = $DialogManager::NEXT;
- if ($ans !~ /\./) {
- $self->{manager}->alert("dialog_hostname_warning", $ans);
+ my $str;
+ if ($str = checkHostname($ans, $self->{manager}->{res})) {
+ my $promptary = ["dialog_hostname_warning", $str, $ans];
+ my $yesorno = $self->{manager}->showPrompt($promptary,
$self->{manager}->getText("no"));
+ $res = DialogYesNo::handleResponse($self, $yesorno);
+ if ($res == $DialogManager::NEXT) {
+ $res = $DialogManager::SAME if (!DialogYesNo::isYes($self));
+ }
}
$self->{manager}->{inf}->{General}->{FullMachineName} = $ans;
return $res;
diff --git a/ldap/admin/src/scripts/setup-ds.res.in
b/ldap/admin/src/scripts/setup-ds.res.in
index 344fcf9..1814493 100644
--- a/ldap/admin/src/scripts/setup-ds.res.in
+++ b/ldap/admin/src/scripts/setup-ds.res.in
@@ -37,8 +37,6 @@ dialog_hostname_text = Enter the fully qualified domain name of the
computer\non
dialog_hostname_prompt = Computer name
-dialog_hostname_warning = The hostname %s does not look like a\nfully qualified host and
domain name.\nIf you feel you have made a mistake,\nplease go back to this dialog and
enter another name.\n\n
-
# ----------- SSUser Dialog Resource ----------------
dialog_ssuser_text = The server must run as a specific user in a specific group.\nIt is
strongly recommended that this user should have no privileges\non the computer (i.e. a
non-root user). The setup procedure\nwill give this user/group some permissions in
specific paths/files\nto perform server-specific operations.\n\nIf you have not yet
created a user and group for the server,\ncreate this user and group using your native
operating\nsystem utilities.\n\n
@@ -192,3 +190,13 @@ error_invalid_dbinst_dir = Invalid database instance dir
'%s'.\n
error_cant_backup_db = Failed to back up backend instance '%s'. Error: %s\n
error_cant_convert_db = Failed to convert backend instance '%s'. Error: %s\n
error_missing_entrydn = Backend instance '%s' does not have database files to
upgrade.\n
+warning_hostname_not_fully_qualified = The hostname '%s' does not look like
a\nfully qualified host and domain name.\n
+warning_no_such_hostname = Could not find an address for hostname '%s'.\n
+warning_reverse_resolve = Hostname '%s' is valid, but none of the IP addresses\
+resolve back to %s\n
+warning_reverse_resolve_sub = - address %s resolves to host %s\n
+dialog_hostname_warning = \nWARNING: There are problems with the hostname.\n%s\
+Please check the spelling of the hostname and/or your network configuration.\
+If you proceed with this hostname, you may encounter problems.\
+\
+Do you want to proceed with hostname '%s'?