Unify access to FQDN

FreeIPA's Python and C code used different approaches to get the FQDN of the host. Some places assumed that gethostname() returns a FQDN. Other code paths used glibc's resolver to resolve the current node name to a FQDN. Python code now uses the ipalib.constants.FQDN where a fully qualified domain name is expected. The variable is initialized only once and avoids potential DNS lookups. C code uses a new helper function ipa_gethostfqdn() in util package. The function implements similar logic as gethostfqdn() except it uses more modern getaddrinfo(). The result is cached as well. Fixes: https://pagure.io/freeipa/issue/8501 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2025-02-25 18:55:28 -06:00 · 2020-09-11 14:49:16 +02:00
parent 5155280bb4
commit e28ec76898
23 changed files with 226 additions and 67 deletions
--- a/ipaserver/install/installutils.py
+++ b/ipaserver/install/installutils.py
@@ -50,7 +50,7 @@ import ipaplatform
 from ipapython import ipautil, admintool, version, ipaldap
 from ipapython.admintool import ScriptError, SERVER_NOT_CONFIGURED  # noqa: E402
 from ipapython.certdb import EXTERNAL_CA_TRUST_FLAGS
-from ipalib.constants import MAXHOSTNAMELEN
+from ipalib.constants import FQDN, MAXHOSTNAMELEN
 from ipalib.util import validate_hostname
 from ipalib import api, errors, x509
 from ipalib.install import dnsforwarders
@@ -118,16 +118,16 @@ class ReplicaConfig:

    subject_base = ipautil.dn_attribute_property('_subject_base')

+
 def get_fqdn():
-    fqdn = ""
-    try:
-        fqdn = socket.getfqdn()
-    except Exception:
-        try:
-            fqdn = socket.gethostname()
-        except Exception:
-            fqdn = ""
-    return fqdn
+    """Get fully qualified domain name of current host
+
+    :note: used by ansible_freeipa
+    :deprecated: use ipalib.constants.FQDN
+    :return: str
+    """
+    return FQDN
+

 def verify_fqdn(host_name, no_host_dns=False, local_hostname=True):
    """
--- a/ipaserver/install/schemaupdate.py
+++ b/ipaserver/install/schemaupdate.py
@@ -24,9 +24,9 @@ import ldap.schema

 import ipapython.version
 from ipalib import api
+from ipalib.constants import FQDN
 from ipapython.dn import DN
 from ipaserver.install.ldapupdate import connect
-from ipaserver.install import installutils


 SCHEMA_ELEMENT_CLASSES = (
@@ -105,9 +105,7 @@ def update_schema(schema_files, ldapi=False):
    """
    SCHEMA_ELEMENT_CLASSES_KEYS = [x[0] for x in SCHEMA_ELEMENT_CLASSES]

-    conn = connect(ldapi=ldapi,
-                   realm=api.env.realm,
-                   fqdn=installutils.get_fqdn())
+    conn = connect(ldapi=ldapi, realm=api.env.realm, fqdn=FQDN)

    old_schema = conn.schema

--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -31,7 +31,7 @@ from ipaplatform import services
 from ipaplatform.paths import paths
 from ipaplatform.tasks import tasks
 from ipalib import api, errors, x509
-from ipalib.constants import DOMAIN_LEVEL_0
+from ipalib.constants import DOMAIN_LEVEL_0, FQDN
 from ipalib.facts import is_ipa_configured, is_ipa_client_configured
 from ipalib.util import (
    validate_domain_name,
@@ -44,7 +44,7 @@ from ipaserver.install import (
    otpdinstance, custodiainstance, replication, service,
    sysupgrade, cainstance)
 from ipaserver.install.installutils import (
-    BadHostError, get_fqdn, get_server_ip_address,
+    BadHostError, get_server_ip_address,
    load_pkcs12, read_password, verify_fqdn, update_hosts_file,
    validate_mask)

@@ -493,7 +493,7 @@ def install_check(installer):
    if options.host_name:
        host_default = options.host_name
    else:
-        host_default = get_fqdn()
+        host_default = FQDN

    if installer.interactive and not options.host_name:
        host_name = read_host_name(host_default)
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@@ -22,7 +22,6 @@ from __future__ import absolute_import
 import logging
 import sys
 import os
-import socket
 import time
 import traceback
 import tempfile
@@ -35,6 +34,7 @@ from ipapython import ipautil
 from ipapython.dn import DN
 from ipapython import kerberos
 from ipalib import api, errors, x509
+from ipalib.constants import FQDN
 from ipaplatform import services
 from ipaplatform.constants import User
 from ipaplatform.paths import paths
@@ -291,7 +291,7 @@ class Service:
        self.steps = []
        self.output_fd = sys.stdout

-        self.fqdn = socket.gethostname()
+        self.fqdn = FQDN

        if sstore:
            self.sstore = sstore