diff options
author | Lamont Granquist <lamont@scriptkiddie.org> | 2021-10-28 12:01:10 -0700 |
---|---|---|
committer | Lamont Granquist <lamont@scriptkiddie.org> | 2021-10-28 12:01:10 -0700 |
commit | e7465b541f69840dfacceb04314d504ab7a274ed (patch) | |
tree | f8c706f4c90dc953ad354ea4aa4cf4fe3c5cb42d | |
parent | 469b1e0a16534dc0f6194a197005db222bdebc21 (diff) | |
download | ohai-e7465b541f69840dfacceb04314d504ab7a274ed.tar.gz |
Fix node['fqdn'] for broken reverse record lookuplcg/fix-fqdn-for-busted-reverse-lookup
If broken.example.org has an A record to an IP address with no PTR
record (lets say to 10.20.30.40 which does not resolve in the configured
DNS servers):
```
[23] pry(main)> Addrinfo.getaddrinfo("broken.example.org", nil, nil, nil, nil, Socket::AI_CANONNAME).first.canonname
=> "broken.example.org"
```
vs:
```
> Addrinfo.getaddrinfo("broken.example.org", nil).first.getnameinfo.first
=> "10.20.30.40"
```
Effectively this change makes the ruby code behave like `hostname -f`
does which has the same behavior.
Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
-rw-r--r-- | lib/ohai/mixin/network_helper.rb | 12 | ||||
-rw-r--r-- | spec/unit/mixin/network_helper_spec.rb | 12 |
2 files changed, 22 insertions, 2 deletions
diff --git a/lib/ohai/mixin/network_helper.rb b/lib/ohai/mixin/network_helper.rb index 71ea0bdd..8a75ad08 100644 --- a/lib/ohai/mixin/network_helper.rb +++ b/lib/ohai/mixin/network_helper.rb @@ -18,6 +18,8 @@ # limitations under the License. # +require "socket" unless defined?(Socket) + module Ohai module Mixin module NetworkHelper @@ -34,10 +36,16 @@ module Ohai end # This does a forward and reverse lookup on the hostname to return what should be - # the FQDN for the host determined by name lookup (generally DNS) + # the FQDN for the host determined by name lookup (generally DNS). If the forward + # lookup fails this will throw. If the reverse lookup fails this will return the + # hostname back. The behavior on failure of the reverse lookup is both vitally important + # to this API, and completely untested, so changes to this method (not recommended) need + # to be manually validated by hand by setting up a DNS server with a broken A record to + # an IP without a PTR record (e.g. any RFC1918 space not served by the configured DNS + # server), and the method should return the hostname and not the IP address. # def canonicalize_hostname(hostname) - Addrinfo.getaddrinfo(hostname, nil).first.getnameinfo.first + Addrinfo.getaddrinfo(hostname, nil, nil, nil, nil, Socket::AI_CANONNAME).first.canonname end def canonicalize_hostname_with_retries(hostname) diff --git a/spec/unit/mixin/network_helper_spec.rb b/spec/unit/mixin/network_helper_spec.rb index a57af17f..4a2c4cbf 100644 --- a/spec/unit/mixin/network_helper_spec.rb +++ b/spec/unit/mixin/network_helper_spec.rb @@ -27,4 +27,16 @@ describe Ohai::Mixin::NetworkHelper, "Network Helper Mixin" do expect(mixin.hex_to_dec_netmask("ffff0000")).to eq("255.255.0.0") end end + + describe "canonicalize hostname" do + # this is a brittle test deliberately intended to discourage modifying this API + # (see the node in the code on the necessity of manual testing) + it "uses the correct ruby API" do + hostname = "broken.example.org" + addrinfo = instance_double(Addrinfo) + expect(Addrinfo).to receive(:getaddrinfo).with(hostname, nil, nil, nil, nil, Socket::AI_CANONNAME).and_return([addrinfo]) + expect(addrinfo).to receive(:canonname).and_return(hostname) + expect(mixin.canonicalize_hostname(hostname)).to eql(hostname) + end + end end |