diff options
| author | Greg Hudson <ghudson@mit.edu> | 2011-06-23 04:13:38 +0000 |
|---|---|---|
| committer | Tom Yu <tlyu@mit.edu> | 2012-06-08 15:05:51 -0400 |
| commit | e07cb2720551eaf1369ab388e8db61ee41c51c5b (patch) | |
| tree | f651c14fdfa5543e3232035a89192bf555d610c0 | |
| parent | b89d4e5b358f320ed5254143d51edfe49060455f (diff) | |
| download | krb5-e07cb2720551eaf1369ab388e8db61ee41c51c5b.zip krb5-e07cb2720551eaf1369ab388e8db61ee41c51c5b.tar.gz krb5-e07cb2720551eaf1369ab388e8db61ee41c51c5b.tar.bz2 | |
Work around glibc getaddrinfo PTR lookups
In krb5_sname_to_principal(), we always do a forward canonicalization
using getaddrinfo() with AI_CANONNAME set. Then, we do a reverse
canonicalization with getnameinfo() if rdns isn't set to false in
libdefaults.
Current glibc (tested with eglibc 2.11.1) has the arguably buggy
behavior of doing PTR lookups in getaddrinfo() to get the canonical
name, if hints.ai_family is set to something other than AF_UNSPEC.
This behavior defeats the ability to turn off rdns. Work around this
behavior by using AF_UNSPEC in krb5_sname_to_principal() from the
start, instead of starting with AF_INET and falling back. Specify
AI_ADDRCONFIG to avoid AAAA lookups on hosts with no IPv6 addresses.
(cherry picked from commit bc8594e7c388c8a5cfb9516a0980877cb1321d32)
In sn2princ, getaddrinfo without AI_ADDRCONFIG
When canonicalizing a principal, use AI_CANONNAME alone in the hint
flags for getaddrinfo, for two reasons. First, it works around a gnu
libc bug where getaddrinfo does a PTR lookup for the canonical name
(we tried to work around this in r24977 bug the addition of
AI_ADDRCONFIG caused the same problem as the use of AF_INET). Second,
an IPv4-only host should be able create a principal for an IPv6-only
host even if it can't contact the host.
This does result in extra AAAA queries in the common case (IPv4-only
host contacting IPv4-only service), which is unfortunate. But we need
to leave that optimization up to the platform at this point.
(cherry picked from commit c3ab5fe0b01a68b14d5657740006488721b48b7b)
ticket: 7164 (new)
version_fixed: 1.9.4
status: resolved
| -rw-r--r-- | src/lib/krb5/os/sn2princ.c | 7 |
1 files changed, 0 insertions, 7 deletions
diff --git a/src/lib/krb5/os/sn2princ.c b/src/lib/krb5/os/sn2princ.c index 9645fef..0a82161 100644 --- a/src/lib/krb5/os/sn2princ.c +++ b/src/lib/krb5/os/sn2princ.c @@ -107,19 +107,12 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * hostnames associated. */ memset(&hints, 0, sizeof(hints)); - hints.ai_family = AF_INET; hints.ai_flags = AI_CANONNAME; - try_getaddrinfo_again: err = getaddrinfo(hostname, 0, &hints, &ai); if (err) { #ifdef DEBUG_REFERRALS printf("sname_to_princ: probably punting due to bad hostname of %s\n",hostname); #endif - if (hints.ai_family == AF_INET) { - /* Just in case it's an IPv6-only name. */ - hints.ai_family = 0; - goto try_getaddrinfo_again; - } return KRB5_ERR_BAD_HOSTNAME; } remote_host = strdup(ai->ai_canonname ? ai->ai_canonname : hostname); |