diff options
| author | Greg Hudson <ghudson@mit.edu> | 2020-05-27 18:48:35 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2020-05-29 17:49:36 -0400 |
| commit | edf56aad3eb7787540252e92177f672aa6e4a407 (patch) | |
| tree | 5fd99add48656bd3f5cc002e21bb788f8a92ced4 /src/util | |
| parent | 00ec898a60ec6d1fb897d49d5db883471bd07cc8 (diff) | |
| download | krb5-edf56aad3eb7787540252e92177f672aa6e4a407.zip krb5-edf56aad3eb7787540252e92177f672aa6e4a407.tar.gz krb5-edf56aad3eb7787540252e92177f672aa6e4a407.tar.bz2 | |
Default dns_canonicalize_hostname to "fallback"
This change should mitigate some of the pain caused by the rdns=true
default (generally associated with unwanted PTR records that cannot
easily be changed), with a minimum of fallout.
Update the documentation and tests accordingly. In test environments,
disable qualify_shortname and use the uncanonicalized system hostname
(lowercased) to match the initial sn2princ result.
ticket: 8911 (new)
Diffstat (limited to 'src/util')
| -rw-r--r-- | src/util/k5test.py | 25 |
1 files changed, 6 insertions, 19 deletions
diff --git a/src/util/k5test.py b/src/util/k5test.py index 442a4e4..e58c9fd 100644 --- a/src/util/k5test.py +++ b/src/util/k5test.py @@ -193,7 +193,10 @@ Scripts may use the following functions and variables: * plugins: The plugin directory in the build tree (absolute path). -* hostname: This machine's fully-qualified domain name. +* hostname: The local hostname as it will initially appear in + krb5_sname_to_principal() results. (Shortname qualification is + turned off in the test environment to make this value easy to + discover from Python.) * null_input: A file opened to read /dev/null. @@ -525,23 +528,6 @@ def _find_srctop(): return os.path.abspath(root) -# Return the local hostname as it will be canonicalized by -# krb5_sname_to_principal. We can't simply use socket.getfqdn() -# because it explicitly prefers results containing periods and -# krb5_sname_to_principal doesn't care. -def _get_hostname(): - hostname = socket.gethostname() - try: - ai = socket.getaddrinfo(hostname, None, 0, 0, 0, socket.AI_CANONNAME) - except socket.gaierror as e: - fail('Local hostname "%s" does not resolve: %s.' % (hostname, e[1])) - (family, socktype, proto, canonname, sockaddr) = ai[0] - try: - name = socket.getnameinfo(sockaddr, socket.NI_NAMEREQD) - except socket.gaierror: - return canonname.lower() - return name[0].lower() - # Parse command line arguments, setting global option variables. Also # sets the global variable args to the positional arguments, which may # be used by the test script. @@ -1263,6 +1249,7 @@ _default_krb5_conf = { 'libdefaults': { 'default_realm': '$realm', 'dns_lookup_kdc': 'false', + 'qualify_shortname': '', 'plugin_base_dir': '$plugins'}, 'realms': {'$realm': { 'kdc': '$hostname:$port0', @@ -1363,7 +1350,7 @@ buildtop = _find_buildtop() srctop = _find_srctop() plugins = os.path.join(buildtop, 'plugins') runenv = _import_runenv() -hostname = _get_hostname() +hostname = socket.gethostname().lower() null_input = open(os.devnull, 'r') # A DB pass is a tuple of: name, kdc_conf. |