svn rev #25357: trunk/src/lib/krb5/os/
hartmans@MIT.EDU
hartmans at MIT.EDU
Sun Oct 16 20:45:23 EDT 2011
http://src.mit.edu/fisheye/changelog/krb5/?cs=25357
Commit By: hartmans
Log Message:
sn2princ: On getaddrinfo failure use the input
RFC 4120 says that we should not canonicalize using DNS. We cannot get
that far today, but there's no reason we should fail to use a
perfectly good principal name just because DNS is failing. For some
services there isn't even a requirement they be in DNS. With
AI_ADDRCONFIG there's no reason that Kerberos canonicalization should
fail simply because a v6 address is not present, for example. So, if
getaddrinfo fails in krb5_sname_to_principal simply use the input
hostname uncanonicalized.
Changed Files:
U trunk/src/lib/krb5/os/sn2princ.c
Modified: trunk/src/lib/krb5/os/sn2princ.c
===================================================================
--- trunk/src/lib/krb5/os/sn2princ.c 2011-10-15 16:56:30 UTC (rev 25356)
+++ trunk/src/lib/krb5/os/sn2princ.c 2011-10-17 00:45:23 UTC (rev 25357)
@@ -109,17 +109,16 @@
err = getaddrinfo(hostname, 0, &hints, &ai);
if (err) {
#ifdef DEBUG_REFERRALS
- printf("sname_to_princ: probably punting due to bad hostname of %s\n",hostname);
+ printf("sname_to_princ: failed to canonicalize %s; using as-is", hostname);
#endif
- return KRB5_ERR_BAD_HOSTNAME;
}
- remote_host = strdup(ai->ai_canonname ? ai->ai_canonname : hostname);
+ remote_host = strdup((ai && ai->ai_canonname) ? ai->ai_canonname : hostname);
if (!remote_host) {
freeaddrinfo(ai);
return ENOMEM;
}
- if (maybe_use_reverse_dns(context, DEFAULT_RDNS_LOOKUP)) {
+ if ((!err) && maybe_use_reverse_dns(context, DEFAULT_RDNS_LOOKUP)) {
/*
* Do a reverse resolution to get the full name, just in
* case there's some funny business going on. If there
More information about the cvs-krb5
mailing list