krb5 commit: Use krb5_expand_hostname() when creating KDB
Greg Hudson
ghudson at mit.edu
Wed Aug 24 12:44:56 EDT 2016
https://github.com/krb5/krb5/commit/7715f51f3978abe78acc824efbb18b3f35751426
commit 7715f51f3978abe78acc824efbb18b3f35751426
Author: Greg Hudson <ghudson at mit.edu>
Date: Tue Nov 17 13:33:21 2015 -0500
Use krb5_expand_hostname() when creating KDB
In kdb5_util's add_admin_princs(), use krb5_expand_hostname() instead
of custom canonicalization code to canonicalize the hostname. There
are some minor behavior differences:
* Canonicalization will no longer use AI_ADDRCONFIG.
* Canonicalization will use reverse DNS if configuration permits.
* Canonicalization will be affected by the dns_canonicalize_hostname
and rdns profile variables.
* If name lookup fails, the original hostname will be used.
* A trailing dot will be removed from the name lookup result, if
present.
ticket: 8278
src/kadmin/dbutil/kadm5_create.c | 43 ++++++-------------------------------
1 files changed, 7 insertions(+), 36 deletions(-)
diff --git a/src/kadmin/dbutil/kadm5_create.c b/src/kadmin/dbutil/kadm5_create.c
index 1213050..1745a4d 100644
--- a/src/kadmin/dbutil/kadm5_create.c
+++ b/src/kadmin/dbutil/kadm5_create.c
@@ -145,59 +145,29 @@ int kadm5_create_magic_princs(kadm5_config_params *params,
static int add_admin_princs(void *handle, krb5_context context, char *realm)
{
krb5_error_code ret = 0;
- char *service_name = 0, *kiprop_name = 0, *p;
+ char *service_name = 0, *kiprop_name = 0, *canonhost = 0;
char localname[MAXHOSTNAMELEN];
- struct addrinfo *ai, ai_hints;
- int gai_error;
if (gethostname(localname, MAXHOSTNAMELEN)) {
ret = errno;
perror("gethostname");
goto clean_and_exit;
}
- memset(&ai_hints, 0, sizeof(ai_hints));
- ai_hints.ai_flags = AI_CANONNAME | AI_ADDRCONFIG;
- gai_error = getaddrinfo(localname, (char *)NULL, &ai_hints, &ai);
- if (gai_error) {
- ret = EINVAL;
- fprintf(stderr, "getaddrinfo(%s): %s\n", localname,
- gai_strerror(gai_error));
- goto clean_and_exit;
- }
- if (ai->ai_canonname == NULL) {
- ret = EINVAL;
- fprintf(stderr, _("getaddrinfo(%s): Cannot determine canonical "
- "hostname.\n"), localname);
- freeaddrinfo(ai);
+ ret = krb5_expand_hostname(context, localname, &canonhost);
+ if (ret) {
+ com_err(progname, ret, _("while canonicalizing local hostname"));
goto clean_and_exit;
}
- for (p = ai->ai_canonname; *p; p++) {
-#ifdef isascii
- if (!isascii(*p))
- continue;
-#else
- if (*p < ' ')
- continue;
- if (*p > '~')
- continue;
-#endif
- if (!isupper(*p))
- continue;
- *p = tolower(*p);
- }
- if (asprintf(&service_name, "kadmin/%s", ai->ai_canonname) < 0) {
+ if (asprintf(&service_name, "kadmin/%s", canonhost) < 0) {
ret = ENOMEM;
fprintf(stderr, _("Out of memory\n"));
- freeaddrinfo(ai);
goto clean_and_exit;
}
- if (asprintf(&kiprop_name, "kiprop/%s", ai->ai_canonname) < 0) {
+ if (asprintf(&kiprop_name, "kiprop/%s", canonhost) < 0) {
ret = ENOMEM;
fprintf(stderr, _("Out of memory\n"));
- freeaddrinfo(ai);
goto clean_and_exit;
}
- freeaddrinfo(ai);
if ((ret = add_admin_princ(handle, context,
service_name, realm,
@@ -224,6 +194,7 @@ static int add_admin_princs(void *handle, krb5_context context, char *realm)
ret = add_admin_princ(handle, context, kiprop_name, realm, 0, 0);
clean_and_exit:
+ krb5_free_string(context, canonhost);
free(service_name);
free(kiprop_name);
More information about the cvs-krb5
mailing list