[krbdev.mit.edu #7184] SVN Commit

[Tom Yu via RT]

Work around glibc getaddrinfo PTR lookups

In krb5_sname_to_principal(), we always do a forward canonicalization
using getaddrinfo() with AI_CANONNAME set.  Then, we do a reverse
canonicalization with getnameinfo() if rdns isn't set to false in
libdefaults.

Current glibc (tested with eglibc 2.11.1) has the arguably buggy
behavior of doing PTR lookups in getaddrinfo() to get the canonical
name, if hints.ai_family is set to something other than AF_UNSPEC.
This behavior defeats the ability to turn off rdns.  Work around this
behavior by using AF_UNSPEC in krb5_sname_to_principal() from the
start, instead of starting with AF_INET and falling back.  Specify
AI_ADDRCONFIG to avoid AAAA lookups on hosts with no IPv6 addresses.

(cherry picked from commit bc8594e7c388c8a5cfb9516a0980877cb1321d32)

In sn2princ, getaddrinfo without AI_ADDRCONFIG

When canonicalizing a principal, use AI_CANONNAME alone in the hint
flags for getaddrinfo, for two reasons.  First, it works around a gnu
libc bug where getaddrinfo does a PTR lookup for the canonical name
(we tried to work around this in r24977 bug the addition of
AI_ADDRCONFIG caused the same problem as the use of AF_INET).  Second,
an IPv4-only host should be able create a principal for an IPv6-only
host even if it can't contact the host.

This does result in extra AAAA queries in the common case (IPv4-only
host contacting IPv4-only service), which is unfortunate.  But we need
to leave that optimization up to the platform at this point.

(cherry picked from commit c3ab5fe0b01a68b14d5657740006488721b48b7b)

https://github.com/krb5/krb5/commit/ceb037a667a6411ebb56f67535cb0d76f9511e4c
Author: Greg Hudson <ghudson at mit.edu>
Committer: Tom Yu <tlyu at mit.edu>
Commit: ceb037a667a6411ebb56f67535cb0d76f9511e4c
Branch: krb5-1.8
 src/lib/krb5/os/sn2princ.c |    7 -------
 1 files changed, 0 insertions(+), 7 deletions(-)