Work around glibc getaddrinfo PTR lookups

In krb5_sname_to_principal(), we always do a forward canonicalization
using getaddrinfo() with AI_CANONNAME set.  Then, we do a reverse
canonicalization with getnameinfo() if rdns isn't set to false in
libdefaults.

Current glibc (tested with eglibc 2.11.1) has the arguably buggy
behavior of doing PTR lookups in getaddrinfo() to get the canonical
name, if hints.ai_family is set to something other than AF_UNSPEC.
This behavior defeats the ability to turn off rdns.  Work around this
behavior by using AF_UNSPEC in krb5_sname_to_principal() from the
start, instead of starting with AF_INET and falling back.  Specify
AI_ADDRCONFIG to avoid AAAA lookups on hosts with no IPv6 addresses.

ticket: 6922

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24977 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/lib/krb5/os/sn2princ.c b/src/lib/krb5/os/sn2princ.c
index b5a2d26112ff7f4d6ccca9b52c5e16812b44f2a8..46eab6c246556b715b4ad5473957993a066f6762 100644 (file)
--- a/src/lib/krb5/os/sn2princ.c
+++ b/src/lib/krb5/os/sn2princ.c
@@ -105,19 +105,12 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char *
                hostnames associated.  */
 
             memset(&hints, 0, sizeof(hints));
-            hints.ai_family = AF_INET;
-            hints.ai_flags = AI_CANONNAME;
-        try_getaddrinfo_again:
+            hints.ai_flags = AI_CANONNAME | AI_ADDRCONFIG;
             err = getaddrinfo(hostname, 0, &hints, &ai);
             if (err) {
 #ifdef DEBUG_REFERRALS
                 printf("sname_to_princ: probably punting due to bad hostname of %s\n",hostname);
 #endif
-                if (hints.ai_family == AF_INET) {
-                    /* Just in case it's an IPv6-only name.  */
-                    hints.ai_family = 0;
-                    goto try_getaddrinfo_again;
-                }
                 return KRB5_ERR_BAD_HOSTNAME;
             }
             remote_host = strdup(ai->ai_canonname ? ai->ai_canonname : hostname);