* sn2princ.c (krb5_sname_to_principal):
authorJeffrey Altman <jaltman@secure-endpoints.com>
Sun, 6 Mar 2005 00:18:30 +0000 (00:18 +0000)
committerJeffrey Altman <jaltman@secure-endpoints.com>
Sun, 6 Mar 2005 00:18:30 +0000 (00:18 +0000)
     conditionalize the use of reverse dns lookups.  The default
     is to use the existing behavior.  rdns can be disabled by
     specifying [libdefaults] rdns=false

ticket: new
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17120 dc483132-0cff-0310-8789-dd5450dbe970

src/lib/krb5/os/ChangeLog
src/lib/krb5/os/sn2princ.c

index 469bdacf3f412a33c6f549ecf73745255eb7cfbd..94a2b840b395955d76a0ef1679e751bb2bd328d5 100644 (file)
@@ -1,3 +1,10 @@
+2005-03-05  Jeffrey Altman <jaltman@mit.edu>
+
+        * sn2princ.c (krb5_sname_to_principal):
+          conditionalize the use of reverse dns lookups.  The default
+          is to use the existing behavior.  rdns can be disabled by
+          specifying [libdefaults] rdns=false
+
 2005-01-12  Tom Yu  <tlyu@mit.edu>
 
        * dnsglue.c (krb5int_dns_fini): Reorder to make more correct.
index 240f14e907622f894d342a155fd159c76f05ac11..dea1b3c3c2416c445c4497c9ac6147602fd6a3ea 100644 (file)
 #include <sys/param.h>
 #endif
 
+#if !defined(DEFAULT_RDNS_LOOKUP)
+#define DEFAULT_RDNS_LOOKUP 1
+#endif
+
+static int
+maybe_use_reverse_dns (krb5_context context, int defalt)
+{
+    krb5_error_code code;
+    char * value = NULL;
+    int use_rdns = 0;
+
+    code = profile_get_string(context->profile, "libdefaults",
+                              "rdns", 0, 0, &value);
+    if (code)
+        return defalt;
+
+    if (value == 0)
+       return defalt;
+
+    use_rdns = _krb5_conf_boolean(value);
+    profile_release_string(value);
+    return use_rdns;
+}
+
+
 krb5_error_code KRB5_CALLCONV
 krb5_sname_to_principal(krb5_context context, const char *hostname, const char *sname, krb5_int32 type, krb5_principal *ret_princ)
 {
@@ -93,26 +118,29 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char *
                freeaddrinfo(ai);
                return ENOMEM;
            }
-           /*
-            * Do a reverse resolution to get the full name, just in
-            * case there's some funny business going on.  If there
-            * isn't an in-addr record, give up.
-            */
-           /* XXX: This is *so* bogus.  There are several cases where
-              this won't get us the canonical name of the host, but
-              this is what we've trained people to expect.  We'll
-              probably fix it at some point, but let's try to
-              preserve the current behavior and only shake things up
-              once when it comes time to fix this lossage.  */
-           err = getnameinfo(ai->ai_addr, ai->ai_addrlen,
-                             hnamebuf, sizeof(hnamebuf), 0, 0, NI_NAMEREQD);
-           freeaddrinfo(ai);
-           if (err == 0) {
-               free(remote_host);
-               remote_host = strdup(hnamebuf);
-               if (!remote_host)
-                   return ENOMEM;
-           }
+
+            if (maybe_use_reverse_dns(context, DEFAULT_RDNS_LOOKUP)) {
+                /*
+                 * Do a reverse resolution to get the full name, just in
+                 * case there's some funny business going on.  If there
+                 * isn't an in-addr record, give up.
+                 */
+                /* XXX: This is *so* bogus.  There are several cases where
+                   this won't get us the canonical name of the host, but
+                   this is what we've trained people to expect.  We'll
+                   probably fix it at some point, but let's try to
+                   preserve the current behavior and only shake things up
+                   once when it comes time to fix this lossage.  */
+                err = getnameinfo(ai->ai_addr, ai->ai_addrlen,
+                                   hnamebuf, sizeof(hnamebuf), 0, 0, NI_NAMEREQD);
+                freeaddrinfo(ai);
+                if (err == 0) {
+                    free(remote_host);
+                    remote_host = strdup(hnamebuf);
+                    if (!remote_host)
+                        return ENOMEM;
+                }
+            }
        } else /* type == KRB5_NT_UNKNOWN */ {
            remote_host = strdup(hostname);
        }