From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Thu, 31 Aug 2000 07:47:04 +0000 (+0000)
Subject: 2000-08-31  Jeffrey Altman <jaltman@columbia.edu>
X-Git-Tag: krb5-1.3-alpha1~1899
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=692162b3ffdd337a03f7cd968d6bee75b00f460b;p=krb5.git

2000-08-31  Jeffrey Altman <jaltman@columbia.edu>

        * locate_kdc.c: krb5_locate_srv_dns()
          Ensure that res_search() is called with a query string
          that is terminated by a '.' in order to disable the
          expansion of dns-search lists.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12641 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/src/lib/krb5/os/ChangeLog b/src/lib/krb5/os/ChangeLog
index 1b445a685..afbfa4827 100644
--- a/src/lib/krb5/os/ChangeLog
+++ b/src/lib/krb5/os/ChangeLog
@@ -1,3 +1,10 @@
+2000-08-31  Jeffrey Altman <jaltman@columbia.edu>
+
+        * locate_kdc.c: krb5_locate_srv_dns() 
+          Ensure that res_search() is called with a query string
+          that is terminated by a '.' in order to disable the
+          expansion of dns-search lists.
+
 2000-07-22  Tom Yu  <tlyu@mit.edu>
 
 	* accessor.c: Add NEED_SOCKETS in order to get prototype for
diff --git a/src/lib/krb5/os/locate_kdc.c b/src/lib/krb5/os/locate_kdc.c
index b7e6826b8..25ab97b75 100644
--- a/src/lib/krb5/os/locate_kdc.c
+++ b/src/lib/krb5/os/locate_kdc.c
@@ -359,7 +359,7 @@ krb5_locate_srv_dns(realm, service, protocol, addr_pp, naddrs)
 	int priority;
 	int weight;
 	unsigned short port;
-	char *host;
+	char *host, *h;
     };
 
     struct srv_dns_entry *head = NULL;
@@ -383,12 +383,26 @@ krb5_locate_srv_dns(realm, service, protocol, addr_pp, naddrs)
      *
      */
 
-    if ( strlen(service) + strlen(protocol) + realm->length + 5 
+    if ( strlen(service) + strlen(protocol) + realm->length + 6 
          > MAX_DNS_NAMELEN )
         goto out;
     sprintf(host, "%s.%s.%.*s", service, protocol, realm->length,
 	    realm->data);
 
+    /* Realm names don't (normally) end with ".", but if the query
+    doesn't end with "." and doesn't get an answer as is, the
+    resolv code will try appending the local domain.  Since the
+    realm names are absolutes, let's stop that.  
+
+    But only if a name has been specified.  If we are performing
+    a search on the prefix alone then the intention is to allow
+    the local domain or domain search lists to be expanded.
+    */
+
+    h = host + strlen (host);
+    if ((h > host) && (h[-1] != '.') && ((h - host + 1) < sizeof(host)))
+        strcpy (h, ".");
+
     size = res_search(host, C_IN, T_SRV, answer.bytes, sizeof(answer.bytes));
 
     if (size < hdrsize)