From 4f9e448d70ef3609d3cab3790e2be64ace0ecb37 Mon Sep 17 00:00:00 2001 From: Sam Hartman Date: Mon, 17 Oct 2011 00:45:23 +0000 Subject: [PATCH] RFC 4120 says that we should not canonicalize using DNS. We cannot get that far today, but there's no reason we should fail to use a perfectly good principal name just because DNS is failing. For some services there isn't even a requirement they be in DNS. With AI_ADDRCONFIG there's no reason that Kerberos canonicalization should fail simply because a v6 address is not present, for example. So, if getaddrinfo fails in krb5_sname_to_principal simply use the input hostname uncanonicalized. sn2princ: On getaddrinfo failure use the input git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25357 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/os/sn2princ.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/lib/krb5/os/sn2princ.c b/src/lib/krb5/os/sn2princ.c index 46eab6c24..8f8a0ce8e 100644 --- a/src/lib/krb5/os/sn2princ.c +++ b/src/lib/krb5/os/sn2princ.c @@ -109,17 +109,16 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * err = getaddrinfo(hostname, 0, &hints, &ai); if (err) { #ifdef DEBUG_REFERRALS - printf("sname_to_princ: probably punting due to bad hostname of %s\n",hostname); + printf("sname_to_princ: failed to canonicalize %s; using as-is", hostname); #endif - return KRB5_ERR_BAD_HOSTNAME; } - remote_host = strdup(ai->ai_canonname ? ai->ai_canonname : hostname); + remote_host = strdup((ai && ai->ai_canonname) ? ai->ai_canonname : hostname); if (!remote_host) { freeaddrinfo(ai); return ENOMEM; } - if (maybe_use_reverse_dns(context, DEFAULT_RDNS_LOOKUP)) { + if ((!err) && maybe_use_reverse_dns(context, DEFAULT_RDNS_LOOKUP)) { /* * Do a reverse resolution to get the full name, just in * case there's some funny business going on. If there -- 2.26.2