From d149679ffec1a3f3c31861d436353f5634754271 Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Wed, 23 Mar 2005 04:04:22 +0000 Subject: [PATCH] pullup from trunk ticket: 2955 version_fixed: 1.4.1 git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-4@17147 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/os/ChangeLog | 7 ++++ src/lib/krb5/os/sn2princ.c | 68 +++++++++++++++++++++++++++----------- 2 files changed, 55 insertions(+), 20 deletions(-) diff --git a/src/lib/krb5/os/ChangeLog b/src/lib/krb5/os/ChangeLog index 5aa3eb73c..1823a2fcb 100644 --- a/src/lib/krb5/os/ChangeLog +++ b/src/lib/krb5/os/ChangeLog @@ -3,6 +3,13 @@ * dnsglue.h: Define ns_rr_class to ns_rr_cl if ns_rr_class doesn't exist. +2005-03-05 Jeffrey Altman + + * sn2princ.c (krb5_sname_to_principal): + conditionalize the use of reverse dns lookups. The default + is to use the existing behavior. rdns can be disabled by + specifying [libdefaults] rdns=false + 2005-01-12 Tom Yu * dnsglue.c (krb5int_dns_fini): Reorder to make more correct. diff --git a/src/lib/krb5/os/sn2princ.c b/src/lib/krb5/os/sn2princ.c index 240f14e90..dea1b3c3c 100644 --- a/src/lib/krb5/os/sn2princ.c +++ b/src/lib/krb5/os/sn2princ.c @@ -36,6 +36,31 @@ #include #endif +#if !defined(DEFAULT_RDNS_LOOKUP) +#define DEFAULT_RDNS_LOOKUP 1 +#endif + +static int +maybe_use_reverse_dns (krb5_context context, int defalt) +{ + krb5_error_code code; + char * value = NULL; + int use_rdns = 0; + + code = profile_get_string(context->profile, "libdefaults", + "rdns", 0, 0, &value); + if (code) + return defalt; + + if (value == 0) + return defalt; + + use_rdns = _krb5_conf_boolean(value); + profile_release_string(value); + return use_rdns; +} + + krb5_error_code KRB5_CALLCONV krb5_sname_to_principal(krb5_context context, const char *hostname, const char *sname, krb5_int32 type, krb5_principal *ret_princ) { @@ -93,26 +118,29 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * freeaddrinfo(ai); return ENOMEM; } - /* - * Do a reverse resolution to get the full name, just in - * case there's some funny business going on. If there - * isn't an in-addr record, give up. - */ - /* XXX: This is *so* bogus. There are several cases where - this won't get us the canonical name of the host, but - this is what we've trained people to expect. We'll - probably fix it at some point, but let's try to - preserve the current behavior and only shake things up - once when it comes time to fix this lossage. */ - err = getnameinfo(ai->ai_addr, ai->ai_addrlen, - hnamebuf, sizeof(hnamebuf), 0, 0, NI_NAMEREQD); - freeaddrinfo(ai); - if (err == 0) { - free(remote_host); - remote_host = strdup(hnamebuf); - if (!remote_host) - return ENOMEM; - } + + if (maybe_use_reverse_dns(context, DEFAULT_RDNS_LOOKUP)) { + /* + * Do a reverse resolution to get the full name, just in + * case there's some funny business going on. If there + * isn't an in-addr record, give up. + */ + /* XXX: This is *so* bogus. There are several cases where + this won't get us the canonical name of the host, but + this is what we've trained people to expect. We'll + probably fix it at some point, but let's try to + preserve the current behavior and only shake things up + once when it comes time to fix this lossage. */ + err = getnameinfo(ai->ai_addr, ai->ai_addrlen, + hnamebuf, sizeof(hnamebuf), 0, 0, NI_NAMEREQD); + freeaddrinfo(ai); + if (err == 0) { + free(remote_host); + remote_host = strdup(hnamebuf); + if (!remote_host) + return ENOMEM; + } + } } else /* type == KRB5_NT_UNKNOWN */ { remote_host = strdup(hostname); } -- 2.26.2