RFC 4120 says that we should not canonicalize using DNS. We cannot get

that far today, but there's no reason we should fail to use a
perfectly good principal name just because DNS is failing. For some
services there isn't even a requirement they be in DNS. With
AI_ADDRCONFIG there's no reason that Kerberos canonicalization should
fail simply because a v6 address is not present, for example.  So, if
getaddrinfo fails in krb5_sname_to_principal simply use the input
hostname uncanonicalized.

sn2princ: On getaddrinfo failure use the input

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25357 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 3 insertions, 4 deletions

diff --git a/src/lib/krb5/os/sn2princ.c b/src/lib/krb5/os/sn2princ.c
index 46eab6c246..8f8a0ce8e6 100644
--- a/src/lib/krb5/os/sn2princ.c
+++ b/src/lib/krb5/os/sn2princ.c
@@ -109,17 +109,16 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char *
             err = getaddrinfo(hostname, 0, &hints, &ai);
             if (err) {
 #ifdef DEBUG_REFERRALS
-                printf("sname_to_princ: probably punting due to bad hostname of %s\n",hostname);
+                printf("sname_to_princ: failed to canonicalize %s; using as-is", hostname);
 #endif
-                return KRB5_ERR_BAD_HOSTNAME;
             }
-            remote_host = strdup(ai->ai_canonname ? ai->ai_canonname : hostname);
+            remote_host = strdup((ai && ai->ai_canonname) ? ai->ai_canonname : hostname);
             if (!remote_host) {
                 freeaddrinfo(ai);
                 return ENOMEM;
             }
 
-            if (maybe_use_reverse_dns(context, DEFAULT_RDNS_LOOKUP)) {
+            if ((!err) && maybe_use_reverse_dns(context, DEFAULT_RDNS_LOOKUP)) {
                 /*
                  * Do a reverse resolution to get the full name, just in
                  * case there's some funny business going on.  If there