diff options
author | Sam Hartman <hartmans@mit.edu> | 2011-10-17 00:45:23 +0000 |
---|---|---|
committer | Sam Hartman <hartmans@mit.edu> | 2011-10-17 00:45:23 +0000 |
commit | 4f9e448d70ef3609d3cab3790e2be64ace0ecb37 (patch) | |
tree | 6425fb628078314bb4fa6a4c4c5fe321daa932d5 | |
parent | b91da5a4c7efc189dcfe57c4de2a8e8673102295 (diff) | |
download | krb5-4f9e448d70ef3609d3cab3790e2be64ace0ecb37.tar.gz krb5-4f9e448d70ef3609d3cab3790e2be64ace0ecb37.tar.xz krb5-4f9e448d70ef3609d3cab3790e2be64ace0ecb37.zip |
RFC 4120 says that we should not canonicalize using DNS. We cannot get
that far today, but there's no reason we should fail to use a
perfectly good principal name just because DNS is failing. For some
services there isn't even a requirement they be in DNS. With
AI_ADDRCONFIG there's no reason that Kerberos canonicalization should
fail simply because a v6 address is not present, for example. So, if
getaddrinfo fails in krb5_sname_to_principal simply use the input
hostname uncanonicalized.
sn2princ: On getaddrinfo failure use the input
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25357 dc483132-0cff-0310-8789-dd5450dbe970
-rw-r--r-- | src/lib/krb5/os/sn2princ.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/src/lib/krb5/os/sn2princ.c b/src/lib/krb5/os/sn2princ.c index 46eab6c246..8f8a0ce8e6 100644 --- a/src/lib/krb5/os/sn2princ.c +++ b/src/lib/krb5/os/sn2princ.c @@ -109,17 +109,16 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * err = getaddrinfo(hostname, 0, &hints, &ai); if (err) { #ifdef DEBUG_REFERRALS - printf("sname_to_princ: probably punting due to bad hostname of %s\n",hostname); + printf("sname_to_princ: failed to canonicalize %s; using as-is", hostname); #endif - return KRB5_ERR_BAD_HOSTNAME; } - remote_host = strdup(ai->ai_canonname ? ai->ai_canonname : hostname); + remote_host = strdup((ai && ai->ai_canonname) ? ai->ai_canonname : hostname); if (!remote_host) { freeaddrinfo(ai); return ENOMEM; } - if (maybe_use_reverse_dns(context, DEFAULT_RDNS_LOOKUP)) { + if ((!err) && maybe_use_reverse_dns(context, DEFAULT_RDNS_LOOKUP)) { /* * Do a reverse resolution to get the full name, just in * case there's some funny business going on. If there |