diff options
author | Greg Hudson <ghudson@mit.edu> | 2013-09-05 18:30:02 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2013-09-06 01:02:28 -0400 |
commit | 60edb321af64081e3eb597da0256faf117c9c441 (patch) | |
tree | 698137c48805a6b3381e531ddbfcc46fe5cab73a /src/lib | |
parent | 9e37d01a0122904776fada43ec65425c375414d8 (diff) | |
download | krb5-60edb321af64081e3eb597da0256faf117c9c441.tar.gz krb5-60edb321af64081e3eb597da0256faf117c9c441.tar.xz krb5-60edb321af64081e3eb597da0256faf117c9c441.zip |
Add a flag to prevent all host canonicalization
If dns_canonicalize_hostname is set to false in [libdefaults],
krb5_sname_to_principal will not canonicalize the hostname using
either forward or reverse lookups.
ticket: 7703 (new)
Diffstat (limited to 'src/lib')
-rw-r--r-- | src/lib/krb5/krb/init_ctx.c | 5 | ||||
-rw-r--r-- | src/lib/krb5/os/sn2princ.c | 2 |
2 files changed, 6 insertions, 1 deletions
diff --git a/src/lib/krb5/krb/init_ctx.c b/src/lib/krb5/krb/init_ctx.c index 3f4aad4fd6..252596d142 100644 --- a/src/lib/krb5/krb/init_ctx.c +++ b/src/lib/krb5/krb/init_ctx.c @@ -210,6 +210,11 @@ krb5_init_context_profile(profile_t profile, krb5_flags flags, goto cleanup; ctx->ignore_acceptor_hostname = tmp; + retval = get_boolean(ctx, KRB5_CONF_DNS_CANONICALIZE_HOSTNAME, 1, &tmp); + if (retval) + goto cleanup; + ctx->dns_canonicalize_hostname = tmp; + /* initialize the prng (not well, but passable) */ if ((retval = krb5_c_random_os_entropy( ctx, 0, NULL)) !=0) goto cleanup; diff --git a/src/lib/krb5/os/sn2princ.c b/src/lib/krb5/os/sn2princ.c index b3de66383e..86a076222d 100644 --- a/src/lib/krb5/os/sn2princ.c +++ b/src/lib/krb5/os/sn2princ.c @@ -86,7 +86,7 @@ krb5_sname_to_principal(krb5_context context, const char *hostname, const char * /* copy the hostname into non-volatile storage */ - if (type == KRB5_NT_SRV_HST) { + if (type == KRB5_NT_SRV_HST && context->dns_canonicalize_hostname) { struct addrinfo *ai = NULL, hints; int err; char hnamebuf[NI_MAXHOST]; |