diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-09-21 22:55:39 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2005-09-21 22:55:39 +0000 |
commit | 6af809536d1aeb07b9f03d951edbe35c3fa9f4d1 (patch) | |
tree | d87a940c0e5be22f82e03d24ac65b97c196b4cc9 | |
parent | e769bab9ddcaaf72ffaed09c73d8f0e0f84e5c59 (diff) | |
download | samba-6af809536d1aeb07b9f03d951edbe35c3fa9f4d1.tar.gz samba-6af809536d1aeb07b9f03d951edbe35c3fa9f4d1.tar.xz samba-6af809536d1aeb07b9f03d951edbe35c3fa9f4d1.zip |
r10398: Don't do DNS lookups on short names (no .).
Andrew Bartlett
-rw-r--r-- | source/auth/kerberos/kerberos-notes.txt | 8 | ||||
-rw-r--r-- | source/heimdal/lib/krb5/krbhst.c | 5 |
2 files changed, 13 insertions, 0 deletions
diff --git a/source/auth/kerberos/kerberos-notes.txt b/source/auth/kerberos/kerberos-notes.txt index cfbf904bb3c..3b2989eee12 100644 --- a/source/auth/kerberos/kerberos-notes.txt +++ b/source/auth/kerberos/kerberos-notes.txt @@ -365,4 +365,12 @@ by providing specific, english text-string error messages instead of just error code translations. +Short name rules +---------------- + +Samba is highly likely to be misconfigured, in many weird and +interesting ways. As such, we have a patch for Heimdal that avoids +DNS lookups on names without a . in them. This should avoid some +delay and root server load. + diff --git a/source/heimdal/lib/krb5/krbhst.c b/source/heimdal/lib/krb5/krbhst.c index 49eee08ca5d..98e9cb3f095 100644 --- a/source/heimdal/lib/krb5/krbhst.c +++ b/source/heimdal/lib/krb5/krbhst.c @@ -634,6 +634,11 @@ common_init(krb5_context context, return NULL; } + /* For 'realms' without a . do not even think of going to DNS */ + if (!strchr(realm, '.')) { + kd->flags |= KD_CONFIG_EXISTS; + } + if (flags & KRB5_KRBHST_FLAGS_LARGE_MSG) kd->flags |= KD_LARGE_MSG; kd->end = kd->index = &kd->hosts; |