diff options
author | Nalin Dahyabhai <nalin@dahyabhai.net> | 2011-06-23 16:05:54 -0400 |
---|---|---|
committer | Nalin Dahyabhai <nalin@dahyabhai.net> | 2011-06-23 16:05:54 -0400 |
commit | 4a5ca5b2d33abd5588465f6bcdbafa3cfb628390 (patch) | |
tree | 67dc3f65aa6fe9c569ba783752865a73e7f491d3 | |
parent | 23ef75434049100b4fedb5e8d174d034dc206f52 (diff) | |
download | krb5-4a5ca5b2d33abd5588465f6bcdbafa3cfb628390.tar.gz krb5-4a5ca5b2d33abd5588465f6bcdbafa3cfb628390.tar.xz krb5-4a5ca5b2d33abd5588465f6bcdbafa3cfb628390.zip |
- pull a fix from SVN to try to avoid triggering a PTR lookup in getaddrinfo()
during krb5_sname_to_principal(), and to let getaddrinfo() decide whether or
not to ask for an IPv6 address based on the set of configured interfaces
(RT#6922)
-rw-r--r-- | krb5-1.9.1-ai_addrconfig.patch | 30 | ||||
-rw-r--r-- | krb5.spec | 8 |
2 files changed, 38 insertions, 0 deletions
diff --git a/krb5-1.9.1-ai_addrconfig.patch b/krb5-1.9.1-ai_addrconfig.patch new file mode 100644 index 0000000..5e2d201 --- /dev/null +++ b/krb5-1.9.1-ai_addrconfig.patch @@ -0,0 +1,30 @@ +From RT#6922. When we're converting a host/service pair into a principal +name, specify AF_UNSPEC instead of AF_INET4 and then maybe AF_INET6 to try +to avoid libc having doing a PTR lookup because we also specify +AI_CANONNAME. Add AI_ADDRCONFIG because it's usually the right idea. + +Index: src/lib/krb5/os/sn2princ.c +=================================================================== +--- src/lib/krb5/os/sn2princ.c (revision 24976) ++++ src/lib/krb5/os/sn2princ.c (revision 24977) +@@ -105,19 +105,12 @@ + hostnames associated. */ + + memset(&hints, 0, sizeof(hints)); +- hints.ai_family = AF_INET; +- hints.ai_flags = AI_CANONNAME; +- try_getaddrinfo_again: ++ hints.ai_flags = AI_CANONNAME | AI_ADDRCONFIG; + err = getaddrinfo(hostname, 0, &hints, &ai); + if (err) { + #ifdef DEBUG_REFERRALS + printf("sname_to_princ: probably punting due to bad hostname of %s\n",hostname); + #endif +- if (hints.ai_family == AF_INET) { +- /* Just in case it's an IPv6-only name. */ +- hints.ai_family = 0; +- goto try_getaddrinfo_again; +- } + return KRB5_ERR_BAD_HOSTNAME; + } + remote_host = strdup(ai->ai_canonname ? ai->ai_canonname : hostname); @@ -55,6 +55,7 @@ Patch78: krb5-trunk-chpw-err.patch Patch79: krb5-klist_s.patch Patch80: krb5-trunk-kadmin-oldproto.patch Patch81: krb5-1.9-canonicalize-fallback.patch +Patch82: krb5-1.9.1-ai_addrconfig.patch License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -201,6 +202,7 @@ ln -s NOTICE LICENSE %patch79 -p1 -b .klist_s %patch80 -p0 -b .kadmin-oldproto %patch81 -p1 -b .canonicalize-fallback +%patch82 -p0 -b .ai_addrconfig gzip doc/*.ps sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex @@ -660,6 +662,12 @@ exit 0 %{_sbindir}/uuserver %changelog +* Thu Jun 23 2011 Nalin Dahyabhai <nalin@redhat.com> 1.9.1-5 +- pull a fix from SVN to try to avoid triggering a PTR lookup in getaddrinfo() + during krb5_sname_to_principal(), and to let getaddrinfo() decide whether or + not to ask for an IPv6 address based on the set of configured interfaces + (RT#6922) + * Mon Jun 20 2011 Nalin Dahyabhai <nalin@redhat.com> 1.9.1-4 - apply upstream patch by way of Burt Holzman to fall back to a non-referral method in cases where we might be derailed by a KDC that rejects the |