From ratliff@austin.ibm.com Wed Nov 14 19:49:41 2001
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83])
by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id TAA10284
for <bugs@RT-11.mit.edu>; Wed, 14 Nov 2001 19:49:40 -0500 (EST)
Received: from mg02.austin.ibm.com (mg02.austin.ibm.com [192.35.232.12])
by pacific-carrier-annex.mit.edu (8.9.2/8.9.2) with ESMTP id TAA29483
for <krb5-bugs@mit.edu>; Wed, 14 Nov 2001 19:49:39 -0500 (EST)
Received: from austin.ibm.com (netmail2.austin.ibm.com [9.3.7.139])
by mg02.austin.ibm.com (AIX4.3/8.9.3/8.9.3) with ESMTP id SAA17686
for <krb5-bugs@mit.edu>; Wed, 14 Nov 2001 18:57:22 -0600
Received: from spiff.austin.ibm.com (spiff.austin.ibm.com [9.53.216.123])
by austin.ibm.com (AIX4.3/8.9.3/8.9.3) with ESMTP id SAA32706
for <krb5-bugs@mit.edu>; Wed, 14 Nov 2001 18:49:38 -0600
Received: by spiff.austin.ibm.com (Postfix, from userid 501)
id C808282ADE; Wed, 14 Nov 2001 18:49:35 -0600 (CST)
Message-Id: <20011115004935.C808282ADE@spiff.austin.ibm.com>
Date: Wed, 14 Nov 2001 18:49:35 -0600 (CST)
From: ratliff@austin.ibm.com
Reply-To: ratliff@austin.ibm.com
To: krb5-bugs@mit.edu
Cc: ratliff@austin.ibm.com
Subject: gss_import_name doesn't follow RFC 2743
X-Send-Pr-Version: 3.99
System: Linux spiff.austin.ibm.com 2.2.17-21mdk #1 Thu Oct 5 13:16:08 CEST 2000 i686 unknown
Architecture: i686
GSS_S_BAD_NAME if the call to gethostbyname fails. RFC2743 says,
"the 'hostname' may ... be canonicalized by attempting a DNS lookup
and using the fully-qualified domain name which is returned, or by
using the 'hostname' as provided if the DNS lookup fails."
Understanding that this is a MAY provision and not a MUST, is there
a reason you decided not to do this?
The attached patch changes the behavior of gss_import_name to follow
the suggestion in the RFC. It is an easy fix, but ugly patch as
the code had to be retabbed.
Thanks,
Emily
diff -ur src.orig/lib/krb5/os/sn2princ.c src/lib/krb5/os/sn2princ.c
--- src.orig/lib/krb5/os/sn2princ.c Wed Nov 14 17:07:03 2001
+++ src/lib/krb5/os/sn2princ.c Wed Nov 14 18:32:57 2001
@@ -69,27 +69,34 @@
if (type == KRB5_NT_SRV_HST) {
char *addr;
- if (!(hp = gethostbyname(hostname)))
- return KRB5_ERR_BAD_HOSTNAME;
- remote_host = strdup(hp->h_name);
- if (!remote_host)
- return ENOMEM;
- /*
- * Do a reverse resolution to get the full name, just in
- * case there's some funny business going on. If there
- * isn't an in-addr record, give up.
+ /* RFC 1964 says that if DNS lookup fails hostname should be
+ * left as is.
*/
- addr = malloc(hp->h_length);
- if (!addr)
- return ENOMEM;
- memcpy(addr, hp->h_addr, hp->h_length);
- hp = gethostbyaddr(addr, hp->h_length, hp->h_addrtype);
- free(addr);
- if (hp) {
- free(remote_host);
+ if (!(hp = gethostbyname(hostname))) {
+ remote_host = strdup(hostname);
+ }
+ else {
remote_host = strdup(hp->h_name);
- if (!remote_host)
+
+ if (!remote_host)
return ENOMEM;
+ /*
+ * Do a reverse resolution to get the full name, just in
+ * case there's some funny business going on. If there
+ * isn't an in-addr record, give up.
+ */
+ addr = malloc(hp->h_length);
+ if (!addr)
+ return ENOMEM;
+ memcpy(addr, hp->h_addr, hp->h_length);
+ hp = gethostbyaddr(addr, hp->h_length, hp->h_addrtype);
+ free(addr);
+ if (hp) {
+ free(remote_host);
+ remote_host = strdup(hp->h_name);
+ if (!remote_host)
+ return ENOMEM;
+ }
}
} else /* type == KRB5_NT_UNKNOWN */ {
remote_host = strdup(hostname);
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83])
by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id TAA10284
for <bugs@RT-11.mit.edu>; Wed, 14 Nov 2001 19:49:40 -0500 (EST)
Received: from mg02.austin.ibm.com (mg02.austin.ibm.com [192.35.232.12])
by pacific-carrier-annex.mit.edu (8.9.2/8.9.2) with ESMTP id TAA29483
for <krb5-bugs@mit.edu>; Wed, 14 Nov 2001 19:49:39 -0500 (EST)
Received: from austin.ibm.com (netmail2.austin.ibm.com [9.3.7.139])
by mg02.austin.ibm.com (AIX4.3/8.9.3/8.9.3) with ESMTP id SAA17686
for <krb5-bugs@mit.edu>; Wed, 14 Nov 2001 18:57:22 -0600
Received: from spiff.austin.ibm.com (spiff.austin.ibm.com [9.53.216.123])
by austin.ibm.com (AIX4.3/8.9.3/8.9.3) with ESMTP id SAA32706
for <krb5-bugs@mit.edu>; Wed, 14 Nov 2001 18:49:38 -0600
Received: by spiff.austin.ibm.com (Postfix, from userid 501)
id C808282ADE; Wed, 14 Nov 2001 18:49:35 -0600 (CST)
Message-Id: <20011115004935.C808282ADE@spiff.austin.ibm.com>
Date: Wed, 14 Nov 2001 18:49:35 -0600 (CST)
From: ratliff@austin.ibm.com
Reply-To: ratliff@austin.ibm.com
To: krb5-bugs@mit.edu
Cc: ratliff@austin.ibm.com
Subject: gss_import_name doesn't follow RFC 2743
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 1016
>Category: krb5-libs
>Synopsis: gss_import_name returns GSS_S_BAD_NAME if DNS lookup fails
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Nov 14 19:50:01 EST 2001
>Last-Modified:
>Originator: Emily Ratliff
>Organization:
IBM Linux Technology Center, Security>Category: krb5-libs
>Synopsis: gss_import_name returns GSS_S_BAD_NAME if DNS lookup fails
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Nov 14 19:50:01 EST 2001
>Last-Modified:
>Originator: Emily Ratliff
>Organization:
Show quoted text
>Release: krb5-current-2011110
>Environment:
>Environment:
System: Linux spiff.austin.ibm.com 2.2.17-21mdk #1 Thu Oct 5 13:16:08 CEST 2000 i686 unknown
Architecture: i686
Show quoted text
>Description:
gss_import_name in src/lib/krb5/os/sn2princ.c currently returnsGSS_S_BAD_NAME if the call to gethostbyname fails. RFC2743 says,
"the 'hostname' may ... be canonicalized by attempting a DNS lookup
and using the fully-qualified domain name which is returned, or by
using the 'hostname' as provided if the DNS lookup fails."
Understanding that this is a MAY provision and not a MUST, is there
a reason you decided not to do this?
The attached patch changes the behavior of gss_import_name to follow
the suggestion in the RFC. It is an easy fix, but ugly patch as
the code had to be retabbed.
Thanks,
Emily
Show quoted text
>How-To-Repeat:
Show quoted text
>Fix:
diff -ur src.orig/lib/krb5/os/sn2princ.c src/lib/krb5/os/sn2princ.c
--- src.orig/lib/krb5/os/sn2princ.c Wed Nov 14 17:07:03 2001
+++ src/lib/krb5/os/sn2princ.c Wed Nov 14 18:32:57 2001
@@ -69,27 +69,34 @@
if (type == KRB5_NT_SRV_HST) {
char *addr;
- if (!(hp = gethostbyname(hostname)))
- return KRB5_ERR_BAD_HOSTNAME;
- remote_host = strdup(hp->h_name);
- if (!remote_host)
- return ENOMEM;
- /*
- * Do a reverse resolution to get the full name, just in
- * case there's some funny business going on. If there
- * isn't an in-addr record, give up.
+ /* RFC 1964 says that if DNS lookup fails hostname should be
+ * left as is.
*/
- addr = malloc(hp->h_length);
- if (!addr)
- return ENOMEM;
- memcpy(addr, hp->h_addr, hp->h_length);
- hp = gethostbyaddr(addr, hp->h_length, hp->h_addrtype);
- free(addr);
- if (hp) {
- free(remote_host);
+ if (!(hp = gethostbyname(hostname))) {
+ remote_host = strdup(hostname);
+ }
+ else {
remote_host = strdup(hp->h_name);
- if (!remote_host)
+
+ if (!remote_host)
return ENOMEM;
+ /*
+ * Do a reverse resolution to get the full name, just in
+ * case there's some funny business going on. If there
+ * isn't an in-addr record, give up.
+ */
+ addr = malloc(hp->h_length);
+ if (!addr)
+ return ENOMEM;
+ memcpy(addr, hp->h_addr, hp->h_length);
+ hp = gethostbyaddr(addr, hp->h_length, hp->h_addrtype);
+ free(addr);
+ if (hp) {
+ free(remote_host);
+ remote_host = strdup(hp->h_name);
+ if (!remote_host)
+ return ENOMEM;
+ }
}
} else /* type == KRB5_NT_UNKNOWN */ {
remote_host = strdup(hostname);
Show quoted text
>Audit-Trail:
>Unformatted:
>Unformatted: