Skip Menu |
 

From: ghudson@mit.edu
Subject: SVN Commit

In krb5_sname_to_principal(), we always do a forward canonicalization
using getaddrinfo() with AI_CANONNAME set. Then, we do a reverse
canonicalization with getnameinfo() if rdns isn't set to false in
libdefaults.

Current glibc (tested with eglibc 2.11.1) has the arguably buggy
behavior of doing PTR lookups in getaddrinfo() to get the canonical
name, if hints.ai_family is set to something other than AF_UNSPEC.
This behavior defeats the ability to turn off rdns. Work around this
behavior by using AF_UNSPEC in krb5_sname_to_principal() from the
start, instead of starting with AF_INET and falling back. Specify
AI_ADDRCONFIG to avoid AAAA lookups on hosts with no IPv6 addresses.

https://github.com/krb5/krb5/commit/bc8594e7c388c8a5cfb9516a0980877cb1321d32
Commit By: ghudson
Revision: 24977
Changed Files:
U trunk/src/lib/krb5/os/sn2princ.c
This workaround doesn't seem to work; AI_ADDRCONFIG triggers the same
reverse resolution bug as AF_INET did.