summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-09-29 03:59:15 +1000
committerAndrew Bartlett <abartlet@samba.org>2010-09-29 04:23:07 +1000
commit4be269664451f3df82a8b4939ffcf5d4274d02ed (patch)
tree18a9c56b29caec4dafbc07242c9174fc4dc3766e
parent89ee9e6518f5bd398bb44e0cd47454e2d69f469e (diff)
downloadsamba-4be269664451f3df82a8b4939ffcf5d4274d02ed.tar.gz
samba-4be269664451f3df82a8b4939ffcf5d4274d02ed.tar.bz2
samba-4be269664451f3df82a8b4939ffcf5d4274d02ed.zip
heimdal Fix DNS name qualification to not mangle IP addresses
If the host running this code used IPv6 forms for IPv4 addreses then the check for '.' would not be sufficient to determine that this isn't a name we should mangle. Instead, check if it can be parsed as a numeric address first, and only then mangle. Andrew Bartlett
-rw-r--r--source4/heimdal/lib/krb5/krbhst.c28
1 files changed, 23 insertions, 5 deletions
diff --git a/source4/heimdal/lib/krb5/krbhst.c b/source4/heimdal/lib/krb5/krbhst.c
index 4da3af2e82..ec0c8b738e 100644
--- a/source4/heimdal/lib/krb5/krbhst.c
+++ b/source4/heimdal/lib/krb5/krbhst.c
@@ -370,11 +370,27 @@ krb5_krbhst_get_addrinfo(krb5_context context, krb5_krbhst_info *host,
int ret;
if (host->ai == NULL) {
- char *hostname_dot = NULL;
make_hints(&hints, host->proto);
+ hints.ai_flags = AI_NUMERICHOST | AI_NUMERICSERV;
snprintf (portstr, sizeof(portstr), "%d", host->port);
- if (strchr(host->hostname, '.') &&
+
+ /* First try this as an IP address - the flags we have set
+ * will prevent it from looking up a name */
+ ret = getaddrinfo(host->hostname, portstr, &hints, &host->ai);
+ if (ret == 0) {
+ *ai = host->ai;
+ return 0;
+ }
+
+ hints.ai_flags &= ~AI_NUMERICHOST;
+
+ /* Now that we know it's not an IP, we can manipulate
+ it as a dotted-name, to add a final . if we think
+ it's a fully qualified DNS name */
+ if (strchr(host->hostname, '.') &&
host->hostname[strlen(host->hostname)-1] != '.') {
+ char *hostname_dot = NULL;
+
/* avoid expansion of search domains from resolv.conf
- these can be very slow if the DNS server is not up
for the searched domain */
@@ -384,10 +400,12 @@ krb5_krbhst_get_addrinfo(krb5_context context, krb5_krbhst_info *host,
hostname_dot[strlen(host->hostname)] = '.';
hostname_dot[strlen(host->hostname)+1] = 0;
}
+ ret = getaddrinfo(hostname_dot?hostname_dot:host->hostname, portstr, &hints, &host->ai);
+ if (hostname_dot)
+ free(hostname_dot);
+ } else {
+ ret = getaddrinfo(host->hostname, portstr, &hints, &host->ai);
}
- ret = getaddrinfo(hostname_dot?hostname_dot:host->hostname, portstr, &hints, &host->ai);
- if (hostname_dot)
- free(hostname_dot);
if (ret)
return krb5_eai_to_heim_errno(ret, errno);
}