summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2005-09-20 07:03:47 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:38:29 -0500
commitf9263dd1023499479d64be1eb1b5b04c15ca3ce6 (patch)
tree4ac8655eee12345e5c0662d044f8f324ac0a6fa7 /source4
parent5b02ee9b9d7037b385cf4f1c3eca81b28ff19690 (diff)
downloadsamba-f9263dd1023499479d64be1eb1b5b04c15ca3ce6.tar.gz
samba-f9263dd1023499479d64be1eb1b5b04c15ca3ce6.tar.bz2
samba-f9263dd1023499479d64be1eb1b5b04c15ca3ce6.zip
r10337: This grubby little hack is the implementation of a concept discussed
on the kerberos mailing lists a couple of weeks ago: Don't use DNS at all for expanding short names into long names. Using the 'override krb5_init_context' code already in the tree, this removes the DNS lag on a kerberos session setup/connection. Andrew Bartlett (This used to be commit de3ceab3d064a286e8662a2b9b62b212f0454156)
Diffstat (limited to 'source4')
-rw-r--r--source4/auth/kerberos/krb5_init_context.c5
-rw-r--r--source4/heimdal/lib/krb5/context.c1
-rw-r--r--source4/heimdal/lib/krb5/expand_hostname.c9
-rw-r--r--source4/heimdal/lib/krb5/krb5.h1
4 files changed, 16 insertions, 0 deletions
diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c
index 2a8f0624da..a147a3699a 100644
--- a/source4/auth/kerberos/krb5_init_context.c
+++ b/source4/auth/kerberos/krb5_init_context.c
@@ -117,6 +117,11 @@ static void smb_krb5_debug_wrapper(const char *timestr, const char *msg, void *p
talloc_steal(parent_ctx, *smb_krb5_context);
talloc_free(tmp_ctx);
+
+ /* Set options in kerberos */
+
+ (*smb_krb5_context)->krb5_context->fdns = FALSE;
+
return 0;
}
diff --git a/source4/heimdal/lib/krb5/context.c b/source4/heimdal/lib/krb5/context.c
index 4d6eae2b24..3140f1b08f 100644
--- a/source4/heimdal/lib/krb5/context.c
+++ b/source4/heimdal/lib/krb5/context.c
@@ -182,6 +182,7 @@ init_context_from_config_file(krb5_context context)
INIT_FIELD(context, bool, srv_lookup, context->srv_lookup, "dns_lookup_kdc");
INIT_FIELD(context, int, large_msg_size, 6000, "large_message_size");
context->default_cc_name = NULL;
+ INIT_FIELD(context, bool, fdns, TRUE, "fdns");
return 0;
}
diff --git a/source4/heimdal/lib/krb5/expand_hostname.c b/source4/heimdal/lib/krb5/expand_hostname.c
index 8488119552..f03bf15807 100644
--- a/source4/heimdal/lib/krb5/expand_hostname.c
+++ b/source4/heimdal/lib/krb5/expand_hostname.c
@@ -65,6 +65,10 @@ krb5_expand_hostname (krb5_context context,
memset (&hints, 0, sizeof(hints));
hints.ai_flags = AI_CANONNAME;
+ if (!context->fdns) {
+ return copy_hostname (context, orig_hostname, new_hostname);
+ }
+
error = getaddrinfo (orig_hostname, NULL, &hints, &ai);
if (error)
return copy_hostname (context, orig_hostname, new_hostname);
@@ -124,6 +128,11 @@ krb5_expand_hostname_realms (krb5_context context,
int error;
krb5_error_code ret = 0;
+ if (!context->fdns) {
+ return vanilla_hostname (context, orig_hostname, new_hostname,
+ realms);
+ }
+
memset (&hints, 0, sizeof(hints));
hints.ai_flags = AI_CANONNAME;
diff --git a/source4/heimdal/lib/krb5/krb5.h b/source4/heimdal/lib/krb5/krb5.h
index c47c4450f1..90b239cf0d 100644
--- a/source4/heimdal/lib/krb5/krb5.h
+++ b/source4/heimdal/lib/krb5/krb5.h
@@ -443,6 +443,7 @@ typedef struct krb5_context_data {
int pkinit_flags;
void *mutex; /* protects error_string/error_buf */
int large_msg_size;
+ krb5_boolean fdns; /* Lookup hostnames to find full name, or send as-is */
} krb5_context_data;
enum {