From 4a5ca5b2d33abd5588465f6bcdbafa3cfb628390 Mon Sep 17 00:00:00 2001
From: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Thu, 23 Jun 2011 16:05:54 -0400
Subject: [PATCH] - pull a fix from SVN to try to avoid triggering a PTR lookup
 in getaddrinfo()   during krb5_sname_to_principal(), and to let getaddrinfo()
 decide whether or   not to ask for an IPv6 address based on the set of
 configured interfaces   (RT#6922)

---
 krb5-1.9.1-ai_addrconfig.patch | 30 ++++++++++++++++++++++++++++++
 krb5.spec                      |  8 ++++++++
 2 files changed, 38 insertions(+)
 create mode 100644 krb5-1.9.1-ai_addrconfig.patch

diff --git a/krb5-1.9.1-ai_addrconfig.patch b/krb5-1.9.1-ai_addrconfig.patch
new file mode 100644
index 0000000..5e2d201
--- /dev/null
+++ b/krb5-1.9.1-ai_addrconfig.patch
@@ -0,0 +1,30 @@
+From RT#6922.  When we're converting a host/service pair into a principal
+name, specify AF_UNSPEC instead of AF_INET4 and then maybe AF_INET6 to try
+to avoid libc having doing a PTR lookup because we also specify
+AI_CANONNAME.  Add AI_ADDRCONFIG because it's usually the right idea.
+
+Index: src/lib/krb5/os/sn2princ.c
+===================================================================
+--- src/lib/krb5/os/sn2princ.c	(revision 24976)
++++ src/lib/krb5/os/sn2princ.c	(revision 24977)
+@@ -105,19 +105,12 @@
+                hostnames associated.  */
+ 
+             memset(&hints, 0, sizeof(hints));
+-            hints.ai_family = AF_INET;
+-            hints.ai_flags = AI_CANONNAME;
+-        try_getaddrinfo_again:
++            hints.ai_flags = AI_CANONNAME | AI_ADDRCONFIG;
+             err = getaddrinfo(hostname, 0, &hints, &ai);
+             if (err) {
+ #ifdef DEBUG_REFERRALS
+                 printf("sname_to_princ: probably punting due to bad hostname of %s\n",hostname);
+ #endif
+-                if (hints.ai_family == AF_INET) {
+-                    /* Just in case it's an IPv6-only name.  */
+-                    hints.ai_family = 0;
+-                    goto try_getaddrinfo_again;
+-                }
+                 return KRB5_ERR_BAD_HOSTNAME;
+             }
+             remote_host = strdup(ai->ai_canonname ? ai->ai_canonname : hostname);
diff --git a/krb5.spec b/krb5.spec
index 354207b..ab36a5b 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -55,6 +55,7 @@ Patch78: krb5-trunk-chpw-err.patch
 Patch79: krb5-klist_s.patch
 Patch80: krb5-trunk-kadmin-oldproto.patch
 Patch81: krb5-1.9-canonicalize-fallback.patch
+Patch82: krb5-1.9.1-ai_addrconfig.patch
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -201,6 +202,7 @@ ln -s NOTICE LICENSE
 %patch79 -p1 -b .klist_s
 %patch80 -p0 -b .kadmin-oldproto
 %patch81 -p1 -b .canonicalize-fallback
+%patch82 -p0 -b .ai_addrconfig
 gzip doc/*.ps
 
 sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
@@ -660,6 +662,12 @@ exit 0
 %{_sbindir}/uuserver
 
 %changelog
+* Thu Jun 23 2011 Nalin Dahyabhai <nalin@redhat.com> 1.9.1-5
+- pull a fix from SVN to try to avoid triggering a PTR lookup in getaddrinfo()
+  during krb5_sname_to_principal(), and to let getaddrinfo() decide whether or
+  not to ask for an IPv6 address based on the set of configured interfaces
+  (RT#6922)
+
 * Mon Jun 20 2011 Nalin Dahyabhai <nalin@redhat.com> 1.9.1-4
 - apply upstream patch by way of Burt Holzman to fall back to a non-referral
   method in cases where we might be derailed by a KDC that rejects the