rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- pull a fix from SVN to try to avoid triggering a PTR lookup in getaddrinfo()

Browse Source 
during krb5_sname_to_principal(), and to let getaddrinfo() decide whether or
  not to ask for an IPv6 address based on the set of configured interfaces
  (RT#6922)
This commit is contained in:
Nalin Dahyabhai 2011-06-23 16:05:54 -04:00
parent 23ef754340
commit 4a5ca5b2d3
2 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
krb5-1.9.1-ai_addrconfig.patch Normal file
View File

@ -0,0 +1,30 @@
From RT#6922. When we're converting a host/service pair into a principal
name, specify AF_UNSPEC instead of AF_INET4 and then maybe AF_INET6 to try
to avoid libc having doing a PTR lookup because we also specify
AI_CANONNAME. Add AI_ADDRCONFIG because it's usually the right idea.
Index: src/lib/krb5/os/sn2princ.c
===================================================================
--- src/lib/krb5/os/sn2princ.c (revision 24976)
+++ src/lib/krb5/os/sn2princ.c (revision 24977)
@@ -105,19 +105,12 @@
hostnames associated. */
memset(&hints, 0, sizeof(hints));
- hints.ai_family = AF_INET;
- hints.ai_flags = AI_CANONNAME;
- try_getaddrinfo_again:
+ hints.ai_flags = AI_CANONNAME | AI_ADDRCONFIG;
err = getaddrinfo(hostname, 0, &hints, &ai);
if (err) {
#ifdef DEBUG_REFERRALS
printf("sname_to_princ: probably punting due to bad hostname of %s\n",hostname);
#endif
- if (hints.ai_family == AF_INET) {
- /* Just in case it's an IPv6-only name. */
- hints.ai_family = 0;
- goto try_getaddrinfo_again;
- }
return KRB5_ERR_BAD_HOSTNAME;
}
remote_host = strdup(ai->ai_canonname ? ai->ai_canonname : hostname);

8
krb5.spec
View File

@ -55,6 +55,7 @@ Patch78: krb5-trunk-chpw-err.patch
Patch79: krb5-klist_s.patch Patch79: krb5-klist_s.patch
Patch80: krb5-trunk-kadmin-oldproto.patch Patch80: krb5-trunk-kadmin-oldproto.patch
Patch81: krb5-1.9-canonicalize-fallback.patch Patch81: krb5-1.9-canonicalize-fallback.patch
Patch82: krb5-1.9.1-ai_addrconfig.patch
License: MIT License: MIT
URL: http://web.mit.edu/kerberos/www/ URL: http://web.mit.edu/kerberos/www/
@ -201,6 +202,7 @@ ln -s NOTICE LICENSE
%patch79 -p1 -b .klist_s %patch79 -p1 -b .klist_s
%patch80 -p0 -b .kadmin-oldproto %patch80 -p0 -b .kadmin-oldproto
%patch81 -p1 -b .canonicalize-fallback %patch81 -p1 -b .canonicalize-fallback
%patch82 -p0 -b .ai_addrconfig
gzip doc/*.ps gzip doc/*.ps
sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
@ -660,6 +662,12 @@ exit 0
%{_sbindir}/uuserver %{_sbindir}/uuserver
%changelog %changelog
* Thu Jun 23 2011 Nalin Dahyabhai <nalin@redhat.com> 1.9.1-5
- pull a fix from SVN to try to avoid triggering a PTR lookup in getaddrinfo()
during krb5_sname_to_principal(), and to let getaddrinfo() decide whether or
not to ask for an IPv6 address based on the set of configured interfaces
(RT#6922)
* Mon Jun 20 2011 Nalin Dahyabhai <nalin@redhat.com> 1.9.1-4 * Mon Jun 20 2011 Nalin Dahyabhai <nalin@redhat.com> 1.9.1-4
- apply upstream patch by way of Burt Holzman to fall back to a non-referral - apply upstream patch by way of Burt Holzman to fall back to a non-referral
method in cases where we might be derailed by a KDC that rejects the method in cases where we might be derailed by a KDC that rejects the