From: Greg Hudson <ghudson@mit.edu>
Date: Tue, 17 Nov 2015 18:33:21 +0000 (-0500)
Subject: Use krb5_expand_hostname() when creating KDB
X-Git-Tag: krb5-1.15-beta1~74
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7715f51f3978abe78acc824efbb18b3f35751426;p=thirdparty%2Fkrb5.git

Use krb5_expand_hostname() when creating KDB

In kdb5_util's add_admin_princs(), use krb5_expand_hostname() instead
of custom canonicalization code to canonicalize the hostname.  There
are some minor behavior differences:

* Canonicalization will no longer use AI_ADDRCONFIG.
* Canonicalization will use reverse DNS if configuration permits.
* Canonicalization will be affected by the dns_canonicalize_hostname
  and rdns profile variables.
* If name lookup fails, the original hostname will be used.
* A trailing dot will be removed from the name lookup result, if
  present.

ticket: 8278
---

diff --git a/src/kadmin/dbutil/kadm5_create.c b/src/kadmin/dbutil/kadm5_create.c
index 1213050063..1745a4d620 100644
--- a/src/kadmin/dbutil/kadm5_create.c
+++ b/src/kadmin/dbutil/kadm5_create.c
@@ -145,59 +145,29 @@ int kadm5_create_magic_princs(kadm5_config_params *params,
 static int add_admin_princs(void *handle, krb5_context context, char *realm)
 {
     krb5_error_code ret = 0;
-    char *service_name = 0, *kiprop_name = 0, *p;
+    char *service_name = 0, *kiprop_name = 0, *canonhost = 0;
     char localname[MAXHOSTNAMELEN];
-    struct addrinfo *ai, ai_hints;
-    int gai_error;
 
     if (gethostname(localname, MAXHOSTNAMELEN)) {
         ret = errno;
         perror("gethostname");
         goto clean_and_exit;
     }
-    memset(&ai_hints, 0, sizeof(ai_hints));
-    ai_hints.ai_flags = AI_CANONNAME | AI_ADDRCONFIG;
-    gai_error = getaddrinfo(localname, (char *)NULL, &ai_hints, &ai);
-    if (gai_error) {
-        ret = EINVAL;
-        fprintf(stderr, "getaddrinfo(%s): %s\n", localname,
-                gai_strerror(gai_error));
-        goto clean_and_exit;
-    }
-    if (ai->ai_canonname == NULL) {
-        ret = EINVAL;
-        fprintf(stderr, _("getaddrinfo(%s): Cannot determine canonical "
-                          "hostname.\n"), localname);
-        freeaddrinfo(ai);
+    ret = krb5_expand_hostname(context, localname, &canonhost);
+    if (ret) {
+        com_err(progname, ret, _("while canonicalizing local hostname"));
         goto clean_and_exit;
     }
-    for (p = ai->ai_canonname; *p; p++) {
-#ifdef isascii
-        if (!isascii(*p))
-            continue;
-#else
-        if (*p < ' ')
-            continue;
-        if (*p > '~')
-            continue;
-#endif
-        if (!isupper(*p))
-            continue;
-        *p = tolower(*p);
-    }
-    if (asprintf(&service_name, "kadmin/%s", ai->ai_canonname) < 0) {
+    if (asprintf(&service_name, "kadmin/%s", canonhost) < 0) {
         ret = ENOMEM;
         fprintf(stderr, _("Out of memory\n"));
-        freeaddrinfo(ai);
         goto clean_and_exit;
     }
-    if (asprintf(&kiprop_name, "kiprop/%s", ai->ai_canonname) < 0) {
+    if (asprintf(&kiprop_name, "kiprop/%s", canonhost) < 0) {
         ret = ENOMEM;
         fprintf(stderr, _("Out of memory\n"));
-        freeaddrinfo(ai);
         goto clean_and_exit;
     }
-    freeaddrinfo(ai);
 
     if ((ret = add_admin_princ(handle, context,
                                service_name, realm,
@@ -224,6 +194,7 @@ static int add_admin_princs(void *handle, krb5_context context, char *realm)
     ret = add_admin_princ(handle, context, kiprop_name, realm, 0, 0);
 
 clean_and_exit:
+    krb5_free_string(context, canonhost);
     free(service_name);
     free(kiprop_name);