Commit d7a326be authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

Don't do (unsafe) DNS reverse lookups.

HEADS UP: May break some Kerberos deployments.
parent cd66f42f
......@@ -441,7 +441,8 @@ LDAP_F (int) ldap_connect_to_host( LDAP *ld, Sockbuf *sb,
#if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) || \
defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
LDAP_V (char *) ldap_int_hostname;
LDAP_F (char *) ldap_host_connected_to( Sockbuf *sb );
LDAP_F (char *) ldap_host_connected_to( Sockbuf *sb,
const char *host );
#endif
LDAP_F (void) ldap_int_ip_init( void );
......
......@@ -280,7 +280,7 @@ ldap_int_open_connection(
LBER_SBIOD_LEVEL_PROVIDER, NULL );
#ifdef HAVE_CYRUS_SASL
sasl_host = ldap_host_connected_to( conn->lconn_sb );
sasl_host = ldap_host_connected_to( conn->lconn_sb, host );
#endif
break;
......@@ -327,7 +327,7 @@ ldap_int_open_connection(
LBER_SBIOD_LEVEL_PROVIDER, NULL );
#ifdef HAVE_CYRUS_SASL
sasl_host = ldap_host_connected_to( conn->lconn_sb );
sasl_host = ldap_host_connected_to( conn->lconn_sb, "localhost" );
#endif
break;
#endif /* LDAP_PF_LOCAL */
......@@ -383,7 +383,8 @@ ldap_int_open_connection(
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
if ( conn->lconn_krbinstance == NULL ) {
char *c;
conn->lconn_krbinstance = ldap_host_connected_to( conn->lconn_sb );
conn->lconn_krbinstance = ldap_host_connected_to(
conn->lconn_sb, host );
if( conn->lconn_krbinstance != NULL &&
( c = strchr( conn->lconn_krbinstance, '.' )) != NULL ) {
......
......@@ -506,7 +506,7 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb,
#if defined( LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND ) || \
defined( HAVE_CYRUS_SASL )
char *
ldap_host_connected_to( Sockbuf *sb )
ldap_host_connected_to( Sockbuf *sb, const char *host )
{
socklen_t len;
#ifdef LDAP_PF_INET6
......@@ -515,8 +515,6 @@ ldap_host_connected_to( Sockbuf *sb )
struct sockaddr sabuf;
#endif
struct sockaddr *sa = (struct sockaddr *) &sabuf;
char *host = NULL, *herr;
char hbuf[NI_MAXHOST];
int rc;
ber_socket_t sd;
......@@ -579,14 +577,21 @@ ldap_host_connected_to( Sockbuf *sb )
break;
}
hbuf[0] = 0;
if (ldap_pvt_get_hname( sa, len, hbuf, sizeof(hbuf), &herr ) == 0 &&
hbuf[0] )
#if 0
{
host = LDAP_STRDUP( hbuf );
char *herr;
char hbuf[NI_MAXHOST];
hbuf[0] = 0;
if (ldap_pvt_get_hname( sa, len, hbuf, sizeof(hbuf), &herr ) == 0
&& hbuf[0] )
{
return LDAP_STRDUP( hbuf );
}
}
#endif
return host;
return host ? LDAP_STRDUP( host ) : NULL;
}
#endif
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment