ITS#10297 Defer hostname resolution til first use

2026-02-03 20:40:05 -05:00 · 2025-04-28 14:36:24 +01:00 · 2025-04-28 14:36:24 +01:00 · 6063498361
commit 6063498361
parent 9a52a3c28b
6 changed files with 31 additions and 14 deletions
--- a/libraries/libldap/init.c
+++ b/libraries/libldap/init.c
@ -631,6 +631,25 @@ void ldap_int_initialize_global_options( struct ldapoptions *gopts, int *dbglvl

 #if defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
 char * ldap_int_hostname = NULL;
+
+void
+ldap_int_resolve_hostname(void)
+{
+	static int resolved = 0;
+
+	LDAP_MUTEX_LOCK( &ldap_int_hostname_mutex );
+	if ( !resolved ) {
+		char	*name = ldap_int_hostname;
+
+		ldap_int_hostname = ldap_pvt_get_fqdn( name );
+
+		if ( name != NULL && name != ldap_int_hostname ) {
+			LDAP_FREE( name );
+		}
+		resolved = 1;
+	}
+	LDAP_MUTEX_UNLOCK( &ldap_int_hostname_mutex );
+}
 #endif

 #ifdef LDAP_R_COMPILE
@ -688,20 +707,6 @@ void ldap_int_initialize( struct ldapoptions *gopts, int *dbglvl )
 }
 #endif

-#if defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
-	LDAP_MUTEX_LOCK( &ldap_int_hostname_mutex );
-	{
-		char	*name = ldap_int_hostname;
-
-		ldap_int_hostname = ldap_pvt_get_fqdn( name );
-
-		if ( name != NULL && name != ldap_int_hostname ) {
-			LDAP_FREE( name );
-		}
-	}
-	LDAP_MUTEX_UNLOCK( &ldap_int_hostname_mutex );
-#endif
-
 #ifndef HAVE_POLL
 	if ( ldap_int_tblsize == 0 ) ldap_int_ip_init();
 #endif
--- a/libraries/libldap/ldap-int.h
+++ b/libraries/libldap/ldap-int.h
@ -743,6 +743,7 @@ LDAP_F (int) ldap_int_poll( LDAP *ld, ber_socket_t s,

 #if defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
 LDAP_V (char *) ldap_int_hostname;
+LDAP_F (void) ldap_int_resolve_hostname(void);
 LDAP_F (char *) ldap_host_connected_to( Sockbuf *sb,
 	const char *host );
 #endif
--- a/libraries/libldap/os-ip.c
+++ b/libraries/libldap/os-ip.c
@ -890,6 +890,8 @@ ldap_host_connected_to( Sockbuf *sb, const char *host )
 	 * this is necessary for kerberos to work right, since the official
 	 * hostname is used as the kerberos instance.
 	 */
+	if ( !ldap_int_hostname )
+		ldap_int_resolve_hostname();

 	switch (sa->sa_family) {
 #ifdef LDAP_PF_LOCAL
--- a/libraries/libldap/tls_g.c
+++ b/libraries/libldap/tls_g.c
@ -597,6 +597,9 @@ tlsg_session_chkhost( LDAP *ld, tls_session *session, const char *name_in )
 	int len1 = 0, len2 = 0;
 	int ntype = IS_DNS;

+	if ( !ldap_int_hostname )
+		ldap_int_resolve_hostname();
+
 	if( ldap_int_hostname &&
 		( !name_in || !strcasecmp( name_in, "localhost" ) ) )
 	{
--- a/libraries/libldap/tls_mt.c
+++ b/libraries/libldap/tls_mt.c
@ -463,6 +463,9 @@ tlsmt_session_chkhost( LDAP *ld, tls_session *sess, const char *name_in )
 	struct in_addr addr;
 #endif

+	if ( !ldap_int_hostname )
+		ldap_int_resolve_hostname();
+
 	if( ldap_int_hostname &&
 		( !name_in || !strcasecmp( name_in, "localhost" ) ) )
 	{
--- a/libraries/libldap/tls_o.c
+++ b/libraries/libldap/tls_o.c
@ -830,6 +830,9 @@ tlso_session_chkhost( LDAP *ld, tls_session *sess, const char *name_in )
 	struct in_addr addr;
 #endif

+	if ( !ldap_int_hostname )
+		ldap_int_resolve_hostname();
+
 	if( ldap_int_hostname &&
 		( !name_in || !strcasecmp( name_in, "localhost" ) ) )
 	{