mirror of
https://git.openldap.org/openldap/openldap.git
synced 2025-12-31 12:09:35 -05:00
Don't do (unsafe) DNS reverse lookups.
HEADS UP: May break some Kerberos deployments.
This commit is contained in:
Kurt Zeilenga
parent
cd66f42f90
commit
d7a326be26
3 changed files with 20 additions and 13 deletions
|
|
@ -441,7 +441,8 @@ LDAP_F (int) ldap_connect_to_host( LDAP *ld, Sockbuf *sb,
|
|||
#if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) || \
|
||||
defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL)
|
||||
LDAP_V (char *) ldap_int_hostname;
|
||||
LDAP_F (char *) ldap_host_connected_to( Sockbuf *sb );
|
||||
LDAP_F (char *) ldap_host_connected_to( Sockbuf *sb,
|
||||
const char *host );
|
||||
#endif
|
||||
|
||||
LDAP_F (void) ldap_int_ip_init( void );
|
||||
|
|
|
|||
|
|
@ -280,7 +280,7 @@ ldap_int_open_connection(
|
|||
LBER_SBIOD_LEVEL_PROVIDER, NULL );
|
||||
|
||||
#ifdef HAVE_CYRUS_SASL
|
||||
sasl_host = ldap_host_connected_to( conn->lconn_sb );
|
||||
sasl_host = ldap_host_connected_to( conn->lconn_sb, host );
|
||||
#endif
|
||||
break;
|
||||
|
||||
|
|
@ -327,7 +327,7 @@ ldap_int_open_connection(
|
|||
LBER_SBIOD_LEVEL_PROVIDER, NULL );
|
||||
|
||||
#ifdef HAVE_CYRUS_SASL
|
||||
sasl_host = ldap_host_connected_to( conn->lconn_sb );
|
||||
sasl_host = ldap_host_connected_to( conn->lconn_sb, "localhost" );
|
||||
#endif
|
||||
break;
|
||||
#endif /* LDAP_PF_LOCAL */
|
||||
|
|
@ -383,7 +383,8 @@ ldap_int_open_connection(
|
|||
#ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND
|
||||
if ( conn->lconn_krbinstance == NULL ) {
|
||||
char *c;
|
||||
conn->lconn_krbinstance = ldap_host_connected_to( conn->lconn_sb );
|
||||
conn->lconn_krbinstance = ldap_host_connected_to(
|
||||
conn->lconn_sb, host );
|
||||
|
||||
if( conn->lconn_krbinstance != NULL &&
|
||||
( c = strchr( conn->lconn_krbinstance, '.' )) != NULL ) {
|
||||
|
|
|
|||
|
|
@ -506,7 +506,7 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb,
|
|||
#if defined( LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND ) || \
|
||||
defined( HAVE_CYRUS_SASL )
|
||||
char *
|
||||
ldap_host_connected_to( Sockbuf *sb )
|
||||
ldap_host_connected_to( Sockbuf *sb, const char *host )
|
||||
{
|
||||
socklen_t len;
|
||||
#ifdef LDAP_PF_INET6
|
||||
|
|
@ -515,8 +515,6 @@ ldap_host_connected_to( Sockbuf *sb )
|
|||
struct sockaddr sabuf;
|
||||
#endif
|
||||
struct sockaddr *sa = (struct sockaddr *) &sabuf;
|
||||
char *host = NULL, *herr;
|
||||
char hbuf[NI_MAXHOST];
|
||||
int rc;
|
||||
ber_socket_t sd;
|
||||
|
||||
|
|
@ -579,14 +577,21 @@ ldap_host_connected_to( Sockbuf *sb )
|
|||
break;
|
||||
}
|
||||
|
||||
hbuf[0] = 0;
|
||||
if (ldap_pvt_get_hname( sa, len, hbuf, sizeof(hbuf), &herr ) == 0 &&
|
||||
hbuf[0] )
|
||||
#if 0
|
||||
{
|
||||
host = LDAP_STRDUP( hbuf );
|
||||
}
|
||||
char *herr;
|
||||
char hbuf[NI_MAXHOST];
|
||||
hbuf[0] = 0;
|
||||
|
||||
return host;
|
||||
if (ldap_pvt_get_hname( sa, len, hbuf, sizeof(hbuf), &herr ) == 0
|
||||
&& hbuf[0] )
|
||||
{
|
||||
return LDAP_STRDUP( hbuf );
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
return host ? LDAP_STRDUP( host ) : NULL;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue