From d7a326be26ef1b850963dad02a7ae9fa4b4480e6 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Tue, 22 Apr 2003 01:17:23 +0000 Subject: [PATCH] Don't do (unsafe) DNS reverse lookups. HEADS UP: May break some Kerberos deployments. --- libraries/libldap/ldap-int.h | 3 ++- libraries/libldap/open.c | 7 ++++--- libraries/libldap/os-ip.c | 21 +++++++++++++-------- 3 files changed, 19 insertions(+), 12 deletions(-) diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h index 2d63291ae7..a6f940107c 100644 --- a/libraries/libldap/ldap-int.h +++ b/libraries/libldap/ldap-int.h @@ -441,7 +441,8 @@ LDAP_F (int) ldap_connect_to_host( LDAP *ld, Sockbuf *sb, #if defined(LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND) || \ defined(HAVE_TLS) || defined(HAVE_CYRUS_SASL) LDAP_V (char *) ldap_int_hostname; -LDAP_F (char *) ldap_host_connected_to( Sockbuf *sb ); +LDAP_F (char *) ldap_host_connected_to( Sockbuf *sb, + const char *host ); #endif LDAP_F (void) ldap_int_ip_init( void ); diff --git a/libraries/libldap/open.c b/libraries/libldap/open.c index ea51f91c0a..2b27a9ac3f 100644 --- a/libraries/libldap/open.c +++ b/libraries/libldap/open.c @@ -280,7 +280,7 @@ ldap_int_open_connection( LBER_SBIOD_LEVEL_PROVIDER, NULL ); #ifdef HAVE_CYRUS_SASL - sasl_host = ldap_host_connected_to( conn->lconn_sb ); + sasl_host = ldap_host_connected_to( conn->lconn_sb, host ); #endif break; @@ -327,7 +327,7 @@ ldap_int_open_connection( LBER_SBIOD_LEVEL_PROVIDER, NULL ); #ifdef HAVE_CYRUS_SASL - sasl_host = ldap_host_connected_to( conn->lconn_sb ); + sasl_host = ldap_host_connected_to( conn->lconn_sb, "localhost" ); #endif break; #endif /* LDAP_PF_LOCAL */ @@ -383,7 +383,8 @@ ldap_int_open_connection( #ifdef LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND if ( conn->lconn_krbinstance == NULL ) { char *c; - conn->lconn_krbinstance = ldap_host_connected_to( conn->lconn_sb ); + conn->lconn_krbinstance = ldap_host_connected_to( + conn->lconn_sb, host ); if( conn->lconn_krbinstance != NULL && ( c = strchr( conn->lconn_krbinstance, '.' )) != NULL ) { diff --git a/libraries/libldap/os-ip.c b/libraries/libldap/os-ip.c index ccd24b6db7..5d097e415f 100644 --- a/libraries/libldap/os-ip.c +++ b/libraries/libldap/os-ip.c @@ -506,7 +506,7 @@ ldap_connect_to_host(LDAP *ld, Sockbuf *sb, #if defined( LDAP_API_FEATURE_X_OPENLDAP_V2_KBIND ) || \ defined( HAVE_CYRUS_SASL ) char * -ldap_host_connected_to( Sockbuf *sb ) +ldap_host_connected_to( Sockbuf *sb, const char *host ) { socklen_t len; #ifdef LDAP_PF_INET6 @@ -515,8 +515,6 @@ ldap_host_connected_to( Sockbuf *sb ) struct sockaddr sabuf; #endif struct sockaddr *sa = (struct sockaddr *) &sabuf; - char *host = NULL, *herr; - char hbuf[NI_MAXHOST]; int rc; ber_socket_t sd; @@ -579,14 +577,21 @@ ldap_host_connected_to( Sockbuf *sb ) break; } - hbuf[0] = 0; - if (ldap_pvt_get_hname( sa, len, hbuf, sizeof(hbuf), &herr ) == 0 && - hbuf[0] ) +#if 0 { - host = LDAP_STRDUP( hbuf ); + char *herr; + char hbuf[NI_MAXHOST]; + hbuf[0] = 0; + + if (ldap_pvt_get_hname( sa, len, hbuf, sizeof(hbuf), &herr ) == 0 + && hbuf[0] ) + { + return LDAP_STRDUP( hbuf ); + } } +#endif - return host; + return host ? LDAP_STRDUP( host ) : NULL; } #endif -- 2.39.5