heimdal: avoid DNS search domain expansion
authorAndrew Tridgell <tridge@samba.org>
Mon, 27 Sep 2010 21:34:06 +0000 (14:34 -0700)
committerAndrew Tridgell <tridge@samba.org>
Mon, 27 Sep 2010 23:18:23 +0000 (23:18 +0000)
When you have a domain search list in resolv.conf, and one of the DNS
servers for a searched domain is uncontactable then we would timeout
resolving DNS names.

Avoid this by adding a '.' to the hostname if the hostname already has
a '.' in it, which we assume to mean it is fully qualified.

source4/heimdal/lib/krb5/krbhst.c

index 3bb00d287d1d3e856c746490a587735ad4f92b4f..4da3af2e828be0d4145abea8c81bf54f17e068d3 100644 (file)
@@ -370,9 +370,24 @@ krb5_krbhst_get_addrinfo(krb5_context context, krb5_krbhst_info *host,
     int ret;
 
     if (host->ai == NULL) {
+       char *hostname_dot = NULL;
        make_hints(&hints, host->proto);
        snprintf (portstr, sizeof(portstr), "%d", host->port);
-       ret = getaddrinfo(host->hostname, portstr, &hints, &host->ai);
+       if (strchr(host->hostname, '.') && 
+           host->hostname[strlen(host->hostname)-1] != '.') {
+               /* avoid expansion of search domains from resolv.conf
+                  - these can be very slow if the DNS server is not up
+                  for the searched domain */
+               hostname_dot = malloc(strlen(host->hostname)+2);
+               if (hostname_dot) {
+                       strcpy(hostname_dot, host->hostname);
+                       hostname_dot[strlen(host->hostname)] = '.';
+                       hostname_dot[strlen(host->hostname)+1] = 0;
+               }
+       }
+       ret = getaddrinfo(hostname_dot?hostname_dot:host->hostname, portstr, &hints, &host->ai);
+       if (hostname_dot) 
+               free(hostname_dot);
        if (ret)
            return krb5_eai_to_heim_errno(ret, errno);
     }