The size of portstr is too small to print an integer.
Instead just let snprintf do the work.
This fixes building with GCC 7.1
Based on feedback by Jeffrey Altman
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930
(Inspired by Samba commit abd74c3ba5e3ee3f5320bff6ed7dff4fbcb79373)
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This reverts commit ccb63bb0aa, which was
unnecessary and broke tests/kdc/check-kadmin (and other things).
host->port happens to be an unsigned short, so that promotion to an integer in
the snprintf() call is safe in that the promoted value will still be
non-negative, and no larger than an unsigned short's maximum value. We're
still assuming that 7 bytes is sufficient to hold the text representation of
that maximum value, which indeed it is, assuming sizeof(unsigned short) == 2
and CHAR_BIT == 8, which are fair assumptions here. A better patch, if we
needed it, would be to just make portstr[] an array of 11 char, or perhaps make
it a VLA (but we can't yet use VLAs, I don't think, because of older Windows
systems that must be supported still).
The original motivation was to avoid extra timeouts when the network is
broken. However this doesn't avoid one of the timeouts and adds
complexity and introduced bugs.
To really suppress search lists use ndots.
Apending '.' to the hostname passed to `getaddrinfo()` is good for
avoiding extra timeouts when the search list is non-empty and the
network is broken, but searches in /etc/hosts are typically inhibited
then. The fix is to try again without the trailing '.' if the first
lookup failed for any reason other than a timeout.
In srv_find_realm() the conditional for testing whether an entry
is the invalid gTLD response was inverted. Refactor the conditional
into a helper function is_invalid_tld_srv_target(). Use the helper
to simplify the conditional making it easier to confirm that the
test is correct.
Change-Id: I3220753b5585ac535862c4617030377c7a1f4bbe
As per
https://www.icann.org/en/system/files/files/name-collision-mitigation-01aug14-en.pdf
prior to a new top-level domain being put into service there is controlled
interuption service which will return explicit responses to DNS A, MX, SRV, and TXT
queries that can be used to detect private namespace collisions.
When performing fallback_get_hosts() check the AF_INET responses to ensure
that they are not the gTLD name collision address 127.0.53.53. If so, add
an error message to the context and return KRB5_KDC_UNREACH.
Write a warning to the log (if any).
Change-Id: I2578f13948b8327cc3f06542c1e489f02410143a
As per
https://www.icann.org/en/system/files/files/name-collision-mitigation-01aug14-en.pdf
prior to a new top-level domain being put into service there is a
controlled interuption service which will return explicit responses to DNS
A, MX, SRV, and TXT queries that can be used to detect private namespace collisions.
Modify SRV records lookups to detect the special hostname returned in the
SRV response, skip the response, and record an appropriate error if it is detected.
Write a warning to the log (if any).
Change-Id: I47e049b617e39e49939bc92d513a547de1d04624
