[PATCH] Use getaddrinfo() with AI_CANONNAME flag to resolve canonical name in SSPI authentication code

Ivan Zhakov ivan at visualsvn.com
Tue Jun 7 10:49:58 EDT 2011


Hi,

We found that neon can freeze for several seconds when trying to do
reverse lookup to resolve canonical name to build SPN name for SSPI
authentication, when reverse lookup is not configured on DNS. The
better way to resolve canonical hostname is to use getaddrinfo()
function with AI_CANNONNAME flag. The attached patch fixes this issue.

PS: getaddrinfo() is already available since Windows 2000.

-- 
Ivan Zhakov
-------------- next part --------------
Index: src/ne_sspi.c
===================================================================
--- src/ne_sspi.c	(revision 1845)
+++ src/ne_sspi.c	(working copy)
@@ -29,6 +29,13 @@
 
 #ifdef HAVE_SSPI
 
+#ifdef WIN32
+#include <winsock2.h>
+#include <stddef.h>
+#include <ws2tcpip.h>
+#include <wspiapi.h>
+#endif
+
 #define SEC_SUCCESS(Status) ((Status) >= 0)
 
 #ifndef SECURITY_ENTRYPOINT   /* Missing in MingW 3.7 */
@@ -337,34 +344,33 @@
  */
 static char *canonical_hostname(const char *serverName)
 {
+    struct addrinfo hints;
+    struct addrinfo *addrinfo;
     char *hostname;
-    ne_sock_addr *addresses;
-    
-    /* DNS resolution.  It would be useful to be able to use the
-     * AI_CANONNAME flag where getaddrinfo() is available, but the
-     * reverse-lookup is sufficient and simpler. */
-    addresses = ne_addr_resolve(serverName, 0);
-    if (ne_addr_result(addresses)) {
-        /* Lookup failed */
-        char buf[256];
+
+    /* We're using getaddrinfo() with AI_CANONNAME flag to resolve
+     * canonical hostname. This is Windows specific code and
+     * getaddrinfo() is available since Windows 2000. */
+
+    ZeroMemory(&hints, sizeof(hints));
+    hints.ai_flags = AI_CANONNAME;
+
+    if (getaddrinfo(serverName, NULL, &hints, &addrinfo)) {
         NE_DEBUG(NE_DBG_HTTPAUTH,
-                 "sspi: Could not resolve IP address for `%s': %s\n",
-                 serverName, ne_addr_error(addresses, buf, sizeof buf));
+                 "sspi: Could not resolve canonical name for `%s'.\n",
+                 serverName);
         hostname = ne_strdup(serverName);
-    } else {
-        char hostbuffer[256];
-        const ne_inet_addr *address = ne_addr_first(addresses);
+    }
 
-        if (ne_iaddr_reverse(address, hostbuffer, sizeof hostbuffer) == 0) {
-            hostname = ne_strdup(hostbuffer);
-        } else {
-            NE_DEBUG(NE_DBG_HTTPAUTH, "sspi: Could not resolve host name"
-                     "from IP address for `%s'\n", serverName);
-            hostname = ne_strdup(serverName);
-        }
+    if (addrinfo && addrinfo->ai_canonname) {
+        hostname = ne_strdup(addrinfo->ai_canonname);
     }
+    else {
+        hostname = ne_strdup(serverName);
+    }
 
-    ne_addr_destroy(addresses);
+    freeaddrinfo(addrinfo);
+    
     return hostname;
 }
 


More information about the neon mailing list