Bug#573596: [rt.cpan.org #58478] SASL-related host canonicalisation misfeature
Dominic Hargreaves
dom at earth.li
Thu Jun 17 20:58:56 UTC 2010
On Thu, Jun 17, 2010 at 09:57:23PM +0100, Dominic Hargreaves wrote:
> [CCing Russ in case I need correcting at any point]
>
> On Thu, Jun 17, 2010 at 10:20:43AM -0400, Graham_Barr via RT wrote:
> > It is not broken. It is that there is more than one way to do it and there are users on both side of
> > the fence.
> >
> > As a result it was change so that the caller call $sasl->client_new and pass the result instead of
> > the sasl object itself.
> >
> > $sasl->client_new('ldap',$hostname);
> >
> > This way the caller has control over what hostname is used.
>
> Hi,
>
> I appreciate that the decision on whether to canonicalise is not always
> obvious and that you support overriding, but I believe that the reported
> issue with the code still applies in the current version: that peerhost
> returns a stringified IP address, not any form of actual hostname.
>
> Given you've decided to retain the canonicalisation feature, it would
> surely still be necessary to look up the name of the IP address.
>
> Note that the current behaviour happens to work with MIT kerberos but
> does not work with Heimdal.
And just to make explicit, there is a suggested improvement in the
Debian BTS:
# If we're talking to a round-robin, the canonical name of
# the host we are talking to might not match the name we
# requested
my $connected_ip = $ldap->{net_ldap_socket}->peeraddr;
my $connected_domain = $ldap->{net_ldap_socket}->sockdomain;
my $connected_name = gethostbyaddr($connected_ip, $connected_domain);
$connected_name ||= $ldap->{net_ldap_host};
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
More information about the pkg-perl-maintainers
mailing list