Github user anmolnar commented on a diff in the pull request:
https://github.com/apache/zookeeper/pull/648#discussion_r221613169
--- Diff: src/java/main/org/apache/zookeeper/ClientCnxn.java ---
@@ -997,12 +999,31 @@ private void startConnect(InetSocketAddress addr)
throws IOException {
setName(getName().replaceAll("\\(.*\\)",
"(" + addr.getHostName() + ":" + addr.getPort() +
")"));
if (ZooKeeperSaslClient.isEnabled()) {
+ String hostName = addr.getHostName();
+
+ boolean canonicalize = true;
+ try {
+ canonicalize =
Boolean.parseBoolean(System.getProperty(ZK_SASL_CLIENT_CANONICALIZE_HOSTNAME,
"true"));
+ } catch (IllegalArgumentException ea) {
+ //ignored ...
+ }
+
+ if (canonicalize) {
+ InetAddress ia = addr.getAddress();
+ if (ia == null) {
+ throw new IllegalArgumentException("Connection
address should have already been resolved by the HostProvider.");
+ }
+ //Update the actual address so we are
+ hostName = ia.getCanonicalHostName();
--- End diff --
You might want to do the following:
```java
String canonicalHostName = ia.getCanonicalHostName();
if (!canonicalHostName.equals(ia.getHostAddress())) {
hostName = canonicalHostName;
}
```
In order to avoid using literal IP address when security check fails.
---
