From 8977a80b6631a5547ff8b6d1044b554a0ba06e75 Mon Sep 17 00:00:00 2001
From: Elvis Pranskevichus <elvis@edgedb.com>
Date: Wed, 17 Jul 2024 16:09:28 -0700
Subject: [PATCH] Don't attempt to canonicalize peer name in
 Kerberos/GSSAPI/SSPI auth

libpq does not canonicalize and neither should we, because:

1) it's likely the wrong thing to do and removes control from the user;
2) it introduces a blocking DNS lookup into an async path, which is not
   great.
---
 asyncpg/protocol/coreproto.pyx | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/asyncpg/protocol/coreproto.pyx b/asyncpg/protocol/coreproto.pyx
index fd65327b..f261cfe2 100644
--- a/asyncpg/protocol/coreproto.pyx
+++ b/asyncpg/protocol/coreproto.pyx
@@ -747,15 +747,12 @@ cdef class CoreProtocol:
 
     cdef _auth_gss_get_spn(self):
         service_name = self.con_params.krbsrvname or 'postgres'
-        # find the canonical name of the server host
         if isinstance(self.address, str):
             raise apg_exc.InternalClientError(
                 'GSSAPI/SSPI authentication is only supported for TCP/IP '
                 'connections')
 
-        host = self.address[0]
-        host_cname = socket.gethostbyname_ex(host)[0]
-        return f'{service_name}/{host_cname}'
+        return f'{service_name}/{self.address[0]}'
 
     cdef _auth_gss_step(self, bytes server_response):
         cdef: