NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit5405576

committed

Fix encrypted-LDAP support so that it doesn't cause the server to fail

entirely on older Windows platforms without the needed library function.Magnus Hagander

1 parentd7c310c commit5405576Copy full SHA for 5405576

File tree

2 files changed

+39

-8

lines changed

doc/src/sgml
- client-auth.sgml
src/backend/libpq
- auth.c

2 files changed

+39

-8

lines changed

`‎doc/src/sgml/client-auth.sgml‎`

Lines changed: 3 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.91 2006/06/18 15:38:35 petere Exp $ -->`
	`1`	`+<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.92 2006/08/21 19:21:38 tgl Exp $ -->`
`2`	`2`
`3`	`3`	`<chapter id="client-authentication">`
`4`	`4`	`<title>Client Authentication</title>`
`@@ -938,7 +938,8 @@ ldap://ldap.example.net/dc=example,dc=net;EXAMPLE\`
`938`	`938`	`and the LDAP server. The connection between the client and the`
`939`	`939`	`PostgreSQL server is not affected by this setting. To make use of`
`940`	`940`	`TLS encryption, you may need to configure the LDAP library prior`
`941`		`- to configuring PostgreSQL.`
	`941`	`+ to configuring PostgreSQL. Note that encrypted LDAP is available only`
	`942`	`+ if the platform's LDAP library supports it.`
`942`	`943`	`</para>`
`943`	`944`	`<para>`
`944`	`945`	`If no port is specified, the default port as configured in the`

`‎src/backend/libpq/auth.c‎`

Lines changed: 36 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`*`
`9`	`9`	`*`
`10`	`10`	`* IDENTIFICATION`
`11`		`- * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.139 2006/07/14 14:52:19 momjian Exp $`
	`11`	`+ * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.140 2006/08/21 19:21:38 tgl Exp $`
`12`	`12`	`*`
`13`	`13`	`*-------------------------------------------------------------------------`
`14`	`14`	`*/`
`@@ -73,13 +73,10 @@ static Port pam_port_cludge;/ Workaround for passing "Port *port" into`
`73`	`73`	`#defineLDAP_DEPRECATED 1`
`74`	`74`	`#include<ldap.h>`
`75`	`75`	`#else`
`76`		`-/* Header broken in MingW */`
`77`		`-#defineldap_start_tls_sA __BROKEN_LDAP_HEADER`
`78`	`76`	`#include<winldap.h>`
`79`		`-#undef ldap_start_tls_sA`
`80`	`77`
`81`	`78`	`/* Correct header from the Platform SDK */`
`82`		`-WINLDAPAPIULONGldap_start_tls_sA(`
	`79`	`+typedefULONG(WINLDAPAPI*__ldap_start_tls_sA)(`
`83`	`80`	`INPLDAPExternalHandle,`
`84`	`81`	`OUTPULONGServerReturnValue,`
`85`	`82`	`OUTLDAPMessage**result,`
`@@ -713,6 +710,8 @@ CheckPAMAuth(Port port, char user, char *password)`
`713`	`710`	`staticint`
`714`	`711`	`CheckLDAPAuth(Port*port)`
`715`	`712`	`{`
	`713`	`+static__ldap_start_tls_sA_ldap_start_tls_sA=NULL;`
	`714`	`+`
`716`	`715`	`char*passwd;`
`717`	`716`	`charserver[128];`
`718`	`717`	`charbasedn[128];`
`@@ -810,7 +809,38 @@ CheckLDAPAuth(Port *port)`
`810`	`809`	`#ifndefWIN32`
`811`	`810`	`if ((r=ldap_start_tls_s(ldap,NULL,NULL))!=LDAP_SUCCESS)`
`812`	`811`	`#else`
`813`		`-if ((r=ldap_start_tls_sA(ldap,NULL,NULL,NULL,NULL))!=LDAP_SUCCESS)`
	`812`	`+if (_ldap_start_tls_sA==NULL)`
	`813`	`+{`
	`814`	`+/*`
	`815`	`+ * Need to load this function dynamically because it does not`
	`816`	`+ * exist on Windows 2000, and causes a load error for the whole`
	`817`	`+ * exe if referenced.`
	`818`	`+ */`
	`819`	`+HANDLEldaphandle;`
	`820`	`+`
	`821`	`+ldaphandle=LoadLibrary("WLDAP32.DLL");`
	`822`	`+if (ldaphandle==NULL)`
	`823`	`+{`
	`824`	`+/* should never happen since we import other files from wldap32, but check anyway */`
	`825`	`+ereport(LOG,`
	`826`	`+(errmsg("could not load wldap32.dll")));`
	`827`	`+returnSTATUS_ERROR;`
	`828`	`+}`
	`829`	`+_ldap_start_tls_sA= (__ldap_start_tls_sA)GetProcAddress(ldaphandle,"ldap_start_tls_sA");`
	`830`	`+if (_ldap_start_tls_sA==NULL)`
	`831`	`+{`
	`832`	`+ereport(LOG,`
	`833`	`+(errmsg("could not load function _ldap_start_tls_sA in wldap32.dll. LDAP over SSL is not supported on this platform.")));`
	`834`	`+returnSTATUS_ERROR;`
	`835`	`+}`
	`836`	`+`
	`837`	`+/*`
	`838`	`+ * Leak ldaphandle on purpose, because we need the library to stay`
	`839`	`+ * open. This is ok because it will only ever be leaked once per`
	`840`	`+ * process and is automatically cleaned up on process exit.`
	`841`	`+ */`
	`842`	`+}`
	`843`	`+if ((r=_ldap_start_tls_sA(ldap,NULL,NULL,NULL,NULL))!=LDAP_SUCCESS)`
`814`	`844`	`#endif`
`815`	`845`	`{`
`816`	`846`	`ereport(LOG,`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit5405576

File tree

2 files changed

2 files changed

`‎doc/src/sgml/client-auth.sgml‎`

`‎src/backend/libpq/auth.c‎`

0 commit comments