Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit96ed0b8

Browse files
committed
Don't set PAM_RHOST for Unix sockets.
Since commit2f1d2b7 we have set PAM_RHOST to "[local]" for Unixsockets. This caused Linux PAM's libaudit integration to make DNSrequests for that name. It's not exactly clear what value PAM_RHOSTshould have in that case, but it seems clear that we shouldn't set itto an unresolvable name, so don't do that.Back-patch to 9.6. Bug #15520.Author: Thomas MunroReviewed-by: Peter EisentrautReported-by: Albert SchabhuetlDiscussion:https://postgr.es/m/15520-4c266f986998e1c5%40postgresql.org
1 parent4e7395d commit96ed0b8

File tree

1 file changed

+30
-20
lines changed

1 file changed

+30
-20
lines changed

‎src/backend/libpq/auth.c

Lines changed: 30 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -2158,18 +2158,6 @@ CheckPAMAuth(Port *port, char *user, char *password)
21582158
{
21592159
intretval;
21602160
pam_handle_t*pamh=NULL;
2161-
charhostinfo[NI_MAXHOST];
2162-
2163-
retval=pg_getnameinfo_all(&port->raddr.addr,port->raddr.salen,
2164-
hostinfo,sizeof(hostinfo),NULL,0,
2165-
port->hba->pam_use_hostname ?0 :NI_NUMERICHOST |NI_NUMERICSERV);
2166-
if (retval!=0)
2167-
{
2168-
ereport(WARNING,
2169-
(errmsg_internal("pg_getnameinfo_all() failed: %s",
2170-
gai_strerror(retval))));
2171-
returnSTATUS_ERROR;
2172-
}
21732161

21742162
/*
21752163
* We can't entirely rely on PAM to pass through appdata --- it appears
@@ -2215,15 +2203,37 @@ CheckPAMAuth(Port *port, char *user, char *password)
22152203
returnSTATUS_ERROR;
22162204
}
22172205

2218-
retval=pam_set_item(pamh,PAM_RHOST,hostinfo);
2219-
2220-
if (retval!=PAM_SUCCESS)
2206+
if (port->hba->conntype!=ctLocal)
22212207
{
2222-
ereport(LOG,
2223-
(errmsg("pam_set_item(PAM_RHOST) failed: %s",
2224-
pam_strerror(pamh,retval))));
2225-
pam_passwd=NULL;
2226-
returnSTATUS_ERROR;
2208+
charhostinfo[NI_MAXHOST];
2209+
intflags;
2210+
2211+
if (port->hba->pam_use_hostname)
2212+
flags=0;
2213+
else
2214+
flags=NI_NUMERICHOST |NI_NUMERICSERV;
2215+
2216+
retval=pg_getnameinfo_all(&port->raddr.addr,port->raddr.salen,
2217+
hostinfo,sizeof(hostinfo),NULL,0,
2218+
flags);
2219+
if (retval!=0)
2220+
{
2221+
ereport(WARNING,
2222+
(errmsg_internal("pg_getnameinfo_all() failed: %s",
2223+
gai_strerror(retval))));
2224+
returnSTATUS_ERROR;
2225+
}
2226+
2227+
retval=pam_set_item(pamh,PAM_RHOST,hostinfo);
2228+
2229+
if (retval!=PAM_SUCCESS)
2230+
{
2231+
ereport(LOG,
2232+
(errmsg("pam_set_item(PAM_RHOST) failed: %s",
2233+
pam_strerror(pamh,retval))));
2234+
pam_passwd=NULL;
2235+
returnSTATUS_ERROR;
2236+
}
22272237
}
22282238

22292239
retval=pam_set_item(pamh,PAM_CONV,&pam_passw_conv);

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp