Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commit06b844c

Browse files
committed
Fix bugs in libpq's GSSAPI encryption support.
The critical issue fixed here is that if a GSSAPI-encrypted connectionis successfully made, pqsecure_open_gss() cleared conn->allow_ssl_try,as an admittedly-hacky way of preventing us from then trying to tunnelSSL encryption over the already-encrypted connection. The problemwith that is that if we abandon the GSSAPI connection because of afailure during authentication, we would not attempt SSL encryptionin the next try with the same server. This can lead to unexpectedconnection failure, or silently getting a non-encrypted connectionwhere an encrypted one is expected.Fortunately, we'd only manage to make a GSSAPI-encrypted connectionif both client and server hold valid tickets in the same Kerberosinfrastructure, which is a relatively uncommon environment.Nonetheless this is a very nasty bug with potential securityconsequences. To fix, don't reset the flag, instead adding acheck for conn->gssenc being already true when deciding whetherto try to initiate SSL.While here, fix some lesser issues in libpq's GSSAPI code:* Use the need_new_connection stanza when dropping an attemptedGSSAPI connection, instead of partially duplicating that code.The consequences of this are pretty minor: AFAICS it could onlylead to auth_req_received or password_needed remaining set whenthey shouldn't, which is not too harmful.* Fix pg_GSS_error() to not repeat the "mprefix" it's given multipletimes, and to notice any failure return from gss_display_status().* Avoid gratuitous dependency on NI_MAXHOST inpg_GSS_load_servicename().Per report from Mikael Gustavsson. Back-patch to v12 wherethis code was introduced.Discussion:https://postgr.es/m/e5b0b6ed05764324a2f3fe7acfc766d5@smhi.se
1 parent31d2b11 commit06b844c

File tree

3 files changed

+29
-28
lines changed

3 files changed

+29
-28
lines changed

‎src/interfaces/libpq/fe-connect.c

Lines changed: 14 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -2904,11 +2904,16 @@ PQconnectPoll(PGconn *conn)
29042904
#ifdefUSE_SSL
29052905

29062906
/*
2907-
* If SSL is enabled and we haven't already got it running,
2908-
* request it instead of sending the startup message.
2907+
* If SSL is enabled and we haven't already got encryption of
2908+
* some sort running, request SSL instead of sending the
2909+
* startup message.
29092910
*/
29102911
if (conn->allow_ssl_try&& !conn->wait_ssl_try&&
2911-
!conn->ssl_in_use)
2912+
!conn->ssl_in_use
2913+
#ifdefENABLE_GSS
2914+
&& !conn->gssenc
2915+
#endif
2916+
)
29122917
{
29132918
ProtocolVersionpv;
29142919

@@ -3037,6 +3042,7 @@ PQconnectPoll(PGconn *conn)
30373042
}
30383043
/* Otherwise, proceed with normal startup */
30393044
conn->allow_ssl_try= false;
3045+
/* We can proceed using this connection */
30403046
conn->status=CONNECTION_MADE;
30413047
returnPGRES_POLLING_WRITING;
30423048
}
@@ -3134,8 +3140,7 @@ PQconnectPoll(PGconn *conn)
31343140
* don't hang up the socket, though.
31353141
*/
31363142
conn->try_gss= false;
3137-
pqDropConnection(conn, true);
3138-
conn->status=CONNECTION_NEEDED;
3143+
need_new_connection= true;
31393144
gotokeep_going;
31403145
}
31413146

@@ -3153,6 +3158,7 @@ PQconnectPoll(PGconn *conn)
31533158
}
31543159

31553160
conn->try_gss= false;
3161+
/* We can proceed using this connection */
31563162
conn->status=CONNECTION_MADE;
31573163
returnPGRES_POLLING_WRITING;
31583164
}
@@ -3181,8 +3187,7 @@ PQconnectPoll(PGconn *conn)
31813187
* the current connection to do so, though.
31823188
*/
31833189
conn->try_gss= false;
3184-
pqDropConnection(conn, true);
3185-
conn->status=CONNECTION_NEEDED;
3190+
need_new_connection= true;
31863191
gotokeep_going;
31873192
}
31883193
returnpollres;
@@ -3349,10 +3354,9 @@ PQconnectPoll(PGconn *conn)
33493354
*/
33503355
if (conn->gssenc&&conn->gssencmode[0]=='p')
33513356
{
3352-
/*postmaster expects us to drop the connection */
3357+
/*only retry once */
33533358
conn->try_gss= false;
3354-
pqDropConnection(conn, true);
3355-
conn->status=CONNECTION_NEEDED;
3359+
need_new_connection= true;
33563360
gotokeep_going;
33573361
}
33583362
#endif

‎src/interfaces/libpq/fe-gssapi-common.c

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -20,20 +20,21 @@
2020

2121
/*
2222
* Fetch all errors of a specific type and append to "str".
23+
* Each error string is preceded by a space.
2324
*/
2425
staticvoid
25-
pg_GSS_error_int(PQExpBufferstr,constchar*mprefix,
26-
OM_uint32stat,inttype)
26+
pg_GSS_error_int(PQExpBufferstr,OM_uint32stat,inttype)
2727
{
2828
OM_uint32lmin_s;
2929
gss_buffer_desclmsg;
3030
OM_uint32msg_ctx=0;
3131

3232
do
3333
{
34-
gss_display_status(&lmin_s,stat,type,
35-
GSS_C_NO_OID,&msg_ctx,&lmsg);
36-
appendPQExpBuffer(str,"%s: %s\n",mprefix, (char*)lmsg.value);
34+
if (gss_display_status(&lmin_s,stat,type,GSS_C_NO_OID,
35+
&msg_ctx,&lmsg)!=GSS_S_COMPLETE)
36+
break;
37+
appendPQExpBuffer(str," %s", (char*)lmsg.value);
3738
gss_release_buffer(&lmin_s,&lmsg);
3839
}while (msg_ctx);
3940
}
@@ -46,12 +47,11 @@ pg_GSS_error(const char *mprefix, PGconn *conn,
4647
OM_uint32maj_stat,OM_uint32min_stat)
4748
{
4849
resetPQExpBuffer(&conn->errorMessage);
49-
50-
/* Fetch major error codes */
51-
pg_GSS_error_int(&conn->errorMessage,mprefix,maj_stat,GSS_C_GSS_CODE);
52-
53-
/* Add the minor codes as well */
54-
pg_GSS_error_int(&conn->errorMessage,mprefix,min_stat,GSS_C_MECH_CODE);
50+
appendPQExpBuffer(&conn->errorMessage,"%s:",mprefix);
51+
pg_GSS_error_int(&conn->errorMessage,maj_stat,GSS_C_GSS_CODE);
52+
appendPQExpBufferChar(&conn->errorMessage,':');
53+
pg_GSS_error_int(&conn->errorMessage,min_stat,GSS_C_MECH_CODE);
54+
appendPQExpBufferChar(&conn->errorMessage,'\n');
5555
}
5656

5757
/*
@@ -103,7 +103,7 @@ pg_GSS_load_servicename(PGconn *conn)
103103
* Import service principal name so the proper ticket can be acquired by
104104
* the GSSAPI system.
105105
*/
106-
maxlen=NI_MAXHOST+strlen(conn->krbsrvname)+2;
106+
maxlen=strlen(conn->krbsrvname)+strlen(host)+2;
107107
temp_gbuf.value= (char*)malloc(maxlen);
108108
if (!temp_gbuf.value)
109109
{

‎src/interfaces/libpq/fe-secure-gssapi.c

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -647,17 +647,14 @@ pqsecure_open_gss(PGconn *conn)
647647
if (output.length==0)
648648
{
649649
/*
650-
* We're done - hooray!Kind of gross, but we need to disable SSL
651-
*here so that we don't accidentally tunnel one over the other.
650+
* We're done - hooray!Set flag to tell the low-level I/O routines
651+
*to do GSS wrapping/unwrapping.
652652
*/
653-
#ifdefUSE_SSL
654-
conn->allow_ssl_try= false;
655-
#endif
653+
conn->gssenc= true;
656654

657655
/* Clean up */
658656
gss_release_cred(&minor,&conn->gcred);
659657
conn->gcred=GSS_C_NO_CREDENTIAL;
660-
conn->gssenc= true;
661658
gss_release_buffer(&minor,&output);
662659

663660
/*

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp