Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit0f9cdd7

Browse files
committed
Don't set PAM_RHOST for Unix sockets.
Since commit2f1d2b7 we have set PAM_RHOST to "[local]" for Unixsockets. This caused Linux PAM's libaudit integration to make DNSrequests for that name. It's not exactly clear what value PAM_RHOSTshould have in that case, but it seems clear that we shouldn't set itto an unresolvable name, so don't do that.Back-patch to 9.6. Bug #15520.Author: Thomas MunroReviewed-by: Peter EisentrautReported-by: Albert SchabhuetlDiscussion:https://postgr.es/m/15520-4c266f986998e1c5%40postgresql.org
1 parentf69c959 commit0f9cdd7

File tree

1 file changed

+30
-20
lines changed

1 file changed

+30
-20
lines changed

‎src/backend/libpq/auth.c

Lines changed: 30 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -2162,18 +2162,6 @@ CheckPAMAuth(Port *port, const char *user, const char *password)
21622162
{
21632163
intretval;
21642164
pam_handle_t*pamh=NULL;
2165-
charhostinfo[NI_MAXHOST];
2166-
2167-
retval=pg_getnameinfo_all(&port->raddr.addr,port->raddr.salen,
2168-
hostinfo,sizeof(hostinfo),NULL,0,
2169-
port->hba->pam_use_hostname ?0 :NI_NUMERICHOST |NI_NUMERICSERV);
2170-
if (retval!=0)
2171-
{
2172-
ereport(WARNING,
2173-
(errmsg_internal("pg_getnameinfo_all() failed: %s",
2174-
gai_strerror(retval))));
2175-
returnSTATUS_ERROR;
2176-
}
21772165

21782166
/*
21792167
* We can't entirely rely on PAM to pass through appdata --- it appears
@@ -2219,15 +2207,37 @@ CheckPAMAuth(Port *port, const char *user, const char *password)
22192207
returnSTATUS_ERROR;
22202208
}
22212209

2222-
retval=pam_set_item(pamh,PAM_RHOST,hostinfo);
2223-
2224-
if (retval!=PAM_SUCCESS)
2210+
if (port->hba->conntype!=ctLocal)
22252211
{
2226-
ereport(LOG,
2227-
(errmsg("pam_set_item(PAM_RHOST) failed: %s",
2228-
pam_strerror(pamh,retval))));
2229-
pam_passwd=NULL;
2230-
returnSTATUS_ERROR;
2212+
charhostinfo[NI_MAXHOST];
2213+
intflags;
2214+
2215+
if (port->hba->pam_use_hostname)
2216+
flags=0;
2217+
else
2218+
flags=NI_NUMERICHOST |NI_NUMERICSERV;
2219+
2220+
retval=pg_getnameinfo_all(&port->raddr.addr,port->raddr.salen,
2221+
hostinfo,sizeof(hostinfo),NULL,0,
2222+
flags);
2223+
if (retval!=0)
2224+
{
2225+
ereport(WARNING,
2226+
(errmsg_internal("pg_getnameinfo_all() failed: %s",
2227+
gai_strerror(retval))));
2228+
returnSTATUS_ERROR;
2229+
}
2230+
2231+
retval=pam_set_item(pamh,PAM_RHOST,hostinfo);
2232+
2233+
if (retval!=PAM_SUCCESS)
2234+
{
2235+
ereport(LOG,
2236+
(errmsg("pam_set_item(PAM_RHOST) failed: %s",
2237+
pam_strerror(pamh,retval))));
2238+
pam_passwd=NULL;
2239+
returnSTATUS_ERROR;
2240+
}
22312241
}
22322242

22332243
retval=pam_set_item(pamh,PAM_CONV,&pam_passw_conv);

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp