NotificationsYou must be signed in to change notification settings
Fork28
Star151

Commitc46c85d

committed

Handle errors during GSSAPI startup better

There was some confusion over the format of the error message returnedfrom the server during GSSAPI startup; specifically, it was expectedthat a length would be returned when, in reality, at this early stage inthe startup sequence, no length is returned from the server as part ofan error message.Correct the client-side code for dealing with error messages sent by theserver during startup by simply reading what's available into ourbuffer, after we've discovered it's an error message, and then reportingback what was returned.In passing, also add in documentation of the environment variablePGGSSENCMODE which was missed previously, and adjust the code to lookfor the PGGSSENCMODE variable (the environment variable change wasmissed in the prior GSSMODE -> GSSENCMODE commit).Error-handling issue discovered by Peter Eisentraut, the rest were itemsdiscovered during testing of the error handling.

1 parentbfc8068 commitc46c85dCopy full SHA for c46c85d

File tree

3 files changed

+20

-28

lines changed

doc/src/sgml
- libpq.sgml
src/interfaces/libpq
- fe-connect.c
- fe-secure-gssapi.c

3 files changed

+20

-28

lines changed

`‎doc/src/sgml/libpq.sgml`

Lines changed: 10 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -7495,6 +7495,16 @@ myEventProc(PGEventId evtId, void evtInfo, void passThrough)`
`7495`	`7495`	`</para>`
`7496`	`7496`	`</listitem>`
`7497`	`7497`
	`7498`	`+ <listitem>`
	`7499`	`+ <para>`
	`7500`	`+ <indexterm>`
	`7501`	`+ <primary><envar>PGGSSENCMODE</envar></primary>`
	`7502`	`+ </indexterm>`
	`7503`	`+ <envar>PGGSSENCMODE</envar> behaves the same as the <xref`
	`7504`	`+ linkend="libpq-connect-gssencmode"/> connection parameter.`
	`7505`	`+ </para>`
	`7506`	`+ </listitem>`
	`7507`	`+`
`7498`	`7508`	`<listitem>`
`7499`	`7509`	`<para>`
`7500`	`7510`	`<indexterm>`

`‎src/interfaces/libpq/fe-connect.c`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -308,7 +308,7 @@ static const internalPQconninfoOption PQconninfoOptions[] = {`
`308`	`308`	`* Expose gssencmode similarly to sslmode - we can still handle "disable"`
`309`	`309`	`* and "prefer".`
`310`	`310`	`*/`
`311`		`-{"gssencmode","PGGSSMODE",DefaultGSSMode,NULL,`
	`311`	`+{"gssencmode","PGGSSENCMODE",DefaultGSSMode,NULL,`
`312`	`312`	`"GSS-Mode","",7,/* sizeof("disable") == 7 */`
`313`	`313`	`offsetof(structpg_conn,gssencmode)},`
`314`	`314`
`@@ -1875,7 +1875,7 @@ connectDBStart(PGconn *conn)`
`1875`	`1875`	`resetPQExpBuffer(&conn->errorMessage);`
`1876`	`1876`
`1877`	`1877`	`#ifdefENABLE_GSS`
`1878`		`-if (conn->gssencmode[0]=='d')/* "disable" */`
	`1878`	`+if (conn->gssencmode[0]=='d')/* "disable" */`
`1879`	`1879`	`conn->try_gss= false;`
`1880`	`1880`	`#endif`
`1881`	`1881`

`‎src/interfaces/libpq/fe-secure-gssapi.c`

Lines changed: 8 additions & 26 deletions

Original file line number	Diff line number	Diff line change
`@@ -459,42 +459,24 @@ pqsecure_open_gss(PGconn *conn)`
`459`	`459`	`*`
`460`	`460`	`* This is safe to do because we shouldn't ever get a packet over 8192`
`461`	`461`	`* and therefore the actual length bytes, being that they are in`
`462`		`- * network byte order, for any real packet will be two zero bytes.`
	`462`	`+ * network byte order, for any real packet will start with two zero`
	`463`	`+ * bytes.`
`463`	`464`	`*/`
`464`	`465`	`if (PqGSSRecvBuffer[0]=='E')`
`465`	`466`	`{`
`466`	`467`	`/*`
`467`		`- * For an error message, the length is after the E, so read one`
`468`		`- * more byte to get the full length`
	`468`	`+ * For an error packet during startup, we don't get a length, so`
	`469`	`+ * simply read as much as we can fit into our buffer (as a string,`
	`470`	`+ * so leave a spot at the end for a NULL byte too) and report that`
	`471`	`+ * back to the caller.`
`469`	`472`	`*/`
`470`		`-result=gss_read(conn,PqGSSRecvBuffer+PqGSSRecvLength,1,&ret);`
	`473`	`+result=gss_read(conn,PqGSSRecvBuffer+PqGSSRecvLength,PQ_GSS_RECV_BUFFER_SIZE-PqGSSRecvLength-1,&ret);`
`471`	`474`	`if (result!=PGRES_POLLING_OK)`
`472`	`475`	`returnresult;`
`473`	`476`
`474`	`477`	`PqGSSRecvLength+=ret;`
`475`	`478`
`476`		`-if (PqGSSRecvLength<1+sizeof(uint32))`
`477`		`-returnPGRES_POLLING_READING;`
`478`		`-`
`479`		`-input.length=ntohl((uint32)PqGSSRecvBuffer+1);`
`480`		`-if (input.length>PQ_GSS_RECV_BUFFER_SIZE-sizeof(uint32)-1)`
`481`		`-{`
`482`		`-printfPQExpBuffer(&conn->errorMessage,libpq_gettext("Over-size error packet sent by the server."));`
`483`		`-returnPGRES_POLLING_FAILED;`
`484`		`-}`
`485`		`-`
`486`		`-result=gss_read(conn,PqGSSRecvBuffer+PqGSSRecvLength,input.length-PqGSSRecvLength-1-sizeof(uint32),&ret);`
`487`		`-if (result!=PGRES_POLLING_OK)`
`488`		`-returnresult;`
`489`		`-`
`490`		`-PqGSSRecvLength+=ret;`
`491`		`-`
`492`		`-if (PqGSSRecvLength<1+sizeof(uint32)+input.length)`
`493`		`-returnPGRES_POLLING_READING;`
`494`		`-`
`495`		`-printfPQExpBuffer(&conn->errorMessage,`
`496`		`-libpq_gettext("Server error: %s"),`
`497`		`-PqGSSRecvBuffer+1+sizeof(int32));`
	`479`	`+printfPQExpBuffer(&conn->errorMessage,"%s",PqGSSRecvBuffer+1);`
`498`	`480`
`499`	`481`	`returnPGRES_POLLING_FAILED;`
`500`	`482`	`}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitc46c85d

File tree

3 files changed

3 files changed

`‎doc/src/sgml/libpq.sgml`

`‎src/interfaces/libpq/fe-connect.c`

`‎src/interfaces/libpq/fe-secure-gssapi.c`

0 commit comments