NotificationsYou must be signed in to change notification settings
Fork5
Star26

Commit18d0ca2

committed

Fix Kerberos authentication in wake of virtual-hosts changes --- need

to call krb5_sname_to_principal() always. Also, use krb_srvname ratherthan the hardwired string 'postgres' as the appl_version string in thekrb5_sendauth/recvauth calls, to avoid breaking compatibility with PG8.0. Magnus Hagander

1 parent4909357 commit18d0ca2Copy full SHA for 18d0ca2

File tree

3 files changed

+30

-23

lines changed

src
- backend
  - libpq
    - auth.c
  - utils/misc
    - postgresql.conf.sample
- interfaces/libpq
  - fe-auth.c

3 files changed

+30

-23

lines changed

`‎src/backend/libpq/auth.c`

Lines changed: 27 additions & 20 deletions

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`*`
`9`	`9`	`*`
`10`	`10`	`* IDENTIFICATION`
`11`		`- * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.127 2005/07/25 04:52:31 tgl Exp $`
	`11`	`+ * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.128 2005/10/08 19:32:57 tgl Exp $`
`12`	`12`	`*`
`13`	`13`	`*-------------------------------------------------------------------------`
`14`	`14`	`*/`
`@@ -119,6 +119,7 @@ static int`
`119`	`119`	`pg_krb5_init(void)`
`120`	`120`	`{`
`121`	`121`	`krb5_error_coderetval;`
	`122`	`+char*khostname;`
`122`	`123`
`123`	`124`	`if (pg_krb5_initialised)`
`124`	`125`	`returnSTATUS_OK;`
`@@ -145,25 +146,31 @@ pg_krb5_init(void)`
`145`	`146`	`returnSTATUS_ERROR;`
`146`	`147`	`}`
`147`	`148`
`148`		`-if (pg_krb_server_hostname)`
	`149`	`+/*`
	`150`	`+ * If no hostname was specified, pg_krb_server_hostname is already`
	`151`	`+ * NULL. If it's set to blank, force it to NULL.`
	`152`	`+ */`
	`153`	`+khostname=pg_krb_server_hostname;`
	`154`	`+if (khostname&&khostname[0]=='\0')`
	`155`	`+khostname=NULL;`
	`156`	`+`
	`157`	`+retval=krb5_sname_to_principal(pg_krb5_context,`
	`158`	`+khostname,`
	`159`	`+pg_krb_srvnam,`
	`160`	`+KRB5_NT_SRV_HST,`
	`161`	`+&pg_krb5_server);`
	`162`	`+if (retval)`
`149`	`163`	`{`
`150`		`-retval=krb5_sname_to_principal(pg_krb5_context,`
`151`		`-pg_krb_server_hostname,pg_krb_srvnam,`
`152`		`-KRB5_NT_SRV_HST,&pg_krb5_server);`
`153`		`-if (retval)`
`154`		`-{`
`155`		`-ereport(LOG,`
`156`		`- (errmsg("Kerberos sname_to_principal(\"%s\") returned error %d",`
`157`		`-pg_krb_srvnam,retval)));`
`158`		`-com_err("postgres",retval,`
`159`		`-"while getting server principal for service \"%s\"",`
`160`		`-pg_krb_srvnam);`
`161`		`-krb5_kt_close(pg_krb5_context,pg_krb5_keytab);`
`162`		`-krb5_free_context(pg_krb5_context);`
`163`		`-returnSTATUS_ERROR;`
`164`		`-}`
`165`		`-}else`
`166`		`-pg_krb5_server=NULL;`
	`164`	`+ereport(LOG,`
	`165`	`+(errmsg("Kerberos sname_to_principal(\"%s\") returned error %d",`
	`166`	`+pg_krb_srvnam,retval)));`
	`167`	`+com_err("postgres",retval,`
	`168`	`+"while getting server principal for service \"%s\"",`
	`169`	`+pg_krb_srvnam);`
	`170`	`+krb5_kt_close(pg_krb5_context,pg_krb5_keytab);`
	`171`	`+krb5_free_context(pg_krb5_context);`
	`172`	`+returnSTATUS_ERROR;`
	`173`	`+}`
`167`	`174`
`168`	`175`	`pg_krb5_initialised=1;`
`169`	`176`	`returnSTATUS_OK;`
`@@ -194,7 +201,7 @@ pg_krb5_recvauth(Port *port)`
`194`	`201`	`returnret;`
`195`	`202`
`196`	`203`	`retval=krb5_recvauth(pg_krb5_context,&auth_context,`
`197`		`- (krb5_pointer)&port->sock,"postgres",`
	`204`	`+ (krb5_pointer)&port->sock,pg_krb_srvnam,`
`198`	`205`	`pg_krb5_server,0,pg_krb5_keytab,&ticket);`
`199`	`206`	`if (retval)`
`200`	`207`	`{`

`‎src/backend/utils/misc/postgresql.conf.sample`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -70,7 +70,7 @@`
`70`	`70`	`# Kerberos`
`71`	`71`	`#krb_server_keyfile = ''`
`72`	`72`	`#krb_srvname = 'postgres'`
`73`		`-#krb_server_hostname = '(any)'#if not set, matches any keytab entry`
	`73`	`+#krb_server_hostname = ''#empty string matches any keytab entry`
`74`	`74`	`#krb_caseins_users = off`
`75`	`75`
`76`	`76`	`# - TCP Keepalives -`

`‎src/interfaces/libpq/fe-auth.c`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@`
`10`	`10`	`* exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).`
`11`	`11`	`*`
`12`	`12`	`* IDENTIFICATION`
`13`		`- * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.103 2005/06/30 01:59:20 neilc Exp $`
	`13`	`+ * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.104 2005/10/08 19:32:58 tgl Exp $`
`14`	`14`	`*`
`15`	`15`	`*-------------------------------------------------------------------------`
`16`	`16`	`*/`
`@@ -280,7 +280,7 @@ pg_krb5_sendauth(char PQerrormsg, int sock, const char hostname, const char *s`
`280`	`280`	`}`
`281`	`281`
`282`	`282`	`retval=krb5_sendauth(pg_krb5_context,&auth_context,`
`283`		`- (krb5_pointer)&sock,"postgres",`
	`283`	`+ (krb5_pointer)&sock,(char*)servicename,`
`284`	`284`	`pg_krb5_client,server,`
`285`	`285`	`AP_OPTS_MUTUAL_REQUIRED,`
`286`	`286`	`NULL,0,/* no creds, use ccache instead */`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit18d0ca2

File tree

3 files changed

3 files changed

`‎src/backend/libpq/auth.c`

`‎src/backend/utils/misc/postgresql.conf.sample`

`‎src/interfaces/libpq/fe-auth.c`

0 commit comments