Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit6e51bce

Browse files
committed
Back out patch pending review.---------------------------------------------------------------------------> I've now tested this patch at home w/ 8.2HEAD and it seems to fix the> bug. I plan on testing it under 8.1.2 at work tommorow with> mod_auth_krb5, etc, and expect it'll work there. Assuming all goes> well and unless someone objects I'll forward the patch to -patches.> It'd be great to have this fixed as it'll allow us to use Kerberos to> authenticate to phppgadmin and other web-based tools which use> Postgres. While playing with this patch under 8.1.2 at home I discovered a mistake in how I manually applied one of the hunks to fe-auth.c. Basically, the base code had changed and so the patch needed to be modified slightly. This is because the code no longer either has a freeable pointer under 'name' or has 'name' as NULL. The attached patch correctly frees the string from pg_krb5_authname (where it had been strdup'd) if and only if pg_krb5_authname returned a string (as opposed to falling through and having name be set using name = pw->name;). Also added a comment to this effect. Please review.Stephen Frost (sfrost@snowman.net) wrote:
1 parent3e68263 commit6e51bce

File tree

1 file changed

+27
-73
lines changed

1 file changed

+27
-73
lines changed

‎src/interfaces/libpq/fe-auth.c‎

Lines changed: 27 additions & 73 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
* exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
1111
*
1212
* IDENTIFICATION
13-
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.111 2006/02/12 20:04:42 momjian Exp $
13+
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.112 2006/02/12 20:08:29 momjian Exp $
1414
*
1515
*-------------------------------------------------------------------------
1616
*/
@@ -101,33 +101,22 @@ pg_an_to_ln(char *aname)
101101
* Various krb5 state which is not connection specific, and a flag to
102102
* indicate whether we have initialised it yet.
103103
*/
104-
/*
105104
staticintpg_krb5_initialised;
106105
statickrb5_contextpg_krb5_context;
107106
statickrb5_ccachepg_krb5_ccache;
108107
statickrb5_principalpg_krb5_client;
109108
staticchar*pg_krb5_name;
110-
*/
111-
112-
structkrb5_info
113-
{
114-
intpg_krb5_initialised;
115-
krb5_contextpg_krb5_context;
116-
krb5_ccachepg_krb5_ccache;
117-
krb5_principalpg_krb5_client;
118-
char*pg_krb5_name;
119-
};
120109

121110

122111
staticint
123-
pg_krb5_init(char*PQerrormsg,structkrb5_info*info)
112+
pg_krb5_init(char*PQerrormsg)
124113
{
125114
krb5_error_coderetval;
126115

127-
if (info->pg_krb5_initialised)
116+
if (pg_krb5_initialised)
128117
returnSTATUS_OK;
129118

130-
retval=krb5_init_context(&(info->pg_krb5_context));
119+
retval=krb5_init_context(&pg_krb5_context);
131120
if (retval)
132121
{
133122
snprintf(PQerrormsg,PQERRORMSG_LENGTH,
@@ -136,56 +125,46 @@ pg_krb5_init(char *PQerrormsg, struct krb5_info *info)
136125
returnSTATUS_ERROR;
137126
}
138127

139-
retval=krb5_cc_default(info->pg_krb5_context,&(info->pg_krb5_ccache));
128+
retval=krb5_cc_default(pg_krb5_context,&pg_krb5_ccache);
140129
if (retval)
141130
{
142131
snprintf(PQerrormsg,PQERRORMSG_LENGTH,
143132
"pg_krb5_init: krb5_cc_default: %s\n",
144133
error_message(retval));
145-
krb5_free_context(info->pg_krb5_context);
134+
krb5_free_context(pg_krb5_context);
146135
returnSTATUS_ERROR;
147136
}
148137

149-
retval=krb5_cc_get_principal(info->pg_krb5_context,info->pg_krb5_ccache,
150-
&(info->pg_krb5_client));
138+
retval=krb5_cc_get_principal(pg_krb5_context,pg_krb5_ccache,
139+
&pg_krb5_client);
151140
if (retval)
152141
{
153142
snprintf(PQerrormsg,PQERRORMSG_LENGTH,
154143
"pg_krb5_init: krb5_cc_get_principal: %s\n",
155144
error_message(retval));
156-
krb5_cc_close(info->pg_krb5_context,info->pg_krb5_ccache);
157-
krb5_free_context(info->pg_krb5_context);
145+
krb5_cc_close(pg_krb5_context,pg_krb5_ccache);
146+
krb5_free_context(pg_krb5_context);
158147
returnSTATUS_ERROR;
159148
}
160149

161-
retval=krb5_unparse_name(info->pg_krb5_context,info->pg_krb5_client,&(info->pg_krb5_name));
150+
retval=krb5_unparse_name(pg_krb5_context,pg_krb5_client,&pg_krb5_name);
162151
if (retval)
163152
{
164153
snprintf(PQerrormsg,PQERRORMSG_LENGTH,
165154
"pg_krb5_init: krb5_unparse_name: %s\n",
166155
error_message(retval));
167-
krb5_free_principal(info->pg_krb5_context,info->pg_krb5_client);
168-
krb5_cc_close(info->pg_krb5_context,info->pg_krb5_ccache);
169-
krb5_free_context(info->pg_krb5_context);
156+
krb5_free_principal(pg_krb5_context,pg_krb5_client);
157+
krb5_cc_close(pg_krb5_context,pg_krb5_ccache);
158+
krb5_free_context(pg_krb5_context);
170159
returnSTATUS_ERROR;
171160
}
172161

173-
info->pg_krb5_name=pg_an_to_ln(info->pg_krb5_name);
162+
pg_krb5_name=pg_an_to_ln(pg_krb5_name);
174163

175-
info->pg_krb5_initialised=1;
164+
pg_krb5_initialised=1;
176165
returnSTATUS_OK;
177166
}
178167

179-
staticvoid
180-
pg_krb5_destroy(structkrb5_info*info)
181-
{
182-
krb5_free_principal(info->pg_krb5_context,info->pg_krb5_client);
183-
krb5_cc_close(info->pg_krb5_context,info->pg_krb5_ccache);
184-
krb5_free_context(info->pg_krb5_context);
185-
free(info->pg_krb5_name);
186-
}
187-
188-
189168

190169
/*
191170
* pg_krb5_authname -- returns a pointer to static space containing whatever
@@ -194,16 +173,10 @@ pg_krb5_destroy(struct krb5_info *info)
194173
staticconstchar*
195174
pg_krb5_authname(char*PQerrormsg)
196175
{
197-
char*tmp_name;
198-
structkrb5_infoinfo;
199-
info.pg_krb5_initialised=0;
200-
201-
if (pg_krb5_init(PQerrormsg,&info)!=STATUS_OK)
176+
if (pg_krb5_init(PQerrormsg)!=STATUS_OK)
202177
returnNULL;
203-
tmp_name=strdup(info.pg_krb5_name);
204-
pg_krb5_destroy(&info);
205178

206-
returntmp_name;
179+
returnpg_krb5_name;
207180
}
208181

209182

@@ -219,8 +192,6 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname, const char *s
219192
krb5_principalserver;
220193
krb5_auth_contextauth_context=NULL;
221194
krb5_error*err_ret=NULL;
222-
structkrb5_infoinfo;
223-
info.pg_krb5_initialised=0;
224195

225196
if (!hostname)
226197
{
@@ -229,18 +200,17 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname, const char *s
229200
returnSTATUS_ERROR;
230201
}
231202

232-
ret=pg_krb5_init(PQerrormsg,&info);
203+
ret=pg_krb5_init(PQerrormsg);
233204
if (ret!=STATUS_OK)
234205
returnret;
235206

236-
retval=krb5_sname_to_principal(info.pg_krb5_context,hostname,servicename,
207+
retval=krb5_sname_to_principal(pg_krb5_context,hostname,servicename,
237208
KRB5_NT_SRV_HST,&server);
238209
if (retval)
239210
{
240211
snprintf(PQerrormsg,PQERRORMSG_LENGTH,
241212
"pg_krb5_sendauth: krb5_sname_to_principal: %s\n",
242213
error_message(retval));
243-
pg_krb5_destroy(&info);
244214
returnSTATUS_ERROR;
245215
}
246216

@@ -255,17 +225,16 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname, const char *s
255225

256226
snprintf(PQerrormsg,PQERRORMSG_LENGTH,
257227
libpq_gettext("could not set socket to blocking mode: %s\n"),pqStrerror(errno,sebuf,sizeof(sebuf)));
258-
krb5_free_principal(info.pg_krb5_context,server);
259-
pg_krb5_destroy(&info);
228+
krb5_free_principal(pg_krb5_context,server);
260229
returnSTATUS_ERROR;
261230
}
262231

263-
retval=krb5_sendauth(info.pg_krb5_context,&auth_context,
232+
retval=krb5_sendauth(pg_krb5_context,&auth_context,
264233
(krb5_pointer)&sock, (char*)servicename,
265-
info.pg_krb5_client,server,
234+
pg_krb5_client,server,
266235
AP_OPTS_MUTUAL_REQUIRED,
267236
NULL,0,/* no creds, use ccache instead */
268-
info.pg_krb5_ccache,&err_ret,NULL,NULL);
237+
pg_krb5_ccache,&err_ret,NULL,NULL);
269238
if (retval)
270239
{
271240
if (retval==KRB5_SENDAUTH_REJECTED&&err_ret)
@@ -290,12 +259,12 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname, const char *s
290259
}
291260

292261
if (err_ret)
293-
krb5_free_error(info.pg_krb5_context,err_ret);
262+
krb5_free_error(pg_krb5_context,err_ret);
294263

295264
ret=STATUS_ERROR;
296265
}
297266

298-
krb5_free_principal(info.pg_krb5_context,server);
267+
krb5_free_principal(pg_krb5_context,server);
299268

300269
if (!pg_set_noblock(sock))
301270
{
@@ -306,7 +275,6 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname, const char *s
306275
pqStrerror(errno,sebuf,sizeof(sebuf)));
307276
ret=STATUS_ERROR;
308277
}
309-
pg_krb5_destroy(&info);
310278

311279
returnret;
312280
}
@@ -519,9 +487,6 @@ pg_fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname,
519487
char*
520488
pg_fe_getauthname(char*PQerrormsg)
521489
{
522-
#ifdefKRB5
523-
constchar*krb5_name=NULL;
524-
#endif
525490
constchar*name=NULL;
526491
char*authn;
527492

@@ -546,12 +511,7 @@ pg_fe_getauthname(char *PQerrormsg)
546511
pglock_thread();
547512

548513
#ifdefKRB5
549-
/* pg_krb5_authname gives us a strdup'd value that we need
550-
* to free later, however, we don't want to free 'name' directly
551-
* in case it's *not* a Kerberos login and we fall through to
552-
* name = pw->pw_name; */
553-
krb5_name=pg_krb5_authname(PQerrormsg);
554-
name=krb5_name;
514+
name=pg_krb5_authname(PQerrormsg);
555515
#endif
556516

557517
if (!name)
@@ -567,12 +527,6 @@ pg_fe_getauthname(char *PQerrormsg)
567527

568528
authn=name ?strdup(name) :NULL;
569529

570-
#ifdefKRB5
571-
/* Free the strdup'd string from pg_krb5_authname, if we got one */
572-
if (krb5_name)
573-
free(krb5_name);
574-
#endif
575-
576530
pgunlock_thread();
577531

578532
returnauthn;

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp