Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit8191597

Browse files
committed
I have applied the following patch to document PQinitSSL() and
PQregisterThreadLock().I also remove the crypt() mention in the libpq threading section andadded a single sentence in the client-auth manual page under crypt().Crypt authentication is so old now that a separate paragraph about itseemed unwise.I also added a comment about our use of locking around pqGetpwuid().
1 parent18feafc commit8191597

File tree

4 files changed

+32
-12
lines changed

4 files changed

+32
-12
lines changed

‎doc/src/sgml/client-auth.sgml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
<!--
2-
$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.83 2005/08/14 23:35:37 tgl Exp $
2+
$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.84 2005/10/24 15:38:36 momjian Exp $
33
-->
44

55
<chapter id="client-authentication">
@@ -337,6 +337,7 @@ hostnossl <replaceable>database</replaceable> <replaceable>user</replaceable>
337337
authentication.
338338
Since the password is sent in clear text over the
339339
network, this should not be used on untrusted networks.
340+
It also does not usually work with threaded client applications.
340341
See <xref linkend="auth-password"> for details.
341342
</para>
342343
</listitem>

‎doc/src/sgml/libpq.sgml

Lines changed: 16 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
<!--
2-
$PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.196 2005/10/20 23:57:51 tgl Exp $
2+
$PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.197 2005/10/24 15:38:36 momjian Exp $
33
-->
44

55
<chapter id="libpq">
@@ -4032,6 +4032,15 @@ however.)
40324032
fail if the server does not present a certificate; therefore, to
40334033
use this feature the server must also have a <filename>root.crt</> file.
40344034
</para>
4035+
4036+
<para>
4037+
If you are using <acronym>SSL</> inside your application (in addition to
4038+
inside <application>libpq</application>), you can use <function>PQinitSSL(int)</>
4039+
to tell <application>libpq</application> that the <acronym>SSL</> library
4040+
has already been initialized by your application.
4041+
</para>
4042+
4043+
40354044
</sect1>
40364045

40374046

@@ -4081,12 +4090,12 @@ are not thread-safe and should not be used in multithread programs.
40814090
</para>
40824091

40834092
<para>
4084-
<application>libpq</application> applications that use the
4085-
<literal>crypt</literal> authentication method rely on the
4086-
<literal>crypt()</literal> operating system function, which is often
4087-
not thread-safe.<indexterm><primary>crypt</><secondary>thread
4088-
safety</></> It is better to use the <literal>md5</literal> method,
4089-
which is thread-safe on all platforms.
4093+
If you are using Kerberos inside yourapplication (in addition to inside
4094+
<application>libpq</application>), you will need to do locking around
4095+
Kerberos calls because Kerberos functions are not thread-safe. See
4096+
function <function>PQregisterThreadLock</> in the
4097+
<application>libpq</application> source code for a way to do cooperative
4098+
locking between <application>libpq</application> and your application.
40904099
</para>
40914100

40924101
<para>

‎src/interfaces/libpq/fe-auth.c

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
* exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
1111
*
1212
* IDENTIFICATION
13-
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.106 2005/10/17 16:24:20 tgl Exp $
13+
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.107 2005/10/24 15:38:37 momjian Exp $
1414
*
1515
*-------------------------------------------------------------------------
1616
*/
@@ -500,6 +500,16 @@ pg_fe_getauthname(char *PQerrormsg)
500500
structpasswd*pw=NULL;
501501
#endif
502502

503+
/*
504+
*pglock_thread() really only needs to be called around
505+
*pg_krb5_authname(), but some users are using configure
506+
*--enable-thread-safety-force, so we might as well do
507+
*the locking within our library to protect pqGetpwuid().
508+
*In fact, application developers can use getpwuid()
509+
*in their application if they use the locking call we
510+
*provide, or install their own locking function using
511+
*PQregisterThreadLock().
512+
*/
503513
pglock_thread();
504514

505515
#ifdefKRB5

‎src/interfaces/libpq/fe-secure.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
*
1212
*
1313
* IDENTIFICATION
14-
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.72 2005/10/15 02:49:48 momjian Exp $
14+
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.73 2005/10/24 15:38:37 momjian Exp $
1515
*
1616
* NOTES
1717
* [ Most of these notes are wrong/obsolete, but perhaps not all ]
@@ -220,8 +220,8 @@ KWbuHn491xNO25CQWMtem80uKw+pTnisBRF/454n1Jnhub144YRBoN8CAQI=\n\
220220

221221

222222
/*
223-
*Exported(but as yet undocumented)function to allow application to
224-
* tell us it's alreadyinitialized OpenSSL.
223+
*Exported function to allow application to tell us it's already
224+
*initialized OpenSSL.
225225
*/
226226
void
227227
PQinitSSL(intdo_init)

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp