Skip to content

Commit 6e51bce

Browse files
bmomjianbmomjian
committed
Back out patch pending review. --------------------------------------------------------------------------- > I've now tested this patch at home w/ 8.2HEAD and it seems to fix the > bug. I plan on testing it under 8.1.2 at work tommorow with > mod_auth_krb5, etc, and expect it'll work there. Assuming all goes > well and unless someone objects I'll forward the patch to -patches. > It'd be great to have this fixed as it'll allow us to use Kerberos to > authenticate to phppgadmin and other web-based tools which use > Postgres. While playing with this patch under 8.1.2 at home I discovered a mistake in how I manually applied one of the hunks to fe-auth.c. Basically, the base code had changed and so the patch needed to be modified slightly. This is because the code no longer either has a freeable pointer under 'name' or has 'name' as NULL. The attached patch correctly frees the string from pg_krb5_authname (where it had been strdup'd) if and only if pg_krb5_authname returned a string (as opposed to falling through and having name be set using name = pw->name;). Also added a comment to this effect. Please review. Stephen Frost (sfrost@snowman.net) wrote:
1 parent 3e68263 commit 6e51bce

File tree

1 file changed

+27
-73
lines changed

1 file changed

+27
-73
lines changed

src/interfaces/libpq/fe-auth.c

Lines changed: 27 additions & 73 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
* exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
1111
*
1212
* IDENTIFICATION
13-
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.111 2006/02/12 20:04:42 momjian Exp $
13+
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.112 2006/02/12 20:08:29 momjian Exp $
1414
*
1515
*-------------------------------------------------------------------------
1616
*/
@@ -101,33 +101,22 @@ pg_an_to_ln(char *aname)
101101
* Various krb5 state which is not connection specific, and a flag to
102102
* indicate whether we have initialised it yet.
103103
*/
104-
/*
105104
static int pg_krb5_initialised;
106105
static krb5_context pg_krb5_context;
107106
static krb5_ccache pg_krb5_ccache;
108107
static krb5_principal pg_krb5_client;
109108
static char *pg_krb5_name;
110-
*/
111-
112-
struct krb5_info
113-
{
114-
int pg_krb5_initialised;
115-
krb5_context pg_krb5_context;
116-
krb5_ccache pg_krb5_ccache;
117-
krb5_principal pg_krb5_client;
118-
char *pg_krb5_name;
119-
};
120109

121110

122111
static int
123-
pg_krb5_init(char *PQerrormsg, struct krb5_info *info)
112+
pg_krb5_init(char *PQerrormsg)
124113
{
125114
krb5_error_code retval;
126115

127-
if (info->pg_krb5_initialised)
116+
if (pg_krb5_initialised)
128117
return STATUS_OK;
129118

130-
retval = krb5_init_context(&(info->pg_krb5_context));
119+
retval = krb5_init_context(&pg_krb5_context);
131120
if (retval)
132121
{
133122
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
@@ -136,56 +125,46 @@ pg_krb5_init(char *PQerrormsg, struct krb5_info *info)
136125
return STATUS_ERROR;
137126
}
138127

139-
retval = krb5_cc_default(info->pg_krb5_context, &(info->pg_krb5_ccache));
128+
retval = krb5_cc_default(pg_krb5_context, &pg_krb5_ccache);
140129
if (retval)
141130
{
142131
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
143132
"pg_krb5_init: krb5_cc_default: %s\n",
144133
error_message(retval));
145-
krb5_free_context(info->pg_krb5_context);
134+
krb5_free_context(pg_krb5_context);
146135
return STATUS_ERROR;
147136
}
148137

149-
retval = krb5_cc_get_principal(info->pg_krb5_context, info->pg_krb5_ccache,
150-
&(info->pg_krb5_client));
138+
retval = krb5_cc_get_principal(pg_krb5_context, pg_krb5_ccache,
139+
&pg_krb5_client);
151140
if (retval)
152141
{
153142
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
154143
"pg_krb5_init: krb5_cc_get_principal: %s\n",
155144
error_message(retval));
156-
krb5_cc_close(info->pg_krb5_context, info->pg_krb5_ccache);
157-
krb5_free_context(info->pg_krb5_context);
145+
krb5_cc_close(pg_krb5_context, pg_krb5_ccache);
146+
krb5_free_context(pg_krb5_context);
158147
return STATUS_ERROR;
159148
}
160149

161-
retval = krb5_unparse_name(info->pg_krb5_context, info->pg_krb5_client, &(info->pg_krb5_name));
150+
retval = krb5_unparse_name(pg_krb5_context, pg_krb5_client, &pg_krb5_name);
162151
if (retval)
163152
{
164153
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
165154
"pg_krb5_init: krb5_unparse_name: %s\n",
166155
error_message(retval));
167-
krb5_free_principal(info->pg_krb5_context, info->pg_krb5_client);
168-
krb5_cc_close(info->pg_krb5_context, info->pg_krb5_ccache);
169-
krb5_free_context(info->pg_krb5_context);
156+
krb5_free_principal(pg_krb5_context, pg_krb5_client);
157+
krb5_cc_close(pg_krb5_context, pg_krb5_ccache);
158+
krb5_free_context(pg_krb5_context);
170159
return STATUS_ERROR;
171160
}
172161

173-
info->pg_krb5_name = pg_an_to_ln(info->pg_krb5_name);
162+
pg_krb5_name = pg_an_to_ln(pg_krb5_name);
174163

175-
info->pg_krb5_initialised = 1;
164+
pg_krb5_initialised = 1;
176165
return STATUS_OK;
177166
}
178167

179-
static void
180-
pg_krb5_destroy(struct krb5_info *info)
181-
{
182-
krb5_free_principal(info->pg_krb5_context, info->pg_krb5_client);
183-
krb5_cc_close(info->pg_krb5_context, info->pg_krb5_ccache);
184-
krb5_free_context(info->pg_krb5_context);
185-
free(info->pg_krb5_name);
186-
}
187-
188-
189168

190169
/*
191170
* pg_krb5_authname -- returns a pointer to static space containing whatever
@@ -194,16 +173,10 @@ pg_krb5_destroy(struct krb5_info *info)
194173
static const char *
195174
pg_krb5_authname(char *PQerrormsg)
196175
{
197-
char *tmp_name;
198-
struct krb5_info info;
199-
info.pg_krb5_initialised = 0;
200-
201-
if (pg_krb5_init(PQerrormsg, &info) != STATUS_OK)
176+
if (pg_krb5_init(PQerrormsg) != STATUS_OK)
202177
return NULL;
203-
tmp_name = strdup(info.pg_krb5_name);
204-
pg_krb5_destroy(&info);
205178

206-
return tmp_name;
179+
return pg_krb5_name;
207180
}
208181

209182

@@ -219,8 +192,6 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname, const char *s
219192
krb5_principal server;
220193
krb5_auth_context auth_context = NULL;
221194
krb5_error *err_ret = NULL;
222-
struct krb5_info info;
223-
info.pg_krb5_initialised = 0;
224195

225196
if (!hostname)
226197
{
@@ -229,18 +200,17 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname, const char *s
229200
return STATUS_ERROR;
230201
}
231202

232-
ret = pg_krb5_init(PQerrormsg, &info);
203+
ret = pg_krb5_init(PQerrormsg);
233204
if (ret != STATUS_OK)
234205
return ret;
235206

236-
retval = krb5_sname_to_principal(info.pg_krb5_context, hostname, servicename,
207+
retval = krb5_sname_to_principal(pg_krb5_context, hostname, servicename,
237208
KRB5_NT_SRV_HST, &server);
238209
if (retval)
239210
{
240211
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
241212
"pg_krb5_sendauth: krb5_sname_to_principal: %s\n",
242213
error_message(retval));
243-
pg_krb5_destroy(&info);
244214
return STATUS_ERROR;
245215
}
246216

@@ -255,17 +225,16 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname, const char *s
255225

256226
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
257227
libpq_gettext("could not set socket to blocking mode: %s\n"), pqStrerror(errno, sebuf, sizeof(sebuf)));
258-
krb5_free_principal(info.pg_krb5_context, server);
259-
pg_krb5_destroy(&info);
228+
krb5_free_principal(pg_krb5_context, server);
260229
return STATUS_ERROR;
261230
}
262231

263-
retval = krb5_sendauth(info.pg_krb5_context, &auth_context,
232+
retval = krb5_sendauth(pg_krb5_context, &auth_context,
264233
(krb5_pointer) & sock, (char *) servicename,
265-
info.pg_krb5_client, server,
234+
pg_krb5_client, server,
266235
AP_OPTS_MUTUAL_REQUIRED,
267236
NULL, 0, /* no creds, use ccache instead */
268-
info.pg_krb5_ccache, &err_ret, NULL, NULL);
237+
pg_krb5_ccache, &err_ret, NULL, NULL);
269238
if (retval)
270239
{
271240
if (retval == KRB5_SENDAUTH_REJECTED && err_ret)
@@ -290,12 +259,12 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname, const char *s
290259
}
291260

292261
if (err_ret)
293-
krb5_free_error(info.pg_krb5_context, err_ret);
262+
krb5_free_error(pg_krb5_context, err_ret);
294263

295264
ret = STATUS_ERROR;
296265
}
297266

298-
krb5_free_principal(info.pg_krb5_context, server);
267+
krb5_free_principal(pg_krb5_context, server);
299268

300269
if (!pg_set_noblock(sock))
301270
{
@@ -306,7 +275,6 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname, const char *s
306275
pqStrerror(errno, sebuf, sizeof(sebuf)));
307276
ret = STATUS_ERROR;
308277
}
309-
pg_krb5_destroy(&info);
310278

311279
return ret;
312280
}
@@ -519,9 +487,6 @@ pg_fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname,
519487
char *
520488
pg_fe_getauthname(char *PQerrormsg)
521489
{
522-
#ifdef KRB5
523-
const char *krb5_name = NULL;
524-
#endif
525490
const char *name = NULL;
526491
char *authn;
527492

@@ -546,12 +511,7 @@ pg_fe_getauthname(char *PQerrormsg)
546511
pglock_thread();
547512

548513
#ifdef KRB5
549-
/* pg_krb5_authname gives us a strdup'd value that we need
550-
* to free later, however, we don't want to free 'name' directly
551-
* in case it's *not* a Kerberos login and we fall through to
552-
* name = pw->pw_name; */
553-
krb5_name = pg_krb5_authname(PQerrormsg);
554-
name = krb5_name;
514+
name = pg_krb5_authname(PQerrormsg);
555515
#endif
556516

557517
if (!name)
@@ -567,12 +527,6 @@ pg_fe_getauthname(char *PQerrormsg)
567527

568528
authn = name ? strdup(name) : NULL;
569529

570-
#ifdef KRB5
571-
/* Free the strdup'd string from pg_krb5_authname, if we got one */
572-
if (krb5_name)
573-
free(krb5_name);
574-
#endif
575-
576530
pgunlock_thread();
577531

578532
return authn;

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy