Fix SSPI login when multiple roundtrips are required

This fixes SSPI login failures showing "The function requested is not supported", often showing up when connecting to localhost. The reason was not properly updating the SSPI handle when multiple roundtrips were required to complete the authentication sequence. Report and analysis by Ahmed Shinwari, patch by Magnus Hagander
author: Magnus Hagander 2011-07-16 17:58:53 +0000
committer: Magnus Hagander 2011-07-16 17:58:53 +0000
commit: 0886dde5f83611d1d84a29cb3c4549bf6588668e (patch)
tree: ea7e5feb50b29c12d07e69dad24fd5b9c24aa180 /src/backend/libpq/auth.c
parent: d71197cd35db0b0e66120f37443be6a5dfc2669d (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 7799111301f..936cfea1093 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -1349,16 +1349,22 @@ pg_SSPI_recvauth(Port *port)
 						  _("could not accept SSPI security context"), r);
 		}
 
+		/*
+		 * Overwrite the current context with the one we just received.
+		 * If sspictx is NULL it was the first loop and we need to allocate
+		 * a buffer for it. On subsequent runs, we can just overwrite the
+		 * buffer contents since the size does not change.
+		 */
 		if (sspictx == NULL)
 		{
 			sspictx = malloc(sizeof(CtxtHandle));
 			if (sspictx == NULL)
 				ereport(ERROR,
 						(errmsg("out of memory")));
-
-			memcpy(sspictx, &newctx, sizeof(CtxtHandle));
 		}
 
+		memcpy(sspictx, &newctx, sizeof(CtxtHandle));
+
 		if (r == SEC_I_CONTINUE_NEEDED)
 			elog(DEBUG4, "SSPI continue needed");
author	Magnus Hagander	2011-07-16 17:58:53 +0000
committer	Magnus Hagander	2011-07-16 17:58:53 +0000
commit	0886dde5f83611d1d84a29cb3c4549bf6588668e (patch)
tree	ea7e5feb50b29c12d07e69dad24fd5b9c24aa180 /src/backend/libpq/auth.c
parent	d71197cd35db0b0e66120f37443be6a5dfc2669d (diff)