Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

Commit 6e51bce

Browse files
bmomjianbmomjian
committed
Back out patch pending review. --------------------------------------------------------------------------- > I've now tested this patch at home w/ 8.2HEAD and it seems to fix the > bug. I plan on testing it under 8.1.2 at work tommorow with > mod_auth_krb5, etc, and expect it'll work there. Assuming all goes > well and unless someone objects I'll forward the patch to -patches. > It'd be great to have this fixed as it'll allow us to use Kerberos to > authenticate to phppgadmin and other web-based tools which use > Postgres. While playing with this patch under 8.1.2 at home I discovered a mistake in how I manually applied one of the hunks to fe-auth.c. Basically, the base code had changed and so the patch needed to be modified slightly. This is because the code no longer either has a freeable pointer under 'name' or has 'name' as NULL. The attached patch correctly frees the string from pg_krb5_authname (where it had been strdup'd) if and only if pg_krb5_authname returned a string (as opposed to falling through and having name be set using name = pw->name;). Also added a comment to this effect. Please review. Stephen Frost (sfrost@snowman.net) wrote:
1 parent 3e68263 commit 6e51bce

File tree

1 file changed

+27
-73
lines changed

1 file changed

+27
-73
lines changed

src/interfaces/libpq/fe-auth.c

+27-73
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
* exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
1111
*
1212
* IDENTIFICATION
13-
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.111 2006/02/12 20:04:42 momjian Exp $
13+
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.112 2006/02/12 20:08:29 momjian Exp $
1414
*
1515
*-------------------------------------------------------------------------
1616
*/
@@ -101,33 +101,22 @@ pg_an_to_ln(char *aname)
101101
* Various krb5 state which is not connection specific, and a flag to
102102
* indicate whether we have initialised it yet.
103103
*/
104-
/*
105104
static int pg_krb5_initialised;
106105
static krb5_context pg_krb5_context;
107106
static krb5_ccache pg_krb5_ccache;
108107
static krb5_principal pg_krb5_client;
109108
static char *pg_krb5_name;
110-
*/
111-
112-
struct krb5_info
113-
{
114-
int pg_krb5_initialised;
115-
krb5_context pg_krb5_context;
116-
krb5_ccache pg_krb5_ccache;
117-
krb5_principal pg_krb5_client;
118-
char *pg_krb5_name;
119-
};
120109

121110

122111
static int
123-
pg_krb5_init(char *PQerrormsg, struct krb5_info *info)
112+
pg_krb5_init(char *PQerrormsg)
124113
{
125114
krb5_error_code retval;
126115

127-
if (info->pg_krb5_initialised)
116+
if (pg_krb5_initialised)
128117
return STATUS_OK;
129118

130-
retval = krb5_init_context(&(info->pg_krb5_context));
119+
retval = krb5_init_context(&pg_krb5_context);
131120
if (retval)
132121
{
133122
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
@@ -136,56 +125,46 @@ pg_krb5_init(char *PQerrormsg, struct krb5_info *info)
136125
return STATUS_ERROR;
137126
}
138127

139-
retval = krb5_cc_default(info->pg_krb5_context, &(info->pg_krb5_ccache));
128+
retval = krb5_cc_default(pg_krb5_context, &pg_krb5_ccache);
140129
if (retval)
141130
{
142131
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
143132
"pg_krb5_init: krb5_cc_default: %s\n",
144133
error_message(retval));
145-
krb5_free_context(info->pg_krb5_context);
134+
krb5_free_context(pg_krb5_context);
146135
return STATUS_ERROR;
147136
}
148137

149-
retval = krb5_cc_get_principal(info->pg_krb5_context, info->pg_krb5_ccache,
150-
&(info->pg_krb5_client));
138+
retval = krb5_cc_get_principal(pg_krb5_context, pg_krb5_ccache,
139+
&pg_krb5_client);
151140
if (retval)
152141
{
153142
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
154143
"pg_krb5_init: krb5_cc_get_principal: %s\n",
155144
error_message(retval));
156-
krb5_cc_close(info->pg_krb5_context, info->pg_krb5_ccache);
157-
krb5_free_context(info->pg_krb5_context);
145+
krb5_cc_close(pg_krb5_context, pg_krb5_ccache);
146+
krb5_free_context(pg_krb5_context);
158147
return STATUS_ERROR;
159148
}
160149

161-
retval = krb5_unparse_name(info->pg_krb5_context, info->pg_krb5_client, &(info->pg_krb5_name));
150+
retval = krb5_unparse_name(pg_krb5_context, pg_krb5_client, &pg_krb5_name);
162151
if (retval)
163152
{
164153
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
165154
"pg_krb5_init: krb5_unparse_name: %s\n",
166155
error_message(retval));
167-
krb5_free_principal(info->pg_krb5_context, info->pg_krb5_client);
168-
krb5_cc_close(info->pg_krb5_context, info->pg_krb5_ccache);
169-
krb5_free_context(info->pg_krb5_context);
156+
krb5_free_principal(pg_krb5_context, pg_krb5_client);
157+
krb5_cc_close(pg_krb5_context, pg_krb5_ccache);
158+
krb5_free_context(pg_krb5_context);
170159
return STATUS_ERROR;
171160
}
172161

173-
info->pg_krb5_name = pg_an_to_ln(info->pg_krb5_name);
162+
pg_krb5_name = pg_an_to_ln(pg_krb5_name);
174163

175-
info->pg_krb5_initialised = 1;
164+
pg_krb5_initialised = 1;
176165
return STATUS_OK;
177166
}
178167

179-
static void
180-
pg_krb5_destroy(struct krb5_info *info)
181-
{
182-
krb5_free_principal(info->pg_krb5_context, info->pg_krb5_client);
183-
krb5_cc_close(info->pg_krb5_context, info->pg_krb5_ccache);
184-
krb5_free_context(info->pg_krb5_context);
185-
free(info->pg_krb5_name);
186-
}
187-
188-
189168

190169
/*
191170
* pg_krb5_authname -- returns a pointer to static space containing whatever
@@ -194,16 +173,10 @@ pg_krb5_destroy(struct krb5_info *info)
194173
static const char *
195174
pg_krb5_authname(char *PQerrormsg)
196175
{
197-
char *tmp_name;
198-
struct krb5_info info;
199-
info.pg_krb5_initialised = 0;
200-
201-
if (pg_krb5_init(PQerrormsg, &info) != STATUS_OK)
176+
if (pg_krb5_init(PQerrormsg) != STATUS_OK)
202177
return NULL;
203-
tmp_name = strdup(info.pg_krb5_name);
204-
pg_krb5_destroy(&info);
205178

206-
return tmp_name;
179+
return pg_krb5_name;
207180
}
208181

209182

@@ -219,8 +192,6 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname, const char *s
219192
krb5_principal server;
220193
krb5_auth_context auth_context = NULL;
221194
krb5_error *err_ret = NULL;
222-
struct krb5_info info;
223-
info.pg_krb5_initialised = 0;
224195

225196
if (!hostname)
226197
{
@@ -229,18 +200,17 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname, const char *s
229200
return STATUS_ERROR;
230201
}
231202

232-
ret = pg_krb5_init(PQerrormsg, &info);
203+
ret = pg_krb5_init(PQerrormsg);
233204
if (ret != STATUS_OK)
234205
return ret;
235206

236-
retval = krb5_sname_to_principal(info.pg_krb5_context, hostname, servicename,
207+
retval = krb5_sname_to_principal(pg_krb5_context, hostname, servicename,
237208
KRB5_NT_SRV_HST, &server);
238209
if (retval)
239210
{
240211
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
241212
"pg_krb5_sendauth: krb5_sname_to_principal: %s\n",
242213
error_message(retval));
243-
pg_krb5_destroy(&info);
244214
return STATUS_ERROR;
245215
}
246216

@@ -255,17 +225,16 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname, const char *s
255225

256226
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
257227
libpq_gettext("could not set socket to blocking mode: %s\n"), pqStrerror(errno, sebuf, sizeof(sebuf)));
258-
krb5_free_principal(info.pg_krb5_context, server);
259-
pg_krb5_destroy(&info);
228+
krb5_free_principal(pg_krb5_context, server);
260229
return STATUS_ERROR;
261230
}
262231

263-
retval = krb5_sendauth(info.pg_krb5_context, &auth_context,
232+
retval = krb5_sendauth(pg_krb5_context, &auth_context,
264233
(krb5_pointer) & sock, (char *) servicename,
265-
info.pg_krb5_client, server,
234+
pg_krb5_client, server,
266235
AP_OPTS_MUTUAL_REQUIRED,
267236
NULL, 0, /* no creds, use ccache instead */
268-
info.pg_krb5_ccache, &err_ret, NULL, NULL);
237+
pg_krb5_ccache, &err_ret, NULL, NULL);
269238
if (retval)
270239
{
271240
if (retval == KRB5_SENDAUTH_REJECTED && err_ret)
@@ -290,12 +259,12 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname, const char *s
290259
}
291260

292261
if (err_ret)
293-
krb5_free_error(info.pg_krb5_context, err_ret);
262+
krb5_free_error(pg_krb5_context, err_ret);
294263

295264
ret = STATUS_ERROR;
296265
}
297266

298-
krb5_free_principal(info.pg_krb5_context, server);
267+
krb5_free_principal(pg_krb5_context, server);
299268

300269
if (!pg_set_noblock(sock))
301270
{
@@ -306,7 +275,6 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname, const char *s
306275
pqStrerror(errno, sebuf, sizeof(sebuf)));
307276
ret = STATUS_ERROR;
308277
}
309-
pg_krb5_destroy(&info);
310278

311279
return ret;
312280
}
@@ -519,9 +487,6 @@ pg_fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname,
519487
char *
520488
pg_fe_getauthname(char *PQerrormsg)
521489
{
522-
#ifdef KRB5
523-
const char *krb5_name = NULL;
524-
#endif
525490
const char *name = NULL;
526491
char *authn;
527492

@@ -546,12 +511,7 @@ pg_fe_getauthname(char *PQerrormsg)
546511
pglock_thread();
547512

548513
#ifdef KRB5
549-
/* pg_krb5_authname gives us a strdup'd value that we need
550-
* to free later, however, we don't want to free 'name' directly
551-
* in case it's *not* a Kerberos login and we fall through to
552-
* name = pw->pw_name; */
553-
krb5_name = pg_krb5_authname(PQerrormsg);
554-
name = krb5_name;
514+
name = pg_krb5_authname(PQerrormsg);
555515
#endif
556516

557517
if (!name)
@@ -567,12 +527,6 @@ pg_fe_getauthname(char *PQerrormsg)
567527

568528
authn = name ? strdup(name) : NULL;
569529

570-
#ifdef KRB5
571-
/* Free the strdup'd string from pg_krb5_authname, if we got one */
572-
if (krb5_name)
573-
free(krb5_name);
574-
#endif
575-
576530
pgunlock_thread();
577531

578532
return authn;

0 commit comments

Comments
 (0)