Re: [HACKERS] compile failure on cvs tip --with-krb5
Patch applied. Thanks. --- Kurt Roeckx wrote: On Fri, Jun 20, 2003 at 07:48:02PM -0700, Joe Conway wrote: This change (I'm sure this will wrap poorly -- sorry): http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/include/libpq/pqcomm.h.diff?r1=1.85r2=1.86 modified SockAddr, but no corresponding change was made here (fe-auth.c:612): case AUTH_REQ_KRB5: #ifdef KRB5 if (pg_krb5_sendauth(PQerrormsg, conn-sock, conn-laddr.in, conn-raddr.in, hostname) != STATUS_OK) It's not obvious to me what the change ought to be though. This patch should hopefully fix both kerberos 4 and 5. Kurt [ Attachment, skipping... ] ---(end of broadcast)--- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 8: explain analyze is your friend
Re: [HACKERS] compile failure on cvs tip --with-krb5
Your patch has been added to the PostgreSQL unapplied patches list at: http://momjian.postgresql.org/cgi-bin/pgpatches I will try to apply it within the next 48 hours. --- Kurt Roeckx wrote: On Fri, Jun 20, 2003 at 07:48:02PM -0700, Joe Conway wrote: This change (I'm sure this will wrap poorly -- sorry): http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/include/libpq/pqcomm.h.diff?r1=1.85r2=1.86 modified SockAddr, but no corresponding change was made here (fe-auth.c:612): case AUTH_REQ_KRB5: #ifdef KRB5 if (pg_krb5_sendauth(PQerrormsg, conn-sock, conn-laddr.in, conn-raddr.in, hostname) != STATUS_OK) It's not obvious to me what the change ought to be though. This patch should hopefully fix both kerberos 4 and 5. Kurt [ Attachment, skipping... ] ---(end of broadcast)--- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
Re: [HACKERS] compile failure on cvs tip --with-krb5
This change (I'm sure this will wrap poorly -- sorry): http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/include/libpq/pqcomm.h.diff?r1=1.85r2=1.86 modified SockAddr, but no corresponding change was made here (fe-auth.c:612): case AUTH_REQ_KRB5: #ifdef KRB5 if (pg_krb5_sendauth(PQerrormsg, conn-sock, conn-laddr.in, conn-raddr.in, hostname) != STATUS_OK) It's not obvious to me what the change ought to be though. Please try the attached patch. I'll try to change kerberos 4 later if I can find some documentation about it. Especially the krb_sendauth() function. Does Kerberos 4 support other protocols than ipv4? Not that I'm aware of. -sc -- Sean Chittenden ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
Re: [HACKERS] compile failure on cvs tip --with-krb5
On Fri, Jun 20, 2003 at 07:48:02PM -0700, Joe Conway wrote:
This change (I'm sure this will wrap poorly -- sorry):
http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/include/libpq/pqcomm.h.diff?r1=1.85r2=1.86
modified SockAddr, but no corresponding change was made here
(fe-auth.c:612):
case AUTH_REQ_KRB5:
#ifdef KRB5
if (pg_krb5_sendauth(PQerrormsg, conn-sock, conn-laddr.in,
conn-raddr.in,
hostname) != STATUS_OK)
It's not obvious to me what the change ought to be though.
Please try the attached patch.
I'll try to change kerberos 4 later if I can find some
documentation about it. Especially the krb_sendauth() function.
Does Kerberos 4 support other protocols than ipv4?
Kurt
Index: ./src/interfaces/libpq/fe-auth.c
===
RCS file: /projects/cvsroot/pgsql-server/src/interfaces/libpq/fe-auth.c,v
retrieving revision 1.80
diff -u -r1.80 fe-auth.c
--- ./src/interfaces/libpq/fe-auth.c14 Jun 2003 17:49:53 - 1.80
+++ ./src/interfaces/libpq/fe-auth.c21 Jun 2003 10:45:53 -
@@ -357,10 +357,7 @@
*the server
*/
static int
-pg_krb5_sendauth(char *PQerrormsg, int sock,
-struct sockaddr_in * laddr,
-struct sockaddr_in * raddr,
-const char *hostname)
+pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname)
{
krb5_error_code retval;
int ret;
@@ -611,9 +608,8 @@
case AUTH_REQ_KRB5:
#ifdef KRB5
- if (pg_krb5_sendauth(PQerrormsg, conn-sock, conn-laddr.in,
-conn-raddr.in,
-hostname) !=
STATUS_OK)
+ if (pg_krb5_sendauth(PQerrormsg, conn-sock,
+ hostname) != STATUS_OK)
{
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
libpq_gettext(Kerberos 5 authentication
failed\n));
---(end of broadcast)---
TIP 7: don't forget to increase your free space map settings
Re: [HACKERS] compile failure on cvs tip --with-krb5
On Fri, Jun 20, 2003 at 07:48:02PM -0700, Joe Conway wrote:
This change (I'm sure this will wrap poorly -- sorry):
http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/include/libpq/pqcomm.h.diff?r1=1.85r2=1.86
modified SockAddr, but no corresponding change was made here
(fe-auth.c:612):
case AUTH_REQ_KRB5:
#ifdef KRB5
if (pg_krb5_sendauth(PQerrormsg, conn-sock, conn-laddr.in,
conn-raddr.in,
hostname) != STATUS_OK)
It's not obvious to me what the change ought to be though.
This patch should hopefully fix both kerberos 4 and 5.
Kurt
Index: src/backend/libpq/auth.c
===
RCS file: /projects/cvsroot/pgsql-server/src/backend/libpq/auth.c,v
retrieving revision 1.102
diff -u -r1.102 auth.c
--- src/backend/libpq/auth.c12 Jun 2003 07:36:51 - 1.102
+++ src/backend/libpq/auth.c21 Jun 2003 15:02:06 -
@@ -430,6 +430,13 @@
}
case uaKrb4:
+ /* Kerberos 4 only seems to work with AF_INET. */
+ if (port-raddr.addr.ss_family != AF_INET
+ || port-laddr.addr.ss_family != AF_INET)
+ {
+ elog(FATAL,
+ Unsupported protocol for Kerberos 4);
+ }
sendAuthRequest(port, AUTH_REQ_KRB4);
status = pg_krb4_recvauth(port);
break;
Index: src/interfaces/libpq/fe-auth.c
===
RCS file: /projects/cvsroot/pgsql-server/src/interfaces/libpq/fe-auth.c,v
retrieving revision 1.80
diff -u -r1.80 fe-auth.c
--- src/interfaces/libpq/fe-auth.c 14 Jun 2003 17:49:53 - 1.80
+++ src/interfaces/libpq/fe-auth.c 21 Jun 2003 15:02:08 -
@@ -357,10 +357,7 @@
*the server
*/
static int
-pg_krb5_sendauth(char *PQerrormsg, int sock,
-struct sockaddr_in * laddr,
-struct sockaddr_in * raddr,
-const char *hostname)
+pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname)
{
krb5_error_code retval;
int ret;
@@ -594,9 +591,10 @@
case AUTH_REQ_KRB4:
#ifdef KRB4
- if (pg_krb4_sendauth(PQerrormsg, conn-sock, conn-laddr.in,
-conn-raddr.in,
-hostname) !=
STATUS_OK)
+ if (pg_krb4_sendauth(PQerrormsg, conn-sock,
+ (struct sockaddr_in *)conn-laddr.addr,
+ (struct sockaddr_in *)conn-raddr.addr,
+ hostname) != STATUS_OK)
{
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
libpq_gettext(Kerberos 4 authentication
failed\n));
@@ -611,9 +609,8 @@
case AUTH_REQ_KRB5:
#ifdef KRB5
- if (pg_krb5_sendauth(PQerrormsg, conn-sock, conn-laddr.in,
-conn-raddr.in,
-hostname) !=
STATUS_OK)
+ if (pg_krb5_sendauth(PQerrormsg, conn-sock,
+ hostname) != STATUS_OK)
{
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
libpq_gettext(Kerberos 5 authentication
failed\n));
---(end of broadcast)---
TIP 5: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faqs/FAQ.html
Re: [HACKERS] compile failure on cvs tip --with-krb5
Kurt Roeckx wrote: This patch should hopefully fix both kerberos 4 and 5. Thanks, the patch fixes the compile issue for me. Disclaimer: I can't vouch for krb4 at all. And, although I compile support for krb5, I do that to find build problems, not because I use krb5. So I can't really speak to the correctness of the fix. Joe ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
[HACKERS] compile failure on cvs tip --with-krb5
This change (I'm sure this will wrap poorly -- sorry): http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/include/libpq/pqcomm.h.diff?r1=1.85r2=1.86 modified SockAddr, but no corresponding change was made here (fe-auth.c:612): case AUTH_REQ_KRB5: #ifdef KRB5 if (pg_krb5_sendauth(PQerrormsg, conn-sock, conn-laddr.in, conn-raddr.in, hostname) != STATUS_OK) It's not obvious to me what the change ought to be though. Joe ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://archives.postgresql.org
