Re: [HACKERS] compile failure on cvs tip --with-krb5
Patch applied. Thanks. --- Kurt Roeckx wrote: On Fri, Jun 20, 2003 at 07:48:02PM -0700, Joe Conway wrote: This change (I'm sure this will wrap poorly -- sorry): http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/include/libpq/pqcomm.h.diff?r1=1.85r2=1.86 modified SockAddr, but no corresponding change was made here (fe-auth.c:612): case AUTH_REQ_KRB5: #ifdef KRB5 if (pg_krb5_sendauth(PQerrormsg, conn-sock, conn-laddr.in, conn-raddr.in, hostname) != STATUS_OK) It's not obvious to me what the change ought to be though. This patch should hopefully fix both kerberos 4 and 5. Kurt [ Attachment, skipping... ] ---(end of broadcast)--- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 8: explain analyze is your friend
Re: [HACKERS] compile failure on cvs tip --with-krb5
Your patch has been added to the PostgreSQL unapplied patches list at: http://momjian.postgresql.org/cgi-bin/pgpatches I will try to apply it within the next 48 hours. --- Kurt Roeckx wrote: On Fri, Jun 20, 2003 at 07:48:02PM -0700, Joe Conway wrote: This change (I'm sure this will wrap poorly -- sorry): http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/include/libpq/pqcomm.h.diff?r1=1.85r2=1.86 modified SockAddr, but no corresponding change was made here (fe-auth.c:612): case AUTH_REQ_KRB5: #ifdef KRB5 if (pg_krb5_sendauth(PQerrormsg, conn-sock, conn-laddr.in, conn-raddr.in, hostname) != STATUS_OK) It's not obvious to me what the change ought to be though. This patch should hopefully fix both kerberos 4 and 5. Kurt [ Attachment, skipping... ] ---(end of broadcast)--- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html -- Bruce Momjian| http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
Re: [HACKERS] compile failure on cvs tip --with-krb5
This change (I'm sure this will wrap poorly -- sorry): http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/include/libpq/pqcomm.h.diff?r1=1.85r2=1.86 modified SockAddr, but no corresponding change was made here (fe-auth.c:612): case AUTH_REQ_KRB5: #ifdef KRB5 if (pg_krb5_sendauth(PQerrormsg, conn-sock, conn-laddr.in, conn-raddr.in, hostname) != STATUS_OK) It's not obvious to me what the change ought to be though. Please try the attached patch. I'll try to change kerberos 4 later if I can find some documentation about it. Especially the krb_sendauth() function. Does Kerberos 4 support other protocols than ipv4? Not that I'm aware of. -sc -- Sean Chittenden ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
Re: [HACKERS] compile failure on cvs tip --with-krb5
On Fri, Jun 20, 2003 at 07:48:02PM -0700, Joe Conway wrote: This change (I'm sure this will wrap poorly -- sorry): http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/include/libpq/pqcomm.h.diff?r1=1.85r2=1.86 modified SockAddr, but no corresponding change was made here (fe-auth.c:612): case AUTH_REQ_KRB5: #ifdef KRB5 if (pg_krb5_sendauth(PQerrormsg, conn-sock, conn-laddr.in, conn-raddr.in, hostname) != STATUS_OK) It's not obvious to me what the change ought to be though. Please try the attached patch. I'll try to change kerberos 4 later if I can find some documentation about it. Especially the krb_sendauth() function. Does Kerberos 4 support other protocols than ipv4? Kurt Index: ./src/interfaces/libpq/fe-auth.c === RCS file: /projects/cvsroot/pgsql-server/src/interfaces/libpq/fe-auth.c,v retrieving revision 1.80 diff -u -r1.80 fe-auth.c --- ./src/interfaces/libpq/fe-auth.c14 Jun 2003 17:49:53 - 1.80 +++ ./src/interfaces/libpq/fe-auth.c21 Jun 2003 10:45:53 - @@ -357,10 +357,7 @@ *the server */ static int -pg_krb5_sendauth(char *PQerrormsg, int sock, -struct sockaddr_in * laddr, -struct sockaddr_in * raddr, -const char *hostname) +pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname) { krb5_error_code retval; int ret; @@ -611,9 +608,8 @@ case AUTH_REQ_KRB5: #ifdef KRB5 - if (pg_krb5_sendauth(PQerrormsg, conn-sock, conn-laddr.in, -conn-raddr.in, -hostname) != STATUS_OK) + if (pg_krb5_sendauth(PQerrormsg, conn-sock, + hostname) != STATUS_OK) { snprintf(PQerrormsg, PQERRORMSG_LENGTH, libpq_gettext(Kerberos 5 authentication failed\n)); ---(end of broadcast)--- TIP 7: don't forget to increase your free space map settings
Re: [HACKERS] compile failure on cvs tip --with-krb5
On Fri, Jun 20, 2003 at 07:48:02PM -0700, Joe Conway wrote: This change (I'm sure this will wrap poorly -- sorry): http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/include/libpq/pqcomm.h.diff?r1=1.85r2=1.86 modified SockAddr, but no corresponding change was made here (fe-auth.c:612): case AUTH_REQ_KRB5: #ifdef KRB5 if (pg_krb5_sendauth(PQerrormsg, conn-sock, conn-laddr.in, conn-raddr.in, hostname) != STATUS_OK) It's not obvious to me what the change ought to be though. This patch should hopefully fix both kerberos 4 and 5. Kurt Index: src/backend/libpq/auth.c === RCS file: /projects/cvsroot/pgsql-server/src/backend/libpq/auth.c,v retrieving revision 1.102 diff -u -r1.102 auth.c --- src/backend/libpq/auth.c12 Jun 2003 07:36:51 - 1.102 +++ src/backend/libpq/auth.c21 Jun 2003 15:02:06 - @@ -430,6 +430,13 @@ } case uaKrb4: + /* Kerberos 4 only seems to work with AF_INET. */ + if (port-raddr.addr.ss_family != AF_INET + || port-laddr.addr.ss_family != AF_INET) + { + elog(FATAL, + Unsupported protocol for Kerberos 4); + } sendAuthRequest(port, AUTH_REQ_KRB4); status = pg_krb4_recvauth(port); break; Index: src/interfaces/libpq/fe-auth.c === RCS file: /projects/cvsroot/pgsql-server/src/interfaces/libpq/fe-auth.c,v retrieving revision 1.80 diff -u -r1.80 fe-auth.c --- src/interfaces/libpq/fe-auth.c 14 Jun 2003 17:49:53 - 1.80 +++ src/interfaces/libpq/fe-auth.c 21 Jun 2003 15:02:08 - @@ -357,10 +357,7 @@ *the server */ static int -pg_krb5_sendauth(char *PQerrormsg, int sock, -struct sockaddr_in * laddr, -struct sockaddr_in * raddr, -const char *hostname) +pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname) { krb5_error_code retval; int ret; @@ -594,9 +591,10 @@ case AUTH_REQ_KRB4: #ifdef KRB4 - if (pg_krb4_sendauth(PQerrormsg, conn-sock, conn-laddr.in, -conn-raddr.in, -hostname) != STATUS_OK) + if (pg_krb4_sendauth(PQerrormsg, conn-sock, + (struct sockaddr_in *)conn-laddr.addr, + (struct sockaddr_in *)conn-raddr.addr, + hostname) != STATUS_OK) { snprintf(PQerrormsg, PQERRORMSG_LENGTH, libpq_gettext(Kerberos 4 authentication failed\n)); @@ -611,9 +609,8 @@ case AUTH_REQ_KRB5: #ifdef KRB5 - if (pg_krb5_sendauth(PQerrormsg, conn-sock, conn-laddr.in, -conn-raddr.in, -hostname) != STATUS_OK) + if (pg_krb5_sendauth(PQerrormsg, conn-sock, + hostname) != STATUS_OK) { snprintf(PQerrormsg, PQERRORMSG_LENGTH, libpq_gettext(Kerberos 5 authentication failed\n)); ---(end of broadcast)--- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faqs/FAQ.html
Re: [HACKERS] compile failure on cvs tip --with-krb5
Kurt Roeckx wrote: This patch should hopefully fix both kerberos 4 and 5. Thanks, the patch fixes the compile issue for me. Disclaimer: I can't vouch for krb4 at all. And, although I compile support for krb5, I do that to find build problems, not because I use krb5. So I can't really speak to the correctness of the fix. Joe ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
[HACKERS] compile failure on cvs tip --with-krb5
This change (I'm sure this will wrap poorly -- sorry): http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/include/libpq/pqcomm.h.diff?r1=1.85r2=1.86 modified SockAddr, but no corresponding change was made here (fe-auth.c:612): case AUTH_REQ_KRB5: #ifdef KRB5 if (pg_krb5_sendauth(PQerrormsg, conn-sock, conn-laddr.in, conn-raddr.in, hostname) != STATUS_OK) It's not obvious to me what the change ought to be though. Joe ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://archives.postgresql.org