I have applied the following patch to document PQinitSSL() and
PQregisterThreadLock(). I also remove the crypt() mention in the libpq threading section and added a single sentence in the client-auth manual page under crypt(). Crypt authentication is so old now that a separate paragraph about it seemed unwise. I also added a comment about our use of locking around pqGetpwuid().
This commit is contained in:
Bruce Momjian
parent
18feafcc59
commit
819159709f
|
|
@ -1,5 +1,5 @@
|
|||
<!--
|
||||
$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.83 2005/08/14 23:35:37 tgl Exp $
|
||||
$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.84 2005/10/24 15:38:36 momjian Exp $
|
||||
-->
|
||||
|
||||
<chapter id="client-authentication">
|
||||
|
|
@ -337,6 +337,7 @@ hostnossl <replaceable>database</replaceable> <replaceable>user</replaceable>
|
|||
authentication.
|
||||
Since the password is sent in clear text over the
|
||||
network, this should not be used on untrusted networks.
|
||||
It also does not usually work with threaded client applications.
|
||||
See <xref linkend="auth-password"> for details.
|
||||
</para>
|
||||
</listitem>
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
<!--
|
||||
$PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.196 2005/10/20 23:57:51 tgl Exp $
|
||||
$PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.197 2005/10/24 15:38:36 momjian Exp $
|
||||
-->
|
||||
|
||||
<chapter id="libpq">
|
||||
|
|
@ -4032,6 +4032,15 @@ however.)
|
|||
fail if the server does not present a certificate; therefore, to
|
||||
use this feature the server must also have a <filename>root.crt</> file.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
If you are using <acronym>SSL</> inside your application (in addition to
|
||||
inside <application>libpq</application>), you can use <function>PQinitSSL(int)</>
|
||||
to tell <application>libpq</application> that the <acronym>SSL</> library
|
||||
has already been initialized by your application.
|
||||
</para>
|
||||
|
||||
|
||||
</sect1>
|
||||
|
||||
|
||||
|
|
@ -4081,12 +4090,12 @@ are not thread-safe and should not be used in multithread programs.
|
|||
</para>
|
||||
|
||||
<para>
|
||||
<application>libpq</application> applications that use the
|
||||
<literal>crypt</literal> authentication method rely on the
|
||||
<literal>crypt()</literal> operating system function, which is often
|
||||
not thread-safe.<indexterm><primary>crypt</><secondary>thread
|
||||
safety</></> It is better to use the <literal>md5</literal> method,
|
||||
which is thread-safe on all platforms.
|
||||
If you are using Kerberos inside your application (in addition to inside
|
||||
<application>libpq</application>), you will need to do locking around
|
||||
Kerberos calls because Kerberos functions are not thread-safe. See
|
||||
function <function>PQregisterThreadLock</> in the
|
||||
<application>libpq</application> source code for a way to do cooperative
|
||||
locking between <application>libpq</application> and your application.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@
|
|||
* exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.106 2005/10/17 16:24:20 tgl Exp $
|
||||
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.107 2005/10/24 15:38:37 momjian Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
|
|
@ -500,6 +500,16 @@ pg_fe_getauthname(char *PQerrormsg)
|
|||
struct passwd *pw = NULL;
|
||||
#endif
|
||||
|
||||
/*
|
||||
* pglock_thread() really only needs to be called around
|
||||
* pg_krb5_authname(), but some users are using configure
|
||||
* --enable-thread-safety-force, so we might as well do
|
||||
* the locking within our library to protect pqGetpwuid().
|
||||
* In fact, application developers can use getpwuid()
|
||||
* in their application if they use the locking call we
|
||||
* provide, or install their own locking function using
|
||||
* PQregisterThreadLock().
|
||||
*/
|
||||
pglock_thread();
|
||||
|
||||
#ifdef KRB5
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.72 2005/10/15 02:49:48 momjian Exp $
|
||||
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.73 2005/10/24 15:38:37 momjian Exp $
|
||||
*
|
||||
* NOTES
|
||||
* [ Most of these notes are wrong/obsolete, but perhaps not all ]
|
||||
|
|
@ -220,8 +220,8 @@ KWbuHn491xNO25CQWMtem80uKw+pTnisBRF/454n1Jnhub144YRBoN8CAQI=\n\
|
|||
|
||||
|
||||
/*
|
||||
* Exported (but as yet undocumented) function to allow application to
|
||||
* tell us it's already initialized OpenSSL.
|
||||
* Exported function to allow application to tell us it's already
|
||||
* initialized OpenSSL.
|
||||
*/
|
||||
void
|
||||
PQinitSSL(int do_init)
|
||||
|
|
|
|||
Loading…
Reference in New Issue