rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

I have applied the following patch to document PQinitSSL() and 

PQregisterThreadLock().

I also remove the crypt() mention in the libpq threading section and
added a single sentence in the client-auth manual page under crypt().
Crypt authentication is so old now that a separate paragraph about it
seemed unwise.

I also added a comment about our use of locking around pqGetpwuid().
This commit is contained in:
Bruce Momjian 2005-10-24 15:38:37 +00:00
parent 18feafcc59
commit 819159709f
4 changed files with 32 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
doc/src/sgml/client-auth.sgml
View File

@ -1,5 +1,5 @@
<!-- <!--
$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.83 2005/08/14 23:35:37 tgl Exp $ $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.84 2005/10/24 15:38:36 momjian Exp $
--> -->
<chapter id="client-authentication"> <chapter id="client-authentication">
@ -337,6 +337,7 @@ hostnossl <replaceable>database</replaceable> <replaceable>user</replaceable>
authentication. authentication.
Since the password is sent in clear text over the Since the password is sent in clear text over the
network, this should not be used on untrusted networks. network, this should not be used on untrusted networks.
It also does not usually work with threaded client applications.
See <xref linkend="auth-password"> for details. See <xref linkend="auth-password"> for details.
</para> </para>
</listitem> </listitem>

23
doc/src/sgml/libpq.sgml
View File

@ -1,5 +1,5 @@
<!-- <!--
$PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.196 2005/10/20 23:57:51 tgl Exp $ $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.197 2005/10/24 15:38:36 momjian Exp $
--> -->
<chapter id="libpq"> <chapter id="libpq">
@ -4032,6 +4032,15 @@ however.)
fail if the server does not present a certificate; therefore, to fail if the server does not present a certificate; therefore, to
use this feature the server must also have a <filename>root.crt</> file. use this feature the server must also have a <filename>root.crt</> file.
</para> </para>
<para>
If you are using <acronym>SSL</> inside your application (in addition to
inside <application>libpq</application>), you can use <function>PQinitSSL(int)</>
to tell <application>libpq</application> that the <acronym>SSL</> library
has already been initialized by your application.
</para>
</sect1> </sect1>
@ -4081,12 +4090,12 @@ are not thread-safe and should not be used in multithread programs.
</para> </para>
<para> <para>
<application>libpq</application> applications that use the If you are using Kerberos inside your application (in addition to inside
<literal>crypt</literal> authentication method rely on the <application>libpq</application>), you will need to do locking around
<literal>crypt()</literal> operating system function, which is often Kerberos calls because Kerberos functions are not thread-safe. See
not thread-safe.<indexterm><primary>crypt</><secondary>thread function <function>PQregisterThreadLock</> in the
safety</></> It is better to use the <literal>md5</literal> method, <application>libpq</application> source code for a way to do cooperative
which is thread-safe on all platforms. locking between <application>libpq</application> and your application.
</para> </para>
<para> <para>

12
src/interfaces/libpq/fe-auth.c
View File

@ -10,7 +10,7 @@
* exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes). * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
* *
* IDENTIFICATION * IDENTIFICATION
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.106 2005/10/17 16:24:20 tgl Exp $ * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.107 2005/10/24 15:38:37 momjian Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -500,6 +500,16 @@ pg_fe_getauthname(char *PQerrormsg)
struct passwd *pw = NULL; struct passwd *pw = NULL;
#endif #endif
/*
* pglock_thread() really only needs to be called around
* pg_krb5_authname(), but some users are using configure
* --enable-thread-safety-force, so we might as well do
* the locking within our library to protect pqGetpwuid().
* In fact, application developers can use getpwuid()
* in their application if they use the locking call we
* provide, or install their own locking function using
* PQregisterThreadLock().
*/
pglock_thread(); pglock_thread();
#ifdef KRB5 #ifdef KRB5

6
src/interfaces/libpq/fe-secure.c
View File

@ -11,7 +11,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.72 2005/10/15 02:49:48 momjian Exp $ * $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.73 2005/10/24 15:38:37 momjian Exp $
* *
* NOTES * NOTES
* [ Most of these notes are wrong/obsolete, but perhaps not all ] * [ Most of these notes are wrong/obsolete, but perhaps not all ]
@ -220,8 +220,8 @@ KWbuHn491xNO25CQWMtem80uKw+pTnisBRF/454n1Jnhub144YRBoN8CAQI=\n\
/* /*
* Exported (but as yet undocumented) function to allow application to * Exported function to allow application to tell us it's already
* tell us it's already initialized OpenSSL. * initialized OpenSSL.
*/ */
void void
PQinitSSL(int do_init) PQinitSSL(int do_init)