> This change (I'm sure this will wrap poorly -- sorry):

> http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/include/libpq/pqcomm.h.diff?r1=1.85&r2=1.86 > > modified SockAddr, but no corresponding change was made here > (fe-auth.c:612): > > case AUTH_REQ_KRB5: > #ifdef KRB5 > if (pg_krb5_sendauth(PQerrormsg, conn->sock, &conn->laddr.in, > &conn->raddr.in, > hostname) != STATUS_OK) > > It's not obvious to me what the change ought to be though. This patch should hopefully fix both kerberos 4 and 5. Kurt Roeckx
2003-06-25 01:19:47 +00:00 · 2003-06-25 01:19:47 +00:00 · d9ddbdaa95
parent afb17d912b
commit d9ddbdaa95
2 changed files with 16 additions and 12 deletions
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.102 2003/06/12 07:36:51 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.103 2003/06/25 01:19:47 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -430,6 +430,13 @@ ClientAuthentication(Port *port)
 			}

 		case uaKrb4:
+			/* Kerberos 4 only seems to work with AF_INET. */
+			if (port->raddr.addr.ss_family != AF_INET
+				|| port->laddr.addr.ss_family != AF_INET)
+			{
+				elog(FATAL,
+					"Unsupported protocol for Kerberos 4");
+			}
 			sendAuthRequest(port, AUTH_REQ_KRB4);
 			status = pg_krb4_recvauth(port);
 			break;
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@ -10,7 +10,7 @@
 * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.80 2003/06/14 17:49:53 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.81 2003/06/25 01:19:47 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -357,10 +357,7 @@ pg_krb5_authname(char *PQerrormsg)
 *					   the server
 */
 static int
-pg_krb5_sendauth(char *PQerrormsg, int sock,
-				 struct sockaddr_in * laddr,
-				 struct sockaddr_in * raddr,
-				 const char *hostname)
+pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname)
 {
 	krb5_error_code retval;
 	int			ret;
@ -594,9 +591,10 @@ fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname,

 		case AUTH_REQ_KRB4:
 #ifdef KRB4
-			if (pg_krb4_sendauth(PQerrormsg, conn->sock, &conn->laddr.in,
-								 &conn->raddr.in,
-								 hostname) != STATUS_OK)
+			if (pg_krb4_sendauth(PQerrormsg, conn->sock,
+				(struct sockaddr_in *)&conn->laddr.addr,
+				(struct sockaddr_in *)&conn->raddr.addr,
+				hostname) != STATUS_OK)
 			{
 				snprintf(PQerrormsg, PQERRORMSG_LENGTH,
 					libpq_gettext("Kerberos 4 authentication failed\n"));
@ -611,9 +609,8 @@ fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname,

 		case AUTH_REQ_KRB5:
 #ifdef KRB5
-			if (pg_krb5_sendauth(PQerrormsg, conn->sock, &conn->laddr.in,
-								 &conn->raddr.in,
-								 hostname) != STATUS_OK)
+			if (pg_krb5_sendauth(PQerrormsg, conn->sock,
+				hostname) != STATUS_OK)
 			{
 				snprintf(PQerrormsg, PQERRORMSG_LENGTH,
 					libpq_gettext("Kerberos 5 authentication failed\n"));