From d9ddbdaa95ee72f8a7a5a07ecf43ebc90a961573 Mon Sep 17 00:00:00 2001 From: Bruce Momjian Date: Wed, 25 Jun 2003 01:19:47 +0000 Subject: [PATCH] > This change (I'm sure this will wrap poorly -- sorry): > http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/include/libpq/pqcomm.h.diff?r1=1.85&r2=1.86 > > modified SockAddr, but no corresponding change was made here > (fe-auth.c:612): > > case AUTH_REQ_KRB5: > #ifdef KRB5 > if (pg_krb5_sendauth(PQerrormsg, conn->sock, &conn->laddr.in, > &conn->raddr.in, > hostname) != STATUS_OK) > > It's not obvious to me what the change ought to be though. This patch should hopefully fix both kerberos 4 and 5. Kurt Roeckx --- src/backend/libpq/auth.c | 9 ++++++++- src/interfaces/libpq/fe-auth.c | 19 ++++++++----------- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 46965e3bcb..080b025ce2 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.102 2003/06/12 07:36:51 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.103 2003/06/25 01:19:47 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -430,6 +430,13 @@ ClientAuthentication(Port *port) } case uaKrb4: + /* Kerberos 4 only seems to work with AF_INET. */ + if (port->raddr.addr.ss_family != AF_INET + || port->laddr.addr.ss_family != AF_INET) + { + elog(FATAL, + "Unsupported protocol for Kerberos 4"); + } sendAuthRequest(port, AUTH_REQ_KRB4); status = pg_krb4_recvauth(port); break; diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c index 6ec25d400a..68c4be0372 100644 --- a/src/interfaces/libpq/fe-auth.c +++ b/src/interfaces/libpq/fe-auth.c @@ -10,7 +10,7 @@ * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes). * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.80 2003/06/14 17:49:53 momjian Exp $ + * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.81 2003/06/25 01:19:47 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -357,10 +357,7 @@ pg_krb5_authname(char *PQerrormsg) * the server */ static int -pg_krb5_sendauth(char *PQerrormsg, int sock, - struct sockaddr_in * laddr, - struct sockaddr_in * raddr, - const char *hostname) +pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname) { krb5_error_code retval; int ret; @@ -594,9 +591,10 @@ fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname, case AUTH_REQ_KRB4: #ifdef KRB4 - if (pg_krb4_sendauth(PQerrormsg, conn->sock, &conn->laddr.in, - &conn->raddr.in, - hostname) != STATUS_OK) + if (pg_krb4_sendauth(PQerrormsg, conn->sock, + (struct sockaddr_in *)&conn->laddr.addr, + (struct sockaddr_in *)&conn->raddr.addr, + hostname) != STATUS_OK) { snprintf(PQerrormsg, PQERRORMSG_LENGTH, libpq_gettext("Kerberos 4 authentication failed\n")); @@ -611,9 +609,8 @@ fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname, case AUTH_REQ_KRB5: #ifdef KRB5 - if (pg_krb5_sendauth(PQerrormsg, conn->sock, &conn->laddr.in, - &conn->raddr.in, - hostname) != STATUS_OK) + if (pg_krb5_sendauth(PQerrormsg, conn->sock, + hostname) != STATUS_OK) { snprintf(PQerrormsg, PQERRORMSG_LENGTH, libpq_gettext("Kerberos 5 authentication failed\n"));