From fe03a5f4aee4cdc0ffa226c558ee4fb39fdd63f2 Mon Sep 17 00:00:00 2001 From: Bruce Momjian Date: Thu, 8 Feb 2007 04:52:18 +0000 Subject: [PATCH] Check if the role exists before doing more complex ident and Kerberos authentication checks in the backend. Gavin Sherry --- src/backend/libpq/auth.c | 5 ++++- src/backend/libpq/hba.c | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 74857d12d9..37bfa81abd 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.147 2007/01/05 22:19:29 momjian Exp $ + * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.148 2007/02/08 04:52:18 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -216,6 +216,9 @@ pg_krb5_recvauth(Port *port) krb5_ticket *ticket; char *kusername; + if (get_role_line(port->user_name) == NULL) + return STATUS_ERROR; + ret = pg_krb5_init(); if (ret != STATUS_OK) return ret; diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c index a889fa7a5f..94df19bc2c 100644 --- a/src/backend/libpq/hba.c +++ b/src/backend/libpq/hba.c @@ -10,7 +10,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.158 2007/01/05 22:19:29 momjian Exp $ + * $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.159 2007/02/08 04:52:18 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -1589,6 +1589,9 @@ authident(hbaPort *port) { char ident_user[IDENT_USERNAME_MAX + 1]; + if (get_role_line(port->user_name) == NULL) + return STATUS_ERROR; + switch (port->raddr.addr.ss_family) { case AF_INET: