authentifica
tion
working with postgresql-6.4.2 and KTH-KRB Ebones
(http://www.pdc.kth.se/kth-kr
b) on a dec alpha running DU 4.0D using the native compiler. The
following
patch does the trick.
The rationale behind this is as follows. The KTH-KRB code header files
defines
lots of lengths like INST_SZ,REALM_SZ and KRB_SENDAUTH_VLEN. It also has
a
habit of doing things like
chararray[LENGTH] = '\0'
to ensure null terminated strings. In my instance this just happens to
blat
the kerberos principal instance string leading to error like
pg_krb4_recvauth: kerberos error: Can't decode authenticator
(krb_rd_req
)
The application code that comes with KTH-KRB uses "KRB_SENDAUTH_VLEN +
1" and
sometimes uses "INST_SZ + 1" so it seems safest to put that 1 char
buffer in
the appropriate place.
Rodney McDuff
From: Tom Lane <tgl@sss.pgh.pa.us>
Attached is a patch for this weekend's work on libpq. I've dealt
with several issues:
<for details: see message, in pgsql-patches archive for above data>
couple weeks ago on the hackers and interfaces lists:
1. When the backend sends a NOTICE message and closes the connection
(typically, because it was told to by the postmaster after
another backend coredumped), libpq will now print the notice
and close the connection cleanly. Formerly, the frontend app
would usually terminate ungracefully due to a SIGPIPE. (I am
not sure if 6.3.2 behaved that way, but the current cvs sources
do...)
2. libpq's various printouts to stderr are now fed through a single
"notice processor" routine, which can be overridden by the
application to direct notices someplace else. This should ease
porting libpq to Windows.
I also noticed and fixed a problem in PQprint: when sending output
to a pager subprocess, it would disable SIGPIPE in case the pager
terminates early (this is good) --- but afterwards it reset SIGPIPE
to SIG_DFL, rather than restoring the application's prior setting
(bad).
regards, tom lane
The attached patches respond to discussion that was on pgsql-hackers
around the beginning of June (see thread "libpgtcl bug (and symptomatic
treatment)"). The changes are:
1. Remove code in connectDB that throws away the password after making
a connection. This doesn't really add much security IMHO --- a bad guy
with access to your client's address space can likely extract the
password anyway, to say nothing of what he might do directly. And
there's the serious shortcoming that it prevents PQreset() from working
if the database requires a password.
2. Fix coredump problem: fe_sendauth did not guard against being handed
a NULL password pointer. (This is the proximate cause of the coredump-
during-PQreset problem that Magosanyi Arpad complained of last month.)
3. Remove highly questionable "error recovery" logic in libpgtcl's
pg_exec statement.
I believe the consensus of the discussion last month was in favor of
#1 and #3, but I'm just now getting around to making the change.
I realized that #2 was a bug in process of looking at the change.
Through some minor changes, I have been able to compile the libpq
client libraries on the Win32 platform. Since the libpq communications
part has been rewritten, this has become much easier. Enclosed is
a patch that will allow at least Microsoft Visual C++ to compile
libpq into both a static and a dynamic library. I will take a look
at porting the psql frontend as well, but I figured it was a good
idea to send in these patches first - so no major changes are done
to the files before it gets applied (if it does).
Regards,
Magnus Hagander
Attached is the patch to fix the warning messages from my code. I also
fixed one which wasn't my code. Apart from the usual warnings about the
bison/yacc generated code I only have one other warning message. This
is in gramm.y around line 2234. I wasn't sure of the fix.
I've also replaced all the calls to free() in gramm.y to calls to
pfree(). Without these I was getting backend crashes with GRANT. This
might already have been fixed.
I've completed the patch to fix the protocol and authentication issues I
was discussing a couple of weeks ago. The particular changes are:
- the protocol has a version number
- network byte order is used throughout
- the pg_hba.conf file is used to specify what method is used to
authenticate a frontend (either password, ident, trust, reject, krb4
or krb5)
- support for multiplexed backends is removed
- appropriate changes to man pages
- the -a switch to many programs to specify an authentication service
no longer has any effect
- the libpq.so version number has changed to 1.1
The new backend still supports the old protocol so old interfaces won't
break.
Subject: [HACKERS] password authentication
This patch adds support for plaintext password authentication. To use
it, you add a line like
host all 0.0.0.0 0.0.0.0 password pg_pwd.conf
to your pg_hba.conf, where 'pg_pwd.conf' is the name of a file containing
the usernames and password hashes in the format of the first two fields
of a Unix /etc/passwd file. (Of course, you can use a specific database
name or IP instead.)
Then, to connect with a password through libpq, you use the PQconnectdb()
function, specifying the "password=" tag in the connect string and also
adding the tag "authtype=password".
I also added a command-line switch '-u' to psql that tells it to prompt
for a username and password and use password authentication.
Here are a few minor fixes to Postgres95. Mostly I have added const
to some of the char pointers. There was also a missing header file
and a place where it looks like "==" was used when "=" was meant.
I also changed some variables from Pfin and Pfout tp pfin and pfout
because the latter shadow global variables and that just seems like
an unsafe practice which I like to avoid.
Submitted by: "D'Arcy J.M. Cain" <darcy@druid.druid.com>
Kerberos is being used (attempt to free static memory).
The error was caused by a confusing doublespeak of fe_getauthname():
Returns a pointer to static memory, if you authenticate via Kerberos,
a pointer to dynamic memory otherwise.
Submitted by: Erich Stamberger <eberger@gewi.kfunigraz.ac.at>
Most of the changes in here look to b epurely cosmetic, and don't
affect anything...
...and some stuff is completely questionable...in that I may have reversed
some of the stuf fwe already had :(
Bruce Momjian
Marc G. Fournier