rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/src/backend/libpq
History
Tom Lane b8b34b7b44 When reading pg_hba.conf and similar files, do not treat @file as an inclusion 
unless (1) the @ isn't quoted and (2) the filename isn't empty.  This guards
against unexpectedly treating usernames or other strings in "flat files"
as inclusion requests, as seen in a recent trouble report from Ed L.
The empty-filename case would be guaranteed to misbehave anyway, because our
subsequent path-munging behavior results in trying to read the directory
containing the current input file.

I think this might finally explain the report at
http://archives.postgresql.org/pgsql-bugs/2004-05/msg00132.php
of a crash after printing "authentication file token too long, skipping",
since I was able to duplicate that message (though not a crash) on a
platform where stdio doesn't refuse to read directories.  We never got
far in investigating that problem, but now I'm suspicious that the trigger
condition was an @ in the flat password file.

Back-patch to all active branches since the problem can be demonstrated in all
branches except HEAD.  The test case, creating a user named "@", doesn't cause
a problem in HEAD since we got rid of the flat password file.  Nonetheless it
seems like a good idea to not consider quoted @ as a file inclusion spec,
so I changed HEAD too.
 		2010-03-06 00:45:49 +00:00
..
Makefile Refactor backend makefiles to remove lots of duplicate code 2008-02-19 10:30:09 +00:00
README.SSL Remove large parts of the old SSL readme, that consisted of a couple 2008-10-24 11:48:29 +00:00
auth.c pgindent run for 9.0 2010-02-26 02:01:40 +00:00
be-fsstubs.c pgindent run for 9.0 2010-02-26 02:01:40 +00:00
be-secure.c pgindent run for 9.0 2010-02-26 02:01:40 +00:00
crypt.c pgindent run for 9.0 2010-02-26 02:01:40 +00:00
hba.c When reading pg_hba.conf and similar files, do not treat @file as an inclusion 2010-03-06 00:45:49 +00:00
ip.c pgindent run for 9.0 2010-02-26 02:01:40 +00:00
md5.c pgindent run for 9.0 2010-02-26 02:01:40 +00:00
pg_hba.conf.sample Add support for RADIUS authentication. 2010-01-27 12:12:00 +00:00
pg_ident.conf.sample Reformat the comments in pg_hba.conf and pg_ident.conf 2010-01-26 06:58:39 +00:00
pqcomm.c pgindent run for 9.0 2010-02-26 02:01:40 +00:00
pqformat.c Remove all the special-case code for INT64_IS_BUSTED, per decision that 2010-01-07 04:53:35 +00:00
pqsignal.c Update copyright for the year 2010. 2010-01-02 16:58:17 +00:00

README.SSL 

$PostgreSQL: pgsql/src/backend/libpq/README.SSL,v 1.7 2008/10/24 11:48:29 mha Exp $

SSL
===

>From the servers perspective:


  Receives StartupPacket
           |
           |
 (Is SSL_NEGOTIATE_CODE?) -----------  Normal startup
           |                  No
           |
           | Yes
           |
           |
 (Server compiled with USE_SSL?) ------- Send 'N'
           |                       No        |
           |                                 |
           | Yes                         Normal startup
           |
           |
        Send 'S'
           |
           |
      Establish SSL
           |
           |
      Normal startup
     




>From the clients perspective (v6.6 client _with_ SSL):


      Connect
         |
         |
  Send packet with SSL_NEGOTIATE_CODE
         |
         |
  Receive single char  ------- 'S' -------- Establish SSL
         |                                       |
         | '<else>'                              |
         |                                  Normal startup
         |
         |
   Is it 'E' for error  ------------------- Retry connection
         |                  Yes             without SSL
         | No
         |
   Is it 'N' for normal ------------------- Normal startup
         |                  Yes
         |
   Fail with unknown

---------------------------------------------------------------------------