compile error on cvs tip
I just updated to cvs tip, did `make clean`, `configure`, and `make all`
and got this:
i386-redhat-linux-gcc -O2 -g -Wall -Wmissing-prototypes
-Wmissing-declarations -I../../../src/include -I/usr/kerberos/include
-c -o auth.o auth.c -MMD
auth.c: In function `pg_krb5_recvauth':
auth.c:294: structure has no member named `user'
auth.c:294: structure has no member named `user'
auth.c:294: structure has no member named `user'
.
.
.
auth.c:297: structure has no member named `user'
auth.c: In function `ClientAuthentication':
auth.c:491: structure has no member named `user'
make[3]: *** [auth.o] Error 1
make[3]: Leaving directory `/opt/src/pgsql/src/backend/libpq'
I also get this new warning:
i386-redhat-linux-gcc -O2 -g -Wall -Wmissing-prototypes
-Wmissing-declarations -I../../../src/include -I/usr/kerberos/include
-c -o be-secure.o be-secure.c -MMD
be-secure.c: In function `open_server_SSL':
be-secure.c:712: warning: assignment from incompatible pointer type
Joe
p.s. Here is a patch for the error:
Index: src/backend/libpq/auth.c
===================================================================
RCS file: /opt/src/cvs/pgsql-server/src/backend/libpq/auth.c,v
retrieving revision 1.100
diff -c -r1.100 auth.c
*** src/backend/libpq/auth.c 22 Apr 2003 00:08:06 -0000 1.100
--- src/backend/libpq/auth.c 25 Apr 2003 02:58:21 -0000
***************
*** 291,300 ****
} kusername = pg_an_to_ln(kusername);
! if (strncmp(port->user, kusername, SM_DATABASE_USER))
{
elog(LOG, "pg_krb5_recvauth: user name \"%s\" != krb5
name \"%s\"",
! port->user, kusername);
ret = STATUS_ERROR;
}
else
--- 291,300 ----
} kusername = pg_an_to_ln(kusername);
! if (strncmp(port->user_name, kusername, SM_DATABASE_USER))
{
elog(LOG, "pg_krb5_recvauth: user name \"%s\" != krb5
name \"%s\"",
! port->user_name, kusername);
ret = STATUS_ERROR;
}
else
***************
*** 488,494 ****
#ifdef USE_PAM
case uaPAM:
pam_port_cludge = port;
! status = CheckPAMAuth(port, port->user, "");
break;
#endif /* USE_PAM */
--- 488,494 ----
#ifdef USE_PAM
case uaPAM:
pam_port_cludge = port;
! status = CheckPAMAuth(port, port->user_name, "");
break;
#endif /* USE_PAM */
Joe Conway <mail@joeconway.com> writes:
auth.c: In function `pg_krb5_recvauth':
auth.c:294: structure has no member named `user'
Ooops, my fault --- I didn't build with Kerberos support after
changing those field names.
Now that I think about it, there might be similar omissions in the
PAM or Kerberos4 support --- can anyone try those?
regards, tom lane
Tom Lane wrote:
Now that I think about it, there might be similar omissions in the
PAM or Kerberos4 support --- can anyone try those?
I've already got --with-pam covered, but I don't have Kerberos4 to try
it with.
Joe
Joe Conway <mail@joeconway.com> writes:
auth.c: In function `pg_krb5_recvauth':
auth.c:294: structure has no member named `user'
Patch applied for those mistakes.
I also get this new warning:
be-secure.c: In function `open_server_SSL':
be-secure.c:712: warning: assignment from incompatible pointer type
I can't see any reason for that --- the relevant code hasn't been
changed lately (at least not by me). Can you look to see what the
discrepancy in types is?
regards, tom lane
Tom Lane wrote:
I also get this new warning:
be-secure.c: In function `open_server_SSL':
be-secure.c:712: warning: assignment from incompatible pointer typeI can't see any reason for that --- the relevant code hasn't been
changed lately (at least not by me). Can you look to see what the
discrepancy in types is?
The definition in (at least my copy of) ssl.h for info_callback is:
void (*info_callback)(const SSL *ssl,int type,int val);
^^^^^
The following seems to take care of it. I just recently updated to Red
Hat 9, so this may be showing up now due to a newer gcc or openssl.
Joe
Index: src/backend/libpq/be-secure.c
===================================================================
RCS file: /opt/src/cvs/pgsql-server/src/backend/libpq/be-secure.c,v
retrieving revision 1.30
diff -c -r1.30 be-secure.c
*** src/backend/libpq/be-secure.c 19 Apr 2003 00:02:29 -0000 1.30
--- src/backend/libpq/be-secure.c 25 Apr 2003 04:23:53 -0000
***************
*** 115,121 ****
static DH *load_dh_buffer(const char *, size_t);
static DH *tmp_dh_cb(SSL *s, int is_export, int keylength);
static int verify_cb(int, X509_STORE_CTX *);
! static void info_cb(SSL *ssl, int type, int args);
static int initialize_SSL(void);
static void destroy_SSL(void);
static int open_server_SSL(Port *);
--- 115,121 ----
static DH *load_dh_buffer(const char *, size_t);
static DH *tmp_dh_cb(SSL *s, int is_export, int keylength);
static int verify_cb(int, X509_STORE_CTX *);
! static void info_cb(const SSL *ssl, int type, int args);
static int initialize_SSL(void);
static void destroy_SSL(void);
static int open_server_SSL(Port *);
***************
*** 547,553 ****
* into the PostgreSQL log.
*/
static void
! info_cb(SSL *ssl, int type, int args)
{
switch (type)
{
--- 547,553 ----
* into the PostgreSQL log.
*/
static void
! info_cb(const SSL *ssl, int type, int args)
{
switch (type)
{Joe Conway <mail@joeconway.com> writes:
The definition in (at least my copy of) ssl.h for info_callback is:
void (*info_callback)(const SSL *ssl,int type,int val);
^^^^^
Ah so. Patch applied. I guess I need to update my copy of openssl,
too --- here it just says
/**/ void (*info_callback)();
What openssl release do you have?
regards, tom lane
Tom Lane wrote:
Joe Conway <mail@joeconway.com> writes:
The definition in (at least my copy of) ssl.h for info_callback is:
void (*info_callback)(const SSL *ssl,int type,int val);Ah so. Patch applied. I guess I need to update my copy of openssl,
too --- here it just says/**/ void (*info_callback)();
What openssl release do you have?
Red Hat 9, latest update:
openssl-0.9.7a-5
Joe
auth.c: In function `pg_krb5_recvauth':
auth.c:294: structure has no member named `user'Ooops, my fault --- I didn't build with Kerberos support after
changing those field names.Now that I think about it, there might be similar omissions in the
PAM or Kerberos4 support --- can anyone try those?
krb4 code should be removed from PostgreSQL ASAP for various
insecurities in the protocol. It's been removed from FreeBSD, MIT,
and Heimdal's code base and is officially unsupported as of June this
year. -sc
--
Sean Chittenden
Sean Chittenden wrote:
auth.c: In function `pg_krb5_recvauth':
auth.c:294: structure has no member named `user'Ooops, my fault --- I didn't build with Kerberos support after
changing those field names.Now that I think about it, there might be similar omissions in the
PAM or Kerberos4 support --- can anyone try those?krb4 code should be removed from PostgreSQL ASAP for various
insecurities in the protocol. It's been removed from FreeBSD, MIT,
and Heimdal's code base and is officially unsupported as of June this
year. -sc
Did we decide we _didn't_ want to remove krb4? Removal seems like a
good idea to me, but I am just checking if the consensus was to keep it.
I think someone said it was OK in a closed environment or something.
Maybe we need to document that it is not recommended.
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073auth.c: In function `pg_krb5_recvauth':
auth.c:294: structure has no member named `user'Ooops, my fault --- I didn't build with Kerberos support after
changing those field names.Now that I think about it, there might be similar omissions in the
PAM or Kerberos4 support --- can anyone try those?krb4 code should be removed from PostgreSQL ASAP for various
insecurities in the protocol. It's been removed from FreeBSD, MIT,
and Heimdal's code base and is officially unsupported as of June this
year. -scDid we decide we _didn't_ want to remove krb4? Removal seems like a
good idea to me, but I am just checking if the consensus was to keep
it. I think someone said it was OK in a closed environment or
something. Maybe we need to document that it is not recommended.
Keep krb4 in the tree for 7.4, but before 7.4 gets released, the
documentation and release notes need to state that krb4 has been
depreciated and that it will be removed before 7.5. I'll add submit a
patch for the updated verbiage in a bit. -sc
--
Sean Chittenden
Sean Chittenden writes:
Keep krb4 in the tree for 7.4, but before 7.4 gets released, the
documentation and release notes need to state that krb4 has been
depreciated and that it will be removed before 7.5. I'll add submit a
patch for the updated verbiage in a bit. -sc
I object to treating foreign software packages like that. Those who are
interested in Kerberos 4 or even managed to obtain software for it are
intelligent enough to be able to make judgements about it. Kerberos 4 is
nowhere near the likely-to-be-chosen path in PostgreSQL, so there's
nothing we need to be scared about.
--
Peter Eisentraut peter_e@gmx.net
Peter Eisentraut wrote:
Sean Chittenden writes:
Keep krb4 in the tree for 7.4, but before 7.4 gets released, the
documentation and release notes need to state that krb4 has been
depreciated and that it will be removed before 7.5. I'll add submit a
patch for the updated verbiage in a bit. -scI object to treating foreign software packages like that. Those who are
interested in Kerberos 4 or even managed to obtain software for it are
intelligent enough to be able to make judgements about it. Kerberos 4 is
nowhere near the likely-to-be-chosen path in PostgreSQL, so there's
nothing we need to be scared about.
True, but it does bloat our distribution. I had to work around its
need for gethostname() while I was coding the Win32 port, so it doesn't
stay around with zero maintance.
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073Sean Chittenden wrote:
auth.c: In function `pg_krb5_recvauth':
auth.c:294: structure has no member named `user'Ooops, my fault --- I didn't build with Kerberos support after
changing those field names.Now that I think about it, there might be similar omissions in the
PAM or Kerberos4 support --- can anyone try those?krb4 code should be removed from PostgreSQL ASAP for various
insecurities in the protocol. It's been removed from FreeBSD, MIT,
and Heimdal's code base and is officially unsupported as of June this
year. -sc
I have added the following to our documentation in the Kerberos section:
<para>
While <productname>PostgreSQL</> supports both Kerberos 4 and
Kerberos 5, only Kerberos 5 is recommended. Kerberos 4 is
considered insecure and no longer recommended for general
use.
</para>
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073auth.c: In function `pg_krb5_recvauth':
auth.c:294: structure has no member named `user'Ooops, my fault --- I didn't build with Kerberos support after
changing those field names.Now that I think about it, there might be similar omissions in the
PAM or Kerberos4 support --- can anyone try those?krb4 code should be removed from PostgreSQL ASAP for various
insecurities in the protocol. It's been removed from FreeBSD, MIT,
and Heimdal's code base and is officially unsupported as of June this
year. -scI have added the following to our documentation in the Kerberos section:
<para>
While <productname>PostgreSQL</> supports both Kerberos 4 and
Kerberos 5, only Kerberos 5 is recommended. Kerberos 4 is
considered insecure and no longer recommended for general
use.
</para>
iirc, we were going to depreciate kerberos 4 in the 7.4 release notes
and remove support for it for 7.5, giving users one full release cycle
to move to krb5.
There any plans to include the appropriate verbiage to allow for krb4's
future deorbit?
-sc
--
Sean Chittenden
Sean Chittenden wrote:
auth.c: In function `pg_krb5_recvauth':
auth.c:294: structure has no member named `user'Ooops, my fault --- I didn't build with Kerberos support after
changing those field names.Now that I think about it, there might be similar omissions in the
PAM or Kerberos4 support --- can anyone try those?krb4 code should be removed from PostgreSQL ASAP for various
insecurities in the protocol. It's been removed from FreeBSD, MIT,
and Heimdal's code base and is officially unsupported as of June this
year. -scI have added the following to our documentation in the Kerberos section:
<para>
While <productname>PostgreSQL</> supports both Kerberos 4 and
Kerberos 5, only Kerberos 5 is recommended. Kerberos 4 is
considered insecure and no longer recommended for general
use.
</para>iirc, we were going to depreciate kerberos 4 in the 7.4 release notes
and remove support for it for 7.5, giving users one full release cycle
to move to krb5.There any plans to include the appropriate verbiage to allow for krb4's
future deorbit?
I don't remember any agreement to remove krb4 in 7.5. Am I wrong?
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
Bruce Momjian wrote:
I don't remember any agreement to remove krb4 in 7.5. Am I wrong?
It needs to go. I thought the question was when, not if.
In that case there seem to be 2 choices - deprecate in 7.4 and remove in
7.5, or deprecate in 7.5 and remove in following release.
I favor the former - supporting insecure and unsupported protocols for
any length of time is a bad idea - put users on notice and give them 1
release cycle to switch.
andrew
Bruce Momjian <pgman@candle.pha.pa.us> writes:
I don't remember any agreement to remove krb4 in 7.5. Am I wrong?
My recollection is we had at least one person still using it, who was
apparently unworried by the security issues.
While I think deprecating krb4 is a good idea, I don't see any need
to remove it. It's not costing us any maintenance effort to leave it
there, is it?
regards, tom lane
I don't remember any agreement to remove krb4 in 7.5. Am I wrong?
My recollection is we had at least one person still using it, who
was apparently unworried by the security issues.
Peter Eisentraut <Pine.LNX.4.44.0305161542510.2224-100000@peter.localdomain>:
As long as people are still using it, I see no reason. Just the other
day someone reported that he was trying to get it to work in his
environment.
Tom Lane <27165.1053097081@sss.pgh.pa.us>:
I wouldn't mind pulling it from 7.5, if the 7.4 docs say we are going
to and no one complains.
While I think deprecating krb4 is a good idea, I don't see any need
to remove it. It's not costing us any maintenance effort to leave
it there, is it?
Bruce Momjian <200306010352.h513qsS05070@candle.pha.pa.us>:
Did we decide we _didn't_ want to remove krb4? Removal seems like a
good idea to me, but I am just checking if the consensus was to keep
it. I think someone said it was OK in a closed environment or
something. Maybe we need to document that it is not recommended.
Bruce Momjian <200306020235.h522Zs320377@candle.pha.pa.us>:
True, but it does bloat our distribution. I had to work around its
need for gethostname() while I was coding the Win32 port, so it
doesn't stay around with zero maintance.
*shrug* It's not possible to upgrade from krb4 to krb5 by running a
simple conversion program, but there is a krb425d daemon that
exchanges krb4 tickets for krb5 tickets which makes upgrading more
less painful. It's not like users of krb4 are left without any
recourse or documentation for getting krb4 to work with PgSQL. MIT
has documented how to do this quite well and has been pushing for this
to happen for at least 3-4 years now.
http://web.mit.edu/kerberos/www/krb5-1.3/krb5-1.3/doc/krb425.html#Introduction
When the BSDs dumped support for krb4 from the base, I don't recall a
single email from someone complaining as almost everyone who uses krb
uses hiemdal or MIT krb5. -sc
--
Sean Chittenden