compile failure on cvs tip --with-krb5
This change (I'm sure this will wrap poorly -- sorry):
http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/include/libpq/pqcomm.h.diff?r1=1.85&r2=1.86
modified SockAddr, but no corresponding change was made here
(fe-auth.c:612):
case AUTH_REQ_KRB5:
#ifdef KRB5
if (pg_krb5_sendauth(PQerrormsg, conn->sock, &conn->laddr.in,
&conn->raddr.in,
hostname) != STATUS_OK)
It's not obvious to me what the change ought to be though.
Joe
On Fri, Jun 20, 2003 at 07:48:02PM -0700, Joe Conway wrote:
This change (I'm sure this will wrap poorly -- sorry):
http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/include/libpq/pqcomm.h.diff?r1=1.85&r2=1.86modified SockAddr, but no corresponding change was made here
(fe-auth.c:612):case AUTH_REQ_KRB5:
#ifdef KRB5
if (pg_krb5_sendauth(PQerrormsg, conn->sock, &conn->laddr.in,
&conn->raddr.in,
hostname) != STATUS_OK)It's not obvious to me what the change ought to be though.
Please try the attached patch.
I'll try to change kerberos 4 later if I can find some
documentation about it. Especially the krb_sendauth() function.
Does Kerberos 4 support other protocols than ipv4?
Kurt
Attachments:
krb5.difftext/plain; charset=us-asciiDownload
Index: ./src/interfaces/libpq/fe-auth.c
===================================================================
RCS file: /projects/cvsroot/pgsql-server/src/interfaces/libpq/fe-auth.c,v
retrieving revision 1.80
diff -u -r1.80 fe-auth.c
--- ./src/interfaces/libpq/fe-auth.c 14 Jun 2003 17:49:53 -0000 1.80
+++ ./src/interfaces/libpq/fe-auth.c 21 Jun 2003 10:45:53 -0000
@@ -357,10 +357,7 @@
* the server
*/
static int
-pg_krb5_sendauth(char *PQerrormsg, int sock,
- struct sockaddr_in * laddr,
- struct sockaddr_in * raddr,
- const char *hostname)
+pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname)
{
krb5_error_code retval;
int ret;
@@ -611,9 +608,8 @@
case AUTH_REQ_KRB5:
#ifdef KRB5
- if (pg_krb5_sendauth(PQerrormsg, conn->sock, &conn->laddr.in,
- &conn->raddr.in,
- hostname) != STATUS_OK)
+ if (pg_krb5_sendauth(PQerrormsg, conn->sock,
+ hostname) != STATUS_OK)
{
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
libpq_gettext("Kerberos 5 authentication failed\n"));
On Fri, Jun 20, 2003 at 07:48:02PM -0700, Joe Conway wrote:
This change (I'm sure this will wrap poorly -- sorry):
http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/include/libpq/pqcomm.h.diff?r1=1.85&r2=1.86modified SockAddr, but no corresponding change was made here
(fe-auth.c:612):case AUTH_REQ_KRB5:
#ifdef KRB5
if (pg_krb5_sendauth(PQerrormsg, conn->sock, &conn->laddr.in,
&conn->raddr.in,
hostname) != STATUS_OK)It's not obvious to me what the change ought to be though.
This patch should hopefully fix both kerberos 4 and 5.
Kurt
Attachments:
kerberos.difftext/plain; charset=us-asciiDownload
Index: src/backend/libpq/auth.c
===================================================================
RCS file: /projects/cvsroot/pgsql-server/src/backend/libpq/auth.c,v
retrieving revision 1.102
diff -u -r1.102 auth.c
--- src/backend/libpq/auth.c 12 Jun 2003 07:36:51 -0000 1.102
+++ src/backend/libpq/auth.c 21 Jun 2003 15:02:06 -0000
@@ -430,6 +430,13 @@
}
case uaKrb4:
+ /* Kerberos 4 only seems to work with AF_INET. */
+ if (port->raddr.addr.ss_family != AF_INET
+ || port->laddr.addr.ss_family != AF_INET)
+ {
+ elog(FATAL,
+ "Unsupported protocol for Kerberos 4");
+ }
sendAuthRequest(port, AUTH_REQ_KRB4);
status = pg_krb4_recvauth(port);
break;
Index: src/interfaces/libpq/fe-auth.c
===================================================================
RCS file: /projects/cvsroot/pgsql-server/src/interfaces/libpq/fe-auth.c,v
retrieving revision 1.80
diff -u -r1.80 fe-auth.c
--- src/interfaces/libpq/fe-auth.c 14 Jun 2003 17:49:53 -0000 1.80
+++ src/interfaces/libpq/fe-auth.c 21 Jun 2003 15:02:08 -0000
@@ -357,10 +357,7 @@
* the server
*/
static int
-pg_krb5_sendauth(char *PQerrormsg, int sock,
- struct sockaddr_in * laddr,
- struct sockaddr_in * raddr,
- const char *hostname)
+pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname)
{
krb5_error_code retval;
int ret;
@@ -594,9 +591,10 @@
case AUTH_REQ_KRB4:
#ifdef KRB4
- if (pg_krb4_sendauth(PQerrormsg, conn->sock, &conn->laddr.in,
- &conn->raddr.in,
- hostname) != STATUS_OK)
+ if (pg_krb4_sendauth(PQerrormsg, conn->sock,
+ (struct sockaddr_in *)&conn->laddr.addr,
+ (struct sockaddr_in *)&conn->raddr.addr,
+ hostname) != STATUS_OK)
{
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
libpq_gettext("Kerberos 4 authentication failed\n"));
@@ -611,9 +609,8 @@
case AUTH_REQ_KRB5:
#ifdef KRB5
- if (pg_krb5_sendauth(PQerrormsg, conn->sock, &conn->laddr.in,
- &conn->raddr.in,
- hostname) != STATUS_OK)
+ if (pg_krb5_sendauth(PQerrormsg, conn->sock,
+ hostname) != STATUS_OK)
{
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
libpq_gettext("Kerberos 5 authentication failed\n"));
Kurt Roeckx wrote:
This patch should hopefully fix both kerberos 4 and 5.
Thanks, the patch fixes the compile issue for me.
Disclaimer: I can't vouch for krb4 at all. And, although I compile
support for krb5, I do that to find build problems, not because I use
krb5. So I can't really speak to the correctness of the fix.
Joe
This change (I'm sure this will wrap poorly -- sorry):
http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/include/libpq/pqcomm.h.diff?r1=1.85&r2=1.86modified SockAddr, but no corresponding change was made here
(fe-auth.c:612):case AUTH_REQ_KRB5:
#ifdef KRB5
if (pg_krb5_sendauth(PQerrormsg, conn->sock, &conn->laddr.in,
&conn->raddr.in,
hostname) != STATUS_OK)It's not obvious to me what the change ought to be though.
Please try the attached patch.
I'll try to change kerberos 4 later if I can find some
documentation about it. Especially the krb_sendauth() function.Does Kerberos 4 support other protocols than ipv4?
Not that I'm aware of. -sc
--
Sean Chittenden
Your patch has been added to the PostgreSQL unapplied patches list at:
http://momjian.postgresql.org/cgi-bin/pgpatches
I will try to apply it within the next 48 hours.
---------------------------------------------------------------------------
Kurt Roeckx wrote:
On Fri, Jun 20, 2003 at 07:48:02PM -0700, Joe Conway wrote:
This change (I'm sure this will wrap poorly -- sorry):
http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/include/libpq/pqcomm.h.diff?r1=1.85&r2=1.86modified SockAddr, but no corresponding change was made here
(fe-auth.c:612):case AUTH_REQ_KRB5:
#ifdef KRB5
if (pg_krb5_sendauth(PQerrormsg, conn->sock, &conn->laddr.in,
&conn->raddr.in,
hostname) != STATUS_OK)It's not obvious to me what the change ought to be though.
This patch should hopefully fix both kerberos 4 and 5.
Kurt
[ Attachment, skipping... ]
---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073Patch applied. Thanks.
---------------------------------------------------------------------------
Kurt Roeckx wrote:
On Fri, Jun 20, 2003 at 07:48:02PM -0700, Joe Conway wrote:
This change (I'm sure this will wrap poorly -- sorry):
http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/include/libpq/pqcomm.h.diff?r1=1.85&r2=1.86modified SockAddr, but no corresponding change was made here
(fe-auth.c:612):case AUTH_REQ_KRB5:
#ifdef KRB5
if (pg_krb5_sendauth(PQerrormsg, conn->sock, &conn->laddr.in,
&conn->raddr.in,
hostname) != STATUS_OK)It's not obvious to me what the change ought to be though.
This patch should hopefully fix both kerberos 4 and 5.
Kurt
[ Attachment, skipping... ]
---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?
--
Bruce Momjian | http://candle.pha.pa.us
pgman@candle.pha.pa.us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073