krb_server_keyfile setting doesn't work on Windows
Hi,
As far as I tested, the krb_server_keyfile setting
in postgres.conf doesn't work on Windows.
Because gssapi32.dll(krb5_32.dll) seems to call
getenv("KRB5_KTNAME") in msvcr71, postgres.exe
should call putenv("KRB5_KTNAME=...") in msvcr71.
The attached patch fixes the problem in my test
case.
regards,
Hiroshi Inoue
Attachments:
auth.patchtext/plain; name=auth.patchDownload
Index: auth.c
===================================================================
RCS file: /projects/cvsroot/pgsql/src/backend/libpq/auth.c,v
retrieving revision 1.188
diff -c -r1.188 auth.c
*** auth.c 12 Dec 2009 21:35:21 -0000 1.188
--- auth.c 30 Dec 2009 15:03:51 -0000
***************
*** 877,882 ****
--- 877,905 ----
errdetail("%s: %s", msg_major, msg_minor)));
}
+ #ifdef WIN32
+ static void
+ msvc_krb5_ktname(const char *kt_path)
+ {
+ typedef int (_cdecl * PUTENVPROC) (const char *);
+ const char *msvcrdll = "msvcr71";
+ static bool initialized = false;
+ HMODULE hmodule;
+ static PUTENVPROC putenvFunc = NULL;
+
+ if (initialized)
+ {
+ if (!putenvFunc)
+ return;
+ }
+ else if (hmodule = GetModuleHandle(msvcrdll), hmodule != NULL)
+ putenvFunc = (PUTENVPROC) GetProcAddress(hmodule, "_putenv");
+ initialized = true;
+ if (putenvFunc != NULL)
+ putenvFunc(kt_path);
+ }
+ #endif /* WIN32 */
+
static int
pg_GSS_recvauth(Port *port)
{
***************
*** 923,928 ****
--- 946,954 ----
return STATUS_ERROR;
}
snprintf(kt_path, kt_len, "KRB5_KTNAME=%s", pg_krb_server_keyfile);
+ #ifdef WIN32
+ msvc_krb5_ktname(kt_path);
+ #endif /* WIN32 */
putenv(kt_path);
}
}
Hiroshi Inoue <inoue@tpf.co.jp> writes:
Because gssapi32.dll(krb5_32.dll) seems to call
getenv("KRB5_KTNAME") in msvcr71, postgres.exe
should call putenv("KRB5_KTNAME=...") in msvcr71.
The attached patch fixes the problem in my test
case.
Don't we already have something like that in our src/port putenv
substitute?
regards, tom lane
2009/12/30 Hiroshi Inoue <inoue@tpf.co.jp>:
Hi,
As far as I tested, the krb_server_keyfile setting
in postgres.conf doesn't work on Windows.Because gssapi32.dll(krb5_32.dll) seems to call
getenv("KRB5_KTNAME") in msvcr71, postgres.exe
should call putenv("KRB5_KTNAME=...") in msvcr71.
The attached patch fixes the problem in my test
case.
Isn't the main backend linked with msvcr71.dll anyway? Then the
regular putenv should put it in th eenv of msvcr71.dll, and the stuff
that's wrapped through src/port/win32env.c will put it in the regular
msvcr file.
I wonder if you're possibly being hit with the bug I patched the other
day, but didn't backpatch.
(http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=f8bcd7220b1166f7c037ceaf0a53958cbc6a7630).
Can you see if that fix solves your problem as well? (Either directly
or by testing HEAD)
If not, the fix should still go in win32env.c, not directly in auth.c
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
Tom Lane wrote:
Hiroshi Inoue <inoue@tpf.co.jp> writes:
Because gssapi32.dll(krb5_32.dll) seems to call
getenv("KRB5_KTNAME") in msvcr71, postgres.exe
should call putenv("KRB5_KTNAME=...") in msvcr71.
The attached patch fixes the problem in my test
case.Don't we already have something like that in our src/port putenv
substitute?
Yes, pgwin32_putenv() calls putenv() in msvcrt which libintl
or other MINGW dlls use. I'm not sure if it's appropriate to
add msvcr71's putenv call to pgwin32_putenv() (src/port/win32env.c).
regards,
Hiroshi Inoue
Magnus Hagander wrote:
2009/12/30 Hiroshi Inoue <inoue@tpf.co.jp>:
Hi,
As far as I tested, the krb_server_keyfile setting
in postgres.conf doesn't work on Windows.Because gssapi32.dll(krb5_32.dll) seems to call
getenv("KRB5_KTNAME") in msvcr71, postgres.exe
should call putenv("KRB5_KTNAME=...") in msvcr71.
The attached patch fixes the problem in my test
case.Isn't the main backend linked with msvcr71.dll anyway?
What main backend directly links is msvcr80 or msvcr90
according to the msvc build environment.
Then the
regular putenv should put it in th eenv of msvcr71.dll, and the stuff
that's wrapped through src/port/win32env.c will put it in the regular
msvcr file.I wonder if you're possibly being hit with the bug I patched the other
day, but didn't backpatch.
(http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=f8bcd7220b1166f7c037ceaf0a53958cbc6a7630).Can you see if that fix solves your problem as well? (Either directly
or by testing HEAD)
I'm testing using the current cvs.
If not, the fix should still go in win32env.c, not directly in auth.c
I don't object to it. Possibly we would have to add msvcr80 or
msvcr90 as well in the future.
regards,
Hiroshi Inoue
2009/12/31 Hiroshi Inoue <inoue@tpf.co.jp>:
Magnus Hagander wrote:
2009/12/30 Hiroshi Inoue <inoue@tpf.co.jp>:
Hi,
As far as I tested, the krb_server_keyfile setting
in postgres.conf doesn't work on Windows.Because gssapi32.dll(krb5_32.dll) seems to call
getenv("KRB5_KTNAME") in msvcr71, postgres.exe
should call putenv("KRB5_KTNAME=...") in msvcr71.
The attached patch fixes the problem in my test
case.Isn't the main backend linked with msvcr71.dll anyway?
What main backend directly links is msvcr80 or msvcr90
according to the msvc build environment.
Arrgh. My bad, I thought msvcr71 was vs2005. Now that you put it like
this, I know it's vs2003.
Then the
regular putenv should put it in th eenv of msvcr71.dll, and the stuff
that's wrapped through src/port/win32env.c will put it in the regular
msvcr file.I wonder if you're possibly being hit with the bug I patched the other
day, but didn't backpatch.
(http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=f8bcd7220b1166f7c037ceaf0a53958cbc6a7630).Can you see if that fix solves your problem as well? (Either directly
or by testing HEAD)I'm testing using the current cvs.
If not, the fix should still go in win32env.c, not directly in auth.c
I don't object to it. Possibly we would have to add msvcr80 or
msvcr90 as well in the future.
To be safe, yes, we should have that. Do you want to work on such a
complete solution, or should I look at it?
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
On Thu, Dec 31, 2009 at 00:57, Magnus Hagander <magnus@hagander.net> wrote:
2009/12/31 Hiroshi Inoue <inoue@tpf.co.jp>:
Magnus Hagander wrote:
2009/12/30 Hiroshi Inoue <inoue@tpf.co.jp>:
Hi,
As far as I tested, the krb_server_keyfile setting
in postgres.conf doesn't work on Windows.Because gssapi32.dll(krb5_32.dll) seems to call
getenv("KRB5_KTNAME") in msvcr71, postgres.exe
should call putenv("KRB5_KTNAME=...") in msvcr71.
The attached patch fixes the problem in my test
case.Isn't the main backend linked with msvcr71.dll anyway?
What main backend directly links is msvcr80 or msvcr90
according to the msvc build environment.Arrgh. My bad, I thought msvcr71 was vs2005. Now that you put it like
this, I know it's vs2003.Then the
regular putenv should put it in th eenv of msvcr71.dll, and the stuff
that's wrapped through src/port/win32env.c will put it in the regular
msvcr file.I wonder if you're possibly being hit with the bug I patched the other
day, but didn't backpatch.
(http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=f8bcd7220b1166f7c037ceaf0a53958cbc6a7630).Can you see if that fix solves your problem as well? (Either directly
or by testing HEAD)I'm testing using the current cvs.
If not, the fix should still go in win32env.c, not directly in auth.c
I don't object to it. Possibly we would have to add msvcr80 or
msvcr90 as well in the future.To be safe, yes, we should have that. Do you want to work on such a
complete solution, or should I look at it?
Mail to you seem not to be properly delivered atm :-( Hopefully you
can read this through the list.
I've applied a patch that should fix this problem, by always updating
*all* available msvcrt libraries. Please check that it solves your
problem as well.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
Magnus Hagander wrote:
On Thu, Dec 31, 2009 at 00:57, Magnus Hagander <magnus@hagander.net> wrote:
2009/12/31 Hiroshi Inoue <inoue@tpf.co.jp>:
Magnus Hagander wrote:
2009/12/30 Hiroshi Inoue <inoue@tpf.co.jp>:
Hi,
As far as I tested, the krb_server_keyfile setting
in postgres.conf doesn't work on Windows.Because gssapi32.dll(krb5_32.dll) seems to call
getenv("KRB5_KTNAME") in msvcr71, postgres.exe
should call putenv("KRB5_KTNAME=...") in msvcr71.
The attached patch fixes the problem in my test
case.Isn't the main backend linked with msvcr71.dll anyway?
What main backend directly links is msvcr80 or msvcr90
according to the msvc build environment.Arrgh. My bad, I thought msvcr71 was vs2005. Now that you put it like
this, I know it's vs2003.Then the
regular putenv should put it in th eenv of msvcr71.dll, and the stuff
that's wrapped through src/port/win32env.c will put it in the regular
msvcr file.I wonder if you're possibly being hit with the bug I patched the other
day, but didn't backpatch.
(http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=f8bcd7220b1166f7c037ceaf0a53958cbc6a7630).Can you see if that fix solves your problem as well? (Either directly
or by testing HEAD)I'm testing using the current cvs.
If not, the fix should still go in win32env.c, not directly in auth.c
I don't object to it. Possibly we would have to add msvcr80 or
msvcr90 as well in the future.To be safe, yes, we should have that. Do you want to work on such a
complete solution, or should I look at it?Mail to you seem not to be properly delivered atm :-( Hopefully you
can read this through the list.
Sorry for the delay - I've been on new year holiday in Japan.
I've applied a patch that should fix this problem, by always updating
*all* available msvcrt libraries. Please check that it solves your
problem as well.
I checked the behavior using the current cvs and it works well.
Thanks.
regards,
Hiroshi Inoue