pgsql: Fix headerscheck failure in replication/worker_internal.h
Fix headerscheck failure in replication/worker_internal.h
Broken by 31c389d8de91
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/ad26ee28250c4cd357a7420161a2be321c3dd536
Modified Files
--------------
src/include/replication/worker_internal.h | 1 +
1 file changed, 1 insertion(+)
On 2021-Nov-16, Alvaro Herrera wrote:
Fix headerscheck failure in replication/worker_internal.h
The other failure is in src/include/libpq/be-gssapi-common.h:
In file included from /tmp/headerscheck.a6f0um/test.c:2:
./src/include/libpq/be-gssapi-common.h:20:10: fatal error: gssapi/gssapi.h: No existe el fichero o el directorio
20 | #include <gssapi/gssapi.h>
| ^~~~~~~~~~~~~~~~~
compilation terminated.
One possible solution for this one is to add an exclusion in
headerscheck (and cpluspluscheck?); the other possible solution seems to
be to wrap the whole contents of the file in "#ifdef ENABLE_GSS". I
think the latter is roughly the approach used for OpenSSL inclusions.
--
Álvaro Herrera 39°49'30"S 73°17'W — https://www.EnterpriseDB.com/
Greetings,
* Alvaro Herrera (alvherre@alvh.no-ip.org) wrote:
On 2021-Nov-16, Alvaro Herrera wrote:
Fix headerscheck failure in replication/worker_internal.h
The other failure is in src/include/libpq/be-gssapi-common.h:
In file included from /tmp/headerscheck.a6f0um/test.c:2:
./src/include/libpq/be-gssapi-common.h:20:10: fatal error: gssapi/gssapi.h: No existe el fichero o el directorio
20 | #include <gssapi/gssapi.h>
| ^~~~~~~~~~~~~~~~~
compilation terminated.One possible solution for this one is to add an exclusion in
headerscheck (and cpluspluscheck?); the other possible solution seems to
be to wrap the whole contents of the file in "#ifdef ENABLE_GSS". I
think the latter is roughly the approach used for OpenSSL inclusions.
Short answer is yes, inclusion of be-gssapi-common.h is typically
wrapped in a #ifdef, see src/backend/libpq/auth.c
Thanks,
Stephen
On 2021-Nov-16, Stephen Frost wrote:
Short answer is yes, inclusion of be-gssapi-common.h is typically
wrapped in a #ifdef, see src/backend/libpq/auth.c
It'd be as in the attached, then.
--
Álvaro Herrera PostgreSQL Developer — https://www.EnterpriseDB.com/
Attachments:
0001-Harden-gssapi.h-inclusion-for-headerscheck.patchtext/x-diff; charset=utf-8Download
From db4a303a8a7c0c1422c974b70c06f2776670216a Mon Sep 17 00:00:00 2001
From: Alvaro Herrera <alvherre@alvh.no-ip.org>
Date: Tue, 16 Nov 2021 13:40:27 -0300
Subject: [PATCH] Harden gssapi.h inclusion for headerscheck
If the file is not in any of these places, headerscheck warns about the
inclusion.
---
src/include/libpq/be-gssapi-common.h | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/include/libpq/be-gssapi-common.h b/src/include/libpq/be-gssapi-common.h
index c07d7e7c5a..c2215f6ce7 100644
--- a/src/include/libpq/be-gssapi-common.h
+++ b/src/include/libpq/be-gssapi-common.h
@@ -14,6 +14,8 @@
#ifndef BE_GSSAPI_COMMON_H
#define BE_GSSAPI_COMMON_H
+#ifdef ENABLE_GSS
+
#if defined(HAVE_GSSAPI_H)
#include <gssapi.h>
#else
@@ -23,4 +25,6 @@
extern void pg_GSS_error(const char *errmsg,
OM_uint32 maj_stat, OM_uint32 min_stat);
+#endif /* ENABLE_GSS */
+
#endif /* BE_GSSAPI_COMMON_H */
--
2.30.2
Greetings,
On Tue, Nov 16, 2021 at 12:33 Alvaro Herrera <alvherre@alvh.no-ip.org>
wrote:
On 2021-Nov-16, Stephen Frost wrote:
Short answer is yes, inclusion of be-gssapi-common.h is typically
wrapped in a #ifdef, see src/backend/libpq/auth.cIt'd be as in the attached, then.
I’ve not looked at this very closely but no, normally it’s the inclusion of
be-gssapi-common.h that’s wrapped in the ifdef, not the contents of it,
again, see auth.c
Not against possibly changing that but I don’t get the point of including
be-gssapi-common.h if it’s not enabled in the build and typically if GSSAPI
is possible and the reason for including be-gssapi-common.h then there’s
other things that need to be under a ifdef, again, as in auth.c
If there isn’t any need to be-gssapi-common.h then maybe just drop that
include instead of adding an ifdef..?
Thanks,
Stephen
Show quoted text
On 2021-Nov-16, Stephen Frost wrote:
I’ve not looked at this very closely but no, normally it’s the inclusion of
be-gssapi-common.h that’s wrapped in the ifdef, not the contents of it,
again, see auth.c
I don't think you read my original post very carefully. I'm talking
about sanitizing the output of the headerscheck script.
--
Álvaro Herrera 39°49'30"S 73°17'W — https://www.EnterpriseDB.com/
"Java is clearly an example of money oriented programming" (A. Stepanov)
On 2021-Nov-16, Stephen Frost wrote:
Not against possibly changing that but I don’t get the point of including
be-gssapi-common.h if it’s not enabled in the build and typically if GSSAPI
is possible and the reason for including be-gssapi-common.h then there’s
other things that need to be under a ifdef, again, as in auth.c
BTW, this is exactly why my first suggestion was to add an exclusion
rule to headerscheck so that be-gssapi-common.h is not verified by that
script. After re-reading your response, that looks like a reasonable
answer too.
--
Álvaro Herrera Valdivia, Chile — https://www.EnterpriseDB.com/
Greetings,
On Tue, Nov 16, 2021 at 13:16 Alvaro Herrera <alvherre@alvh.no-ip.org>
wrote:
On 2021-Nov-16, Stephen Frost wrote:
Not against possibly changing that but I don’t get the point of including
be-gssapi-common.h if it’s not enabled in the build and typically ifGSSAPI
is possible and the reason for including be-gssapi-common.h then there’s
other things that need to be under a ifdef, again, as in auth.cBTW, this is exactly why my first suggestion was to add an exclusion
rule to headerscheck so that be-gssapi-common.h is not verified by that
script. After re-reading your response, that looks like a reasonable
answer too.
Yeah, that seems better to me, though I’ve not yet had time to look deeply
into any of this.
Thanks,
Stephen
Show quoted text
Alvaro Herrera <alvherre@alvh.no-ip.org> writes:
On 2021-Nov-16, Stephen Frost wrote:
Not against possibly changing that but I don’t get the point of including
be-gssapi-common.h if it’s not enabled in the build and typically if GSSAPI
is possible and the reason for including be-gssapi-common.h then there’s
other things that need to be under a ifdef, again, as in auth.c
BTW, this is exactly why my first suggestion was to add an exclusion
rule to headerscheck so that be-gssapi-common.h is not verified by that
script. After re-reading your response, that looks like a reasonable
answer too.
I think adding #ifdef ENABLE_GSS as per your prior message is better.
Headers have little business making assumptions about the context in
which they're included --- which is exactly why headerscheck exists ---
so I disagree with Stephen's argument. In any case I am not in favor of
making random exclusions from that script's testing.
regards, tom lane
Greetings,
On Tue, Nov 16, 2021 at 15:12 Tom Lane <tgl@sss.pgh.pa.us> wrote:
Alvaro Herrera <alvherre@alvh.no-ip.org> writes:
On 2021-Nov-16, Stephen Frost wrote:
Not against possibly changing that but I don’t get the point of
including
be-gssapi-common.h if it’s not enabled in the build and typically if
GSSAPI
is possible and the reason for including be-gssapi-common.h then there’s
other things that need to be under a ifdef, again, as in auth.cBTW, this is exactly why my first suggestion was to add an exclusion
rule to headerscheck so that be-gssapi-common.h is not verified by that
script. After re-reading your response, that looks like a reasonable
answer too.I think adding #ifdef ENABLE_GSS as per your prior message is better.
Headers have little business making assumptions about the context in
which they're included --- which is exactly why headerscheck exists ---
so I disagree with Stephen's argument. In any case I am not in favor of
making random exclusions from that script's testing.
I don’t feel all that strongly either way, so if you’d rather have it that
way then that’s fine. Will still need the other ifdefs too anyway though,
but I guess it isn’t that big of a deal.
Thanks,
Stephen