BUG #18769: ldapscheme is not displayed in pg_hba_file_rules

Started by PG Bug reporting formover 1 year ago8 messagesbugs

noreply@postgresql.org

over 1 year ago

The following bug has been logged on the website:

Bug reference: 18769
Logged by: Laurenz Albe
Email address: laurenz.albe@cybertec.at
PostgreSQL version: 17.2
Operating system: any
Description:

For whatever reason, the "ldapscheme" option was forgotten in the function
pg_hba_file_rules().

Laurenz Albe

laurenz.albe@cybertec.at

over 1 year ago

In reply to: PG Bug reporting form (#1)

Re: BUG #18769: ldapscheme is not displayed in pg_hba_file_rules

On Thu, 2025-01-09 at 09:45 +0000, PG Bug reporting form wrote:

For whatever reason, the "ldapscheme" option was forgotten in the function
pg_hba_file_rules().

Here is a patch to fix the omission.

Yours,
Laurenz Albe

Laurenz Albe

laurenz.albe@cybertec.at

over 1 year ago

In reply to: Laurenz Albe (#2)

Re: BUG #18769: ldapscheme is not displayed in pg_hba_file_rules

On Thu, 2025-01-09 at 10:54 +0100, Laurenz Albe wrote:

On Thu, 2025-01-09 at 09:45 +0000, PG Bug reporting form wrote:

For whatever reason, the "ldapscheme" option was forgotten in the function
pg_hba_file_rules().

Here is a patch to fix the omission.

v2 of the patch has a correct "discussion" URL in the commit message;
otherwise it is unchanged.

Yours,
Laurenz Albe

Daniel Gustafsson

daniel@yesql.se

over 1 year ago

In reply to: Laurenz Albe (#3)

Re: BUG #18769: ldapscheme is not displayed in pg_hba_file_rules

On 9 Jan 2025, at 11:00, Laurenz Albe <laurenz.albe@cybertec.at> wrote:

On Thu, 2025-01-09 at 10:54 +0100, Laurenz Albe wrote:

On Thu, 2025-01-09 at 09:45 +0000, PG Bug reporting form wrote:

For whatever reason, the "ldapscheme" option was forgotten in the function
pg_hba_file_rules().

Here is a patch to fix the omission.

v2 of the patch has a correct "discussion" URL in the commit message;
otherwise it is unchanged.

LGTM.

--
Daniel Gustafsson

Laurenz Albe

laurenz.albe@cybertec.at

over 1 year ago

In reply to: Daniel Gustafsson (#4)

Re: BUG #18769: ldapscheme is not displayed in pg_hba_file_rules

On Thu, 2025-01-09 at 13:09 +0100, Daniel Gustafsson wrote:

On Thu, 2025-01-09 at 10:54 +0100, Laurenz Albe wrote:

On Thu, 2025-01-09 at 09:45 +0000, PG Bug reporting form wrote:

For whatever reason, the "ldapscheme" option was forgotten in the function
pg_hba_file_rules().

Here is a patch to fix the omission.

LGTM.

Do you want to commit it, or should I add it to the next commitfest?

Yours,
Laurenz Albe

Daniel Gustafsson

daniel@yesql.se

over 1 year ago

In reply to: Laurenz Albe (#5)

Re: BUG #18769: ldapscheme is not displayed in pg_hba_file_rules

On 10 Jan 2025, at 09:00, Laurenz Albe <laurenz.albe@cybertec.at> wrote:

On Thu, 2025-01-09 at 13:09 +0100, Daniel Gustafsson wrote:

On Thu, 2025-01-09 at 10:54 +0100, Laurenz Albe wrote:

On Thu, 2025-01-09 at 09:45 +0000, PG Bug reporting form wrote:

For whatever reason, the "ldapscheme" option was forgotten in the function
pg_hba_file_rules().

Here is a patch to fix the omission.

LGTM.

Do you want to commit it, or should I add it to the next commitfest?

I'm planning to do it today, so no need to add it. Thanks!

--
Daniel Gustafsson

Tom Lane

tgl@sss.pgh.pa.us

over 1 year ago

In reply to: Daniel Gustafsson (#6)

Re: BUG #18769: ldapscheme is not displayed in pg_hba_file_rules

Daniel Gustafsson <daniel@yesql.se> writes:

I'm planning to do it today, so no need to add it. Thanks!

Our weekly Coverity run complained about this in all branches:

*** CID 181934: Memory - corruptions (OVERRUN)
/srv/coverity/git/pgsql-git/13stable/src/backend/libpq/hba.c: 2368 in gethba_options()
2362 if (hba->ldapsearchfilter)
2363 options[noptions++] =
2364 CStringGetTextDatum(psprintf("ldapsearchfilter=%s",
2365 hba->ldapsearchfilter));
2366
2367 if (hba->ldapscope)

CID 181934: Memory - corruptions (OVERRUN)
Overrunning array "options" of 14 8-byte elements at element index 14 (byte offset 119) using index "noptions++" (which evaluates to 14).

2368 options[noptions++] =
2369 CStringGetTextDatum(psprintf("ldapscope=%d", hba->ldapscope));
2370 }
2371
2372 if (hba->auth_method == uaRADIUS)
2373 {

Looks like you should have increased MAX_HBA_OPTIONS. The comment
just above that macro needs work too.

regards, tom lane

Daniel Gustafsson

daniel@yesql.se

over 1 year ago

In reply to: Tom Lane (#7)

Re: BUG #18769: ldapscheme is not displayed in pg_hba_file_rules

On 12 Jan 2025, at 16:55, Tom Lane <tgl@sss.pgh.pa.us> wrote:

Daniel Gustafsson <daniel@yesql.se> writes:

I'm planning to do it today, so no need to add it. Thanks!

Our weekly Coverity run complained about this in all branches:

*** CID 181934: Memory - corruptions (OVERRUN)
/srv/coverity/git/pgsql-git/13stable/src/backend/libpq/hba.c: 2368 in gethba_options()
2362 if (hba->ldapsearchfilter)
2363 options[noptions++] =
2364 CStringGetTextDatum(psprintf("ldapsearchfilter=%s",
2365 hba->ldapsearchfilter));
2366
2367 if (hba->ldapscope)

CID 181934: Memory - corruptions (OVERRUN)
Overrunning array "options" of 14 8-byte elements at element index 14 (byte offset 119) using index "noptions++" (which evaluates to 14).

2368 options[noptions++] =
2369 CStringGetTextDatum(psprintf("ldapscope=%d", hba->ldapscope));
2370 }
2371
2372 if (hba->auth_method == uaRADIUS)
2373 {

Looks like you should have increased MAX_HBA_OPTIONS. The comment
just above that macro needs work too.

Ugh, I missed that when reading over the function. Thanks for the report, I'll
get it fixed tonight.

--
Daniel Gustafsson

BUG #18769: ldapscheme is not displayed in pg_hba_file_rules

Attachments:

Attachments: