Re: [HACKERS] [BUG] SSPI authentication fails on Windows when server parameter is localhost or domain name
Hi, My apologies for a very late reply. I agree the fix you applied is a better one. I have verified the fix by testing the 'postgresql-9.1.1-1-windows-x64' installer. Thank you. On Thu, Jul 14, 2011 at 7:23 PM, Magnus Hagander mag...@hagander.netwrote: On Wed, Jun 15, 2011 at 10:53, Ahmed Shinwari ahmed.shinw...@gmail.com wrote: Hi All, I faced a bug on Windows while connecting via SSPI authentication. I was able to find the bug and have attached the patch. Details listed below; Postgres Installer: Version 9.0.4 OS: Windows Server 2008 R2/Windows 7 big snip Thanks - great analysis! However, I think there is a better fix for this - simply moving a } one line. In particular, I'm concerned about passing the same pointer both as input and output to the function - I couldn't find anything in the documentation saying this was safe (nor did I find anything saying it's unsafe, but.) Especially since this code clearly behaves different on different versions - I've been completely unable to reproduce this on any of my test machines, but they are all Windows Server 2003. So - attached is a new version of the patch, how does this look to you? FYI, I've had Thom test this new version and it does appear to work fine in his scenario. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers -- Ahmed Shinwari EnterpriseDB Corporation : www.enterprisedb.com The Enterprise Postgres Company
Re: [HACKERS] [BUG] SSPI authentication fails on Windows when server parameter is localhost or domain name
On Wed, Jun 15, 2011 at 10:53, Ahmed Shinwari ahmed.shinw...@gmail.com wrote:
Hi All,
I faced a bug on Windows while connecting via SSPI authentication. I was
able to find the bug and have attached the patch. Details listed below;
Postgres Installer: Version 9.0.4
OS: Windows Server 2008 R2/Windows 7
big snip
Thanks - great analysis!
However, I think there is a better fix for this - simply moving a }
one line. In particular, I'm concerned about passing the same pointer
both as input and output to the function - I couldn't find anything in
the documentation saying this was safe (nor did I find anything saying
it's unsafe, but.) Especially since this code clearly behaves
different on different versions - I've been completely unable to
reproduce this on any of my test machines, but they are all Windows
Server 2003.
So - attached is a new version of the patch, how does this look to
you? FYI, I've had Thom test this new version and it does appear to
work fine in his scenario.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 7799111..936cfea 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -1349,16 +1349,22 @@ pg_SSPI_recvauth(Port *port)
_(could not accept SSPI security context), r);
}
+ /*
+ * Overwrite the current context with the one we just received.
+ * If sspictx is NULL it was the first loop and we need to allocate
+ * a buffer for it. On subsequent runs, we can just overwrite the
+ * buffer contents since the size does not change.
+ */
if (sspictx == NULL)
{
sspictx = malloc(sizeof(CtxtHandle));
if (sspictx == NULL)
ereport(ERROR,
(errmsg(out of memory)));
-
- memcpy(sspictx, newctx, sizeof(CtxtHandle));
}
+ memcpy(sspictx, newctx, sizeof(CtxtHandle));
+
if (r == SEC_I_CONTINUE_NEEDED)
elog(DEBUG4, SSPI continue needed);
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] [BUG] SSPI authentication fails on Windows when server parameter is localhost or domain name
On Fri, Jun 17, 2011 at 6:32 AM, Thom Brown t...@linux.com wrote:
On 15 June 2011 12:16, Dave Page dp...@pgadmin.org wrote:
On Wed, Jun 15, 2011 at 10:53 AM, Ahmed Shinwari
ahmed.shinw...@gmail.com wrote:
Hi All,
I faced a bug on Windows while connecting via SSPI authentication. I was
able to find the bug and have attached the patch. Details listed below;
Postgres Installer: Version 9.0.4
OS: Windows Server 2008 R2/Windows 7
Bug Description:
=
If database Server is running on Windows ('Server 2008 R2' or 'Windows 7')
with authentication mode SSPI and one try to connect from the same machine
via 'psql' with server parameter as 'localhost' or 'fully qualified domain
name', the database throws error;
I've been able to reproduce this issue, and the patch does indeed fix
it. One of our customers has also confirmed it fixed it for them.
I can confirm this affects versions back to 8.3.
Seems like we'd better try to get this committed before the next set
of minor releases (and ideally also before 9.1beta3).
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] [BUG] SSPI authentication fails on Windows when server parameter is localhost or domain name
On 15 June 2011 12:16, Dave Page dp...@pgadmin.org wrote:
On Wed, Jun 15, 2011 at 10:53 AM, Ahmed Shinwari
ahmed.shinw...@gmail.com wrote:
Hi All,
I faced a bug on Windows while connecting via SSPI authentication. I was
able to find the bug and have attached the patch. Details listed below;
Postgres Installer: Version 9.0.4
OS: Windows Server 2008 R2/Windows 7
Bug Description:
=
If database Server is running on Windows ('Server 2008 R2' or 'Windows 7')
with authentication mode SSPI and one try to connect from the same machine
via 'psql' with server parameter as 'localhost' or 'fully qualified domain
name', the database throws error;
I've been able to reproduce this issue, and the patch does indeed fix
it. One of our customers has also confirmed it fixed it for them.
I can confirm this affects versions back to 8.3.
--
Thom Brown
Twitter: @darkixion
IRC (freenode): dark_ixion
Registered Linux user: #516935
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] [BUG] SSPI authentication fails on Windows when server parameter is localhost or domain name
On Wed, Jun 15, 2011 at 10:53 AM, Ahmed Shinwari
ahmed.shinw...@gmail.com wrote:
Hi All,
I faced a bug on Windows while connecting via SSPI authentication. I was
able to find the bug and have attached the patch. Details listed below;
Postgres Installer: Version 9.0.4
OS: Windows Server 2008 R2/Windows 7
Bug Description:
=
If database Server is running on Windows ('Server 2008 R2' or 'Windows 7')
with authentication mode SSPI and one try to connect from the same machine
via 'psql' with server parameter as 'localhost' or 'fully qualified domain
name', the database throws error;
I've been able to reproduce this issue, and the patch does indeed fix
it. One of our customers has also confirmed it fixed it for them.
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
