Re: [HACKERS] [BUG] SSPI authentication fails on Windows when server parameter is localhost or domain name
Hi, My apologies for a very late reply. I agree the fix you applied is a better one. I have verified the fix by testing the 'postgresql-9.1.1-1-windows-x64' installer. Thank you. On Thu, Jul 14, 2011 at 7:23 PM, Magnus Hagander mag...@hagander.netwrote: On Wed, Jun 15, 2011 at 10:53, Ahmed Shinwari ahmed.shinw...@gmail.com wrote: Hi All, I faced a bug on Windows while connecting via SSPI authentication. I was able to find the bug and have attached the patch. Details listed below; Postgres Installer: Version 9.0.4 OS: Windows Server 2008 R2/Windows 7 big snip Thanks - great analysis! However, I think there is a better fix for this - simply moving a } one line. In particular, I'm concerned about passing the same pointer both as input and output to the function - I couldn't find anything in the documentation saying this was safe (nor did I find anything saying it's unsafe, but.) Especially since this code clearly behaves different on different versions - I've been completely unable to reproduce this on any of my test machines, but they are all Windows Server 2003. So - attached is a new version of the patch, how does this look to you? FYI, I've had Thom test this new version and it does appear to work fine in his scenario. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers -- Ahmed Shinwari EnterpriseDB Corporation : www.enterprisedb.com The Enterprise Postgres Company
Re: [HACKERS] [BUG] SSPI authentication fails on Windows when server parameter is localhost or domain name
On Wed, Jun 15, 2011 at 10:53, Ahmed Shinwari ahmed.shinw...@gmail.com wrote: Hi All, I faced a bug on Windows while connecting via SSPI authentication. I was able to find the bug and have attached the patch. Details listed below; Postgres Installer: Version 9.0.4 OS: Windows Server 2008 R2/Windows 7 big snip Thanks - great analysis! However, I think there is a better fix for this - simply moving a } one line. In particular, I'm concerned about passing the same pointer both as input and output to the function - I couldn't find anything in the documentation saying this was safe (nor did I find anything saying it's unsafe, but.) Especially since this code clearly behaves different on different versions - I've been completely unable to reproduce this on any of my test machines, but they are all Windows Server 2003. So - attached is a new version of the patch, how does this look to you? FYI, I've had Thom test this new version and it does appear to work fine in his scenario. -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 7799111..936cfea 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -1349,16 +1349,22 @@ pg_SSPI_recvauth(Port *port) _(could not accept SSPI security context), r); } + /* + * Overwrite the current context with the one we just received. + * If sspictx is NULL it was the first loop and we need to allocate + * a buffer for it. On subsequent runs, we can just overwrite the + * buffer contents since the size does not change. + */ if (sspictx == NULL) { sspictx = malloc(sizeof(CtxtHandle)); if (sspictx == NULL) ereport(ERROR, (errmsg(out of memory))); - - memcpy(sspictx, newctx, sizeof(CtxtHandle)); } + memcpy(sspictx, newctx, sizeof(CtxtHandle)); + if (r == SEC_I_CONTINUE_NEEDED) elog(DEBUG4, SSPI continue needed); -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] [BUG] SSPI authentication fails on Windows when server parameter is localhost or domain name
On Fri, Jun 17, 2011 at 6:32 AM, Thom Brown t...@linux.com wrote: On 15 June 2011 12:16, Dave Page dp...@pgadmin.org wrote: On Wed, Jun 15, 2011 at 10:53 AM, Ahmed Shinwari ahmed.shinw...@gmail.com wrote: Hi All, I faced a bug on Windows while connecting via SSPI authentication. I was able to find the bug and have attached the patch. Details listed below; Postgres Installer: Version 9.0.4 OS: Windows Server 2008 R2/Windows 7 Bug Description: = If database Server is running on Windows ('Server 2008 R2' or 'Windows 7') with authentication mode SSPI and one try to connect from the same machine via 'psql' with server parameter as 'localhost' or 'fully qualified domain name', the database throws error; I've been able to reproduce this issue, and the patch does indeed fix it. One of our customers has also confirmed it fixed it for them. I can confirm this affects versions back to 8.3. Seems like we'd better try to get this committed before the next set of minor releases (and ideally also before 9.1beta3). -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] [BUG] SSPI authentication fails on Windows when server parameter is localhost or domain name
On 15 June 2011 12:16, Dave Page dp...@pgadmin.org wrote: On Wed, Jun 15, 2011 at 10:53 AM, Ahmed Shinwari ahmed.shinw...@gmail.com wrote: Hi All, I faced a bug on Windows while connecting via SSPI authentication. I was able to find the bug and have attached the patch. Details listed below; Postgres Installer: Version 9.0.4 OS: Windows Server 2008 R2/Windows 7 Bug Description: = If database Server is running on Windows ('Server 2008 R2' or 'Windows 7') with authentication mode SSPI and one try to connect from the same machine via 'psql' with server parameter as 'localhost' or 'fully qualified domain name', the database throws error; I've been able to reproduce this issue, and the patch does indeed fix it. One of our customers has also confirmed it fixed it for them. I can confirm this affects versions back to 8.3. -- Thom Brown Twitter: @darkixion IRC (freenode): dark_ixion Registered Linux user: #516935 EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] [BUG] SSPI authentication fails on Windows when server parameter is localhost or domain name
On Wed, Jun 15, 2011 at 10:53 AM, Ahmed Shinwari ahmed.shinw...@gmail.com wrote: Hi All, I faced a bug on Windows while connecting via SSPI authentication. I was able to find the bug and have attached the patch. Details listed below; Postgres Installer: Version 9.0.4 OS: Windows Server 2008 R2/Windows 7 Bug Description: = If database Server is running on Windows ('Server 2008 R2' or 'Windows 7') with authentication mode SSPI and one try to connect from the same machine via 'psql' with server parameter as 'localhost' or 'fully qualified domain name', the database throws error; I've been able to reproduce this issue, and the patch does indeed fix it. One of our customers has also confirmed it fixed it for them. -- Dave Page Blog: http://pgsnake.blogspot.com Twitter: @pgsnake EnterpriseDB UK: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers