Postgres Pro
Downloads
Home   >   mailing lists

KTH-KRB kerberos 4 patch - Mailing list pgsql-hackers

From Rodney McDuff
Subject KTH-KRB kerberos 4 patch
Date
Msg-id 199902240504.PAA22502@its.uq.edu.au
Whole thread Raw
Responses Re: [HACKERS] KTH-KRB kerberos 4 patch
List pgsql-hackers
Tree view 
HiI've been having also sorts of fun trying to get kerberos 4 authentification 
working with postgresql-6.4.2 and  KTH-KRB Ebones (http://www.pdc.kth.se/kth-kr
b) on a dec alpha running DU 4.0D using the native compiler. The following 
patch does the trick.

The rationale behind this is as follows. The KTH-KRB code header files defines 
lots of lengths like INST_SZ,REALM_SZ and KRB_SENDAUTH_VLEN. It also has a 
habit of doing things like
chararray[LENGTH] = '\0'

to ensure null terminated strings. In my instance this just happens to blat 
the kerberos principal instance string leading to error like
pg_krb4_recvauth: kerberos error: Can't decode authenticator (krb_rd_req)

The application code that comes with KTH-KRB uses "KRB_SENDAUTH_VLEN + 1" and 
sometimes uses "INST_SZ + 1" so it seems safest to put that 1 char buffer in 
the appropriate place.



*** postgresql-6.4.2/src/backend/libpq/auth.c.orig      Wed Feb 24 12:14:55 
1999
--- postgresql-6.4.2/src/backend/libpq/auth.c   Wed Feb 24 14:03:46 1999
***************
*** 77,86 **** {       long            krbopts = 0;    /* one-way authentication */       KTEXT_ST        clttkt;
!       char            instance[INST_SZ];       AUTH_DAT        auth_data;       Key_schedule key_sched;
!       char            version[KRB_SENDAUTH_VLEN];       int                     status;        strcpy(instance, "*");
        /* don't care, but arg gets expanded
 
--- 77,86 ---- {       long            krbopts = 0;    /* one-way authentication */       KTEXT_ST        clttkt;
!       char            instance[INST_SZ + 1];        AUTH_DAT        auth_data;       Key_schedule key_sched;
!       char            version[KRB_SENDAUTH_VLEN + 1];       int                     status;        strcpy(instance,
"*");         /* don't care, but arg gets expanded
 
*** postgresql-6.4.2/src/interfaces/libpq/fe-auth.c.orig        Wed Feb 24 
14:05:26 1999
--- postgresql-6.4.2/src/interfaces/libpq/fe-auth.c     Wed Feb 24 14:12:56 
1999
***************
*** 144,151 **** static char * pg_krb4_authname(char *PQerrormsg) {
!       char            instance[INST_SZ];
!       char            realm[REALM_SZ];       int                     status;       static char name[SNAME_SZ + 1] =
"";
 
--- 144,151 ---- static char * pg_krb4_authname(char *PQerrormsg) {
!       char            instance[INST_SZ + 1];
!       char            realm[REALM_SZ + 1];       int                     status;       static char name[SNAME_SZ + 1]
=""; 
 

-- 
 +-----------------+------------------------------------------+ |    _   ^   _    | Dr. Rodney McDuff
    | |   |\  /|\  /|   | Network Development, ITS                 | |     \  |  /     | The University of Queensland
         | |      \ | /      | St. Lucia, Brisbane                      | |       \|/       | Queensland, Australia.
4072.            | |<-------+------->| TELEPHONE: +61 7 3365 8220               | |       /|\       | FACSIMILE: +61 7
33654477               | |      / | \      | EMAIL: mcduff@its.uq.edu.au              | |     /  |  \     |
                            | |   |/  \|/  \|   |        Ex ignorantia ad sapientiam       | |    -   v   -    |
   Ex luce ad tenebras           | +-----------------+------------------------------------------+

pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: IN list and OR processing
Next
From: Oleg Broytmann
Date:
Subject: Re: [HACKERS] VACUUM ANALYZE problem on linux