Re: [HACKERS] KTH-KRB kerberos 4 patch - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: [HACKERS] KTH-KRB kerberos 4 patch
Date
Msg-id 199903141606.LAA20294@candle.pha.pa.us
Whole thread Raw
In response to KTH-KRB kerberos 4 patch  (Rodney McDuff <ccmcduff@its.uq.edu.au>)
List pgsql-hackers
Applied.



> Hi
>     I've been having also sorts of fun trying to get kerberos 4 authentification 
> working with postgresql-6.4.2 and  KTH-KRB Ebones (http://www.pdc.kth.se/kth-kr
> b) on a dec alpha running DU 4.0D using the native compiler. The following 
> patch does the trick.
> 
> The rationale behind this is as follows. The KTH-KRB code header files defines 
> lots of lengths like INST_SZ,REALM_SZ and KRB_SENDAUTH_VLEN. It also has a 
> habit of doing things like
> 
>     chararray[LENGTH] = '\0'
> 
> to ensure null terminated strings. In my instance this just happens to blat 
> the kerberos principal instance string leading to error like
> 
>     pg_krb4_recvauth: kerberos error: Can't decode authenticator (krb_rd_req)
> 
> The application code that comes with KTH-KRB uses "KRB_SENDAUTH_VLEN + 1" and 
> sometimes uses "INST_SZ + 1" so it seems safest to put that 1 char buffer in 
> the appropriate place.
> 
> 
> 
> *** postgresql-6.4.2/src/backend/libpq/auth.c.orig      Wed Feb 24 12:14:55 
> 1999
> --- postgresql-6.4.2/src/backend/libpq/auth.c   Wed Feb 24 14:03:46 1999
> ***************
> *** 77,86 ****
>   {
>         long            krbopts = 0;    /* one-way authentication */
>         KTEXT_ST        clttkt;
> !       char            instance[INST_SZ];
>         AUTH_DAT        auth_data;
>         Key_schedule key_sched;
> !       char            version[KRB_SENDAUTH_VLEN];
>         int                     status;
>   
>         strcpy(instance, "*");          /* don't care, but arg gets expanded
> --- 77,86 ----
>   {
>         long            krbopts = 0;    /* one-way authentication */
>         KTEXT_ST        clttkt;
> !       char            instance[INST_SZ + 1]; 
>         AUTH_DAT        auth_data;
>         Key_schedule key_sched;
> !       char            version[KRB_SENDAUTH_VLEN + 1];
>         int                     status;
>   
>         strcpy(instance, "*");          /* don't care, but arg gets expanded
> *** postgresql-6.4.2/src/interfaces/libpq/fe-auth.c.orig        Wed Feb 24 
> 14:05:26 1999
> --- postgresql-6.4.2/src/interfaces/libpq/fe-auth.c     Wed Feb 24 14:12:56 
> 1999
> ***************
> *** 144,151 ****
>   static char *
>   pg_krb4_authname(char *PQerrormsg)
>   {
> !       char            instance[INST_SZ];
> !       char            realm[REALM_SZ];
>         int                     status;
>         static char name[SNAME_SZ + 1] = "";
>   
> --- 144,151 ----
>   static char *
>   pg_krb4_authname(char *PQerrormsg)
>   {
> !       char            instance[INST_SZ + 1];
> !       char            realm[REALM_SZ + 1];
>         int                     status;
>         static char name[SNAME_SZ + 1] = "";
>   
> 
> -- 
> 
>   +-----------------+------------------------------------------+
>   |    _   ^   _    | Dr. Rodney McDuff                        |
>   |   |\  /|\  /|   | Network Development, ITS                 |
>   |     \  |  /     | The University of Queensland             |
>   |      \ | /      | St. Lucia, Brisbane                      |
>   |       \|/       | Queensland, Australia. 4072.             |
>   |<-------+------->| TELEPHONE: +61 7 3365 8220               |
>   |       /|\       | FACSIMILE: +61 7 3365 4477               |
>   |      / | \      | EMAIL: mcduff@its.uq.edu.au              |
>   |     /  |  \     |                                          |
>   |   |/  \|/  \|   |        Ex ignorantia ad sapientiam       |
>   |    -   v   -    |            Ex luce ad tenebras           |
>   +-----------------+------------------------------------------+
> 
> 
> 
> 


--  Bruce Momjian                        |  http://www.op.net/~candle maillist@candle.pha.pa.us            |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026
 


pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: [HACKERS] [CURRENT] large object fix
Next
From: Bruce Momjian
Date:
Subject: Re: [HACKERS] libpq and SPI