Thread: KTH-KRB kerberos 4 patch
HiI've been having also sorts of fun trying to get kerberos 4 authentification working with postgresql-6.4.2 and KTH-KRB Ebones (http://www.pdc.kth.se/kth-kr b) on a dec alpha running DU 4.0D using the native compiler. The following patch does the trick. The rationale behind this is as follows. The KTH-KRB code header files defines lots of lengths like INST_SZ,REALM_SZ and KRB_SENDAUTH_VLEN. It also has a habit of doing things like chararray[LENGTH] = '\0' to ensure null terminated strings. In my instance this just happens to blat the kerberos principal instance string leading to error like pg_krb4_recvauth: kerberos error: Can't decode authenticator (krb_rd_req) The application code that comes with KTH-KRB uses "KRB_SENDAUTH_VLEN + 1" and sometimes uses "INST_SZ + 1" so it seems safest to put that 1 char buffer in the appropriate place. *** postgresql-6.4.2/src/backend/libpq/auth.c.orig Wed Feb 24 12:14:55 1999 --- postgresql-6.4.2/src/backend/libpq/auth.c Wed Feb 24 14:03:46 1999 *************** *** 77,86 **** { long krbopts = 0; /* one-way authentication */ KTEXT_ST clttkt; ! char instance[INST_SZ]; AUTH_DAT auth_data; Key_schedule key_sched; ! char version[KRB_SENDAUTH_VLEN]; int status; strcpy(instance, "*"); /* don't care, but arg gets expanded --- 77,86 ---- { long krbopts = 0; /* one-way authentication */ KTEXT_ST clttkt; ! char instance[INST_SZ + 1]; AUTH_DAT auth_data; Key_schedule key_sched; ! char version[KRB_SENDAUTH_VLEN + 1]; int status; strcpy(instance, "*"); /* don't care, but arg gets expanded *** postgresql-6.4.2/src/interfaces/libpq/fe-auth.c.orig Wed Feb 24 14:05:26 1999 --- postgresql-6.4.2/src/interfaces/libpq/fe-auth.c Wed Feb 24 14:12:56 1999 *************** *** 144,151 **** static char * pg_krb4_authname(char *PQerrormsg) { ! char instance[INST_SZ]; ! char realm[REALM_SZ]; int status; static char name[SNAME_SZ + 1] = ""; --- 144,151 ---- static char * pg_krb4_authname(char *PQerrormsg) { ! char instance[INST_SZ + 1]; ! char realm[REALM_SZ + 1]; int status; static char name[SNAME_SZ + 1] =""; -- +-----------------+------------------------------------------+ | _ ^ _ | Dr. Rodney McDuff | | |\ /|\ /| | Network Development, ITS | | \ | / | The University of Queensland | | \ | / | St. Lucia, Brisbane | | \|/ | Queensland, Australia. 4072. | |<-------+------->| TELEPHONE: +61 7 3365 8220 | | /|\ | FACSIMILE: +61 7 33654477 | | / | \ | EMAIL: mcduff@its.uq.edu.au | | / | \ | | | |/ \|/ \| | Ex ignorantia ad sapientiam | | - v - | Ex luce ad tenebras | +-----------------+------------------------------------------+
Rodney McDuff <ccmcduff@its.uq.edu.au> writes: > I've been having also sorts of fun trying to get kerberos 4 > authentification working with postgresql-6.4.2 and KTH-KRB Ebones > (http://www.pdc.kth.se/kth-kr b) on a dec alpha running DU 4.0D > using the native compiler. The following patch does the trick. Great! This got a February 15th snapshot of PostgreSQL working for me, too! Thanks! :-) -tih -- Popularity is the hallmark of mediocrity. --Niles Crane, "Frasier"
Applied. > Hi > I've been having also sorts of fun trying to get kerberos 4 authentification > working with postgresql-6.4.2 and KTH-KRB Ebones (http://www.pdc.kth.se/kth-kr > b) on a dec alpha running DU 4.0D using the native compiler. The following > patch does the trick. > > The rationale behind this is as follows. The KTH-KRB code header files defines > lots of lengths like INST_SZ,REALM_SZ and KRB_SENDAUTH_VLEN. It also has a > habit of doing things like > > chararray[LENGTH] = '\0' > > to ensure null terminated strings. In my instance this just happens to blat > the kerberos principal instance string leading to error like > > pg_krb4_recvauth: kerberos error: Can't decode authenticator (krb_rd_req) > > The application code that comes with KTH-KRB uses "KRB_SENDAUTH_VLEN + 1" and > sometimes uses "INST_SZ + 1" so it seems safest to put that 1 char buffer in > the appropriate place. > > > > *** postgresql-6.4.2/src/backend/libpq/auth.c.orig Wed Feb 24 12:14:55 > 1999 > --- postgresql-6.4.2/src/backend/libpq/auth.c Wed Feb 24 14:03:46 1999 > *************** > *** 77,86 **** > { > long krbopts = 0; /* one-way authentication */ > KTEXT_ST clttkt; > ! char instance[INST_SZ]; > AUTH_DAT auth_data; > Key_schedule key_sched; > ! char version[KRB_SENDAUTH_VLEN]; > int status; > > strcpy(instance, "*"); /* don't care, but arg gets expanded > --- 77,86 ---- > { > long krbopts = 0; /* one-way authentication */ > KTEXT_ST clttkt; > ! char instance[INST_SZ + 1]; > AUTH_DAT auth_data; > Key_schedule key_sched; > ! char version[KRB_SENDAUTH_VLEN + 1]; > int status; > > strcpy(instance, "*"); /* don't care, but arg gets expanded > *** postgresql-6.4.2/src/interfaces/libpq/fe-auth.c.orig Wed Feb 24 > 14:05:26 1999 > --- postgresql-6.4.2/src/interfaces/libpq/fe-auth.c Wed Feb 24 14:12:56 > 1999 > *************** > *** 144,151 **** > static char * > pg_krb4_authname(char *PQerrormsg) > { > ! char instance[INST_SZ]; > ! char realm[REALM_SZ]; > int status; > static char name[SNAME_SZ + 1] = ""; > > --- 144,151 ---- > static char * > pg_krb4_authname(char *PQerrormsg) > { > ! char instance[INST_SZ + 1]; > ! char realm[REALM_SZ + 1]; > int status; > static char name[SNAME_SZ + 1] = ""; > > > -- > > +-----------------+------------------------------------------+ > | _ ^ _ | Dr. Rodney McDuff | > | |\ /|\ /| | Network Development, ITS | > | \ | / | The University of Queensland | > | \ | / | St. Lucia, Brisbane | > | \|/ | Queensland, Australia. 4072. | > |<-------+------->| TELEPHONE: +61 7 3365 8220 | > | /|\ | FACSIMILE: +61 7 3365 4477 | > | / | \ | EMAIL: mcduff@its.uq.edu.au | > | / | \ | | > | |/ \|/ \| | Ex ignorantia ad sapientiam | > | - v - | Ex luce ad tenebras | > +-----------------+------------------------------------------+ > > > > -- Bruce Momjian | http://www.op.net/~candle maillist@candle.pha.pa.us | (610) 853-3000+ If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania19026