Thread: krb_server_keyfile setting doesn't work on Windows
Hi, As far as I tested, the krb_server_keyfile setting in postgres.conf doesn't work on Windows. Because gssapi32.dll(krb5_32.dll) seems to call getenv("KRB5_KTNAME") in msvcr71, postgres.exe should call putenv("KRB5_KTNAME=...") in msvcr71. The attached patch fixes the problem in my test case. regards, Hiroshi Inoue Index: auth.c =================================================================== RCS file: /projects/cvsroot/pgsql/src/backend/libpq/auth.c,v retrieving revision 1.188 diff -c -r1.188 auth.c *** auth.c 12 Dec 2009 21:35:21 -0000 1.188 --- auth.c 30 Dec 2009 15:03:51 -0000 *************** *** 877,882 **** --- 877,905 ---- errdetail("%s: %s", msg_major, msg_minor))); } + #ifdef WIN32 + static void + msvc_krb5_ktname(const char *kt_path) + { + typedef int (_cdecl * PUTENVPROC) (const char *); + const char *msvcrdll = "msvcr71"; + static bool initialized = false; + HMODULE hmodule; + static PUTENVPROC putenvFunc = NULL; + + if (initialized) + { + if (!putenvFunc) + return; + } + else if (hmodule = GetModuleHandle(msvcrdll), hmodule != NULL) + putenvFunc = (PUTENVPROC) GetProcAddress(hmodule, "_putenv"); + initialized = true; + if (putenvFunc != NULL) + putenvFunc(kt_path); + } + #endif /* WIN32 */ + static int pg_GSS_recvauth(Port *port) { *************** *** 923,928 **** --- 946,954 ---- return STATUS_ERROR; } snprintf(kt_path, kt_len, "KRB5_KTNAME=%s", pg_krb_server_keyfile); + #ifdef WIN32 + msvc_krb5_ktname(kt_path); + #endif /* WIN32 */ putenv(kt_path); } }
Hiroshi Inoue <inoue@tpf.co.jp> writes: > Because gssapi32.dll(krb5_32.dll) seems to call > getenv("KRB5_KTNAME") in msvcr71, postgres.exe > should call putenv("KRB5_KTNAME=...") in msvcr71. > The attached patch fixes the problem in my test > case. Don't we already have something like that in our src/port putenv substitute? regards, tom lane
2009/12/30 Hiroshi Inoue <inoue@tpf.co.jp>: > Hi, > > As far as I tested, the krb_server_keyfile setting > in postgres.conf doesn't work on Windows. > > Because gssapi32.dll(krb5_32.dll) seems to call > getenv("KRB5_KTNAME") in msvcr71, postgres.exe > should call putenv("KRB5_KTNAME=...") in msvcr71. > The attached patch fixes the problem in my test > case. Isn't the main backend linked with msvcr71.dll anyway? Then the regular putenv should put it in th eenv of msvcr71.dll, and the stuff that's wrapped through src/port/win32env.c will put it in the regular msvcr file. I wonder if you're possibly being hit with the bug I patched the other day, but didn't backpatch. (http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=f8bcd7220b1166f7c037ceaf0a53958cbc6a7630). Can you see if that fix solves your problem as well? (Either directly or by testing HEAD) If not, the fix should still go in win32env.c, not directly in auth.c -- Magnus HaganderMe: http://www.hagander.net/Work: http://www.redpill-linpro.com/
Tom Lane wrote: > Hiroshi Inoue <inoue@tpf.co.jp> writes: >> Because gssapi32.dll(krb5_32.dll) seems to call >> getenv("KRB5_KTNAME") in msvcr71, postgres.exe >> should call putenv("KRB5_KTNAME=...") in msvcr71. >> The attached patch fixes the problem in my test >> case. > > Don't we already have something like that in our src/port putenv > substitute? Yes, pgwin32_putenv() calls putenv() in msvcrt which libintl or other MINGW dlls use. I'm not sure if it's appropriate toadd msvcr71's putenv call to pgwin32_putenv() (src/port/win32env.c). regards, Hiroshi Inoue
Magnus Hagander wrote: > 2009/12/30 Hiroshi Inoue <inoue@tpf.co.jp>: >> Hi, >> >> As far as I tested, the krb_server_keyfile setting >> in postgres.conf doesn't work on Windows. >> >> Because gssapi32.dll(krb5_32.dll) seems to call >> getenv("KRB5_KTNAME") in msvcr71, postgres.exe >> should call putenv("KRB5_KTNAME=...") in msvcr71. >> The attached patch fixes the problem in my test >> case. > > Isn't the main backend linked with msvcr71.dll anyway? What main backend directly links is msvcr80 or msvcr90 according to the msvc build environment. > Then the > regular putenv should put it in th eenv of msvcr71.dll, and the stuff > that's wrapped through src/port/win32env.c will put it in the regular > msvcr file. > > I wonder if you're possibly being hit with the bug I patched the other > day, but didn't backpatch. > (http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=f8bcd7220b1166f7c037ceaf0a53958cbc6a7630). > > Can you see if that fix solves your problem as well? (Either directly > or by testing HEAD) I'm testing using the current cvs. > If not, the fix should still go in win32env.c, not directly in auth.c I don't object to it. Possibly we would have to add msvcr80 or msvcr90 as well in the future. regards, Hiroshi Inoue
2009/12/31 Hiroshi Inoue <inoue@tpf.co.jp>: > Magnus Hagander wrote: >> >> 2009/12/30 Hiroshi Inoue <inoue@tpf.co.jp>: >>> >>> Hi, >>> >>> As far as I tested, the krb_server_keyfile setting >>> in postgres.conf doesn't work on Windows. >>> >>> Because gssapi32.dll(krb5_32.dll) seems to call >>> getenv("KRB5_KTNAME") in msvcr71, postgres.exe >>> should call putenv("KRB5_KTNAME=...") in msvcr71. >>> The attached patch fixes the problem in my test >>> case. >> >> Isn't the main backend linked with msvcr71.dll anyway? > > What main backend directly links is msvcr80 or msvcr90 > according to the msvc build environment. Arrgh. My bad, I thought msvcr71 was vs2005. Now that you put it like this, I know it's vs2003. >> Then the >> regular putenv should put it in th eenv of msvcr71.dll, and the stuff >> that's wrapped through src/port/win32env.c will put it in the regular >> msvcr file. >> >> I wonder if you're possibly being hit with the bug I patched the other >> day, but didn't backpatch. >> (http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=f8bcd7220b1166f7c037ceaf0a53958cbc6a7630). >> >> Can you see if that fix solves your problem as well? (Either directly >> or by testing HEAD) > > I'm testing using the current cvs. > >> If not, the fix should still go in win32env.c, not directly in auth.c > > I don't object to it. Possibly we would have to add msvcr80 or > msvcr90 as well in the future. To be safe, yes, we should have that. Do you want to work on such a complete solution, or should I look at it? -- Magnus HaganderMe: http://www.hagander.net/Work: http://www.redpill-linpro.com/
On Thu, Dec 31, 2009 at 00:57, Magnus Hagander <magnus@hagander.net> wrote: > 2009/12/31 Hiroshi Inoue <inoue@tpf.co.jp>: >> Magnus Hagander wrote: >>> >>> 2009/12/30 Hiroshi Inoue <inoue@tpf.co.jp>: >>>> >>>> Hi, >>>> >>>> As far as I tested, the krb_server_keyfile setting >>>> in postgres.conf doesn't work on Windows. >>>> >>>> Because gssapi32.dll(krb5_32.dll) seems to call >>>> getenv("KRB5_KTNAME") in msvcr71, postgres.exe >>>> should call putenv("KRB5_KTNAME=...") in msvcr71. >>>> The attached patch fixes the problem in my test >>>> case. >>> >>> Isn't the main backend linked with msvcr71.dll anyway? >> >> What main backend directly links is msvcr80 or msvcr90 >> according to the msvc build environment. > > Arrgh. My bad, I thought msvcr71 was vs2005. Now that you put it like > this, I know it's vs2003. > > >>> Then the >>> regular putenv should put it in th eenv of msvcr71.dll, and the stuff >>> that's wrapped through src/port/win32env.c will put it in the regular >>> msvcr file. >>> >>> I wonder if you're possibly being hit with the bug I patched the other >>> day, but didn't backpatch. >>> (http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=f8bcd7220b1166f7c037ceaf0a53958cbc6a7630). >>> >>> Can you see if that fix solves your problem as well? (Either directly >>> or by testing HEAD) >> >> I'm testing using the current cvs. >> >>> If not, the fix should still go in win32env.c, not directly in auth.c >> >> I don't object to it. Possibly we would have to add msvcr80 or >> msvcr90 as well in the future. > > To be safe, yes, we should have that. Do you want to work on such a > complete solution, or should I look at it? Mail to you seem not to be properly delivered atm :-( Hopefully you can read this through the list. I've applied a patch that should fix this problem, by always updating *all* available msvcrt libraries. Please check that it solves your problem as well. -- Magnus HaganderMe: http://www.hagander.net/Work: http://www.redpill-linpro.com/
Magnus Hagander wrote: > On Thu, Dec 31, 2009 at 00:57, Magnus Hagander <magnus@hagander.net> wrote: >> 2009/12/31 Hiroshi Inoue <inoue@tpf.co.jp>: >>> Magnus Hagander wrote: >>>> 2009/12/30 Hiroshi Inoue <inoue@tpf.co.jp>: >>>>> Hi, >>>>> >>>>> As far as I tested, the krb_server_keyfile setting >>>>> in postgres.conf doesn't work on Windows. >>>>> >>>>> Because gssapi32.dll(krb5_32.dll) seems to call >>>>> getenv("KRB5_KTNAME") in msvcr71, postgres.exe >>>>> should call putenv("KRB5_KTNAME=...") in msvcr71. >>>>> The attached patch fixes the problem in my test >>>>> case. >>>> Isn't the main backend linked with msvcr71.dll anyway? >>> What main backend directly links is msvcr80 or msvcr90 >>> according to the msvc build environment. >> Arrgh. My bad, I thought msvcr71 was vs2005. Now that you put it like >> this, I know it's vs2003. >> >> >>>> Then the >>>> regular putenv should put it in th eenv of msvcr71.dll, and the stuff >>>> that's wrapped through src/port/win32env.c will put it in the regular >>>> msvcr file. >>>> >>>> I wonder if you're possibly being hit with the bug I patched the other >>>> day, but didn't backpatch. >>>> (http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=f8bcd7220b1166f7c037ceaf0a53958cbc6a7630). >>>> >>>> Can you see if that fix solves your problem as well? (Either directly >>>> or by testing HEAD) >>> I'm testing using the current cvs. >>> >>>> If not, the fix should still go in win32env.c, not directly in auth.c >>> I don't object to it. Possibly we would have to add msvcr80 or >>> msvcr90 as well in the future. >> To be safe, yes, we should have that. Do you want to work on such a >> complete solution, or should I look at it? > > Mail to you seem not to be properly delivered atm :-( Hopefully you > can read this through the list. Sorry for the delay - I've been on new year holiday in Japan. > I've applied a patch that should fix this problem, by always updating > *all* available msvcrt libraries. Please check that it solves your > problem as well. I checked the behavior using the current cvs and it works well. Thanks. regards, Hiroshi Inoue