Re: BUG #13854: SSPI authentication failure: wrong realm name used

From: Christian Ullrich <chris(at)chrullrich(dot)net>
To: Robbie Harwood <rharwood(at)redhat(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Cc: pgsql-bugs <pgsql-bugs(at)postgresql(dot)org>
Subject: Re: BUG #13854: SSPI authentication failure: wrong realm name used
Date: 2016-03-24 15:44:37
Message-ID: 56F40B65.8050909@chrullrich.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs pgsql-hackers

On 2016-03-24 16:35, Christian Ullrich wrote:

> * From: Robbie Harwood [mailto:rharwood(at)redhat(dot)com]
>
>> Christian Ullrich <chris(at)chrullrich(dot)net> writes:

>>> pg_SSPI_recvauth(Port *port)
>>> {
>>> int mtype;
>>> + int status;
>>
>> The section of this function for include_realm checking already uses an
>> int status return code (retval). I would expect to see them share a
>> variable rather than have both "retval" and "status".
>
> I would not, because retval is local to that last if, but you are right, status
> does not need to be in function scope.

Moved declaration.

>>> + /* Build SAM name (DOMAIN\\user), then translate to UPN
>>> + (user(at)kerberos(dot)realm). The realm name is returned in
>>> + lower case, but that is fine because in SSPI auth,
>>> + string comparisons are always case-insensitive. */
>>
>> Since we're already considering changing things: this is not the comment
>> style for this file (though it is otherwise a good comment).
>
> True. Will fix.

Reformatted.

>>> + upname = (char*)palloc(upnamesize);
>>
>> I don't believe this cast is typically included.
>
> Left over from when this was malloc() before Magnus' first look at it.

Removed.

Updated patch attached.

--
Christian

Attachment Content-Type Size
sspirealm.patch text/plain 7.7 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Yury Zhuravlev 2016-03-24 15:49:18 Re: NOT EXIST for PREPARE
Previous Message Aleksander Alekseev 2016-03-24 15:35:30 Re: Small patch: fix code duplication in heapam.c

Browse pgsql-bugs by date

  From Date Subject
Next Message Christian Ullrich 2016-03-24 15:57:33 Re: [HACKERS] BUG #13854: SSPI authentication failure: wrong realm name used
Previous Message Christian Ullrich 2016-03-24 15:35:23 Re: BUG #13854: SSPI authentication failure: wrong realm name used