Re: BUG #6302: Certificate lookup fails for users with /dev/null as home directory

On Nov 21, 2011 8:29 AM, "Diego Elio Petten=F2" <flameeyes@flameeyes.eu>
wrote:
>
>
> The following bug has been logged online:
>
> Bug reference:      6302
> Logged by:          Diego Elio Petten=F2
> Email address:      flameeyes@flameeyes.eu
> PostgreSQL version: 9.1.1
> Operating system:   Gentoo Linux
> Description:        Certificate lookup fails for users with /dev/null as
> home directory
> Details:
>
> A common way to make sure an user has no access to a home directory on
Unix
> is to set that directory to /dev/null. Unfortunately that causes the
stat()
> call to return an error when you're trying to check for the certificate.
> From 9.1.1, src/interfaces/libpq/fe-secure.c, line 1009 and counting:
>
>
>        else if (stat(fnbuf, &buf) !=3D 0)
>        {
>                /*
>                 * If file is not present, just go on without a client
cert;
> server
>                 * might or might not accept the connection.  Any other
> error,
>                 * however, is grounds for complaint.
>                 */
>                if (errno !=3D ENOENT)
>                {
>                        printfPQExpBuffer(&conn->errorMessage,
>                           libpq_gettext("could not open certificate file
> \"%s\": %s\n"),
>                                                          fnbuf,
> pqStrerror(errno, sebuf, sizeof(sebuf)));
>                        return -1;
>                }
>                have_cert =3D false;
>        }

What actual error do you get?

> Interestingly enough, the .pgpass file check is not as strict; from
> fe-connect.c lines 4863 and counting:
>
>
>        if (!getPgPassFilename(pgpassfile))
>                return NULL;
>
>        /* If password file cannot be opened, ignore it. */
>        if (stat(pgpassfile, &stat_buf) !=3D 0)
>                return NULL;
>
> I suppose it might be a good idea to simply replicate the same logic for
the
> certificate, so that it restores the chance to use SSL connections on
users
> that have /dev/null as home directory, which right now is outright
> impossible.
>

Its still impossible to use it securely, but I agree we shouldn't just
error out in a situation like that - the user wanted to be insecure, after
all.. But I'm not sure just dropping the check is the correct answer -
adjusting it is probably a better idea.

/Magnus