Обсуждение: krb_server_keyfile setting doesn't work on Windows
Hi,
As far as I tested, the krb_server_keyfile setting
in postgres.conf doesn't work on Windows.
Because gssapi32.dll(krb5_32.dll) seems to call
getenv("KRB5_KTNAME") in msvcr71, postgres.exe
should call putenv("KRB5_KTNAME=...") in msvcr71.
The attached patch fixes the problem in my test
case.
regards,
Hiroshi Inoue
Index: auth.c
===================================================================
RCS file: /projects/cvsroot/pgsql/src/backend/libpq/auth.c,v
retrieving revision 1.188
diff -c -r1.188 auth.c
*** auth.c 12 Dec 2009 21:35:21 -0000 1.188
--- auth.c 30 Dec 2009 15:03:51 -0000
***************
*** 877,882 ****
--- 877,905 ----
errdetail("%s: %s", msg_major, msg_minor)));
}
+ #ifdef WIN32
+ static void
+ msvc_krb5_ktname(const char *kt_path)
+ {
+ typedef int (_cdecl * PUTENVPROC) (const char *);
+ const char *msvcrdll = "msvcr71";
+ static bool initialized = false;
+ HMODULE hmodule;
+ static PUTENVPROC putenvFunc = NULL;
+
+ if (initialized)
+ {
+ if (!putenvFunc)
+ return;
+ }
+ else if (hmodule = GetModuleHandle(msvcrdll), hmodule != NULL)
+ putenvFunc = (PUTENVPROC) GetProcAddress(hmodule, "_putenv");
+ initialized = true;
+ if (putenvFunc != NULL)
+ putenvFunc(kt_path);
+ }
+ #endif /* WIN32 */
+
static int
pg_GSS_recvauth(Port *port)
{
***************
*** 923,928 ****
--- 946,954 ----
return STATUS_ERROR;
}
snprintf(kt_path, kt_len, "KRB5_KTNAME=%s", pg_krb_server_keyfile);
+ #ifdef WIN32
+ msvc_krb5_ktname(kt_path);
+ #endif /* WIN32 */
putenv(kt_path);
}
}
Hiroshi Inoue <inoue@tpf.co.jp> writes:
> Because gssapi32.dll(krb5_32.dll) seems to call
> getenv("KRB5_KTNAME") in msvcr71, postgres.exe
> should call putenv("KRB5_KTNAME=...") in msvcr71.
> The attached patch fixes the problem in my test
> case.
Don't we already have something like that in our src/port putenv
substitute?
regards, tom lane
2009/12/30 Hiroshi Inoue <inoue@tpf.co.jp>:
> Hi,
>
> As far as I tested, the krb_server_keyfile setting
> in postgres.conf doesn't work on Windows.
>
> Because gssapi32.dll(krb5_32.dll) seems to call
> getenv("KRB5_KTNAME") in msvcr71, postgres.exe
> should call putenv("KRB5_KTNAME=...") in msvcr71.
> The attached patch fixes the problem in my test
> case.
Isn't the main backend linked with msvcr71.dll anyway? Then the
regular putenv should put it in th eenv of msvcr71.dll, and the stuff
that's wrapped through src/port/win32env.c will put it in the regular
msvcr file.
I wonder if you're possibly being hit with the bug I patched the other
day, but didn't backpatch.
(http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=f8bcd7220b1166f7c037ceaf0a53958cbc6a7630).
Can you see if that fix solves your problem as well? (Either directly
or by testing HEAD)
If not, the fix should still go in win32env.c, not directly in auth.c
-- Magnus HaganderMe: http://www.hagander.net/Work: http://www.redpill-linpro.com/
Tom Lane wrote:
> Hiroshi Inoue <inoue@tpf.co.jp> writes:
>> Because gssapi32.dll(krb5_32.dll) seems to call
>> getenv("KRB5_KTNAME") in msvcr71, postgres.exe
>> should call putenv("KRB5_KTNAME=...") in msvcr71.
>> The attached patch fixes the problem in my test
>> case.
>
> Don't we already have something like that in our src/port putenv
> substitute?
Yes, pgwin32_putenv() calls putenv() in msvcrt which libintl
or other MINGW dlls use. I'm not sure if it's appropriate toadd msvcr71's putenv call to pgwin32_putenv()
(src/port/win32env.c).
regards,
Hiroshi Inoue
Magnus Hagander wrote:
> 2009/12/30 Hiroshi Inoue <inoue@tpf.co.jp>:
>> Hi,
>>
>> As far as I tested, the krb_server_keyfile setting
>> in postgres.conf doesn't work on Windows.
>>
>> Because gssapi32.dll(krb5_32.dll) seems to call
>> getenv("KRB5_KTNAME") in msvcr71, postgres.exe
>> should call putenv("KRB5_KTNAME=...") in msvcr71.
>> The attached patch fixes the problem in my test
>> case.
>
> Isn't the main backend linked with msvcr71.dll anyway?
What main backend directly links is msvcr80 or msvcr90
according to the msvc build environment.
> Then the
> regular putenv should put it in th eenv of msvcr71.dll, and the stuff
> that's wrapped through src/port/win32env.c will put it in the regular
> msvcr file.
>
> I wonder if you're possibly being hit with the bug I patched the other
> day, but didn't backpatch.
> (http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=f8bcd7220b1166f7c037ceaf0a53958cbc6a7630).
>
> Can you see if that fix solves your problem as well? (Either directly
> or by testing HEAD)
I'm testing using the current cvs.
> If not, the fix should still go in win32env.c, not directly in auth.c
I don't object to it. Possibly we would have to add msvcr80 or msvcr90 as well in the future.
regards,
Hiroshi Inoue
2009/12/31 Hiroshi Inoue <inoue@tpf.co.jp>:
> Magnus Hagander wrote:
>>
>> 2009/12/30 Hiroshi Inoue <inoue@tpf.co.jp>:
>>>
>>> Hi,
>>>
>>> As far as I tested, the krb_server_keyfile setting
>>> in postgres.conf doesn't work on Windows.
>>>
>>> Because gssapi32.dll(krb5_32.dll) seems to call
>>> getenv("KRB5_KTNAME") in msvcr71, postgres.exe
>>> should call putenv("KRB5_KTNAME=...") in msvcr71.
>>> The attached patch fixes the problem in my test
>>> case.
>>
>> Isn't the main backend linked with msvcr71.dll anyway?
>
> What main backend directly links is msvcr80 or msvcr90
> according to the msvc build environment.
Arrgh. My bad, I thought msvcr71 was vs2005. Now that you put it like
this, I know it's vs2003.
>> Then the
>> regular putenv should put it in th eenv of msvcr71.dll, and the stuff
>> that's wrapped through src/port/win32env.c will put it in the regular
>> msvcr file.
>>
>> I wonder if you're possibly being hit with the bug I patched the other
>> day, but didn't backpatch.
>> (http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=f8bcd7220b1166f7c037ceaf0a53958cbc6a7630).
>>
>> Can you see if that fix solves your problem as well? (Either directly
>> or by testing HEAD)
>
> I'm testing using the current cvs.
>
>> If not, the fix should still go in win32env.c, not directly in auth.c
>
> I don't object to it. Possibly we would have to add msvcr80 or
> msvcr90 as well in the future.
To be safe, yes, we should have that. Do you want to work on such a
complete solution, or should I look at it?
-- Magnus HaganderMe: http://www.hagander.net/Work: http://www.redpill-linpro.com/
On Thu, Dec 31, 2009 at 00:57, Magnus Hagander <magnus@hagander.net> wrote:
> 2009/12/31 Hiroshi Inoue <inoue@tpf.co.jp>:
>> Magnus Hagander wrote:
>>>
>>> 2009/12/30 Hiroshi Inoue <inoue@tpf.co.jp>:
>>>>
>>>> Hi,
>>>>
>>>> As far as I tested, the krb_server_keyfile setting
>>>> in postgres.conf doesn't work on Windows.
>>>>
>>>> Because gssapi32.dll(krb5_32.dll) seems to call
>>>> getenv("KRB5_KTNAME") in msvcr71, postgres.exe
>>>> should call putenv("KRB5_KTNAME=...") in msvcr71.
>>>> The attached patch fixes the problem in my test
>>>> case.
>>>
>>> Isn't the main backend linked with msvcr71.dll anyway?
>>
>> What main backend directly links is msvcr80 or msvcr90
>> according to the msvc build environment.
>
> Arrgh. My bad, I thought msvcr71 was vs2005. Now that you put it like
> this, I know it's vs2003.
>
>
>>> Then the
>>> regular putenv should put it in th eenv of msvcr71.dll, and the stuff
>>> that's wrapped through src/port/win32env.c will put it in the regular
>>> msvcr file.
>>>
>>> I wonder if you're possibly being hit with the bug I patched the other
>>> day, but didn't backpatch.
>>> (http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=f8bcd7220b1166f7c037ceaf0a53958cbc6a7630).
>>>
>>> Can you see if that fix solves your problem as well? (Either directly
>>> or by testing HEAD)
>>
>> I'm testing using the current cvs.
>>
>>> If not, the fix should still go in win32env.c, not directly in auth.c
>>
>> I don't object to it. Possibly we would have to add msvcr80 or
>> msvcr90 as well in the future.
>
> To be safe, yes, we should have that. Do you want to work on such a
> complete solution, or should I look at it?
Mail to you seem not to be properly delivered atm :-( Hopefully you
can read this through the list.
I've applied a patch that should fix this problem, by always updating
*all* available msvcrt libraries. Please check that it solves your
problem as well.
-- Magnus HaganderMe: http://www.hagander.net/Work: http://www.redpill-linpro.com/
Magnus Hagander wrote:
> On Thu, Dec 31, 2009 at 00:57, Magnus Hagander <magnus@hagander.net> wrote:
>> 2009/12/31 Hiroshi Inoue <inoue@tpf.co.jp>:
>>> Magnus Hagander wrote:
>>>> 2009/12/30 Hiroshi Inoue <inoue@tpf.co.jp>:
>>>>> Hi,
>>>>>
>>>>> As far as I tested, the krb_server_keyfile setting
>>>>> in postgres.conf doesn't work on Windows.
>>>>>
>>>>> Because gssapi32.dll(krb5_32.dll) seems to call
>>>>> getenv("KRB5_KTNAME") in msvcr71, postgres.exe
>>>>> should call putenv("KRB5_KTNAME=...") in msvcr71.
>>>>> The attached patch fixes the problem in my test
>>>>> case.
>>>> Isn't the main backend linked with msvcr71.dll anyway?
>>> What main backend directly links is msvcr80 or msvcr90
>>> according to the msvc build environment.
>> Arrgh. My bad, I thought msvcr71 was vs2005. Now that you put it like
>> this, I know it's vs2003.
>>
>>
>>>> Then the
>>>> regular putenv should put it in th eenv of msvcr71.dll, and the stuff
>>>> that's wrapped through src/port/win32env.c will put it in the regular
>>>> msvcr file.
>>>>
>>>> I wonder if you're possibly being hit with the bug I patched the other
>>>> day, but didn't backpatch.
>>>> (http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=f8bcd7220b1166f7c037ceaf0a53958cbc6a7630).
>>>>
>>>> Can you see if that fix solves your problem as well? (Either directly
>>>> or by testing HEAD)
>>> I'm testing using the current cvs.
>>>
>>>> If not, the fix should still go in win32env.c, not directly in auth.c
>>> I don't object to it. Possibly we would have to add msvcr80 or
>>> msvcr90 as well in the future.
>> To be safe, yes, we should have that. Do you want to work on such a
>> complete solution, or should I look at it?
>
> Mail to you seem not to be properly delivered atm :-( Hopefully you
> can read this through the list.
Sorry for the delay - I've been on new year holiday in Japan.
> I've applied a patch that should fix this problem, by always updating
> *all* available msvcrt libraries. Please check that it solves your
> problem as well.
I checked the behavior using the current cvs and it works well.
Thanks.
regards,
Hiroshi Inoue