Обсуждение: pgsql: Fix handling of HBA ldapserver with multiple hostnames.
Fix handling of HBA ldapserver with multiple hostnames. Commit 35c0754f failed to handle space-separated lists of alternative hostnames in ldapserver, when building a URI for ldap_initialize() (OpenLDAP). Such lists need to be expanded to space-separated URIs. Repair. Back-patch to 11, to fix bug report #15495. Author: Thomas Munro Reported-by: Renaud Navarro Discussion: https://postgr.es/m/15495-2c39fc196c95cd72%40postgresql.org Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/257ef3cd4fec7ca1213f31b660486b492b1c7031 Modified Files -------------- src/backend/libpq/auth.c | 42 +++++++++++++++++++++++++++++++++++++----- src/test/ldap/t/001_auth.pl | 18 +++++++++++++++++- 2 files changed, 54 insertions(+), 6 deletions(-)
Thomas Munro <tmunro@postgresql.org> writes: > Fix handling of HBA ldapserver with multiple hostnames. longfin thinks this has a problem with const-ness: auth.c:2380:10: error: passing 'const char *' to parameter of type 'void *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers] pfree(hostname); ^~~~~~~~ regards, tom lane
On Tue, Nov 13, 2018 at 6:37 PM Tom Lane <tgl@sss.pgh.pa.us> wrote: > Thomas Munro <tmunro@postgresql.org> writes: > > Fix handling of HBA ldapserver with multiple hostnames. > > longfin thinks this has a problem with const-ness: > > auth.c:2380:10: error: passing 'const char *' to parameter of type 'void *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers] > pfree(hostname); > ^~~~~~~~ Thanks, fixing. Embarassingly, I had turned off -Werror for this because my Mac spews strange warnings when you use OpenLDAP, a problem to which there must be a better solution. -- Thomas Munro http://www.enterprisedb.com
Thomas Munro <thomas.munro@enterprisedb.com> writes: > Thanks, fixing. Embarassingly, I had turned off -Werror for this > because my Mac spews strange warnings when you use OpenLDAP, a problem > to which there must be a better solution. Hm, what warnings? regards, tom lane
On Tue, Nov 13, 2018 at 6:54 PM Tom Lane <tgl@sss.pgh.pa.us> wrote: > Thomas Munro <thomas.munro@enterprisedb.com> writes: > > Thanks, fixing. Embarassingly, I had turned off -Werror for this > > because my Mac spews strange warnings when you use OpenLDAP, a problem > > to which there must be a better solution. > > Hm, what warnings? Apple ships OpenLDAP headers that tell you to ditch it and use Apple OpenDirectory Framework: fe-connect.c:4354:6: warning: 'ldap_set_option' is deprecated: first deprecated in macOS 10.11 - use OpenDirectory Framework [-Wdeprecated-declarations] I should probably use MacPorts for that. -- Thomas Munro http://www.enterprisedb.com
Thomas Munro <thomas.munro@enterprisedb.com> writes: > On Tue, Nov 13, 2018 at 6:54 PM Tom Lane <tgl@sss.pgh.pa.us> wrote: >> Hm, what warnings? > Apple ships OpenLDAP headers that tell you to ditch it and use Apple > OpenDirectory Framework: Oh, that. I just use -Wno-deprecated-declarations. A bigger issue to my mind is that configure bleats about the OpenLDAP version: checking for compatible LDAP implementation... (cached) no configure: WARNING: *** With OpenLDAP versions 2.4.24 through 2.4.31, inclusive, each backend *** process that loads libpq (via WAL receiver, dblink, or postgres_fdw) and *** also uses LDAP will crash on exit. I have not experimented to see if that's really true on recent macOS, but if it is, it'd be a problem for production use. regards, tom lane