A bunch of GSSAPI fixes per comments from Tom:

* use elog not ereport for debug
* fix debug levels for some output
* properly check for memory allocation errors in a couple of missed places

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index dafc965445e88a7cc6753504ec5f962418cd2258..1b0356a02d80916e80a31a3bd98b857678614917 100644 (file)
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.149 2007/07/10 13:14:20 mha Exp $
+ *       $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.150 2007/07/11 08:27:33 mha Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -317,18 +317,18 @@ static GSS_DLLIMP gss_OID GSS_C_NT_USER_NAME = &GSS_C_NT_USER_NAME_desc;
 
 
 static void
-pg_GSS_error(int severity, char *text, OM_uint32 maj_stat, OM_uint32 min_stat)
+pg_GSS_error(int severity, char *errmsg, OM_uint32 maj_stat, OM_uint32 min_stat)
 {
        gss_buffer_desc gmsg;
        OM_uint32               lmaj_s, lmin_s, msg_ctx;
-       char                    localmsg1[128],
-                                       localmsg2[128];
+       char                    msg_major[128],
+                                       msg_minor[128];
 
        /* Fetch major status message */
        msg_ctx = 0;
        lmaj_s = gss_display_status(&lmin_s, maj_stat, GSS_C_GSS_CODE,
                        GSS_C_NO_OID, &msg_ctx, &gmsg);
-       strlcpy(localmsg1, gmsg.value, sizeof(localmsg1));
+       strlcpy(msg_major, gmsg.value, sizeof(msg_major));
        gss_release_buffer(&lmin_s, &gmsg);
 
        if (msg_ctx)
@@ -343,7 +343,7 @@ pg_GSS_error(int severity, char *text, OM_uint32 maj_stat, OM_uint32 min_stat)
        msg_ctx = 0;
        lmaj_s = gss_display_status(&lmin_s, min_stat, GSS_C_MECH_CODE,
                        GSS_C_NO_OID, &msg_ctx, &gmsg);
-       strlcpy(localmsg2, gmsg.value, sizeof(localmsg2));
+       strlcpy(msg_minor, gmsg.value, sizeof(msg_minor));
        gss_release_buffer(&lmin_s, &gmsg);
 
        if (msg_ctx)
@@ -353,7 +353,8 @@ pg_GSS_error(int severity, char *text, OM_uint32 maj_stat, OM_uint32 min_stat)
        /* errmsg_internal, since translation of the first part must be
         * done before calling this function anyway. */
        ereport(severity,
-                       (errmsg_internal("%s:%s\n%s", text, localmsg1, localmsg2)));
+                       (errmsg_internal("%s", errmsg),
+                        errdetail("%s: %s", msg_major, msg_minor)));
 }
 
 static int
@@ -430,9 +431,8 @@ pg_GSS_recvauth(Port *port)
                gbuf.length = buf.len;
                gbuf.value = buf.data;
 
-               ereport(DEBUG4,
-                               (errmsg_internal("Processing received GSS token of length: %u",
-                                                                gbuf.length)));
+               elog(DEBUG4, "Processing received GSS token of length %u", 
+                        gbuf.length);
 
                maj_stat = gss_accept_sec_context(
                                &min_stat,
@@ -450,20 +450,19 @@ pg_GSS_recvauth(Port *port)
                /* gbuf no longer used */
                pfree(buf.data);
 
-               ereport(DEBUG5,
-                               (errmsg_internal("gss_accept_sec_context major: %i, "
-                                                                "minor: %i, outlen: %u, outflags: %x",
-                                                                maj_stat, min_stat, 
-                                                                port->gss->outbuf.length, gflags)));
+               elog(DEBUG5, "gss_accept_sec_context major: %i, "
+                                        "minor: %i, outlen: %u, outflags: %x",
+                                        maj_stat, min_stat,
+                                        port->gss->outbuf.length, gflags);
 
                if (port->gss->outbuf.length != 0)
                {
                        /*
                         * Negotiation generated data to be sent to the client.
                         */
-                       ereport(DEBUG4,
-                                       (errmsg_internal("sending GSS response token of length %u",
-                                                                        port->gss->outbuf.length)));
+                       elog(DEBUG4, "sending GSS response token of length %u",
+                                port->gss->outbuf.length);
+
                        sendAuthRequest(port, AUTH_REQ_GSS_CONT);
                }
 
@@ -477,8 +476,7 @@ pg_GSS_recvauth(Port *port)
                }
 
                if (maj_stat == GSS_S_CONTINUE_NEEDED)
-                       ereport(DEBUG4,
-                                       (errmsg_internal("GSS continue needed")));
+                       elog(DEBUG4, "GSS continue needed");
 
        } while (maj_stat == GSS_S_CONTINUE_NEEDED);
 
@@ -497,8 +495,10 @@ pg_GSS_recvauth(Port *port)
         * pg username that was specified for the connection.
         */
        maj_stat = gss_display_name(&min_stat, port->gss->name, &gbuf, NULL);
-       ereport(DEBUG1,
-                       (errmsg("GSSAPI authenticated name: %s", (char *)gbuf.value)));
+       if (maj_stat != GSS_S_COMPLETE)
+               pg_GSS_error(ERROR,
+                                        gettext_noop("retreiving GSS user name failed"),
+                                        maj_stat, min_stat);
 
        /*
         * Compare the part of the username that comes before the @
@@ -517,12 +517,15 @@ pg_GSS_recvauth(Port *port)
                ret = strcmp(port->user_name, gbuf.value);
 
        if (ret)
+       {
                /* GSS name and PGUSER are not equivalent */
-               ereport(ERROR,
-                               (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
-                                errmsg("provided username and GSSAPI username don't match"),
-                                errdetail("provided: %s, GSSAPI: %s",
-                                        port->user_name, (char *)gbuf.value)));
+               elog(DEBUG2, 
+                        "provided username (%s) and GSSAPI username (%s) don't match",
+                        port->user_name, (char *)gbuf.value);
+
+               gss_release_buffer(&lmin_s, &gbuf);
+               return STATUS_ERROR;
+       }
        
        gss_release_buffer(&lmin_s, &gbuf);
 
@@ -780,9 +783,9 @@ sendAuthRequest(Port *port, AuthRequest areq)
                {
                        OM_uint32       lmin_s;
 
-                       ereport(DEBUG4, 
-                                       (errmsg_internal("sending GSS token of length %u",
-                                                                        port->gss->outbuf.length)));
+                       elog(DEBUG4, "sending GSS token of length %u",
+                                port->gss->outbuf.length);
+
                        pq_sendbytes(&buf, port->gss->outbuf.value, port->gss->outbuf.length);
                        gss_release_buffer(&lmin_s, &port->gss->outbuf);
                }

diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c
index feb3db6402a969116bca39df4a88e1a59d36f4d4..f730e27c5f48920143282b825ec15db524380028 100644 (file)
--- a/src/backend/postmaster/postmaster.c
+++ b/src/backend/postmaster/postmaster.c
@@ -37,7 +37,7 @@
  *
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.531 2007/07/10 13:14:21 mha Exp $
+ *       $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.532 2007/07/11 08:27:33 mha Exp $
  *
  * NOTES
  *
@@ -1732,6 +1732,13 @@ ConnCreate(int serverFd)
         */
 #ifdef ENABLE_GSS
        port->gss = (pg_gssinfo *)calloc(1, sizeof(pg_gssinfo));
+       if (!port->gss)
+       {
+               ereport(LOG,
+                               (errcode(ERRCODE_OUT_OF_MEMORY),
+                                errmsg("out of memory")));
+               ExitPostmaster(1);
+       }
 #endif
 
        return port;

diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index 25768f1964f1f5286a20f8bbbaa63aa834bafc21..aebce1caf6e6fadc803dceef11ee8b64d80debb5 100644 (file)
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.348 2007/07/10 13:14:21 mha Exp $
+ *       $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.349 2007/07/11 08:27:33 mha Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -1689,6 +1689,13 @@ keep_going:                                              /* We will come back to here until there is
 
                                                conn->ginbuf.length = llen;
                                                conn->ginbuf.value = malloc(llen);
+                                               if (!conn->ginbuf.value)
+                                               {
+                                                       printfPQExpBuffer(&conn->errorMessage,
+                                                                                         libpq_gettext("out of memory allocating GSSAPI buffer (%i)"),
+                                                                                         llen);
+                                                       goto error_return;
+                                               }
                                        }
 
                                        if (pqGetnchar(conn->ginbuf.value, llen, conn))