Clear auth context correctly when re-connecting after failed auth attempt.

author Heikki Linnakangas <heikki.linnakangas@iki.fi>

Wed, 7 Jun 2017 11:01:46 +0000 (14:01 +0300)

committer Heikki Linnakangas <heikki.linnakangas@iki.fi>

Wed, 7 Jun 2017 11:04:54 +0000 (14:04 +0300)
author Heikki Linnakangas <heikki.linnakangas@iki.fi>
Wed, 7 Jun 2017 11:01:46 +0000 (14:01 +0300)
committer Heikki Linnakangas <heikki.linnakangas@iki.fi>
Wed, 7 Jun 2017 11:04:54 +0000 (14:04 +0300)
diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c

index 493ef82d4a7cefcc29f5437a26f3a63449f1b60c..ab057e945a70cbc95c4fc09d51077fb928694ca2 100644 (file)
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -372,7 +372,12 @@ pg_SSPI_startup(PGconn *conn, int use_negotiate)
         SECURITY_STATUS r;
         TimeStamp       expire;
  
-       conn->sspictx = NULL;
+       if (conn->sspictx)
+       {
+               printfPQExpBuffer(&conn->errorMessage,
+                                       libpq_gettext("duplicate SSPI authentication request\n"));
+               return STATUS_ERROR;
+       }
  
         /*
          * Retrieve credentials handle
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c

index 8c7169e171d0dac156ecf29befda7d398ca53150..ec468870d2a5194f1abee36dcccd22e6ff986318 100644 (file)
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -401,15 +401,56 @@ pqDropConnection(PGconn *conn, bool flushInput)
  {
         /* Drop any SSL state */
         pqsecure_close(conn);
+
         /* Close the socket itself */
         if (conn->sock != PGINVALID_SOCKET)
                 closesocket(conn->sock);
         conn->sock = PGINVALID_SOCKET;
+
         /* Optionally discard any unread data */
         if (flushInput)
                 conn->inStart = conn->inCursor = conn->inEnd = 0;
+
         /* Always discard any unsent data */
         conn->outCount = 0;
+
+       /* Free authentication state */
+#ifdef ENABLE_GSS
+       {
+               OM_uint32       min_s;
+
+               if (conn->gctx)
+                       gss_delete_sec_context(&min_s, &conn->gctx, GSS_C_NO_BUFFER);
+               if (conn->gtarg_nam)
+                       gss_release_name(&min_s, &conn->gtarg_nam);
+               if (conn->ginbuf.length)
+                       gss_release_buffer(&min_s, &conn->ginbuf);
+               if (conn->goutbuf.length)
+                       gss_release_buffer(&min_s, &conn->goutbuf);
+       }
+#endif
+#ifdef ENABLE_SSPI
+       if (conn->ginbuf.length)
+               free(conn->ginbuf.value);
+       conn->ginbuf.length = 0;
+       conn->ginbuf.value = NULL;
+       if (conn->sspitarget)
+               free(conn->sspitarget);
+       conn->sspitarget = NULL;
+       if (conn->sspicred)
+       {
+               FreeCredentialsHandle(conn->sspicred);
+               free(conn->sspicred);
+               conn->sspicred = NULL;
+       }
+       if (conn->sspictx)
+       {
+               DeleteSecurityContext(conn->sspictx);
+               free(conn->sspictx);
+               conn->sspictx = NULL;
+       }
+       conn->usesspi = 0;
+#endif
  }
  
  
@@ -3007,41 +3048,6 @@ closePGconn(PGconn *conn)
         if (conn->lobjfuncs)
                 free(conn->lobjfuncs);
         conn->lobjfuncs = NULL;
-#ifdef ENABLE_GSS
-       {
-               OM_uint32       min_s;
-
-               if (conn->gctx)
-                       gss_delete_sec_context(&min_s, &conn->gctx, GSS_C_NO_BUFFER);
-               if (conn->gtarg_nam)
-                       gss_release_name(&min_s, &conn->gtarg_nam);
-               if (conn->ginbuf.length)
-                       gss_release_buffer(&min_s, &conn->ginbuf);
-               if (conn->goutbuf.length)
-                       gss_release_buffer(&min_s, &conn->goutbuf);
-       }
-#endif
-#ifdef ENABLE_SSPI
-       if (conn->ginbuf.length)
-               free(conn->ginbuf.value);
-       conn->ginbuf.length = 0;
-       conn->ginbuf.value = NULL;
-       if (conn->sspitarget)
-               free(conn->sspitarget);
-       conn->sspitarget = NULL;
-       if (conn->sspicred)
-       {
-               FreeCredentialsHandle(conn->sspicred);
-               free(conn->sspicred);
-               conn->sspicred = NULL;
-       }
-       if (conn->sspictx)
-       {
-               DeleteSecurityContext(conn->sspictx);
-               free(conn->sspictx);
-               conn->sspictx = NULL;
-       }
-#endif
  }
  
  /*
author	Heikki Linnakangas <heikki.linnakangas@iki.fi>
	Wed, 7 Jun 2017 11:01:46 +0000 (14:01 +0300)
committer	Heikki Linnakangas <heikki.linnakangas@iki.fi>
	Wed, 7 Jun 2017 11:04:54 +0000 (14:04 +0300)
src/interfaces/libpq/fe-auth.c		patch \| blob \| history
src/interfaces/libpq/fe-connect.c		patch \| blob \| history