Check if the role exists before doing more complex ident and Kerberos

authentication checks in the backend.

Gavin Sherry

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 74857d12d9a72ce125e91dece05976d6ef332370..37bfa81abdf92aa4ab430bd2d7bad177af7bd258 100644 (file)
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.147 2007/01/05 22:19:29 momjian Exp $
+ *       $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.148 2007/02/08 04:52:18 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -216,6 +216,9 @@ pg_krb5_recvauth(Port *port)
        krb5_ticket *ticket;
        char       *kusername;
 
+       if (get_role_line(port->user_name) == NULL)
+               return STATUS_ERROR;
+       
        ret = pg_krb5_init();
        if (ret != STATUS_OK)
                return ret;

diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c
index a889fa7a5f9398e2d3a08daa133ff6d5b2618e31..94df19bc2cd63527e970cab3cb7c3b8c61677c5e 100644 (file)
--- a/src/backend/libpq/hba.c
+++ b/src/backend/libpq/hba.c
@@ -10,7 +10,7 @@
  *
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.158 2007/01/05 22:19:29 momjian Exp $
+ *       $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.159 2007/02/08 04:52:18 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -1589,6 +1589,9 @@ authident(hbaPort *port)
 {
        char            ident_user[IDENT_USERNAME_MAX + 1];
 
+       if (get_role_line(port->user_name) == NULL)
+               return STATUS_ERROR;
+       
        switch (port->raddr.addr.ss_family)
        {
                case AF_INET: