From: Bruce Momjian Date: Sat, 27 May 2000 03:58:20 +0000 (+0000) Subject: Back out kerberos changes. Causes compile problems. X-Git-Tag: REL7_1_BETA~1267 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=632a7ed759882ab931fa70f0c61a77943ccc2ec6;p=postgresql Back out kerberos changes. Causes compile problems. --- diff --git a/src/Makefile.global.in b/src/Makefile.global.in index 24ccbb750a..fd07ea0b53 100644 --- a/src/Makefile.global.in +++ b/src/Makefile.global.in @@ -7,7 +7,7 @@ # # # IDENTIFICATION -# $Header: /cvsroot/pgsql/src/Makefile.global.in,v 1.72 2000/05/27 03:39:31 momjian Exp $ +# $Header: /cvsroot/pgsql/src/Makefile.global.in,v 1.73 2000/05/27 03:58:18 momjian Exp $ # # NOTES # Essentially all Postgres make files include this file and use the @@ -120,7 +120,7 @@ ENFORCE_ALIGNMENT= true # Set KRBVERS to "4" for Kerberos v4, "5" for Kerberos v5. # XXX Edit the default Kerberos variables below! # -KRBVERS=5 +#KRBVERS= 5 # Globally pass Kerberos file locations. # these are used in the postmaster and all libpq applications. @@ -132,9 +132,9 @@ KRBVERS=5 # PG_KRB_SRVTAB is the location of the server's keytab file. # ifdef KRBVERS -KRBINCS= -I/usr/krb5/include -KRBLIBS= -L/usr/krb5/lib -KRBFLAGS+= $(KRBINCS) -DPG_KRB_SRVNAM='"postgres"' +KRBINCS= -I/usr/athena/include +KRBLIBS= -L/usr/athena/lib +KRBFLAGS+= $(KRBINCS) -DPG_KRB_SRVNAM='"postgres_dbms"' ifeq ($(KRBVERS), 4) KRBFLAGS+= -DKRB4 KRBFLAGS+= -DPG_KRB_SRVTAB='"/etc/srvtab"' @@ -142,8 +142,8 @@ KRBLIBS+= -lkrb -ldes else ifeq ($(KRBVERS), 5) KRBFLAGS+= -DKRB5 -KRBFLAGS+= -DPG_KRB_SRVTAB='"FILE:/usr/local/postgres/krb5.keytab"' -KRBLIBS+= -lkrb5 -lcrypto -lcom_err +KRBFLAGS+= -DPG_KRB_SRVTAB='"FILE:/krb5/srvtab.postgres"' +KRBLIBS+= -lkrb5 -lcrypto -lcom_err -lisode endif endif endif diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 2fc29a5712..bd53c4cabe 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.45 2000/05/27 03:39:31 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.46 2000/05/27 03:58:19 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -149,8 +149,7 @@ pg_krb4_recvauth(Port *port) *---------------------------------------------------------------- */ -#include -#include +#include "krb5/krb5.h" /* * pg_an_to_ln -- return the local name corresponding to an authentication @@ -175,64 +174,6 @@ pg_an_to_ln(char *aname) return aname; } - -/* - * Various krb5 state which is not connection specfic, and a flag to - * indicate whether we have initialised it yet. - */ -static int pg_krb5_initialised; -static krb5_context pg_krb5_context; -static krb5_keytab pg_krb5_keytab; -static krb5_principal pg_krb5_server; - - -static int -pg_krb5_init(void) -{ - krb5_error_code retval; - - if (pg_krb5_initialised) - return STATUS_OK; - - retval = krb5_init_context(&pg_krb5_context); - if (retval) { - snprintf(PQerrormsg, PQERRORMSG_LENGTH, - "pg_krb5_init: krb5_init_context returned" - " Kerberos error %d\n", retval); - com_err("postgres", retval, "while initializing krb5"); - return STATUS_ERROR; - } - - retval = krb5_kt_resolve(pg_krb5_context, PG_KRB_SRVTAB, &pg_krb5_keytab); - if (retval) { - snprintf(PQerrormsg, PQERRORMSG_LENGTH, - "pg_krb5_init: krb5_kt_resolve returned" - " Kerberos error %d\n", retval); - com_err("postgres", retval, "while resolving keytab file %s", - PG_KRB_SRVTAB); - krb5_free_context(pg_krb5_context); - return STATUS_ERROR; - } - - retval = krb5_sname_to_principal(pg_krb5_context, NULL, PG_KRB_SRVNAM, - KRB5_NT_SRV_HST, &pg_krb5_server); - if (retval) { - snprintf(PQerrormsg, PQERRORMSG_LENGTH, - "pg_krb5_init: krb5_sname_to_principal returned" - " Kerberos error %d\n", retval); - com_err("postgres", retval, - "while getting server principal for service %s", - PG_KRB_SRVTAB); - krb5_kt_close(pg_krb5_context, pg_krb5_keytab); - krb5_free_context(pg_krb5_context); - return STATUS_ERROR; - } - - pg_krb5_initialised = 1; - return STATUS_OK; -} - - /* * pg_krb5_recvauth -- server routine to receive authentication information * from the client @@ -241,68 +182,122 @@ pg_krb5_init(void) * packet to the authenticated name, as described in pg_krb4_recvauth. This * is a bit more problematic in v5, as described above in pg_an_to_ln. * - * We have our own keytab file because postgres is unlikely to run as root, - * and so cannot read the default keytab. + * In addition, as described above in pg_krb5_sendauth, we still need to + * canonicalize the server name v4-style before constructing a principal + * from it. Again, this is kind of iffy. + * + * Finally, we need to tangle with the fact that v5 doesn't let you explicitly + * set server keytab file names -- you have to feed lower-level routines a + * function to retrieve the contents of a keytab, along with a single argument + * that allows them to open the keytab. We assume that a server keytab is + * always a real file so we can allow people to specify their own filenames. + * (This is important because the POSTGRES keytab needs to be readable by + * non-root users/groups; the v4 tools used to force you do dump a whole + * host's worth of keys into a file, effectively forcing you to use one file, + * but kdb5_edit allows you to select which principals to dump. Yay!) */ static int pg_krb5_recvauth(Port *port) { - krb5_error_code retval; - int ret; - krb5_auth_context auth_context = NULL; - krb5_ticket *ticket; - char *kusername; - - ret = pg_krb5_init(); - if (ret != STATUS_OK) - return ret; - - retval = krb5_recvauth(pg_krb5_context, &auth_context, - (krb5_pointer)&port->sock, PG_KRB_SRVNAM, - pg_krb5_server, 0, pg_krb5_keytab, &ticket); - if (retval) { + char servbuf[MAXHOSTNAMELEN + 1 + + sizeof(PG_KRB_SRVNAM)]; + char *hostp, + *kusername = (char *) NULL; + krb5_error_code code; + krb5_principal client, + server; + krb5_address sender_addr; + krb5_rdreq_key_proc keyproc = (krb5_rdreq_key_proc) NULL; + krb5_pointer keyprocarg = (krb5_pointer) NULL; + + /* + * Set up server side -- since we have no ticket file to make this + * easy, we construct our own name and parse it. See note on + * canonicalization above. + */ + strcpy(servbuf, PG_KRB_SRVNAM); + *(hostp = servbuf + (sizeof(PG_KRB_SRVNAM) - 1)) = '/'; + if (gethostname(++hostp, MAXHOSTNAMELEN) < 0) + strcpy(hostp, "localhost"); + if (hostp = strchr(hostp, '.')) + *hostp = '\0'; + if (code = krb5_parse_name(servbuf, &server)) + { + snprintf(PQerrormsg, PQERRORMSG_LENGTH, + "pg_krb5_recvauth: Kerberos error %d in krb5_parse_name\n", code); + com_err("pg_krb5_recvauth", code, "in krb5_parse_name"); + return STATUS_ERROR; + } + + /* + * krb5_sendauth needs this to verify the address in the client + * authenticator. + */ + sender_addr.addrtype = port->raddr.in.sin_family; + sender_addr.length = sizeof(port->raddr.in.sin_addr); + sender_addr.contents = (krb5_octet *) & (port->raddr.in.sin_addr); + + if (strcmp(PG_KRB_SRVTAB, "")) + { + keyproc = krb5_kt_read_service_key; + keyprocarg = PG_KRB_SRVTAB; + } + + if (code = krb5_recvauth((krb5_pointer) & port->sock, + PG_KRB5_VERSION, + server, + &sender_addr, + (krb5_pointer) NULL, + keyproc, + keyprocarg, + (char *) NULL, + (krb5_int32 *) NULL, + &client, + (krb5_ticket **) NULL, + (krb5_authenticator **) NULL)) + { snprintf(PQerrormsg, PQERRORMSG_LENGTH, - "pg_krb5_recvauth: krb5_recvauth returned" - " Kerberos error %d\n", retval); - com_err("postgres", retval, "from krb5_recvauth"); + "pg_krb5_recvauth: Kerberos error %d in krb5_recvauth\n", code); + com_err("pg_krb5_recvauth", code, "in krb5_recvauth"); + krb5_free_principal(server); return STATUS_ERROR; - } + } + krb5_free_principal(server); /* * The "client" structure comes out of the ticket and is therefore * authenticated. Use it to check the username obtained from the * postmaster startup packet. - * - * I have no idea why this is considered necessary. */ - retval = krb5_unparse_name(pg_krb5_context, - ticket->enc_part2->client, &kusername); - if (retval) { + if ((code = krb5_unparse_name(client, &kusername))) + { snprintf(PQerrormsg, PQERRORMSG_LENGTH, - "pg_krb5_recvauth: krb5_unparse_name returned" - " Kerberos error %d\n", retval); - com_err("postgres", retval, "while unparsing client name"); - krb5_free_ticket(pg_krb5_context, ticket); - krb5_auth_con_free(pg_krb5_context, auth_context); + "pg_krb5_recvauth: Kerberos error %d in krb5_unparse_name\n", code); + com_err("pg_krb5_recvauth", code, "in krb5_unparse_name"); + krb5_free_principal(client); + return STATUS_ERROR; + } + krb5_free_principal(client); + if (!kusername) + { + snprintf(PQerrormsg, PQERRORMSG_LENGTH, + "pg_krb5_recvauth: could not decode username\n"); + fputs(PQerrormsg, stderr); + pqdebug("%s", PQerrormsg); return STATUS_ERROR; } - kusername = pg_an_to_ln(kusername); - if (strncmp(port->user, kusername, SM_USER)) + if (strncmp(username, kusername, SM_USER)) { snprintf(PQerrormsg, PQERRORMSG_LENGTH, - "pg_krb5_recvauth: user name \"%s\" != krb5 name \"%s\"\n", - port->user, kusername); - ret = STATUS_ERROR; + "pg_krb5_recvauth: name \"%s\" != \"%s\"\n", port->user, kusername); + fputs(PQerrormsg, stderr); + pqdebug("%s", PQerrormsg); + pfree(kusername); + return STATUS_ERROR; } - else - ret = STATUS_OK; - - krb5_free_ticket(pg_krb5_context, ticket); - krb5_auth_con_free(pg_krb5_context, auth_context); - free(kusername); - - return ret; + pfree(kusername); + return STATUS_OK; } #else diff --git a/src/interfaces/libpq/Makefile.in b/src/interfaces/libpq/Makefile.in index 90037ff541..8e0f65d612 100644 --- a/src/interfaces/libpq/Makefile.in +++ b/src/interfaces/libpq/Makefile.in @@ -6,7 +6,7 @@ # Copyright (c) 1994, Regents of the University of California # # IDENTIFICATION -# $Header: /cvsroot/pgsql/src/interfaces/libpq/Attic/Makefile.in,v 1.55 2000/05/27 03:39:33 momjian Exp $ +# $Header: /cvsroot/pgsql/src/interfaces/libpq/Attic/Makefile.in,v 1.56 2000/05/27 03:58:20 momjian Exp $ # #------------------------------------------------------------------------- @@ -21,7 +21,6 @@ CFLAGS+= -DFRONTEND ifdef KRBVERS CFLAGS+= $(KRBFLAGS) -SHLIB_LINK += $(KRBLIBS) endif OBJS= fe-auth.o fe-connect.o fe-exec.o fe-misc.o fe-print.o fe-lobj.o \ diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c index 1e61f3002e..d05bf63ce2 100644 --- a/src/interfaces/libpq/fe-auth.c +++ b/src/interfaces/libpq/fe-auth.c @@ -10,7 +10,7 @@ * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes). * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.40 2000/05/27 03:39:33 momjian Exp $ + * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.41 2000/05/27 03:58:20 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -39,7 +39,6 @@ #include "win32.h" #else #include -#include #include /* for MAXHOSTNAMELEN on most */ #ifndef MAXHOSTNAMELEN #include /* for MAXHOSTNAMELEN on some */ @@ -235,8 +234,7 @@ pg_krb4_sendauth(const char *PQerrormsg, int sock, *---------------------------------------------------------------- */ -#include -#include +#include "krb5/krb5.h" /* * pg_an_to_ln -- return the local name corresponding to an authentication @@ -252,7 +250,7 @@ pg_krb4_sendauth(const char *PQerrormsg, int sock, * and we can't afford to punt. */ static char * -pg_an_to_ln(char *aname) +pg_an_to_ln(const char *aname) { char *p; @@ -263,160 +261,197 @@ pg_an_to_ln(char *aname) /* - * Various krb5 state which is not connection specfic, and a flag to - * indicate whether we have initialised it yet. + * pg_krb5_init -- initialization performed before any Kerberos calls are made + * + * With v5, we can no longer set the ticket (credential cache) file name; + * we now have to provide a file handle for the open (well, "resolved") + * ticket file everywhere. + * */ -static int pg_krb5_initialised; -static krb5_context pg_krb5_context; -static krb5_ccache pg_krb5_ccache; -static krb5_principal pg_krb5_client; -static char *pg_krb5_name; - - static int -pg_krb5_init(char *PQerrormsg) + krb5_ccache +pg_krb5_init(void) { - krb5_error_code retval; + krb5_error_code code; + char *realm, + *defname; + char tktbuf[MAXPGPATH]; + static krb5_ccache ccache = (krb5_ccache) NULL; - if (pg_krb5_initialised) - return STATUS_OK; + if (ccache) + return ccache; - retval = krb5_init_context(&pg_krb5_context); - if (retval) { - snprintf(PQerrormsg, PQERRORMSG_LENGTH, - "pg_krb5_init: krb5_init_context: %s", - error_message(retval)); - return STATUS_ERROR; + /* + * If the user set PGREALM, then we use a ticket file with a special + * name: @ + */ + if (!(defname = krb5_cc_default_name())) + { + (void) sprintf(PQerrormsg, + "pg_krb5_init: krb5_cc_default_name failed\n"); + return (krb5_ccache) NULL; + } + strcpy(tktbuf, defname); + if (realm = getenv("PGREALM")) + { + strcat(tktbuf, "@"); + strcat(tktbuf, realm); } - retval = krb5_cc_default(pg_krb5_context, &pg_krb5_ccache); - if (retval) { - snprintf(PQerrormsg, PQERRORMSG_LENGTH, - "pg_krb5_init: krb5_cc_default: %s", - error_message(retval)); - krb5_free_context(pg_krb5_context); - return STATUS_ERROR; - } - - retval = krb5_cc_get_principal(pg_krb5_context, pg_krb5_ccache, - &pg_krb5_client); - if (retval) { - snprintf(PQerrormsg, PQERRORMSG_LENGTH, - "pg_krb5_init: krb5_cc_get_principal: %s", - error_message(retval)); - krb5_cc_close(pg_krb5_context, pg_krb5_ccache); - krb5_free_context(pg_krb5_context); - return STATUS_ERROR; - } - - retval = krb5_unparse_name(pg_krb5_context, pg_krb5_client, &pg_krb5_name); - if (retval) { - snprintf(PQerrormsg, PQERRORMSG_LENGTH, - "pg_krb5_init: krb5_unparse_name: %s", - error_message(retval)); - krb5_free_principal(pg_krb5_context, pg_krb5_client); - krb5_cc_close(pg_krb5_context, pg_krb5_ccache); - krb5_free_context(pg_krb5_context); - return STATUS_ERROR; - } - - pg_krb5_name = pg_an_to_ln(pg_krb5_name); - - pg_krb5_initialised = 1; - return STATUS_OK; + if (code = krb5_cc_resolve(tktbuf, &ccache)) + { + (void) sprintf(PQerrormsg, + "pg_krb5_init: Kerberos error %d in krb5_cc_resolve\n", code); + com_err("pg_krb5_init", code, "in krb5_cc_resolve"); + return (krb5_ccache) NULL; + } + return ccache; } - /* * pg_krb5_authname -- returns a pointer to static space containing whatever * name the user has authenticated to the system - */ + * + * We obtain this information by digging around in the ticket file. + */ static const char * -pg_krb5_authname(char *PQerrormsg) +pg_krb5_authname(const char *PQerrormsg) { - if (pg_krb5_init(PQerrormsg) != STATUS_OK) - return NULL; + krb5_ccache ccache; + krb5_principal principal; + krb5_error_code code; + static char *authname = (char *) NULL; - return pg_krb5_name; -} + if (authname) + return authname; + ccache = pg_krb5_init(); /* don't free this */ + + if (code = krb5_cc_get_principal(ccache, &principal)) + { + (void) sprintf(PQerrormsg, + "pg_krb5_authname: Kerberos error %d in krb5_cc_get_principal\n", code); + com_err("pg_krb5_authname", code, "in krb5_cc_get_principal"); + return (char *) NULL; + } + if (code = krb5_unparse_name(principal, &authname)) + { + (void) sprintf(PQerrormsg, + "pg_krb5_authname: Kerberos error %d in krb5_unparse_name\n", code); + com_err("pg_krb5_authname", code, "in krb5_unparse_name"); + krb5_free_principal(principal); + return (char *) NULL; + } + krb5_free_principal(principal); + return pg_an_to_ln(authname); +} /* * pg_krb5_sendauth -- client routine to send authentication information to * the server + * + * This routine does not do mutual authentication, nor does it return enough + * information to do encrypted connections. But then, if we want to do + * encrypted connections, we'll have to redesign the whole RPC mechanism + * anyway. + * + * Server hostnames are canonicalized v4-style, i.e., all domain suffixes + * are simply chopped off. Hence, we are assuming that you've entered your + * server instances as + * / + * in the PGREALM (or local) database. This is probably a bad assumption. */ static int -pg_krb5_sendauth(char *PQerrormsg, int sock, +pg_krb5_sendauth(const char *PQerrormsg, int sock, struct sockaddr_in * laddr, struct sockaddr_in * raddr, const char *hostname) { - krb5_error_code retval; - int ret; - krb5_principal server; - krb5_auth_context auth_context = NULL; - krb5_error *err_ret = NULL; - int flags; - - ret = pg_krb5_init(PQerrormsg); - if (ret != STATUS_OK) - return ret; - - retval = krb5_sname_to_principal(pg_krb5_context, hostname, PG_KRB_SRVNAM, - KRB5_NT_SRV_HST, &server); - if (retval) { - snprintf(PQerrormsg, PQERRORMSG_LENGTH, - "pg_krb5_sendauth: krb5_sname_to_principal: %s", - error_message(retval)); + char servbuf[MAXHOSTNAMELEN + 1 + + sizeof(PG_KRB_SRVNAM)]; + const char *hostp; + const char *realm; + krb5_error_code code; + krb5_principal client, + server; + krb5_ccache ccache; + krb5_error *error = (krb5_error *) NULL; + + ccache = pg_krb5_init(); /* don't free this */ + + /* + * set up client -- this is easy, we can get it out of the ticket + * file. + */ + if (code = krb5_cc_get_principal(ccache, &client)) + { + (void) sprintf(PQerrormsg, + "pg_krb5_sendauth: Kerberos error %d in krb5_cc_get_principal\n", code); + com_err("pg_krb5_sendauth", code, "in krb5_cc_get_principal"); return STATUS_ERROR; } - /* - * libpq uses a non-blocking socket. But kerberos needs a blocking - * socket, and we have to block somehow to do mutual authentication - * anyway. So we temporarily make it blocking. + /* + * set up server -- canonicalize as described above */ - flags = fcntl(sock, F_GETFL); - if (flags < 0 || fcntl(sock, F_SETFL, (long)(flags & ~O_NONBLOCK))) { - snprintf(PQerrormsg, PQERRORMSG_LENGTH, - "pg_krb5_sendauth: fcntl: %s", strerror(errno)); - krb5_free_principal(pg_krb5_context, server); + strcpy(servbuf, PG_KRB_SRVNAM); + *(hostp = servbuf + (sizeof(PG_KRB_SRVNAM) - 1)) = '/'; + if (hostname || *hostname) + strncpy(++hostp, hostname, MAXHOSTNAMELEN); + else + { + if (gethostname(++hostp, MAXHOSTNAMELEN) < 0) + strcpy(hostp, "localhost"); + } + if (hostp = strchr(hostp, '.')) + *hostp = '\0'; + if (realm = getenv("PGREALM")) + { + strcat(servbuf, "@"); + strcat(servbuf, realm); + } + if (code = krb5_parse_name(servbuf, &server)) + { + (void) sprintf(PQerrormsg, + "pg_krb5_sendauth: Kerberos error %d in krb5_parse_name\n", code); + com_err("pg_krb5_sendauth", code, "in krb5_parse_name"); + krb5_free_principal(client); return STATUS_ERROR; } - retval = krb5_sendauth(pg_krb5_context, &auth_context, - (krb5_pointer) &sock, PG_KRB_SRVNAM, - pg_krb5_client, server, - AP_OPTS_MUTUAL_REQUIRED, - NULL, 0, /* no creds, use ccache instead */ - pg_krb5_ccache, &err_ret, NULL, NULL); - if (retval) { - if (retval == KRB5_SENDAUTH_REJECTED && err_ret) { - snprintf(PQerrormsg, PQERRORMSG_LENGTH, - "pg_krb5_sendauth: authentication rejected: \"%*s\"", - err_ret->text.length, err_ret->text.data); + /* + * The only thing we want back from krb5_sendauth is an error status + * and any error messages. + */ + if (code = krb5_sendauth((krb5_pointer) & sock, + PG_KRB5_VERSION, + client, + server, + (krb5_flags) 0, + (krb5_checksum *) NULL, + (krb5_creds *) NULL, + ccache, + (krb5_int32 *) NULL, + (krb5_keyblock **) NULL, + &error, + (krb5_ap_rep_enc_part **) NULL)) + { + if ((code == KRB5_SENDAUTH_REJECTED) && error) + { + (void) sprintf(PQerrormsg, + "pg_krb5_sendauth: authentication rejected: \"%*s\"\n", + error->text.length, error->text.data); } - else { - snprintf(PQerrormsg, PQERRORMSG_LENGTH, - "pg_krb5_sendauth: krb5_sendauth: %s", - error_message(retval)); + else + { + (void) sprintf(PQerrormsg, + "pg_krb5_sendauth: Kerberos error %d in krb5_sendauth\n", code); + com_err("pg_krb5_sendauth", code, "in krb5_sendauth"); } - - if (err_ret) - krb5_free_error(pg_krb5_context, err_ret); - - ret = STATUS_ERROR; - } - - krb5_free_principal(pg_krb5_context, server); - - if (fcntl(sock, F_SETFL, (long)flags)) { - snprintf(PQerrormsg, PQERRORMSG_LENGTH, - "pg_krb5_sendauth: fcntl: %s", strerror(errno)); - ret = STATUS_ERROR; } - - return ret; + krb5_free_principal(client); + krb5_free_principal(server); + return code ? STATUS_ERROR : STATUS_OK; } #endif /* KRB5 */ diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h index 2943f23830..f83f52a62c 100644 --- a/src/interfaces/libpq/libpq-int.h +++ b/src/interfaces/libpq/libpq-int.h @@ -12,7 +12,7 @@ * Portions Copyright (c) 1996-2000, PostgreSQL, Inc * Portions Copyright (c) 1994, Regents of the University of California * - * $Id: libpq-int.h,v 1.24 2000/05/27 03:39:33 momjian Exp $ + * $Id: libpq-int.h,v 1.25 2000/05/27 03:58:20 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -50,7 +50,6 @@ * POSTGRES backend dependent Constants. */ -#define PQERRORMSG_LENGTH 1024 #define CMDSTATUS_LEN 40 /*