From: | tgl(at)postgresql(dot)org (Tom Lane) |
---|---|
To: | pgsql-committers(at)postgresql(dot)org |
Subject: | pgsql: Rewrite pam_passwd_conv_proc to be more robust: avoid assuming |
Date: | 2009-10-16 22:09:16 |
Message-ID: | 20091016220916.B0DF9753FB7@cvs.postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers |
Log Message:
-----------
Rewrite pam_passwd_conv_proc to be more robust: avoid assuming that the
pam_message array contains exactly one PAM_PROMPT_ECHO_OFF message.
Instead, deal with however many messages there are, and don't throw error
for PAM_ERROR_MSG and PAM_TEXT_INFO messages. This logic is borrowed from
openssh 5.2p1, which hopefully has seen more real-world PAM usage than we
have. Per bug #5121 from Ryan Douglas, which turned out to be caused by
the conv_proc being called with zero messages. Apparently that is normal
behavior given the combination of Linux pam_krb5 with MS Active Directory
as the domain controller.
Patch all the way back, since this code has been essentially untouched
since 7.4. (Surprising we've not heard complaints before.)
Tags:
----
REL7_4_STABLE
Modified Files:
--------------
pgsql/src/backend/libpq:
auth.c (r1.112.2.1 -> r1.112.2.2)
(http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/backend/libpq/auth.c?r1=1.112.2.1&r2=1.112.2.2)
From | Date | Subject | |
---|---|---|---|
Next Message | Magnus Hagander | 2009-10-17 00:24:51 | pgsql: Write to the Windows eventlog in UTF16, converting the message |
Previous Message | Tom Lane | 2009-10-16 22:09:08 | pgsql: Rewrite pam_passwd_conv_proc to be more robust: avoid assuming |