mirror/postgresql
2
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2024-12-27 08:39:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

Disallow gssapi authentication on local connections, since it

Browse Source 
requires a hostname to function.

Noted by Zdenek Kotala
This commit is contained in:
Magnus Hagander 2010-03-08 09:57:26 +00:00
parent 676b26dd9a
commit 6c6ee75ad3
1 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/backend/libpq/hba.c
View File

@ -10,7 +10,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.201 2010/03/06 00:45:49 tgl Exp $ * $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.202 2010/03/08 09:57:26 mha Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -998,6 +998,22 @@ parse_hba_line(List *line, int line_num, HbaLine *parsedline)
return false; return false;
} }
if (parsedline->conntype == ctLocal &&
parsedline->auth_method == uaGSS)
{
ereport(LOG,
(errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("gssapi authentication is not supported on local sockets"),
errcontext("line %d of configuration file \"%s\"",
line_num, HbaFileName)));
return false;
}
/*
* SSPI authentication can never be enabled on ctLocal connections, because
* it's only supported on Windows, where ctLocal isn't supported.
*/
if (parsedline->conntype != ctHostSSL && if (parsedline->conntype != ctHostSSL &&
parsedline->auth_method == uaCert) parsedline->auth_method == uaCert)
{ {