diff options
| author | Magnus Hagander <magnus@hagander.net> | 2010-03-08 09:57:26 +0000 |
|---|---|---|
| committer | Magnus Hagander <magnus@hagander.net> | 2010-03-08 09:57:26 +0000 |
| commit | 6c6ee75ad352fc586c14ec94eb2cb772bc37d233 (patch) | |
| tree | a4a4d73ebc66d99200701ea9abf6cb03af752596 /src | |
| parent | 676b26dd9a2470b3e28294f5ee37fa47c24df13c (diff) | |
| download | postgresql-6c6ee75ad352fc586c14ec94eb2cb772bc37d233.tar.gz postgresql-6c6ee75ad352fc586c14ec94eb2cb772bc37d233.zip | |
Disallow gssapi authentication on local connections, since it
requires a hostname to function.
Noted by Zdenek Kotala
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/libpq/hba.c | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c index 7718b0be490..be6b2f742ab 100644 --- a/src/backend/libpq/hba.c +++ b/src/backend/libpq/hba.c @@ -10,7 +10,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.201 2010/03/06 00:45:49 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.202 2010/03/08 09:57:26 mha Exp $ * *------------------------------------------------------------------------- */ @@ -998,6 +998,22 @@ parse_hba_line(List *line, int line_num, HbaLine *parsedline) return false; } + if (parsedline->conntype == ctLocal && + parsedline->auth_method == uaGSS) + { + ereport(LOG, + (errcode(ERRCODE_CONFIG_FILE_ERROR), + errmsg("gssapi authentication is not supported on local sockets"), + errcontext("line %d of configuration file \"%s\"", + line_num, HbaFileName))); + return false; + } + /* + * SSPI authentication can never be enabled on ctLocal connections, because + * it's only supported on Windows, where ctLocal isn't supported. + */ + + if (parsedline->conntype != ctHostSSL && parsedline->auth_method == uaCert) { |