| Lists: | pgsql-hackers |
|---|
| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Remove one use of IDENT_USERNAME_MAX |
| Date: | 2019-10-26 06:55:03 |
| Message-ID: | c798fba5-8b71-4f27-c78e-37714037ea31@2ndquadrant.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Lists: | pgsql-hackers |
It seems to me that using IDENT_USERNAME_MAX for peer authentication is
some kind of historical leftover and not really appropriate or useful,
so I propose the attached cleanup.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Remove-one-use-of-IDENT_USERNAME_MAX.patch | text/plain | 2.1 KB |
| From: | Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com> |
|---|---|
| To: | peter(dot)eisentraut(at)2ndquadrant(dot)com |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Remove one use of IDENT_USERNAME_MAX |
| Date: | 2019-10-28 05:10:08 |
| Message-ID: | 20191028.141008.1808344564081861818.horikyota.ntt@gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Lists: | pgsql-hackers |
Hello.
At Sat, 26 Oct 2019 08:55:03 +0200, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> wrote in
> IDENT_USERNAME_MAX is the maximum length of the information returned
> by an ident server, per RFC 1413. Using it as the buffer size in peer
> authentication is inappropriate. It was done here because of the
> historical relationship between peer and ident authentication. But
> since it's also completely useless code-wise, remove it.
In think one of the reasons for the coding is the fact that *pw is
described to be placed in the static area, which can be overwritten by
succeeding calls to getpw*() functions. I think we can believe
check_usermap() never calls them but I suppose that some comments
needed..
regards.
--
Kyotaro Horiguchi
NTT Open Source Software Center
| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com> |
| Cc: | peter(dot)eisentraut(at)2ndquadrant(dot)com, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Remove one use of IDENT_USERNAME_MAX |
| Date: | 2019-10-28 13:45:54 |
| Message-ID: | 14311.1572270354@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Lists: | pgsql-hackers |
Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com> writes:
> At Sat, 26 Oct 2019 08:55:03 +0200, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> wrote in
>> IDENT_USERNAME_MAX is the maximum length of the information returned
>> by an ident server, per RFC 1413. Using it as the buffer size in peer
>> authentication is inappropriate. It was done here because of the
>> historical relationship between peer and ident authentication. But
>> since it's also completely useless code-wise, remove it.
> In think one of the reasons for the coding is the fact that *pw is
> described to be placed in the static area, which can be overwritten by
> succeeding calls to getpw*() functions.
Good point ... so maybe pstrdup instead of using a fixed-size buffer?
regards, tom lane
| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Remove one use of IDENT_USERNAME_MAX |
| Date: | 2019-10-29 07:10:28 |
| Message-ID: | eedd3c43-ed87-3c84-de36-07a83ca94265@2ndquadrant.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Lists: | pgsql-hackers |
On 2019-10-28 14:45, Tom Lane wrote:
> Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com> writes:
>> At Sat, 26 Oct 2019 08:55:03 +0200, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> wrote in
>>> IDENT_USERNAME_MAX is the maximum length of the information returned
>>> by an ident server, per RFC 1413. Using it as the buffer size in peer
>>> authentication is inappropriate. It was done here because of the
>>> historical relationship between peer and ident authentication. But
>>> since it's also completely useless code-wise, remove it.
>
>> In think one of the reasons for the coding is the fact that *pw is
>> described to be placed in the static area, which can be overwritten by
>> succeeding calls to getpw*() functions.
>
> Good point ... so maybe pstrdup instead of using a fixed-size buffer?
Maybe. Or we just decide that check_usermap() is not allowed to call
getpw*(). It's just a string-matching routine, so it doesn't have any
such business anyway.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
| Cc: | Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Remove one use of IDENT_USERNAME_MAX |
| Date: | 2019-10-29 14:34:00 |
| Message-ID: | 13092.1572359640@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Lists: | pgsql-hackers |
Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> writes:
> On 2019-10-28 14:45, Tom Lane wrote:
>> Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com> writes:
>>> In think one of the reasons for the coding is the fact that *pw is
>>> described to be placed in the static area, which can be overwritten by
>>> succeeding calls to getpw*() functions.
>> Good point ... so maybe pstrdup instead of using a fixed-size buffer?
> Maybe. Or we just decide that check_usermap() is not allowed to call
> getpw*(). It's just a string-matching routine, so it doesn't have any
> such business anyway.
I'm okay with that as long as you add a comment describing this
assumption.
regards, tom lane
| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Remove one use of IDENT_USERNAME_MAX |
| Date: | 2019-10-30 10:19:30 |
| Message-ID: | 062cc5e1-554e-7f5d-b7ea-1d9888679680@2ndquadrant.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Lists: | pgsql-hackers |
On 2019-10-29 15:34, Tom Lane wrote:
> Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> writes:
>> On 2019-10-28 14:45, Tom Lane wrote:
>>> Kyotaro Horiguchi <horikyota(dot)ntt(at)gmail(dot)com> writes:
>>>> In think one of the reasons for the coding is the fact that *pw is
>>>> described to be placed in the static area, which can be overwritten by
>>>> succeeding calls to getpw*() functions.
>
>>> Good point ... so maybe pstrdup instead of using a fixed-size buffer?
>
>> Maybe. Or we just decide that check_usermap() is not allowed to call
>> getpw*(). It's just a string-matching routine, so it doesn't have any
>> such business anyway.
>
> I'm okay with that as long as you add a comment describing this
> assumption.
Committed with a pstrdup(). That seemed more consistent with other code
in that file.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services