Обсуждение: pgsql: Fix handling of HBA ldapserver with multiple hostnames.
Fix handling of HBA ldapserver with multiple hostnames. Commit 35c0754f failed to handle space-separated lists of alternative hostnames in ldapserver, when building a URI for ldap_initialize() (OpenLDAP). Such lists need to be expanded to space-separated URIs. Repair. Back-patch to 11, to fix bug report #15495. Author: Thomas Munro Reported-by: Renaud Navarro Discussion: https://postgr.es/m/15495-2c39fc196c95cd72%40postgresql.org Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/257ef3cd4fec7ca1213f31b660486b492b1c7031 Modified Files -------------- src/backend/libpq/auth.c | 42 +++++++++++++++++++++++++++++++++++++----- src/test/ldap/t/001_auth.pl | 18 +++++++++++++++++- 2 files changed, 54 insertions(+), 6 deletions(-)
Thomas Munro <tmunro@postgresql.org> writes:
> Fix handling of HBA ldapserver with multiple hostnames.
longfin thinks this has a problem with const-ness:
auth.c:2380:10: error: passing 'const char *' to parameter of type 'void *' discards qualifiers
[-Werror,-Wincompatible-pointer-types-discards-qualifiers]
pfree(hostname);
^~~~~~~~
regards, tom lane
On Tue, Nov 13, 2018 at 6:37 PM Tom Lane <tgl@sss.pgh.pa.us> wrote: > Thomas Munro <tmunro@postgresql.org> writes: > > Fix handling of HBA ldapserver with multiple hostnames. > > longfin thinks this has a problem with const-ness: > > auth.c:2380:10: error: passing 'const char *' to parameter of type 'void *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers] > pfree(hostname); > ^~~~~~~~ Thanks, fixing. Embarassingly, I had turned off -Werror for this because my Mac spews strange warnings when you use OpenLDAP, a problem to which there must be a better solution. -- Thomas Munro http://www.enterprisedb.com
Thomas Munro <thomas.munro@enterprisedb.com> writes:
> Thanks, fixing. Embarassingly, I had turned off -Werror for this
> because my Mac spews strange warnings when you use OpenLDAP, a problem
> to which there must be a better solution.
Hm, what warnings?
regards, tom lane
On Tue, Nov 13, 2018 at 6:54 PM Tom Lane <tgl@sss.pgh.pa.us> wrote: > Thomas Munro <thomas.munro@enterprisedb.com> writes: > > Thanks, fixing. Embarassingly, I had turned off -Werror for this > > because my Mac spews strange warnings when you use OpenLDAP, a problem > > to which there must be a better solution. > > Hm, what warnings? Apple ships OpenLDAP headers that tell you to ditch it and use Apple OpenDirectory Framework: fe-connect.c:4354:6: warning: 'ldap_set_option' is deprecated: first deprecated in macOS 10.11 - use OpenDirectory Framework [-Wdeprecated-declarations] I should probably use MacPorts for that. -- Thomas Munro http://www.enterprisedb.com
Thomas Munro <thomas.munro@enterprisedb.com> writes:
> On Tue, Nov 13, 2018 at 6:54 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> Hm, what warnings?
> Apple ships OpenLDAP headers that tell you to ditch it and use Apple
> OpenDirectory Framework:
Oh, that. I just use -Wno-deprecated-declarations.
A bigger issue to my mind is that configure bleats about the
OpenLDAP version:
checking for compatible LDAP implementation... (cached) no
configure: WARNING:
*** With OpenLDAP versions 2.4.24 through 2.4.31, inclusive, each backend
*** process that loads libpq (via WAL receiver, dblink, or postgres_fdw) and
*** also uses LDAP will crash on exit.
I have not experimented to see if that's really true on recent macOS,
but if it is, it'd be a problem for production use.
regards, tom lane