On Thu, Jun 1, 2017 at 4:58 AM, Heikki Linnakangas <hlinn...@iki.fi> wrote: > I bisected that; the culprit was commit 61bf96cab0, where I refactored the > libpq authentication code in preparation for SCRAM. The logic around that > free() was always a bit wonky, but the refactoring made it outright broken. > Attached is a patch for that, see commit message for details. (Review of > that would be welcome.)
That looks fine to me. > So, after fixing that, back to the original question; don't we have a > similar "duplicate authentication request" problem with GSS? Yes, turns out > that we do, even on stable branches: > > psql "sslmode=prefer dbname=postgres hostaddr=127.0.0.1 krbsrvname=postgres > host=localhost user=krbtestuser" > psql: duplicate GSS authentication request > > To fix, I suppose we can do what you did for SASL in your patch, and move > the cleanup of conn->gctx from closePGconn to pgDropConnection. And I > presume we need to do the same for the SSPI state too, but I don't have a > Windows set up to test that at the moment. SSPI does not complain with sslmode=prefer as each time pg_SSPI_startup() is called conn->sspictx is enforced to NULL. This looks wrong to me by the way as pg_SSPI_startup() is invoked only once per authentication, and it leaks memory this way. That's also inconsistent with SASL and GSS. At the same time this inconsistency is not causing actual problems except a leak with SSPI in libpq, so not doing anything except on HEAD looks fine to me. -- Michael
libpq-auth-cleanup.patch
Description: Binary data
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
