Fix SSPI login when multiple roundtrips are required

This fixes SSPI login failures showing "The function requested is not supported", often showing up when connecting to localhost. The reason was not properly updating the SSPI handle when multiple roundtrips were required to complete the authentication sequence. Report and analysis by Ahmed Shinwari, patch by Magnus Hagander
author: Magnus Hagander 2011-07-16 17:58:53 +0000
committer: Magnus Hagander 2011-07-16 18:01:47 +0000
commit: d662e3970d265a9edc645d2755cf427ed33498c1 (patch)
tree: e2a16c476201064233039d847e997b77a65a3640
parent: 75f386df50939072c060a1656b1209c13b5545f8 (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 74e61a4b636..c749139eed6 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -1366,16 +1366,22 @@ pg_SSPI_recvauth(Port *port)
 						  _("could not accept SSPI security context"), r);
 		}
 
+		/*
+		 * Overwrite the current context with the one we just received.
+		 * If sspictx is NULL it was the first loop and we need to allocate
+		 * a buffer for it. On subsequent runs, we can just overwrite the
+		 * buffer contents since the size does not change.
+		 */
 		if (sspictx == NULL)
 		{
 			sspictx = malloc(sizeof(CtxtHandle));
 			if (sspictx == NULL)
 				ereport(ERROR,
 						(errmsg("out of memory")));
-
-			memcpy(sspictx, &newctx, sizeof(CtxtHandle));
 		}
 
+		memcpy(sspictx, &newctx, sizeof(CtxtHandle));
+
 		if (r == SEC_I_CONTINUE_NEEDED)
 			elog(DEBUG4, "SSPI continue needed");
author	Magnus Hagander	2011-07-16 17:58:53 +0000
committer	Magnus Hagander	2011-07-16 18:01:47 +0000
commit	d662e3970d265a9edc645d2755cf427ed33498c1 (patch)
tree	e2a16c476201064233039d847e997b77a65a3640
parent	75f386df50939072c060a1656b1209c13b5545f8 (diff)