-
+
<application>libpq</application> - C Library
Using hostaddr instead of host allows the
- application to avoid a host name look-up, which might be important in
- applications with time constraints. However, Kerberos and GSSAPI authentication
- requires the host name. The following therefore applies: If
- host is specified without hostaddr, a host name
- lookup occurs. If hostaddr is specified without
- host, the value for hostaddr gives the remote
- address. When Kerberos is used, a reverse name query occurs to obtain
- the host name for Kerberos. If both
- host and hostaddr are specified, the value for
- hostaddr gives the remote address; the value for
- host is ignored, unless Kerberos is used, in which case that
- value is used for Kerberos authentication. (Note that authentication is
- likely to fail if
libpq is passed a host name
- that is not the name of the machine at hostaddr.) Also,
- host rather than hostaddr is used to identify
- the connection in ~/.pgpass (see
+ application to avoid a host name look-up, which might be important
+ in applications with time constraints. However, a host name is
+ required for Kerberos, GSSAPI, or SSPI authentication, as well as
+ for full SSL certificate verification. The following rules are
+ used:
+ If host is specified without hostaddr,
+ a host name lookup occurs.
+ If hostaddr is specified without host,
+ the value for hostaddr gives the server address.
+ The connection attempt will fail in any of the cases where a
+ host name is required.
+ If both host and hostaddr are specified,
+ the value for hostaddr gives the server address.
+ The value for host is ignored unless needed for
+ authentication or verification purposes, in which case it will be
+ used as the host name. Note that authentication is likely to fail
+ if host is not the name of the machine at
+ hostaddr.
+ Also, note that host rather than hostaddr
+ is used to identify the connection in ~/.pgpass (see
).
* Portions Copyright (c) 1994, Regents of the University of California
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.144 2010/03/08 10:01:12 mha Exp $
+ * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.144.4.1 2010/07/14 17:09:54 tgl Exp $
*
*-------------------------------------------------------------------------
*/
info.pg_krb5_initialised = 0;
- if (!conn->pghost)
+ if (!(conn->pghost && conn->pghost[0] != '\0'))
{
printfPQExpBuffer(&conn->errorMessage,
- "pg_krb5_sendauth: hostname must be specified for Kerberos authentication\n");
+ libpq_gettext("host name must be specified\n"));
return STATUS_ERROR;
}
int maxlen;
gss_buffer_desc temp_gbuf;
- if (!conn->pghost)
+ if (!(conn->pghost && conn->pghost[0] != '\0'))
{
- printfPQExpBuffer(&conn->errorMessage, libpq_gettext("host name must be specified\n"));
+ printfPQExpBuffer(&conn->errorMessage,
+ libpq_gettext("host name must be specified\n"));
return STATUS_ERROR;
}
* but not more complex. We can skip the @REALM part, because Windows will
* fill that in for us automatically.
*/
- if (conn->pghost == NULL)
+ if (!(conn->pghost && conn->pghost[0] != '\0'))
{
- printfPQExpBuffer(&conn->errorMessage, libpq_gettext("host name must be specified\n"));
+ printfPQExpBuffer(&conn->errorMessage,
+ libpq_gettext("host name must be specified\n"));
return STATUS_ERROR;
}
conn->sspitarget = malloc(strlen(conn->krbsrvname) + strlen(conn->pghost) + 2);
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.135 2010/07/06 19:19:01 momjian Exp $
+ * $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.135.2.1 2010/07/14 17:09:54 tgl Exp $
*
* NOTES
*
verify_peer_name_matches_certificate(PGconn *conn)
{
/*
- * If told not to verify the peer name, don't do it. Return 0 indicating
+ * If told not to verify the peer name, don't do it. Return true indicating
* that the verification was successful.
*/
if (strcmp(conn->sslmode, "verify-full") != 0)
return true;
- if (conn->pghostaddr)
+ if (!(conn->pghost && conn->pghost[0] != '\0'))
{
printfPQExpBuffer(&conn->errorMessage,
- libpq_gettext("verified SSL connections are only supported when connecting to a host name\n"));
+ libpq_gettext("host name must be specified for a verified SSL connection\n"));
return false;
}
else
* Portions Copyright (c) 1996-2010, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.152 2010/07/06 19:19:01 momjian Exp $
+ * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.152.2.1 2010/07/14 17:09:54 tgl Exp $
*
*-------------------------------------------------------------------------
*/
{
/* Saved values of connection options */
char *pghost; /* the machine on which the server is running */
- char *pghostaddr; /* the IPv4 address of the machine on which
- * the server is running, in IPv4
- * numbers-and-dots notation. Takes precedence
- * over above. */
+ char *pghostaddr; /* the numeric IP address of the machine on
+ * which the server is running. Takes
+ * precedence over above. */
char *pgport; /* the server's communication port */
char *pgunixsocket; /* the Unix-domain socket that the server is
* listening on; if NULL, uses a default
projects / postgresql.git / commitdiff