From 0886dde5f83611d1d84a29cb3c4549bf6588668e Mon Sep 17 00:00:00 2001 From: Magnus Hagander Date: Sat, 16 Jul 2011 19:58:53 +0200 Subject: [PATCH] Fix SSPI login when multiple roundtrips are required This fixes SSPI login failures showing "The function requested is not supported", often showing up when connecting to localhost. The reason was not properly updating the SSPI handle when multiple roundtrips were required to complete the authentication sequence. Report and analysis by Ahmed Shinwari, patch by Magnus Hagander --- src/backend/libpq/auth.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 7799111301..936cfea109 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -1349,16 +1349,22 @@ pg_SSPI_recvauth(Port *port) _("could not accept SSPI security context"), r); } + /* + * Overwrite the current context with the one we just received. + * If sspictx is NULL it was the first loop and we need to allocate + * a buffer for it. On subsequent runs, we can just overwrite the + * buffer contents since the size does not change. + */ if (sspictx == NULL) { sspictx = malloc(sizeof(CtxtHandle)); if (sspictx == NULL) ereport(ERROR, (errmsg("out of memory"))); - - memcpy(sspictx, &newctx, sizeof(CtxtHandle)); } + memcpy(sspictx, &newctx, sizeof(CtxtHandle)); + if (r == SEC_I_CONTINUE_NEEDED) elog(DEBUG4, "SSPI continue needed");