diff --git a/configure b/configure index 89de116af8..a91959c327 100755 --- a/configure +++ b/configure @@ -24822,98 +24822,6 @@ esac -# Check for fnmatch() -{ echo "$as_me:$LINENO: checking for working POSIX fnmatch" >&5 -echo $ECHO_N "checking for working POSIX fnmatch... $ECHO_C" >&6; } -if test "${ac_cv_func_fnmatch_works+set}" = set; then - echo $ECHO_N "(cached) $ECHO_C" >&6 -else - # Some versions of Solaris, SCO, and the GNU C Library - # have a broken or incompatible fnmatch. - # So we run a test program. If we are cross-compiling, take no chance. - # Thanks to John Oleynick, Franc,ois Pinard, and Paul Eggert for this test. - if test "$cross_compiling" = yes; then - ac_cv_func_fnmatch_works=cross -else - cat >conftest.$ac_ext <<_ACEOF -/* confdefs.h. */ -_ACEOF -cat confdefs.h >>conftest.$ac_ext -cat >>conftest.$ac_ext <<_ACEOF -/* end confdefs.h. */ -#include -# define y(a, b, c) (fnmatch (a, b, c) == 0) -# define n(a, b, c) (fnmatch (a, b, c) == FNM_NOMATCH) - -int -main () -{ -return - (!(y ("a*", "abc", 0) - && n ("d*/*1", "d/s/1", FNM_PATHNAME) - && y ("a\\\\bc", "abc", 0) - && n ("a\\\\bc", "abc", FNM_NOESCAPE) - && y ("*x", ".x", 0) - && n ("*x", ".x", FNM_PERIOD) - && 1)); - ; - return 0; -} -_ACEOF -rm -f conftest$ac_exeext -if { (ac_try="$ac_link" -case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_link") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); } && { ac_try='./conftest$ac_exeext' - { (case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - echo "$as_me:$LINENO: \$? = $ac_status" >&5 - (exit $ac_status); }; }; then - ac_cv_func_fnmatch_works=yes -else - echo "$as_me: program exited with status $ac_status" >&5 -echo "$as_me: failed program was:" >&5 -sed 's/^/| /' conftest.$ac_ext >&5 - -( exit $ac_status ) -ac_cv_func_fnmatch_works=no -fi -rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext conftest.$ac_objext conftest.$ac_ext -fi - - -fi -{ echo "$as_me:$LINENO: result: $ac_cv_func_fnmatch_works" >&5 -echo "${ECHO_T}$ac_cv_func_fnmatch_works" >&6; } -if test $ac_cv_func_fnmatch_works = yes; then - -cat >>confdefs.h <<\_ACEOF -#define HAVE_FNMATCH 1 -_ACEOF - -fi - - - -if test x"$ac_cv_func_fnmatch_works" != x"yes"; then - case " $LIBOBJS " in - *" fnmatch.$ac_objext "* ) ;; - *) LIBOBJS="$LIBOBJS fnmatch.$ac_objext" - ;; -esac - -fi # Select semaphore implementation type. if test "$PORTNAME" != "win32"; then diff --git a/configure.in b/configure.in index e006a97a5b..9e4c2caf2e 100644 --- a/configure.in +++ b/configure.in @@ -1,5 +1,5 @@ dnl Process this file with autoconf to produce a configure script. -dnl $PostgreSQL: pgsql/configure.in,v 1.574 2008/11/26 11:26:54 petere Exp $ +dnl $PostgreSQL: pgsql/configure.in,v 1.575 2008/12/02 10:39:30 mha Exp $ dnl dnl Developers, please strive to achieve this order: dnl @@ -1625,11 +1625,6 @@ fi # SunOS doesn't handle negative byte comparisons properly with +/- return AC_FUNC_MEMCMP -# Check for fnmatch() -AC_FUNC_FNMATCH -if test x"$ac_cv_func_fnmatch_works" != x"yes"; then - AC_LIBOBJ(fnmatch) -fi # Select semaphore implementation type. if test "$PORTNAME" != "win32"; then diff --git a/src/include/fnmatchstub.h b/src/include/fnmatchstub.h deleted file mode 100644 index fb23d8f98c..0000000000 --- a/src/include/fnmatchstub.h +++ /dev/null @@ -1,27 +0,0 @@ -/*------------------------------------------------------------------------- - * - * fnmatchstub.h - * Stubs for fnmatch() in port/fnmatch.c - * - * - * Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group - * Portions Copyright (c) 1994, Regents of the University of California - * - * $PostgreSQL: pgsql/src/include/fnmatchstub.h,v 1.1 2008/11/24 09:15:16 mha Exp $ - * - *------------------------------------------------------------------------- - */ -#ifndef FNMATCHSTUB_H -#define FNMATCHSTUB_H - -extern int fnmatch(const char *, const char *, int); -#define FNM_NOMATCH 1 /* Match failed. */ -#define FNM_NOSYS 2 /* Function not implemented. */ -#define FNM_NOESCAPE 0x01 /* Disable backslash escaping. */ -#define FNM_PATHNAME 0x02 /* Slash must be matched by slash. */ -#define FNM_PERIOD 0x04 /* Period must be matched by period. */ -#define FNM_CASEFOLD 0x08 /* Pattern is matched case-insensitive */ -#define FNM_LEADING_DIR 0x10 /* Ignore / after Imatch. */ - - -#endif diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in index 1064d15526..9f6f21bf81 100644 --- a/src/include/pg_config.h.in +++ b/src/include/pg_config.h.in @@ -143,9 +143,6 @@ /* Define to 1 if you have the `fdatasync' function. */ #undef HAVE_FDATASYNC -/* Define to 1 if your system has a working POSIX `fnmatch' function. */ -#undef HAVE_FNMATCH - /* Define to 1 if you have the `fpclass' function. */ #undef HAVE_FPCLASS diff --git a/src/interfaces/libpq/Makefile b/src/interfaces/libpq/Makefile index 82a7fc26c1..5a899d2789 100644 --- a/src/interfaces/libpq/Makefile +++ b/src/interfaces/libpq/Makefile @@ -5,7 +5,7 @@ # Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group # Portions Copyright (c) 1994, Regents of the University of California # -# $PostgreSQL: pgsql/src/interfaces/libpq/Makefile,v 1.169 2008/11/24 09:15:16 mha Exp $ +# $PostgreSQL: pgsql/src/interfaces/libpq/Makefile,v 1.170 2008/12/02 10:39:30 mha Exp $ # #------------------------------------------------------------------------- @@ -34,7 +34,7 @@ OBJS= fe-auth.o fe-connect.o fe-exec.o fe-misc.o fe-print.o fe-lobj.o \ fe-protocol2.o fe-protocol3.o pqexpbuffer.o pqsignal.o fe-secure.o \ libpq-events.o \ md5.o ip.o wchar.o encnames.o noblock.o pgstrcasecmp.o thread.o \ - $(filter crypt.o fnmatch.o getaddrinfo.o inet_aton.o open.o snprintf.o strerror.o strlcpy.o win32error.o, $(LIBOBJS)) + $(filter crypt.o getaddrinfo.o inet_aton.o open.o snprintf.o strerror.o strlcpy.o win32error.o, $(LIBOBJS)) ifeq ($(PORTNAME), cygwin) override shlib = cyg$(NAME)$(DLSUFFIX) @@ -80,7 +80,7 @@ backend_src = $(top_srcdir)/src/backend # For port modules, this only happens if configure decides the module # is needed (see filter hack in OBJS, above). -crypt.c fnmatch.c getaddrinfo.c inet_aton.c noblock.c open.c pgstrcasecmp.c snprintf.c strerror.c strlcpy.c thread.c win32error.c pgsleep.c: % : $(top_srcdir)/src/port/% +crypt.c getaddrinfo.c inet_aton.c noblock.c open.c pgstrcasecmp.c snprintf.c strerror.c strlcpy.c thread.c win32error.c pgsleep.c: % : $(top_srcdir)/src/port/% rm -f $@ && $(LN_S) $< . md5.c ip.c: % : $(backend_src)/libpq/% @@ -123,7 +123,7 @@ uninstall: uninstall-lib rm -f '$(DESTDIR)$(datadir)/pg_service.conf.sample' clean distclean: clean-lib - rm -f $(OBJS) pg_config_paths.h crypt.c fnmatch.c getaddrinfo.c inet_aton.c noblock.c open.c pgstrcasecmp.c snprintf.c strerror.c strlcpy.c thread.c md5.c ip.c encnames.c wchar.c win32error.c pgsleep.c pthread.h libpq.rc + rm -f $(OBJS) pg_config_paths.h crypt.c getaddrinfo.c inet_aton.c noblock.c open.c pgstrcasecmp.c snprintf.c strerror.c strlcpy.c thread.c md5.c ip.c encnames.c wchar.c win32error.c pgsleep.c pthread.h libpq.rc # Might be left over from a Win32 client-only build rm -f pg_config_paths.h diff --git a/src/interfaces/libpq/fe-secure.c b/src/interfaces/libpq/fe-secure.c index 9f6781be47..5d1747821b 100644 --- a/src/interfaces/libpq/fe-secure.c +++ b/src/interfaces/libpq/fe-secure.c @@ -11,7 +11,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.109 2008/11/24 19:19:46 mha Exp $ + * $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.110 2008/12/02 10:39:30 mha Exp $ * * NOTES * @@ -55,6 +55,7 @@ #endif #ifdef USE_SSL + #include #include #if (SSLEAY_VERSION_NUMBER >= 0x00907000L) @@ -64,16 +65,6 @@ #include #endif -/* fnmatch() needed for client certificate checking */ -#ifdef HAVE_FNMATCH -#include -#else -#include "fnmatchstub.h" -#endif -#endif /* USE_SSL */ - - -#ifdef USE_SSL #ifndef WIN32 #define USER_CERT_FILE ".postgresql/postgresql.crt" @@ -443,6 +434,51 @@ verify_cb(int ok, X509_STORE_CTX *ctx) return ok; } + +/* + * Check if a wildcard certificate matches the server hostname. + * + * The rule for this is: + * 1. We only match the '*' character as wildcard + * 2. We match only wildcards at the start of the string + * 3. The '*' character does *not* match '.', meaning that we match only + * a single pathname component. + * 4. We don't support more than one '*' in a single pattern. + * + * This is roughly in line with RFC2818, but contrary to what most browsers + * appear to be implementing (point 3 being the difference) + * + * Matching is always cone case-insensitive, since DNS is case insensitive. + */ +static int +wildcard_certificate_match(const char *pattern, const char *string) +{ + int lenpat = strlen(pattern); + int lenstr = strlen(string); + + /* If we don't start with a wildcard, it's not a match (rule 1 & 2) */ + if (lenpat < 3 || + pattern[0] != '*' || + pattern[1] != '.') + return 0; + + if (lenpat > lenstr) + /* If pattern is longer than the string, we can never match */ + return 0; + + if (pg_strcasecmp(pattern+1, string+lenstr-lenpat+1) != 0) + /* If string does not end in pattern (minus the wildcard), we don't match */ + return 0; + + if (strchr(string, '.') < string+lenstr-lenpat) + /* If there is a dot left of where the pattern started to match, we don't match (rule 3) */ + return 0; + + /* String ended with pattern, and didn't have a dot before, so we match */ + return 1; +} + + /* * Verify that common name resolves to peer. */ @@ -472,7 +508,7 @@ verify_peer_name_matches_certificate(PGconn *conn) if (pg_strcasecmp(conn->peer_cn, conn->pghost) == 0) /* Exact name match */ return true; - else if (fnmatch(conn->peer_cn, conn->pghost, FNM_NOESCAPE/* | FNM_CASEFOLD*/) == 0) + else if (wildcard_certificate_match(conn->peer_cn, conn->pghost)) /* Matched wildcard certificate */ return true; else diff --git a/src/port/fnmatch.c b/src/port/fnmatch.c deleted file mode 100644 index c7fbc54a31..0000000000 --- a/src/port/fnmatch.c +++ /dev/null @@ -1,198 +0,0 @@ -/*------------------------------------------------------------------------- - * - * fnmatch.c - * fnmatch() - wildcard matching function - * - * Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group - * - * - * IDENTIFICATION - * $PostgreSQL: pgsql/src/port/fnmatch.c,v 1.1 2008/11/24 09:15:16 mha Exp $ - * - * This file was taken from NetBSD and is used on platforms that don't - * provide fnmatch(). The NetBSD copyright terms follow. - *------------------------------------------------------------------------- - */ - -/* $NetBSD: fnmatch.c,v 1.21 2005/12/24 21:11:16 perry Exp $ */ - -/* - * Copyright (c) 1989, 1993, 1994 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Guido van Rossum. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Function fnmatch() as specified in POSIX 1003.2-1992, section B.6. - * Compares a filename or pathname to a pattern. - */ - -#include "c.h" -#include "fnmatchstub.h" - -#define EOS '\0' - -static const char *rangematch (const char *, int, int); - -static inline int -foldcase(int ch, int flags) -{ - - if ((flags & FNM_CASEFOLD) != 0 && isupper(ch)) - return (tolower(ch)); - return (ch); -} - -#define FOLDCASE(ch, flags) foldcase((unsigned char)(ch), (flags)) - -int -fnmatch(pattern, string, flags) - const char *pattern, *string; - int flags; -{ - const char *stringstart; - char c, test; - - for (stringstart = string;;) - switch (c = FOLDCASE(*pattern++, flags)) { - case EOS: - if ((flags & FNM_LEADING_DIR) && *string == '/') - return (0); - return (*string == EOS ? 0 : FNM_NOMATCH); - case '?': - if (*string == EOS) - return (FNM_NOMATCH); - if (*string == '/' && (flags & FNM_PATHNAME)) - return (FNM_NOMATCH); - if (*string == '.' && (flags & FNM_PERIOD) && - (string == stringstart || - ((flags & FNM_PATHNAME) && *(string - 1) == '/'))) - return (FNM_NOMATCH); - ++string; - break; - case '*': - c = FOLDCASE(*pattern, flags); - /* Collapse multiple stars. */ - while (c == '*') - c = FOLDCASE(*++pattern, flags); - - if (*string == '.' && (flags & FNM_PERIOD) && - (string == stringstart || - ((flags & FNM_PATHNAME) && *(string - 1) == '/'))) - return (FNM_NOMATCH); - - /* Optimize for pattern with * at end or before /. */ - if (c == EOS) { - if (flags & FNM_PATHNAME) - return ((flags & FNM_LEADING_DIR) || - strchr(string, '/') == NULL ? - 0 : FNM_NOMATCH); - else - return (0); - } else if (c == '/' && flags & FNM_PATHNAME) { - if ((string = strchr(string, '/')) == NULL) - return (FNM_NOMATCH); - break; - } - - /* General case, use recursion. */ - while ((test = FOLDCASE(*string, flags)) != EOS) { - if (!fnmatch(pattern, string, - flags & ~FNM_PERIOD)) - return (0); - if (test == '/' && flags & FNM_PATHNAME) - break; - ++string; - } - return (FNM_NOMATCH); - case '[': - if (*string == EOS) - return (FNM_NOMATCH); - if (*string == '/' && flags & FNM_PATHNAME) - return (FNM_NOMATCH); - if ((pattern = - rangematch(pattern, FOLDCASE(*string, flags), - flags)) == NULL) - return (FNM_NOMATCH); - ++string; - break; - case '\\': - if (!(flags & FNM_NOESCAPE)) { - if ((c = FOLDCASE(*pattern++, flags)) == EOS) { - c = '\\'; - --pattern; - } - } - /* FALLTHROUGH */ - default: - if (c != FOLDCASE(*string++, flags)) - return (FNM_NOMATCH); - break; - } - /* NOTREACHED */ -} - -static const char * -rangematch(pattern, test, flags) - const char *pattern; - int test, flags; -{ - int negate, ok; - char c, c2; - - /* - * A bracket expression starting with an unquoted circumflex - * character produces unspecified results (IEEE 1003.2-1992, - * 3.13.2). This implementation treats it like '!', for - * consistency with the regular expression syntax. - * J.T. Conklin (conklin@ngai.kaleida.com) - */ - if ((negate = (*pattern == '!' || *pattern == '^')) != 0) - ++pattern; - - for (ok = 0; (c = FOLDCASE(*pattern++, flags)) != ']';) { - if (c == '\\' && !(flags & FNM_NOESCAPE)) - c = FOLDCASE(*pattern++, flags); - if (c == EOS) - return (NULL); - if (*pattern == '-' - && (c2 = FOLDCASE(*(pattern+1), flags)) != EOS && - c2 != ']') { - pattern += 2; - if (c2 == '\\' && !(flags & FNM_NOESCAPE)) - c2 = FOLDCASE(*pattern++, flags); - if (c2 == EOS) - return (NULL); - if (c <= test && test <= c2) - ok = 1; - } else if (c == test) - ok = 1; - } - return (ok == negate ? NULL : pattern); -} diff --git a/src/tools/msvc/Mkvcbuild.pm b/src/tools/msvc/Mkvcbuild.pm index 172ce6ef93..c890bb5373 100644 --- a/src/tools/msvc/Mkvcbuild.pm +++ b/src/tools/msvc/Mkvcbuild.pm @@ -3,7 +3,7 @@ package Mkvcbuild; # # Package that generates build files for msvc build # -# $PostgreSQL: pgsql/src/tools/msvc/Mkvcbuild.pm,v 1.33 2008/11/24 09:15:16 mha Exp $ +# $PostgreSQL: pgsql/src/tools/msvc/Mkvcbuild.pm,v 1.34 2008/12/02 10:39:31 mha Exp $ # use Carp; use Win32; @@ -43,7 +43,7 @@ sub mkvcbuild $solution = new Solution($config); our @pgportfiles = qw( - chklocale.c crypt.c fseeko.c fnmatch.c getrusage.c inet_aton.c random.c srandom.c + chklocale.c crypt.c fseeko.c getrusage.c inet_aton.c random.c srandom.c unsetenv.c getaddrinfo.c gettimeofday.c kill.c open.c rand.c snprintf.c strlcat.c strlcpy.c copydir.c dirmod.c exec.c noblock.c path.c pipe.c pgsleep.c pgstrcasecmp.c qsort.c qsort_arg.c sprompt.c thread.c