-<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.289.2.2 2010/06/17 16:03:36 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.289.2.3 2010/07/14 17:10:02 tgl Exp $ -->
<chapter id="libpq">
<title><application>libpq</application> - C Library</title>
<para>
Using <literal>hostaddr</> instead of <literal>host</> allows the
- application to avoid a host name look-up, which might be important in
- applications with time constraints. However, Kerberos and GSSAPI authentication
- requires the host name. The following therefore applies: If
- <literal>host</> is specified without <literal>hostaddr</>, a host name
- lookup occurs. If <literal>hostaddr</> is specified without
- <literal>host</>, the value for <literal>hostaddr</> gives the remote
- address. When Kerberos is used, a reverse name query occurs to obtain
- the host name for Kerberos. If both
- <literal>host</> and <literal>hostaddr</> are specified, the value for
- <literal>hostaddr</> gives the remote address; the value for
- <literal>host</> is ignored, unless Kerberos is used, in which case that
- value is used for Kerberos authentication. (Note that authentication is
- likely to fail if <application>libpq</application> is passed a host name
- that is not the name of the machine at <literal>hostaddr</>.) Also,
- <literal>host</> rather than <literal>hostaddr</> is used to identify
- the connection in <filename>~/.pgpass</> (see
+ application to avoid a host name look-up, which might be important
+ in applications with time constraints. However, a host name is
+ required for Kerberos, GSSAPI, or SSPI authentication, as well as
+ for full SSL certificate verification. The following rules are
+ used:
+ If <literal>host</> is specified without <literal>hostaddr</>,
+ a host name lookup occurs.
+ If <literal>hostaddr</> is specified without <literal>host</>,
+ the value for <literal>hostaddr</> gives the server address.
+ The connection attempt will fail in any of the cases where a
+ host name is required.
+ If both <literal>host</> and <literal>hostaddr</> are specified,
+ the value for <literal>hostaddr</> gives the server address.
+ The value for <literal>host</> is ignored unless needed for
+ authentication or verification purposes, in which case it will be
+ used as the host name. Note that authentication is likely to fail
+ if <literal>host</> is not the name of the machine at
+ <literal>hostaddr</>.
+ Also, note that <literal>host</> rather than <literal>hostaddr</>
+ is used to identify the connection in <filename>~/.pgpass</> (see
<xref linkend="libpq-pgpass">).
</para>
* Portions Copyright (c) 1994, Regents of the University of California
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.142.2.1 2010/03/08 10:01:24 mha Exp $
+ * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.142.2.2 2010/07/14 17:10:03 tgl Exp $
*
*-------------------------------------------------------------------------
*/
info.pg_krb5_initialised = 0;
- if (!conn->pghost)
+ if (!(conn->pghost && conn->pghost[0] != '\0'))
{
printfPQExpBuffer(&conn->errorMessage,
- "pg_krb5_sendauth: hostname must be specified for Kerberos authentication\n");
+ libpq_gettext("host name must be specified\n"));
return STATUS_ERROR;
}
int maxlen;
gss_buffer_desc temp_gbuf;
- if (!conn->pghost)
+ if (!(conn->pghost && conn->pghost[0] != '\0'))
{
- printfPQExpBuffer(&conn->errorMessage, libpq_gettext("host name must be specified\n"));
+ printfPQExpBuffer(&conn->errorMessage,
+ libpq_gettext("host name must be specified\n"));
return STATUS_ERROR;
}
* but not more complex. We can skip the @REALM part, because Windows will
* fill that in for us automatically.
*/
- if (conn->pghost == NULL)
+ if (!(conn->pghost && conn->pghost[0] != '\0'))
{
- printfPQExpBuffer(&conn->errorMessage, libpq_gettext("host name must be specified\n"));
+ printfPQExpBuffer(&conn->errorMessage,
+ libpq_gettext("host name must be specified\n"));
return STATUS_ERROR;
}
conn->sspitarget = malloc(strlen(conn->krbsrvname) + strlen(conn->pghost) + 2);
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.127.2.2 2009/12/30 03:45:53 tgl Exp $
+ * $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.127.2.3 2010/07/14 17:10:03 tgl Exp $
*
* NOTES
*
verify_peer_name_matches_certificate(PGconn *conn)
{
/*
- * If told not to verify the peer name, don't do it. Return 0 indicating
+ * If told not to verify the peer name, don't do it. Return true indicating
* that the verification was successful.
*/
if (strcmp(conn->sslmode, "verify-full") != 0)
return true;
- if (conn->pghostaddr)
+ if (!(conn->pghost && conn->pghost[0] != '\0'))
{
printfPQExpBuffer(&conn->errorMessage,
- libpq_gettext("verified SSL connections are only supported when connecting to a host name"));
+ libpq_gettext("host name must be specified for a verified SSL connection\n"));
return false;
}
else
else
{
printfPQExpBuffer(&conn->errorMessage,
- libpq_gettext("server common name \"%s\" does not match host name \"%s\""),
+ libpq_gettext("server common name \"%s\" does not match host name \"%s\"\n"),
conn->peer_cn, conn->pghost);
return false;
}
* Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.143 2009/06/23 18:13:23 mha Exp $
+ * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.143.2.1 2010/07/14 17:10:03 tgl Exp $
*
*-------------------------------------------------------------------------
*/
{
/* Saved values of connection options */
char *pghost; /* the machine on which the server is running */
- char *pghostaddr; /* the IPv4 address of the machine on which
- * the server is running, in IPv4
- * numbers-and-dots notation. Takes precedence
- * over above. */
+ char *pghostaddr; /* the numeric IP address of the machine on
+ * which the server is running. Takes
+ * precedence over above. */
char *pgport; /* the server's communication port */
char *pgunixsocket; /* the Unix-domain socket that the server is
* listening on; if NULL, uses a default
projects / users / c2main / postgres.git / commitdiff