I have applied the following patch to document PQinitSSL() and

PQregisterThreadLock(). I also remove the crypt() mention in the libpq threading section and added a single sentence in the client-auth manual page under crypt(). Crypt authentication is so old now that a separate paragraph about it seemed unwise. I also added a comment about our use of locking around pqGetpwuid().

I have applied the following patch to document PQinitSSL() and
PQregisterThreadLock(). I also remove the crypt() mention in the libpq threading section and added a single sentence in the client-auth manual page under crypt(). Crypt authentication is so old now that a separate paragraph about it seemed unwise. I also added a comment about our use of locking around pqGetpwuid().
81915970 · Bruce Momjian · 18feafcc · 81915970 · 81915970 · 81915970
Commit 81915970 authored Oct 24, 2005 by Bruce Momjian
4 changed files
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.83 2005/08/14 23:35:37 tgl Exp $
+$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.84 2005/10/24 15:38:36 momjian Exp $
 -->
 <chapter id="client-authentication">
@@ -337,6 +337,7 @@ hostnossl  <replaceable>database</replaceable>  <replaceable>user</replaceable>
          authentication.
          Since the password is sent in clear text over the
          network, this should not be used on untrusted networks.
+          It also does not usually work with threaded client applications.
          See <xref linkend="auth-password"> for details.
         </para>
        </listitem>

--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.196 2005/10/20 23:57:51 tgl Exp $
+$PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.197 2005/10/24 15:38:36 momjian Exp $
 -->
 <chapter id="libpq">
@@ -4032,6 +4032,15 @@ however.)
   fail if the server does not present a certificate; therefore, to
   use this feature the server must also have a <filename>root.crt</> file.
  </para>
+  <para>
+   If you are using <acronym>SSL</> inside your application (in addition to
+   inside <application>libpq</application>), you can use <function>PQinitSSL(int)</>
+   to tell <application>libpq</application> that the <acronym>SSL</> library
+   has already been initialized by your application.
+  </para>
 </sect1>
@@ -4081,12 +4090,12 @@ are not thread-safe and should not be used in multithread programs.
 </para>
 <para>
-<application>libpq</application> applications that use the
+If you are using Kerberos inside your application (in addition to inside 
-<literal>crypt</literal> authentication method rely on the
+<application>libpq</application>), you will need to do locking around 
-<literal>crypt()</literal> operating system function, which is often
+Kerberos calls because Kerberos functions are not thread-safe.  See 
-not thread-safe.<indexterm><primary>crypt</><secondary>thread
+function <function>PQregisterThreadLock</> in the 
-safety</></> It is better to use the <literal>md5</literal> method,
+<application>libpq</application> source code for a way to do cooperative 
-which is thread-safe on all platforms.
+locking between <application>libpq</application> and your application.
 </para>
 <para>

--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -10,7 +10,7 @@
 * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.106 2005/10/17 16:24:20 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.107 2005/10/24 15:38:37 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -500,6 +500,16 @@ pg_fe_getauthname(char *PQerrormsg)
 	struct passwd *pw = NULL;
 #endif
+	/*
+	 *	pglock_thread() really only needs to be called around
+	 *	pg_krb5_authname(), but some users are using configure
+	 *	--enable-thread-safety-force, so we might as well do
+	 *	the locking within our library to protect pqGetpwuid().
+	 *	In fact, application developers can use getpwuid()
+	 *	in their application if they use the locking call we
+	 *	provide, or install their own locking function using
+	 *	PQregisterThreadLock().
+	 */
 	pglock_thread();
 #ifdef KRB5

--- a/src/interfaces/libpq/fe-secure.c
+++ b/src/interfaces/libpq/fe-secure.c
@@ -11,7 +11,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.72 2005/10/15 02:49:48 momjian Exp $
+ *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-secure.c,v 1.73 2005/10/24 15:38:37 momjian Exp $
 *
 * NOTES
 *	  [ Most of these notes are wrong/obsolete, but perhaps not all ]
@@ -220,8 +220,8 @@ KWbuHn491xNO25CQWMtem80uKw+pTnisBRF/454n1Jnhub144YRBoN8CAQI=\n\
 /*
- * Exported (but as yet undocumented) function to allow application to
+ *	Exported function to allow application to tell us it's already
- * tell us it's already initialized OpenSSL.
+ *	initialized OpenSSL.
 */
 void
 PQinitSSL(int do_init)