gss_acquire_cred on Windows - kerberos

I'm trying to acquire credentials for Administrator on Windows host.
I'm under mingw64_shell.
Here is my credential:
$ klist
Credentials cache: FILE:/tmp/krb5cc_1049076
Principal: Administrator#CORP.PEROKSID.COM
Issued Expires Principal
Jan 4 10:14:07 2016 Jan 4 20:14:07 2016 krbtgt/CORP.PEROKSID.COM#CORP.PEROKSID.COM
Here is my code:
#include <stdio.h>
#include <string.h>
#include <gss.h>
static void doDisplay(const char *m,OM_uint32 code,int type)
{
OM_uint32 maj_stat, min_stat;
gss_buffer_desc msg;
OM_uint32 msg_ctx;
msg_ctx = 0;
while (1)
{
maj_stat = gss_display_status(&min_stat, code,
type, GSS_C_NULL_OID,
&msg_ctx, &msg);
printf("GSS-API error %s - type: %s code: %d, msg: %s\n", m,
type == GSS_C_GSS_CODE ? "major" : "minor",
code,
(char *)msg.value);
gss_release_buffer(&min_stat, &msg);
if (!msg_ctx)
break;
}
}
void displayError(const char *msg, OM_uint32 maj_stat, OM_uint32 min_stat)
{
doDisplay(msg, maj_stat, GSS_C_GSS_CODE);
doDisplay(msg, min_stat, GSS_C_MECH_CODE);
}
int getCreds(const char *service_name, gss_cred_id_t *server_creds)
{
printf ("Test name: %s\n", service_name);
gss_buffer_desc name_buf;
gss_name_t server_name;
OM_uint32 maj_stat, min_stat;
name_buf.value = service_name;
//name_buf.length = strlen(name_buf.value) + 1;
name_buf.length = strlen(name_buf.value);
maj_stat = gss_import_name(&min_stat, &name_buf,
(gss_OID) GSS_C_NT_HOSTBASED_SERVICE, &server_name);
if (maj_stat != GSS_S_COMPLETE)
{
displayError("importing name", maj_stat, min_stat);
return -1;
}
maj_stat = gss_acquire_cred(&min_stat, server_name, 0,
GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
server_creds, NULL, NULL);
if (maj_stat != GSS_S_COMPLETE)
{
displayError("acquiring credentials", maj_stat, min_stat);
return -1;
}
(void) gss_release_name(&min_stat, &server_name);
return 0;
}
int main(int argc, char** argv) {
gss_cred_id_t gsscreds;
if(getCreds(argv[1], &gsscreds) != 0)
return 1;
}
I have compiled it as a.exe. I run it:
$ ./a.exe 'Administrator#CORP.PEROKSID.COM'
Test name: Administrator#CORP.PEROKSID.COM
GSS-API error acquiring credentials - type: major code: 458752, msg: No credentials were supplied, or the credentials were unavailable or inaccessible
GSS-API error acquiring credentials - type: minor code: 11, msg: No principal in keytab matches desired name
How I can fix this error?

You probably misunderstood the API. The servername you are importing with GSS_C_NT_HOSTBASED_SERVICE is your target server. gss_acquire_cred needs an initiate crdential. accept is for servers/services. Services do work with keytabs only and client with caches or client keytabs. Since you have a valid credential cache for a user principal, you want to initiate a context with a client redential.

Related

Segmentation Fault in EVP_DigestFinal_ex -> SHA256_Final due to NULL algctx

using Linux (ubuntu 20.04) machine, openssl 3.0.7 is installed , running a sample code for signing.
we followed below procedure for signing. getting segmentation fault in EVP_DigestFinal_ex.
segmentation fault is happening due to mdctx->algctx=0x0. while debugging the code mdctx->algctx is updated in EVP_DigestInit_ex but latter it was freed in EVP_DigestSignInit. not sure what we are missing and how to update mdctx->algctx to avoid the crash.
#include <stdio.h>
#include <string.h>
#include <openssl/evp.h>
#include <openssl/provider.h>
EVP_PKEY *pkey = NULL;
generate_key(){
EVP_PKEY_CTX *ctx=NULL;
pkey=EVP_PKEY_new();
ctx=EVP_PKEY_CTX_new(pkey,NULL);
ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
if (!ctx)
printf(" key gen failed");
if (EVP_PKEY_keygen_init(ctx) <= 0)
printf(" key gen failed");
if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512) <= 0)
printf(" key gen failed");
/* Generate key */
if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
printf(" key gen failed");
}
int main(int argc, char *argv[])
{
EVP_MD_CTX *mdctx;
const EVP_MD *m_md;
const EVP_MD *md;
EVP_PKEY *m_key;
EVP_PKEY *ed_pkey = NULL;
EVP_PKEY_CTX *ed_pctx = NULL;
// OSSL_PROVIDER *default;
size_t sign_len = 0;
u_int8_t m_sign_buf[2048];
int ret = 0;
char mess1[] = "Test Message\n";
char mess2[] = "Hello World\n";
unsigned char *outdigest = NULL;
unsigned int md_len = 0, i;
printf("args : %s\n",argv[1]);
//default = OSSL_PROVIDE_load(NULL, "default");
//md = EVP_get_digestbyname("SHA256");
//md = EVP_sha256();
md = EVP_MD_fetch(NULL, "SHA256", NULL); //;
if (md == NULL) {
printf("Unknown message digest %s\n", argv[1]);
exit(1);
}
generate_key();
printf("value of md %s\n",md);
mdctx = EVP_MD_CTX_new();
if((EVP_DigestInit_ex(mdctx, md, NULL)) != 1)
printf("EVP_DigestInit_ex failed \n");
if((EVP_DigestSignInit(mdctx, NULL, md, NULL, pkey)) != 1)
printf("EVP_DigestSignInit failed \n");
if((EVP_DigestSignUpdate(mdctx, mess1, strlen(mess1))) != 1)
printf("EVP_DigestSignUpdate failed \n");
//EVP_DigestUpdate(mdctx, mess2, strlen(mess2));
if((EVP_DigestSignFinal(mdctx, (u_int8_t*)NULL, &sign_len)) != 1)
printf("EVP_DigestSignFinal failed \n");
if((EVP_DigestSignFinal(mdctx, m_sign_buf, &sign_len)) != 1)
printf("EVP_DigestSignFinal 2 failed \n");
/* Allocate the output buffer */
outdigest = OPENSSL_malloc(EVP_MD_get_size(md));
if (outdigest == NULL)
printf("outdigest failed \n");
if((EVP_DigestFinal_ex(mdctx, outdigest, &md_len)) != 1)
printf("EVP_DigestFinal_ex failed \n");
EVP_MD_CTX_free(mdctx);
/* Print out the digest result */
BIO_dump_fp(stdout, outdigest, &md_len);
exit(0);
}
`
```
Thanks,
while debugging the code mdctx->algctx is updated in EVP_DigestInit_ex but latter it was freed in EVP_DigestSignInit. not sure what we are missing and how to update mdctx->algctx to avoid the crash.
CRASH Info:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7d99422 in SHA256_Final (md=0x5555555a88d0 "\250UUU\005", c=0x0)
    at ../openssl-3.0.7/include/crypto/md32_common.h:194
194         size_t n = c->num;
(gdb) bt
#0  0x00007ffff7d99422 in SHA256_Final (md=0x5555555a88d0 "\250UUU\005", c=0x0)
    at ../openssl-3.0.7/include/crypto/md32_common.h:194
#1  0x00007ffff7e2628c in sha256_internal_final (ctx=0x0, out=0x5555555a88d0 "\250UUU\005", outl=0x7fffffffda98,
    outsz=32) at ../openssl-3.0.7/providers/implementations/digests/sha2_prov.c:72
#2  0x00007ffff7cbadf6 in EVP_DigestFinal_ex (ctx=0x555555580d80, md=0x5555555a88d0 "\250UUU\005",
    isize=0x7fffffffdad8) at ../openssl-3.0.7/crypto/evp/digest.c:446
#3  0x000055555555575f in main (argc=1, argv=0x7fffffffe458) at test2.c:90

Boost Beast async rest client : async_resolve - resolve: Host not found (authoritative)

I have the async boost rest client code. I am able to compile and run this code using Cygwin on Windows.
#include <boost/beast/core.hpp>
#include <boost/beast/http.hpp>
#include <boost/beast/version.hpp>
#include <boost/asio/connect.hpp>
#include <boost/asio/ip/tcp.hpp>
#include <cstdlib>
#include <functional>
#include <iostream>
#include <memory>
#include <string>
using tcp = boost::asio::ip::tcp; // from <boost/asio/ip/tcp.hpp>
namespace http = boost::beast::http; // from <boost/beast/http.hpp>
void
fail(boost::system::error_code ec, char const* what)
{
std::cerr << what << ": " << ec.message() << "\n";
}
// Performs an HTTP GET and prints the response
class session : public std::enable_shared_from_this<session>
{
tcp::resolver resolver_;
tcp::socket socket_;
boost::beast::flat_buffer buffer_; // (Must persist between reads)
http::request<http::empty_body> req_;
http::response<http::string_body> res_;
public:
// Resolver and socket require an io_context
explicit
session(boost::asio::io_context& ioc)
: resolver_(ioc)
, socket_(ioc)
{
}
// Start the asynchronous operation
void
run(char const* host, char const* port, char const* target, int version)
{
// Set up an HTTP GET request message
req_.version(version);
req_.method(http::verb::get);
req_.target(target);
req_.set(http::field::host, host);
req_.set(http::field::user_agent, BOOST_BEAST_VERSION_STRING);
// Look up the domain name
resolver_.async_resolve(host, port,std::bind( &session::on_resolve, shared_from_this(), std::placeholders::_1, std::placeholders::_2));
}
void
on_resolve( boost::system::error_code ec, tcp::resolver::results_type results)
{
if(ec) {
return fail(ec, "resolve");
}
// Make the connection on the IP address we get from a lookup
boost::asio::async_connect(socket_,results.begin(),results.end(),std::bind(&session::on_connect,shared_from_this(), std::placeholders::_1));
}
void
on_connect(boost::system::error_code ec)
{
if(ec) {
return fail(ec, "connect");
}
// Send the HTTP request to the remote host
http::async_write(socket_, req_,std::bind(&session::on_write, shared_from_this(), std::placeholders::_1, std::placeholders::_2));
}
void
on_write( boost::system::error_code ec, std::size_t bytes_transferred)
{
boost::ignore_unused(bytes_transferred);
if(ec) {
return fail(ec, "write");
}
// Receive the HTTP response
http::async_read(socket_, buffer_, res_, std::bind( &session::on_read, shared_from_this(), std::placeholders::_1, std::placeholders::_2));
}
void
on_read(boost::system::error_code ec, std::size_t bytes_transferred)
{
boost::ignore_unused(bytes_transferred);
if(ec) {
return fail(ec, "read");
}
// Write the message to standard out
std::cout << res_ << std::endl;
// Gracefully close the socket
socket_.shutdown(tcp::socket::shutdown_both, ec);
// not_connected happens sometimes so don't bother reporting it.
if(ec && ec != boost::system::errc::not_connected) {
return fail(ec, "shutdown");
}
// If we get here then the connection is closed gracefully
}
};
int main(int argc, char** argv)
{
// Check command line arguments.
if(argc != 4 && argc != 5)
{
std::cerr <<
"Usage: http-client-async <host> <port> <target> [<HTTP version: 1.0 or 1.1(default)>]\n" <<
"Example:\n" <<
" http-client-async www.example.com 80 /\n" <<
" http-client-async www.example.com 80 / 1.0\n";
return EXIT_FAILURE;
}
auto const host = argv[1];
auto const port = argv[2];
auto const target = argv[3];
int version = argc == 5 && !std::strcmp("1.0", argv[4]) ? 10 : 11;
// The io_context is required for all I/O
boost::asio::io_context ioc;
// Launch the asynchronous operation
std::make_shared<session>(ioc)->run(host, port, target, version);
// Run the I/O service. The call will return when
// the get operation is complete.
ioc.run();
return EXIT_SUCCESS;
}
I have a python REST Server that runs waiting for requests from this client.
#!flask/bin/python
from flask import Flask, jsonify
app = Flask(__name__)
tasks = [
{
'id': 1,
'title': u'Buy groceries',
'description': u'Milk, Cheese, Pizza, Fruit, Tylenol',
'done': False
},
{
'id': 2,
'title': u'Learn Python',
'description': u'Need to find a good Python tutorial on the web',
'done': False
}
]
#app.route('/todo/api/v1.0/tasks', methods=['GET'])
def get_tasks():
return jsonify({'tasks': tasks})
if __name__ == '__main__':
app.run(host='0.0.0.0',debug=True)
I am able to run this server. The output is shown below.
* Serving Flask app 'RESTServer' (lazy loading)
* Environment: production
WARNING: This is a development server. Do not use it in a production deployme
nt.
Use a production WSGI server instead.
* Debug mode: on
* Restarting with stat
* Debugger is active!
* Debugger PIN: 409-562-797
* Running on all addresses.
WARNING: This is a development server. Do not use it in a production deployme
nt.
* Running on http://192.168.1.104:5000/ (Press CTRL+C to quit)
However when I run the REST Client, as below
rest_client.exe http://192.168.1.104 5000 /todo/api/v1.0/tasks
I get the following error
resolve: Host not found (authoritative)
The program expects separate arguments. It even gives you usage instructions:
Usage: http-client-async <host> <port> <target> [<HTTP version: 1.0 or 1.1(default)>]
Example:
http-client-async www.example.com 80 /
http-client-async www.example.com 80 / 1.0
So it looks like you AT LEAST want to remove http://

MIT Kerberos sname types

I have a kerberos service which I can ask a ticket for with kinit and knvo. I can see in wireshark that the sname is set to KRB5_NT_PRINCIPAL. I'm trying to generate a ticket with the MIT C API, but it cannot find the service. I noticed in WireShark that the difference is in the sname. With the c code, it sends the sname-type as "KRB5_NT_SRV_HST" and it fails. I tried to set the service_principal type to KRB5_NT_PRINCIPAL but it still doesn't work. The requests fails in krb5_mk_req function, which is the TGS-REQ message. Here is my code:
#include <stdio.h>
#include <krb5.h>
#include <com_err.h>
#include <string.h>
#include <unistd.h>
#define TKT_LIFETIME 30
#define NO_REPLAYCACHE
static void syslog_err(const char* tag, long code, const char*format, va_list args){
printf("%s: %s in %s\n", tag, error_message(code), format);
}
#define check_code(err, tag)\
if(err){\
void (*proc)(const char*, long, const char*, va_list);\
proc=set_com_err_hook(syslog_err);\
com_err("ERROR: ",(err),(tag));\
(void)set_com_err_hook(proc);\
goto cleanup;\
}
int main() {
const char *username="foo#BAR";
const char *password="foobar";
//const char *host="foobar";
const char kt_pathname[256] = "/etc/krb5.keytab";
char service[256]="krbtgt";
char host[256]="BAR";
krb5_error_code err;
krb5_error_code err_t;
krb5_context context;
krb5_auth_context auth_context = NULL;
krb5_creds credentials;
krb5_principal user_principal,
service_principal;
krb5_verify_init_creds_opt vic_options;
krb5_keytab keytab=NULL;
krb5_ccache ccache;
//char ccache_name[L_tmpnam + 8];
char ccache_name[19]="/tmp/krb5cc_XXXXXX";
krb5_get_init_creds_opt * gic_options;
#ifndef NO_REPLAYCACHE
krb5_verify_init_creds_opt vic_options;
#endif
krb5_data apreq_pkt;
char myhostname[256],sprinc[256];
int have_user_principal =0,
have_service_principal=0,
have_keytab=0,
have_credentials=0,
success=-1,
ccache_retval;
apreq_pkt.data=NULL;
err = krb5_init_context(&context);
check_code(err, "failed to init krb5 context");
ccache_retval = mkstemp(&ccache_name[12]);
if (ccache_retval == -1) printf("Error: failed to create a cache file");
err = krb5_cc_resolve(context,ccache_name,&ccache);
check_code(err, "fill a ccache file");
err = krb5_parse_name(context, username, &user_principal);
check_code(err, "parse principal name");
have_user_principal=1;
err = krb5_cc_initialize(context,ccache,user_principal);
check_code(err, "initialize cc cache");
(void) memset( (char*)&credentials, 0, sizeof(credentials));
krb5_get_init_creds_opt_alloc(context, &gic_options); // Allocate a new initial credential options structure
krb5_get_init_creds_opt_set_tkt_life(gic_options, TKT_LIFETIME); // Set the ticket lifetime in initial credential options
err = krb5_get_init_creds_password(context, &credentials, user_principal,password,0,0,0,NULL,gic_options); //Get initial credentials using a password
check_code(err, "get initial credentials")
// at this point, we have a ticket (stored in credentials)
err = krb5_cc_store_cred(context, ccache, &credentials); // Store credentials in a credential cache
err_t=err;
check_code(err, "store credentials");
if(err_t) have_credentials=1;
err = krb5_sname_to_principal(context,host,service,KRB5_NT_SRV_HST,&service_principal); //Generate a full principal name from a service name KRB5_NT_UNKNOWN
check_code(err, "sname_to_principal");
service_principal->type=KRB5_NT_PRINCIPAL;
have_service_principal=1;
err = krb5_kt_resolve(context,kt_pathname,&keytab); //Get a handle for a key table
check_code(err, "kt_resolve");
have_keytab=1;
#ifndef NO_REPLAYCACHE
krb5_verify_init_creds_opt_init(&vic_options); //Initialize a credential verification options structure
krb5_verify_init_creds_opt_set_ap_req_nofail(&vic_options,1); //Set whether credential verification is required
err = krb5_verify_init_creds(context, &credentials, service_principal, keytab,0,&vic_options); //Verify initial credentials against a keytab
check_code(err,"verify init credentials");
#else
err = krb5_mk_req(context,&auth_context,0,service,host,NULL,ccache,&apreq_pkt);
check_code(err, "apreq_pkt request");
if(auth_context){
krb5_auth_con_free(context,auth_context); //Free a krb5_auth_context structure.
auth_context=NULL;
}
err = krb5_auth_con_init(context,&auth_context); //Create and initialize an authentication context
check_code(err, "auth init");
err = krb5_auth_con_setflags(context,auth_context,~KRB5_AUTH_CONTEXT_DO_TIME); //Set a flags field in a krb5_auth_context structure
check_code(err, "auth set flags");
err = krb5_rd_req(context,&auth_context,&apreq_pkt,service_principal,keytab,NULL,NULL); // This function parses, decrypts and verifies a AP-REQ message
check_code(err, "decrypt & verify AP-REQ message");
if(auth_context){
krb5_auth_con_free(context,auth_context); //Free a krb5_auth_context structure.
auth_context=NULL;
}
#endif
err = krb5_cc_destroy(context,ccache);
if (err!=0)
printf("[*] Failed to destroy kerberos context \n");
else
success=1;
*/
cleanup:
if(apreq_pkt.data)
krb5_free_data_contents(context,&apreq_pkt); // Free the contents of a krb5_data structure and zero the data field
if(have_keytab){
krb5_kt_close(context,keytab);
if (err!=0)
printf("[*] Failed to destroy the keytab \n"); //Close a key table handle
}
krb5_cc_destroy(context,ccache);
if(have_user_principal)
krb5_free_principal(context,user_principal);
if(have_service_principal)
krb5_free_principal(context,service_principal);
if(have_credentials)
krb5_free_cred_contents(context,&credentials);
if(context)
krb5_free_context(context);
return 0;
}
the krb5.conf files both in client& server machine:
KDC & Client krb5.conf:
[libdefaults]
encryption & properties
.
.
.
default_realm = TEST1.EXAMPLE.COM
[domain_realms]
.test1.example.com = TEST1.EXAMPLE.COM
test1.example.com = TEST1.EXAMPLE.COM
[logging]
files configurations
.
.
.
[realms]
TEST1.EXAMPLE.COM = {
kdc = TEST1.EXAMPLE.COM:88
default_domain = TEST1.EXAMPLE.COM
admin_server=TEST1.EXAMPLE.COM
}
where TEST1.EXAMPLE.COM is the realm of them (client & server & application server). each computer ip address is mapped in the /etc/hosts file, i.e: 192.168.x.x
Thank you!

Problem executing code (C/Mongo C driver) on different installation than where first compiled

I have a program compiled and running on Ubuntu server 16.04, in C using Mongo C driver. This works without a problem. If I move this executable to a new installation, I get an error when executing;
testuser#usrv1604:~/bin$ ./error-example
./error-example: symbol lookup error: ./error-example: undefined symbol: mongoc_uri_new_with_error
Always the same error message.
Please see simplified code example below:
#include <stdio.h>
#include <strings.h>
#include <mongoc.h>
int
main (int argc, char *argv[])
{
const char *uri_string = "mongodb://localhost:27017";
mongoc_uri_t *uri;
mongoc_client_t *client;
mongoc_database_t *database;
mongoc_collection_t *collection;
bson_t *command, reply, *insert;
bson_t *b;
bson_error_t error;
mongoc_init ();
uri = mongoc_uri_new_with_error (uri_string, &error);
if (!uri) {
fprintf (stderr,
"failed to parse URI: %s\n"
"error message: %s\n",
uri_string,
error.message);
return EXIT_FAILURE;
}
client = mongoc_client_new_from_uri (uri);
if (!client) {
fprintf(stderr, "mongoc_client_new_from_uri() failed \n");
return EXIT_FAILURE;
}
mongoc_client_set_appname (client, "log-lme");
database = mongoc_client_get_database (client, "sds");
collection = mongoc_client_get_collection (client, "sds", "test");
//
// update db
//
// clean up
mongoc_collection_destroy (collection);
mongoc_database_destroy (database);
mongoc_uri_destroy (uri);
mongoc_client_destroy (client);
mongoc_cleanup ();
return EXIT_SUCCESS;
}
Please check the mongoc driver version installed on the target system. You must have version 1.8 or later to use this API: http://mongoc.org/libmongoc/1.8.0/mongoc_uri_new_with_error.html

Logs (few) are appearing twice during data directory upgrade from PostgreSQL 8.4.8 to PostgreSQL 9.5.2

I was working on cannot write to log... error (described at link) that occurred during PostgreSQL upgrade on Windows OS. None of those answers helped me. While debugging this issue, I noticed that when upgrade is successful, logs in pg_upgrade_internal.log appear as follows:
Running in verbose mode
-----------------------------------------------------------------
pg_upgrade run on Mon Nov 27 10:03:23 2017
-----------------------------------------------------------------
Running in verbose mode
-----------------------------------------------------------------
pg_upgrade run on Mon Nov 27 10:03:23 2017
-----------------------------------------------------------------
Performing Consistency Checks
-----------------------------
....
If you notice, Running in .. pg_upgrade run... is appearing twice. So, I tried to look into the source code of PostgreSQL 9.5.2. It seems that these logs are written from function void parseCommandLine(int argc, char *argv[]) of file \src\bin\pg_upgrade\option.c (link). Here is the source code from PostgreSQL 9.5.2 :
/*
* parseCommandLine()
*
* Parses the command line (argc, argv[]) and loads structures
*/
void
parseCommandLine(int argc, char *argv[])
{
static struct option long_options[] = {
{"old-datadir", required_argument, NULL, 'd'},
{"new-datadir", required_argument, NULL, 'D'},
{"old-bindir", required_argument, NULL, 'b'},
{"new-bindir", required_argument, NULL, 'B'},
{"old-options", required_argument, NULL, 'o'},
{"new-options", required_argument, NULL, 'O'},
{"old-port", required_argument, NULL, 'p'},
{"new-port", required_argument, NULL, 'P'},
{"username", required_argument, NULL, 'U'},
{"check", no_argument, NULL, 'c'},
{"link", no_argument, NULL, 'k'},
{"retain", no_argument, NULL, 'r'},
{"jobs", required_argument, NULL, 'j'},
{"verbose", no_argument, NULL, 'v'},
{NULL, 0, NULL, 0}
};
int option; /* Command line option */
int optindex = 0; /* used by getopt_long */
int os_user_effective_id;
FILE *fp;
char **filename;
time_t run_time = time(NULL);
user_opts.transfer_mode = TRANSFER_MODE_COPY;
os_info.progname = get_progname(argv[0]);
/* Process libpq env. variables; load values here for usage() output */
old_cluster.port = getenv("PGPORTOLD") ? atoi(getenv("PGPORTOLD")) : DEF_PGUPORT;
new_cluster.port = getenv("PGPORTNEW") ? atoi(getenv("PGPORTNEW")) : DEF_PGUPORT;
os_user_effective_id = get_user_info(&os_info.user);
/* we override just the database user name; we got the OS id above */
if (getenv("PGUSER"))
{
pg_free(os_info.user);
/* must save value, getenv()'s pointer is not stable */
os_info.user = pg_strdup(getenv("PGUSER"));
}
if (argc > 1)
{
if (strcmp(argv[1], "--help") == 0 || strcmp(argv[1], "-?") == 0)
{
usage();
exit(0);
}
if (strcmp(argv[1], "--version") == 0 || strcmp(argv[1], "-V") == 0)
{
puts("pg_upgrade (PostgreSQL) " PG_VERSION);
exit(0);
}
}
/* Allow help and version to be run as root, so do the test here. */
if (os_user_effective_id == 0)
pg_fatal("%s: cannot be run as root\n", os_info.progname);
if ((log_opts.internal = fopen_priv(INTERNAL_LOG_FILE, "a")) == NULL)
pg_fatal("cannot write to log file %s\n", INTERNAL_LOG_FILE);
while ((option = getopt_long(argc, argv, "d:D:b:B:cj:ko:O:p:P:rU:v",
long_options, &optindex)) != -1)
{
switch (option)
{
case 'b':
old_cluster.bindir = pg_strdup(optarg);
break;
case 'B':
new_cluster.bindir = pg_strdup(optarg);
break;
case 'c':
user_opts.check = true;
break;
case 'd':
old_cluster.pgdata = pg_strdup(optarg);
old_cluster.pgconfig = pg_strdup(optarg);
break;
case 'D':
new_cluster.pgdata = pg_strdup(optarg);
new_cluster.pgconfig = pg_strdup(optarg);
break;
case 'j':
user_opts.jobs = atoi(optarg);
break;
case 'k':
user_opts.transfer_mode = TRANSFER_MODE_LINK;
break;
case 'o':
/* append option? */
if (!old_cluster.pgopts)
old_cluster.pgopts = pg_strdup(optarg);
else
{
char *old_pgopts = old_cluster.pgopts;
old_cluster.pgopts = psprintf("%s %s", old_pgopts, optarg);
free(old_pgopts);
}
break;
case 'O':
/* append option? */
if (!new_cluster.pgopts)
new_cluster.pgopts = pg_strdup(optarg);
else
{
char *new_pgopts = new_cluster.pgopts;
new_cluster.pgopts = psprintf("%s %s", new_pgopts, optarg);
free(new_pgopts);
}
break;
/*
* Someday, the port number option could be removed and passed
* using -o/-O, but that requires postmaster -C to be
* supported on all old/new versions (added in PG 9.2).
*/
case 'p':
if ((old_cluster.port = atoi(optarg)) <= 0)
{
pg_fatal("invalid old port number\n");
exit(1);
}
break;
case 'P':
if ((new_cluster.port = atoi(optarg)) <= 0)
{
pg_fatal("invalid new port number\n");
exit(1);
}
break;
case 'r':
log_opts.retain = true;
break;
case 'U':
pg_free(os_info.user);
os_info.user = pg_strdup(optarg);
os_info.user_specified = true;
/*
* Push the user name into the environment so pre-9.1
* pg_ctl/libpq uses it.
*/
pg_putenv("PGUSER", os_info.user);
break;
case 'v':
pg_log(PG_REPORT, "Running in verbose mode\n");
log_opts.verbose = true;
break;
default:
pg_fatal("Try \"%s --help\" for more information.\n",
os_info.progname);
break;
}
}
/* label start of upgrade in logfiles */
for (filename = output_files; *filename != NULL; filename++)
{
if ((fp = fopen_priv(*filename, "a")) == NULL)
pg_fatal("cannot write to log file %s\n", *filename);
/* Start with newline because we might be appending to a file. */
fprintf(fp, "\n"
"-----------------------------------------------------------------\n"
" pg_upgrade run on %s"
"-----------------------------------------------------------------\n\n",
ctime(&run_time));
fclose(fp);
}
/* Turn off read-only mode; add prefix to PGOPTIONS? */
if (getenv("PGOPTIONS"))
{
char *pgoptions = psprintf("%s %s", FIX_DEFAULT_READ_ONLY,
getenv("PGOPTIONS"));
pg_putenv("PGOPTIONS", pgoptions);
pfree(pgoptions);
}
else
pg_putenv("PGOPTIONS", FIX_DEFAULT_READ_ONLY);
/* Get values from env if not already set */
check_required_directory(&old_cluster.bindir, NULL, "PGBINOLD", "-b",
"old cluster binaries reside");
check_required_directory(&new_cluster.bindir, NULL, "PGBINNEW", "-B",
"new cluster binaries reside");
check_required_directory(&old_cluster.pgdata, &old_cluster.pgconfig,
"PGDATAOLD", "-d", "old cluster data resides");
check_required_directory(&new_cluster.pgdata, &new_cluster.pgconfig,
"PGDATANEW", "-D", "new cluster data resides");
#ifdef WIN32
/*
* On Windows, initdb --sync-only will fail with a "Permission denied"
* error on file pg_upgrade_utility.log if pg_upgrade is run inside the
* new cluster directory, so we do a check here.
*/
{
char cwd[MAXPGPATH],
new_cluster_pgdata[MAXPGPATH];
strlcpy(new_cluster_pgdata, new_cluster.pgdata, MAXPGPATH);
canonicalize_path(new_cluster_pgdata);
if (!getcwd(cwd, MAXPGPATH))
pg_fatal("cannot find current directory\n");
canonicalize_path(cwd);
if (path_is_prefix_of_path(new_cluster_pgdata, cwd))
pg_fatal("cannot run pg_upgrade from inside the new cluster data directory on Windows\n");
}
#endif
}
This function parseCommandLine is only called once as shown in following code:
int
main(int argc, char **argv)
{
char *analyze_script_file_name = NULL;
char *deletion_script_file_name = NULL;
bool live_check = false;
parseCommandLine(argc, argv);
get_restricted_token(os_info.progname);
...
return 0;
}
Can anyone please explain me, how is this so ? Why the logs are appearing twice ? I might be missing something which is very obvious.
Update:
Other files pg_upgrade_server_start.log, pg_upgrade_server.log, pg_upgrade_utility.log also contain repetitive logs, as mentioned below:
-----------------------------------------------------------------
pg_upgrade run on Mon Nov 27 10:03:23 2017
-----------------------------------------------------------------
-----------------------------------------------------------------
pg_upgrade run on Mon Nov 27 10:03:23 2017
-----------------------------------------------------------------