1
0
mirror of https://github.com/postgres/postgres.git synced 2025-07-28 23:42:10 +03:00

Arrange for the authentication request type to be preserved in

PGconn. Invent a new libpq connection-status function,
PQconnectionUsedPassword() that returns true if the server
demanded a password during authentication, false otherwise.
This may be useful to clients in general, but is immediately
useful to help plug a privilege escalation path in dblink.
Per list discussion and design proposed by Tom Lane.
This commit is contained in:
Joe Conway
2007-07-08 17:11:51 +00:00
parent 8c69d881ce
commit 51bc3dfe4b
6 changed files with 42 additions and 7 deletions

View File

@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.345 2007/03/08 19:27:28 mha Exp $
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.346 2007/07/08 17:11:51 joe Exp $
*
*-------------------------------------------------------------------------
*/
@ -1641,6 +1641,10 @@ keep_going: /* We will come back to here until there is
return PGRES_POLLING_READING;
}
/* save the authentication request type */
if (conn->areq == AUTH_REQ_UNK)
conn->areq = areq;
/* Get the password salt if there is one. */
if (areq == AUTH_REQ_MD5)
{
@ -1873,6 +1877,7 @@ makeEmptyPGconn(void)
conn->std_strings = false; /* unless server says differently */
conn->verbosity = PQERRORS_DEFAULT;
conn->sock = -1;
conn->areq = AUTH_REQ_UNK;
#ifdef USE_SSL
conn->allow_ssl_try = true;
conn->wait_ssl_try = false;
@ -3441,6 +3446,17 @@ PQsetClientEncoding(PGconn *conn, const char *encoding)
return status;
}
bool
PQconnectionUsedPassword(const PGconn *conn)
{
if (conn->areq == AUTH_REQ_MD5 ||
conn->areq == AUTH_REQ_CRYPT ||
conn->areq == AUTH_REQ_PASSWORD)
return true;
else
return false;
}
PGVerbosity
PQsetErrorVerbosity(PGconn *conn, PGVerbosity verbosity)
{