database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-26 01:22:12 +03:00
Code Activity

Revert error handling improvements for cryptohashes

Browse Source 
This reverts commits ab27df2, af8d530 and 3a0cced, that introduced
pg_cryptohash_error().  In order to make the core code able to pass down
the new error types that this introduced, some of the MD5-related
routines had to be reworked, causing an ABI breakage, but we found that
some external extensions rely on them.  Maintaining compatibility
outweights the error report benefits, so just revert the change in v14.

Reported-by: Laurenz Albe
Discussion: https://postgr.es/m/9f0c0a96d28cf14fc87296bbe67061c14eb53ae8.camel@cybertec.at
This commit is contained in:
Michael Paquier
2022-01-14 11:25:39 +09:00
parent 4aee39ddb8
commit ad5b6f248a
19 changed files with 88 additions and 297 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
src/backend/libpq/auth.c
View File

@ -47,7 +47,7 @@
*/
static void sendAuthRequest(Port *port, AuthRequest areq, const char *extradata,
int extralen);
static void auth_failed(Port *port, int status, const char *logdetail);
static void auth_failed(Port *port, int status, char *logdetail);
static char *recv_password_packet(Port *port);
static void set_authn_id(Port *port, const char *id);
@ -56,11 +56,11 @@ static void set_authn_id(Port *port, const char *id);
* Password-based authentication methods (password, md5, and scram-sha-256)
*----------------------------------------------------------------
*/
static int CheckPasswordAuth(Port *port, const char **logdetail);
static int CheckPWChallengeAuth(Port *port, const char **logdetail);
static int CheckPasswordAuth(Port *port, char **logdetail);
static int CheckPWChallengeAuth(Port *port, char **logdetail);
static int CheckMD5Auth(Port *port, char *shadow_pass, const char **logdetail);
static int CheckSCRAMAuth(Port *port, char *shadow_pass, const char **logdetail);
static int CheckMD5Auth(Port *port, char *shadow_pass, char **logdetail);
static int CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail);
/*----------------------------------------------------------------
@ -258,7 +258,7 @@ ClientAuthentication_hook_type ClientAuthentication_hook = NULL;
* particular, if logdetail isn't NULL, we send that string to the log.
*/
static void
auth_failed(Port *port, int status, const char *logdetail)
auth_failed(Port *port, int status, char *logdetail)
{
const char *errstr;
char *cdetail;
@ -394,7 +394,7 @@ void
ClientAuthentication(Port *port)
{
int status = STATUS_ERROR;
const char *logdetail = NULL;
char *logdetail = NULL;
/*
* Get the authentication method to use for this frontend/database
@ -780,7 +780,7 @@ recv_password_packet(Port *port)
* Plaintext password authentication.
*/
static int
CheckPasswordAuth(Port *port, const char **logdetail)
CheckPasswordAuth(Port *port, char **logdetail)
{
char *passwd;
int result;
@ -815,7 +815,7 @@ CheckPasswordAuth(Port *port, const char **logdetail)
* MD5 and SCRAM authentication.
*/
static int
CheckPWChallengeAuth(Port *port, const char **logdetail)
CheckPWChallengeAuth(Port *port, char **logdetail)
{
int auth_result;
char *shadow_pass;
@ -875,7 +875,7 @@ CheckPWChallengeAuth(Port *port, const char **logdetail)
}
static int
CheckMD5Auth(Port *port, char *shadow_pass, const char **logdetail)
CheckMD5Auth(Port *port, char *shadow_pass, char **logdetail)
{
char md5Salt[4]; /* Password salt */
char *passwd;
@ -912,7 +912,7 @@ CheckMD5Auth(Port *port, char *shadow_pass, const char **logdetail)
}
static int
CheckSCRAMAuth(Port *port, char *shadow_pass, const char **logdetail)
CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail)
{
StringInfoData sasl_mechs;
int mtype;
@ -3240,8 +3240,6 @@ PerformRadiusTransaction(const char *server, const char *secret, const char *por
md5trailer = packet->vector;
for (i = 0; i < encryptedpasswordlen; i += RADIUS_VECTOR_LENGTH)
{
const char *errstr = NULL;
memcpy(cryptvector + strlen(secret), md5trailer, RADIUS_VECTOR_LENGTH);
/*
@ -3250,12 +3248,10 @@ PerformRadiusTransaction(const char *server, const char *secret, const char *por
*/
md5trailer = encryptedpassword + i;
if (!pg_md5_binary(cryptvector, strlen(secret) + RADIUS_VECTOR_LENGTH,
encryptedpassword + i, &errstr))
if (!pg_md5_binary(cryptvector, strlen(secret) + RADIUS_VECTOR_LENGTH, encryptedpassword + i))
{
ereport(LOG,
(errmsg("could not perform MD5 encryption of password: %s",
errstr)));
(errmsg("could not perform MD5 encryption of password")));
pfree(cryptvector);
pg_freeaddrinfo_all(hint.ai_family, serveraddrs);
return STATUS_ERROR;
@ -3340,7 +3336,6 @@ PerformRadiusTransaction(const char *server, const char *secret, const char *por
struct timeval timeout;
struct timeval now;
int64 timeoutval;
const char *errstr = NULL;
gettimeofday(&now, NULL);
timeoutval = (endtime.tv_sec * 1000000 + endtime.tv_usec) - (now.tv_sec * 1000000 + now.tv_usec);
@ -3459,11 +3454,10 @@ PerformRadiusTransaction(const char *server, const char *secret, const char *por
if (!pg_md5_binary(cryptvector,
packetlength + strlen(secret),
encryptedpassword, &errstr))
encryptedpassword))
{
ereport(LOG,
(errmsg("could not perform MD5 encryption of received packet: %s",
errstr)));
(errmsg("could not perform MD5 encryption of received packet")));
pfree(cryptvector);
continue;
}