database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-08-24 09:27:52 +03:00
Code Activity

pgindent run on all C files. Java run to follow. initdb/regression

Browse Source 
tests pass.
This commit is contained in:
Bruce Momjian
2001-10-25 05:50:21 +00:00
parent 59da2105d8
commit b81844b173
818 changed files with 21684 additions and 20491 deletions
Download Patch File Download Diff File Expand all files Collapse all files

269
src/backend/libpq/auth.c
View File

@@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.69 2001/10/18 22:44:37 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.70 2001/10/25 05:49:29 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@@ -45,22 +45,22 @@ char *pg_krb_server_keyfile;
#ifdef USE_PAM
#include <security/pam_appl.h>
#define PGSQL_PAM_SERVICE "postgresql" /* Service name passed to PAM */
static int CheckPAMAuth(Port *port, char *user, char *password);
static int pam_passwd_conv_proc(int num_msg, const struct pam_message **msg,
struct pam_response **resp, void *appdata_ptr);
#define PGSQL_PAM_SERVICE "postgresql" /* Service name passed to PAM */
static int CheckPAMAuth(Port *port, char *user, char *password);
static int pam_passwd_conv_proc(int num_msg, const struct pam_message ** msg,
struct pam_response ** resp, void *appdata_ptr);
static struct pam_conv pam_passw_conv = {
&pam_passwd_conv_proc,
NULL
&pam_passwd_conv_proc,
NULL
};
static char * pam_passwd = NULL; /* Workaround for Solaris 2.6 brokenness */
static Port * pam_port_cludge; /* Workaround for passing "Port
* *port" into pam_passwd_conv_proc */
#endif /* USE_PAM */
static char *pam_passwd = NULL; /* Workaround for Solaris 2.6 brokenness */
static Port *pam_port_cludge; /* Workaround for passing "Port *port"
* into pam_passwd_conv_proc */
#endif /* USE_PAM */
#ifdef KRB4
/*----------------------------------------------------------------
@@ -429,13 +429,13 @@ auth_failed(Port *port, int status)
const char *authmethod = "Unknown auth method:";
/*
* If we failed due to EOF from client, just quit; there's no point
* in trying to send a message to the client, and not much point in
* If we failed due to EOF from client, just quit; there's no point in
* trying to send a message to the client, and not much point in
* logging the failure in the postmaster log. (Logging the failure
* might be desirable, were it not for the fact that libpq closes the
* connection unceremoniously if challenged for a password when it
* hasn't got one to send. We'll get a useless log entry for
* every psql connection under password auth, even if it's perfectly
* hasn't got one to send. We'll get a useless log entry for every
* psql connection under password auth, even if it's perfectly
* successful, if we log STATUS_EOF events.)
*/
if (status == STATUS_EOF)
@@ -467,7 +467,7 @@ auth_failed(Port *port, int status)
case uaPAM:
authmethod = "PAM";
break;
#endif /* USE_PAM */
#endif /* USE_PAM */
}
elog(FATAL, "%s authentication failed for user \"%s\"",
@@ -483,7 +483,7 @@ auth_failed(Port *port, int status)
void
ClientAuthentication(Port *port)
{
int status = STATUS_ERROR;
int status = STATUS_ERROR;
/*
* Get the authentication method to use for this frontend/database
@@ -507,25 +507,26 @@ ClientAuthentication(Port *port)
switch (port->auth_method)
{
case uaReject:
/*
* This could have come from an explicit "reject" entry in
* pg_hba.conf, but more likely it means there was no
* matching entry. Take pity on the poor user and issue a
* helpful error message. NOTE: this is not a security
* breach, because all the info reported here is known at
* the frontend and must be assumed known to bad guys.
* We're merely helping out the less clueful good guys.
*/
{
const char *hostinfo = "localhost";
if (port->raddr.sa.sa_family == AF_INET)
hostinfo = inet_ntoa(port->raddr.in.sin_addr);
elog(FATAL,
"No pg_hba.conf entry for host %s, user %s, database %s",
hostinfo, port->user, port->database);
break;
}
/*
* This could have come from an explicit "reject" entry in
* pg_hba.conf, but more likely it means there was no matching
* entry. Take pity on the poor user and issue a helpful
* error message. NOTE: this is not a security breach,
* because all the info reported here is known at the frontend
* and must be assumed known to bad guys. We're merely helping
* out the less clueful good guys.
*/
{
const char *hostinfo = "localhost";
if (port->raddr.sa.sa_family == AF_INET)
hostinfo = inet_ntoa(port->raddr.in.sin_addr);
elog(FATAL,
"No pg_hba.conf entry for host %s, user %s, database %s",
hostinfo, port->user, port->database);
break;
}
case uaKrb4:
sendAuthRequest(port, AUTH_REQ_KRB4);
@@ -539,23 +540,27 @@ ClientAuthentication(Port *port)
case uaIdent:
#if !defined(SO_PEERCRED) && (defined(HAVE_STRUCT_CMSGCRED) || defined(HAVE_STRUCT_FCRED) || (defined(HAVE_STRUCT_SOCKCRED) && defined(LOCAL_CREDS)))
/*
* If we are doing ident on unix-domain sockets,
* use SCM_CREDS only if it is defined and SO_PEERCRED isn't.
* If we are doing ident on unix-domain sockets, use SCM_CREDS
* only if it is defined and SO_PEERCRED isn't.
*/
#if defined(HAVE_STRUCT_FCRED) || defined(HAVE_STRUCT_SOCKCRED)
/*
* Receive credentials on next message receipt, BSD/OS, NetBSD.
* We need to set this before the client sends the next packet.
* Receive credentials on next message receipt, BSD/OS,
* NetBSD. We need to set this before the client sends the
* next packet.
*/
{
int on = 1;
int on = 1;
if (setsockopt(port->sock, 0, LOCAL_CREDS, &on, sizeof(on)) < 0)
elog(FATAL,
"pg_local_sendauth: can't do setsockopt: %s\n", strerror(errno));
}
#endif
if (port->raddr.sa.sa_family == AF_UNIX)
if (port->raddr.sa.sa_family == AF_UNIX)
sendAuthRequest(port, AUTH_REQ_SCM_CREDS);
#endif
status = authident(port);
@@ -569,8 +574,8 @@ ClientAuthentication(Port *port)
case uaCrypt:
sendAuthRequest(port, AUTH_REQ_CRYPT);
status = recv_and_check_password_packet(port);
break;
break;
case uaPassword:
sendAuthRequest(port, AUTH_REQ_PASSWORD);
status = recv_and_check_password_packet(port);
@@ -581,7 +586,7 @@ ClientAuthentication(Port *port)
pam_port_cludge = port;
status = CheckPAMAuth(port, port->user, "");
break;
#endif /* USE_PAM */
#endif /* USE_PAM */
case uaTrust:
status = STATUS_OK;
@@ -609,13 +614,9 @@ sendAuthRequest(Port *port, AuthRequest areq)
/* Add the salt for encrypted passwords. */
if (areq == AUTH_REQ_MD5)
{
pq_sendbytes(&buf, port->md5Salt, 4);
}
else if (areq == AUTH_REQ_CRYPT)
{
pq_sendbytes(&buf, port->cryptSalt, 2);
}
pq_endmessage(&buf);
pq_flush();
@@ -628,53 +629,60 @@ sendAuthRequest(Port *port, AuthRequest areq)
*/
static int
pam_passwd_conv_proc (int num_msg, const struct pam_message **msg, struct pam_response **resp, void *appdata_ptr)
pam_passwd_conv_proc(int num_msg, const struct pam_message ** msg, struct pam_response ** resp, void *appdata_ptr)
{
StringInfoData buf;
int32 len;
int32 len;
if (num_msg != 1 || msg[0]->msg_style != PAM_PROMPT_ECHO_OFF) {
switch(msg[0]->msg_style) {
if (num_msg != 1 || msg[0]->msg_style != PAM_PROMPT_ECHO_OFF)
{
switch (msg[0]->msg_style)
{
case PAM_ERROR_MSG:
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
"pam_passwd_conv_proc: Error from underlying PAM layer: '%s'\n", msg[0]->msg);
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
"pam_passwd_conv_proc: Error from underlying PAM layer: '%s'\n", msg[0]->msg);
fputs(PQerrormsg, stderr);
pqdebug("%s", PQerrormsg);
return PAM_CONV_ERR;
default:
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
"pam_passwd_conv_proc: Unexpected PAM conversation %d/'%s'\n",
msg[0]->msg_style, msg[0]->msg);
"pam_passwd_conv_proc: Unexpected PAM conversation %d/'%s'\n",
msg[0]->msg_style, msg[0]->msg);
fputs(PQerrormsg, stderr);
pqdebug("%s", PQerrormsg);
return PAM_CONV_ERR;
}
}
if (!appdata_ptr) {
/* Workaround for Solaris 2.6 where the PAM library is broken
* and does not pass appdata_ptr to the conversation routine
if (!appdata_ptr)
{
/*
* Workaround for Solaris 2.6 where the PAM library is broken and
* does not pass appdata_ptr to the conversation routine
*/
appdata_ptr = pam_passwd;
}
/* Password wasn't passed to PAM the first time around - let's go
* ask the client to send a password, which we then stuff into
* PAM.
/*
* Password wasn't passed to PAM the first time around - let's go ask
* the client to send a password, which we then stuff into PAM.
*/
if(strlen(appdata_ptr) == 0) {
if (strlen(appdata_ptr) == 0)
{
sendAuthRequest(pam_port_cludge, AUTH_REQ_PASSWORD);
if (pq_eof() == EOF || pq_getint(&len, 4) == EOF) {
return PAM_CONV_ERR; /* client didn't want to send password */
if (pq_eof() == EOF || pq_getint(&len, 4) == EOF)
{
return PAM_CONV_ERR; /* client didn't want to send password */
}
initStringInfo(&buf);
pq_getstr(&buf);
if (DebugLvl > 5)
initStringInfo(&buf);
pq_getstr(&buf);
if (DebugLvl > 5)
fprintf(stderr, "received PAM packet with len=%d, pw=%s\n",
len, buf.data);
len, buf.data);
if(strlen(buf.data) == 0) {
if (strlen(buf.data) == 0)
{
snprintf(PQerrormsg, PQERRORMSG_LENGTH, "pam_passwd_conv_proc: no password\n");
fputs(PQerrormsg, stderr);
return PAM_CONV_ERR;
@@ -682,17 +690,19 @@ pam_passwd_conv_proc (int num_msg, const struct pam_message **msg, struct pam_re
appdata_ptr = buf.data;
}
/* Explicitly not using palloc here - PAM will free this memory in
/*
* Explicitly not using palloc here - PAM will free this memory in
* pam_end()
*/
*resp = calloc(num_msg, sizeof(struct pam_response));
if (!*resp) {
if (!*resp)
{
snprintf(PQerrormsg, PQERRORMSG_LENGTH, "pam_passwd_conv_proc: Out of memory!\n");
fputs(PQerrormsg, stderr);
pqdebug("%s", PQerrormsg);
if(buf.data)
if (buf.data)
pfree(buf.data);
return PAM_CONV_ERR;
return PAM_CONV_ERR;
}
(*resp)[0].resp = strdup((char *) appdata_ptr);
@@ -708,101 +718,108 @@ pam_passwd_conv_proc (int num_msg, const struct pam_message **msg, struct pam_re
static int
CheckPAMAuth(Port *port, char *user, char *password)
{
int retval;
int retval;
pam_handle_t *pamh = NULL;
/*
* Apparently, Solaris 2.6 is broken, and needs ugly static
* variable workaround
* Apparently, Solaris 2.6 is broken, and needs ugly static variable
* workaround
*/
pam_passwd = password;
/* Set the application data portion of the conversation struct
* This is later used inside the PAM conversation to pass the
* password to the authentication module.
/*
* Set the application data portion of the conversation struct This is
* later used inside the PAM conversation to pass the password to the
* authentication module.
*/
pam_passw_conv.appdata_ptr = (char*) password; /* from password above, not allocated */
pam_passw_conv.appdata_ptr = (char *) password; /* from password above,
* not allocated */
/* Optionally, one can set the service name in pg_hba.conf */
if(port->auth_arg[0] == '\0') {
if (port->auth_arg[0] == '\0')
retval = pam_start(PGSQL_PAM_SERVICE, "pgsql@", &pam_passw_conv, &pamh);
} else {
else
retval = pam_start(port->auth_arg, "pgsql@", &pam_passw_conv, &pamh);
}
if (retval != PAM_SUCCESS) {
if (retval != PAM_SUCCESS)
{
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
"CheckPAMAuth: Failed to create PAM authenticator: '%s'\n",
pam_strerror(pamh, retval));
"CheckPAMAuth: Failed to create PAM authenticator: '%s'\n",
pam_strerror(pamh, retval));
fputs(PQerrormsg, stderr);
pqdebug("%s", PQerrormsg);
pam_passwd = NULL; /* Unset pam_passwd */
pqdebug("%s", PQerrormsg);
pam_passwd = NULL; /* Unset pam_passwd */
return STATUS_ERROR;
}
if (retval == PAM_SUCCESS) {
if (retval == PAM_SUCCESS)
retval = pam_set_item(pamh, PAM_USER, user);
} else {
else
{
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
"CheckPAMAuth: pam_set_item(PAM_USER) failed: '%s'\n",
pam_strerror(pamh, retval));
"CheckPAMAuth: pam_set_item(PAM_USER) failed: '%s'\n",
pam_strerror(pamh, retval));
fputs(PQerrormsg, stderr);
pqdebug("%s", PQerrormsg);
pam_passwd = NULL; /* Unset pam_passwd */
pqdebug("%s", PQerrormsg);
pam_passwd = NULL; /* Unset pam_passwd */
return STATUS_ERROR;
}
if (retval == PAM_SUCCESS) {
if (retval == PAM_SUCCESS)
retval = pam_set_item(pamh, PAM_CONV, &pam_passw_conv);
} else {
else
{
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
"CheckPAMAuth: pam_set_item(PAM_CONV) failed: '%s'\n",
pam_strerror(pamh, retval));
"CheckPAMAuth: pam_set_item(PAM_CONV) failed: '%s'\n",
pam_strerror(pamh, retval));
fputs(PQerrormsg, stderr);
pqdebug("%s", PQerrormsg);
pam_passwd = NULL; /* Unset pam_passwd */
pqdebug("%s", PQerrormsg);
pam_passwd = NULL; /* Unset pam_passwd */
return STATUS_ERROR;
}
if (retval == PAM_SUCCESS) {
if (retval == PAM_SUCCESS)
retval = pam_authenticate(pamh, 0);
} else {
else
{
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
"CheckPAMAuth: pam_authenticate failed: '%s'\n",
pam_strerror(pamh, retval));
"CheckPAMAuth: pam_authenticate failed: '%s'\n",
pam_strerror(pamh, retval));
fputs(PQerrormsg, stderr);
pqdebug("%s", PQerrormsg);
pam_passwd = NULL; /* Unset pam_passwd */
pqdebug("%s", PQerrormsg);
pam_passwd = NULL; /* Unset pam_passwd */
return STATUS_ERROR;
}
if (retval == PAM_SUCCESS) {
if (retval == PAM_SUCCESS)
retval = pam_acct_mgmt(pamh, 0);
} else {
else
{
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
"CheckPAMAuth: pam_acct_mgmt failed: '%s'\n",
pam_strerror(pamh, retval));
"CheckPAMAuth: pam_acct_mgmt failed: '%s'\n",
pam_strerror(pamh, retval));
fputs(PQerrormsg, stderr);
pqdebug("%s", PQerrormsg);
pam_passwd = NULL; /* Unset pam_passwd */
pqdebug("%s", PQerrormsg);
pam_passwd = NULL; /* Unset pam_passwd */
return STATUS_ERROR;
}
if (retval == PAM_SUCCESS) {
if (retval == PAM_SUCCESS)
{
retval = pam_end(pamh, retval);
if(retval != PAM_SUCCESS) {
if (retval != PAM_SUCCESS)
{
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
"CheckPAMAuth: Failed to release PAM authenticator: '%s'\n",
pam_strerror(pamh, retval));
"CheckPAMAuth: Failed to release PAM authenticator: '%s'\n",
pam_strerror(pamh, retval));
fputs(PQerrormsg, stderr);
pqdebug("%s", PQerrormsg);
pqdebug("%s", PQerrormsg);
}
pam_passwd = NULL; /* Unset pam_passwd */
pam_passwd = NULL; /* Unset pam_passwd */
return (retval == PAM_SUCCESS ? STATUS_OK : STATUS_ERROR);
} else {
return STATUS_ERROR;
}
else
return STATUS_ERROR;
}
#endif /* USE_PAM */
#endif /* USE_PAM */
/*
@@ -819,7 +836,7 @@ recv_and_check_password_packet(Port *port)
return STATUS_EOF; /* client didn't want to send password */
initStringInfo(&buf);
if (pq_getstr(&buf) == EOF) /* receive password */
if (pq_getstr(&buf) == EOF) /* receive password */
{
pfree(buf.data);
return STATUS_EOF;
@@ -903,7 +920,7 @@ map_old_to_new(Port *port, UserAuth old, int status)
case uaReject:
#ifdef USE_PAM
case uaPAM:
#endif /* USE_PAM */
#endif /* USE_PAM */
status = STATUS_ERROR;
break;

26
src/backend/libpq/crypt.c
View File

@@ -9,7 +9,7 @@
* Dec 17, 1997 - Todd A. Brandys
* Orignal Version Completed.
*
* $Id: crypt.c,v 1.38 2001/09/21 20:31:45 tgl Exp $
* $Id: crypt.c,v 1.39 2001/10/25 05:49:30 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@@ -163,7 +163,6 @@ crypt_loadpwdfile(void)
*/
while (fgets(buffer, 256, pwd_file) != NULL)
{
/*
* We must remove the return char at the end of the string, as
* this will affect the correct parsing of the password entry.
@@ -281,8 +280,8 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass)
if (isMD5(passwd) && port->auth_method != uaMD5)
{
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
"Password is stored MD5 encrypted. "
"'password' and 'crypt' auth methods cannot be used.\n");
"Password is stored MD5 encrypted. "
"'password' and 'crypt' auth methods cannot be used.\n");
fputs(PQerrormsg, stderr);
pqdebug("%s", PQerrormsg);
return STATUS_ERROR;
@@ -295,11 +294,11 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass)
switch (port->auth_method)
{
case uaMD5:
crypt_pwd = palloc(MD5_PASSWD_LEN+1);
crypt_pwd = palloc(MD5_PASSWD_LEN + 1);
if (isMD5(passwd))
{
if (!EncryptMD5(passwd + strlen("md5"),
(char *)port->md5Salt,
(char *) port->md5Salt,
sizeof(port->md5Salt), crypt_pwd))
{
pfree(crypt_pwd);
@@ -308,7 +307,7 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass)
}
else
{
char *crypt_pwd2 = palloc(MD5_PASSWD_LEN+1);
char *crypt_pwd2 = palloc(MD5_PASSWD_LEN + 1);
if (!EncryptMD5(passwd, port->user, strlen(port->user),
crypt_pwd2))
@@ -328,12 +327,13 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass)
}
break;
case uaCrypt:
{
char salt[3];
StrNCpy(salt, port->cryptSalt,3);
crypt_pwd = crypt(passwd, salt);
break;
}
{
char salt[3];
StrNCpy(salt, port->cryptSalt, 3);
crypt_pwd = crypt(passwd, salt);
break;
}
default:
crypt_pwd = passwd;
break;

260
src/backend/libpq/hba.c
View File

@@ -10,7 +10,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.74 2001/09/26 19:57:01 momjian Exp $
* $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.75 2001/10/25 05:49:30 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@@ -45,14 +45,14 @@
/*
* These variables hold the pre-parsed contents of the hba and ident
* configuration files. Each is a list of sublists, one sublist for
* each (non-empty, non-comment) line of the file. Each sublist's
* each (non-empty, non-comment) line of the file. Each sublist's
* first item is an integer line number (so we can give somewhat-useful
* location info in error messages). Remaining items are palloc'd strings,
* one string per token on the line. Note there will always be at least
* one token, since blank lines are not entered in the data structure.
*/
static List *hba_lines = NIL; /* pre-parsed contents of hba file */
static List *ident_lines = NIL; /* pre-parsed contents of ident file */
static List *ident_lines = NIL; /* pre-parsed contents of ident file */
/*
@@ -67,13 +67,13 @@ isblank(const char c)
/*
* Grab one token out of fp. Tokens are strings of non-blank
* characters bounded by blank characters, beginning of line, and end
* of line. Blank means space or tab. Return the token as *buf.
* Leave file positioned to character immediately after the token or
* EOF, whichever comes first. If no more tokens on line, return null
* string as *buf and position file to beginning of next line or EOF,
* whichever comes first.
* Grab one token out of fp. Tokens are strings of non-blank
* characters bounded by blank characters, beginning of line, and end
* of line. Blank means space or tab. Return the token as *buf.
* Leave file positioned to character immediately after the token or
* EOF, whichever comes first. If no more tokens on line, return null
* string as *buf and position file to beginning of next line or EOF,
* whichever comes first.
*/
static void
next_token(FILE *fp, char *buf, const int bufsz)
@@ -89,8 +89,8 @@ next_token(FILE *fp, char *buf, const int bufsz)
{
/*
* build a token in buf of next characters up to EOF, eol, or
* blank. If the token gets too long, we still parse it correctly,
* but the excess characters are not stored into *buf.
* blank. If the token gets too long, we still parse it
* correctly, but the excess characters are not stored into *buf.
*/
while (c != EOF && c != '\n' && !isblank(c))
{
@@ -98,9 +98,10 @@ next_token(FILE *fp, char *buf, const int bufsz)
*buf++ = c;
c = getc(fp);
}
/*
* Put back the char right after the token (critical in case it
* is eol, since we need to detect end-of-line at next call).
* Put back the char right after the token (critical in case it is
* eol, since we need to detect end-of-line at next call).
*/
if (c != EOF)
ungetc(c, fp);
@@ -120,7 +121,7 @@ read_to_eol(FILE *file)
/*
* Read the given file and create a list of line sublists.
* Read the given file and create a list of line sublists.
*/
static List *
tokenize_file(FILE *file)
@@ -182,11 +183,12 @@ free_lines(List **lines)
{
if (*lines)
{
List *line, *token;
List *line,
*token;
foreach(line, *lines)
{
List *ln = lfirst(line);
List *ln = lfirst(line);
/* free the pstrdup'd tokens (don't try it on the line number) */
foreach(token, lnext(ln))
@@ -203,15 +205,15 @@ free_lines(List **lines)
/*
* Scan the rest of a host record (after the mask field)
* and return the interpretation of it as *userauth_p, auth_arg, and
* *error_p. line points to the next token of the line.
* Scan the rest of a host record (after the mask field)
* and return the interpretation of it as *userauth_p, auth_arg, and
* *error_p. line points to the next token of the line.
*/
static void
parse_hba_auth(List *line, UserAuth *userauth_p, char *auth_arg,
bool *error_p)
{
char *token;
char *token;
if (!line)
*error_p = true;
@@ -261,21 +263,21 @@ parse_hba_auth(List *line, UserAuth *userauth_p, char *auth_arg,
/*
* Process one line from the hba config file.
* Process one line from the hba config file.
*
* See if it applies to a connection from a host with IP address port->raddr
* to a database named port->database. If so, return *found_p true
* and fill in the auth arguments into the appropriate port fields.
* If not, leave *found_p as it was. If the record has a syntax error,
* return *error_p true, after issuing a message to stderr. If no error,
* leave *error_p as it was.
* See if it applies to a connection from a host with IP address port->raddr
* to a database named port->database. If so, return *found_p true
* and fill in the auth arguments into the appropriate port fields.
* If not, leave *found_p as it was. If the record has a syntax error,
* return *error_p true, after issuing a message to stderr. If no error,
* leave *error_p as it was.
*/
static void
parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
{
int line_number;
char *token;
char *db;
char *token;
char *db;
Assert(line != NIL);
line_number = lfirsti(line);
@@ -319,7 +321,8 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
}
else if (strcmp(token, "host") == 0 || strcmp(token, "hostssl") == 0)
{
struct in_addr file_ip_addr, mask;
struct in_addr file_ip_addr,
mask;
if (strcmp(token, "hostssl") == 0)
{
@@ -401,17 +404,17 @@ hba_syntax:
/*
* Scan the (pre-parsed) hba file line by line, looking for a match
* Scan the (pre-parsed) hba file line by line, looking for a match
* to the port's connection request.
*/
static bool
check_hba(hbaPort *port)
{
bool found_entry = false;
bool error = false;
List *line;
bool found_entry = false;
bool error = false;
List *line;
foreach (line, hba_lines)
foreach(line, hba_lines)
{
parse_hba(lfirst(line), port, &found_entry, &error);
if (found_entry || error)
@@ -447,10 +450,11 @@ load_hba(void)
if (hba_lines)
free_lines(&hba_lines);
/*
* The name of old config file that better not exist.
* Fail if config file by old name exists.
* Put together the full pathname to the old config file.
* The name of old config file that better not exist. Fail if config
* file by old name exists. Put together the full pathname to the old
* config file.
*/
bufsize = (strlen(DataDir) + strlen(OLD_CONF_FILE) + 2) * sizeof(char);
old_conf_file = (char *) palloc(bufsize);
@@ -461,10 +465,10 @@ load_hba(void)
/* Old config file exists. Tell this guy he needs to upgrade. */
close(fd);
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
"A file exists by the name used for host-based authentication "
"in prior releases of Postgres (%s). The name and format of "
"the configuration file have changed, so this file should be "
"converted.\n", old_conf_file);
"A file exists by the name used for host-based authentication "
"in prior releases of Postgres (%s). The name and format of "
"the configuration file have changed, so this file should be "
"converted.\n", old_conf_file);
fputs(PQerrormsg, stderr);
pqdebug("%s", PQerrormsg);
}
@@ -502,7 +506,7 @@ load_hba(void)
/*
* Process one line from the ident config file.
*
* Take the line and compare it to the needed map, pg_user and ident_user.
* Take the line and compare it to the needed map, pg_user and ident_user.
* *found_p and *error_p are set according to our results.
*/
static void
@@ -510,10 +514,10 @@ parse_ident_usermap(List *line, const char *usermap_name, const char *pg_user,
const char *ident_user, bool *found_p, bool *error_p)
{
int line_number;
char *token;
char *file_map;
char *file_pguser;
char *file_ident_user;
char *token;
char *file_map;
char *file_pguser;
char *file_ident_user;
*found_p = false;
*error_p = false;
@@ -562,32 +566,33 @@ ident_syntax:
/*
* Scan the (pre-parsed) ident usermap file line by line, looking for a match
* Scan the (pre-parsed) ident usermap file line by line, looking for a match
*
* See if the user with ident username "ident_user" is allowed to act
* as Postgres user "pguser" according to usermap "usermap_name".
* See if the user with ident username "ident_user" is allowed to act
* as Postgres user "pguser" according to usermap "usermap_name".
*
* Special case: For usermap "sameuser", don't look in the usermap
* file. That's an implied map where "pguser" must be identical to
* "ident_user" in order to be authorized.
* Special case: For usermap "sameuser", don't look in the usermap
* file. That's an implied map where "pguser" must be identical to
* "ident_user" in order to be authorized.
*
* Iff authorized, return true.
* Iff authorized, return true.
*/
static bool
check_ident_usermap(const char *usermap_name,
const char *pg_user,
const char *ident_user)
{
List *line;
bool found_entry = false, error = false;
List *line;
bool found_entry = false,
error = false;
if (usermap_name[0] == '\0')
{
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
"check_ident_usermap: hba configuration file does not "
"have the usermap field filled in in the entry that pertains "
"to this connection. That field is essential for Ident-based "
"authentication.\n");
"check_ident_usermap: hba configuration file does not "
"have the usermap field filled in in the entry that pertains "
"to this connection. That field is essential for Ident-based "
"authentication.\n");
fputs(PQerrormsg, stderr);
pqdebug("%s", PQerrormsg);
found_entry = false;
@@ -619,9 +624,9 @@ check_ident_usermap(const char *usermap_name,
static void
load_ident(void)
{
FILE *file; /* The map file we have to read */
char *map_file; /* The name of the map file we have to
* read */
FILE *file; /* The map file we have to read */
char *map_file; /* The name of the map file we have to
* read */
int bufsize;
if (ident_lines)
@@ -652,16 +657,17 @@ load_ident(void)
/*
* Parse the string "*ident_response" as a response from a query to an Ident
* server. If it's a normal response indicating a username, return true
* and store the username at *ident_user. If it's anything else,
* Parse the string "*ident_response" as a response from a query to an Ident
* server. If it's a normal response indicating a username, return true
* and store the username at *ident_user. If it's anything else,
* return false.
*/
static bool
interpret_ident_response(char *ident_response,
char *ident_user)
{
char *cursor = ident_response; /* Cursor into *ident_response */
char *cursor = ident_response; /* Cursor into
* *ident_response */
/*
* Ident's response, in the telnet tradition, should end in crlf
@@ -735,14 +741,14 @@ interpret_ident_response(char *ident_response,
/*
* Talk to the ident server on host "remote_ip_addr" and find out who
* owns the tcp connection from his port "remote_port" to port
* "local_port_addr" on host "local_ip_addr". Return the username the
* ident server gives as "*ident_user".
* Talk to the ident server on host "remote_ip_addr" and find out who
* owns the tcp connection from his port "remote_port" to port
* "local_port_addr" on host "local_ip_addr". Return the username the
* ident server gives as "*ident_user".
*
* IP addresses and port numbers are in network byte order.
* IP addresses and port numbers are in network byte order.
*
* But iff we're unable to get the information from ident, return false.
* But iff we're unable to get the information from ident, return false.
*/
static bool
ident_inet(const struct in_addr remote_ip_addr,
@@ -755,14 +761,14 @@ ident_inet(const struct in_addr remote_ip_addr,
* talk to Ident */
rc; /* Return code from a locally called
* function */
bool ident_return;
bool ident_return;
sock_fd = socket(AF_INET, SOCK_STREAM, IPPROTO_IP);
if (sock_fd == -1)
{
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
"Failed to create socket on which to talk to Ident server. "
"socket() returned errno = %s (%d)\n", strerror(errno), errno);
"Failed to create socket on which to talk to Ident server. "
"socket() returned errno = %s (%d)\n", strerror(errno), errno);
fputs(PQerrormsg, stderr);
pqdebug("%s", PQerrormsg);
ident_return = false;
@@ -799,10 +805,10 @@ ident_inet(const struct in_addr remote_ip_addr,
{
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
"Unable to connect to Ident server on the host which is "
"trying to connect to Postgres "
"(IP address %s, Port %d). "
"errno = %s (%d)\n",
inet_ntoa(remote_ip_addr), IDENT_PORT, strerror(errno), errno);
"trying to connect to Postgres "
"(IP address %s, Port %d). "
"errno = %s (%d)\n",
inet_ntoa(remote_ip_addr), IDENT_PORT, strerror(errno), errno);
fputs(PQerrormsg, stderr);
pqdebug("%s", PQerrormsg);
ident_return = false;
@@ -818,11 +824,11 @@ ident_inet(const struct in_addr remote_ip_addr,
if (rc < 0)
{
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
"Unable to send query to Ident server on the host which is "
"trying to connect to Postgres (Host %s, Port %d),"
"even though we successfully connected to it. "
"errno = %s (%d)\n",
inet_ntoa(remote_ip_addr), IDENT_PORT, strerror(errno), errno);
"Unable to send query to Ident server on the host which is "
"trying to connect to Postgres (Host %s, Port %d),"
"even though we successfully connected to it. "
"errno = %s (%d)\n",
inet_ntoa(remote_ip_addr), IDENT_PORT, strerror(errno), errno);
fputs(PQerrormsg, stderr);
pqdebug("%s", PQerrormsg);
ident_return = false;
@@ -836,13 +842,13 @@ ident_inet(const struct in_addr remote_ip_addr,
if (rc < 0)
{
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
"Unable to receive response from Ident server "
"on the host which is "
"trying to connect to Postgres (Host %s, Port %d),"
"even though we successfully sent our query to it. "
"errno = %s (%d)\n",
inet_ntoa(remote_ip_addr), IDENT_PORT,
strerror(errno), errno);
"Unable to receive response from Ident server "
"on the host which is "
"trying to connect to Postgres (Host %s, Port %d),"
"even though we successfully sent our query to it. "
"errno = %s (%d)\n",
inet_ntoa(remote_ip_addr), IDENT_PORT,
strerror(errno), errno);
fputs(PQerrormsg, stderr);
pqdebug("%s", PQerrormsg);
ident_return = false;
@@ -861,18 +867,18 @@ ident_inet(const struct in_addr remote_ip_addr,
}
/*
* Ask kernel about the credentials of the connecting process and
* determine the symbolic name of the corresponding user.
* Ask kernel about the credentials of the connecting process and
* determine the symbolic name of the corresponding user.
*
* Returns either true and the username put into "ident_user",
* or false if we were unable to determine the username.
* Returns either true and the username put into "ident_user",
* or false if we were unable to determine the username.
*/
static bool
ident_unix(int sock, char *ident_user)
{
#if defined(SO_PEERCRED)
/* Linux style: use getsockopt(SO_PEERCRED) */
struct ucred peercred;
struct ucred peercred;
ACCEPT_TYPE_ARG3 so_len = sizeof(peercred);
struct passwd *pass;
@@ -894,13 +900,13 @@ ident_unix(int sock, char *ident_user)
if (pass == NULL)
{
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
"ident_unix: unknown local user with uid %d\n", peercred.uid);
"ident_unix: unknown local user with uid %d\n", peercred.uid);
fputs(PQerrormsg, stderr);
pqdebug("%s", PQerrormsg);
return false;
}
StrNCpy(ident_user, pass->pw_name, IDENT_USERNAME_MAX+1);
StrNCpy(ident_user, pass->pw_name, IDENT_USERNAME_MAX + 1);
return true;
@@ -910,36 +916,40 @@ ident_unix(int sock, char *ident_user)
/* Credentials structure */
#ifdef HAVE_STRUCT_CMSGCRED
typedef struct cmsgcred Cred;
#define cruid cmcred_uid
#elif HAVE_STRUCT_FCRED
typedef struct fcred Cred;
#define cruid fc_uid
#elif HAVE_STRUCT_SOCKCRED
typedef struct sockcred Cred;
#define cruid sc_uid
#endif
Cred *cred;
Cred *cred;
/* Compute size without padding */
char cmsgmem[ALIGN(sizeof(struct cmsghdr)) + ALIGN(sizeof(Cred))]; /*for NetBSD*/
char cmsgmem[ALIGN(sizeof(struct cmsghdr)) + ALIGN(sizeof(Cred))]; /* for NetBSD */
/* Point to start of first structure */
struct cmsghdr *cmsg = (struct cmsghdr *)cmsgmem;
struct cmsghdr *cmsg = (struct cmsghdr *) cmsgmem;
struct iovec iov;
char buf;
char buf;
struct passwd *pw;
memset(&msg, 0, sizeof(msg));
msg.msg_iov = &iov;
msg.msg_iovlen = 1;
msg.msg_control = (char *)cmsg;
msg.msg_control = (char *) cmsg;
msg.msg_controllen = sizeof(cmsgmem);
memset(cmsg, 0, sizeof(cmsgmem));
/*
* The one character which is received here is not meaningful;
* its purposes is only to make sure that recvmsg() blocks
* long enough for the other side to send its credentials.
* The one character which is received here is not meaningful; its
* purposes is only to make sure that recvmsg() blocks long enough for
* the other side to send its credentials.
*/
iov.iov_base = &buf;
iov.iov_len = 1;
@@ -956,20 +966,20 @@ ident_unix(int sock, char *ident_user)
return false;
}
cred = (Cred *)CMSG_DATA(cmsg);
cred = (Cred *) CMSG_DATA(cmsg);
pw = getpwuid(cred->cruid);
if (pw == NULL)
{
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
"ident_unix: unknown local user with uid %d\n",
cred->cruid);
"ident_unix: unknown local user with uid %d\n",
cred->cruid);
fputs(PQerrormsg, stderr);
pqdebug("%s", PQerrormsg);
return false;
}
StrNCpy(ident_user, pw->pw_name, IDENT_USERNAME_MAX+1);
StrNCpy(ident_user, pw->pw_name, IDENT_USERNAME_MAX + 1);
return true;
@@ -980,17 +990,16 @@ ident_unix(int sock, char *ident_user)
pqdebug("%s", PQerrormsg);
return false;
#endif
}
/*
* Determine the username of the initiator of the connection described
* by "port". Then look in the usermap file under the usermap
* port->auth_arg and see if that user is equivalent to Postgres user
* port->user.
* Determine the username of the initiator of the connection described
* by "port". Then look in the usermap file under the usermap
* port->auth_arg and see if that user is equivalent to Postgres user
* port->user.
*
* Return STATUS_OK if yes, STATUS_ERROR if no match (or couldn't get info).
* Return STATUS_OK if yes, STATUS_ERROR if no match (or couldn't get info).
*/
int
authident(hbaPort *port)
@@ -1022,13 +1031,13 @@ authident(hbaPort *port)
/*
* Determine what authentication method should be used when accessing database
* "database" from frontend "raddr", user "user". Return the method and
* an optional argument (stored in fields of *port), and STATUS_OK.
* Determine what authentication method should be used when accessing database
* "database" from frontend "raddr", user "user". Return the method and
* an optional argument (stored in fields of *port), and STATUS_OK.
*
* Note that STATUS_ERROR indicates a problem with the hba config file.
* If the file is OK but does not contain any entry matching the request,
* we return STATUS_OK and method = uaReject.
* Note that STATUS_ERROR indicates a problem with the hba config file.
* If the file is OK but does not contain any entry matching the request,
* we return STATUS_OK and method = uaReject.
*/
int
hba_getauthmethod(hbaPort *port)
@@ -1252,5 +1261,4 @@ GetCharSetByHost(char *TableName, int host, const char *DataDir)
pfree((struct CharsetItem *) ChArray[i]);
}
}
#endif /* CYR_RECODE */
#endif /* CYR_RECODE */

247
src/backend/libpq/md5.c
View File

@@ -1,16 +1,16 @@
/*
* md5.c
* md5.c
*
* Implements the MD5 Message-Digest Algorithm as specified in
* RFC 1321. This implementation is a simple one, in that it
* needs every input byte to be buffered before doing any
* calculations. I do not expect this file to be used for
* general purpose MD5'ing of large amounts of data, only for
* generating hashed passwords from limited input.
* Implements the MD5 Message-Digest Algorithm as specified in
* RFC 1321. This implementation is a simple one, in that it
* needs every input byte to be buffered before doing any
* calculations. I do not expect this file to be used for
* general purpose MD5'ing of large amounts of data, only for
* generating hashed passwords from limited input.
*
* Sverre H. Huseby <sverrehu@online.no>
* Sverre H. Huseby <sverrehu@online.no>
*
* $Header: /cvsroot/pgsql/src/backend/libpq/md5.c,v 1.8 2001/09/29 19:49:50 tgl Exp $
* $Header: /cvsroot/pgsql/src/backend/libpq/md5.c,v 1.9 2001/10/25 05:49:30 momjian Exp $
*/
#include "postgres.h"
@@ -32,15 +32,17 @@
/*
* The returned array is allocated using malloc. the caller should free it
* when it is no longer needed.
* when it is no longer needed.
*/
static uint8 *
createPaddedCopyWithLength(uint8 *b, uint32 *l)
{
uint8 *ret;
uint32 q;
uint32 len, newLen448;
uint32 len_high, len_low; /* 64-bit value split into 32-bit sections */
uint8 *ret;
uint32 q;
uint32 len,
newLen448;
uint32 len_high,
len_low; /* 64-bit value split into 32-bit sections */
len = ((b == NULL) ? 0 : *l);
newLen448 = len + 64 - (len % 64) - 8;
@@ -93,7 +95,10 @@ createPaddedCopyWithLength(uint8 *b, uint32 *l)
static void
doTheRounds(uint32 X[16], uint32 state[4])
{
uint32 a, b, c, d;
uint32 a,
b,
c,
d;
a = state[0];
b = state[1];
@@ -101,76 +106,76 @@ doTheRounds(uint32 X[16], uint32 state[4])
d = state[3];
/* round 1 */
a = b + ROT_LEFT((a + F(b, c, d) + X[ 0] + 0xd76aa478), 7); /* 1 */
d = a + ROT_LEFT((d + F(a, b, c) + X[ 1] + 0xe8c7b756), 12); /* 2 */
c = d + ROT_LEFT((c + F(d, a, b) + X[ 2] + 0x242070db), 17); /* 3 */
b = c + ROT_LEFT((b + F(c, d, a) + X[ 3] + 0xc1bdceee), 22); /* 4 */
a = b + ROT_LEFT((a + F(b, c, d) + X[ 4] + 0xf57c0faf), 7); /* 5 */
d = a + ROT_LEFT((d + F(a, b, c) + X[ 5] + 0x4787c62a), 12); /* 6 */
c = d + ROT_LEFT((c + F(d, a, b) + X[ 6] + 0xa8304613), 17); /* 7 */
b = c + ROT_LEFT((b + F(c, d, a) + X[ 7] + 0xfd469501), 22); /* 8 */
a = b + ROT_LEFT((a + F(b, c, d) + X[ 8] + 0x698098d8), 7); /* 9 */
d = a + ROT_LEFT((d + F(a, b, c) + X[ 9] + 0x8b44f7af), 12); /* 10 */
c = d + ROT_LEFT((c + F(d, a, b) + X[10] + 0xffff5bb1), 17); /* 11 */
b = c + ROT_LEFT((b + F(c, d, a) + X[11] + 0x895cd7be), 22); /* 12 */
a = b + ROT_LEFT((a + F(b, c, d) + X[12] + 0x6b901122), 7); /* 13 */
d = a + ROT_LEFT((d + F(a, b, c) + X[13] + 0xfd987193), 12); /* 14 */
c = d + ROT_LEFT((c + F(d, a, b) + X[14] + 0xa679438e), 17); /* 15 */
b = c + ROT_LEFT((b + F(c, d, a) + X[15] + 0x49b40821), 22); /* 16 */
a = b + ROT_LEFT((a + F(b, c, d) + X[0] + 0xd76aa478), 7); /* 1 */
d = a + ROT_LEFT((d + F(a, b, c) + X[1] + 0xe8c7b756), 12); /* 2 */
c = d + ROT_LEFT((c + F(d, a, b) + X[2] + 0x242070db), 17); /* 3 */
b = c + ROT_LEFT((b + F(c, d, a) + X[3] + 0xc1bdceee), 22); /* 4 */
a = b + ROT_LEFT((a + F(b, c, d) + X[4] + 0xf57c0faf), 7); /* 5 */
d = a + ROT_LEFT((d + F(a, b, c) + X[5] + 0x4787c62a), 12); /* 6 */
c = d + ROT_LEFT((c + F(d, a, b) + X[6] + 0xa8304613), 17); /* 7 */
b = c + ROT_LEFT((b + F(c, d, a) + X[7] + 0xfd469501), 22); /* 8 */
a = b + ROT_LEFT((a + F(b, c, d) + X[8] + 0x698098d8), 7); /* 9 */
d = a + ROT_LEFT((d + F(a, b, c) + X[9] + 0x8b44f7af), 12); /* 10 */
c = d + ROT_LEFT((c + F(d, a, b) + X[10] + 0xffff5bb1), 17); /* 11 */
b = c + ROT_LEFT((b + F(c, d, a) + X[11] + 0x895cd7be), 22); /* 12 */
a = b + ROT_LEFT((a + F(b, c, d) + X[12] + 0x6b901122), 7); /* 13 */
d = a + ROT_LEFT((d + F(a, b, c) + X[13] + 0xfd987193), 12); /* 14 */
c = d + ROT_LEFT((c + F(d, a, b) + X[14] + 0xa679438e), 17); /* 15 */
b = c + ROT_LEFT((b + F(c, d, a) + X[15] + 0x49b40821), 22); /* 16 */
/* round 2 */
a = b + ROT_LEFT((a + G(b, c, d) + X[ 1] + 0xf61e2562), 5); /* 17 */
d = a + ROT_LEFT((d + G(a, b, c) + X[ 6] + 0xc040b340), 9); /* 18 */
c = d + ROT_LEFT((c + G(d, a, b) + X[11] + 0x265e5a51), 14); /* 19 */
b = c + ROT_LEFT((b + G(c, d, a) + X[ 0] + 0xe9b6c7aa), 20); /* 20 */
a = b + ROT_LEFT((a + G(b, c, d) + X[ 5] + 0xd62f105d), 5); /* 21 */
d = a + ROT_LEFT((d + G(a, b, c) + X[10] + 0x02441453), 9); /* 22 */
c = d + ROT_LEFT((c + G(d, a, b) + X[15] + 0xd8a1e681), 14); /* 23 */
b = c + ROT_LEFT((b + G(c, d, a) + X[ 4] + 0xe7d3fbc8), 20); /* 24 */
a = b + ROT_LEFT((a + G(b, c, d) + X[ 9] + 0x21e1cde6), 5); /* 25 */
d = a + ROT_LEFT((d + G(a, b, c) + X[14] + 0xc33707d6), 9); /* 26 */
c = d + ROT_LEFT((c + G(d, a, b) + X[ 3] + 0xf4d50d87), 14); /* 27 */
b = c + ROT_LEFT((b + G(c, d, a) + X[ 8] + 0x455a14ed), 20); /* 28 */
a = b + ROT_LEFT((a + G(b, c, d) + X[13] + 0xa9e3e905), 5); /* 29 */
d = a + ROT_LEFT((d + G(a, b, c) + X[ 2] + 0xfcefa3f8), 9); /* 30 */
c = d + ROT_LEFT((c + G(d, a, b) + X[ 7] + 0x676f02d9), 14); /* 31 */
b = c + ROT_LEFT((b + G(c, d, a) + X[12] + 0x8d2a4c8a), 20); /* 32 */
a = b + ROT_LEFT((a + G(b, c, d) + X[1] + 0xf61e2562), 5); /* 17 */
d = a + ROT_LEFT((d + G(a, b, c) + X[6] + 0xc040b340), 9); /* 18 */
c = d + ROT_LEFT((c + G(d, a, b) + X[11] + 0x265e5a51), 14); /* 19 */
b = c + ROT_LEFT((b + G(c, d, a) + X[0] + 0xe9b6c7aa), 20); /* 20 */
a = b + ROT_LEFT((a + G(b, c, d) + X[5] + 0xd62f105d), 5); /* 21 */
d = a + ROT_LEFT((d + G(a, b, c) + X[10] + 0x02441453), 9); /* 22 */
c = d + ROT_LEFT((c + G(d, a, b) + X[15] + 0xd8a1e681), 14); /* 23 */
b = c + ROT_LEFT((b + G(c, d, a) + X[4] + 0xe7d3fbc8), 20); /* 24 */
a = b + ROT_LEFT((a + G(b, c, d) + X[9] + 0x21e1cde6), 5); /* 25 */
d = a + ROT_LEFT((d + G(a, b, c) + X[14] + 0xc33707d6), 9); /* 26 */
c = d + ROT_LEFT((c + G(d, a, b) + X[3] + 0xf4d50d87), 14); /* 27 */
b = c + ROT_LEFT((b + G(c, d, a) + X[8] + 0x455a14ed), 20); /* 28 */
a = b + ROT_LEFT((a + G(b, c, d) + X[13] + 0xa9e3e905), 5); /* 29 */
d = a + ROT_LEFT((d + G(a, b, c) + X[2] + 0xfcefa3f8), 9); /* 30 */
c = d + ROT_LEFT((c + G(d, a, b) + X[7] + 0x676f02d9), 14); /* 31 */
b = c + ROT_LEFT((b + G(c, d, a) + X[12] + 0x8d2a4c8a), 20); /* 32 */
/* round 3 */
a = b + ROT_LEFT((a + H(b, c, d) + X[ 5] + 0xfffa3942), 4); /* 33 */
d = a + ROT_LEFT((d + H(a, b, c) + X[ 8] + 0x8771f681), 11); /* 34 */
c = d + ROT_LEFT((c + H(d, a, b) + X[11] + 0x6d9d6122), 16); /* 35 */
b = c + ROT_LEFT((b + H(c, d, a) + X[14] + 0xfde5380c), 23); /* 36 */
a = b + ROT_LEFT((a + H(b, c, d) + X[ 1] + 0xa4beea44), 4); /* 37 */
d = a + ROT_LEFT((d + H(a, b, c) + X[ 4] + 0x4bdecfa9), 11); /* 38 */
c = d + ROT_LEFT((c + H(d, a, b) + X[ 7] + 0xf6bb4b60), 16); /* 39 */
b = c + ROT_LEFT((b + H(c, d, a) + X[10] + 0xbebfbc70), 23); /* 40 */
a = b + ROT_LEFT((a + H(b, c, d) + X[13] + 0x289b7ec6), 4); /* 41 */
d = a + ROT_LEFT((d + H(a, b, c) + X[ 0] + 0xeaa127fa), 11); /* 42 */
c = d + ROT_LEFT((c + H(d, a, b) + X[ 3] + 0xd4ef3085), 16); /* 43 */
b = c + ROT_LEFT((b + H(c, d, a) + X[ 6] + 0x04881d05), 23); /* 44 */
a = b + ROT_LEFT((a + H(b, c, d) + X[ 9] + 0xd9d4d039), 4); /* 45 */
d = a + ROT_LEFT((d + H(a, b, c) + X[12] + 0xe6db99e5), 11); /* 46 */
c = d + ROT_LEFT((c + H(d, a, b) + X[15] + 0x1fa27cf8), 16); /* 47 */
b = c + ROT_LEFT((b + H(c, d, a) + X[ 2] + 0xc4ac5665), 23); /* 48 */
a = b + ROT_LEFT((a + H(b, c, d) + X[5] + 0xfffa3942), 4); /* 33 */
d = a + ROT_LEFT((d + H(a, b, c) + X[8] + 0x8771f681), 11); /* 34 */
c = d + ROT_LEFT((c + H(d, a, b) + X[11] + 0x6d9d6122), 16); /* 35 */
b = c + ROT_LEFT((b + H(c, d, a) + X[14] + 0xfde5380c), 23); /* 36 */
a = b + ROT_LEFT((a + H(b, c, d) + X[1] + 0xa4beea44), 4); /* 37 */
d = a + ROT_LEFT((d + H(a, b, c) + X[4] + 0x4bdecfa9), 11); /* 38 */
c = d + ROT_LEFT((c + H(d, a, b) + X[7] + 0xf6bb4b60), 16); /* 39 */
b = c + ROT_LEFT((b + H(c, d, a) + X[10] + 0xbebfbc70), 23); /* 40 */
a = b + ROT_LEFT((a + H(b, c, d) + X[13] + 0x289b7ec6), 4); /* 41 */
d = a + ROT_LEFT((d + H(a, b, c) + X[0] + 0xeaa127fa), 11); /* 42 */
c = d + ROT_LEFT((c + H(d, a, b) + X[3] + 0xd4ef3085), 16); /* 43 */
b = c + ROT_LEFT((b + H(c, d, a) + X[6] + 0x04881d05), 23); /* 44 */
a = b + ROT_LEFT((a + H(b, c, d) + X[9] + 0xd9d4d039), 4); /* 45 */
d = a + ROT_LEFT((d + H(a, b, c) + X[12] + 0xe6db99e5), 11); /* 46 */
c = d + ROT_LEFT((c + H(d, a, b) + X[15] + 0x1fa27cf8), 16); /* 47 */
b = c + ROT_LEFT((b + H(c, d, a) + X[2] + 0xc4ac5665), 23); /* 48 */
/* round 4 */
a = b + ROT_LEFT((a + I(b, c, d) + X[ 0] + 0xf4292244), 6); /* 49 */
d = a + ROT_LEFT((d + I(a, b, c) + X[ 7] + 0x432aff97), 10); /* 50 */
c = d + ROT_LEFT((c + I(d, a, b) + X[14] + 0xab9423a7), 15); /* 51 */
b = c + ROT_LEFT((b + I(c, d, a) + X[ 5] + 0xfc93a039), 21); /* 52 */
a = b + ROT_LEFT((a + I(b, c, d) + X[12] + 0x655b59c3), 6); /* 53 */
d = a + ROT_LEFT((d + I(a, b, c) + X[ 3] + 0x8f0ccc92), 10); /* 54 */
c = d + ROT_LEFT((c + I(d, a, b) + X[10] + 0xffeff47d), 15); /* 55 */
b = c + ROT_LEFT((b + I(c, d, a) + X[ 1] + 0x85845dd1), 21); /* 56 */
a = b + ROT_LEFT((a + I(b, c, d) + X[ 8] + 0x6fa87e4f), 6); /* 57 */
d = a + ROT_LEFT((d + I(a, b, c) + X[15] + 0xfe2ce6e0), 10); /* 58 */
c = d + ROT_LEFT((c + I(d, a, b) + X[ 6] + 0xa3014314), 15); /* 59 */
b = c + ROT_LEFT((b + I(c, d, a) + X[13] + 0x4e0811a1), 21); /* 60 */
a = b + ROT_LEFT((a + I(b, c, d) + X[ 4] + 0xf7537e82), 6); /* 61 */
d = a + ROT_LEFT((d + I(a, b, c) + X[11] + 0xbd3af235), 10); /* 62 */
c = d + ROT_LEFT((c + I(d, a, b) + X[ 2] + 0x2ad7d2bb), 15); /* 63 */
b = c + ROT_LEFT((b + I(c, d, a) + X[ 9] + 0xeb86d391), 21); /* 64 */
a = b + ROT_LEFT((a + I(b, c, d) + X[0] + 0xf4292244), 6); /* 49 */
d = a + ROT_LEFT((d + I(a, b, c) + X[7] + 0x432aff97), 10); /* 50 */
c = d + ROT_LEFT((c + I(d, a, b) + X[14] + 0xab9423a7), 15); /* 51 */
b = c + ROT_LEFT((b + I(c, d, a) + X[5] + 0xfc93a039), 21); /* 52 */
a = b + ROT_LEFT((a + I(b, c, d) + X[12] + 0x655b59c3), 6); /* 53 */
d = a + ROT_LEFT((d + I(a, b, c) + X[3] + 0x8f0ccc92), 10); /* 54 */
c = d + ROT_LEFT((c + I(d, a, b) + X[10] + 0xffeff47d), 15); /* 55 */
b = c + ROT_LEFT((b + I(c, d, a) + X[1] + 0x85845dd1), 21); /* 56 */
a = b + ROT_LEFT((a + I(b, c, d) + X[8] + 0x6fa87e4f), 6); /* 57 */
d = a + ROT_LEFT((d + I(a, b, c) + X[15] + 0xfe2ce6e0), 10); /* 58 */
c = d + ROT_LEFT((c + I(d, a, b) + X[6] + 0xa3014314), 15); /* 59 */
b = c + ROT_LEFT((b + I(c, d, a) + X[13] + 0x4e0811a1), 21); /* 60 */
a = b + ROT_LEFT((a + I(b, c, d) + X[4] + 0xf7537e82), 6); /* 61 */
d = a + ROT_LEFT((d + I(a, b, c) + X[11] + 0xbd3af235), 10); /* 62 */
c = d + ROT_LEFT((c + I(d, a, b) + X[2] + 0x2ad7d2bb), 15); /* 63 */
b = c + ROT_LEFT((b + I(c, d, a) + X[9] + 0xeb86d391), 21); /* 64 */
state[0] += a;
state[1] += b;
@@ -181,11 +186,15 @@ doTheRounds(uint32 X[16], uint32 state[4])
static int
calculateDigestFromBuffer(uint8 *b, uint32 len, uint8 sum[16])
{
register uint32 i, j, k, newI;
uint32 l;
uint8 *input;
register uint32 i,
j,
k,
newI;
uint32 l;
uint8 *input;
register uint32 *wbp;
uint32 workBuff[16], state[4];
uint32 workBuff[16],
state[4];
l = len;
@@ -197,11 +206,13 @@ calculateDigestFromBuffer(uint8 *b, uint32 len, uint8 sum[16])
if ((input = createPaddedCopyWithLength(b, &l)) == NULL)
return 0;
for (i = 0;;) {
for (i = 0;;)
{
if ((newI = i + 16 * 4) > l)
break;
k = i + 3;
for (j = 0; j < 16; j++) {
for (j = 0; j < 16; j++)
{
wbp = (workBuff + j);
*wbp = input[k--];
*wbp <<= 8;
@@ -218,7 +229,8 @@ calculateDigestFromBuffer(uint8 *b, uint32 len, uint8 sum[16])
free(input);
j = 0;
for (i = 0; i < 4; i++) {
for (i = 0; i < 4; i++)
{
k = state[i];
sum[j++] = (k & 0xff);
k >>= 8;
@@ -235,9 +247,11 @@ static void
bytesToHex(uint8 b[16], char *s)
{
static char *hex = "0123456789abcdef";
int q, w;
int q,
w;
for (q = 0, w = 0; q < 16; q++) {
for (q = 0, w = 0; q < 16; q++)
{
s[w++] = hex[(b[q] >> 4) & 0x0F];
s[w++] = hex[b[q] & 0x0F];
}
@@ -245,39 +259,39 @@ bytesToHex(uint8 b[16], char *s)
}
/*
* PUBLIC FUNCTIONS
* PUBLIC FUNCTIONS
*/
/*
* md5_hash
* md5_hash
*
* Calculates the MD5 sum of the bytes in a buffer.
* Calculates the MD5 sum of the bytes in a buffer.
*
* SYNOPSIS #include "crypt.h"
* int md5_hash(const void *buff, size_t len, char *hexsum)
* SYNOPSIS #include "crypt.h"
* int md5_hash(const void *buff, size_t len, char *hexsum)
*
* INPUT buff the buffer containing the bytes that you want
* the MD5 sum of.
* len number of bytes in the buffer.
* INPUT buff the buffer containing the bytes that you want
* the MD5 sum of.
* len number of bytes in the buffer.
*
* OUTPUT hexsum the MD5 sum as a '\0'-terminated string of
* hexadecimal digits. an MD5 sum is 16 bytes long.
* each byte is represented by two heaxadecimal
* characters. you thus need to provide an array
* of 33 characters, including the trailing '\0'.
* OUTPUT hexsum the MD5 sum as a '\0'-terminated string of
* hexadecimal digits. an MD5 sum is 16 bytes long.
* each byte is represented by two heaxadecimal
* characters. you thus need to provide an array
* of 33 characters, including the trailing '\0'.
*
* RETURNS 0 on failure (out of memory for internal buffers) or
* non-zero on success.
* RETURNS 0 on failure (out of memory for internal buffers) or
* non-zero on success.
*
* STANDARDS MD5 is described in RFC 1321.
* STANDARDS MD5 is described in RFC 1321.
*
* AUTHOR Sverre H. Huseby <sverrehu@online.no>
* AUTHOR Sverre H. Huseby <sverrehu@online.no>
*
*/
bool
md5_hash(const void *buff, size_t len, char *hexsum)
{
uint8 sum[16];
uint8 sum[16];
if (!calculateDigestFromBuffer((uint8 *) buff, len, sum))
return false;
@@ -297,19 +311,20 @@ md5_hash(const void *buff, size_t len, char *hexsum)
*
* Returns TRUE if okay, FALSE on error (out of memory).
*/
bool EncryptMD5(const char *passwd, const char *salt, size_t salt_len,
char *buf)
bool
EncryptMD5(const char *passwd, const char *salt, size_t salt_len,
char *buf)
{
size_t passwd_len = strlen(passwd);
char *crypt_buf = palloc(passwd_len + salt_len);
bool ret;
size_t passwd_len = strlen(passwd);
char *crypt_buf = palloc(passwd_len + salt_len);
bool ret;
/*
* Place salt at the end because it may be known by users
* trying to crack the MD5 output.
*/
* Place salt at the end because it may be known by users trying to
* crack the MD5 output.
*/
strcpy(crypt_buf, passwd);
memcpy(crypt_buf+passwd_len, salt, salt_len);
memcpy(crypt_buf + passwd_len, salt, salt_len);
strcpy(buf, "md5");
ret = md5_hash(crypt_buf, passwd_len + salt_len, buf + 3);

8
src/backend/libpq/password.c
View File

@@ -2,7 +2,7 @@
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* $Id: password.c,v 1.39 2001/08/17 15:44:17 momjian Exp $
* $Id: password.c,v 1.40 2001/10/25 05:49:30 momjian Exp $
*
*/
@@ -78,9 +78,9 @@ verify_password(const Port *port, const char *user, const char *password)
/*
* If the password is empty or "+" then we use the regular
* pg_shadow passwords. If we use crypt then we have to use
* pg_shadow passwords no matter what. This is because
* the current code needs non-encrypted passwords to
* encrypt with a random salt.
* pg_shadow passwords no matter what. This is because the
* current code needs non-encrypted passwords to encrypt with
* a random salt.
*/
if (port->auth_method == uaMD5 ||
port->auth_method == uaCrypt ||

13
src/backend/libpq/pqcomm.c
View File

@@ -29,7 +29,7 @@
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* $Id: pqcomm.c,v 1.121 2001/08/07 15:55:16 tgl Exp $
* $Id: pqcomm.c,v 1.122 2001/10/25 05:49:30 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@@ -347,9 +347,9 @@ StreamServerPort(int family, char *hostName, unsigned short portNumber,
#endif /* HAVE_UNIX_SOCKETS */
/*
* Select appropriate accept-queue length limit. PG_SOMAXCONN is
* only intended to provide a clamp on the request on platforms where
* an overly large request provokes a kernel error (are there any?).
* Select appropriate accept-queue length limit. PG_SOMAXCONN is only
* intended to provide a clamp on the request on platforms where an
* overly large request provokes a kernel error (are there any?).
*/
maxconn = MaxBackends * 2;
if (maxconn > PG_SOMAXCONN)
@@ -401,6 +401,7 @@ StreamConnection(int server_fd, Port *port)
}
#ifdef SCO_ACCEPT_BUG
/*
* UnixWare 7+ and OpenServer 5.0.4 are known to have this bug, but it
* shouldn't hurt to catch it for all versions of those platforms.
@@ -701,8 +702,8 @@ pq_flush(void)
int
pq_eof(void)
{
char x;
int res;
char x;
int res;
res = recv(MyProcPort->sock, &x, 1, MSG_PEEK);

4
src/backend/libpq/pqformat.c
View File

@@ -16,7 +16,7 @@
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* $Id: pqformat.c,v 1.17 2001/04/16 01:46:57 tgl Exp $
* $Id: pqformat.c,v 1.18 2001/10/25 05:49:30 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@@ -90,7 +90,6 @@
#else
#error BYTE_ORDER not defined as anything understood
#endif
#endif
#endif
@@ -309,7 +308,6 @@ pq_getstr(StringInfo s)
#ifdef MULTIBYTE
char *p;
#endif
result = pq_getstring(s);

3
src/backend/libpq/util.c
View File

@@ -6,7 +6,7 @@
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* $Header: /cvsroot/pgsql/src/backend/libpq/Attic/util.c,v 1.17 2001/01/24 19:42:56 momjian Exp $
* $Header: /cvsroot/pgsql/src/backend/libpq/Attic/util.c,v 1.18 2001/10/25 05:49:30 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@@ -50,7 +50,6 @@ pqdebug(char *fmt, char *msg)
if (PQtracep)
{
/*
* if nothing else was suggested default to stderr
*/