mirror of
https://github.com/postgres/postgres.git
synced 2025-11-10 17:42:29 +03:00
First phase of FE/BE protocol modifications: new StartupPacket layout
with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
This commit is contained in:
Tom Lane
@@ -8,7 +8,7 @@
|
||||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.97 2003/02/14 14:05:00 momjian Exp $
|
||||
* $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.98 2003/04/17 22:26:01 tgl Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@@ -29,7 +29,6 @@
|
||||
#include "libpq/crypt.h"
|
||||
#include "libpq/hba.h"
|
||||
#include "libpq/libpq.h"
|
||||
#include "libpq/password.h"
|
||||
#include "libpq/pqcomm.h"
|
||||
#include "libpq/pqformat.h"
|
||||
#include "miscadmin.h"
|
||||
@@ -378,7 +377,7 @@ auth_failed(Port *port, int status)
|
||||
}
|
||||
|
||||
elog(FATAL, "%s authentication failed for user \"%s\"",
|
||||
authmethod, port->user);
|
||||
authmethod, port->user_name);
|
||||
/* doesn't return */
|
||||
}
|
||||
|
||||
@@ -427,7 +426,7 @@ ClientAuthentication(Port *port)
|
||||
|
||||
elog(FATAL,
|
||||
"No pg_hba.conf entry for host %s, user %s, database %s",
|
||||
hostinfo, port->user, port->database);
|
||||
hostinfo, port->user_name, port->database_name);
|
||||
break;
|
||||
}
|
||||
|
||||
@@ -638,10 +637,12 @@ CheckPAMAuth(Port *port, char *user, char *password)
|
||||
* not allocated */
|
||||
|
||||
/* Optionally, one can set the service name in pg_hba.conf */
|
||||
if (port->auth_arg[0] == '\0')
|
||||
retval = pam_start(PGSQL_PAM_SERVICE, "pgsql@", &pam_passw_conv, &pamh);
|
||||
if (port->auth_arg && port->auth_arg[0] != '\0')
|
||||
retval = pam_start(port->auth_arg, "pgsql@",
|
||||
&pam_passw_conv, &pamh);
|
||||
else
|
||||
retval = pam_start(port->auth_arg, "pgsql@", &pam_passw_conv, &pamh);
|
||||
retval = pam_start(PGSQL_PAM_SERVICE, "pgsql@",
|
||||
&pam_passw_conv, &pamh);
|
||||
|
||||
if (retval != PAM_SUCCESS)
|
||||
{
|
||||
@@ -741,7 +742,7 @@ recv_and_check_password_packet(Port *port)
|
||||
/* Do not echo password to logs, for security. */
|
||||
elog(DEBUG5, "received password packet");
|
||||
|
||||
result = md5_crypt_verify(port, port->user, buf.data);
|
||||
result = md5_crypt_verify(port, port->user_name, buf.data);
|
||||
|
||||
pfree(buf.data);
|
||||
return result;
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
* Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
|
||||
* Portions Copyright (c) 1994, Regents of the University of California
|
||||
*
|
||||
* $Header: /cvsroot/pgsql/src/backend/libpq/crypt.c,v 1.51 2002/12/05 18:52:42 momjian Exp $
|
||||
* $Header: /cvsroot/pgsql/src/backend/libpq/crypt.c,v 1.52 2003/04/17 22:26:01 tgl Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@@ -87,15 +87,19 @@ md5_crypt_verify(const Port *port, const char *user, char *client_pass)
|
||||
/* pg_shadow plain, double-encrypt */
|
||||
char *crypt_pwd2 = palloc(MD5_PASSWD_LEN + 1);
|
||||
|
||||
if (!EncryptMD5(shadow_pass, port->user, strlen(port->user),
|
||||
if (!EncryptMD5(shadow_pass,
|
||||
port->user_name,
|
||||
strlen(port->user_name),
|
||||
crypt_pwd2))
|
||||
{
|
||||
pfree(crypt_pwd);
|
||||
pfree(crypt_pwd2);
|
||||
return STATUS_ERROR;
|
||||
}
|
||||
if (!EncryptMD5(crypt_pwd2 + strlen("md5"), port->md5Salt,
|
||||
sizeof(port->md5Salt), crypt_pwd))
|
||||
if (!EncryptMD5(crypt_pwd2 + strlen("md5"),
|
||||
port->md5Salt,
|
||||
sizeof(port->md5Salt),
|
||||
crypt_pwd))
|
||||
{
|
||||
pfree(crypt_pwd);
|
||||
pfree(crypt_pwd2);
|
||||
@@ -117,7 +121,9 @@ md5_crypt_verify(const Port *port, const char *user, char *client_pass)
|
||||
{
|
||||
/* Encrypt user-supplied password to match MD5 in pg_shadow */
|
||||
crypt_client_pass = palloc(MD5_PASSWD_LEN + 1);
|
||||
if (!EncryptMD5(client_pass, port->user, strlen(port->user),
|
||||
if (!EncryptMD5(client_pass,
|
||||
port->user_name,
|
||||
strlen(port->user_name),
|
||||
crypt_client_pass))
|
||||
{
|
||||
pfree(crypt_client_pass);
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.98 2003/04/13 04:07:17 tgl Exp $
|
||||
* $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.99 2003/04/17 22:26:01 tgl Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@@ -471,15 +471,17 @@ check_db(char *dbname, char *user, char *param_str)
|
||||
|
||||
/*
|
||||
* Scan the rest of a host record (after the mask field)
|
||||
* and return the interpretation of it as *userauth_p, auth_arg, and
|
||||
* and return the interpretation of it as *userauth_p, *auth_arg_p, and
|
||||
* *error_p. line points to the next token of the line.
|
||||
*/
|
||||
static void
|
||||
parse_hba_auth(List *line, UserAuth *userauth_p, char *auth_arg,
|
||||
parse_hba_auth(List *line, UserAuth *userauth_p, char **auth_arg_p,
|
||||
bool *error_p)
|
||||
{
|
||||
char *token;
|
||||
|
||||
*auth_arg_p = NULL;
|
||||
|
||||
if (!line)
|
||||
*error_p = true;
|
||||
else
|
||||
@@ -514,11 +516,10 @@ parse_hba_auth(List *line, UserAuth *userauth_p, char *auth_arg,
|
||||
if (!*error_p)
|
||||
{
|
||||
/* Get the authentication argument token, if any */
|
||||
if (!line)
|
||||
auth_arg[0] = '\0';
|
||||
else
|
||||
if (line)
|
||||
{
|
||||
StrNCpy(auth_arg, lfirst(line), MAX_AUTH_ARG - 1);
|
||||
token = lfirst(line);
|
||||
*auth_arg_p = pstrdup(token);
|
||||
/* If there is more on the line, it is an error */
|
||||
if (lnext(line))
|
||||
*error_p = true;
|
||||
@@ -570,7 +571,7 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
|
||||
goto hba_syntax;
|
||||
|
||||
/* Read the rest of the line. */
|
||||
parse_hba_auth(line, &port->auth_method, port->auth_arg, error_p);
|
||||
parse_hba_auth(line, &port->auth_method, &port->auth_arg, error_p);
|
||||
if (*error_p)
|
||||
goto hba_syntax;
|
||||
|
||||
@@ -642,7 +643,7 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
|
||||
line = lnext(line);
|
||||
if (!line)
|
||||
goto hba_syntax;
|
||||
parse_hba_auth(line, &port->auth_method, port->auth_arg, error_p);
|
||||
parse_hba_auth(line, &port->auth_method, &port->auth_arg, error_p);
|
||||
if (*error_p)
|
||||
goto hba_syntax;
|
||||
|
||||
@@ -654,9 +655,9 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
|
||||
else
|
||||
goto hba_syntax;
|
||||
|
||||
if (!check_db(port->database, port->user, db))
|
||||
if (!check_db(port->database_name, port->user_name, db))
|
||||
return;
|
||||
if (!check_user(port->user, user))
|
||||
if (!check_user(port->user_name, user))
|
||||
return;
|
||||
|
||||
/* Success */
|
||||
@@ -946,7 +947,7 @@ check_ident_usermap(const char *usermap_name,
|
||||
bool found_entry = false,
|
||||
error = false;
|
||||
|
||||
if (usermap_name[0] == '\0')
|
||||
if (usermap_name == NULL || usermap_name[0] == '\0')
|
||||
{
|
||||
elog(LOG, "check_ident_usermap: hba configuration file does not "
|
||||
"have the usermap field filled in in the entry that pertains "
|
||||
@@ -1387,7 +1388,7 @@ authident(hbaPort *port)
|
||||
return STATUS_ERROR;
|
||||
}
|
||||
|
||||
if (check_ident_usermap(port->auth_arg, port->user, ident_user))
|
||||
if (check_ident_usermap(port->auth_arg, port->user_name, ident_user))
|
||||
return STATUS_OK;
|
||||
else
|
||||
return STATUS_ERROR;
|
||||
|
||||
Reference in New Issue
Block a user