From: Phil Thompson <phil@river-bank.demon.co.uk>

I've completed the patch to fix the protocol and authentication issues I was discussing a couple of weeks ago. The particular changes are: - the protocol has a version number - network byte order is used throughout - the pg_hba.conf file is used to specify what method is used to authenticate a frontend (either password, ident, trust, reject, krb4 or krb5) - support for multiplexed backends is removed - appropriate changes to man pages - the -a switch to many programs to specify an authentication service no longer has any effect - the libpq.so version number has changed to 1.1 The new backend still supports the old protocol so old interfaces won't break.
2025-08-28 18:48:04 +03:00 · 1998-01-26 01:42:53 +00:00
parent 91d983aa11
commit d5bbe2aca5
41 changed files with 1611 additions and 2288 deletions
--- a/src/backend/libpq/password.c
+++ b/src/backend/libpq/password.c
@@ -1,6 +1,6 @@
 #include <postgres.h>
+#include <miscadmin.h>
 #include <libpq/password.h>
-#include <libpq/hba.h>
 #include <libpq/libpq.h>
 #include <storage/fd.h>
 #include <string.h>
@@ -10,56 +10,15 @@
 #endif

 int
-verify_password(char *user, char *password, Port *port,
-				char *database, char *DataDir)
+verify_password(char *auth_arg, char *user, char *password)
 {
-	bool		host_ok;
-	enum Userauth userauth;
-	char		pw_file_name[PWFILE_NAME_SIZE + 1];
+	char	*pw_file_fullname;
+	FILE	*pw_file;

-	char	   *pw_file_fullname;
-	FILE	   *pw_file;
-
-	char		pw_file_line[255];
-	char	   *p,
-			   *test_user,
-			   *test_pw;
-
-	find_hba_entry(DataDir, port->raddr.in.sin_addr, database,
-				   &host_ok, &userauth, pw_file_name, true);
-
-	if (!host_ok)
-	{
-		sprintf(PQerrormsg,
-		   "verify_password: couldn't find entry for connecting host\n");
-		fputs(PQerrormsg, stderr);
-		pqdebug("%s", PQerrormsg);
-		return STATUS_ERROR;
-	}
-
-	if (userauth != Password)
-	{
-		sprintf(PQerrormsg,
-				"verify_password: couldn't find entry of type 'password' "
-				"for this host\n");
-		fputs(PQerrormsg, stderr);
-		pqdebug("%s", PQerrormsg);
-		return STATUS_ERROR;
-	}
-
-	if (!pw_file_name || pw_file_name[0] == '\0')
-	{
-		sprintf(PQerrormsg,
-				"verify_password: no password file specified\n");
-		fputs(PQerrormsg, stderr);
-		pqdebug("%s", PQerrormsg);
-		return STATUS_ERROR;
-	}
-
-	pw_file_fullname = (char *) palloc(strlen(DataDir) + strlen(pw_file_name) + 2);
+	pw_file_fullname = (char *) palloc(strlen(DataDir) + strlen(auth_arg) + 2);
 	strcpy(pw_file_fullname, DataDir);
 	strcat(pw_file_fullname, "/");
-	strcat(pw_file_fullname, pw_file_name);
+	strcat(pw_file_fullname, auth_arg);

 	pw_file = AllocateFile(pw_file_fullname, "r");
 	if (!pw_file)
@@ -69,12 +28,17 @@ verify_password(char *user, char *password, Port *port,
 				pw_file_fullname);
 		fputs(PQerrormsg, stderr);
 		pqdebug("%s", PQerrormsg);
+
+		pfree(pw_file_fullname);
+
 		return STATUS_ERROR;
 	}

 	while (!feof(pw_file))
 	{
-		fgets(pw_file_line, 255, pw_file);
+		char pw_file_line[255], *p, *test_user, *test_pw;
+
+		fgets(pw_file_line, sizeof (pw_file_line), pw_file);
 		p = pw_file_line;

 		test_user = strtok(p, ":");
@@ -97,6 +61,9 @@ verify_password(char *user, char *password, Port *port,
 			if (strcmp(crypt(password, test_pw), test_pw) == 0)
 			{
 				/* it matched. */
+
+				pfree(pw_file_fullname);
+
 				return STATUS_OK;
 			}

@@ -105,6 +72,9 @@ verify_password(char *user, char *password, Port *port,
 					user);
 			fputs(PQerrormsg, stderr);
 			pqdebug("%s", PQerrormsg);
+
+			pfree(pw_file_fullname);
+
 			return STATUS_ERROR;
 		}
 	}
@@ -114,5 +84,8 @@ verify_password(char *user, char *password, Port *port,
 			user);
 	fputs(PQerrormsg, stderr);
 	pqdebug("%s", PQerrormsg);
+
+	pfree(pw_file_fullname);
+
 	return STATUS_ERROR;
 }