database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-09-02 04:21:28 +03:00
Code Activity

Revert "Replace PostmasterRandom() with a stronger way of generating randomness."

Browse Source 
This reverts commit 9e083fd468. That was a
few bricks shy of a load:

* Query cancel stopped working
* Buildfarm member pademelon stopped working, because the box doesn't have
  /dev/urandom nor /dev/random.

This clearly needs some more discussion, and a quite different patch, so
revert for now.
This commit is contained in:
Heikki Linnakangas
2016-10-18 16:28:23 +03:00
parent 7d3235ba42
commit faae1c918e
9 changed files with 383 additions and 243 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
src/backend/libpq/auth.c
View File

@@ -45,12 +45,6 @@ static void auth_failed(Port *port, int status, char *logdetail);
static char *recv_password_packet(Port *port);
static int recv_and_check_password_packet(Port *port, char **logdetail);
/*----------------------------------------------------------------
* MD5 authentication
*----------------------------------------------------------------
*/
static int CheckMD5Auth(Port *port, char **logdetail);
/*----------------------------------------------------------------
* Ident authentication
@@ -541,7 +535,9 @@ ClientAuthentication(Port *port)
ereport(FATAL,
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled")));
status = CheckMD5Auth(port, &logdetail);
/* include the salt to use for computing the response */
sendAuthRequest(port, AUTH_REQ_MD5, port->md5Salt, 4);
status = recv_and_check_password_packet(port, &logdetail);
break;
case uaPassword:
@@ -696,25 +692,10 @@ recv_password_packet(Port *port)
/*----------------------------------------------------------------
* MD5 and password authentication
* MD5 authentication
*----------------------------------------------------------------
*/
static int
CheckMD5Auth(Port *port, char **logdetail)
{
/* include the salt to use for computing the response */
if (!pg_strong_random(port->md5Salt, sizeof(port->md5Salt)))
{
*logdetail = psprintf(_("Could not generate random salt"));
return STATUS_ERROR;
}
sendAuthRequest(port, AUTH_REQ_MD5, port->md5Salt, 4);
return recv_and_check_password_packet(port, logdetail);
}
/*
* Called when we have sent an authorization request for a password.
* Get the response and check it.