database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-11-07 19:06:32 +03:00
Code Activity

Clean up password authentication code a bit.

Browse Source 
Commit fe0a0b59, which moved code to do MD5 authentication to a separate
CheckMD5Auth() function, left behind a comment that really belongs inside
the function, too. Also move the check for db_user_namespace inside the
function, seems clearer that way.

Now that the md5 salt is passed as argument to md5_crypt_verify, it's a bit
silly that it peeks into the Port struct to see if MD5 authentication was
used. Seems more straightforward to treat it as an MD5 authentication, if
the md5 salt argument is given. And after that, md5_crypt_verify only used
the Port argument to look at port->user_name, but that is redundant,
because it is also passed as a separate 'role' argument. So remove the Port
argument altogether.
This commit is contained in:
Heikki Linnakangas
2016-12-08 13:44:47 +02:00
parent f7d54f4f7d
commit fe7bdf0bf6
3 changed files with 72 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/backend/libpq/auth.c
View File

@@ -50,14 +50,14 @@ static char *recv_password_packet(Port *port);
* MD5 authentication
*----------------------------------------------------------------
*/
static int CheckMD5Auth(Port *port, char **logdetail);
static int CheckMD5Auth(Port *port, char **logdetail);
/*----------------------------------------------------------------
* Plaintext password authentication
*----------------------------------------------------------------
*/
static int CheckPasswordAuth(Port *port, char **logdetail);
static int CheckPasswordAuth(Port *port, char **logdetail);
/*----------------------------------------------------------------
* Ident authentication
@@ -544,11 +544,6 @@ ClientAuthentication(Port *port)
break;
case uaMD5:
if (Db_user_namespace)
ereport(FATAL,
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled")));
/* include the salt to use for computing the response */
status = CheckMD5Auth(port, &logdetail);
break;
@@ -714,6 +709,12 @@ CheckMD5Auth(Port *port, char **logdetail)
char *passwd;
int result;
if (Db_user_namespace)
ereport(FATAL,
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled")));
/* include the salt to use for computing the response */
pg_backend_random(md5Salt, 4);
sendAuthRequest(port, AUTH_REQ_MD5, md5Salt, 4);
@@ -723,7 +724,7 @@ CheckMD5Auth(Port *port, char **logdetail)
if (passwd == NULL)
return STATUS_EOF; /* client wouldn't send password */
result = md5_crypt_verify(port, port->user_name, passwd, md5Salt, 4, logdetail);
result = md5_crypt_verify(port->user_name, passwd, md5Salt, 4, logdetail);
pfree(passwd);
@@ -748,7 +749,7 @@ CheckPasswordAuth(Port *port, char **logdetail)
if (passwd == NULL)
return STATUS_EOF; /* client wouldn't send password */
result = md5_crypt_verify(port, port->user_name, passwd, NULL, 0, logdetail);
result = md5_crypt_verify(port->user_name, passwd, NULL, 0, logdetail);
pfree(passwd);