NotificationsYou must be signed in to change notification settings
Fork4.9k
Star17.8k

Commitea92f3a

committed

libpq: Trace frontend authentication challenges

If tracing was enabled during connection startup, these messages wouldpreviously be listed in the trace output as something like this:F54Unknown message: 70mismatched message length: consumed 4, expected 54With this commit their type and contents are now correctly listed:F36StartupMessage 3 0 "user" "foo" "database" "alvherre"F54SASLInitialResponse "SCRAM-SHA-256" 32 'n,,n=,r=nq5zEPR/VREHEpOAZzH8Rujm'F108SASLResponse 'c=biws,r=nq5zEPR/VREHEpOAZzH8RujmVtWZDQ8glcrvy9OMNw7ZqFUn,p=BBwAKe0WjSvigB6RsmmArAC+hwucLeuwJrR5C/HQD5M='Author: Jelte Fennema-Nio <postgres@jeltef.nl>Reviewed-by: Michael Paquier <michael@paquier.xyz>Discussion:https://postgr.es/m/CAGECzQSoPHtZ4xe0raJ6FYSEiPPS+YWXBhOGo+Y1YecLgknF3g@mail.gmail.com

1 parent12d6c72 commitea92f3aCopy full SHA for ea92f3a

File tree

3 files changed

+90

-1

lines changed

src/interfaces/libpq

3 files changed

+90

-1

lines changed

`‎src/interfaces/libpq/fe-auth.c`

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -124,6 +124,7 @@ pg_GSS_continue(PGconn *conn, int payloadlen)`
`124`	`124`	`* first or subsequent packet, just send the same kind of password`
`125`	`125`	`* packet.`
`126`	`126`	`*/`
	`127`	`+conn->current_auth_response=AUTH_RESPONSE_GSS;`
`127`	`128`	`if (pqPacketSend(conn,PqMsg_GSSResponse,`
`128`	`129`	`goutbuf.value,goutbuf.length)!=STATUS_OK)`
`129`	`130`	`{`
`@@ -324,6 +325,7 @@ pg_SSPI_continue(PGconn *conn, int payloadlen)`
`324`	`325`	`*/`
`325`	`326`	`if (outbuf.pBuffers[0].cbBuffer>0)`
`326`	`327`	`{`
	`328`	`+conn->current_auth_response=AUTH_RESPONSE_GSS;`
`327`	`329`	`if (pqPacketSend(conn,PqMsg_GSSResponse,`
`328`	`330`	`outbuf.pBuffers[0].pvBuffer,outbuf.pBuffers[0].cbBuffer))`
`329`	`331`	`{`
`@@ -597,8 +599,10 @@ pg_SASL_init(PGconn *conn, int payloadlen)`
`597`	`599`	`if (pqPutnchar(initialresponse,initialresponselen,conn))`
`598`	`600`	`gotoerror;`
`599`	`601`	`}`
	`602`	`+conn->current_auth_response=AUTH_RESPONSE_SASL_INITIAL;`
`600`	`603`	`if (pqPutMsgEnd(conn))`
`601`	`604`	`gotoerror;`
	`605`	`+`
`602`	`606`	`if (pqFlush(conn))`
`603`	`607`	`gotoerror;`
`604`	`608`
`@@ -683,6 +687,7 @@ pg_SASL_continue(PGconn *conn, int payloadlen, bool final)`
`683`	`687`	`/*`
`684`	`688`	`* Send the SASL response to the server.`
`685`	`689`	`*/`
	`690`	`+conn->current_auth_response=AUTH_RESPONSE_SASL;`
`686`	`691`	`res=pqPacketSend(conn,PqMsg_SASLResponse,output,outputlen);`
`687`	`692`	`free(output);`
`688`	`693`
`@@ -754,6 +759,7 @@ pg_password_sendauth(PGconn conn, const char password, AuthRequest areq)`
`754`	`759`	`default:`
`755`	`760`	`returnSTATUS_ERROR;`
`756`	`761`	`}`
	`762`	`+conn->current_auth_response=AUTH_RESPONSE_PASSWORD;`
`757`	`763`	`ret=pqPacketSend(conn,PqMsg_PasswordMessage,`
`758`	`764`	`pwd_to_send,strlen(pwd_to_send)+1);`
`759`	`765`	`free(crypt_pwd);`

`‎src/interfaces/libpq/fe-trace.c`

Lines changed: 69 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -354,6 +354,42 @@ pqTraceOutput_CopyFail(FILE f, const char message, int *cursor)`
`354`	`354`	`pqTraceOutputString(f,message,cursor, false);`
`355`	`355`	`}`
`356`	`356`
	`357`	`+staticvoid`
	`358`	`+pqTraceOutput_GSSResponse(FILEf,constcharmessage,int*cursor,`
	`359`	`+intlength,boolregress)`
	`360`	`+{`
	`361`	`+fprintf(f,"GSSResponse\t");`
	`362`	`+pqTraceOutputNchar(f,length-*cursor+1,message,cursor,regress);`
	`363`	`+}`
	`364`	`+`
	`365`	`+staticvoid`
	`366`	`+pqTraceOutput_PasswordMessage(FILEf,constcharmessage,int*cursor)`
	`367`	`+{`
	`368`	`+fprintf(f,"PasswordMessage\t");`
	`369`	`+pqTraceOutputString(f,message,cursor, false);`
	`370`	`+}`
	`371`	`+`
	`372`	`+staticvoid`
	`373`	`+pqTraceOutput_SASLInitialResponse(FILEf,constcharmessage,int*cursor,`
	`374`	`+boolregress)`
	`375`	`+{`
	`376`	`+intinitialResponse;`
	`377`	`+`
	`378`	`+fprintf(f,"SASLInitialResponse\t");`
	`379`	`+pqTraceOutputString(f,message,cursor, false);`
	`380`	`+initialResponse=pqTraceOutputInt32(f,message,cursor, false);`
	`381`	`+if (initialResponse!=-1)`
	`382`	`+pqTraceOutputNchar(f,initialResponse,message,cursor,regress);`
	`383`	`+}`
	`384`	`+`
	`385`	`+staticvoid`
	`386`	`+pqTraceOutput_SASLResponse(FILEf,constcharmessage,int*cursor,`
	`387`	`+intlength,boolregress)`
	`388`	`+{`
	`389`	`+fprintf(f,"SASLResponse\t");`
	`390`	`+pqTraceOutputNchar(f,length-*cursor+1,message,cursor,regress);`
	`391`	`+}`
	`392`	`+`
`357`	`393`	`staticvoid`
`358`	`394`	`pqTraceOutput_FunctionCall(FILEf,constcharmessage,int*cursor,boolregress)`
`359`	`395`	`{`
`@@ -610,6 +646,39 @@ pqTraceOutputMessage(PGconn conn, const char message, bool toServer)`
`610`	`646`	`casePqMsg_CopyFail:`
`611`	`647`	`pqTraceOutput_CopyFail(conn->Pfdebug,message,&logCursor);`
`612`	`648`	`break;`
	`649`	`+casePqMsg_GSSResponse:`
	`650`	`+Assert(PqMsg_GSSResponse==PqMsg_PasswordMessage);`
	`651`	`+Assert(PqMsg_GSSResponse==PqMsg_SASLInitialResponse);`
	`652`	`+Assert(PqMsg_GSSResponse==PqMsg_SASLResponse);`
	`653`	`+`
	`654`	`+/*`
	`655`	`+ * These messages share a common type byte, so we discriminate by`
	`656`	`+ * having the code store the auth type separately.`
	`657`	`+ */`
	`658`	`+switch (conn->current_auth_response)`
	`659`	`+{`
	`660`	`+caseAUTH_RESPONSE_GSS:`
	`661`	`+pqTraceOutput_GSSResponse(conn->Pfdebug,message,`
	`662`	`+&logCursor,length,regress);`
	`663`	`+break;`
	`664`	`+caseAUTH_RESPONSE_PASSWORD:`
	`665`	`+pqTraceOutput_PasswordMessage(conn->Pfdebug,message,`
	`666`	`+&logCursor);`
	`667`	`+break;`
	`668`	`+caseAUTH_RESPONSE_SASL_INITIAL:`
	`669`	`+pqTraceOutput_SASLInitialResponse(conn->Pfdebug,message,`
	`670`	`+&logCursor,regress);`
	`671`	`+break;`
	`672`	`+caseAUTH_RESPONSE_SASL:`
	`673`	`+pqTraceOutput_SASLResponse(conn->Pfdebug,message,`
	`674`	`+&logCursor,length,regress);`
	`675`	`+break;`
	`676`	`+default:`
	`677`	`+fprintf(conn->Pfdebug,"UnknownAuthenticationResponse");`
	`678`	`+break;`
	`679`	`+}`
	`680`	`+conn->current_auth_response='\0';`
	`681`	`+break;`
`613`	`682`	`casePqMsg_FunctionCall:`
`614`	`683`	`pqTraceOutput_FunctionCall(conn->Pfdebug,message,&logCursor,regress);`
`615`	`684`	`break;`

`‎src/interfaces/libpq/libpq-int.h`

Lines changed: 15 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -331,6 +331,18 @@ typedef enum`
`331`	`331`	`PGQUERY_CLOSE/* Close Statement or Portal */`
`332`	`332`	`}PGQueryClass;`
`333`	`333`
	`334`	`+`
	`335`	`+/*`
	`336`	`+ * valid values for pg_conn->current_auth_response. These are just for`
	`337`	`+ * libpq internal use: since authentication response types all use the`
	`338`	`+ * protocol byte 'p', fe-trace.c needs a way to distinguish them in order`
	`339`	`+ * to print them correctly.`
	`340`	`+ */`
	`341`	`+#defineAUTH_RESPONSE_GSS'G'`
	`342`	`+#defineAUTH_RESPONSE_PASSWORD'P'`
	`343`	`+#defineAUTH_RESPONSE_SASL_INITIAL'I'`
	`344`	`+#defineAUTH_RESPONSE_SASL'S'`
	`345`	`+`
`334`	`346`	`/*`
`335`	`347`	`* An entry in the pending command queue.`
`336`	`348`	`*/`
`@@ -490,7 +502,9 @@ struct pg_conn`
`490`	`502`	`* codes */`
`491`	`503`	`boolclient_finished_auth;/* have we finished our half of the`
`492`	`504`	`* authentication exchange? */`
`493`		`-`
	`505`	`+charcurrent_auth_response;/* used by pqTraceOutputMessage to`
	`506`	`+ * know which auth response we're`
	`507`	`+ * sending */`
`494`	`508`
`495`	`509`	`/* Transient state needed while establishing connection */`
`496`	`510`	`PGTargetServerTypetarget_server_type;/* desired session properties */`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitea92f3a

File tree

3 files changed

3 files changed

`‎src/interfaces/libpq/fe-auth.c`

`‎src/interfaces/libpq/fe-trace.c`

`‎src/interfaces/libpq/libpq-int.h`

0 commit comments