NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit58445c5

committed

Further cleanup from the strong-random patch.

Also use the new facility for generating RADIUS authenticator requests,and salt in chkpass extension.Reword the error messages to be nicer. Fix bogus error code used in themessage in BackendStartup.

1 parent9bbbf02 commit58445c5Copy full SHA for 58445c5

File tree

3 files changed

+13

-17

lines changed

contrib/chkpass
- chkpass.c
src/backend
- libpq
  - auth.c
- postmaster
  - postmaster.c

3 files changed

+13

-17

lines changed

`‎contrib/chkpass/chkpass.c`

Lines changed: 7 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,7 @@`
`17`	`17`	`#endif`
`18`	`18`
`19`	`19`	`#include"fmgr.h"`
	`20`	`+#include"utils/backend_random.h"`
`20`	`21`	`#include"utils/builtins.h"`
`21`	`22`
`22`	`23`	`PG_MODULE_MAGIC;`
`@@ -77,8 +78,12 @@ chkpass_in(PG_FUNCTION_ARGS)`
`77`	`78`
`78`	`79`	`result= (chkpass*)palloc0(sizeof(chkpass));`
`79`	`80`
`80`		`-mysalt[0]=salt_chars[random()&0x3f];`
`81`		`-mysalt[1]=salt_chars[random()&0x3f];`
	`81`	`+if (!pg_backend_random(mysalt,2))`
	`82`	`+ereport(ERROR,`
	`83`	`+(errmsg("could not generate random salt")));`
	`84`	`+`
	`85`	`+mysalt[0]=salt_chars[mysalt[0]&0x3f];`
	`86`	`+mysalt[1]=salt_chars[mysalt[1]&0x3f];`
`82`	`87`	`mysalt[2]=0;/* technically the terminator is not necessary`
`83`	`88`	`* but I like to play safe */`
`84`	`89`

`‎src/backend/libpq/auth.c`

Lines changed: 2 additions & 11 deletions

Original file line number	Diff line number	Diff line change
`@@ -194,9 +194,6 @@ static int pg_SSPI_make_upn(char *accountname,`
`194`	`194`	`* RADIUS Authentication`
`195`	`195`	`*----------------------------------------------------------------`
`196`	`196`	`*/`
`197`		`-#ifdefUSE_OPENSSL`
`198`		`-#include<openssl/rand.h>`
`199`		`-#endif`
`200`	`197`	`staticintCheckRADIUSAuth(Port*port);`
`201`	`198`
`202`	`199`
`@@ -718,7 +715,7 @@ CheckMD5Auth(Port port, char *logdetail)`
`718`	`715`	`if (!pg_backend_random(md5Salt,4))`
`719`	`716`	`{`
`720`	`717`	`ereport(LOG,`
`721`		`-(errmsg("could notacquire random number for MD5 salt.")));`
	`718`	`+(errmsg("could notgenerate random MD5 salt.")));`
`722`	`719`	`returnSTATUS_ERROR;`
`723`	`720`	`}`
`724`	`721`
`@@ -2550,18 +2547,12 @@ CheckRADIUSAuth(Port *port)`
`2550`	`2547`	`/* Construct RADIUS packet */`
`2551`	`2548`	`packet->code=RADIUS_ACCESS_REQUEST;`
`2552`	`2549`	`packet->length=RADIUS_HEADER_LENGTH;`
`2553`		`-#ifdefUSE_OPENSSL`
`2554`		`-if (RAND_bytes(packet->vector,RADIUS_VECTOR_LENGTH)!=1)`
	`2550`	`+if (!pg_backend_random((char*)packet->vector,RADIUS_VECTOR_LENGTH))`
`2555`	`2551`	`{`
`2556`	`2552`	`ereport(LOG,`
`2557`	`2553`	`(errmsg("could not generate random encryption vector")));`
`2558`	`2554`	`returnSTATUS_ERROR;`
`2559`	`2555`	`}`
`2560`		`-#else`
`2561`		`-for (i=0;i<RADIUS_VECTOR_LENGTH;i++)`
`2562`		`-/* Use a lower strengh random number of OpenSSL is not available */`
`2563`		`-packet->vector[i]=random() %255;`
`2564`		`-#endif`
`2565`	`2556`	`packet->id=packet->vector[0];`
`2566`	`2557`	`radius_add_attribute(packet,RADIUS_SERVICE_TYPE, (unsignedchar*)&service,sizeof(service));`
`2567`	`2558`	`radius_add_attribute(packet,RADIUS_USER_NAME, (unsignedchar*)port->user_name,strlen(port->user_name));`

`‎src/backend/postmaster/postmaster.c`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -3903,8 +3903,8 @@ BackendStartup(Port *port)`
`3903`	`3903`	`{`
`3904`	`3904`	`free(bn);`
`3905`	`3905`	`ereport(LOG,`
`3906`		`-(errcode(ERRCODE_OUT_OF_MEMORY),`
`3907`		`-errmsg("could notacquire randomnumber")));`
	`3906`	`+(errcode(ERRCODE_INTERNAL_ERROR),`
	`3907`	`+errmsg("could notgenerate randomcancel key")));`
`3908`	`3908`	`returnSTATUS_ERROR;`
`3909`	`3909`	`}`
`3910`	`3910`
`@@ -5288,7 +5288,7 @@ StartAutovacuumWorker(void)`
`5288`	`5288`	`{`
`5289`	`5289`	`ereport(LOG,`
`5290`	`5290`	`(errcode(ERRCODE_INTERNAL_ERROR),`
`5291`		`-errmsg("could notacquire randomnumber")));`
	`5291`	`+errmsg("could notgenerate randomcancel key")));`
`5292`	`5292`	`return;`
`5293`	`5293`	`}`
`5294`	`5294`
`@@ -5594,7 +5594,7 @@ assign_backendlist_entry(RegisteredBgWorker *rw)`
`5594`	`5594`	`{`
`5595`	`5595`	`ereport(LOG,`
`5596`	`5596`	`(errcode(ERRCODE_INTERNAL_ERROR),`
`5597`		`-errmsg("could notacquire randomnumber")));`
	`5597`	`+errmsg("could notgenerate randomcancel key")));`
`5598`	`5598`
`5599`	`5599`	`rw->rw_crashed_at=GetCurrentTimestamp();`
`5600`	`5600`	`return false;`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit58445c5

File tree

3 files changed

3 files changed

`‎contrib/chkpass/chkpass.c`

`‎src/backend/libpq/auth.c`

`‎src/backend/postmaster/postmaster.c`

0 commit comments