Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit51bc3df

Browse files
committed
Arrange for the authentication request type to be preserved in
PGconn. Invent a new libpq connection-status function,PQconnectionUsedPassword() that returns true if the serverdemanded a password during authentication, false otherwise.This may be useful to clients in general, but is immediatelyuseful to help plug a privilege escalation path in dblink.Per list discussion and design proposed by Tom Lane.
1 parent8c69d88 commit51bc3df

File tree

6 files changed

+42
-7
lines changed

6 files changed

+42
-7
lines changed

‎doc/src/sgml/libpq.sgml

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.235 2007/03/30 03:19:02 momjian Exp $ -->
1+
<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.236 2007/07/08 17:11:50 joe Exp $ -->
22

33
<chapter id="libpq">
44
<title><application>libpq</application> - C Library</title>
@@ -1059,6 +1059,20 @@ SSL *PQgetssl(const PGconn *conn);
10591059
</listitem>
10601060
</varlistentry>
10611061

1062+
<varlistentry>
1063+
<term><function>PQconnectionUsedPassword</function><indexterm><primary>PQconnectionUsedPassword</></></term>
1064+
<listitem>
1065+
<para>
1066+
Returns true (1) if the connection authentication method
1067+
required a password to be supplied. Returns false (0)
1068+
otherwise.
1069+
<synopsis>
1070+
bool PQconnectionUsedPassword(const PGconn *conn);
1071+
</synopsis>
1072+
</para>
1073+
</listitem>
1074+
</varlistentry>
1075+
10621076
</variablelist>
10631077
</para>
10641078

‎src/include/libpq/pqcomm.h

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
* Portions Copyright (c) 1996-2007, PostgreSQL Global Development Group
1010
* Portions Copyright (c) 1994, Regents of the University of California
1111
*
12-
* $PostgreSQL: pgsql/src/include/libpq/pqcomm.h,v 1.102 2007/01/05 22:19:55 momjian Exp $
12+
* $PostgreSQL: pgsql/src/include/libpq/pqcomm.h,v 1.103 2007/07/08 17:11:51 joe Exp $
1313
*
1414
*-------------------------------------------------------------------------
1515
*/
@@ -156,6 +156,7 @@ extern bool Db_user_namespace;
156156
#defineAUTH_REQ_CRYPT4/* crypt password */
157157
#defineAUTH_REQ_MD55/* md5 password */
158158
#defineAUTH_REQ_SCM_CREDS6/* transfer SCM credentials */
159+
#defineAUTH_REQ_UNK7/* User has not yet attempted to authenticate */
159160

160161
typedefuint32AuthRequest;
161162

‎src/interfaces/libpq/exports.txt

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
# $PostgreSQL: pgsql/src/interfaces/libpq/exports.txt,v 1.15 2007/03/03 19:52:46 momjian Exp $
1+
# $PostgreSQL: pgsql/src/interfaces/libpq/exports.txt,v 1.16 2007/07/08 17:11:51 joe Exp $
22
# Functions to be exported by libpq DLLs
33
PQconnectdb 1
44
PQsetdbLogin 2
@@ -137,3 +137,4 @@ PQdescribePortal 134
137137
PQsendDescribePrepared 135
138138
PQsendDescribePortal 136
139139
lo_truncate 137
140+
PQconnectionUsedPassword 138

‎src/interfaces/libpq/fe-connect.c

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.345 2007/03/0819:27:28 mha Exp $
11+
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.346 2007/07/0817:11:51 joe Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -1641,6 +1641,10 @@ PQconnectPoll(PGconn *conn)
16411641
returnPGRES_POLLING_READING;
16421642
}
16431643

1644+
/* save the authentication request type */
1645+
if (conn->areq==AUTH_REQ_UNK)
1646+
conn->areq=areq;
1647+
16441648
/* Get the password salt if there is one. */
16451649
if (areq==AUTH_REQ_MD5)
16461650
{
@@ -1873,6 +1877,7 @@ makeEmptyPGconn(void)
18731877
conn->std_strings= false;/* unless server says differently */
18741878
conn->verbosity=PQERRORS_DEFAULT;
18751879
conn->sock=-1;
1880+
conn->areq=AUTH_REQ_UNK;
18761881
#ifdefUSE_SSL
18771882
conn->allow_ssl_try= true;
18781883
conn->wait_ssl_try= false;
@@ -3441,6 +3446,17 @@ PQsetClientEncoding(PGconn *conn, const char *encoding)
34413446
returnstatus;
34423447
}
34433448

3449+
bool
3450+
PQconnectionUsedPassword(constPGconn*conn)
3451+
{
3452+
if (conn->areq==AUTH_REQ_MD5||
3453+
conn->areq==AUTH_REQ_CRYPT||
3454+
conn->areq==AUTH_REQ_PASSWORD)
3455+
return true;
3456+
else
3457+
return false;
3458+
}
3459+
34443460
PGVerbosity
34453461
PQsetErrorVerbosity(PGconn*conn,PGVerbosityverbosity)
34463462
{

‎src/interfaces/libpq/libpq-fe.h

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
* Portions Copyright (c) 1996-2007, PostgreSQL Global Development Group
88
* Portions Copyright (c) 1994, Regents of the University of California
99
*
10-
* $PostgreSQL: pgsql/src/interfaces/libpq/libpq-fe.h,v 1.136 2007/03/03 19:52:46 momjian Exp $
10+
* $PostgreSQL: pgsql/src/interfaces/libpq/libpq-fe.h,v 1.137 2007/07/08 17:11:51 joe Exp $
1111
*
1212
*-------------------------------------------------------------------------
1313
*/
@@ -23,10 +23,11 @@ extern"C"
2323
#include<stdio.h>
2424

2525
/*
26-
*postgres_ext.hdefines the backend's externally visible types,
26+
* defines the backend's externally visible types,
2727
* such as Oid.
2828
*/
2929
#include"postgres_ext.h"
30+
#include"postgres_fe.h"
3031

3132
/* Application-visible enum types */
3233

@@ -265,6 +266,7 @@ extern intPQsocket(const PGconn *conn);
265266
externintPQbackendPID(constPGconn*conn);
266267
externintPQclientEncoding(constPGconn*conn);
267268
externintPQsetClientEncoding(PGconn*conn,constchar*encoding);
269+
externboolPQconnectionUsedPassword(constPGconn*conn);
268270

269271
/* Get the OpenSSL structure associated with a connection. Returns NULL for
270272
* unencrypted connections or if any other TLS library is in use. */

‎src/interfaces/libpq/libpq-int.h

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212
* Portions Copyright (c) 1996-2007, PostgreSQL Global Development Group
1313
* Portions Copyright (c) 1994, Regents of the University of California
1414
*
15-
* $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.119 2007/03/03 19:52:47 momjian Exp $
15+
* $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.120 2007/07/08 17:11:51 joe Exp $
1616
*
1717
*-------------------------------------------------------------------------
1818
*/
@@ -299,6 +299,7 @@ struct pg_conn
299299
SockAddrraddr;/* Remote address */
300300
ProtocolVersionpversion;/* FE/BE protocol version in use */
301301
intsversion;/* server version, e.g. 70401 for 7.4.1 */
302+
AuthRequestareq;/* server demanded password during auth */
302303

303304
/* Transient state needed while establishing connection */
304305
structaddrinfo*addrlist;/* list of possible backend addresses */

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp