Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit8d3b9cc

Browse files
committed
Refactor sendAuthRequest.
This way sendAuthRequest doesn't need to know the details of all thedifferent authentication methods. This is in preparation for adding SCRAMauthentication, which will add yet another authentication request messagetype, with different payload.Reviewed-By: Michael PaquierDiscussion: <CAB7nPqQvO4sxLFeS9D+NM3wpy08ieZdAj_6e117MQHZAfxBFsg@mail.gmail.com>
1 parent07ef035 commit8d3b9cc

File tree

1 file changed

+18
-34
lines changed

1 file changed

+18
-34
lines changed

‎src/backend/libpq/auth.c

Lines changed: 18 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,8 @@
3636
* Global authentication functions
3737
*----------------------------------------------------------------
3838
*/
39-
staticvoidsendAuthRequest(Port*port,AuthRequestareq);
39+
staticvoidsendAuthRequest(Port*port,AuthRequestareq,char*extradata,
40+
intextralen);
4041
staticvoidauth_failed(Port*port,intstatus,char*logdetail);
4142
staticchar*recv_password_packet(Port*port);
4243
staticintrecv_and_check_password_packet(Port*port,char**logdetail);
@@ -498,7 +499,7 @@ ClientAuthentication(Port *port)
498499

499500
caseuaGSS:
500501
#ifdefENABLE_GSS
501-
sendAuthRequest(port,AUTH_REQ_GSS);
502+
sendAuthRequest(port,AUTH_REQ_GSS,NULL,0);
502503
status=pg_GSS_recvauth(port);
503504
#else
504505
Assert(false);
@@ -507,7 +508,7 @@ ClientAuthentication(Port *port)
507508

508509
caseuaSSPI:
509510
#ifdefENABLE_SSPI
510-
sendAuthRequest(port,AUTH_REQ_SSPI);
511+
sendAuthRequest(port,AUTH_REQ_SSPI,NULL,0);
511512
status=pg_SSPI_recvauth(port);
512513
#else
513514
Assert(false);
@@ -531,12 +532,13 @@ ClientAuthentication(Port *port)
531532
ereport(FATAL,
532533
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
533534
errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled")));
534-
sendAuthRequest(port,AUTH_REQ_MD5);
535+
/* include the salt to use for computing the response */
536+
sendAuthRequest(port,AUTH_REQ_MD5,port->md5Salt,4);
535537
status=recv_and_check_password_packet(port,&logdetail);
536538
break;
537539

538540
caseuaPassword:
539-
sendAuthRequest(port,AUTH_REQ_PASSWORD);
541+
sendAuthRequest(port,AUTH_REQ_PASSWORD,NULL,0);
540542
status=recv_and_check_password_packet(port,&logdetail);
541543
break;
542544

@@ -583,7 +585,7 @@ ClientAuthentication(Port *port)
583585
(*ClientAuthentication_hook) (port,status);
584586

585587
if (status==STATUS_OK)
586-
sendAuthRequest(port,AUTH_REQ_OK);
588+
sendAuthRequest(port,AUTH_REQ_OK,NULL,0);
587589
else
588590
auth_failed(port,status,logdetail);
589591
}
@@ -593,36 +595,16 @@ ClientAuthentication(Port *port)
593595
* Send an authentication request packet to the frontend.
594596
*/
595597
staticvoid
596-
sendAuthRequest(Port*port,AuthRequestareq)
598+
sendAuthRequest(Port*port,AuthRequestareq,char*extradata,intextralen)
597599
{
598600
StringInfoDatabuf;
599601

600602
CHECK_FOR_INTERRUPTS();
601603

602604
pq_beginmessage(&buf,'R');
603605
pq_sendint(&buf, (int32)areq,sizeof(int32));
604-
605-
/* Add the salt for encrypted passwords. */
606-
if (areq==AUTH_REQ_MD5)
607-
pq_sendbytes(&buf,port->md5Salt,4);
608-
609-
#if defined(ENABLE_GSS)|| defined(ENABLE_SSPI)
610-
611-
/*
612-
* Add the authentication data for the next step of the GSSAPI or SSPI
613-
* negotiation.
614-
*/
615-
elseif (areq==AUTH_REQ_GSS_CONT)
616-
{
617-
if (port->gss->outbuf.length>0)
618-
{
619-
elog(DEBUG4,"sending GSS token of length %u",
620-
(unsignedint)port->gss->outbuf.length);
621-
622-
pq_sendbytes(&buf,port->gss->outbuf.value,port->gss->outbuf.length);
623-
}
624-
}
625-
#endif
606+
if (extralen>0)
607+
pq_sendbytes(&buf,extradata,extralen);
626608

627609
pq_endmessage(&buf);
628610

@@ -934,7 +916,8 @@ pg_GSS_recvauth(Port *port)
934916
elog(DEBUG4,"sending GSS response token of length %u",
935917
(unsignedint)port->gss->outbuf.length);
936918

937-
sendAuthRequest(port,AUTH_REQ_GSS_CONT);
919+
sendAuthRequest(port,AUTH_REQ_GSS_CONT,
920+
port->gss->outbuf.value,port->gss->outbuf.length);
938921

939922
gss_release_buffer(&lmin_s,&port->gss->outbuf);
940923
}
@@ -1179,7 +1162,8 @@ pg_SSPI_recvauth(Port *port)
11791162
port->gss->outbuf.length=outbuf.pBuffers[0].cbBuffer;
11801163
port->gss->outbuf.value=outbuf.pBuffers[0].pvBuffer;
11811164

1182-
sendAuthRequest(port,AUTH_REQ_GSS_CONT);
1165+
sendAuthRequest(port,AUTH_REQ_GSS_CONT,
1166+
port->gss->outbuf.value,port->gss->outbuf.length);
11831167

11841168
FreeContextBuffer(outbuf.pBuffers[0].pvBuffer);
11851169
}
@@ -1807,7 +1791,7 @@ pam_passwd_conv_proc(int num_msg, const struct pam_message ** msg,
18071791
* let's go ask the client to send a password, which we
18081792
* then stuff into PAM.
18091793
*/
1810-
sendAuthRequest(pam_port_cludge,AUTH_REQ_PASSWORD);
1794+
sendAuthRequest(pam_port_cludge,AUTH_REQ_PASSWORD,NULL,0);
18111795
passwd=recv_password_packet(pam_port_cludge);
18121796
if (passwd==NULL)
18131797
{
@@ -2137,7 +2121,7 @@ CheckLDAPAuth(Port *port)
21372121
if (port->hba->ldapport==0)
21382122
port->hba->ldapport=LDAP_PORT;
21392123

2140-
sendAuthRequest(port,AUTH_REQ_PASSWORD);
2124+
sendAuthRequest(port,AUTH_REQ_PASSWORD,NULL,0);
21412125

21422126
passwd=recv_password_packet(port);
21432127
if (passwd==NULL)
@@ -2497,7 +2481,7 @@ CheckRADIUSAuth(Port *port)
24972481
identifier=port->hba->radiusidentifier;
24982482

24992483
/* Send regular password request to client, and get the response */
2500-
sendAuthRequest(port,AUTH_REQ_PASSWORD);
2484+
sendAuthRequest(port,AUTH_REQ_PASSWORD,NULL,0);
25012485

25022486
passwd=recv_password_packet(port);
25032487
if (passwd==NULL)

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp