Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commite710b65

Browse files
committed
Remove the use of the pg_auth flat file for client authentication.
(That flat file is now completely useless, but removal will come later.)To do this, postpone client authentication into the startup transactionthat's run by InitPostgres. We still collect the startup packet and doSSL initialization (if needed) at the same time we did before. TheAuthenticationTimeout is applied separately to startup packet collectionand the actual authentication cycle. (This is a bit annoying, since itmeans a couple extra syscalls; but the signal handling requirements insideand outside a transaction are sufficiently different that it seems bestto treat the timeouts as completely independent.)A small security disadvantage is that if the given database name is invalid,this will be reported to the client before any authentication happens.We could work around that by connecting to database "postgres" instead,but consensus seems to be that it's not worth introducing such surprisingbehavior.Processing of all command-line switches and GUC options received from theclient is now postponed until after authentication. This means thatPostAuthDelay is much less useful than it used to be --- if you need toinvestigate problems during InitPostgres you'll have to set PreAuthDelayinstead. However, allowing an unauthenticated user to set any GUC optionswhatever seems a bit too risky, so we'll live with that.
1 parent585806c commite710b65

File tree

15 files changed

+534
-603
lines changed

15 files changed

+534
-603
lines changed

‎src/backend/libpq/auth.c

Lines changed: 15 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.183 2009/06/25 11:30:08 mha Exp $
11+
* $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.184 2009/08/29 19:26:51 tgl Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -33,8 +33,10 @@
3333
#include"libpq/ip.h"
3434
#include"libpq/libpq.h"
3535
#include"libpq/pqformat.h"
36+
#include"miscadmin.h"
3637
#include"storage/ipc.h"
3738

39+
3840
/*----------------------------------------------------------------
3941
* Global authentication functions
4042
*----------------------------------------------------------------
@@ -281,6 +283,15 @@ ClientAuthentication(Port *port)
281283
errmsg("missing or erroneous pg_hba.conf file"),
282284
errhint("See server log for details.")));
283285

286+
/*
287+
* Enable immediate response to SIGTERM/SIGINT/timeout interrupts.
288+
* (We don't want this during hba_getauthmethod() because it might
289+
* have to do database access, eg for role membership checks.)
290+
*/
291+
ImmediateInterruptOK= true;
292+
/* And don't forget to detect one that already arrived */
293+
CHECK_FOR_INTERRUPTS();
294+
284295
/*
285296
* This is the first point where we have access to the hba record for the
286297
* current connection, so perform any verifications based on the hba
@@ -458,6 +469,9 @@ ClientAuthentication(Port *port)
458469
sendAuthRequest(port,AUTH_REQ_OK);
459470
else
460471
auth_failed(port,status);
472+
473+
/* Done with authentication, so we should turn off immediate interrupts */
474+
ImmediateInterruptOK= false;
461475
}
462476

463477

@@ -690,9 +704,6 @@ pg_krb5_recvauth(Port *port)
690704
char*kusername;
691705
char*cp;
692706

693-
if (get_role_line(port->user_name)==NULL)
694-
returnSTATUS_ERROR;
695-
696707
ret=pg_krb5_init(port);
697708
if (ret!=STATUS_OK)
698709
returnret;
@@ -1823,9 +1834,6 @@ authident(hbaPort *port)
18231834
{
18241835
charident_user[IDENT_USERNAME_MAX+1];
18251836

1826-
if (get_role_line(port->user_name)==NULL)
1827-
returnSTATUS_ERROR;
1828-
18291837
switch (port->raddr.addr.ss_family)
18301838
{
18311839
caseAF_INET:

‎src/backend/libpq/crypt.c

Lines changed: 49 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
* Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
1010
* Portions Copyright (c) 1994, Regents of the University of California
1111
*
12-
* $PostgreSQL: pgsql/src/backend/libpq/crypt.c,v 1.77 2009/01/01 17:23:42 momjian Exp $
12+
* $PostgreSQL: pgsql/src/backend/libpq/crypt.c,v 1.78 2009/08/29 19:26:51 tgl Exp $
1313
*
1414
*-------------------------------------------------------------------------
1515
*/
@@ -20,38 +20,63 @@
2020
#include<crypt.h>
2121
#endif
2222

23+
#include"catalog/pg_authid.h"
2324
#include"libpq/crypt.h"
2425
#include"libpq/md5.h"
26+
#include"miscadmin.h"
27+
#include"utils/builtins.h"
28+
#include"utils/syscache.h"
2529

2630

2731
int
2832
md5_crypt_verify(constPort*port,constchar*role,char*client_pass)
2933
{
30-
char*shadow_pass=NULL,
31-
*valuntil=NULL,
32-
*crypt_pwd;
3334
intretval=STATUS_ERROR;
34-
List**line;
35-
ListCell*token;
35+
char*shadow_pass,
36+
*crypt_pwd;
37+
TimestampTzvuntil=0;
3638
char*crypt_client_pass=client_pass;
39+
HeapTupleroleTup;
40+
Datumdatum;
41+
boolisnull;
42+
43+
/*
44+
* Disable immediate interrupts while doing database access. (Note
45+
* we don't bother to turn this back on if we hit one of the failure
46+
* conditions, since we can expect we'll just exit right away anyway.)
47+
*/
48+
ImmediateInterruptOK= false;
3749

38-
if ((line=get_role_line(role))==NULL)
39-
returnSTATUS_ERROR;
50+
/* Get role info from pg_authid */
51+
roleTup=SearchSysCache(AUTHNAME,
52+
PointerGetDatum(role),
53+
0,0,0);
54+
if (!HeapTupleIsValid(roleTup))
55+
returnSTATUS_ERROR;/* no such user */
4056

41-
/* Skip over rolename */
42-
token=list_head(*line);
43-
if (token)
44-
token=lnext(token);
45-
if (token)
57+
datum=SysCacheGetAttr(AUTHNAME,roleTup,
58+
Anum_pg_authid_rolpassword,&isnull);
59+
if (isnull)
4660
{
47-
shadow_pass= (char*)lfirst(token);
48-
token=lnext(token);
49-
if (token)
50-
valuntil= (char*)lfirst(token);
61+
ReleaseSysCache(roleTup);
62+
returnSTATUS_ERROR;/* user has no password */
5163
}
64+
shadow_pass=TextDatumGetCString(datum);
65+
66+
datum=SysCacheGetAttr(AUTHNAME,roleTup,
67+
Anum_pg_authid_rolvaliduntil,&isnull);
68+
if (!isnull)
69+
vuntil=DatumGetTimestampTz(datum);
5270

53-
if (shadow_pass==NULL||*shadow_pass=='\0')
54-
returnSTATUS_ERROR;
71+
ReleaseSysCache(roleTup);
72+
73+
if (*shadow_pass=='\0')
74+
returnSTATUS_ERROR;/* empty password */
75+
76+
/* Re-enable immediate response to SIGTERM/SIGINT/timeout interrupts */
77+
ImmediateInterruptOK= true;
78+
/* And don't forget to detect one that already arrived */
79+
CHECK_FOR_INTERRUPTS();
5580

5681
/*
5782
* Compare with the encrypted or plain password depending on the
@@ -119,24 +144,14 @@ md5_crypt_verify(const Port *port, const char *role, char *client_pass)
119144
if (strcmp(crypt_client_pass,crypt_pwd)==0)
120145
{
121146
/*
122-
* Password OK, now check to be sure we are not pastvaluntil
147+
* Password OK, now check to be sure we are not pastrolvaliduntil
123148
*/
124-
if (valuntil==NULL||*valuntil=='\0')
149+
if (isnull)
125150
retval=STATUS_OK;
151+
elseif (vuntil<GetCurrentTimestamp())
152+
retval=STATUS_ERROR;
126153
else
127-
{
128-
TimestampTzvuntil;
129-
130-
vuntil=DatumGetTimestampTz(DirectFunctionCall3(timestamptz_in,
131-
CStringGetDatum(valuntil),
132-
ObjectIdGetDatum(InvalidOid),
133-
Int32GetDatum(-1)));
134-
135-
if (vuntil<GetCurrentTimestamp())
136-
retval=STATUS_ERROR;
137-
else
138-
retval=STATUS_OK;
139-
}
154+
retval=STATUS_OK;
140155
}
141156

142157
if (port->hba->auth_method==uaMD5)

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp