diff options
| author | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2016-12-12 11:55:32 +0200 |
|---|---|---|
| committer | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2016-12-12 11:55:32 +0200 |
| commit | 58445c5c8d1424038d654ad9ee8af3724c60105e (patch) | |
| tree | 9cc62e1f560ba7b3fc6287a73a100926f913d6db /src/backend/libpq/auth.c | |
| parent | 9bbbf029dded76d7d86053ebad1c5f9ab2948904 (diff) | |
| download | postgresql-58445c5c8d1424038d654ad9ee8af3724c60105e.tar.gz postgresql-58445c5c8d1424038d654ad9ee8af3724c60105e.zip | |
Further cleanup from the strong-random patch.
Also use the new facility for generating RADIUS authenticator requests,
and salt in chkpass extension.
Reword the error messages to be nicer. Fix bogus error code used in the
message in BackendStartup.
Diffstat (limited to 'src/backend/libpq/auth.c')
| -rw-r--r-- | src/backend/libpq/auth.c | 13 |
1 files changed, 2 insertions, 11 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 2b1841fb9bb..9b79dc517da 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -194,9 +194,6 @@ static int pg_SSPI_make_upn(char *accountname, * RADIUS Authentication *---------------------------------------------------------------- */ -#ifdef USE_OPENSSL -#include <openssl/rand.h> -#endif static int CheckRADIUSAuth(Port *port); @@ -718,7 +715,7 @@ CheckMD5Auth(Port *port, char **logdetail) if (!pg_backend_random(md5Salt, 4)) { ereport(LOG, - (errmsg("could not acquire random number for MD5 salt."))); + (errmsg("could not generate random MD5 salt."))); return STATUS_ERROR; } @@ -2550,18 +2547,12 @@ CheckRADIUSAuth(Port *port) /* Construct RADIUS packet */ packet->code = RADIUS_ACCESS_REQUEST; packet->length = RADIUS_HEADER_LENGTH; -#ifdef USE_OPENSSL - if (RAND_bytes(packet->vector, RADIUS_VECTOR_LENGTH) != 1) + if (!pg_backend_random((char *) packet->vector, RADIUS_VECTOR_LENGTH)) { ereport(LOG, (errmsg("could not generate random encryption vector"))); return STATUS_ERROR; } -#else - for (i = 0; i < RADIUS_VECTOR_LENGTH; i++) - /* Use a lower strengh random number of OpenSSL is not available */ - packet->vector[i] = random() % 255; -#endif packet->id = packet->vector[0]; radius_add_attribute(packet, RADIUS_SERVICE_TYPE, (unsigned char *) &service, sizeof(service)); radius_add_attribute(packet, RADIUS_USER_NAME, (unsigned char *) port->user_name, strlen(port->user_name)); |