diff options
| author | Michael Paquier <michael@paquier.xyz> | 2022-01-14 11:25:39 +0900 |
|---|---|---|
| committer | Michael Paquier <michael@paquier.xyz> | 2022-01-14 11:25:39 +0900 |
| commit | ad5b6f248ab288c3252d8122d12a1eb410d4a0b6 (patch) | |
| tree | dd914d58c9e73ef85bad9978e7c249462374a404 /src/backend/libpq/auth.c | |
| parent | 4aee39ddb8fa748a6beea2bc1b48882990c226a7 (diff) | |
| download | postgresql-ad5b6f248ab288c3252d8122d12a1eb410d4a0b6.tar.gz postgresql-ad5b6f248ab288c3252d8122d12a1eb410d4a0b6.zip | |
Revert error handling improvements for cryptohashes
This reverts commits ab27df2, af8d530 and 3a0cced, that introduced
pg_cryptohash_error(). In order to make the core code able to pass down
the new error types that this introduced, some of the MD5-related
routines had to be reworked, causing an ABI breakage, but we found that
some external extensions rely on them. Maintaining compatibility
outweights the error report benefits, so just revert the change in v14.
Reported-by: Laurenz Albe
Discussion: https://postgr.es/m/9f0c0a96d28cf14fc87296bbe67061c14eb53ae8.camel@cybertec.at
Diffstat (limited to 'src/backend/libpq/auth.c')
| -rw-r--r-- | src/backend/libpq/auth.c | 36 |
1 files changed, 15 insertions, 21 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 0dd83cde066..be14f2f16dd 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -47,7 +47,7 @@ */ static void sendAuthRequest(Port *port, AuthRequest areq, const char *extradata, int extralen); -static void auth_failed(Port *port, int status, const char *logdetail); +static void auth_failed(Port *port, int status, char *logdetail); static char *recv_password_packet(Port *port); static void set_authn_id(Port *port, const char *id); @@ -56,11 +56,11 @@ static void set_authn_id(Port *port, const char *id); * Password-based authentication methods (password, md5, and scram-sha-256) *---------------------------------------------------------------- */ -static int CheckPasswordAuth(Port *port, const char **logdetail); -static int CheckPWChallengeAuth(Port *port, const char **logdetail); +static int CheckPasswordAuth(Port *port, char **logdetail); +static int CheckPWChallengeAuth(Port *port, char **logdetail); -static int CheckMD5Auth(Port *port, char *shadow_pass, const char **logdetail); -static int CheckSCRAMAuth(Port *port, char *shadow_pass, const char **logdetail); +static int CheckMD5Auth(Port *port, char *shadow_pass, char **logdetail); +static int CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail); /*---------------------------------------------------------------- @@ -258,7 +258,7 @@ ClientAuthentication_hook_type ClientAuthentication_hook = NULL; * particular, if logdetail isn't NULL, we send that string to the log. */ static void -auth_failed(Port *port, int status, const char *logdetail) +auth_failed(Port *port, int status, char *logdetail) { const char *errstr; char *cdetail; @@ -394,7 +394,7 @@ void ClientAuthentication(Port *port) { int status = STATUS_ERROR; - const char *logdetail = NULL; + char *logdetail = NULL; /* * Get the authentication method to use for this frontend/database @@ -780,7 +780,7 @@ recv_password_packet(Port *port) * Plaintext password authentication. */ static int -CheckPasswordAuth(Port *port, const char **logdetail) +CheckPasswordAuth(Port *port, char **logdetail) { char *passwd; int result; @@ -815,7 +815,7 @@ CheckPasswordAuth(Port *port, const char **logdetail) * MD5 and SCRAM authentication. */ static int -CheckPWChallengeAuth(Port *port, const char **logdetail) +CheckPWChallengeAuth(Port *port, char **logdetail) { int auth_result; char *shadow_pass; @@ -875,7 +875,7 @@ CheckPWChallengeAuth(Port *port, const char **logdetail) } static int -CheckMD5Auth(Port *port, char *shadow_pass, const char **logdetail) +CheckMD5Auth(Port *port, char *shadow_pass, char **logdetail) { char md5Salt[4]; /* Password salt */ char *passwd; @@ -912,7 +912,7 @@ CheckMD5Auth(Port *port, char *shadow_pass, const char **logdetail) } static int -CheckSCRAMAuth(Port *port, char *shadow_pass, const char **logdetail) +CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail) { StringInfoData sasl_mechs; int mtype; @@ -3240,8 +3240,6 @@ PerformRadiusTransaction(const char *server, const char *secret, const char *por md5trailer = packet->vector; for (i = 0; i < encryptedpasswordlen; i += RADIUS_VECTOR_LENGTH) { - const char *errstr = NULL; - memcpy(cryptvector + strlen(secret), md5trailer, RADIUS_VECTOR_LENGTH); /* @@ -3250,12 +3248,10 @@ PerformRadiusTransaction(const char *server, const char *secret, const char *por */ md5trailer = encryptedpassword + i; - if (!pg_md5_binary(cryptvector, strlen(secret) + RADIUS_VECTOR_LENGTH, - encryptedpassword + i, &errstr)) + if (!pg_md5_binary(cryptvector, strlen(secret) + RADIUS_VECTOR_LENGTH, encryptedpassword + i)) { ereport(LOG, - (errmsg("could not perform MD5 encryption of password: %s", - errstr))); + (errmsg("could not perform MD5 encryption of password"))); pfree(cryptvector); pg_freeaddrinfo_all(hint.ai_family, serveraddrs); return STATUS_ERROR; @@ -3340,7 +3336,6 @@ PerformRadiusTransaction(const char *server, const char *secret, const char *por struct timeval timeout; struct timeval now; int64 timeoutval; - const char *errstr = NULL; gettimeofday(&now, NULL); timeoutval = (endtime.tv_sec * 1000000 + endtime.tv_usec) - (now.tv_sec * 1000000 + now.tv_usec); @@ -3459,11 +3454,10 @@ PerformRadiusTransaction(const char *server, const char *secret, const char *por if (!pg_md5_binary(cryptvector, packetlength + strlen(secret), - encryptedpassword, &errstr)) + encryptedpassword)) { ereport(LOG, - (errmsg("could not perform MD5 encryption of received packet: %s", - errstr))); + (errmsg("could not perform MD5 encryption of received packet"))); pfree(cryptvector); continue; } |