From 58445c5c8d1424038d654ad9ee8af3724c60105e Mon Sep 17 00:00:00 2001 From: Heikki Linnakangas Date: Mon, 12 Dec 2016 11:55:32 +0200 Subject: Further cleanup from the strong-random patch. Also use the new facility for generating RADIUS authenticator requests, and salt in chkpass extension. Reword the error messages to be nicer. Fix bogus error code used in the message in BackendStartup. --- src/backend/libpq/auth.c | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) (limited to 'src/backend/libpq/auth.c') diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 2b1841fb9bb..9b79dc517da 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -194,9 +194,6 @@ static int pg_SSPI_make_upn(char *accountname, * RADIUS Authentication *---------------------------------------------------------------- */ -#ifdef USE_OPENSSL -#include -#endif static int CheckRADIUSAuth(Port *port); @@ -718,7 +715,7 @@ CheckMD5Auth(Port *port, char **logdetail) if (!pg_backend_random(md5Salt, 4)) { ereport(LOG, - (errmsg("could not acquire random number for MD5 salt."))); + (errmsg("could not generate random MD5 salt."))); return STATUS_ERROR; } @@ -2550,18 +2547,12 @@ CheckRADIUSAuth(Port *port) /* Construct RADIUS packet */ packet->code = RADIUS_ACCESS_REQUEST; packet->length = RADIUS_HEADER_LENGTH; -#ifdef USE_OPENSSL - if (RAND_bytes(packet->vector, RADIUS_VECTOR_LENGTH) != 1) + if (!pg_backend_random((char *) packet->vector, RADIUS_VECTOR_LENGTH)) { ereport(LOG, (errmsg("could not generate random encryption vector"))); return STATUS_ERROR; } -#else - for (i = 0; i < RADIUS_VECTOR_LENGTH; i++) - /* Use a lower strengh random number of OpenSSL is not available */ - packet->vector[i] = random() % 255; -#endif packet->id = packet->vector[0]; radius_add_attribute(packet, RADIUS_SERVICE_TYPE, (unsigned char *) &service, sizeof(service)); radius_add_attribute(packet, RADIUS_USER_NAME, (unsigned char *) port->user_name, strlen(port->user_name)); -- cgit v1.2.3