diff options
| author | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2021-03-04 10:45:55 +0200 |
|---|---|---|
| committer | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2021-03-04 10:45:55 +0200 |
| commit | 3174d69fb96a66173224e60ec7053b988d5ed4d9 (patch) | |
| tree | 2dbeb5e94ccfde05b8d40a15b88e1107220fb9b1 /src/backend/libpq/auth.c | |
| parent | 0a687c8f103d217ff1ca8c34a644b380d89bb0ad (diff) | |
| download | postgresql-3174d69fb96a66173224e60ec7053b988d5ed4d9.tar.gz postgresql-3174d69fb96a66173224e60ec7053b988d5ed4d9.zip | |
Remove server and libpq support for old FE/BE protocol version 2.
Protocol version 3 was introduced in PostgreSQL 7.4. There shouldn't be
many clients or servers left out there without version 3 support. But as
a courtesy, I kept just enough of the old protocol support that we can
still send the "unsupported protocol version" error in v2 format, so that
old clients can display the message properly. Likewise, libpq still
understands v2 ErrorResponse messages when establishing a connection.
The impetus to do this now is that I'm working on a patch to COPY
FROM, to always prefetch some data. We cannot do that safely with the
old protocol, because it requires parsing the input one byte at a time
to detect the end-of-copy marker.
Reviewed-by: Tom Lane, Alvaro Herrera, John Naylor
Discussion: https://www.postgresql.org/message-id/9ec25819-0a8a-d51a-17dc-4150bb3cca3b%40iki.fi
Diffstat (limited to 'src/backend/libpq/auth.c')
| -rw-r--r-- | src/backend/libpq/auth.c | 80 |
1 files changed, 16 insertions, 64 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index baa0712c0f7..994251e7d9d 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -653,35 +653,26 @@ static char * recv_password_packet(Port *port) { StringInfoData buf; + int mtype; pq_startmsgread(); - if (PG_PROTOCOL_MAJOR(port->proto) >= 3) - { - /* Expect 'p' message type */ - int mtype; - mtype = pq_getbyte(); - if (mtype != 'p') - { - /* - * If the client just disconnects without offering a password, - * don't make a log entry. This is legal per protocol spec and in - * fact commonly done by psql, so complaining just clutters the - * log. - */ - if (mtype != EOF) - ereport(ERROR, - (errcode(ERRCODE_PROTOCOL_VIOLATION), - errmsg("expected password response, got message type %d", - mtype))); - return NULL; /* EOF or bad message type */ - } - } - else + /* Expect 'p' message type */ + mtype = pq_getbyte(); + if (mtype != 'p') { - /* For pre-3.0 clients, avoid log entry if they just disconnect */ - if (pq_peekbyte() == EOF) - return NULL; /* EOF */ + /* + * If the client just disconnects without offering a password, + * don't make a log entry. This is legal per protocol spec and in + * fact commonly done by psql, so complaining just clutters the + * log. + */ + if (mtype != EOF) + ereport(ERROR, + (errcode(ERRCODE_PROTOCOL_VIOLATION), + errmsg("expected password response, got message type %d", + mtype))); + return NULL; /* EOF or bad message type */ } initStringInfo(&buf); @@ -880,19 +871,6 @@ CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail) bool initial; /* - * SASL auth is not supported for protocol versions before 3, because it - * relies on the overall message length word to determine the SASL payload - * size in AuthenticationSASLContinue and PasswordMessage messages. (We - * used to have a hard rule that protocol messages must be parsable - * without relying on the length word, but we hardly care about older - * protocol version anymore.) - */ - if (PG_PROTOCOL_MAJOR(FrontendProtocol) < 3) - ereport(FATAL, - (errcode(ERRCODE_FEATURE_NOT_SUPPORTED), - errmsg("SASL authentication is not supported in protocol version 2"))); - - /* * Send the SASL authentication request to user. It includes the list of * authentication mechanisms that are supported. */ @@ -1042,19 +1020,6 @@ pg_GSS_recvauth(Port *port) gss_buffer_desc gbuf; /* - * GSS auth is not supported for protocol versions before 3, because it - * relies on the overall message length word to determine the GSS payload - * size in AuthenticationGSSContinue and PasswordMessage messages. (This - * is, in fact, a design error in our GSS support, because protocol - * messages are supposed to be parsable without relying on the length - * word; but it's not worth changing it now.) - */ - if (PG_PROTOCOL_MAJOR(FrontendProtocol) < 3) - ereport(FATAL, - (errcode(ERRCODE_FEATURE_NOT_SUPPORTED), - errmsg("GSSAPI is not supported in protocol version 2"))); - - /* * Use the configured keytab, if there is one. Unfortunately, Heimdal * doesn't support the cred store extensions, so use the env var. */ @@ -1324,19 +1289,6 @@ pg_SSPI_recvauth(Port *port) QUERY_SECURITY_CONTEXT_TOKEN_FN _QuerySecurityContextToken; /* - * SSPI auth is not supported for protocol versions before 3, because it - * relies on the overall message length word to determine the SSPI payload - * size in AuthenticationGSSContinue and PasswordMessage messages. (This - * is, in fact, a design error in our SSPI support, because protocol - * messages are supposed to be parsable without relying on the length - * word; but it's not worth changing it now.) - */ - if (PG_PROTOCOL_MAJOR(FrontendProtocol) < 3) - ereport(FATAL, - (errcode(ERRCODE_FEATURE_NOT_SUPPORTED), - errmsg("SSPI is not supported in protocol version 2"))); - - /* * Acquire a handle to the server credentials. */ r = AcquireCredentialsHandle(NULL, |