diff options
Diffstat (limited to 'src/interfaces')
| -rw-r--r-- | src/interfaces/libpq/fe-auth.c | 149 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-auth.h | 25 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-connect.c | 54 |
3 files changed, 47 insertions, 181 deletions
diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c index 4b15ff643de..d2773134a29 100644 --- a/src/interfaces/libpq/fe-auth.c +++ b/src/interfaces/libpq/fe-auth.c @@ -10,7 +10,7 @@ * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes). * * IDENTIFICATION - * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.105 2005/10/15 02:49:48 momjian Exp $ + * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.106 2005/10/17 16:24:20 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -18,14 +18,9 @@ /* * INTERFACE ROUTINES * frontend (client) routines: - * fe_sendauth send authentication information - * fe_getauthname get user's name according to the client side + * pg_fe_sendauth send authentication information + * pg_fe_getauthname get user's name according to the client side * of the authentication system - * fe_setauthsvc set frontend authentication service - * fe_getauthsvc get current frontend authentication service - * - * - * */ #include "postgres_fe.h" @@ -35,7 +30,6 @@ #else #include <unistd.h> #include <fcntl.h> -#include <errno.h> #include <sys/types.h> #include <sys/param.h> /* for MAXHOSTNAMELEN on most */ #include <sys/socket.h> @@ -59,51 +53,6 @@ #include "libpq/crypt.h" -/* - * common definitions for generic fe/be routines - */ - -#define STARTUP_MSG 7 /* Initialise a connection */ -#define STARTUP_KRB4_MSG 10 /* krb4 session follows. Not supported any - * more. */ -#define STARTUP_KRB5_MSG 11 /* krb5 session follows */ -#define STARTUP_PASSWORD_MSG 14 /* Password follows */ - -struct authsvc -{ - const char *name; /* service nickname (for command line) */ - MsgType msgtype; /* startup packet header type */ - int allowed; /* initially allowed (before command line - * option parsing)? */ -}; - -/* - * Command-line parsing routines use this structure to map nicknames - * onto service types (and the startup packets to use with them). - * - * Programs receiving an authentication request use this structure to - * decide which authentication service types are currently permitted. - * By default, all authentication systems compiled into the system are - * allowed. Unauthenticated connections are disallowed unless there - * isn't any authentication system. - */ -static const struct authsvc authsvcs[] = { -#ifdef KRB5 - {"krb5", STARTUP_KRB5_MSG, 1}, - {"kerberos", STARTUP_KRB5_MSG, 1}, -#endif /* KRB5 */ - {UNAUTHNAME, STARTUP_MSG, -#ifdef KRB5 - 0 -#else /* !KRB5 */ - 1 -#endif /* !KRB5 */ - }, - {"password", STARTUP_PASSWORD_MSG, 0} -}; - -static const int n_authsvcs = sizeof(authsvcs) / sizeof(struct authsvc); - #ifdef KRB5 /* * MIT Kerberos authentication system - protocol version 5 @@ -329,8 +278,10 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname, const char *s return ret; } + #endif /* KRB5 */ + /* * Respond to AUTH_REQ_SCM_CREDS challenge. * @@ -417,14 +368,14 @@ pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq) } crypt_pwd2 = crypt_pwd + MD5_PASSWD_LEN + 1; - if (!EncryptMD5(password, conn->pguser, - strlen(conn->pguser), crypt_pwd2)) + if (!pg_md5_encrypt(password, conn->pguser, + strlen(conn->pguser), crypt_pwd2)) { free(crypt_pwd); return STATUS_ERROR; } - if (!EncryptMD5(crypt_pwd2 + strlen("md5"), conn->md5Salt, - sizeof(conn->md5Salt), crypt_pwd)) + if (!pg_md5_encrypt(crypt_pwd2 + strlen("md5"), conn->md5Salt, + sizeof(conn->md5Salt), crypt_pwd)) { free(crypt_pwd); return STATUS_ERROR; @@ -457,11 +408,12 @@ pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq) } /* - * fe_sendauth -- client demux routine for outgoing authentication information + * pg_fe_sendauth + * client demux routine for outgoing authentication information */ int -fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname, - const char *password, char *PQerrormsg) +pg_fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname, + const char *password, char *PQerrormsg) { #ifndef KRB5 (void) hostname; /* not used */ @@ -526,68 +478,18 @@ fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname, return STATUS_OK; } -/* - * fe_setauthsvc - * fe_getauthsvc - * - * Set/return the authentication service currently selected for use by the - * frontend. (You can only use one in the frontend, obviously.) - * - * NB: This is not thread-safe if different threads try to select different - * authentication services! It's OK for fe_getauthsvc to select the default, - * since that will be the same for all threads, but direct application use - * of fe_setauthsvc is not thread-safe. However, use of fe_setauthsvc is - * deprecated anyway... - */ - -static int pg_authsvc = -1; - -void -fe_setauthsvc(const char *name, char *PQerrormsg) -{ - int i; - - for (i = 0; i < n_authsvcs; ++i) - if (strcmp(name, authsvcs[i].name) == 0) - { - pg_authsvc = i; - break; - } - if (i == n_authsvcs) - { - snprintf(PQerrormsg, PQERRORMSG_LENGTH, - libpq_gettext("invalid authentication service name \"%s\", ignored\n"), - name); - } - return; -} - -MsgType -fe_getauthsvc(char *PQerrormsg) -{ - if (pg_authsvc < 0 || pg_authsvc >= n_authsvcs) - { - fe_setauthsvc(DEFAULT_CLIENT_AUTHSVC, PQerrormsg); - if (pg_authsvc < 0 || pg_authsvc >= n_authsvcs) - { - /* Can only get here if DEFAULT_CLIENT_AUTHSVC is misdefined */ - return 0; - } - } - return authsvcs[pg_authsvc].msgtype; -} /* - * fe_getauthname -- returns a pointer to dynamic space containing whatever + * pg_fe_getauthname -- returns a pointer to dynamic space containing whatever * name the user has authenticated to the system - * if there is an error, return the error message in PQerrormsg + * + * if there is an error, return NULL with an error message in PQerrormsg */ char * -fe_getauthname(char *PQerrormsg) +pg_fe_getauthname(char *PQerrormsg) { const char *name = NULL; char *authn; - MsgType authsvc; #ifdef WIN32 char username[128]; @@ -598,21 +500,13 @@ fe_getauthname(char *PQerrormsg) struct passwd *pw = NULL; #endif - authsvc = fe_getauthsvc(PQerrormsg); - - /* this just guards against broken DEFAULT_CLIENT_AUTHSVC, see above */ - if (authsvc == 0) - return NULL; /* leave original error message in place */ - pglock_thread(); #ifdef KRB5 - if (authsvc == STARTUP_KRB5_MSG) - name = pg_krb5_authname(PQerrormsg); + name = pg_krb5_authname(PQerrormsg); #endif - if (authsvc == STARTUP_MSG - || (authsvc == STARTUP_KRB5_MSG && !name)) + if (!name) { #ifdef WIN32 if (GetUserName(username, &namesize)) @@ -623,11 +517,6 @@ fe_getauthname(char *PQerrormsg) #endif } - if (authsvc != STARTUP_MSG && authsvc != STARTUP_KRB5_MSG) - snprintf(PQerrormsg, PQERRORMSG_LENGTH, - libpq_gettext("fe_getauthname: invalid authentication system: %d\n"), - authsvc); - authn = name ? strdup(name) : NULL; pgunlock_thread(); diff --git a/src/interfaces/libpq/fe-auth.h b/src/interfaces/libpq/fe-auth.h index 0e015711ec1..01b2fcc9d92 100644 --- a/src/interfaces/libpq/fe-auth.h +++ b/src/interfaces/libpq/fe-auth.h @@ -7,7 +7,7 @@ * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.h,v 1.22 2005/10/15 02:49:48 momjian Exp $ + * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.h,v 1.23 2005/10/17 16:24:20 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -18,27 +18,8 @@ #include "libpq-int.h" -/*---------------------------------------------------------------- - * Common routines and definitions - *---------------------------------------------------------------- - */ - -/* what we call "no authentication system" */ -#define UNAUTHNAME "unauth" - -/* what a frontend uses by default */ -#ifndef KRB5 -#define DEFAULT_CLIENT_AUTHSVC UNAUTHNAME -#else -#define DEFAULT_CLIENT_AUTHSVC "kerberos" -#endif /* KRB5 */ - -extern int fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname, +extern int pg_fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname, const char *password, char *PQerrormsg); -extern MsgType fe_getauthsvc(char *PQerrormsg); -extern void fe_setauthsvc(const char *name, char *PQerrormsg); -extern char *fe_getauthname(char *PQerrormsg); - -#define PG_KRB5_VERSION "PGVER5.1" /* at most KRB_SENDAUTH_VLEN chars */ +extern char *pg_fe_getauthname(char *PQerrormsg); #endif /* FE_AUTH_H */ diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index f9f3246f505..b378b65c82e 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.322 2005/10/15 02:49:48 momjian Exp $ + * $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.323 2005/10/17 16:24:20 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -98,7 +98,7 @@ * * The value for the username is treated specially in conninfo_parse. * If the Compiled-in resource is specified as a NULL value, the - * user is determined by fe_getauthname(). + * user is determined by pg_fe_getauthname(). * * The Label and Disp-Char entries are provided for applications that * want to use PQconndefaults() to create a generic database connection @@ -680,16 +680,14 @@ connectFailureMessage(PGconn *conn, int errorno) { char service[NI_MAXHOST]; - getnameinfo_all(&conn->raddr.addr, conn->raddr.salen, - NULL, 0, - service, sizeof(service), - NI_NUMERICSERV); + pg_getnameinfo_all(&conn->raddr.addr, conn->raddr.salen, + NULL, 0, + service, sizeof(service), + NI_NUMERICSERV); printfPQExpBuffer(&conn->errorMessage, - libpq_gettext( - "could not connect to server: %s\n" + libpq_gettext("could not connect to server: %s\n" "\tIs the server running locally and accepting\n" - "\tconnections on Unix domain socket \"%s\"?\n" - ), + "\tconnections on Unix domain socket \"%s\"?\n"), SOCK_STRERROR(errorno, sebuf, sizeof(sebuf)), service); } @@ -697,11 +695,9 @@ connectFailureMessage(PGconn *conn, int errorno) #endif /* HAVE_UNIX_SOCKETS */ { printfPQExpBuffer(&conn->errorMessage, - libpq_gettext( - "could not connect to server: %s\n" + libpq_gettext("could not connect to server: %s\n" "\tIs the server running on host \"%s\" and accepting\n" - "\tTCP/IP connections on port %s?\n" - ), + "\tTCP/IP connections on port %s?\n"), SOCK_STRERROR(errorno, sebuf, sizeof(sebuf)), conn->pghostaddr ? conn->pghostaddr @@ -738,7 +734,7 @@ connectDBStart(PGconn *conn) conn->outCount = 0; /* - * Determine the parameters to pass to getaddrinfo_all. + * Determine the parameters to pass to pg_getaddrinfo_all. */ /* Initialize hint structure */ @@ -780,8 +776,8 @@ connectDBStart(PGconn *conn) #endif /* HAVE_UNIX_SOCKETS */ } - /* Use getaddrinfo_all() to resolve the address */ - ret = getaddrinfo_all(node, portstr, &hint, &addrs); + /* Use pg_getaddrinfo_all() to resolve the address */ + ret = pg_getaddrinfo_all(node, portstr, &hint, &addrs); if (ret || !addrs) { if (node) @@ -793,7 +789,7 @@ connectDBStart(PGconn *conn) libpq_gettext("could not translate Unix-domain socket path \"%s\" to address: %s\n"), portstr, gai_strerror(ret)); if (addrs) - freeaddrinfo_all(hint.ai_family, addrs); + pg_freeaddrinfo_all(hint.ai_family, addrs); goto connect_errReturn; } @@ -1006,8 +1002,8 @@ keep_going: /* We will come back to here until there is { /* * Try to initiate a connection to one of the addresses - * returned by getaddrinfo_all(). conn->addr_cur is the next - * one to try. We fail when we run out of addresses + * returned by pg_getaddrinfo_all(). conn->addr_cur is the + * next one to try. We fail when we run out of addresses * (reporting the error returned for the *last* alternative, * which may not be what users expect :-(). */ @@ -1631,8 +1627,8 @@ keep_going: /* We will come back to here until there is * XXX fe-auth.c has not been fixed to support PQExpBuffers, * so: */ - if (fe_sendauth(areq, conn, conn->pghost, conn->pgpass, - conn->errorMessage.data) != STATUS_OK) + if (pg_fe_sendauth(areq, conn, conn->pghost, conn->pgpass, + conn->errorMessage.data) != STATUS_OK) { conn->errorMessage.len = strlen(conn->errorMessage.data); goto error_return; @@ -1640,9 +1636,9 @@ keep_going: /* We will come back to here until there is conn->errorMessage.len = strlen(conn->errorMessage.data); /* - * Just make sure that any data sent by fe_sendauth is flushed - * out. Although this theoretically could block, it really - * shouldn't since we don't send large auth responses. + * Just make sure that any data sent by pg_fe_sendauth is + * flushed out. Although this theoretically could block, it + * really shouldn't since we don't send large auth responses. */ if (pqFlush(conn)) goto error_return; @@ -1707,7 +1703,7 @@ keep_going: /* We will come back to here until there is } /* We can release the address list now. */ - freeaddrinfo_all(conn->addrlist_family, conn->addrlist); + pg_freeaddrinfo_all(conn->addrlist_family, conn->addrlist); conn->addrlist = NULL; conn->addr_cur = NULL; @@ -1910,7 +1906,7 @@ freePGconn(PGconn *conn) free(conn->krbsrvname); #endif /* Note that conn->Pfdebug is not ours to close or free */ - freeaddrinfo_all(conn->addrlist_family, conn->addrlist); + pg_freeaddrinfo_all(conn->addrlist_family, conn->addrlist); notify = conn->notifyHead; while (notify != NULL) { @@ -1985,7 +1981,7 @@ closePGconn(PGconn *conn) * absent */ conn->asyncStatus = PGASYNC_IDLE; pqClearAsyncResult(conn); /* deallocate result and curTuple */ - freeaddrinfo_all(conn->addrlist_family, conn->addrlist); + pg_freeaddrinfo_all(conn->addrlist_family, conn->addrlist); conn->addrlist = NULL; conn->addr_cur = NULL; notify = conn->notifyHead; @@ -2720,7 +2716,7 @@ conninfo_parse(const char *conninfo, PQExpBuffer errorMessage) */ if (strcmp(option->keyword, "user") == 0) { - option->val = fe_getauthname(errortmp); + option->val = pg_fe_getauthname(errortmp); /* note any error message is thrown away */ continue; } |