Skip to content

Commit 84e103e

Browse files
hlinnakaafiskon
hlinnaka
authored and
afiskon
committed
cherry-pick 8d3b9cc 
1 parent 821a5df commit 84e103e

File tree

1 file changed

+16
-33
lines changed

1 file changed

+16
-33
lines changed

src/backend/libpq/auth.c

Lines changed: 16 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,8 @@
3939
* Global authentication functions
4040
*----------------------------------------------------------------
4141
*/
42-
static void sendAuthRequest(Port *port, AuthRequest areq);
42+
static void sendAuthRequest(Port *port, AuthRequest areq, char *extradata,
43+
int extralen);
4344
static void auth_failed(Port *port, int status, char *logdetail);
4445
static char *recv_password_packet(Port *port);
4546
static int recv_and_check_password_packet(Port *port, char **logdetail);
@@ -507,7 +508,7 @@ ClientAuthentication(Port *port)
507508

508509
case uaGSS:
509510
#ifdef ENABLE_GSS
510-
sendAuthRequest(port, AUTH_REQ_GSS);
511+
sendAuthRequest(port, AUTH_REQ_GSS, NULL, 0);
511512
status = pg_GSS_recvauth(port);
512513
#else
513514
Assert(false);
@@ -516,7 +517,7 @@ ClientAuthentication(Port *port)
516517

517518
case uaSSPI:
518519
#ifdef ENABLE_SSPI
519-
sendAuthRequest(port, AUTH_REQ_SSPI);
520+
sendAuthRequest(port, AUTH_REQ_SSPI, NULL, 0);
520521
status = pg_SSPI_recvauth(port);
521522
#else
522523
Assert(false);
@@ -544,7 +545,7 @@ ClientAuthentication(Port *port)
544545
break;
545546

546547
case uaPassword:
547-
sendAuthRequest(port, AUTH_REQ_PASSWORD);
548+
sendAuthRequest(port, AUTH_REQ_PASSWORD, NULL, 0);
548549
status = recv_and_check_password_packet(port, &logdetail);
549550
break;
550551

@@ -591,7 +592,7 @@ ClientAuthentication(Port *port)
591592
(*ClientAuthentication_hook) (port, status);
592593

593594
if (status == STATUS_OK)
594-
sendAuthRequest(port, AUTH_REQ_OK);
595+
sendAuthRequest(port, AUTH_REQ_OK, NULL, 0);
595596
else
596597
auth_failed(port, status, logdetail);
597598
}
@@ -601,36 +602,16 @@ ClientAuthentication(Port *port)
601602
* Send an authentication request packet to the frontend.
602603
*/
603604
static void
604-
sendAuthRequest(Port *port, AuthRequest areq)
605+
sendAuthRequest(Port *port, AuthRequest areq, char *extradata, int extralen)
605606
{
606607
StringInfoData buf;
607608

608609
CHECK_FOR_INTERRUPTS();
609610

610611
pq_beginmessage(&buf, 'R');
611612
pq_sendint(&buf, (int32) areq, sizeof(int32));
612-
613-
/* Add the salt for encrypted passwords. */
614-
if (areq == AUTH_REQ_MD5)
615-
pq_sendbytes(&buf, port->md5Salt, 4);
616-
617-
#if defined(ENABLE_GSS) || defined(ENABLE_SSPI)
618-
619-
/*
620-
* Add the authentication data for the next step of the GSSAPI or SSPI
621-
* negotiation.
622-
*/
623-
else if (areq == AUTH_REQ_GSS_CONT)
624-
{
625-
if (port->gss->outbuf.length > 0)
626-
{
627-
elog(DEBUG4, "sending GSS token of length %u",
628-
(unsigned int) port->gss->outbuf.length);
629-
630-
pq_sendbytes(&buf, port->gss->outbuf.value, port->gss->outbuf.length);
631-
}
632-
}
633-
#endif
613+
if (extralen > 0)
614+
pq_sendbytes(&buf, extradata, extralen);
634615

635616
pq_endmessage(&buf);
636617

@@ -957,7 +938,8 @@ pg_GSS_recvauth(Port *port)
957938
elog(DEBUG4, "sending GSS response token of length %u",
958939
(unsigned int) port->gss->outbuf.length);
959940

960-
sendAuthRequest(port, AUTH_REQ_GSS_CONT);
941+
sendAuthRequest(port, AUTH_REQ_GSS_CONT,
942+
port->gss->outbuf.value, port->gss->outbuf.length);
961943

962944
gss_release_buffer(&lmin_s, &port->gss->outbuf);
963945
}
@@ -1202,7 +1184,8 @@ pg_SSPI_recvauth(Port *port)
12021184
port->gss->outbuf.length = outbuf.pBuffers[0].cbBuffer;
12031185
port->gss->outbuf.value = outbuf.pBuffers[0].pvBuffer;
12041186

1205-
sendAuthRequest(port, AUTH_REQ_GSS_CONT);
1187+
sendAuthRequest(port, AUTH_REQ_GSS_CONT,
1188+
port->gss->outbuf.value, port->gss->outbuf.length);
12061189

12071190
FreeContextBuffer(outbuf.pBuffers[0].pvBuffer);
12081191
}
@@ -1830,7 +1813,7 @@ pam_passwd_conv_proc(int num_msg, const struct pam_message ** msg,
18301813
* let's go ask the client to send a password, which we
18311814
* then stuff into PAM.
18321815
*/
1833-
sendAuthRequest(pam_port_cludge, AUTH_REQ_PASSWORD);
1816+
sendAuthRequest(pam_port_cludge, AUTH_REQ_PASSWORD, NULL, 0);
18341817
passwd = recv_password_packet(pam_port_cludge);
18351818
if (passwd == NULL)
18361819
{
@@ -2160,7 +2143,7 @@ CheckLDAPAuth(Port *port)
21602143
if (port->hba->ldapport == 0)
21612144
port->hba->ldapport = LDAP_PORT;
21622145

2163-
sendAuthRequest(port, AUTH_REQ_PASSWORD);
2146+
sendAuthRequest(port, AUTH_REQ_PASSWORD, NULL, 0);
21642147

21652148
passwd = recv_password_packet(port);
21662149
if (passwd == NULL)
@@ -2520,7 +2503,7 @@ CheckRADIUSAuth(Port *port)
25202503
identifier = port->hba->radiusidentifier;
25212504

25222505
/* Send regular password request to client, and get the response */
2523-
sendAuthRequest(port, AUTH_REQ_PASSWORD);
2506+
sendAuthRequest(port, AUTH_REQ_PASSWORD, NULL, 0);
25242507

25252508
passwd = recv_password_packet(port);
25262509
if (passwd == NULL)

0 commit comments

Comments
 (0)