Skip to content

Commit 8d3b9cc

Browse files
hlinnakahlinnaka
committed
Refactor sendAuthRequest.
This way sendAuthRequest doesn't need to know the details of all the different authentication methods. This is in preparation for adding SCRAM authentication, which will add yet another authentication request message type, with different payload. Reviewed-By: Michael Paquier Discussion: <CAB7nPqQvO4sxLFeS9D+NM3wpy08ieZdAj_6e117MQHZAfxBFsg@mail.gmail.com>
1 parent 07ef035 commit 8d3b9cc

File tree

1 file changed

+18
-34
lines changed

1 file changed

+18
-34
lines changed

src/backend/libpq/auth.c

Lines changed: 18 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,8 @@
3636
* Global authentication functions
3737
*----------------------------------------------------------------
3838
*/
39-
static void sendAuthRequest(Port *port, AuthRequest areq);
39+
static void sendAuthRequest(Port *port, AuthRequest areq, char *extradata,
40+
int extralen);
4041
static void auth_failed(Port *port, int status, char *logdetail);
4142
static char *recv_password_packet(Port *port);
4243
static int recv_and_check_password_packet(Port *port, char **logdetail);
@@ -498,7 +499,7 @@ ClientAuthentication(Port *port)
498499

499500
case uaGSS:
500501
#ifdef ENABLE_GSS
501-
sendAuthRequest(port, AUTH_REQ_GSS);
502+
sendAuthRequest(port, AUTH_REQ_GSS, NULL, 0);
502503
status = pg_GSS_recvauth(port);
503504
#else
504505
Assert(false);
@@ -507,7 +508,7 @@ ClientAuthentication(Port *port)
507508

508509
case uaSSPI:
509510
#ifdef ENABLE_SSPI
510-
sendAuthRequest(port, AUTH_REQ_SSPI);
511+
sendAuthRequest(port, AUTH_REQ_SSPI, NULL, 0);
511512
status = pg_SSPI_recvauth(port);
512513
#else
513514
Assert(false);
@@ -531,12 +532,13 @@ ClientAuthentication(Port *port)
531532
ereport(FATAL,
532533
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
533534
errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled")));
534-
sendAuthRequest(port, AUTH_REQ_MD5);
535+
/* include the salt to use for computing the response */
536+
sendAuthRequest(port, AUTH_REQ_MD5, port->md5Salt, 4);
535537
status = recv_and_check_password_packet(port, &logdetail);
536538
break;
537539

538540
case uaPassword:
539-
sendAuthRequest(port, AUTH_REQ_PASSWORD);
541+
sendAuthRequest(port, AUTH_REQ_PASSWORD, NULL, 0);
540542
status = recv_and_check_password_packet(port, &logdetail);
541543
break;
542544

@@ -583,7 +585,7 @@ ClientAuthentication(Port *port)
583585
(*ClientAuthentication_hook) (port, status);
584586

585587
if (status == STATUS_OK)
586-
sendAuthRequest(port, AUTH_REQ_OK);
588+
sendAuthRequest(port, AUTH_REQ_OK, NULL, 0);
587589
else
588590
auth_failed(port, status, logdetail);
589591
}
@@ -593,36 +595,16 @@ ClientAuthentication(Port *port)
593595
* Send an authentication request packet to the frontend.
594596
*/
595597
static void
596-
sendAuthRequest(Port *port, AuthRequest areq)
598+
sendAuthRequest(Port *port, AuthRequest areq, char *extradata, int extralen)
597599
{
598600
StringInfoData buf;
599601

600602
CHECK_FOR_INTERRUPTS();
601603

602604
pq_beginmessage(&buf, 'R');
603605
pq_sendint(&buf, (int32) areq, sizeof(int32));
604-
605-
/* Add the salt for encrypted passwords. */
606-
if (areq == AUTH_REQ_MD5)
607-
pq_sendbytes(&buf, port->md5Salt, 4);
608-
609-
#if defined(ENABLE_GSS) || defined(ENABLE_SSPI)
610-
611-
/*
612-
* Add the authentication data for the next step of the GSSAPI or SSPI
613-
* negotiation.
614-
*/
615-
else if (areq == AUTH_REQ_GSS_CONT)
616-
{
617-
if (port->gss->outbuf.length > 0)
618-
{
619-
elog(DEBUG4, "sending GSS token of length %u",
620-
(unsigned int) port->gss->outbuf.length);
621-
622-
pq_sendbytes(&buf, port->gss->outbuf.value, port->gss->outbuf.length);
623-
}
624-
}
625-
#endif
606+
if (extralen > 0)
607+
pq_sendbytes(&buf, extradata, extralen);
626608

627609
pq_endmessage(&buf);
628610

@@ -934,7 +916,8 @@ pg_GSS_recvauth(Port *port)
934916
elog(DEBUG4, "sending GSS response token of length %u",
935917
(unsigned int) port->gss->outbuf.length);
936918

937-
sendAuthRequest(port, AUTH_REQ_GSS_CONT);
919+
sendAuthRequest(port, AUTH_REQ_GSS_CONT,
920+
port->gss->outbuf.value, port->gss->outbuf.length);
938921

939922
gss_release_buffer(&lmin_s, &port->gss->outbuf);
940923
}
@@ -1179,7 +1162,8 @@ pg_SSPI_recvauth(Port *port)
11791162
port->gss->outbuf.length = outbuf.pBuffers[0].cbBuffer;
11801163
port->gss->outbuf.value = outbuf.pBuffers[0].pvBuffer;
11811164

1182-
sendAuthRequest(port, AUTH_REQ_GSS_CONT);
1165+
sendAuthRequest(port, AUTH_REQ_GSS_CONT,
1166+
port->gss->outbuf.value, port->gss->outbuf.length);
11831167

11841168
FreeContextBuffer(outbuf.pBuffers[0].pvBuffer);
11851169
}
@@ -1807,7 +1791,7 @@ pam_passwd_conv_proc(int num_msg, const struct pam_message ** msg,
18071791
* let's go ask the client to send a password, which we
18081792
* then stuff into PAM.
18091793
*/
1810-
sendAuthRequest(pam_port_cludge, AUTH_REQ_PASSWORD);
1794+
sendAuthRequest(pam_port_cludge, AUTH_REQ_PASSWORD, NULL, 0);
18111795
passwd = recv_password_packet(pam_port_cludge);
18121796
if (passwd == NULL)
18131797
{
@@ -2137,7 +2121,7 @@ CheckLDAPAuth(Port *port)
21372121
if (port->hba->ldapport == 0)
21382122
port->hba->ldapport = LDAP_PORT;
21392123

2140-
sendAuthRequest(port, AUTH_REQ_PASSWORD);
2124+
sendAuthRequest(port, AUTH_REQ_PASSWORD, NULL, 0);
21412125

21422126
passwd = recv_password_packet(port);
21432127
if (passwd == NULL)
@@ -2497,7 +2481,7 @@ CheckRADIUSAuth(Port *port)
24972481
identifier = port->hba->radiusidentifier;
24982482

24992483
/* Send regular password request to client, and get the response */
2500-
sendAuthRequest(port, AUTH_REQ_PASSWORD);
2484+
sendAuthRequest(port, AUTH_REQ_PASSWORD, NULL, 0);
25012485

25022486
passwd = recv_password_packet(port);
25032487
if (passwd == NULL)

0 commit comments

Comments
 (0)