diff options
Diffstat (limited to 'src/backend/libpq/auth.c')
| -rw-r--r-- | src/backend/libpq/auth.c | 33 |
1 files changed, 20 insertions, 13 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index b0d6988aff..9a266beb5d 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -45,7 +45,7 @@ * Global authentication functions *---------------------------------------------------------------- */ -static void auth_failed(Port *port, int status, char *logdetail); +static void auth_failed(Port *port, int status, const char *logdetail); static char *recv_password_packet(Port *port); static void set_authn_id(Port *port, const char *id); @@ -54,10 +54,11 @@ static void set_authn_id(Port *port, const char *id); * Password-based authentication methods (password, md5, and scram-sha-256) *---------------------------------------------------------------- */ -static int CheckPasswordAuth(Port *port, char **logdetail); -static int CheckPWChallengeAuth(Port *port, char **logdetail); +static int CheckPasswordAuth(Port *port, const char **logdetail); +static int CheckPWChallengeAuth(Port *port, const char **logdetail); -static int CheckMD5Auth(Port *port, char *shadow_pass, char **logdetail); +static int CheckMD5Auth(Port *port, char *shadow_pass, + const char **logdetail); /*---------------------------------------------------------------- @@ -247,7 +248,7 @@ ClientAuthentication_hook_type ClientAuthentication_hook = NULL; * particular, if logdetail isn't NULL, we send that string to the log. */ static void -auth_failed(Port *port, int status, char *logdetail) +auth_failed(Port *port, int status, const char *logdetail) { const char *errstr; char *cdetail; @@ -383,7 +384,7 @@ void ClientAuthentication(Port *port) { int status = STATUS_ERROR; - char *logdetail = NULL; + const char *logdetail = NULL; /* * Get the authentication method to use for this frontend/database @@ -769,7 +770,7 @@ recv_password_packet(Port *port) * Plaintext password authentication. */ static int -CheckPasswordAuth(Port *port, char **logdetail) +CheckPasswordAuth(Port *port, const char **logdetail) { char *passwd; int result; @@ -804,7 +805,7 @@ CheckPasswordAuth(Port *port, char **logdetail) * MD5 and SCRAM authentication. */ static int -CheckPWChallengeAuth(Port *port, char **logdetail) +CheckPWChallengeAuth(Port *port, const char **logdetail) { int auth_result; char *shadow_pass; @@ -866,7 +867,7 @@ CheckPWChallengeAuth(Port *port, char **logdetail) } static int -CheckMD5Auth(Port *port, char *shadow_pass, char **logdetail) +CheckMD5Auth(Port *port, char *shadow_pass, const char **logdetail) { char md5Salt[4]; /* Password salt */ char *passwd; @@ -3085,6 +3086,8 @@ PerformRadiusTransaction(const char *server, const char *secret, const char *por md5trailer = packet->vector; for (i = 0; i < encryptedpasswordlen; i += RADIUS_VECTOR_LENGTH) { + const char *errstr = NULL; + memcpy(cryptvector + strlen(secret), md5trailer, RADIUS_VECTOR_LENGTH); /* @@ -3093,10 +3096,12 @@ PerformRadiusTransaction(const char *server, const char *secret, const char *por */ md5trailer = encryptedpassword + i; - if (!pg_md5_binary(cryptvector, strlen(secret) + RADIUS_VECTOR_LENGTH, encryptedpassword + i)) + if (!pg_md5_binary(cryptvector, strlen(secret) + RADIUS_VECTOR_LENGTH, + encryptedpassword + i, &errstr)) { ereport(LOG, - (errmsg("could not perform MD5 encryption of password"))); + (errmsg("could not perform MD5 encryption of password: %s", + errstr))); pfree(cryptvector); pg_freeaddrinfo_all(hint.ai_family, serveraddrs); return STATUS_ERROR; @@ -3181,6 +3186,7 @@ PerformRadiusTransaction(const char *server, const char *secret, const char *por struct timeval timeout; struct timeval now; int64 timeoutval; + const char *errstr = NULL; gettimeofday(&now, NULL); timeoutval = (endtime.tv_sec * 1000000 + endtime.tv_usec) - (now.tv_sec * 1000000 + now.tv_usec); @@ -3299,10 +3305,11 @@ PerformRadiusTransaction(const char *server, const char *secret, const char *por if (!pg_md5_binary(cryptvector, packetlength + strlen(secret), - encryptedpassword)) + encryptedpassword, &errstr)) { ereport(LOG, - (errmsg("could not perform MD5 encryption of received packet"))); + (errmsg("could not perform MD5 encryption of received packet: %s", + errstr))); pfree(cryptvector); continue; } |