*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.4 1996/10/13 04:49:32 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.9 1997/03/12 21:17:48 scrappy Exp $
*
*-------------------------------------------------------------------------
*/
#include <pwd.h>
#include <ctype.h> /* isspace() declaration */
+#include <sys/types.h> /* needed by in.h on Ultrix */
#include <netinet/in.h>
#include <arpa/inet.h>
+
+#include <postgres.h>
+#include <miscadmin.h>
+
#include <libpq/auth.h>
#include <libpq/libpq.h>
#include <libpq/libpq-be.h>
#include <libpq/hba.h>
+#include <libpq/password.h>
/*----------------------------------------------------------------
* common definitions for generic fe/be routines
{ "krb4", STARTUP_KRB4_MSG, 1 },
{ "krb5", STARTUP_KRB5_MSG, 1 },
#if defined(KRB5)
- { "kerberos", STARTUP_KRB5_MSG, 1 }
+ { "kerberos", STARTUP_KRB5_MSG, 1 },
#else
- { "kerberos", STARTUP_KRB4_MSG, 1 }
+ { "kerberos", STARTUP_KRB4_MSG, 1 },
#endif
+ { "password", STARTUP_PASSWORD_MSG, 1 }
};
static n_authsvcs = sizeof(authsvcs) / sizeof(struct authsvc);
*----------------------------------------------------------------
*/
-#include "krb.h"
+#include <krb.h>
#ifdef FRONTEND
/* moves to src/libpq/fe-auth.c */
*----------------------------------------------------------------
*/
-#include "krb5/krb5.h"
+#include <krb5/krb5.h>
/*
* pg_an_to_ln -- return the local name corresponding to an authentication
}
#endif /* KRB5 */
+static int
+pg_password_recvauth(Port *port, char *database, char *DataDir)
+{
+ PacketBuf buf;
+ char *user, *password;
+
+ if(PacketReceive(port, &buf, BLOCKING) != STATUS_OK) {
+ sprintf(PQerrormsg,
+ "pg_password_recvauth: failed to receive authentication packet.\n");
+ fputs(PQerrormsg, stderr);
+ pqdebug("%s", PQerrormsg);
+ return STATUS_ERROR;
+ }
+
+ user = buf.data;
+ password = buf.data + strlen(user) + 1;
+
+ return verify_password(user, password, port, database, DataDir);
+}
+
/*
* be_recvauth -- server demux routine for incoming authentication information
*/
*/
if (msgtype_arg == STARTUP_MSG && useHostBasedAuth)
msgtype = STARTUP_HBA_MSG;
- else
- msgtype = STARTUP_UNAUTH_MSG;
+ else
+ msgtype = msgtype_arg;
if (!username) {
(void) sprintf(PQerrormsg,
return(STATUS_ERROR);
}
break;
+ case STARTUP_PASSWORD_MSG:
+ if(!be_getauthsvc(msgtype)) {
+ sprintf(PQerrormsg,
+ "be_recvauth: "
+ "plaintext password authentication disallowed\n");
+ fputs(PQerrormsg, stderr);
+ pqdebug("%s", PQerrormsg);
+ return(STATUS_ERROR);
+ }
+ if(pg_password_recvauth(port, sp->database, DataDir) != STATUS_OK) {
+ /* pg_password_recvauth or lower-level routines have already set */
+ /* the error message */
+ return(STATUS_ERROR);
+ }
+ break;
default:
(void) sprintf(PQerrormsg,
"be_recvauth: unrecognized message type: %d\n",