* fe-auth.c
* The front-end (client) authorization routines
*
- * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
+ * Portions Copyright (c) 1996-2006, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* NOTE: the error message strings returned by this module must not
* exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.105 2005/10/15 02:49:48 momjian Exp $
+ * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.118 2006/07/14 04:59:30 momjian Exp $
*
*-------------------------------------------------------------------------
*/
/*
* INTERFACE ROUTINES
* frontend (client) routines:
- * fe_sendauth send authentication information
- * fe_getauthname get user's name according to the client side
+ * pg_fe_sendauth send authentication information
+ * pg_fe_getauthname get user's name according to the client side
* of the authentication system
- * fe_setauthsvc set frontend authentication service
- * fe_getauthsvc get current frontend authentication service
- *
- *
- *
*/
#include "postgres_fe.h"
#else
#include <unistd.h>
#include <fcntl.h>
-#include <errno.h>
#include <sys/types.h>
#include <sys/param.h> /* for MAXHOSTNAMELEN on most */
#include <sys/socket.h>
#include "libpq-fe.h"
#include "libpq-int.h"
#include "fe-auth.h"
-#include "libpq/crypt.h"
+#include "libpq/md5.h"
-/*
- * common definitions for generic fe/be routines
- */
-
-#define STARTUP_MSG 7 /* Initialise a connection */
-#define STARTUP_KRB4_MSG 10 /* krb4 session follows. Not supported any
- * more. */
-#define STARTUP_KRB5_MSG 11 /* krb5 session follows */
-#define STARTUP_PASSWORD_MSG 14 /* Password follows */
-
-struct authsvc
-{
- const char *name; /* service nickname (for command line) */
- MsgType msgtype; /* startup packet header type */
- int allowed; /* initially allowed (before command line
- * option parsing)? */
-};
-
-/*
- * Command-line parsing routines use this structure to map nicknames
- * onto service types (and the startup packets to use with them).
- *
- * Programs receiving an authentication request use this structure to
- * decide which authentication service types are currently permitted.
- * By default, all authentication systems compiled into the system are
- * allowed. Unauthenticated connections are disallowed unless there
- * isn't any authentication system.
- */
-static const struct authsvc authsvcs[] = {
-#ifdef KRB5
- {"krb5", STARTUP_KRB5_MSG, 1},
- {"kerberos", STARTUP_KRB5_MSG, 1},
-#endif /* KRB5 */
- {UNAUTHNAME, STARTUP_MSG,
-#ifdef KRB5
- 0
-#else /* !KRB5 */
- 1
-#endif /* !KRB5 */
- },
- {"password", STARTUP_PASSWORD_MSG, 0}
-};
-
-static const int n_authsvcs = sizeof(authsvcs) / sizeof(struct authsvc);
-
#ifdef KRB5
/*
* MIT Kerberos authentication system - protocol version 5
* Various krb5 state which is not connection specific, and a flag to
* indicate whether we have initialised it yet.
*/
+/*
static int pg_krb5_initialised;
static krb5_context pg_krb5_context;
static krb5_ccache pg_krb5_ccache;
static krb5_principal pg_krb5_client;
static char *pg_krb5_name;
+*/
+
+struct krb5_info
+{
+ int pg_krb5_initialised;
+ krb5_context pg_krb5_context;
+ krb5_ccache pg_krb5_ccache;
+ krb5_principal pg_krb5_client;
+ char *pg_krb5_name;
+};
static int
-pg_krb5_init(char *PQerrormsg)
+pg_krb5_init(char *PQerrormsg, struct krb5_info *info)
{
krb5_error_code retval;
- if (pg_krb5_initialised)
+ if (info->pg_krb5_initialised)
return STATUS_OK;
- retval = krb5_init_context(&pg_krb5_context);
+ retval = krb5_init_context(&(info->pg_krb5_context));
if (retval)
{
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
return STATUS_ERROR;
}
- retval = krb5_cc_default(pg_krb5_context, &pg_krb5_ccache);
+ retval = krb5_cc_default(info->pg_krb5_context, &(info->pg_krb5_ccache));
if (retval)
{
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
"pg_krb5_init: krb5_cc_default: %s\n",
error_message(retval));
- krb5_free_context(pg_krb5_context);
+ krb5_free_context(info->pg_krb5_context);
return STATUS_ERROR;
}
- retval = krb5_cc_get_principal(pg_krb5_context, pg_krb5_ccache,
- &pg_krb5_client);
+ retval = krb5_cc_get_principal(info->pg_krb5_context, info->pg_krb5_ccache,
+ &(info->pg_krb5_client));
if (retval)
{
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
"pg_krb5_init: krb5_cc_get_principal: %s\n",
error_message(retval));
- krb5_cc_close(pg_krb5_context, pg_krb5_ccache);
- krb5_free_context(pg_krb5_context);
+ krb5_cc_close(info->pg_krb5_context, info->pg_krb5_ccache);
+ krb5_free_context(info->pg_krb5_context);
return STATUS_ERROR;
}
- retval = krb5_unparse_name(pg_krb5_context, pg_krb5_client, &pg_krb5_name);
+ retval = krb5_unparse_name(info->pg_krb5_context, info->pg_krb5_client, &(info->pg_krb5_name));
if (retval)
{
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
"pg_krb5_init: krb5_unparse_name: %s\n",
error_message(retval));
- krb5_free_principal(pg_krb5_context, pg_krb5_client);
- krb5_cc_close(pg_krb5_context, pg_krb5_ccache);
- krb5_free_context(pg_krb5_context);
+ krb5_free_principal(info->pg_krb5_context, info->pg_krb5_client);
+ krb5_cc_close(info->pg_krb5_context, info->pg_krb5_ccache);
+ krb5_free_context(info->pg_krb5_context);
return STATUS_ERROR;
}
- pg_krb5_name = pg_an_to_ln(pg_krb5_name);
+ info->pg_krb5_name = pg_an_to_ln(info->pg_krb5_name);
- pg_krb5_initialised = 1;
+ info->pg_krb5_initialised = 1;
return STATUS_OK;
}
+static void
+pg_krb5_destroy(struct krb5_info *info)
+{
+ krb5_free_principal(info->pg_krb5_context, info->pg_krb5_client);
+ krb5_cc_close(info->pg_krb5_context, info->pg_krb5_ccache);
+ krb5_free_context(info->pg_krb5_context);
+ free(info->pg_krb5_name);
+}
+
+
/*
- * pg_krb5_authname -- returns a pointer to static space containing whatever
- * name the user has authenticated to the system
- */
-static const char *
+ * pg_krb5_authname -- returns a copy of whatever name the user
+ * has authenticated to the system, or NULL
+ */
+static char *
pg_krb5_authname(char *PQerrormsg)
{
- if (pg_krb5_init(PQerrormsg) != STATUS_OK)
+ char *tmp_name;
+ struct krb5_info info;
+ info.pg_krb5_initialised = 0;
+
+ if (pg_krb5_init(PQerrormsg, &info) != STATUS_OK)
return NULL;
+ tmp_name = strdup(info.pg_krb5_name);
+ pg_krb5_destroy(&info);
- return pg_krb5_name;
+ return tmp_name;
}
krb5_principal server;
krb5_auth_context auth_context = NULL;
krb5_error *err_ret = NULL;
+ struct krb5_info info;
+ info.pg_krb5_initialised = 0;
if (!hostname)
{
return STATUS_ERROR;
}
- ret = pg_krb5_init(PQerrormsg);
+ ret = pg_krb5_init(PQerrormsg, &info);
if (ret != STATUS_OK)
return ret;
- retval = krb5_sname_to_principal(pg_krb5_context, hostname, servicename,
+ retval = krb5_sname_to_principal(info.pg_krb5_context, hostname, servicename,
KRB5_NT_SRV_HST, &server);
if (retval)
{
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
"pg_krb5_sendauth: krb5_sname_to_principal: %s\n",
error_message(retval));
+ pg_krb5_destroy(&info);
return STATUS_ERROR;
}
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
libpq_gettext("could not set socket to blocking mode: %s\n"), pqStrerror(errno, sebuf, sizeof(sebuf)));
- krb5_free_principal(pg_krb5_context, server);
+ krb5_free_principal(info.pg_krb5_context, server);
+ pg_krb5_destroy(&info);
return STATUS_ERROR;
}
- retval = krb5_sendauth(pg_krb5_context, &auth_context,
+ retval = krb5_sendauth(info.pg_krb5_context, &auth_context,
(krb5_pointer) & sock, (char *) servicename,
- pg_krb5_client, server,
+ info.pg_krb5_client, server,
AP_OPTS_MUTUAL_REQUIRED,
NULL, 0, /* no creds, use ccache instead */
- pg_krb5_ccache, &err_ret, NULL, NULL);
+ info.pg_krb5_ccache, &err_ret, NULL, NULL);
if (retval)
{
if (retval == KRB5_SENDAUTH_REJECTED && err_ret)
}
if (err_ret)
- krb5_free_error(pg_krb5_context, err_ret);
+ krb5_free_error(info.pg_krb5_context, err_ret);
ret = STATUS_ERROR;
}
- krb5_free_principal(pg_krb5_context, server);
+ krb5_free_principal(info.pg_krb5_context, server);
if (!pg_set_noblock(sock))
{
pqStrerror(errno, sebuf, sizeof(sebuf)));
ret = STATUS_ERROR;
}
+ pg_krb5_destroy(&info);
return ret;
}
#endif /* KRB5 */
+
/*
* Respond to AUTH_REQ_SCM_CREDS challenge.
*
}
crypt_pwd2 = crypt_pwd + MD5_PASSWD_LEN + 1;
- if (!EncryptMD5(password, conn->pguser,
- strlen(conn->pguser), crypt_pwd2))
+ if (!pg_md5_encrypt(password, conn->pguser,
+ strlen(conn->pguser), crypt_pwd2))
{
free(crypt_pwd);
return STATUS_ERROR;
}
- if (!EncryptMD5(crypt_pwd2 + strlen("md5"), conn->md5Salt,
- sizeof(conn->md5Salt), crypt_pwd))
+ if (!pg_md5_encrypt(crypt_pwd2 + strlen("md5"), conn->md5Salt,
+ sizeof(conn->md5Salt), crypt_pwd))
{
free(crypt_pwd);
return STATUS_ERROR;
}
/*
- * fe_sendauth -- client demux routine for outgoing authentication information
+ * pg_fe_sendauth
+ * client demux routine for outgoing authentication information
*/
int
-fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname,
- const char *password, char *PQerrormsg)
+pg_fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname,
+ const char *password, char *PQerrormsg)
{
#ifndef KRB5
(void) hostname; /* not used */
return STATUS_OK;
}
-/*
- * fe_setauthsvc
- * fe_getauthsvc
- *
- * Set/return the authentication service currently selected for use by the
- * frontend. (You can only use one in the frontend, obviously.)
- *
- * NB: This is not thread-safe if different threads try to select different
- * authentication services! It's OK for fe_getauthsvc to select the default,
- * since that will be the same for all threads, but direct application use
- * of fe_setauthsvc is not thread-safe. However, use of fe_setauthsvc is
- * deprecated anyway...
- */
-
-static int pg_authsvc = -1;
-
-void
-fe_setauthsvc(const char *name, char *PQerrormsg)
-{
- int i;
-
- for (i = 0; i < n_authsvcs; ++i)
- if (strcmp(name, authsvcs[i].name) == 0)
- {
- pg_authsvc = i;
- break;
- }
- if (i == n_authsvcs)
- {
- snprintf(PQerrormsg, PQERRORMSG_LENGTH,
- libpq_gettext("invalid authentication service name \"%s\", ignored\n"),
- name);
- }
- return;
-}
-
-MsgType
-fe_getauthsvc(char *PQerrormsg)
-{
- if (pg_authsvc < 0 || pg_authsvc >= n_authsvcs)
- {
- fe_setauthsvc(DEFAULT_CLIENT_AUTHSVC, PQerrormsg);
- if (pg_authsvc < 0 || pg_authsvc >= n_authsvcs)
- {
- /* Can only get here if DEFAULT_CLIENT_AUTHSVC is misdefined */
- return 0;
- }
- }
- return authsvcs[pg_authsvc].msgtype;
-}
/*
- * fe_getauthname -- returns a pointer to dynamic space containing whatever
+ * pg_fe_getauthname -- returns a pointer to dynamic space containing whatever
* name the user has authenticated to the system
- * if there is an error, return the error message in PQerrormsg
+ *
+ * if there is an error, return NULL with an error message in PQerrormsg
*/
char *
-fe_getauthname(char *PQerrormsg)
+pg_fe_getauthname(char *PQerrormsg)
{
+#ifdef KRB5
+ char *krb5_name = NULL;
+#endif
const char *name = NULL;
char *authn;
- MsgType authsvc;
#ifdef WIN32
char username[128];
struct passwd *pw = NULL;
#endif
- authsvc = fe_getauthsvc(PQerrormsg);
-
- /* this just guards against broken DEFAULT_CLIENT_AUTHSVC, see above */
- if (authsvc == 0)
- return NULL; /* leave original error message in place */
-
+ /*
+ * pglock_thread() really only needs to be called around
+ * pg_krb5_authname(), but some users are using configure
+ * --enable-thread-safety-force, so we might as well do the locking within
+ * our library to protect pqGetpwuid(). In fact, application developers
+ * can use getpwuid() in their application if they use the locking call we
+ * provide, or install their own locking function using
+ * PQregisterThreadLock().
+ */
pglock_thread();
#ifdef KRB5
- if (authsvc == STARTUP_KRB5_MSG)
- name = pg_krb5_authname(PQerrormsg);
+ /* pg_krb5_authname gives us a strdup'd value that we need
+ * to free later, however, we don't want to free 'name' directly
+ * in case it's *not* a Kerberos login and we fall through to
+ * name = pw->pw_name; */
+ krb5_name = pg_krb5_authname(PQerrormsg);
+ name = krb5_name;
#endif
- if (authsvc == STARTUP_MSG
- || (authsvc == STARTUP_KRB5_MSG && !name))
+ if (!name)
{
#ifdef WIN32
if (GetUserName(username, &namesize))
#endif
}
- if (authsvc != STARTUP_MSG && authsvc != STARTUP_KRB5_MSG)
- snprintf(PQerrormsg, PQERRORMSG_LENGTH,
- libpq_gettext("fe_getauthname: invalid authentication system: %d\n"),
- authsvc);
-
authn = name ? strdup(name) : NULL;
+#ifdef KRB5
+ /* Free the strdup'd string from pg_krb5_authname, if we got one */
+ if (krb5_name)
+ free(krb5_name);
+#endif
+
pgunlock_thread();
return authn;
}
+
+
+/*
+ * PQencryptPassword -- exported routine to encrypt a password
+ *
+ * This is intended to be used by client applications that wish to send
+ * commands like ALTER USER joe PASSWORD 'pwd'. The password need not
+ * be sent in cleartext if it is encrypted on the client side. This is
+ * good because it ensures the cleartext password won't end up in logs,
+ * pg_stat displays, etc. We export the function so that clients won't
+ * be dependent on low-level details like whether the enceyption is MD5
+ * or something else.
+ *
+ * Arguments are the cleartext password, and the SQL name of the user it
+ * is for.
+ *
+ * Return value is a malloc'd string, or NULL if out-of-memory. The client
+ * may assume the string doesn't contain any special characters that would
+ * require escaping.
+ */
+char *
+PQencryptPassword(const char *passwd, const char *user)
+{
+ char *crypt_pwd;
+
+ crypt_pwd = malloc(MD5_PASSWD_LEN + 1);
+ if (!crypt_pwd)
+ return NULL;
+
+ if (!pg_md5_encrypt(passwd, user, strlen(user), crypt_pwd))
+ {
+ free(crypt_pwd);
+ return NULL;
+ }
+
+ return crypt_pwd;
+}