1996-07-09 08:22:35 +02:00
|
|
|
/*-------------------------------------------------------------------------
|
|
|
|
*
|
1999-02-14 00:22:53 +01:00
|
|
|
* auth.c
|
1997-09-07 07:04:48 +02:00
|
|
|
* Routines to handle network authentication
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
2000-01-26 06:58:53 +01:00
|
|
|
* Portions Copyright (c) 1996-2000, PostgreSQL, Inc
|
|
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
|
|
|
*
|
|
|
|
* IDENTIFICATION
|
2000-05-27 05:58:20 +02:00
|
|
|
* $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.46 2000/05/27 03:58:19 momjian Exp $
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
|
|
|
*-------------------------------------------------------------------------
|
|
|
|
*/
|
|
|
|
/*
|
|
|
|
* INTERFACE ROUTINES
|
|
|
|
*
|
1997-09-07 07:04:48 +02:00
|
|
|
* backend (postmaster) routines:
|
|
|
|
* be_recvauth receive authentication information
|
1996-07-09 08:22:35 +02:00
|
|
|
*/
|
1997-09-07 07:04:48 +02:00
|
|
|
#include <sys/param.h> /* for MAXHOSTNAMELEN on most */
|
1996-10-13 06:50:27 +02:00
|
|
|
#ifndef MAXHOSTNAMELEN
|
1997-09-07 07:04:48 +02:00
|
|
|
#include <netdb.h> /* for MAXHOSTNAMELEN on some */
|
1996-10-13 06:50:27 +02:00
|
|
|
#endif
|
1996-07-09 08:22:35 +02:00
|
|
|
#include <pwd.h>
|
1997-09-07 07:04:48 +02:00
|
|
|
#include <ctype.h> /* isspace() declaration */
|
1996-07-09 08:22:35 +02:00
|
|
|
|
1997-09-07 07:04:48 +02:00
|
|
|
#include <sys/types.h> /* needed by in.h on Ultrix */
|
1996-07-09 08:22:35 +02:00
|
|
|
#include <netinet/in.h>
|
|
|
|
#include <arpa/inet.h>
|
1996-10-31 11:37:53 +01:00
|
|
|
|
1999-07-16 01:04:24 +02:00
|
|
|
#include "postgres.h"
|
1996-10-31 11:37:53 +01:00
|
|
|
|
1999-07-16 01:04:24 +02:00
|
|
|
#include "libpq/auth.h"
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "libpq/crypt.h"
|
1999-07-16 01:04:24 +02:00
|
|
|
#include "libpq/hba.h"
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "libpq/libpq.h"
|
1999-07-16 01:04:24 +02:00
|
|
|
#include "libpq/password.h"
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "miscadmin.h"
|
1996-07-09 08:22:35 +02:00
|
|
|
|
1998-07-09 05:29:11 +02:00
|
|
|
static void sendAuthRequest(Port *port, AuthRequest areq, PacketDoneProc handler);
|
|
|
|
static int handle_done_auth(void *arg, PacketLen len, void *pkt);
|
|
|
|
static int handle_krb4_auth(void *arg, PacketLen len, void *pkt);
|
|
|
|
static int handle_krb5_auth(void *arg, PacketLen len, void *pkt);
|
|
|
|
static int handle_password_auth(void *arg, PacketLen len, void *pkt);
|
|
|
|
static int readPasswordPacket(void *arg, PacketLen len, void *pkt);
|
|
|
|
static int pg_passwordv0_recvauth(void *arg, PacketLen len, void *pkt);
|
1998-02-26 05:46:47 +01:00
|
|
|
static int checkPassword(Port *port, char *user, char *password);
|
|
|
|
static int old_be_recvauth(Port *port);
|
|
|
|
static int map_old_to_new(Port *port, UserAuth old, int status);
|
2000-04-12 19:17:23 +02:00
|
|
|
static void auth_failed(Port *port);
|
1996-07-09 08:22:35 +02:00
|
|
|
|
|
|
|
|
|
|
|
#ifdef KRB4
|
1996-10-12 09:47:12 +02:00
|
|
|
/* This has to be ifdef'd out because krb.h does exist. This needs
|
|
|
|
to be fixed.
|
|
|
|
*/
|
1996-07-09 08:22:35 +02:00
|
|
|
/*----------------------------------------------------------------
|
|
|
|
* MIT Kerberos authentication system - protocol version 4
|
|
|
|
*----------------------------------------------------------------
|
|
|
|
*/
|
|
|
|
|
1999-07-16 01:04:24 +02:00
|
|
|
#include "krb.h"
|
1996-07-09 08:22:35 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
* pg_krb4_recvauth -- server routine to receive authentication information
|
1997-09-07 07:04:48 +02:00
|
|
|
* from the client
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
|
|
|
* Nothing unusual here, except that we compare the username obtained from
|
|
|
|
* the client's setup packet to the authenticated name. (We have to retain
|
|
|
|
* the name in the setup packet since we have to retain the ability to handle
|
|
|
|
* unauthenticated connections.)
|
|
|
|
*/
|
|
|
|
static int
|
1998-01-27 04:11:46 +01:00
|
|
|
pg_krb4_recvauth(Port *port)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
1999-05-25 18:15:34 +02:00
|
|
|
long krbopts = 0; /* one-way authentication */
|
|
|
|
KTEXT_ST clttkt;
|
|
|
|
char instance[INST_SZ + 1],
|
|
|
|
version[KRB_SENDAUTH_VLEN + 1];
|
|
|
|
AUTH_DAT auth_data;
|
|
|
|
Key_schedule key_sched;
|
|
|
|
int status;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
|
|
|
strcpy(instance, "*"); /* don't care, but arg gets expanded
|
|
|
|
* anyway */
|
|
|
|
status = krb_recvauth(krbopts,
|
1998-01-26 02:42:53 +01:00
|
|
|
port->sock,
|
1997-09-07 07:04:48 +02:00
|
|
|
&clttkt,
|
|
|
|
PG_KRB_SRVNAM,
|
|
|
|
instance,
|
1998-01-26 02:42:53 +01:00
|
|
|
&port->raddr.in,
|
|
|
|
&port->laddr.in,
|
1997-09-07 07:04:48 +02:00
|
|
|
&auth_data,
|
|
|
|
PG_KRB_SRVTAB,
|
|
|
|
key_sched,
|
|
|
|
version);
|
|
|
|
if (status != KSUCCESS)
|
|
|
|
{
|
1999-10-23 05:13:33 +02:00
|
|
|
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
|
|
|
|
"pg_krb4_recvauth: kerberos error: %s\n",
|
|
|
|
krb_err_txt[status]);
|
1997-09-07 07:04:48 +02:00
|
|
|
fputs(PQerrormsg, stderr);
|
|
|
|
pqdebug("%s", PQerrormsg);
|
1998-09-01 05:29:17 +02:00
|
|
|
return STATUS_ERROR;
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
|
|
|
if (strncmp(version, PG_KRB4_VERSION, KRB_SENDAUTH_VLEN))
|
|
|
|
{
|
1999-10-23 05:13:33 +02:00
|
|
|
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
|
|
|
|
"pg_krb4_recvauth: protocol version != \"%s\"\n",
|
|
|
|
PG_KRB4_VERSION);
|
1997-09-07 07:04:48 +02:00
|
|
|
fputs(PQerrormsg, stderr);
|
|
|
|
pqdebug("%s", PQerrormsg);
|
1998-09-01 05:29:17 +02:00
|
|
|
return STATUS_ERROR;
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
1998-01-26 02:42:53 +01:00
|
|
|
if (strncmp(port->user, auth_data.pname, SM_USER))
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
1999-10-23 05:13:33 +02:00
|
|
|
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
|
1999-05-25 18:15:34 +02:00
|
|
|
"pg_krb4_recvauth: name \"%s\" != \"%s\"\n",
|
|
|
|
port->user, auth_data.pname);
|
1997-09-07 07:04:48 +02:00
|
|
|
fputs(PQerrormsg, stderr);
|
|
|
|
pqdebug("%s", PQerrormsg);
|
1998-09-01 05:29:17 +02:00
|
|
|
return STATUS_ERROR;
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
1998-09-01 05:29:17 +02:00
|
|
|
return STATUS_OK;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
1996-10-12 09:47:12 +02:00
|
|
|
#else
|
|
|
|
static int
|
1998-01-26 02:42:53 +01:00
|
|
|
pg_krb4_recvauth(Port *port)
|
1996-10-12 09:47:12 +02:00
|
|
|
{
|
1999-10-23 05:13:33 +02:00
|
|
|
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
|
2000-04-12 19:17:23 +02:00
|
|
|
"pg_krb4_recvauth: Kerberos not implemented on this server.\n");
|
1997-09-07 07:04:48 +02:00
|
|
|
fputs(PQerrormsg, stderr);
|
|
|
|
pqdebug("%s", PQerrormsg);
|
1996-10-12 09:47:12 +02:00
|
|
|
|
1998-09-01 05:29:17 +02:00
|
|
|
return STATUS_ERROR;
|
1996-10-12 09:47:12 +02:00
|
|
|
}
|
1997-09-07 07:04:48 +02:00
|
|
|
|
1998-09-01 06:40:42 +02:00
|
|
|
#endif /* KRB4 */
|
1996-07-09 08:22:35 +02:00
|
|
|
|
1996-10-12 09:47:12 +02:00
|
|
|
|
1996-07-09 08:22:35 +02:00
|
|
|
#ifdef KRB5
|
1996-10-12 09:47:12 +02:00
|
|
|
/* This needs to be ifdef'd out because krb5.h doesn't exist. This needs
|
|
|
|
to be fixed.
|
|
|
|
*/
|
1996-07-09 08:22:35 +02:00
|
|
|
/*----------------------------------------------------------------
|
|
|
|
* MIT Kerberos authentication system - protocol version 5
|
|
|
|
*----------------------------------------------------------------
|
|
|
|
*/
|
|
|
|
|
2000-05-27 05:58:20 +02:00
|
|
|
#include "krb5/krb5.h"
|
1996-07-09 08:22:35 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
* pg_an_to_ln -- return the local name corresponding to an authentication
|
1997-09-07 07:04:48 +02:00
|
|
|
* name
|
1996-07-09 08:22:35 +02:00
|
|
|
*
|
|
|
|
* XXX Assumes that the first aname component is the user name. This is NOT
|
1997-09-07 07:04:48 +02:00
|
|
|
* necessarily so, since an aname can actually be something out of your
|
|
|
|
* worst X.400 nightmare, like
|
|
|
|
* ORGANIZATION=U. C. Berkeley/NAME=Paul M. Aoki@CS.BERKELEY.EDU
|
|
|
|
* Note that the MIT an_to_ln code does the same thing if you don't
|
|
|
|
* provide an aname mapping database...it may be a better idea to use
|
|
|
|
* krb5_an_to_ln, except that it punts if multiple components are found,
|
|
|
|
* and we can't afford to punt.
|
1996-07-09 08:22:35 +02:00
|
|
|
*/
|
1997-09-08 04:41:22 +02:00
|
|
|
static char *
|
1996-07-09 08:22:35 +02:00
|
|
|
pg_an_to_ln(char *aname)
|
|
|
|
{
|
1997-09-08 04:41:22 +02:00
|
|
|
char *p;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
|
|
|
if ((p = strchr(aname, '/')) || (p = strchr(aname, '@')))
|
|
|
|
*p = '\0';
|
1998-09-01 05:29:17 +02:00
|
|
|
return aname;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
2000-05-27 05:39:33 +02:00
|
|
|
/*
|
|
|
|
* pg_krb5_recvauth -- server routine to receive authentication information
|
|
|
|
* from the client
|
|
|
|
*
|
|
|
|
* We still need to compare the username obtained from the client's setup
|
|
|
|
* packet to the authenticated name, as described in pg_krb4_recvauth. This
|
|
|
|
* is a bit more problematic in v5, as described above in pg_an_to_ln.
|
|
|
|
*
|
2000-05-27 05:58:20 +02:00
|
|
|
* In addition, as described above in pg_krb5_sendauth, we still need to
|
|
|
|
* canonicalize the server name v4-style before constructing a principal
|
|
|
|
* from it. Again, this is kind of iffy.
|
|
|
|
*
|
|
|
|
* Finally, we need to tangle with the fact that v5 doesn't let you explicitly
|
|
|
|
* set server keytab file names -- you have to feed lower-level routines a
|
|
|
|
* function to retrieve the contents of a keytab, along with a single argument
|
|
|
|
* that allows them to open the keytab. We assume that a server keytab is
|
|
|
|
* always a real file so we can allow people to specify their own filenames.
|
|
|
|
* (This is important because the POSTGRES keytab needs to be readable by
|
|
|
|
* non-root users/groups; the v4 tools used to force you do dump a whole
|
|
|
|
* host's worth of keys into a file, effectively forcing you to use one file,
|
|
|
|
* but kdb5_edit allows you to select which principals to dump. Yay!)
|
2000-05-27 05:39:33 +02:00
|
|
|
*/
|
|
|
|
static int
|
|
|
|
pg_krb5_recvauth(Port *port)
|
|
|
|
{
|
2000-05-27 05:58:20 +02:00
|
|
|
char servbuf[MAXHOSTNAMELEN + 1 +
|
|
|
|
sizeof(PG_KRB_SRVNAM)];
|
|
|
|
char *hostp,
|
|
|
|
*kusername = (char *) NULL;
|
|
|
|
krb5_error_code code;
|
|
|
|
krb5_principal client,
|
|
|
|
server;
|
|
|
|
krb5_address sender_addr;
|
|
|
|
krb5_rdreq_key_proc keyproc = (krb5_rdreq_key_proc) NULL;
|
|
|
|
krb5_pointer keyprocarg = (krb5_pointer) NULL;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Set up server side -- since we have no ticket file to make this
|
|
|
|
* easy, we construct our own name and parse it. See note on
|
|
|
|
* canonicalization above.
|
|
|
|
*/
|
|
|
|
strcpy(servbuf, PG_KRB_SRVNAM);
|
|
|
|
*(hostp = servbuf + (sizeof(PG_KRB_SRVNAM) - 1)) = '/';
|
|
|
|
if (gethostname(++hostp, MAXHOSTNAMELEN) < 0)
|
|
|
|
strcpy(hostp, "localhost");
|
|
|
|
if (hostp = strchr(hostp, '.'))
|
|
|
|
*hostp = '\0';
|
|
|
|
if (code = krb5_parse_name(servbuf, &server))
|
|
|
|
{
|
2000-05-27 05:39:33 +02:00
|
|
|
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
|
2000-05-27 05:58:20 +02:00
|
|
|
"pg_krb5_recvauth: Kerberos error %d in krb5_parse_name\n", code);
|
|
|
|
com_err("pg_krb5_recvauth", code, "in krb5_parse_name");
|
2000-05-27 05:39:33 +02:00
|
|
|
return STATUS_ERROR;
|
2000-05-27 05:58:20 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* krb5_sendauth needs this to verify the address in the client
|
|
|
|
* authenticator.
|
|
|
|
*/
|
|
|
|
sender_addr.addrtype = port->raddr.in.sin_family;
|
|
|
|
sender_addr.length = sizeof(port->raddr.in.sin_addr);
|
|
|
|
sender_addr.contents = (krb5_octet *) & (port->raddr.in.sin_addr);
|
|
|
|
|
|
|
|
if (strcmp(PG_KRB_SRVTAB, ""))
|
|
|
|
{
|
|
|
|
keyproc = krb5_kt_read_service_key;
|
|
|
|
keyprocarg = PG_KRB_SRVTAB;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (code = krb5_recvauth((krb5_pointer) & port->sock,
|
|
|
|
PG_KRB5_VERSION,
|
|
|
|
server,
|
|
|
|
&sender_addr,
|
|
|
|
(krb5_pointer) NULL,
|
|
|
|
keyproc,
|
|
|
|
keyprocarg,
|
|
|
|
(char *) NULL,
|
|
|
|
(krb5_int32 *) NULL,
|
|
|
|
&client,
|
|
|
|
(krb5_ticket **) NULL,
|
|
|
|
(krb5_authenticator **) NULL))
|
|
|
|
{
|
|
|
|
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
|
|
|
|
"pg_krb5_recvauth: Kerberos error %d in krb5_recvauth\n", code);
|
|
|
|
com_err("pg_krb5_recvauth", code, "in krb5_recvauth");
|
|
|
|
krb5_free_principal(server);
|
|
|
|
return STATUS_ERROR;
|
|
|
|
}
|
|
|
|
krb5_free_principal(server);
|
1997-09-07 07:04:48 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
* The "client" structure comes out of the ticket and is therefore
|
|
|
|
* authenticated. Use it to check the username obtained from the
|
|
|
|
* postmaster startup packet.
|
|
|
|
*/
|
2000-05-27 05:58:20 +02:00
|
|
|
if ((code = krb5_unparse_name(client, &kusername)))
|
|
|
|
{
|
1999-10-23 05:13:33 +02:00
|
|
|
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
|
2000-05-27 05:58:20 +02:00
|
|
|
"pg_krb5_recvauth: Kerberos error %d in krb5_unparse_name\n", code);
|
|
|
|
com_err("pg_krb5_recvauth", code, "in krb5_unparse_name");
|
|
|
|
krb5_free_principal(client);
|
|
|
|
return STATUS_ERROR;
|
|
|
|
}
|
|
|
|
krb5_free_principal(client);
|
|
|
|
if (!kusername)
|
|
|
|
{
|
|
|
|
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
|
|
|
|
"pg_krb5_recvauth: could not decode username\n");
|
|
|
|
fputs(PQerrormsg, stderr);
|
|
|
|
pqdebug("%s", PQerrormsg);
|
1998-09-01 05:29:17 +02:00
|
|
|
return STATUS_ERROR;
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
|
|
|
kusername = pg_an_to_ln(kusername);
|
2000-05-27 05:58:20 +02:00
|
|
|
if (strncmp(username, kusername, SM_USER))
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
1999-10-23 05:13:33 +02:00
|
|
|
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
|
2000-05-27 05:58:20 +02:00
|
|
|
"pg_krb5_recvauth: name \"%s\" != \"%s\"\n", port->user, kusername);
|
|
|
|
fputs(PQerrormsg, stderr);
|
|
|
|
pqdebug("%s", PQerrormsg);
|
|
|
|
pfree(kusername);
|
|
|
|
return STATUS_ERROR;
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
2000-05-27 05:58:20 +02:00
|
|
|
pfree(kusername);
|
|
|
|
return STATUS_OK;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
1996-10-12 09:47:12 +02:00
|
|
|
#else
|
1996-07-09 08:22:35 +02:00
|
|
|
static int
|
1998-01-26 02:42:53 +01:00
|
|
|
pg_krb5_recvauth(Port *port)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
1999-10-23 05:13:33 +02:00
|
|
|
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
|
1999-05-25 18:15:34 +02:00
|
|
|
"pg_krb5_recvauth: Kerberos not implemented on this server.\n");
|
1997-09-07 07:04:48 +02:00
|
|
|
fputs(PQerrormsg, stderr);
|
|
|
|
pqdebug("%s", PQerrormsg);
|
1996-07-09 08:22:35 +02:00
|
|
|
|
1998-09-01 05:29:17 +02:00
|
|
|
return STATUS_ERROR;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
1997-09-07 07:04:48 +02:00
|
|
|
|
1998-09-01 06:40:42 +02:00
|
|
|
#endif /* KRB5 */
|
1996-07-09 08:22:35 +02:00
|
|
|
|
1998-01-26 02:42:53 +01:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Handle a v0 password packet.
|
|
|
|
*/
|
|
|
|
|
1998-07-09 05:29:11 +02:00
|
|
|
static int
|
|
|
|
pg_passwordv0_recvauth(void *arg, PacketLen len, void *pkt)
|
1997-03-12 22:23:16 +01:00
|
|
|
{
|
1998-02-26 05:46:47 +01:00
|
|
|
Port *port;
|
1998-01-26 02:42:53 +01:00
|
|
|
PasswordPacketV0 *pp;
|
1998-02-26 05:46:47 +01:00
|
|
|
char *user,
|
|
|
|
*password,
|
|
|
|
*cp,
|
|
|
|
*start;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
port = (Port *) arg;
|
|
|
|
pp = (PasswordPacketV0 *) pkt;
|
1998-01-26 02:42:53 +01:00
|
|
|
|
|
|
|
/*
|
|
|
|
* The packet is supposed to comprise the user name and the password
|
|
|
|
* as C strings. Be careful the check that this is the case.
|
|
|
|
*/
|
|
|
|
|
|
|
|
user = password = NULL;
|
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
len -= sizeof(pp->unused);
|
1998-01-26 02:42:53 +01:00
|
|
|
|
|
|
|
cp = start = pp->data;
|
|
|
|
|
1998-01-31 21:14:15 +01:00
|
|
|
while (len-- > 0)
|
|
|
|
if (*cp++ == '\0')
|
1998-01-26 02:42:53 +01:00
|
|
|
{
|
1998-01-31 21:14:15 +01:00
|
|
|
if (user == NULL)
|
|
|
|
user = start;
|
|
|
|
else
|
|
|
|
{
|
|
|
|
password = start;
|
|
|
|
break;
|
|
|
|
}
|
1998-01-26 02:42:53 +01:00
|
|
|
|
1998-01-31 21:14:15 +01:00
|
|
|
start = cp;
|
|
|
|
}
|
1998-01-26 02:42:53 +01:00
|
|
|
|
|
|
|
if (user == NULL || password == NULL)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
1999-10-23 05:13:33 +02:00
|
|
|
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
|
1999-05-25 18:15:34 +02:00
|
|
|
"pg_password_recvauth: badly formed password packet.\n");
|
1997-09-07 07:04:48 +02:00
|
|
|
fputs(PQerrormsg, stderr);
|
|
|
|
pqdebug("%s", PQerrormsg);
|
1998-01-26 02:42:53 +01:00
|
|
|
|
|
|
|
auth_failed(port);
|
1997-09-07 07:04:48 +02:00
|
|
|
}
|
1998-01-31 21:14:15 +01:00
|
|
|
else
|
|
|
|
{
|
1998-02-26 05:46:47 +01:00
|
|
|
int status;
|
|
|
|
UserAuth saved;
|
1998-01-31 21:14:15 +01:00
|
|
|
|
|
|
|
/* Check the password. */
|
|
|
|
|
|
|
|
saved = port->auth_method;
|
|
|
|
port->auth_method = uaPassword;
|
|
|
|
|
|
|
|
status = checkPassword(port, user, password);
|
|
|
|
|
|
|
|
port->auth_method = saved;
|
|
|
|
|
|
|
|
/* Adjust the result if necessary. */
|
|
|
|
|
|
|
|
if (map_old_to_new(port, uaPassword, status) != STATUS_OK)
|
|
|
|
auth_failed(port);
|
|
|
|
}
|
1998-07-09 05:29:11 +02:00
|
|
|
|
1998-09-01 05:29:17 +02:00
|
|
|
return STATUS_OK; /* don't close the connection yet */
|
1998-01-26 02:42:53 +01:00
|
|
|
}
|
1997-03-12 22:23:16 +01:00
|
|
|
|
|
|
|
|
1998-01-26 02:42:53 +01:00
|
|
|
/*
|
1999-04-16 06:59:03 +02:00
|
|
|
* Tell the user the authentication failed, but not (much about) why.
|
|
|
|
*
|
|
|
|
* There is a tradeoff here between security concerns and making life
|
|
|
|
* unnecessarily difficult for legitimate users. We would not, for example,
|
|
|
|
* want to report the password we were expecting to receive...
|
|
|
|
* But it seems useful to report the username and authorization method
|
|
|
|
* in use, and these are items that must be presumed known to an attacker
|
|
|
|
* anyway.
|
|
|
|
* Note that many sorts of failure report additional information in the
|
|
|
|
* postmaster log, which we hope is only readable by good guys.
|
1998-01-26 02:42:53 +01:00
|
|
|
*/
|
1997-03-12 22:23:16 +01:00
|
|
|
|
1999-05-26 14:57:23 +02:00
|
|
|
static void
|
1998-02-26 05:46:47 +01:00
|
|
|
auth_failed(Port *port)
|
1997-12-04 01:28:15 +01:00
|
|
|
{
|
1999-05-25 18:15:34 +02:00
|
|
|
char buffer[512];
|
1999-04-16 06:59:03 +02:00
|
|
|
const char *authmethod = "Unknown auth method:";
|
|
|
|
|
|
|
|
switch (port->auth_method)
|
|
|
|
{
|
|
|
|
case uaReject:
|
|
|
|
authmethod = "Rejected host:";
|
|
|
|
break;
|
|
|
|
case uaKrb4:
|
|
|
|
authmethod = "Kerberos4";
|
|
|
|
break;
|
|
|
|
case uaKrb5:
|
|
|
|
authmethod = "Kerberos5";
|
|
|
|
break;
|
|
|
|
case uaTrust:
|
|
|
|
authmethod = "Trusted";
|
|
|
|
break;
|
|
|
|
case uaIdent:
|
|
|
|
authmethod = "IDENT";
|
|
|
|
break;
|
|
|
|
case uaPassword:
|
|
|
|
authmethod = "Password";
|
|
|
|
break;
|
|
|
|
case uaCrypt:
|
|
|
|
authmethod = "Password";
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
sprintf(buffer, "%s authentication failed for user '%s'",
|
|
|
|
authmethod, port->user);
|
|
|
|
|
|
|
|
PacketSendError(&port->pktInfo, buffer);
|
1997-12-04 01:28:15 +01:00
|
|
|
}
|
|
|
|
|
1998-01-26 02:42:53 +01:00
|
|
|
|
1996-07-09 08:22:35 +02:00
|
|
|
/*
|
|
|
|
* be_recvauth -- server demux routine for incoming authentication information
|
|
|
|
*/
|
1998-02-26 05:46:47 +01:00
|
|
|
void
|
|
|
|
be_recvauth(Port *port)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
1998-02-26 05:46:47 +01:00
|
|
|
|
1997-09-07 07:04:48 +02:00
|
|
|
/*
|
1998-01-26 02:42:53 +01:00
|
|
|
* Get the authentication method to use for this frontend/database
|
1999-05-25 18:15:34 +02:00
|
|
|
* combination. Note: a failure return indicates a problem with the
|
|
|
|
* hba config file, not with the request. hba.c should have dropped
|
|
|
|
* an error message into the postmaster logfile if it failed.
|
1997-09-07 07:04:48 +02:00
|
|
|
*/
|
1998-01-26 02:42:53 +01:00
|
|
|
|
2000-04-12 19:17:23 +02:00
|
|
|
if (hba_getauthmethod(port) != STATUS_OK)
|
1999-04-16 06:59:03 +02:00
|
|
|
PacketSendError(&port->pktInfo,
|
|
|
|
"Missing or erroneous pg_hba.conf file, see postmaster log for details");
|
1997-09-07 07:04:48 +02:00
|
|
|
|
1998-01-29 04:24:36 +01:00
|
|
|
else if (PG_PROTOCOL_MAJOR(port->proto) == 0)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
1998-01-29 04:24:36 +01:00
|
|
|
/* Handle old style authentication. */
|
|
|
|
|
1998-01-26 02:42:53 +01:00
|
|
|
if (old_be_recvauth(port) != STATUS_OK)
|
|
|
|
auth_failed(port);
|
1997-03-12 22:23:16 +01:00
|
|
|
}
|
1998-01-29 04:24:36 +01:00
|
|
|
else
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
1998-01-29 04:24:36 +01:00
|
|
|
/* Handle new style authentication. */
|
|
|
|
|
1999-05-25 18:15:34 +02:00
|
|
|
AuthRequest areq = AUTH_REQ_OK;
|
|
|
|
PacketDoneProc auth_handler = NULL;
|
2000-04-12 19:17:23 +02:00
|
|
|
|
1998-01-29 04:24:36 +01:00
|
|
|
switch (port->auth_method)
|
1998-01-26 02:42:53 +01:00
|
|
|
{
|
1998-02-26 05:46:47 +01:00
|
|
|
case uaReject:
|
1999-05-25 18:15:34 +02:00
|
|
|
|
1999-04-16 06:59:03 +02:00
|
|
|
/*
|
1999-05-25 18:15:34 +02:00
|
|
|
* This could have come from an explicit "reject" entry in
|
|
|
|
* pg_hba.conf, but more likely it means there was no
|
|
|
|
* matching entry. Take pity on the poor user and issue a
|
|
|
|
* helpful error message. NOTE: this is not a security
|
|
|
|
* breach, because all the info reported here is known at
|
|
|
|
* the frontend and must be assumed known to bad guys.
|
1999-04-16 06:59:03 +02:00
|
|
|
* We're merely helping out the less clueful good guys.
|
|
|
|
* NOTE 2: libpq-be.h defines the maximum error message
|
|
|
|
* length as 99 characters. It probably wouldn't hurt
|
1999-05-25 18:15:34 +02:00
|
|
|
* anything to increase it, but there might be some client
|
|
|
|
* out there that will fail. So, be terse.
|
1999-04-16 06:59:03 +02:00
|
|
|
*/
|
|
|
|
{
|
1999-05-25 18:15:34 +02:00
|
|
|
char buffer[512];
|
1999-04-16 06:59:03 +02:00
|
|
|
const char *hostinfo = "localhost";
|
|
|
|
|
|
|
|
if (port->raddr.sa.sa_family == AF_INET)
|
|
|
|
hostinfo = inet_ntoa(port->raddr.in.sin_addr);
|
|
|
|
sprintf(buffer,
|
|
|
|
"No pg_hba.conf entry for host %s, user %s, database %s",
|
|
|
|
hostinfo, port->user, port->database);
|
|
|
|
PacketSendError(&port->pktInfo, buffer);
|
|
|
|
return;
|
|
|
|
}
|
1998-02-26 05:46:47 +01:00
|
|
|
break;
|
1998-01-26 02:42:53 +01:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
case uaKrb4:
|
|
|
|
areq = AUTH_REQ_KRB4;
|
|
|
|
auth_handler = handle_krb4_auth;
|
|
|
|
break;
|
1998-01-26 02:42:53 +01:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
case uaKrb5:
|
|
|
|
areq = AUTH_REQ_KRB5;
|
|
|
|
auth_handler = handle_krb5_auth;
|
|
|
|
break;
|
1998-01-26 02:42:53 +01:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
case uaTrust:
|
1998-01-29 04:24:36 +01:00
|
|
|
areq = AUTH_REQ_OK;
|
|
|
|
auth_handler = handle_done_auth;
|
1998-02-26 05:46:47 +01:00
|
|
|
break;
|
1998-01-26 02:42:53 +01:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
case uaIdent:
|
|
|
|
if (authident(&port->raddr.in, &port->laddr.in,
|
|
|
|
port->user, port->auth_arg) == STATUS_OK)
|
|
|
|
{
|
|
|
|
areq = AUTH_REQ_OK;
|
|
|
|
auth_handler = handle_done_auth;
|
|
|
|
}
|
1998-01-26 02:42:53 +01:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
break;
|
1998-01-29 04:24:36 +01:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
case uaPassword:
|
|
|
|
areq = AUTH_REQ_PASSWORD;
|
|
|
|
auth_handler = handle_password_auth;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case uaCrypt:
|
|
|
|
areq = AUTH_REQ_CRYPT;
|
|
|
|
auth_handler = handle_password_auth;
|
|
|
|
break;
|
|
|
|
}
|
1998-01-29 04:24:36 +01:00
|
|
|
|
|
|
|
/* Tell the frontend what we want next. */
|
|
|
|
|
|
|
|
if (auth_handler != NULL)
|
|
|
|
sendAuthRequest(port, areq, auth_handler);
|
|
|
|
else
|
|
|
|
auth_failed(port);
|
|
|
|
}
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
1998-02-26 05:46:47 +01:00
|
|
|
|
1996-07-09 08:22:35 +02:00
|
|
|
|
|
|
|
/*
|
1998-01-26 02:42:53 +01:00
|
|
|
* Send an authentication request packet to the frontend.
|
1996-07-09 08:22:35 +02:00
|
|
|
*/
|
1998-01-26 02:42:53 +01:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
static void
|
1998-07-09 05:29:11 +02:00
|
|
|
sendAuthRequest(Port *port, AuthRequest areq, PacketDoneProc handler)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
1998-02-26 05:46:47 +01:00
|
|
|
char *dp,
|
|
|
|
*sp;
|
|
|
|
int i;
|
|
|
|
uint32 net_areq;
|
1997-09-07 07:04:48 +02:00
|
|
|
|
1998-01-26 02:42:53 +01:00
|
|
|
/* Convert to a byte stream. */
|
|
|
|
|
|
|
|
net_areq = htonl(areq);
|
|
|
|
|
|
|
|
dp = port->pktInfo.pkt.ar.data;
|
1998-02-26 05:46:47 +01:00
|
|
|
sp = (char *) &net_areq;
|
1998-01-26 02:42:53 +01:00
|
|
|
|
|
|
|
*dp++ = 'R';
|
|
|
|
|
|
|
|
for (i = 1; i <= 4; ++i)
|
|
|
|
*dp++ = *sp++;
|
|
|
|
|
|
|
|
/* Add the salt for encrypted passwords. */
|
|
|
|
|
|
|
|
if (areq == AUTH_REQ_CRYPT)
|
1997-09-07 07:04:48 +02:00
|
|
|
{
|
1998-01-26 02:42:53 +01:00
|
|
|
*dp++ = port->salt[0];
|
|
|
|
*dp++ = port->salt[1];
|
|
|
|
i += 2;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
1998-01-26 02:42:53 +01:00
|
|
|
|
1998-07-09 05:29:11 +02:00
|
|
|
PacketSendSetup(&port->pktInfo, i, handler, (void *) port);
|
1998-01-26 02:42:53 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Called when we have told the front end that it is authorised.
|
|
|
|
*/
|
|
|
|
|
1998-07-09 05:29:11 +02:00
|
|
|
static int
|
|
|
|
handle_done_auth(void *arg, PacketLen len, void *pkt)
|
1998-01-26 02:42:53 +01:00
|
|
|
{
|
1998-02-26 05:46:47 +01:00
|
|
|
|
1998-01-26 02:42:53 +01:00
|
|
|
/*
|
|
|
|
* Don't generate any more traffic. This will cause the backend to
|
|
|
|
* start.
|
|
|
|
*/
|
|
|
|
|
1998-07-09 05:29:11 +02:00
|
|
|
return STATUS_OK;
|
1998-01-26 02:42:53 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Called when we have told the front end that it should use Kerberos V4
|
|
|
|
* authentication.
|
|
|
|
*/
|
|
|
|
|
1998-07-09 05:29:11 +02:00
|
|
|
static int
|
|
|
|
handle_krb4_auth(void *arg, PacketLen len, void *pkt)
|
1998-01-26 02:42:53 +01:00
|
|
|
{
|
1998-07-09 05:29:11 +02:00
|
|
|
Port *port = (Port *) arg;
|
|
|
|
|
1998-01-26 02:42:53 +01:00
|
|
|
if (pg_krb4_recvauth(port) != STATUS_OK)
|
|
|
|
auth_failed(port);
|
|
|
|
else
|
|
|
|
sendAuthRequest(port, AUTH_REQ_OK, handle_done_auth);
|
1998-07-09 05:29:11 +02:00
|
|
|
|
|
|
|
return STATUS_OK;
|
1998-01-26 02:42:53 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Called when we have told the front end that it should use Kerberos V5
|
|
|
|
* authentication.
|
|
|
|
*/
|
|
|
|
|
1998-07-09 05:29:11 +02:00
|
|
|
static int
|
|
|
|
handle_krb5_auth(void *arg, PacketLen len, void *pkt)
|
1998-01-26 02:42:53 +01:00
|
|
|
{
|
1998-07-09 05:29:11 +02:00
|
|
|
Port *port = (Port *) arg;
|
|
|
|
|
1998-01-26 02:42:53 +01:00
|
|
|
if (pg_krb5_recvauth(port) != STATUS_OK)
|
|
|
|
auth_failed(port);
|
|
|
|
else
|
|
|
|
sendAuthRequest(port, AUTH_REQ_OK, handle_done_auth);
|
1998-07-09 05:29:11 +02:00
|
|
|
|
|
|
|
return STATUS_OK;
|
1998-01-26 02:42:53 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Called when we have told the front end that it should use password
|
|
|
|
* authentication.
|
|
|
|
*/
|
|
|
|
|
1998-07-09 05:29:11 +02:00
|
|
|
static int
|
|
|
|
handle_password_auth(void *arg, PacketLen len, void *pkt)
|
1998-01-26 02:42:53 +01:00
|
|
|
{
|
1998-07-09 05:29:11 +02:00
|
|
|
Port *port = (Port *) arg;
|
|
|
|
|
1998-01-26 02:42:53 +01:00
|
|
|
/* Set up the read of the password packet. */
|
|
|
|
|
1998-07-09 05:29:11 +02:00
|
|
|
PacketReceiveSetup(&port->pktInfo, readPasswordPacket, (void *) port);
|
|
|
|
|
|
|
|
return STATUS_OK;
|
1998-01-26 02:42:53 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Called when we have received the password packet.
|
|
|
|
*/
|
|
|
|
|
1998-07-09 05:29:11 +02:00
|
|
|
static int
|
|
|
|
readPasswordPacket(void *arg, PacketLen len, void *pkt)
|
1998-01-26 02:42:53 +01:00
|
|
|
{
|
1998-02-26 05:46:47 +01:00
|
|
|
char password[sizeof(PasswordPacket) + 1];
|
1998-07-09 05:29:11 +02:00
|
|
|
Port *port = (Port *) arg;
|
1998-01-26 02:42:53 +01:00
|
|
|
|
|
|
|
/* Silently truncate a password that is too big. */
|
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
if (len > sizeof(PasswordPacket))
|
|
|
|
len = sizeof(PasswordPacket);
|
|
|
|
|
|
|
|
StrNCpy(password, ((PasswordPacket *) pkt)->passwd, len);
|
1998-01-26 02:42:53 +01:00
|
|
|
|
1998-01-31 21:14:15 +01:00
|
|
|
if (checkPassword(port, port->user, password) != STATUS_OK)
|
1998-01-26 02:42:53 +01:00
|
|
|
auth_failed(port);
|
|
|
|
else
|
|
|
|
sendAuthRequest(port, AUTH_REQ_OK, handle_done_auth);
|
1998-07-09 05:29:11 +02:00
|
|
|
|
1998-09-01 05:29:17 +02:00
|
|
|
return STATUS_OK; /* don't close the connection yet */
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|
|
|
|
|
1998-01-26 02:42:53 +01:00
|
|
|
|
1998-01-31 21:14:15 +01:00
|
|
|
/*
|
|
|
|
* Use the local flat password file if clear passwords are used and the file is
|
1998-02-25 14:09:49 +01:00
|
|
|
* specified. Otherwise use the password in the pg_shadow table, encrypted or
|
1998-01-31 21:14:15 +01:00
|
|
|
* not.
|
|
|
|
*/
|
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
static int
|
|
|
|
checkPassword(Port *port, char *user, char *password)
|
1998-01-31 21:14:15 +01:00
|
|
|
{
|
|
|
|
if (port->auth_method == uaPassword && port->auth_arg[0] != '\0')
|
|
|
|
return verify_password(port->auth_arg, user, password);
|
|
|
|
|
|
|
|
return crypt_verify(port, user, password);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
1998-01-26 02:42:53 +01:00
|
|
|
/*
|
|
|
|
* Server demux routine for incoming authentication information for protocol
|
|
|
|
* version 0.
|
|
|
|
*/
|
1998-02-26 05:46:47 +01:00
|
|
|
static int
|
|
|
|
old_be_recvauth(Port *port)
|
1996-07-09 08:22:35 +02:00
|
|
|
{
|
1998-02-26 05:46:47 +01:00
|
|
|
int status;
|
|
|
|
MsgType msgtype = (MsgType) port->proto;
|
1998-01-26 02:42:53 +01:00
|
|
|
|
|
|
|
/* Handle the authentication that's offered. */
|
|
|
|
|
|
|
|
switch (msgtype)
|
1998-02-26 05:46:47 +01:00
|
|
|
{
|
|
|
|
case STARTUP_KRB4_MSG:
|
|
|
|
status = map_old_to_new(port, uaKrb4, pg_krb4_recvauth(port));
|
|
|
|
break;
|
1998-01-26 02:42:53 +01:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
case STARTUP_KRB5_MSG:
|
|
|
|
status = map_old_to_new(port, uaKrb5, pg_krb5_recvauth(port));
|
|
|
|
break;
|
1998-01-26 02:42:53 +01:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
case STARTUP_MSG:
|
|
|
|
status = map_old_to_new(port, uaTrust, STATUS_OK);
|
|
|
|
break;
|
1998-01-26 02:42:53 +01:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
case STARTUP_PASSWORD_MSG:
|
|
|
|
PacketReceiveSetup(&port->pktInfo, pg_passwordv0_recvauth,
|
1998-07-09 05:29:11 +02:00
|
|
|
(void *) port);
|
1997-09-07 07:04:48 +02:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
return STATUS_OK;
|
1998-01-26 02:42:53 +01:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
default:
|
|
|
|
fprintf(stderr, "Invalid startup message type: %u\n", msgtype);
|
1998-01-26 02:42:53 +01:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
return STATUS_OK;
|
|
|
|
}
|
1998-01-26 02:42:53 +01:00
|
|
|
|
|
|
|
return status;
|
|
|
|
}
|
1998-02-26 05:46:47 +01:00
|
|
|
|
1998-01-26 02:42:53 +01:00
|
|
|
|
|
|
|
/*
|
1998-02-26 05:46:47 +01:00
|
|
|
* The old style authentication has been done. Modify the result of this (eg.
|
1998-01-26 02:42:53 +01:00
|
|
|
* allow the connection anyway, disallow it anyway, or use the result)
|
|
|
|
* depending on what authentication we really want to use.
|
|
|
|
*/
|
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
static int
|
|
|
|
map_old_to_new(Port *port, UserAuth old, int status)
|
1998-01-26 02:42:53 +01:00
|
|
|
{
|
|
|
|
switch (port->auth_method)
|
|
|
|
{
|
1998-02-26 05:46:47 +01:00
|
|
|
case uaCrypt:
|
|
|
|
case uaReject:
|
1998-01-26 02:42:53 +01:00
|
|
|
status = STATUS_ERROR;
|
1998-02-26 05:46:47 +01:00
|
|
|
break;
|
1998-01-26 02:42:53 +01:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
case uaKrb4:
|
|
|
|
if (old != uaKrb4)
|
|
|
|
status = STATUS_ERROR;
|
|
|
|
break;
|
1998-01-26 02:42:53 +01:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
case uaKrb5:
|
|
|
|
if (old != uaKrb5)
|
|
|
|
status = STATUS_ERROR;
|
|
|
|
break;
|
1998-01-26 02:42:53 +01:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
case uaTrust:
|
|
|
|
status = STATUS_OK;
|
|
|
|
break;
|
1998-01-26 02:42:53 +01:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
case uaIdent:
|
|
|
|
status = authident(&port->raddr.in, &port->laddr.in,
|
|
|
|
port->user, port->auth_arg);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case uaPassword:
|
|
|
|
if (old != uaPassword)
|
|
|
|
status = STATUS_ERROR;
|
1998-01-26 02:42:53 +01:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
break;
|
1998-01-26 02:42:53 +01:00
|
|
|
}
|
1998-02-26 05:46:47 +01:00
|
|
|
|
1998-01-26 02:42:53 +01:00
|
|
|
return status;
|
1996-07-09 08:22:35 +02:00
|
|
|
}
|