rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Further cleanup from the strong-random patch. 

Also use the new facility for generating RADIUS authenticator requests,
and salt in chkpass extension.

Reword the error messages to be nicer. Fix bogus error code used in the
message in BackendStartup.
This commit is contained in:
Heikki Linnakangas 2016-12-12 11:55:32 +02:00
parent 9bbbf029dd
commit 58445c5c8d
3 changed files with 13 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
contrib/chkpass/chkpass.c
View File

@ -17,6 +17,7 @@
#endif
#include "fmgr.h"
#include "utils/backend_random.h"
#include "utils/builtins.h"
PG_MODULE_MAGIC;
@ -77,8 +78,12 @@ chkpass_in(PG_FUNCTION_ARGS)
result = (chkpass *) palloc0(sizeof(chkpass));
mysalt[0] = salt_chars[random() & 0x3f];
mysalt[1] = salt_chars[random() & 0x3f];
if (!pg_backend_random(mysalt, 2))
ereport(ERROR,
(errmsg("could not generate random salt")));
mysalt[0] = salt_chars[mysalt[0] & 0x3f];
mysalt[1] = salt_chars[mysalt[1] & 0x3f];
mysalt[2] = 0; /* technically the terminator is not necessary
* but I like to play safe */

13
src/backend/libpq/auth.c
View File

@ -194,9 +194,6 @@ static int pg_SSPI_make_upn(char *accountname,
* RADIUS Authentication
*----------------------------------------------------------------
*/
#ifdef USE_OPENSSL
#include <openssl/rand.h>
#endif
static int CheckRADIUSAuth(Port *port);
@ -718,7 +715,7 @@ CheckMD5Auth(Port *port, char **logdetail)
if (!pg_backend_random(md5Salt, 4))
{
ereport(LOG,
(errmsg("could not acquire random number for MD5 salt.")));
(errmsg("could not generate random MD5 salt.")));
return STATUS_ERROR;
}
@ -2550,18 +2547,12 @@ CheckRADIUSAuth(Port *port)
/* Construct RADIUS packet */
packet->code = RADIUS_ACCESS_REQUEST;
packet->length = RADIUS_HEADER_LENGTH;
#ifdef USE_OPENSSL
if (RAND_bytes(packet->vector, RADIUS_VECTOR_LENGTH) != 1)
if (!pg_backend_random((char *) packet->vector, RADIUS_VECTOR_LENGTH))
{
ereport(LOG,
(errmsg("could not generate random encryption vector")));
return STATUS_ERROR;
}
#else
for (i = 0; i < RADIUS_VECTOR_LENGTH; i++)
/* Use a lower strengh random number of OpenSSL is not available */
packet->vector[i] = random() % 255;
#endif
packet->id = packet->vector[0];
radius_add_attribute(packet, RADIUS_SERVICE_TYPE, (unsigned char *) &service, sizeof(service));
radius_add_attribute(packet, RADIUS_USER_NAME, (unsigned char *) port->user_name, strlen(port->user_name));

8
src/backend/postmaster/postmaster.c
View File

@ -3903,8 +3903,8 @@ BackendStartup(Port *port)
{
free(bn);
ereport(LOG,
(errcode(ERRCODE_OUT_OF_MEMORY),
errmsg("could not acquire random number")));
(errcode(ERRCODE_INTERNAL_ERROR),
errmsg("could not generate random cancel key")));
return STATUS_ERROR;
}
@ -5288,7 +5288,7 @@ StartAutovacuumWorker(void)
{
ereport(LOG,
(errcode(ERRCODE_INTERNAL_ERROR),
errmsg("could not acquire random number")));
errmsg("could not generate random cancel key")));
return;
}
@ -5594,7 +5594,7 @@ assign_backendlist_entry(RegisteredBgWorker *rw)
{
ereport(LOG,
(errcode(ERRCODE_INTERNAL_ERROR),
errmsg("could not acquire random number")));
errmsg("could not generate random cancel key")));
rw->rw_crashed_at = GetCurrentTimestamp();
return false;