3636 * Global authentication functions
3737 *----------------------------------------------------------------
3838 */
39- static void sendAuthRequest (Port * port , AuthRequest areq );
39+ static void sendAuthRequest (Port * port , AuthRequest areq , char * extradata ,
40+ int extralen );
4041static void auth_failed (Port * port , int status , char * logdetail );
4142static char * recv_password_packet (Port * port );
4243static int recv_and_check_password_packet (Port * port , char * * logdetail );
@@ -498,7 +499,7 @@ ClientAuthentication(Port *port)
498499
499500 case uaGSS :
500501#ifdef ENABLE_GSS
501- sendAuthRequest (port , AUTH_REQ_GSS );
502+ sendAuthRequest (port , AUTH_REQ_GSS , NULL , 0 );
502503 status = pg_GSS_recvauth (port );
503504#else
504505 Assert (false);
@@ -507,7 +508,7 @@ ClientAuthentication(Port *port)
507508
508509 case uaSSPI :
509510#ifdef ENABLE_SSPI
510- sendAuthRequest (port , AUTH_REQ_SSPI );
511+ sendAuthRequest (port , AUTH_REQ_SSPI , NULL , 0 );
511512 status = pg_SSPI_recvauth (port );
512513#else
513514 Assert (false);
@@ -531,12 +532,13 @@ ClientAuthentication(Port *port)
531532 ereport (FATAL ,
532533 (errcode (ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION ),
533534 errmsg ("MD5 authentication is not supported when \"db_user_namespace\" is enabled" )));
534- sendAuthRequest (port , AUTH_REQ_MD5 );
535+ /* include the salt to use for computing the response */
536+ sendAuthRequest (port , AUTH_REQ_MD5 , port -> md5Salt , 4 );
535537 status = recv_and_check_password_packet (port , & logdetail );
536538 break ;
537539
538540 case uaPassword :
539- sendAuthRequest (port , AUTH_REQ_PASSWORD );
541+ sendAuthRequest (port , AUTH_REQ_PASSWORD , NULL , 0 );
540542 status = recv_and_check_password_packet (port , & logdetail );
541543 break ;
542544
@@ -583,7 +585,7 @@ ClientAuthentication(Port *port)
583585 (* ClientAuthentication_hook ) (port , status );
584586
585587 if (status == STATUS_OK )
586- sendAuthRequest (port , AUTH_REQ_OK );
588+ sendAuthRequest (port , AUTH_REQ_OK , NULL , 0 );
587589 else
588590 auth_failed (port , status , logdetail );
589591}
@@ -593,36 +595,16 @@ ClientAuthentication(Port *port)
593595 * Send an authentication request packet to the frontend.
594596 */
595597static void
596- sendAuthRequest (Port * port , AuthRequest areq )
598+ sendAuthRequest (Port * port , AuthRequest areq , char * extradata , int extralen )
597599{
598600 StringInfoData buf ;
599601
600602 CHECK_FOR_INTERRUPTS ();
601603
602604 pq_beginmessage (& buf , 'R' );
603605 pq_sendint (& buf , (int32 ) areq , sizeof (int32 ));
604-
605- /* Add the salt for encrypted passwords. */
606- if (areq == AUTH_REQ_MD5 )
607- pq_sendbytes (& buf , port -> md5Salt , 4 );
608-
609- #if defined(ENABLE_GSS ) || defined(ENABLE
ED4F
_SSPI )
610-
611- /*
612- * Add the authentication data for the next step of the GSSAPI or SSPI
613- * negotiation.
614- */
615- else if (areq == AUTH_REQ_GSS_CONT )
616- {
617- if (port -> gss -> outbuf .length > 0 )
618- {
619- elog (DEBUG4 , "sending GSS token of length %u" ,
620- (unsigned int ) port -> gss -> outbuf .length );
621-
622- pq_sendbytes (& buf , port -> gss -> outbuf .value , port -> gss -> outbuf .length );
623- }
624- }
625- #endif
606+ if (extralen > 0 )
607+ pq_sendbytes (& buf , extradata , extralen );
626608
627609 pq_endmessage (& buf );
628610
@@ -934,7 +916,8 @@ pg_GSS_recvauth(Port *port)
934916 elog (DEBUG4 , "sending GSS response token of length %u" ,
935917 (unsigned int ) port -> gss -> outbuf .length );
936918
937- sendAuthRequest (port , AUTH_REQ_GSS_CONT );
919+ sendAuthRequest (port , AUTH_REQ_GSS_CONT ,
920+ port -> gss -> outbuf .value , port -> gss -> outbuf .length );
938921
939922 gss_release_buffer (& lmin_s , & port -> gss -> outbuf );
940923 }
@@ -1179,7 +1162,8 @@ pg_SSPI_recvauth(Port *port)
11791162 port -> gss -> outbuf .length = outbuf .pBuffers [0 ].cbBuffer ;
11801163 port -> gss -> outbuf .value = outbuf .pBuffers [0 ].pvBuffer ;
11811164
1182- sendAuthRequest (port , AUTH_REQ_GSS_CONT );
1165+ sendAuthRequest (port , AUTH_REQ_GSS_CONT ,
1166+ port -> gss -> outbuf .value , port -> gss -> outbuf .length );
11831167
11841168 FreeContextBuffer (outbuf .pBuffers [0 ].pvBuffer );
11851169 }
@@ -1807,7 +1791,7 @@ pam_passwd_conv_proc(int num_msg, const struct pam_message ** msg,
18071791 * let's go ask the client to send a password, which we
18081792 * then stuff into PAM.
18091793 */
1810- sendAuthRequest (pam_port_cludge , AUTH_REQ_PASSWORD );
1794+ sendAuthRequest (pam_port_cludge , AUTH_REQ_PASSWORD , NULL , 0 );
18111795 passwd = recv_password_packet (pam_port_cludge );
18121796 if (passwd == NULL )
18131797 {
@@ -2137,7 +2121,7 @@ CheckLDAPAuth(Port *port)
21372121 if (port -> hba -> ldapport == 0 )
21382122 port -> hba -> ldapport = LDAP_PORT ;
21392123
2140- sendAuthRequest (port , AUTH_REQ_PASSWORD );
2124+ sendAuthRequest (port , AUTH_REQ_PASSWORD , NULL , 0 );
21412125
21422126 passwd = recv_password_packet (port );
21432127 if (passwd == NULL )
@@ -2497,7 +2481,7 @@ CheckRADIUSAuth(Port *port)
24972481 identifier = port -> hba -> radiusidentifier ;
24982482
24992483 /* Send regular password request to client, and get the response */
2500- sendAuthRequest (port , AUTH_REQ_PASSWORD );
2484+ sendAuthRequest (port , AUTH_REQ_PASSWORD , NULL , 0 );
25012485
25022486 passwd = recv_password_packet (port );
25032487 if (passwd == NULL )
0 commit comments