Skip to content

P
Postgres FD Implementation
Commit d5bbe2ac authored by Marc G. Fournier's avatar Marc G. Fournier
Browse files
Options

From: Phil Thompson <phil@river-bank.demon.co.uk> 

I've completed the patch to fix the protocol and authentication issues I
was discussing a couple of weeks ago.  The particular changes are:

- the protocol has a version number
- network byte order is used throughout
- the pg_hba.conf file is used to specify what method is used to
  authenticate a frontend (either password, ident, trust, reject, krb4
  or krb5)
- support for multiplexed backends is removed
- appropriate changes to man pages
- the -a switch to many programs to specify an authentication service
  no longer has any effect
- the libpq.so version number has changed to 1.1

The new backend still supports the old protocol so old interfaces won't
break.
parent 91d983aa
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 1571 additions and 2248 deletions
src/backend/libpq/auth.c
View file @ d5bbe2ac
This diff is collapsed.
src/backend/libpq/be-dumpdata.c
View file @ d5bbe2ac
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/libpq/Attic/be-dumpdata.c,v 1.9 1997/09/12 04:07:50 momjian Exp $ * $Header: /cvsroot/pgsql/src/backend/libpq/Attic/be-dumpdata.c,v 1.10 1998/01/26 01:41:05 scrappy Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
...@@ -34,7 +34,7 @@ ...@@ -34,7 +34,7 @@
#include <postgres.h> #include <postgres.h>
#include <lib/dllist.h> #include <lib/dllist.h>
#include <libpq/libpq-be.h> #include <libpq/libpq.h>
#include <access/heapam.h> #include <access/heapam.h>
#include <access/htup.h> #include <access/htup.h>
#include <storage/buf.h> #include <storage/buf.h>
......
src/backend/libpq/be-pqexec.c
View file @ d5bbe2ac
...@@ -8,7 +8,7 @@ ...@@ -8,7 +8,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/libpq/Attic/be-pqexec.c,v 1.13 1998/01/07 21:03:16 momjian Exp $ * $Header: /cvsroot/pgsql/src/backend/libpq/Attic/be-pqexec.c,v 1.14 1998/01/26 01:41:06 scrappy Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
...@@ -27,7 +27,7 @@ ...@@ -27,7 +27,7 @@
#include <tcop/fastpath.h> #include <tcop/fastpath.h>
#include <tcop/tcopprot.h> #include <tcop/tcopprot.h>
#include <lib/dllist.h> #include <lib/dllist.h>
#include <libpq/libpq-be.h> #include <libpq/libpq.h>
#include <fmgr.h> #include <fmgr.h>
#include <utils/exc.h> #include <utils/exc.h>
#include <utils/builtins.h> #include <utils/builtins.h>
......
src/backend/libpq/crypt.c
View file @ d5bbe2ac
...@@ -17,9 +17,6 @@ ...@@ -17,9 +17,6 @@
#include <string.h> #include <string.h>
#include <stdlib.h> #include <stdlib.h>
#include <unistd.h> #include <unistd.h>
#ifdef HAVE_CRYPT_H
#include <crypt.h>
#endif
#include "postgres.h" #include "postgres.h"
#include "miscadmin.h" #include "miscadmin.h"
...@@ -27,6 +24,10 @@ ...@@ -27,6 +24,10 @@
#include "storage/fd.h" #include "storage/fd.h"
#include "libpq/crypt.h" #include "libpq/crypt.h"
#ifdef HAVE_CRYPT_H
#include <crypt.h>
#endif
char** pwd_cache = NULL; char** pwd_cache = NULL;
int pwd_cache_count = 0; int pwd_cache_count = 0;
...@@ -219,6 +220,7 @@ int crypt_getloginfo(const char* user, char** passwd, char** valuntil) { ...@@ -219,6 +220,7 @@ int crypt_getloginfo(const char* user, char** passwd, char** valuntil) {
/*-------------------------------------------------------------------------*/ /*-------------------------------------------------------------------------*/
#ifdef 0
MsgType crypt_salt(const char* user) { MsgType crypt_salt(const char* user) {
char* passwd; char* passwd;
...@@ -237,6 +239,7 @@ MsgType crypt_salt(const char* user) { ...@@ -237,6 +239,7 @@ MsgType crypt_salt(const char* user) {
if (valuntil) free((void*)valuntil); if (valuntil) free((void*)valuntil);
return STARTUP_SALT_MSG; return STARTUP_SALT_MSG;
} }
#endif
/*-------------------------------------------------------------------------*/ /*-------------------------------------------------------------------------*/
...@@ -258,7 +261,13 @@ int crypt_verify(Port* port, const char* user, const char* pgpass) { ...@@ -258,7 +261,13 @@ int crypt_verify(Port* port, const char* user, const char* pgpass) {
return STATUS_ERROR; return STATUS_ERROR;
} }
crypt_pwd = crypt(passwd, port->salt); /*
* Compare with the encrypted or plain password depending on the
* authentication method being used for this connection.
*/
crypt_pwd = (port->auth_method == uaCrypt ? crypt(passwd, port->salt) : passwd);
if (!strcmp(pgpass, crypt_pwd)) { if (!strcmp(pgpass, crypt_pwd)) {
/* check here to be sure we are not past valuntil /* check here to be sure we are not past valuntil
*/ */
......
src/backend/libpq/hba.c
View file @ d5bbe2ac
This diff is collapsed.
src/backend/libpq/password.c
View file @ d5bbe2ac
#include <postgres.h> #include <postgres.h>
#include <miscadmin.h>
#include <libpq/password.h> #include <libpq/password.h>
#include <libpq/hba.h>
#include <libpq/libpq.h> #include <libpq/libpq.h>
#include <storage/fd.h> #include <storage/fd.h>
#include <string.h> #include <string.h>
...@@ -10,56 +10,15 @@ ...@@ -10,56 +10,15 @@
#endif #endif
int int
verify_password(char *user, char *password, Port *port, verify_password(char *auth_arg, char *user, char *password)
char *database, char *DataDir)
{ {
bool host_ok; char *pw_file_fullname;
enum Userauth userauth; FILE *pw_file;
char pw_file_name[PWFILE_NAME_SIZE + 1];
char *pw_file_fullname; pw_file_fullname = (char *) palloc(strlen(DataDir) + strlen(auth_arg) + 2);
FILE *pw_file;
char pw_file_line[255];
char *p,
*test_user,
*test_pw;
find_hba_entry(DataDir, port->raddr.in.sin_addr, database,
&host_ok, &userauth, pw_file_name, true);
if (!host_ok)
{
sprintf(PQerrormsg,
"verify_password: couldn't find entry for connecting host\n");
fputs(PQerrormsg, stderr);
pqdebug("%s", PQerrormsg);
return STATUS_ERROR;
}
if (userauth != Password)
{
sprintf(PQerrormsg,
"verify_password: couldn't find entry of type 'password' "
"for this host\n");
fputs(PQerrormsg, stderr);
pqdebug("%s", PQerrormsg);
return STATUS_ERROR;
}
if (!pw_file_name || pw_file_name[0] == '\0')
{
sprintf(PQerrormsg,
"verify_password: no password file specified\n");
fputs(PQerrormsg, stderr);
pqdebug("%s", PQerrormsg);
return STATUS_ERROR;
}
pw_file_fullname = (char *) palloc(strlen(DataDir) + strlen(pw_file_name) + 2);
strcpy(pw_file_fullname, DataDir); strcpy(pw_file_fullname, DataDir);
strcat(pw_file_fullname, "/"); strcat(pw_file_fullname, "/");
strcat(pw_file_fullname, pw_file_name); strcat(pw_file_fullname, auth_arg);
pw_file = AllocateFile(pw_file_fullname, "r"); pw_file = AllocateFile(pw_file_fullname, "r");
if (!pw_file) if (!pw_file)
...@@ -69,12 +28,17 @@ verify_password(char *user, char *password, Port *port, ...@@ -69,12 +28,17 @@ verify_password(char *user, char *password, Port *port,
pw_file_fullname); pw_file_fullname);
fputs(PQerrormsg, stderr); fputs(PQerrormsg, stderr);
pqdebug("%s", PQerrormsg); pqdebug("%s", PQerrormsg);
pfree(pw_file_fullname);
return STATUS_ERROR; return STATUS_ERROR;
} }
while (!feof(pw_file)) while (!feof(pw_file))
{ {
fgets(pw_file_line, 255, pw_file); char pw_file_line[255], *p, *test_user, *test_pw;
fgets(pw_file_line, sizeof (pw_file_line), pw_file);
p = pw_file_line; p = pw_file_line;
test_user = strtok(p, ":"); test_user = strtok(p, ":");
...@@ -97,6 +61,9 @@ verify_password(char *user, char *password, Port *port, ...@@ -97,6 +61,9 @@ verify_password(char *user, char *password, Port *port,
if (strcmp(crypt(password, test_pw), test_pw) == 0) if (strcmp(crypt(password, test_pw), test_pw) == 0)
{ {
/* it matched. */ /* it matched. */
pfree(pw_file_fullname);
return STATUS_OK; return STATUS_OK;
} }
...@@ -105,6 +72,9 @@ verify_password(char *user, char *password, Port *port, ...@@ -105,6 +72,9 @@ verify_password(char *user, char *password, Port *port,
user); user);
fputs(PQerrormsg, stderr); fputs(PQerrormsg, stderr);
pqdebug("%s", PQerrormsg); pqdebug("%s", PQerrormsg);
pfree(pw_file_fullname);
return STATUS_ERROR; return STATUS_ERROR;
} }
} }
...@@ -114,5 +84,8 @@ verify_password(char *user, char *password, Port *port, ...@@ -114,5 +84,8 @@ verify_password(char *user, char *password, Port *port,
user); user);
fputs(PQerrormsg, stderr); fputs(PQerrormsg, stderr);
pqdebug("%s", PQerrormsg); pqdebug("%s", PQerrormsg);
pfree(pw_file_fullname);
return STATUS_ERROR; return STATUS_ERROR;
} }
src/backend/libpq/pg_hba.conf.sample
View file @ d5bbe2ac
...@@ -4,6 +4,7 @@ ...@@ -4,6 +4,7 @@
# #
# This file controls what hosts are allowed to connect to what databases # This file controls what hosts are allowed to connect to what databases
# and specifies some options on how users on a particular host are identified. # and specifies some options on how users on a particular host are identified.
# It is read each time a host tries to make a connection to a database.
# #
# Each line (terminated by a newline character) is a record. A record cannot # Each line (terminated by a newline character) is a record. A record cannot
# be continued across two lines. # be continued across two lines.
...@@ -29,13 +30,14 @@ ...@@ -29,13 +30,14 @@
# Record type "host" # Record type "host"
# ------------------ # ------------------
# #
# This record identifies a set of hosts that are permitted to connect to # This record identifies a set of network hosts that are permitted to connect
# databases. No hosts are permitted to connect except as specified by a # to databases. No network hosts are permitted to connect except as specified
# "host" record. # by a "host" record. See the record type "local" to specify permitted
# connections using UNIX sockets.
# #
# Format: # Format:
# #
# host DBNAME IP_ADDRESS ADDRESS_MASK USERAUTH [MAP] # host DBNAME IP_ADDRESS ADDRESS_MASK USERAUTH [AUTH_ARGUMENT]
# #
# DBNAME is the name of a Postgres database, or "all" to indicate all # DBNAME is the name of a Postgres database, or "all" to indicate all
# databases. # databases.
...@@ -49,33 +51,54 @@ ...@@ -49,33 +51,54 @@
# under the Postgres username he supplies in his connection parameters. # under the Postgres username he supplies in his connection parameters.
# #
# ident: Authentication is done by the ident server on the remote # ident: Authentication is done by the ident server on the remote
# host, via the ident (RFC 1413) protocol. # host, via the ident (RFC 1413) protocol. AUTH_ARGUMENT, if
# specified, is a map name to be found in the pg_ident.conf file.
# That table maps from ident usernames to Postgres usernames. The
# special map name "sameuser" indicates an implied map (not found
# in pg_ident.conf) that maps every ident username to the identical
# Postgres username.
# #
# trust: No authentication is done. Trust that the user has the # trust: No authentication is done. Trust that the user has the
# authority to user whatever username he says he does. # authority to user whatever username he says he does.
# Before Postgres Version 6, all authentication was this way. # Before Postgres Version 6, all authentication was this way.
# #
# MAP is the name of a map that matches an authenticated principal with # reject: Reject the connection.
# a Postgres username. If USERNAME is "trust", this value is ignored and
# may be absent.
# #
# In the case of USERAUTH=ident, this is a map name to be found in the # password: Authentication is done by matching a password supplied in clear
# pg_ident.conf file. That table maps from ident usernames to Postgres # by the host. If AUTH_ARGUMENT is specified then the password is
# usernames. The special map name "sameuser" indicates an implied map # compared with the user's entry in that file (in the $PGDATA
# (not found in pg_ident.conf) that maps every ident username to the identical # directory). See pg_passwd(1). If it is omitted then the
# Postgres username. # password is compared with the user's entry in the pg_user table.
#
# crypt: Authentication is done by matching an encrypted password supplied
# by the host with that held for the user in the pg_user table.
#
# krb4: Kerberos V4 authentication is used.
#
# krb5: Kerberos V5 authentication is used.
# Record type "local"
# ------------------
# #
# This record identifies the authentication to use when connecting to a
# particular database via a local UNIX socket.
#
# Format:
#
# local DBNAME USERAUTH [AUTH_ARGUMENT]
#
# The format is the same as that of the "host" record type except that the
# IP_ADDRESS and ADDRESS_MASK are omitted and the "ident", "krb4" and "krb5"
# values of USERAUTH are no allowed.
# For backwards compatibility, PostgreSQL also accepts pre-Version 6 records, # For backwards compatibility, PostgreSQL also accepts pre-Version 6 records,
# which look like: # which look like:
# #
# all 127.0.0.1 0.0.0.0 # all 127.0.0.1 0.0.0.0
#
#
# TYPE DATABASE IP_ADDRESS MASK USERAUTH MAP # TYPE DATABASE IP_ADDRESS MASK USERAUTH MAP
host all 127.0.0.1 255.255.255.255 trust #host all 127.0.0.1 255.255.255.255 trust
# The above allows any user on the local system to connect to any database # The above allows any user on the local system to connect to any database
# under any username. # under any username.
...@@ -86,10 +109,11 @@ host all 127.0.0.1 255.255.255.255 trust ...@@ -86,10 +109,11 @@ host all 127.0.0.1 255.255.255.255 trust
# connect to database template1 as the same username that ident on that host # connect to database template1 as the same username that ident on that host
# identifies him as (typically his Unix username). # identifies him as (typically his Unix username).
#host all 192.168.0.1 255.255.255.255 reject
#host all 0.0.0.0 0.0.0.0 trust #host all 0.0.0.0 0.0.0.0 trust
# The above would allow anyone anywhere to connect to any database under # The above would allow anyone anywhere except from 192.168.0.1 to connect to
# any username. # any database under any username.
#host all 192.168.0.0 255.255.255.0 ident omicron #host all 192.168.0.0 255.255.255.0 ident omicron
# #
......
src/backend/libpq/pqcomm.c
View file @ d5bbe2ac
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/libpq/pqcomm.c,v 1.34 1998/01/25 05:13:18 momjian Exp $ * $Header: /cvsroot/pgsql/src/backend/libpq/pqcomm.c,v 1.35 1998/01/26 01:41:11 scrappy Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
...@@ -43,6 +43,7 @@ ...@@ -43,6 +43,7 @@
#include <sys/types.h> #include <sys/types.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <sys/socket.h> #include <sys/socket.h>
#include <sys/un.h>
#include <netdb.h> #include <netdb.h>
#include <netinet/in.h> #include <netinet/in.h>
#include <netinet/tcp.h> #include <netinet/tcp.h>
...@@ -269,28 +270,6 @@ int ...@@ -269,28 +270,6 @@ int
pq_getnchar(char *s, int off, int maxlen) pq_getnchar(char *s, int off, int maxlen)
{ {
return pqGetNBytes(s + off, maxlen, Pfin); return pqGetNBytes(s + off, maxlen, Pfin);
#if 0
int c = '\0';
if (Pfin == (FILE *) NULL)
{
/* elog(DEBUG, "Input descriptor is null"); */
return (EOF);
}
s += off;
while (maxlen-- && (c = pq_getc(Pfin)) != EOF)
*s++ = c;
/* -----------------
* If EOF reached let caller know
* -----------------
*/
if (c == EOF)
return (EOF);
return (!EOF);
#endif
} }
/* -------------------------------- /* --------------------------------
...@@ -591,11 +570,7 @@ do_unlink() ...@@ -591,11 +570,7 @@ do_unlink()
int int
StreamServerPort(char *hostName, short portName, int *fdP) StreamServerPort(char *hostName, short portName, int *fdP)
{ {
union SockAddr saddr;
{
struct sockaddr_in in;
struct sockaddr_un un;
} saddr;
int fd, int fd,
err, err,
family; family;
...@@ -624,20 +599,19 @@ StreamServerPort(char *hostName, short portName, int *fdP) ...@@ -624,20 +599,19 @@ StreamServerPort(char *hostName, short portName, int *fdP)
return (STATUS_ERROR); return (STATUS_ERROR);
} }
bzero(&saddr, sizeof(saddr)); bzero(&saddr, sizeof(saddr));
saddr.sa.sa_family = family;
if (family == AF_UNIX) if (family == AF_UNIX)
{ {
saddr.un.sun_family = family;
len = UNIXSOCK_PATH(saddr.un, portName); len = UNIXSOCK_PATH(saddr.un, portName);
strcpy(sock_path, saddr.un.sun_path); strcpy(sock_path, saddr.un.sun_path);
} }
else else
{ {
saddr.in.sin_family = family;
saddr.in.sin_addr.s_addr = htonl(INADDR_ANY); saddr.in.sin_addr.s_addr = htonl(INADDR_ANY);
saddr.in.sin_port = htons(portName); saddr.in.sin_port = htons(portName);
len = sizeof saddr.in; len = sizeof (struct sockaddr_in);
} }
err = bind(fd, (struct sockaddr *) & saddr, len); err = bind(fd, &saddr.sa, len);
if (err < 0) if (err < 0)
{ {
sprintf(PQerrormsg, sprintf(PQerrormsg,
...@@ -685,7 +659,7 @@ StreamConnection(int server_fd, Port *port) ...@@ -685,7 +659,7 @@ StreamConnection(int server_fd, Port *port)
{ {
int len, int len,
addrlen; addrlen;
int family = port->raddr.in.sin_family; int family = port->raddr.sa.sa_family;
/* accept connection (and fill in the client (remote) address) */ /* accept connection (and fill in the client (remote) address) */
len = family == AF_INET ? len = family == AF_INET ?
...@@ -726,8 +700,6 @@ StreamConnection(int server_fd, Port *port) ...@@ -726,8 +700,6 @@ StreamConnection(int server_fd, Port *port)
} }
} }
port->mask = 1 << port->sock;
/* reset to non-blocking */ /* reset to non-blocking */
fcntl(port->sock, F_SETFL, 1); fcntl(port->sock, F_SETFL, 1);
...@@ -788,7 +760,7 @@ StreamOpen(char *hostName, short portName, Port *port) ...@@ -788,7 +760,7 @@ StreamOpen(char *hostName, short portName, Port *port)
len = UNIXSOCK_PATH(port->raddr.un, portName); len = UNIXSOCK_PATH(port->raddr.un, portName);
} }
/* connect to the server */ /* connect to the server */
if ((port->sock = socket(port->raddr.in.sin_family, SOCK_STREAM, 0)) < 0) if ((port->sock = socket(port->raddr.sa.sa_family, SOCK_STREAM, 0)) < 0)
{ {
sprintf(PQerrormsg, sprintf(PQerrormsg,
"FATAL: StreamOpen: socket() failed: errno=%d\n", "FATAL: StreamOpen: socket() failed: errno=%d\n",
...@@ -797,7 +769,7 @@ StreamOpen(char *hostName, short portName, Port *port) ...@@ -797,7 +769,7 @@ StreamOpen(char *hostName, short portName, Port *port)
pqdebug("%s", PQerrormsg); pqdebug("%s", PQerrormsg);
return (STATUS_ERROR); return (STATUS_ERROR);
} }
err = connect(port->sock, (struct sockaddr *) & port->raddr, len); err = connect(port->sock, &port->raddr.sa, len);
if (err < 0) if (err < 0)
{ {
sprintf(PQerrormsg, sprintf(PQerrormsg,
...@@ -809,8 +781,7 @@ StreamOpen(char *hostName, short portName, Port *port) ...@@ -809,8 +781,7 @@ StreamOpen(char *hostName, short portName, Port *port)
} }
/* fill in the client address */ /* fill in the client address */
if (getsockname(port->sock, (struct sockaddr *) & port->laddr, if (getsockname(port->sock, &port->laddr.sa, &len) < 0)
&len) < 0)
{ {
sprintf(PQerrormsg, sprintf(PQerrormsg,
"FATAL: StreamOpen: getsockname() failed: errno=%d\n", "FATAL: StreamOpen: getsockname() failed: errno=%d\n",
...@@ -822,32 +793,3 @@ StreamOpen(char *hostName, short portName, Port *port) ...@@ -822,32 +793,3 @@ StreamOpen(char *hostName, short portName, Port *port)
return (STATUS_OK); return (STATUS_OK);
} }
static char *authentication_type_name[] = {
0, 0, 0, 0, 0, 0, 0,
"the default authentication type",
0, 0,
"Kerberos v4",
"Kerberos v5",
"host-based authentication",
"unauthenication",
"plaintext password authentication"
};
char *
name_of_authentication_type(int type)
{
char *result = 0;
if (type >= 1 && type <= LAST_AUTHENTICATION_TYPE)
{
result = authentication_type_name[type];
}
if (result == 0)
{
result = "<unknown authentication type>";
}
return result;
}
src/backend/libpq/pqcomprim.c
View file @ d5bbe2ac
#include <stdlib.h> #include <stdlib.h>
#include <stdio.h> #include <stdio.h>
#include <netinet/in.h>
#include "postgres.h" #include "postgres.h"
#include "libpq/pqcomm.h" #include "libpq/pqcomm.h"
#ifdef HAVE_ENDIAN_H
#include <endian.h>
#endif
/* --------------------------------------------------------------------- */ /*
/* These definitions for ntoh/hton are the other way around from the * The backend supports the old little endian byte order and the current
* default system definitions, so we roll our own here. * network byte order.
*/ */
#ifndef FRONTEND
#include "libpq/libpq-be.h"
#ifdef HAVE_ENDIAN_H
#include <endian.h>
#endif
#ifndef BYTE_ORDER #ifndef BYTE_ORDER
#error BYTE_ORDER must be defined as LITTLE_ENDIAN, BIG_ENDIAN or PDP_ENDIAN #error BYTE_ORDER must be defined as LITTLE_ENDIAN, BIG_ENDIAN or PDP_ENDIAN
#endif #endif
#if BYTE_ORDER == LITTLE_ENDIAN #if BYTE_ORDER == LITTLE_ENDIAN
#define ntoh_s(n) n
#define ntoh_l(n) n #define ntoh_s(n) n
#define hton_s(n) n #define ntoh_l(n) n
#define hton_l(n) n #define hton_s(n) n
#else /* BYTE_ORDER != LITTLE_ENDIAN */ #define hton_l(n) n
#else
#if BYTE_ORDER == BIG_ENDIAN #if BYTE_ORDER == BIG_ENDIAN
#define ntoh_s(n) (u_short)(((u_char *)&n)[1] << 8 \
| ((u_char *)&n)[0]) #define ntoh_s(n) (uint16)(((u_char *)&n)[1] << 8 \
#define ntoh_l(n) (uint32) (((u_char *)&n)[3] << 24 \ | ((u_char *)&n)[0])
| ((u_char *)&n)[2] << 16 \ #define ntoh_l(n) (uint32)(((u_char *)&n)[3] << 24 \
| ((u_char *)&n)[1] << 8 \ | ((u_char *)&n)[2] << 16 \
| ((u_char *)&n)[0]) | ((u_char *)&n)[1] << 8 \
#define hton_s(n) (ntoh_s(n)) | ((u_char *)&n)[0])
#define hton_l(n) (ntoh_l(n)) #define hton_s(n) (ntoh_s(n))
#define hton_l(n) (ntoh_l(n))
#else #else
/* BYTE_ORDER != BIG_ENDIAN */
#if BYTE_ORDER == PDP_ENDIAN #if BYTE_ORDER == PDP_ENDIAN
#error PDP_ENDIAN macros not written yet #error PDP_ENDIAN macros not written yet
#else #else
/* BYTE_ORDER != anything known */
#error BYTE_ORDER not defined as anything understood #error BYTE_ORDER not defined as anything understood
#endif /* BYTE_ORDER == PDP_ENDIAN */
#endif /* BYTE_ORDER == BIG_ENDIAN */ #endif
#endif /* BYTE_ORDER == LITTLE_ENDIAN */ #endif
#endif
#endif
/* --------------------------------------------------------------------- */ /* --------------------------------------------------------------------- */
int int
pqPutShort(int integer, FILE *f) pqPutShort(int integer, FILE *f)
{ {
int retval = 0; uint16 n;
u_short n,
s; #ifdef FRONTEND
n = htons((uint16)integer);
#else
n = ((PG_PROTOCOL_MAJOR(FrontendProtocol) == 0) ? hton_s(integer) : htons((uint16)integer));
#endif
s = integer; if (fwrite(&n, 2, 1, f) != 1)
n = hton_s(s); return EOF;
if (fwrite(&n, sizeof(u_short), 1, f) != 1)
retval = EOF;
return retval; return 0;
} }
/* --------------------------------------------------------------------- */ /* --------------------------------------------------------------------- */
int int
pqPutLong(int integer, FILE *f) pqPutLong(int integer, FILE *f)
{ {
int retval = 0; uint32 n;
uint32 n;
n = hton_l(integer); #ifdef FRONTEND
if (fwrite(&n, sizeof(uint32), 1, f) != 1) n = htonl((uint32)integer);
retval = EOF; #else
n = ((PG_PROTOCOL_MAJOR(FrontendProtocol) == 0) ? hton_l(integer) : htonl((uint32)integer));
#endif
return retval; if (fwrite(&n, 4, 1, f) != 1)
return EOF;
return 0;
} }
/* --------------------------------------------------------------------- */ /* --------------------------------------------------------------------- */
int int
pqGetShort(int *result, FILE *f) pqGetShort(int *result, FILE *f)
{ {
int retval = 0; uint16 n;
u_short n;
if (fread(&n, sizeof(u_short), 1, f) != 1) if (fread(&n, 2, 1, f) != 1)
retval = EOF; return EOF;
#ifdef FRONTEND
*result = (int)ntohs(n);
#else
*result = (int)((PG_PROTOCOL_MAJOR(FrontendProtocol) == 0) ? ntoh_s(n) : ntohs(n));
#endif
*result = ntoh_s(n); return 0;
return retval;
} }
/* --------------------------------------------------------------------- */ /* --------------------------------------------------------------------- */
int int
pqGetLong(int *result, FILE *f) pqGetLong(int *result, FILE *f)
{ {
int retval = 0; uint32 n;
uint32 n;
if (fread(&n, sizeof(uint32), 1, f) != 1) if (fread(&n, 4, 1, f) != 1)
retval = EOF; return EOF;
*result = ntoh_l(n); #ifdef FRONTEND
return retval; *result = (int)ntohl(n);
#else
*result = (int)((PG_PROTOCOL_MAJOR(FrontendProtocol) == 0) ? ntoh_l(n) : ntohl(n));
#endif
return 0;
} }
/* --------------------------------------------------------------------- */ /* --------------------------------------------------------------------- */
/* pqGetNBytes: Read a chunk of exactly len bytes in buffer s. /* pqGetNBytes: Read a chunk of exactly len bytes in buffer s (which must be 1
byte longer) and terminate it with a '\0'.
Return 0 if ok. Return 0 if ok.
*/ */
int int
pqGetNBytes(char *s, size_t len, FILE *f) pqGetNBytes(char *s, size_t len, FILE *f)
{ {
int cnt; int cnt;
if (f == NULL) if (f == NULL)
return EOF; return EOF;
cnt = fread(s, 1, len, f); cnt = fread(s, 1, len, f);
s[cnt] = '\0'; s[cnt] = '\0';
/* mjl: actually needs up to len+1 bytes, is this okay? XXX */
return (cnt == len) ? 0 : EOF; return (cnt == len) ? 0 : EOF;
} }
...@@ -126,7 +154,7 @@ int ...@@ -126,7 +154,7 @@ int
pqPutNBytes(const char *s, size_t len, FILE *f) pqPutNBytes(const char *s, size_t len, FILE *f)
{ {
if (f == NULL) if (f == NULL)
return 0; return EOF;
if (fwrite(s, 1, len, f) != len) if (fwrite(s, 1, len, f) != len)
return EOF; return EOF;
...@@ -138,15 +166,27 @@ pqPutNBytes(const char *s, size_t len, FILE *f) ...@@ -138,15 +166,27 @@ pqPutNBytes(const char *s, size_t len, FILE *f)
int int
pqGetString(char *s, size_t len, FILE *f) pqGetString(char *s, size_t len, FILE *f)
{ {
int c; int c;
if (f == NULL) if (f == NULL)
return EOF; return EOF;
while (len-- && (c = getc(f)) != EOF && c) /*
*s++ = c; * Keep on reading until we get the terminating '\0' and discard those
* bytes we don't have room for.
*/
while ((c = getc(f)) != EOF && c != '\0')
if (len > 1)
{
*s++ = c;
len--;
}
*s = '\0'; *s = '\0';
/* mjl: actually needs up to len+1 bytes, is this okay? XXX */
if (c == EOF)
return EOF;
return 0; return 0;
} }
...@@ -183,5 +223,3 @@ pqPutByte(int c, FILE *f) ...@@ -183,5 +223,3 @@ pqPutByte(int c, FILE *f)
return (putc(c, f) == c) ? 0 : EOF; return (putc(c, f) == c) ? 0 : EOF;
} }
/* --------------------------------------------------------------------- */
src/backend/libpq/pqpacket.c
View file @ d5bbe2ac
...@@ -8,36 +8,14 @@ ...@@ -8,36 +8,14 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/libpq/Attic/pqpacket.c,v 1.12 1997/12/09 03:10:51 scrappy Exp $ * $Header: /cvsroot/pgsql/src/backend/libpq/Attic/pqpacket.c,v 1.13 1998/01/26 01:41:12 scrappy Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
/* NOTES
* This is the module that understands the lowest-level part
* of the communication protocol. All of the trickiness in
* this module is for making sure that non-blocking I/O in
* the Postmaster works correctly. Check the notes in PacketRecv
* on non-blocking I/O.
*
* Data Structures:
* Port has two important functions. (1) It records the
* sock/addr used in communication. (2) It holds partially
* read in messages. This is especially important when
* we haven't seen enough to construct a complete packet
* header.
*
* PacketBuf -- None of the clients of this module should know
* what goes into a packet hdr (although they know how big
* it is). This routine is in charge of host to net order
* conversion for headers. Data conversion is someone elses
* responsibility.
*
* IMPORTANT: these routines are called by backends, clients, and
* the Postmaster.
*
*/
#include <stdio.h> #include <stdio.h>
#include <unistd.h> #include <unistd.h>
#include <string.h>
#include <sys/types.h> #include <sys/types.h>
#include <sys/socket.h> #include <sys/socket.h>
#include <netdb.h> #include <netdb.h>
...@@ -50,260 +28,158 @@ ...@@ -50,260 +28,158 @@
#include <storage/ipc.h> #include <storage/ipc.h>
#include <libpq/libpq.h> #include <libpq/libpq.h>
/* /*
* PacketReceive -- receive a packet on a port. * Set up a packet read for the postmaster event loop.
*
* RETURNS: connection id of the packet sender, if one
* is available.
*
*/ */
int
PacketReceive(Port *port, /* receive port */ void PacketReceiveSetup(Packet *pkt, void (*iodone)(), char *arg)
PacketBuf *buf, /* MAX_PACKET_SIZE-worth of buffer space */
bool nonBlocking) /* NON_BLOCKING or BLOCKING i/o */
{ {
PacketLen max_size = sizeof(PacketBuf); pkt->nrtodo = sizeof (pkt->len);
PacketLen cc; /* character count -- bytes recvd */ pkt->ptr = (char *)&pkt->len;
PacketLen packetLen; /* remaining packet chars to read */ pkt->iodone = iodone;
Addr tmp; /* curr recv buf pointer */ pkt->arg = arg;
int hdrLen; pkt->state = ReadingPacketLength;
int flag; }
int decr;
hdrLen = sizeof(buf->len);
if (nonBlocking == NON_BLOCKING) /*
{ * Read a packet fragment. Return STATUS_OK if the connection should stay
flag = MSG_PEEK; * open.
decr = 0; */
}
else
{
flag = 0;
decr = hdrLen;
}
/* int PacketReceiveFragment(Packet *pkt, int sock)
* Assume port->nBytes is zero unless we were interrupted during {
* non-blocking I/O. This first recv() is to get the hdr information int got;
* so we know how many bytes to read. Life would be very complicated
* if we read too much data (buffering).
*/
tmp = ((Addr) buf) + port->nBytes;
if (port->nBytes >= hdrLen) if ((got = read(sock,pkt->ptr,pkt->nrtodo)) > 0)
{ {
packetLen = ntohl(buf->len) - port->nBytes; pkt->nrtodo -= got;
} pkt->ptr += got;
else
{ /* See if we have got what we need for the packet length. */
/* peeking into the incoming message */
cc = recv(port->sock, (char *) &(buf->len), hdrLen, flag); if (pkt->nrtodo == 0 && pkt->state == ReadingPacketLength)
if (cc < hdrLen)
{ {
/* if cc is negative, the system call failed */ pkt->len = ntohl(pkt->len);
if (cc < 0)
{
return (STATUS_ERROR);
}
/* if (pkt->len < sizeof (pkt->len) ||
* cc == 0 means the connection was broken at the other end. pkt->len > sizeof (pkt->len) + sizeof (pkt->pkt))
*/
else if (!cc)
{ {
return (STATUS_INVALID); PacketSendError(pkt,"Invalid packet length");
return STATUS_OK;
} }
else
{
/* /* Set up for the rest of the packet. */
* Worst case. We didn't even read in enough data to get
* the header length. since we are using a data stream, pkt->nrtodo = pkt->len - sizeof (pkt->len);
* this happens only if the client is mallicious. pkt->ptr = (char *)&pkt->pkt;
* pkt->state = ReadingPacket;
* Don't save the number of bytes we've read so far. Since we
* only peeked at the incoming message, the kernel is
* going to keep it for us.
*/
return (STATUS_NOT_DONE);
}
} }
else
{
/* /* See if we have got what we need for the packet. */
* This is an attempt to shield the Postmaster from mallicious
* attacks by placing tighter restrictions on the reported
* packet length.
*
* Check for negative packet length
*/
if ((buf->len) <= 0)
{
return (STATUS_INVALID);
}
/* if (pkt->nrtodo == 0 && pkt->state == ReadingPacket)
* Check for oversize packet {
*/ pkt->state = Idle;
if ((ntohl(buf->len)) > max_size)
{
return (STATUS_INVALID);
}
/* /* Special case to close the connection. */
* great. got the header. now get the true length (including
* header size).
*/
packetLen = ntohl(buf->len);
/* if (pkt->iodone == NULL)
* if someone is sending us junk, close the connection return STATUS_ERROR;
*/
if (packetLen > max_size) (*pkt->iodone)(pkt->arg, pkt->len - sizeof (pkt->len),
{ (char *)&pkt->pkt);
port->nBytes = packetLen;
return (STATUS_BAD_PACKET);
}
packetLen -= decr;
tmp += decr - port->nBytes;
} }
return STATUS_OK;
} }
/* if (got == 0)
* Now that we know how big it is, read the packet. We read the return STATUS_ERROR;
* entire packet, since the last call was just a peek.
*/
while (packetLen)
{
cc = read(port->sock, tmp, packetLen);
if (cc < 0)
return (STATUS_ERROR);
/* if (errno == EINTR)
* cc == 0 means the connection was broken at the other end. return STATUS_OK;
*/
else if (!cc)
return (STATUS_INVALID);
/* fprintf(stderr, "read() system call failed\n");
fprintf(stderr,"expected packet of %d bytes, got %d bytes\n",
packetLen, cc);
*/
tmp += cc;
packetLen -= cc;
/* if non-blocking, we're done. */
if (nonBlocking && packetLen)
{
port->nBytes += cc;
return (STATUS_NOT_DONE);
}
}
port->nBytes = 0; return STATUS_ERROR;
return (STATUS_OK);
} }
/* /*
* PacketSend -- send a single-packet message. * Set up a packet write for the postmaster event loop.
*
* RETURNS: STATUS_ERROR if the write fails, STATUS_OK otherwise.
* SIDE_EFFECTS: may block.
* NOTES: Non-blocking writes would significantly complicate
* buffer management. For now, we're not going to do it.
*
*/ */
int
PacketSend(Port *port, void PacketSendSetup(Packet *pkt, int nbytes, void (*iodone)(), char *arg)
PacketBuf *buf,
PacketLen len,
bool nonBlocking)
{ {
PacketLen doneLen; pkt->nrtodo = nbytes;
pkt->ptr = (char *)&pkt->pkt;
pkt->iodone = iodone;
pkt->arg = arg;
pkt->state = WritingPacket;
}
/*
* Write a packet fragment. Return STATUS_OK if the connection should stay
* open.
*/
Assert(!nonBlocking); int PacketSendFragment(Packet *pkt, int sock)
Assert(buf); {
int done;
doneLen = write(port->sock, buf, len); if ((done = write(sock,pkt->ptr,pkt->nrtodo)) > 0)
if (doneLen < len)
{ {
sprintf(PQerrormsg, pkt->nrtodo -= done;
"FATAL: PacketSend: couldn't send complete packet: errno=%d\n", pkt->ptr += done;
errno);
fputs(PQerrormsg, stderr); /* See if we have written the whole packet. */
return (STATUS_ERROR);
if (pkt->nrtodo == 0)
{
pkt->state = Idle;
/* Special case to close the connection. */
if (pkt->iodone == NULL)
return STATUS_ERROR;
(*pkt->iodone)(pkt->arg);
}
return STATUS_OK;
} }
return (STATUS_OK); if (done == 0)
} return STATUS_ERROR;
/* if (errno == EINTR)
* StartupInfo2PacketBuf - return STATUS_OK;
* convert the fields of the StartupInfo to a PacketBuf
* fprintf(stderr, "write() system call failed\n");
*/
/* moved to src/libpq/fe-connect.c */ return STATUS_ERROR;
/*
PacketBuf*
StartupInfo2PacketBuf(StartupInfo* s)
{
PacketBuf* res;
char* tmp;
res = (PacketBuf*)palloc(sizeof(PacketBuf));
res->len = htonl(sizeof(PacketBuf));
res->data[0] = '\0';
tmp= res->data;
strncpy(tmp, s->database, sizeof(s->database));
tmp += sizeof(s->database);
strncpy(tmp, s->user, sizeof(s->user));
tmp += sizeof(s->user);
strncpy(tmp, s->options, sizeof(s->options));
tmp += sizeof(s->options);
strncpy(tmp, s->execFile, sizeof(s->execFile));
tmp += sizeof(s->execFile);
strncpy(tmp, s->tty, sizeof(s->execFile));
return res;
} }
*/
/* /*
* PacketBuf2StartupInfo - * Send an error message from the postmaster to the frontend.
* convert the fields of the StartupInfo to a PacketBuf
*
*/ */
/* moved to postmaster.c
StartupInfo* void PacketSendError(Packet *pkt, char *errormsg)
PacketBuf2StartupInfo(PacketBuf* p)
{ {
StartupInfo* res; fprintf(stderr, "%s\n", errormsg);
char* tmp;
pkt->pkt.em.data[0] = 'E';
res = (StartupInfo*)palloc(sizeof(StartupInfo)); StrNCpy(&pkt->pkt.em.data[1], errormsg, sizeof (pkt->pkt.em.data) - 2);
res->database[0]='\0'; /*
res->user[0]='\0'; * The NULL i/o callback will cause the connection to be broken when
res->options[0]='\0'; * the error message has been sent.
res->execFile[0]='\0'; */
res->tty[0]='\0';
PacketSendSetup(pkt, strlen(pkt->pkt.em.data) + 1, NULL, NULL);
tmp= p->data;
strncpy(res->database,tmp,sizeof(res->database));
tmp += sizeof(res->database);
strncpy(res->user,tmp, sizeof(res->user));
tmp += sizeof(res->user);
strncpy(res->options,tmp, sizeof(res->options));
tmp += sizeof(res->options);
strncpy(res->execFile,tmp, sizeof(res->execFile));
tmp += sizeof(res->execFile);
strncpy(res->tty,tmp, sizeof(res->tty));
return res;
} }
*/
src/backend/postmaster/postmaster.c
View file @ d5bbe2ac
This diff is collapsed.
src/backend/tcop/dest.c
View file @ d5bbe2ac
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/tcop/dest.c,v 1.15 1997/12/06 22:57:02 momjian Exp $ * $Header: /cvsroot/pgsql/src/backend/tcop/dest.c,v 1.16 1998/01/26 01:41:23 scrappy Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
...@@ -29,7 +29,7 @@ ...@@ -29,7 +29,7 @@
#include "postgres.h" #include "postgres.h"
#include "access/htup.h" #include "access/htup.h"
#include "libpq/libpq-be.h" #include "libpq/libpq.h"
#include "access/printtup.h" #include "access/printtup.h"
#include "utils/portal.h" #include "utils/portal.h"
#include "utils/palloc.h" #include "utils/palloc.h"
......
src/backend/tcop/fastpath.c
View file @ d5bbe2ac
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/tcop/fastpath.c,v 1.11 1998/01/11 21:16:01 scrappy Exp $ * $Header: /cvsroot/pgsql/src/backend/tcop/fastpath.c,v 1.12 1998/01/26 01:41:28 scrappy Exp $
* *
* NOTES * NOTES
* This cruft is the server side of PQfn. * This cruft is the server side of PQfn.
...@@ -336,7 +336,7 @@ HandleFunctionRequest() ...@@ -336,7 +336,7 @@ HandleFunctionRequest()
else else
{ /* ... fixed */ { /* ... fixed */
/* XXX cross our fingers and trust "argsize" */ /* XXX cross our fingers and trust "argsize" */
if (!(p = palloc(argsize))) if (!(p = palloc(argsize + 1)))
{ {
elog(ERROR, "HandleFunctionRequest: palloc failed"); elog(ERROR, "HandleFunctionRequest: palloc failed");
} }
......
src/backend/tcop/postgres.c
View file @ d5bbe2ac
This diff is collapsed.
src/backend/utils/init/globals.c
View file @ d5bbe2ac
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/utils/init/globals.c,v 1.18 1998/01/25 05:14:42 momjian Exp $ * $Header: /cvsroot/pgsql/src/backend/utils/init/globals.c,v 1.19 1998/01/26 01:41:42 scrappy Exp $
* *
* NOTES * NOTES
* Globals used all over the place should be declared here and not * Globals used all over the place should be declared here and not
...@@ -32,9 +32,10 @@ ...@@ -32,9 +32,10 @@
#include "storage/sinvaladt.h" #include "storage/sinvaladt.h"
#include "storage/lmgr.h" #include "storage/lmgr.h"
#include "utils/elog.h" #include "utils/elog.h"
#include "libpq/pqcomm.h"
#include "catalog/catname.h" #include "catalog/catname.h"
ProtocolVersion FrontendProtocol = PG_PROTOCOL_LATEST;
int Portfd = -1; int Portfd = -1;
int Noversion = 0; int Noversion = 0;
int Quiet = 1; int Quiet = 1;
......
src/include/c.h
View file @ d5bbe2ac
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
* *
* Copyright (c) 1994, Regents of the University of California * Copyright (c) 1994, Regents of the University of California
* *
* $Id: c.h,v 1.28 1998/01/24 22:47:43 momjian Exp $ * $Id: c.h,v 1.29 1998/01/26 01:41:49 scrappy Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
...@@ -204,21 +204,23 @@ typedef char *Pointer; ...@@ -204,21 +204,23 @@ typedef char *Pointer;
/* /*
* intN -- * intN --
* Signed integer, AT LEAST N BITS IN SIZE, * Signed integer, EXACTLY N BITS IN SIZE,
* used for numerical computations. * used for numerical computations and the
* frontend/backend protocol.
*/ */
typedef signed char int8; /* >= 8 bits */ typedef signed char int8; /* == 8 bits */
typedef signed short int16; /* >= 16 bits */ typedef signed short int16; /* == 16 bits */
typedef signed int int32; /* >= 32 bits */ typedef signed int int32; /* == 32 bits */
/* /*
* uintN -- * uintN --
* Unsigned integer, AT LEAST N BITS IN SIZE, * Unsigned integer, EXACTLY N BITS IN SIZE,
* used for numerical computations. * used for numerical computations and the
* frontend/backend protocol.
*/ */
typedef unsigned char uint8; /* >= 8 bits */ typedef unsigned char uint8; /* == 8 bits */
typedef unsigned short uint16; /* >= 16 bits */ typedef unsigned short uint16; /* == 16 bits */
typedef unsigned int uint32; /* >= 32 bits */ typedef unsigned int uint32; /* == 32 bits */
/* /*
* floatN -- * floatN --
......
src/include/libpq/auth.h
View file @ d5bbe2ac
...@@ -6,40 +6,22 @@ ...@@ -6,40 +6,22 @@
* *
* Copyright (c) 1994, Regents of the University of California * Copyright (c) 1994, Regents of the University of California
* *
* $Id: auth.h,v 1.7 1997/09/08 21:52:28 momjian Exp $ * $Id: auth.h,v 1.8 1998/01/26 01:42:05 scrappy Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
#ifndef AUTH_H #ifndef AUTH_H
#define AUTH_H #define AUTH_H
#include <libpq/pqcomm.h> #include "libpq/libpq-be.h"
/*---------------------------------------------------------------- /*----------------------------------------------------------------
* Common routines and definitions * Common routines and definitions
*---------------------------------------------------------------- *----------------------------------------------------------------
*/ */
/* what we call "no authentication system" */ void be_recvauth(Port *port);
#define UNAUTHNAME "unauth" void auth_failed(Port *port);
/* what a frontend uses by default */
#if !defined(KRB4) && !defined(KRB5)
#define DEFAULT_CLIENT_AUTHSVC UNAUTHNAME
#else /* KRB4 || KRB5 */
#define DEFAULT_CLIENT_AUTHSVC "kerberos"
#endif /* KRB4 || KRB5 */
extern int fe_sendauth(MsgType msgtype, Port *port, char *hostname);
extern void fe_setauthsvc(char *name);
extern MsgType fe_getauthsvc();
extern char *fe_getauthname(void);
extern int be_recvauth(MsgType msgtype, Port *port, char *username, StartupInfo *sp);
extern void be_setauthsvc(char *name);
/* the value that matches any dbName value when doing
host based authentication*/
#define ALL_DBNAME "*"
#define PG_KRB4_VERSION "PGVER4.1" /* at most KRB_SENDAUTH_VLEN chars */ #define PG_KRB4_VERSION "PGVER4.1" /* at most KRB_SENDAUTH_VLEN chars */
#define PG_KRB5_VERSION "PGVER5.1" #define PG_KRB5_VERSION "PGVER5.1"
......
src/include/libpq/crypt.h
View file @ d5bbe2ac
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
#ifndef PG_CRYPT_H #ifndef PG_CRYPT_H
#define PG_CRYPT_H #define PG_CRYPT_H
#include <libpq/pqcomm.h> #include <libpq/libpq-be.h>
#define CRYPT_PWD_FILE "pg_pwd" #define CRYPT_PWD_FILE "pg_pwd"
#define CRYPT_PWD_FILE_SEPCHAR "'\\t'" #define CRYPT_PWD_FILE_SEPCHAR "'\\t'"
...@@ -21,7 +21,9 @@ extern int pwd_cache_count; ...@@ -21,7 +21,9 @@ extern int pwd_cache_count;
extern char* crypt_getpwdfilename(void); extern char* crypt_getpwdfilename(void);
extern char* crypt_getpwdreloadfilename(void); extern char* crypt_getpwdreloadfilename(void);
#ifdef 0
extern MsgType crypt_salt(const char* user); extern MsgType crypt_salt(const char* user);
#endif
extern int crypt_verify(Port* port, const char* user, const char* pgpass); extern int crypt_verify(Port* port, const char* user, const char* pgpass);
#endif #endif
src/include/libpq/hba.h
View file @ d5bbe2ac
...@@ -4,14 +4,17 @@ ...@@ -4,14 +4,17 @@
* Interface to hba.c * Interface to hba.c
* *
* *
* $Id: hba.h,v 1.6 1998/01/24 22:49:15 momjian Exp $ * $Id: hba.h,v 1.7 1998/01/26 01:42:15 scrappy Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
#ifndef HBA_H #ifndef HBA_H
#define HBA_H #define HBA_H
#include <libpq/pqcomm.h> #include <netinet/in.h>
#include "libpq/libpq-be.h"
#define CONF_FILE "pg_hba.conf" #define CONF_FILE "pg_hba.conf"
/* Name of the config file */ /* Name of the config file */
...@@ -28,7 +31,7 @@ ...@@ -28,7 +31,7 @@
#define MAX_TOKEN 80 #define MAX_TOKEN 80
/* Maximum size of one token in the configuration file */ /* Maximum size of one token in the configuration file */
#define USERMAP_NAME_SIZE 16 /* Max size of a usermap name */ #define MAX_AUTH_ARG 80 /* Max size of an authentication arg */
#define IDENT_PORT 113 #define IDENT_PORT 113
/* Standard TCP port number for Ident service. Assigned by IANA */ /* Standard TCP port number for Ident service. Assigned by IANA */
...@@ -36,18 +39,19 @@ ...@@ -36,18 +39,19 @@
#define IDENT_USERNAME_MAX 512 #define IDENT_USERNAME_MAX 512
/* Max size of username ident server can return */ /* Max size of username ident server can return */
enum Userauth typedef enum UserAuth {
{ uaReject,
Trust, Ident, uaKrb4,
Password uaKrb5,
}; uaTrust,
uaIdent,
extern int hba_recvauth(const Port *port, const char database[], const char user[], uaPassword,
const char DataDir[]); uaCrypt
void } UserAuth;
find_hba_entry(const char DataDir[], const struct in_addr ip_addr,
const char database[], int hba_getauthmethod(SockAddr *raddr, char *database, char *auth_arg,
bool *host_ok_p, enum Userauth * userauth_p, UserAuth *auth_method);
char usermap_name[], bool find_password_entries); int authident(struct sockaddr_in *raddr, struct sockaddr_in *laddr,
const char postgres_username[], const char auth_arg[]);
#endif #endif
src/include/libpq/libpq-be.h
View file @ d5bbe2ac
...@@ -7,45 +7,126 @@ ...@@ -7,45 +7,126 @@
* *
* Copyright (c) 1994, Regents of the University of California * Copyright (c) 1994, Regents of the University of California
* *
* $Id: libpq-be.h,v 1.8 1998/01/24 22:49:18 momjian Exp $ * $Id: libpq-be.h,v 1.9 1998/01/26 01:42:17 scrappy Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
#ifndef LIBPQ_BE_H #ifndef LIBPQ_BE_H
#define LIBPQ_BE_H #define LIBPQ_BE_H
#include <access/htup.h> #include <stdio.h>
#include <access/tupdesc.h> #include <sys/types.h>
#include <libpq/libpq.h>
/* ---------------- #include "libpq/pqcomm.h"
* include stuff common to fe and be #include "libpq/hba.h"
* ----------------
/* Protocol v0 password packet. */
typedef struct PasswordPacketV0 {
uint32 unused;
char data[288]; /* User and password as strings. */
} PasswordPacketV0;
/*
* Password packet. The length of the password can be changed without
* affecting anything.
*/ */
typedef struct PasswordPacket {
char passwd[100]; /* The password. */
} PasswordPacket;
/* Error message packet. */
typedef struct ErrorMessagePacket {
char data[1 + 100]; /* 'E' + the message. */
} ErrorMessagePacket;
/* Authentication request packet. */
typedef struct AuthRequestPacket {
char data[1 + sizeof (AuthRequest) + 2]; /* 'R' + the request + optional salt. */
} AuthRequestPacket;
/* These are used by the packet handling routines. */
typedef enum {
Idle,
ReadingPacketLength,
ReadingPacket,
WritingPacket
} PacketState;
/* ---------------- typedef struct Packet {
* declarations for backend libpq support routines PacketState state; /* What's in progress. */
* ---------------- PacketLen len; /* Actual length */
int nrtodo; /* Bytes still to transfer */
char *ptr; /* Buffer pointer */
void (*iodone)(); /* I/O complete callback */
char *arg; /* Argument to callback */
/* A union of all the different packets. */
union {
/* These are outgoing so have no packet length prepended. */
ErrorMessagePacket em;
AuthRequestPacket ar;
/* These are incoming and have a packet length prepended. */
StartupPacket si;
PasswordPacketV0 pwv0;
PasswordPacket pw;
} pkt;
} Packet;
/*
* This is used by the postmaster in its communication with frontends. It is
* contains all state information needed during this communication before the
* backend is run.
*/ */
typedef struct Port {
int sock; /* File descriptor */
Packet pktInfo; /* For the packet handlers */
SockAddr laddr; /* local addr (us) */
SockAddr raddr; /* remote addr (them) */
char salt[2]; /* Password salt */
/*
* Information that needs to be held during the fe/be authentication
* handshake.
*/
ProtocolVersion proto;
char database[SM_DATABASE + 1];
char user[SM_USER + 1];
char options[SM_OPTIONS + 1];
char tty[SM_TTY + 1];
char auth_arg[MAX_AUTH_ARG];
UserAuth auth_method;
} Port;
/* in be-dumpdata.c */
extern void be_portalinit(void);
extern void be_portalpush(PortalEntry *entry);
extern PortalEntry *be_portalpop(void);
extern PortalEntry *be_currentportal(void);
extern PortalEntry *be_newportal(void);
extern void be_typeinit(PortalEntry *entry, TupleDesc attrs,
int natts);
extern void be_printtup(HeapTuple tuple, TupleDesc typeinfo);
/* in be-pqexec.c */
extern char * PQfn(int fnid, int *result_buf, int result_len, int result_is_int,
PQArgBlock *args, int nargs);
extern char *PQexec(char *query);
extern int pqtest_PQexec(char *q);
extern int pqtest_PQfn(char *q);
extern int32 pqtest(struct varlena * vlena);
extern FILE *Pfout, *Pfin;
extern int PQAsyncNotifyWaiting;
extern ProtocolVersion FrontendProtocol;
/*
* prototypes for functions in pqpacket.c
*/
void PacketReceiveSetup(Packet *pkt, void (*iodone)(), char *arg);
int PacketReceiveFragment(Packet *pkt, int sock);
void PacketSendSetup(Packet *pkt, int nbytes, void (*iodone)(), char *arg);
int PacketSendFragment(Packet *pkt, int sock);
void PacketSendError(Packet *pkt, char *errormsg);
#endif /* LIBPQ_BE_H */ #endif /* LIBPQ_BE_H */
src/include/libpq/libpq.h
View file @ d5bbe2ac
...@@ -6,20 +6,19 @@ ...@@ -6,20 +6,19 @@
* *
* Copyright (c) 1994, Regents of the University of California * Copyright (c) 1994, Regents of the University of California
* *
* $Id: libpq.h,v 1.9 1998/01/24 22:49:21 momjian Exp $ * $Id: libpq.h,v 1.10 1998/01/26 01:42:18 scrappy Exp $
*
* NOTES
* This file contains definitions for structures and
* externs for functions used by both frontend applications
* and the POSTGRES backend. See the files libpq-fe.h and
* libpq-be.h for frontend/backend specific information
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
#ifndef LIBPQ_H #ifndef LIBPQ_H
#define LIBPQ_H #define LIBPQ_H
#include <libpq/pqcomm.h> #include <netinet/in.h>
#include "libpq/libpq-be.h"
#include "access/htup.h"
#include "access/tupdesc.h"
/* ---------------- /* ----------------
* PQArgBlock -- * PQArgBlock --
...@@ -228,6 +227,27 @@ extern int pbuf_findFnumber(GroupBuffer *group, char *field_name); ...@@ -228,6 +227,27 @@ extern int pbuf_findFnumber(GroupBuffer *group, char *field_name);
extern void pbuf_checkFnumber(GroupBuffer *group, int field_number); extern void pbuf_checkFnumber(GroupBuffer *group, int field_number);
extern char *pbuf_findFname(GroupBuffer *group, int field_number); extern char *pbuf_findFname(GroupBuffer *group, int field_number);
/* in be-dumpdata.c */
extern void be_portalinit(void);
extern void be_portalpush(PortalEntry *entry);
extern PortalEntry *be_portalpop(void);
extern PortalEntry *be_currentportal(void);
extern PortalEntry *be_newportal(void);
extern void
be_typeinit(PortalEntry *entry, TupleDesc attrs,
int natts);
extern void be_printtup(HeapTuple tuple, TupleDesc typeinfo);
/* in be-pqexec.c */
extern char *
PQfn(int fnid, int *result_buf, int result_len, int result_is_int,
PQArgBlock *args, int nargs);
extern char *PQexec(char *query);
extern int pqtest_PQexec(char *q);
extern int pqtest_PQfn(char *q);
extern int32 pqtest(struct varlena * vlena);
/* /*
* prototypes for functions in pqcomm.c * prototypes for functions in pqcomm.c
*/ */
......
src/include/libpq/password.h
View file @ d5bbe2ac
#ifndef PASSWORD_H #ifndef PASSWORD_H
#define PASSWORD_H #define PASSWORD_H
#include <libpq/hba.h> int verify_password(char *auth_arg, char *user, char *password);
#include <libpq/pqcomm.h>
#define PWFILE_NAME_SIZE USERMAP_NAME_SIZE
int
verify_password(char *user, char *password, Port *port,
char *database, char *DataDir);
#endif #endif
src/include/libpq/pqcomm.h
View file @ d5bbe2ac
/*------------------------------------------------------------------------- /*-------------------------------------------------------------------------
* *
* pqcomm.h-- * pqcomm.h--
* Parameters for the communication module * Definitions common to frontends and backends.
* *
* *
* Copyright (c) 1994, Regents of the University of California * Copyright (c) 1994, Regents of the University of California
* *
* $Id: pqcomm.h,v 1.18 1998/01/24 22:49:23 momjian Exp $ * $Id: pqcomm.h,v 1.19 1998/01/26 01:42:21 scrappy Exp $
*
* NOTES
* Some of this should move to libpq.h
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
...@@ -18,134 +15,105 @@ ...@@ -18,134 +15,105 @@
#include <stdio.h> #include <stdio.h>
#include <sys/types.h> #include <sys/types.h>
#include <netinet/in.h> #include <sys/socket.h>
#include <sys/un.h> #include <sys/un.h>
#include <netinet/in.h>
#include "c.h"
/* Define a generic socket address type. */
typedef union SockAddr {
struct sockaddr sa;
struct sockaddr_in in;
struct sockaddr_un un;
} SockAddr;
/* Configure the UNIX socket address for the well known port. */
#define UNIXSOCK_PATH(sun,port) \
(sprintf((sun).sun_path, "/tmp/.s.PGSQL.%d", (port)) + \
sizeof ((sun).sun_family))
/*
* These manipulate the frontend/backend protocol version number.
*
* The major number should be incremented for incompatible changes. The minor
* number should be incremented for compatible changes (eg. additional
* functionality).
*
* If a backend supports version m.n of the protocol it must actually support
* versions m.0..n]. Backend support for version m-1 can be dropped after a
* `reasonable' length of time.
*
* A frontend isn't required to support anything other than the current
* version.
*/
#define PG_PROTOCOL_MAJOR(v) ((v) >> 16)
#define PG_PROTOCOL_MINOR(v) ((v) & 0x0000ffff)
#define PG_PROTOCOL(m,n) (((m) << 16) | (n))
/* The earliest and latest frontend/backend protocol version supported. */
#define PG_PROTOCOL_EARLIEST PG_PROTOCOL(0,0)
#define PG_PROTOCOL_LATEST PG_PROTOCOL(1,0)
/* /*
* startup msg parameters: path length, argument string length * All packets sent to the postmaster start with the length. This is omitted
* from the different packet definitions specified below.
*/ */
#define PATH_SIZE 64
#define ARGV_SIZE 64
#define UNIXSOCK_PATH(sun,port) \
sprintf(sun.sun_path,"/tmp/.s.PGSQL.%d",port) + sizeof(sun.sun_family) + 1;
/* The various kinds of startup messages are for the various kinds of
user authentication systems. In the beginning, there was only
STARTUP_MSG and all connections were unauthenticated. Now, there are
several choices of authentication method (the client picks one, but
the server needn't necessarily accept it). So now, the STARTUP_MSG
message means to start either an unauthenticated or a host-based
authenticated connection, depending on what the server prefers. This
is possible because the protocol between server and client is the same
in both cases (basically, no negotiation is required at all).
*/
typedef enum _MsgType
{
ACK_MSG = 0, /* acknowledge a message */
ERROR_MSG = 1, /* error response to client from server */
RESET_MSG = 2, /* client must reset connection */
PRINT_MSG = 3, /* tuples for client from server */
NET_ERROR = 4, /* error in net system call */
FUNCTION_MSG = 5, /* fastpath call (unused) */
QUERY_MSG = 6, /* client query to server */
STARTUP_MSG = 7, /* initialize a connection with a backend */
DUPLICATE_MSG = 8, /* duplicate msg arrived (errors msg only) */
INVALID_MSG = 9, /* for some control functions */
STARTUP_KRB4_MSG = 10, /* krb4 session follows startup packet */
STARTUP_KRB5_MSG = 11, /* krb5 session follows startup packet */
STARTUP_HBA_MSG = 12, /* use host-based authentication */
STARTUP_UNAUTH_MSG = 13, /* use unauthenticated connection */
STARTUP_PASSWORD_MSG = 14, /* use plaintext password authentication */
/* The following three are not really a named authentication method
* since the front end has no choice in choosing the method. The
* backend sends the SALT/UNSALT messages back to the frontend after
* the USER login has been given to the backend.
*/
STARTUP_CRYPT_MSG = 15, /* use crypt()'ed password authentication */
STARTUP_USER_MSG = 16, /* send user name to check pg_user for password */
STARTUP_SALT_MSG = 17, /* frontend should crypt the password it sends */
STARTUP_UNSALT_MSG = 18 /* frontend should NOT crypt the password it sends */
/* insert new values here -- DO NOT REORDER OR DELETE ENTRIES */
/* also change LAST_AUTHENTICATION_TYPE below and add to the */
/* authentication_type_name[] array in pqcomm.c */
} MsgType;
#define LAST_AUTHENTICATION_TYPE 14
typedef char *Addr;
typedef int PacketLen; /* packet length */
typedef struct StartupInfo
{
/* PacketHdr hdr; */
char database[PATH_SIZE]; /* database name */
char user[NAMEDATALEN]; /* user name */
char options[ARGV_SIZE]; /* possible additional args */
char execFile[ARGV_SIZE]; /* possible backend to use */
char tty[PATH_SIZE]; /* possible tty for debug output */
} StartupInfo;
/* amount of available data in a packet buffer */
#define MESSAGE_SIZE sizeof(StartupInfo)
/* I/O can be blocking or non-blocking */
#define BLOCKING (FALSE)
#define NON_BLOCKING (TRUE)
/* a PacketBuf gets shipped from client to server so be careful
of differences in representation.
Be sure to use htonl() and ntohl() on the len and msgtype fields! */
typedef struct PacketBuf
{
int len;
MsgType msgtype;
char data[MESSAGE_SIZE];
} PacketBuf;
/* update the conversion routines
StartupInfo2PacketBuf() and PacketBuf2StartupInfo() (decl. below)
if StartupInfo or PacketBuf structs ever change */
typedef uint32 PacketLen;
/* /*
* socket descriptor port * Startup message parameters sizes. These must not be changed without changing
* we need addresses of both sides to do authentication calls * the protcol version. These are all strings that are '\0' terminated only if
* there is room.
*/ */
typedef struct Port
{ #define SM_DATABASE 64
int sock; /* file descriptor */ #define SM_USER 32
int mask; /* select mask */ #define SM_OPTIONS 64
int nBytes; /* nBytes read in so far */ #define SM_UNUSED 64
/* local addr (us) */ #define SM_TTY 64
union { struct sockaddr_in in; struct sockaddr_un un; } laddr;
/* remote addr (them) */ typedef uint32 ProtocolVersion; /* Fe/Be protocol version nr. */
union { struct sockaddr_in in; struct sockaddr_un un; } raddr;
/* typedef struct StartupPacket {
* PacketBufId id; ProtocolVersion protoVersion; /* Protocol version */
*//* id of packet buf currently in use */ char database[SM_DATABASE]; /* Database name */
PacketBuf buf; /* stream implementation (curr pack buf) */ char user[SM_USER]; /* User name */
char salt[2]; char options[SM_OPTIONS]; /* Optional additional args */
} Port; char unused[SM_UNUSED]; /* Unused */
char tty[SM_TTY]; /* Tty for debug output */
/* invalid socket descriptor */ } StartupPacket;
#define INVALID_SOCK (-1)
#define INVALID_ID (-1) /* These are the authentication requests sent by the backend. */
#define MAX_CONNECTIONS 10
#define N_PACK_BUFS 20 #define AUTH_REQ_OK 0 /* User is authenticated */
#define AUTH_REQ_KRB4 1 /* Kerberos V4 */
/* no multi-packet messages yet */ #define AUTH_REQ_KRB5 2 /* Kerberos V5 */
#define MAX_PACKET_BACKLOG 1 #define AUTH_REQ_PASSWORD 3 /* Password */
#define AUTH_REQ_CRYPT 4 /* Encrypted password */
#define DEFAULT_STRING ""
typedef uint32 AuthRequest;
extern FILE *Pfout,
*Pfin;
extern int PQAsyncNotifyWaiting; /* This next section is to maintain compatibility with protocol v0.0. */
#define STARTUP_MSG 7 /* Initialise a connection */
#define STARTUP_KRB4_MSG 10 /* krb4 session follows */
#define STARTUP_KRB5_MSG 11 /* krb5 session follows */
#define STARTUP_PASSWORD_MSG 14 /* Password follows */
typedef ProtocolVersion MsgType;
/* in pqcompriv.c */ /* in pqcompriv.c */
int pqGetShort(int *, FILE *); int pqGetShort(int *, FILE *);
...@@ -160,15 +128,4 @@ int pqPutNBytes(const char *, size_t, FILE *); ...@@ -160,15 +128,4 @@ int pqPutNBytes(const char *, size_t, FILE *);
int pqPutString(const char *, FILE *); int pqPutString(const char *, FILE *);
int pqPutByte(int, FILE *); int pqPutByte(int, FILE *);
/*
* prototypes for functions in pqpacket.c
*/
extern int PacketReceive(Port *port, PacketBuf *buf, char nonBlocking);
extern int PacketSend(Port *port, PacketBuf *buf,
PacketLen len, char nonBlocking);
/* extern PacketBuf* StartupInfo2PacketBuf(StartupInfo*); */
/* extern StartupInfo* PacketBuf2StartupInfo(PacketBuf*); */
extern char *name_of_authentication_type(int type);
#endif /* PQCOMM_H */ #endif /* PQCOMM_H */
src/interfaces/libpq/Makefile.in
View file @ d5bbe2ac
...@@ -7,10 +7,13 @@ ...@@ -7,10 +7,13 @@
# #
# #
# IDENTIFICATION # IDENTIFICATION
# $Header: /cvsroot/pgsql/src/interfaces/libpq/Attic/Makefile.in,v 1.4 1998/01/17 23:39:11 scrappy Exp $ # $Header: /cvsroot/pgsql/src/interfaces/libpq/Attic/Makefile.in,v 1.5 1998/01/26 01:42:24 scrappy Exp $
# #
#------------------------------------------------------------------------- #-------------------------------------------------------------------------
SO_MAJOR_VERSION=1
SO_MINOR_VERSION=1
SRCDIR= ../.. SRCDIR= ../..
include $(SRCDIR)/Makefile.global include $(SRCDIR)/Makefile.global
...@@ -19,7 +22,7 @@ INCLUDE_OPT= -I$(SRCDIR)/include -I$(SRCDIR)/backend ...@@ -19,7 +22,7 @@ INCLUDE_OPT= -I$(SRCDIR)/include -I$(SRCDIR)/backend
PORTNAME=@PORTNAME@ PORTNAME=@PORTNAME@
CFLAGS+= $(INCLUDE_OPT) CFLAGS+= $(INCLUDE_OPT) -DFRONTEND
ifdef KRBVERS ifdef KRBVERS
CFLAGS+= $(KRBFLAGS) CFLAGS+= $(KRBFLAGS)
...@@ -34,20 +37,20 @@ install-shlib-dep := ...@@ -34,20 +37,20 @@ install-shlib-dep :=
ifeq ($(PORTNAME), linux) ifeq ($(PORTNAME), linux)
ifdef LINUX_ELF ifdef LINUX_ELF
install-shlib-dep := install-shlib install-shlib-dep := install-shlib
shlib := libpq.so.1 shlib := libpq.so.$(SO_MAJOR_VERSION).$(SO_MINOR_VERSION)
LDFLAGS_SL = -shared LDFLAGS_SL = -shared
CFLAGS += $(CFLAGS_SL) CFLAGS += $(CFLAGS_SL)
endif endif
endif endif
ifeq ($(PORTNAME), bsd) ifeq ($(PORTNAME), bsd)
install-shlib-dep := install-shlib install-shlib-dep := install-shlib
shlib := libpq.so.1.0 shlib := libpq.so.$(SO_MAJOR_VERSION).$(SO_MINOR_VERSION)
LDFLAGS_SL = -x -Bshareable -Bforcearchive LDFLAGS_SL = -x -Bshareable -Bforcearchive
CFLAGS += $(CFLAGS_SL) CFLAGS += $(CFLAGS_SL)
endif endif
ifeq ($(PORTNAME), i386_solaris) ifeq ($(PORTNAME), i386_solaris)
install-shlib-dep := install-shlib install-shlib-dep := install-shlib
shlib := libpq.so.1 shlib := libpq.so.$(SO_MAJOR_VERSION).$(SO_MINOR_VERSION)
LDFLAGS_SL = -G -z text LDFLAGS_SL = -G -z text
CFLAGS += $(CFLAGS_SL) CFLAGS += $(CFLAGS_SL)
endif endif
......
src/interfaces/libpq/fe-auth.c
View file @ d5bbe2ac
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.12 1997/12/04 00:28:08 scrappy Exp $ * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.13 1998/01/26 01:42:25 scrappy Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
...@@ -42,6 +42,11 @@ ...@@ -42,6 +42,11 @@
#include "fe-auth.h" #include "fe-auth.h"
#include "fe-connect.h" #include "fe-connect.h"
#ifdef HAVE_CRYPT_H
#include <crypt.h>
#endif
/*---------------------------------------------------------------- /*----------------------------------------------------------------
* common definitions for generic fe/be routines * common definitions for generic fe/be routines
*---------------------------------------------------------------- *----------------------------------------------------------------
...@@ -457,49 +462,49 @@ pg_krb5_sendauth(const char *PQerrormsg, int sock, ...@@ -457,49 +462,49 @@ pg_krb5_sendauth(const char *PQerrormsg, int sock,
#endif /* KRB5 */ #endif /* KRB5 */
static int static int
pg_password_sendauth(Port *port, const char *user, const char *password) pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq)
{ {
PacketBuf buf; /* Encrypt the password if needed. */
char *tmp;
buf.len = htonl(sizeof(PacketBuf)); if (areq == AUTH_REQ_CRYPT)
buf.msgtype = STARTUP_PASSWORD_MSG; password = crypt(password, conn->salt);
buf.data[0] = '\0';
tmp = buf.data; return packetSend(conn, password, strlen(password) + 1);
strncpy(tmp, user, strlen(user) + 1);
tmp += strlen(user) + 1;
strncpy(tmp, password, strlen(password) + 1);
return packetSend(port, &buf, sizeof(PacketBuf), BLOCKING);
} }
/* /*
* fe_sendauth -- client demux routine for outgoing authentication information * fe_sendauth -- client demux routine for outgoing authentication information
*/ */
int int
fe_sendauth(MsgType msgtype, Port *port, const char *hostname, fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname,
const char *user, const char *password, const char *PQerrormsg) const char *password, const char *PQerrormsg)
{ {
switch (msgtype) switch (areq)
{ {
case AUTH_REQ_OK:
break;
case AUTH_REQ_KRB4:
#ifdef KRB4 #ifdef KRB4
case STARTUP_KRB4_MSG: if (pg_krb4_sendauth(PQerrormsg, conn->sock, &conn->laddr.in,
if (pg_krb4_sendauth(PQerrormsg, port->sock, &port->laddr, &conn->raddr.in,
&port->raddr,
hostname) != STATUS_OK) hostname) != STATUS_OK)
{ {
(void) sprintf(PQerrormsg, (void) sprintf(PQerrormsg,
"fe_sendauth: krb4 authentication failed\n"); "fe_sendauth: krb4 authentication failed\n");
/* fputs(PQerrormsg, stderr); */
return (STATUS_ERROR); return (STATUS_ERROR);
} }
break; break;
#else
(void)sprintf(PQerrormsg,
"fe_sendauth: krb4 authentication not supported\n");
return (STATUS_ERROR);
#endif #endif
case AUTH_REQ_KRB5:
#ifdef KRB5 #ifdef KRB5
case STARTUP_KRB5_MSG: if (pg_krb5_sendauth(PQerrormsg, conn->sock, &conn->laddr.in,
if (pg_krb5_sendauth(PQerrormsg, port->sock, &port->laddr, &conn->raddr.in,
&port->raddr,
hostname) != STATUS_OK) hostname) != STATUS_OK)
{ {
(void) sprintf(PQerrormsg, (void) sprintf(PQerrormsg,
...@@ -507,15 +512,29 @@ fe_sendauth(MsgType msgtype, Port *port, const char *hostname, ...@@ -507,15 +512,29 @@ fe_sendauth(MsgType msgtype, Port *port, const char *hostname,
return (STATUS_ERROR); return (STATUS_ERROR);
} }
break; break;
#else
(void)sprintf(PQerrormsg,
"fe_sendauth: krb5 authentication not supported\n");
return (STATUS_ERROR);
#endif #endif
case STARTUP_MSG:
break; case AUTH_REQ_PASSWORD:
case STARTUP_PASSWORD_MSG: case AUTH_REQ_CRYPT:
case STARTUP_CRYPT_MSG: if (pg_password_sendauth(conn, password, areq) != STATUS_OK)
pg_password_sendauth(port, user, password); {
default: (void)sprintf(PQerrormsg,
break; "fe_sendauth: error sending password authentication\n");
} return (STATUS_ERROR);
}
break;
default:
(void)sprintf(PQerrormsg,
"fe_sendauth: authentication type %u not supported\n",areq);
return (STATUS_ERROR);
}
return (STATUS_OK); return (STATUS_OK);
} }
......
src/interfaces/libpq/fe-auth.h
View file @ d5bbe2ac
...@@ -6,13 +6,16 @@ ...@@ -6,13 +6,16 @@
* *
* Copyright (c) 1994, Regents of the University of California * Copyright (c) 1994, Regents of the University of California
* *
* $Id: fe-auth.h,v 1.6 1997/09/08 21:55:35 momjian Exp $ * $Id: fe-auth.h,v 1.7 1998/01/26 01:42:26 scrappy Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
#ifndef FE_AUTH_H #ifndef FE_AUTH_H
#define FE_AUTH_H #define FE_AUTH_H
#include "libpq-fe.h"
/*---------------------------------------------------------------- /*----------------------------------------------------------------
* Common routines and definitions * Common routines and definitions
*---------------------------------------------------------------- *----------------------------------------------------------------
...@@ -29,9 +32,8 @@ ...@@ -29,9 +32,8 @@
#endif /* KRB4 || KRB5 */ #endif /* KRB4 || KRB5 */
extern int extern int
fe_sendauth(MsgType msgtype, Port *port, const char *hostname, fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname,
const char *user, const char *password, const char *password, const char *PQerromsg);
const char *PQerromsg);
extern void fe_setauthsvc(const char *name, char *PQerrormsg); extern void fe_setauthsvc(const char *name, char *PQerrormsg);
#define PG_KRB4_VERSION "PGVER4.1" /* at most KRB_SENDAUTH_VLEN chars */ #define PG_KRB4_VERSION "PGVER4.1" /* at most KRB_SENDAUTH_VLEN chars */
......
src/interfaces/libpq/fe-connect.c
View file @ d5bbe2ac
This diff is collapsed.
src/interfaces/libpq/fe-connect.h
View file @ d5bbe2ac
...@@ -6,26 +6,23 @@ ...@@ -6,26 +6,23 @@
* *
* Copyright (c) 1994, Regents of the University of California * Copyright (c) 1994, Regents of the University of California
* *
* $Id: fe-connect.h,v 1.5 1997/12/04 00:28:13 scrappy Exp $ * $Id: fe-connect.h,v 1.6 1998/01/26 01:42:30 scrappy Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
#ifndef FE_CONNECT_H #ifndef FE_CONNECT_H
#define FE_CONNECT_H #define FE_CONNECT_H
#include <sys/types.h>
#include "libpq-fe.h"
/*---------------------------------------------------------------- /*----------------------------------------------------------------
* Common routines and definitions * Common routines and definitions
*---------------------------------------------------------------- *----------------------------------------------------------------
*/ */
extern int packetSend(Port *port, PacketBuf *buf, PacketLen len, bool nonBlocking); int packetSend(PGconn *conn, char *buf, size_t len);
extern int packetReceive(Port *port, PacketBuf *buf, bool nonBlocking);
#endif /* FE_CONNECT_H */ #endif /* FE_CONNECT_H */
#ifndef FE_CONNECT_H
#define FE_CONNECT_H
int packetSend(Port *port, PacketBuf *buf, PacketLen len, bool nonBlocking);
int packetReceive(Port *port, PacketBuf *buf, bool nonBlocking);
#endif
src/interfaces/libpq/fe-exec.c
View file @ d5bbe2ac
...@@ -7,7 +7,7 @@ ...@@ -7,7 +7,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-exec.c,v 1.45 1997/12/23 20:00:06 thomas Exp $ * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-exec.c,v 1.46 1998/01/26 01:42:35 scrappy Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
...@@ -168,7 +168,7 @@ getTuple(PGconn *conn, PGresult *result, int binary) ...@@ -168,7 +168,7 @@ getTuple(PGconn *conn, PGresult *result, int binary)
if ((nfields % BYTELEN) > 0) if ((nfields % BYTELEN) > 0)
nbytes++; nbytes++;
if (pqGetnchar(bitmap, nbytes, pfin, pfdebug) == 1) if (nbytes >= MAX_FIELDS || pqGetnchar(bitmap, nbytes, pfin, pfdebug) == 1)
{ {
sprintf(conn->errorMessage, sprintf(conn->errorMessage,
"Error reading null-values bitmap from row data stream\n"); "Error reading null-values bitmap from row data stream\n");
...@@ -189,10 +189,10 @@ getTuple(PGconn *conn, PGresult *result, int binary) ...@@ -189,10 +189,10 @@ getTuple(PGconn *conn, PGresult *result, int binary)
else else
{ {
/* get the value length (the first four bytes are for length) */ /* get the value length (the first four bytes are for length) */
pqGetInt(&vlen, VARHDRSZ, pfin, pfdebug); pqGetInt(&vlen, 4, pfin, pfdebug);
if (binary == 0) if (binary == 0)
{ {
vlen = vlen - VARHDRSZ; vlen = vlen - 4;
} }
if (vlen < 0) if (vlen < 0)
vlen = 0; vlen = 0;
......
src/interfaces/libpq/fe-misc.c
View file @ d5bbe2ac
...@@ -11,7 +11,7 @@ ...@@ -11,7 +11,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-misc.c,v 1.8 1997/09/08 21:55:44 momjian Exp $ * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-misc.c,v 1.9 1998/01/26 01:42:36 scrappy Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
...@@ -51,38 +51,28 @@ pqGetc(FILE *fin, FILE *debug) ...@@ -51,38 +51,28 @@ pqGetc(FILE *fin, FILE *debug)
int int
pqPutnchar(const char *s, int len, FILE *f, FILE *debug) pqPutnchar(const char *s, int len, FILE *f, FILE *debug)
{ {
if (f == NULL)
return 1;
if (debug) if (debug)
fprintf(debug, "To backend> %s\n", s); fprintf(debug, "To backend> %s\n", s);
if (fwrite(s, 1, len, f) != len) return (pqPutNBytes(s, len, f) == EOF ? 1 : 0);
return 1;
return 0;
} }
/* --------------------------------------------------------------------- */ /* --------------------------------------------------------------------- */
/* pqGetnchar: /* pqGetnchar:
get a string of exactly len length from stream f get a string of exactly len bytes in buffer s (which must be 1 byte
longer) from stream f and terminate it with a '\0'.
*/ */
int int
pqGetnchar(char *s, int len, FILE *f, FILE *debug) pqGetnchar(char *s, int len, FILE *f, FILE *debug)
{ {
int cnt; int status;
if (f == NULL)
return 1;
cnt = fread(s, 1, len, f); status = pqGetNBytes(s, len, f);
s[cnt] = '\0';
/* mjl: actually needs up to len+1 bytes, is this okay? XXX */
if (debug) if (debug)
fprintf(debug, "From backend (%d)> %s\n", len, s); fprintf(debug, "From backend (%d)> %s\n", len, s);
return 0; return (status == EOF ? 1 : 0);
} }
/* --------------------------------------------------------------------- */ /* --------------------------------------------------------------------- */
...@@ -92,21 +82,14 @@ pqGetnchar(char *s, int len, FILE *f, FILE *debug) ...@@ -92,21 +82,14 @@ pqGetnchar(char *s, int len, FILE *f, FILE *debug)
int int
pqGets(char *s, int len, FILE *f, FILE *debug) pqGets(char *s, int len, FILE *f, FILE *debug)
{ {
int c; int status;
const char *str = s;
if (f == NULL)
return 1;
while (len-- && (c = getc(f)) != EOF && c) status = pqGetString(s, len, f);
*s++ = c;
*s = '\0';
/* mjl: actually needs up to len+1 bytes, is this okay? XXX */
if (debug) if (debug)
fprintf(debug, "From backend> \"%s\"\n", str); fprintf(debug, "From backend> \"%s\"\n", s);
return 0; return (status == EOF ? 1 : 0);
} }
/* --------------------------------------------------------------------- */ /* --------------------------------------------------------------------- */
...@@ -173,20 +156,13 @@ pqGetInt(int *result, int bytes, FILE *f, FILE *debug) ...@@ -173,20 +156,13 @@ pqGetInt(int *result, int bytes, FILE *f, FILE *debug)
int int
pqPuts(const char *s, FILE *f, FILE *debug) pqPuts(const char *s, FILE *f, FILE *debug)
{ {
if (f == NULL) if (pqPutString(s, f) == EOF)
return 1; return 1;
if (fputs(s, f) == EOF)
return 1;
fputc('\0', f); /* important to send an ending \0 since
* backend expects it */
fflush(f); fflush(f);
if (debug) if (debug)
{
fprintf(debug, "To backend> %s\n", s); fprintf(debug, "To backend> %s\n", s);
}
return 0; return 0;
} }
......
src/interfaces/libpq/libpq-fe.h
View file @ d5bbe2ac
...@@ -6,7 +6,7 @@ ...@@ -6,7 +6,7 @@
* *
* Copyright (c) 1994, Regents of the University of California * Copyright (c) 1994, Regents of the University of California
* *
* $Id: libpq-fe.h,v 1.24 1997/12/04 00:28:15 scrappy Exp $ * $Id: libpq-fe.h,v 1.25 1998/01/26 01:42:37 scrappy Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
...@@ -138,13 +138,15 @@ extern "C" ...@@ -138,13 +138,15 @@ extern "C"
FILE *Pfin; FILE *Pfin;
FILE *Pfout; FILE *Pfout;
FILE *Pfdebug; FILE *Pfdebug;
void *port; /* really a Port* */ int sock; /* The socket */
SockAddr laddr; /* Local address */
SockAddr raddr; /* Remote address */
char salt[2];
int asyncNotifyWaiting; int asyncNotifyWaiting;
Dllist *notifyList; Dllist *notifyList;
char *pguser; /* Postgres username of user who is char *pguser; /* Postgres username of user who is
* connected */ * connected */
char *pgpass; char *pgpass;
char *pgauth;
PGlobjfuncs *lobjfuncs; /* Backend function OID's for large object PGlobjfuncs *lobjfuncs; /* Backend function OID's for large object
* access */ * access */
} PGconn; } PGconn;
......
src/man/createdb.1
View file @ d5bbe2ac
.\" This is -*-nroff-*- .\" This is -*-nroff-*-
.\" XXX standard disclaimer belongs here.... .\" XXX standard disclaimer belongs here....
.\" $Header: /cvsroot/pgsql/src/man/Attic/createdb.1,v 1.6 1998/01/11 22:17:23 momjian Exp $ .\" $Header: /cvsroot/pgsql/src/man/Attic/createdb.1,v 1.7 1998/01/26 01:42:42 scrappy Exp $
.TH CREATEDB UNIX 11/05/95 PostgreSQL PostgreSQL .TH CREATEDB UNIX 11/05/95 PostgreSQL PostgreSQL
.SH NAME .SH NAME
createdb - create a database createdb - create a database
...@@ -60,7 +60,7 @@ Specifies an authentication system ...@@ -60,7 +60,7 @@ Specifies an authentication system
.IR pgintro (1)) .IR pgintro (1))
to use in connecting to the to use in connecting to the
.IR postmaster .IR postmaster
process. The default is site-specific. process. This option no longer has any effect.
.TP .TP
.BR "-D" " dbpath" .BR "-D" " dbpath"
Specifies the alternate database location for this database. Specifies the alternate database location for this database.
...@@ -79,13 +79,13 @@ is listening for connections. Defaults to 5432, or the value of the ...@@ -79,13 +79,13 @@ is listening for connections. Defaults to 5432, or the value of the
environment variable (if set). environment variable (if set).
.SH EXAMPLES .SH EXAMPLES
.nf .nf
# create 5432 demo database # create the demo database using the postmaster on the local host, port 5432.
createdb demo createdb demo
.fi .fi
.nf .nf
# create the demo database using the postmaster on host eden, # create the demo database using the postmaster on host eden,
# port using the Kerberos authentication system. # port 5000.
createdb -a kerberos -p 5432 -h eden demo createdb -p 5000 -h eden demo
.fi .fi
.SH FILES .SH FILES
.TP 5n .TP 5n
......
src/man/createuser.1
View file @ d5bbe2ac
.\" This is -*-nroff-*- .\" This is -*-nroff-*-
.\" XXX standard disclaimer belongs here.... .\" XXX standard disclaimer belongs here....
.\" $Header: /cvsroot/pgsql/src/man/Attic/createuser.1,v 1.5 1998/01/11 22:17:23 momjian Exp $ .\" $Header: /cvsroot/pgsql/src/man/Attic/createuser.1,v 1.6 1998/01/26 01:42:44 scrappy Exp $
.TH CREATEUSER UNIX 11/05/95 PostgreSQL PostgreSQL .TH CREATEUSER UNIX 11/05/95 PostgreSQL PostgreSQL
.SH NAME .SH NAME
createuser - create a Postgres user createuser - create a Postgres user
...@@ -55,7 +55,7 @@ Specifies an authentication system ...@@ -55,7 +55,7 @@ Specifies an authentication system
.IR pgintro (1)) .IR pgintro (1))
to use in connecting to the to use in connecting to the
.IR postmaster .IR postmaster
process. The default is site-specific. process. This option no longer has any effect.
.TP .TP
.BR "-h" " host" .BR "-h" " host"
Specifies the hostname of the machine on which the Specifies the hostname of the machine on which the
......
src/man/destroydb.1
View file @ d5bbe2ac
.\" This is -*-nroff-*- .\" This is -*-nroff-*-
.\" XXX standard disclaimer belongs here.... .\" XXX standard disclaimer belongs here....
.\" $Header: /cvsroot/pgsql/src/man/Attic/destroydb.1,v 1.6 1998/01/11 22:17:25 momjian Exp $ .\" $Header: /cvsroot/pgsql/src/man/Attic/destroydb.1,v 1.7 1998/01/26 01:42:45 scrappy Exp $
.TH DESTROYDB UNIX 11/05/95 PostgreSQL PostgreSQL .TH DESTROYDB UNIX 11/05/95 PostgreSQL PostgreSQL
.SH NAME .SH NAME
destroydb - destroy an existing database destroydb - destroy an existing database
...@@ -65,7 +65,7 @@ Specifies an authentication system ...@@ -65,7 +65,7 @@ Specifies an authentication system
.IR pgintro (1)) .IR pgintro (1))
to use in connecting to the to use in connecting to the
.IR postmaster .IR postmaster
process. The default is site-specific. process. This option no longer has any effect.
.TP .TP
.BR "-h" " host" .BR "-h" " host"
Specifies the hostname of the machine on which the Specifies the hostname of the machine on which the
...@@ -85,9 +85,8 @@ environment variable (if set). ...@@ -85,9 +85,8 @@ environment variable (if set).
destroydb demo destroydb demo
.fi .fi
.nf .nf
# destroy 5432 demo database using the postmaster on host eden, # destroy the demo database using the postmaster on host eden, port 5000.
# port using the Kerberos authentication system. destroydb -p 5000 -h eden demo
destroydb -a kerberos -p 5432 -h eden demo
.fi .fi
.SH FILES .SH FILES
.TP 5n .TP 5n
......
src/man/destroyuser.1
View file @ d5bbe2ac
.\" This is -*-nroff-*- .\" This is -*-nroff-*-
.\" XXX standard disclaimer belongs here.... .\" XXX standard disclaimer belongs here....
.\" $Header: /cvsroot/pgsql/src/man/Attic/destroyuser.1,v 1.5 1998/01/11 22:17:25 momjian Exp $ .\" $Header: /cvsroot/pgsql/src/man/Attic/destroyuser.1,v 1.6 1998/01/26 01:42:46 scrappy Exp $
.TH DESTROYUSER UNIX 11/05/95 PostgreSQL PostgreSQL .TH DESTROYUSER UNIX 11/05/95 PostgreSQL PostgreSQL
.SH NAME .SH NAME
destroyuser - destroy a Postgres user and associated databases destroyuser - destroy a Postgres user and associated databases
...@@ -55,7 +55,7 @@ Specifies an authentication system ...@@ -55,7 +55,7 @@ Specifies an authentication system
.IR pgintro (1)) .IR pgintro (1))
to use in connecting to the to use in connecting to the
.IR postmaster .IR postmaster
process. The default is site-specific. process. This option no longer has any effect.
.TP .TP
.BR "-h" " host" .BR "-h" " host"
Specifies the hostname of the machine on which the Specifies the hostname of the machine on which the
......
src/man/libpq.3
View file @ d5bbe2ac
.\" This is -*-nroff-*- .\" This is -*-nroff-*-
.\" XXX standard disclaimer belongs here.... .\" XXX standard disclaimer belongs here....
.\" $Header: /cvsroot/pgsql/src/man/Attic/libpq.3,v 1.11 1997/12/04 20:26:31 momjian Exp $ .\" $Header: /cvsroot/pgsql/src/man/Attic/libpq.3,v 1.12 1998/01/26 01:42:47 scrappy Exp $
.TH LIBPQ INTRO 03/12/94 PostgreSQL PostgreSQL .TH LIBPQ INTRO 03/12/94 PostgreSQL PostgreSQL
.SH DESCRIPTION .SH DESCRIPTION
Libpq is the programmer's interface to Postgres. Libpq is a set of Libpq is the programmer's interface to Postgres. Libpq is a set of
...@@ -591,9 +591,9 @@ If the user has generated the appropriate authentication credentials ...@@ -591,9 +591,9 @@ If the user has generated the appropriate authentication credentials
.I Kerberos .I Kerberos
tickets), the frontend/backend authentication process is handled by tickets), the frontend/backend authentication process is handled by
.I PQexec .I PQexec
without any further intervention. The following routines may be without any further intervention. The authentication method is now
called by Libpq programs to tailor the behavior of the authentication determined entirely by the DBA (see pga_hba.conf(5)). The following
process. routines no longer have any effect and should not be used.
.PP .PP
.B fe_getauthname .B fe_getauthname
.IP .IP
......
src/man/pg_passwd.1
View file @ d5bbe2ac
.\" This is -*-nroff-*- .\" This is -*-nroff-*-
.\" XXX standard disclaimer belongs here.... .\" XXX standard disclaimer belongs here....
.\" $Header: /cvsroot/pgsql/src/man/Attic/pg_passwd.1,v 1.2 1998/01/11 22:17:48 momjian Exp $ .\" $Header: /cvsroot/pgsql/src/man/Attic/pg_passwd.1,v 1.3 1998/01/26 01:42:49 scrappy Exp $
.TH PG_PASSWD UNIX 11/05/95 PostgreSQL PostgreSQL .TH PG_PASSWD UNIX 11/05/95 PostgreSQL PostgreSQL
.SH NAME .SH NAME
pg_passwd - manipulate the flat password file pg_passwd - manipulate the flat password file
...@@ -80,7 +80,7 @@ The following lines show the sample usage of the option: ...@@ -80,7 +80,7 @@ The following lines show the sample usage of the option:
uses the new style of the Pg.pm like this: uses the new style of the Pg.pm like this:
.nf .nf
$conn = Pg::connectdb("host=hyalos authtype=password dbname=unv $conn = Pg::connectdb("host=hyalos dbname=unv
user=pg_guest password=xxxxxxx"); user=pg_guest password=xxxxxxx");
.fi .fi
...@@ -96,7 +96,7 @@ option thus: ...@@ -96,7 +96,7 @@ option thus:
.nf .nf
% set conn [pg_connect -conninfo \\ % set conn [pg_connect -conninfo \\
"host=hyalos authtype=password dbname=unv \\ "host=hyalos dbname=unv \\
user=pg_guest password=xxxxxxx "] user=pg_guest password=xxxxxxx "]
.fi .fi
......
src/man/pgintro.1
View file @ d5bbe2ac
.\" This is -*-nroff-*- .\" This is -*-nroff-*-
.\" XXX standard disclaimer belongs here.... .\" XXX standard disclaimer belongs here....
.\" $Header: /cvsroot/pgsql/src/man/Attic/pgintro.1,v 1.2 1998/01/11 22:17:50 momjian Exp $ .\" $Header: /cvsroot/pgsql/src/man/Attic/pgintro.1,v 1.3 1998/01/26 01:42:50 scrappy Exp $
.TH PGINTRO UNIX 11/05/95 PostgreSQL PostgreSQL .TH PGINTRO UNIX 11/05/95 PostgreSQL PostgreSQL
.SP INFORMATION UNIX 11/05/95 .SP INFORMATION UNIX 11/05/95
.BH "SECTION 2 - Unix COMMANDS (Unix)" .BH "SECTION 2 - Unix COMMANDS (Unix)"
...@@ -105,26 +105,15 @@ conducted. ...@@ -105,26 +105,15 @@ conducted.
If the Postgres system is built as distributed, access to the Internet If the Postgres system is built as distributed, access to the Internet
TCP port of the TCP port of the
.IR postmaster .IR postmaster
process is available to anyone. However, Postgres offers optional process is available to anyone. The DBA configures the pg_hba.conf file
host-based authentication where only access from certain hosts are in the PGDATA directory to specify what authentication system is to be used
allowed. Of course, host-based authentication is not fool-proof in according to the host making the connection and which database it is
connecting to. See pg_hba.conf(5) for a description of the authentication
systems available. Of course, host-based authentication is not fool-proof in
Unix, either. It is possible for determined intruders to also Unix, either. It is possible for determined intruders to also
masquerade the origination host. Those security issues are beyond the masquerade the origination host. Those security issues are beyond the
scope of Postgres. scope of Postgres.
.PP .PP
If greater security is desired, Postgres and its clients may be
modified to use a network authentication system. For example, the
.IR postmaster ,
.IR psql
and the
.IR libpq
library have already been configured to use either Version 4 or Version 5 of
the
.IR Kerberos
authentication system from the Massachusetts Institute of Technology.
For more information on using
.IR Kerberos
with Postgres, see the appendix below.
.SH "ACCESS CONTROL" .SH "ACCESS CONTROL"
Postgres provides mechanisms to allow users to limit the access to Postgres provides mechanisms to allow users to limit the access to
their data that is provided to other users. their data that is provided to other users.
......
src/man/postgres.1
View file @ d5bbe2ac
.\" This is -*-nroff-*- .\" This is -*-nroff-*-
.\" XXX standard disclaimer belongs here.... .\" XXX standard disclaimer belongs here....
.\" $Header: /cvsroot/pgsql/src/man/Attic/postgres.1,v 1.9 1998/01/11 22:17:51 momjian Exp $ .\" $Header: /cvsroot/pgsql/src/man/Attic/postgres.1,v 1.10 1998/01/26 01:42:51 scrappy Exp $
.TH POSTGRESQL UNIX 12/08/96 PostgreSQL PostgreSQL .TH POSTGRESQL UNIX 12/08/96 PostgreSQL PostgreSQL
.SH NAME .SH NAME
postgres - the Postgres backend server postgres - the Postgres backend server
...@@ -31,6 +31,9 @@ filedes] ...@@ -31,6 +31,9 @@ filedes]
[\c [\c
.BR "-e" .BR "-e"
] ]
[\c
.BR "-v protocol"
]
.br .br
[\c [\c
.BR "-d" .BR "-d"
...@@ -145,6 +148,10 @@ but debugging output is sent to the controlling tty of the ...@@ -145,6 +148,10 @@ but debugging output is sent to the controlling tty of the
Print time information and other statistics at the end of each query. Print time information and other statistics at the end of each query.
This is useful for benchmarking or for use in tuning the number of This is useful for benchmarking or for use in tuning the number of
buffers. buffers.
.TP
.BR "-v" " protocol"
Specifies the number of the frontend/backend protocol to be used for this
particular session.
.SH "DEPRECATED COMMAND OPTIONS" .SH "DEPRECATED COMMAND OPTIONS"
There are several other options that may be specified, used mainly There are several other options that may be specified, used mainly
for debugging purposes. These are listed here only for the use by for debugging purposes. These are listed here only for the use by
......
src/man/postmaster.1
View file @ d5bbe2ac
.\" This is -*-nroff-*- .\" This is -*-nroff-*-
.\" XXX standard disclaimer belongs here.... .\" XXX standard disclaimer belongs here....
.\" $Header: /cvsroot/pgsql/src/man/Attic/postmaster.1,v 1.10 1998/01/11 22:17:53 momjian Exp $ .\" $Header: /cvsroot/pgsql/src/man/Attic/postmaster.1,v 1.11 1998/01/26 01:42:52 scrappy Exp $
.TH POSTMASTER UNIX 11/05/95 PostgreSQL PostgreSQL .TH POSTMASTER UNIX 11/05/95 PostgreSQL PostgreSQL
.SH "NAME" .SH "NAME"
postmaster - run the Postgres postmaster postmaster - run the Postgres postmaster
...@@ -105,7 +105,7 @@ authentication, use ...@@ -105,7 +105,7 @@ authentication, use
to deny any unauthenticated to deny any unauthenticated
connections, use connections, use
.BR "-a nounauth . .BR "-a nounauth .
The default is site-specific. This option no longer has any effect.
.TP .TP
.BR "-b" " backend_pathname" .BR "-b" " backend_pathname"
.IR "backend_pathname" .IR "backend_pathname"
......
src/man/psql.1
View file @ d5bbe2ac
.\" This is -*-nroff-*- .\" This is -*-nroff-*-
.\" XXX standard disclaimer belongs here.... .\" XXX standard disclaimer belongs here....
.\" $Header: /cvsroot/pgsql/src/man/Attic/psql.1,v 1.22 1998/01/25 06:12:52 scrappy Exp $ .\" $Header: /cvsroot/pgsql/src/man/Attic/psql.1,v 1.23 1998/01/26 01:42:53 scrappy Exp $
.TH PSQL UNIX 1/20/96 PostgreSQL PostgreSQL .TH PSQL UNIX 1/20/96 PostgreSQL PostgreSQL
.SH NAME .SH NAME
psql - run the interactive query front-end psql - run the interactive query front-end
...@@ -125,7 +125,7 @@ Specifies an authentication system ...@@ -125,7 +125,7 @@ Specifies an authentication system
.IR pgintro (1)) .IR pgintro (1))
to use in connecting to the to use in connecting to the
.IR postmaster .IR postmaster
process. The default is site-specific. process. This option no longer has any effect.
.TP .TP
.BR "-A" .BR "-A"
Turn off fill justification when printing out table elements. Turn off fill justification when printing out table elements.
...@@ -221,7 +221,11 @@ tabular output. For example ...@@ -221,7 +221,11 @@ tabular output. For example
will give you tables with borders. will give you tables with borders.
.TP .TP
.BR "-u" .BR "-u"
Turns on username/password authentication. Asks the user for the user name and password before connecting to the database.
If the database does not require password authentication then these are
ignored. If the option i snot used (and the PGPASSWORD environment variable
is not set) and the database requires password authentication, then the
connection will fail. The user name is ignored anyway.
.TP .TP
.BR "-x" .BR "-x"
Turns on extended row format mode. When enabled each row will have its column Turns on extended row format mode. When enabled each row will have its column
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment