Skip to content

Commit 36f693e

Browse files
tglsfdctglsfdc
committed
Further work on elog cleanup: fix some bogosities in elog's logic about
when to send what to which, prevent recursion by introducing new COMMERROR elog level for client-communication problems, get rid of direct writes to stderr in backend/libpq files, prevent non-error elogs from going to client during the authentication cycle.
1 parent 5ab02fd commit 36f693e

File tree

14 files changed

+299
-489
lines changed

14 files changed

+299
-489
lines changed

src/backend/libpq/Makefile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
# Makefile for libpq subsystem (backend half of libpq interface)
55
#
66
# IDENTIFICATION
7-
# $Header: /cvsroot/pgsql/src/backend/libpq/Makefile,v 1.28 2001/11/13 22:06:58 momjian Exp $
7+
# $Header: /cvsroot/pgsql/src/backend/libpq/Makefile,v 1.29 2002/03/04 01:46:02 tgl Exp $
88
#
99
#-------------------------------------------------------------------------
1010

@@ -16,7 +16,7 @@ include $(top_builddir)/src/Makefile.global
1616

1717
OBJS = be-fsstubs.o \
1818
auth.o crypt.o hba.o md5.o password.o \
19-
pqcomm.o pqformat.o pqsignal.o util.o
19+
pqcomm.o pqformat.o pqsignal.o
2020

2121

2222
all: SUBSYS.o

src/backend/libpq/auth.c

Lines changed: 52 additions & 101 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.76 2002/03/02 21:39:25 momjian Exp $
11+
* $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.77 2002/03/04 01:46:02 tgl Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -105,45 +105,34 @@ pg_krb4_recvauth(Port *port)
105105
version);
106106
if (status != KSUCCESS)
107107
{
108-
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
109-
"pg_krb4_recvauth: kerberos error: %s\n",
110-
krb_err_txt[status]);
111-
fputs(PQerrormsg, stderr);
112-
pqdebug("%s", PQerrormsg);
108+
elog(LOG, "pg_krb4_recvauth: kerberos error: %s",
109+
krb_err_txt[status]);
113110
return STATUS_ERROR;
114111
}
115-
if (strncmp(version, PG_KRB4_VERSION, KRB_SENDAUTH_VLEN))
112+
if (strncmp(version, PG_KRB4_VERSION, KRB_SENDAUTH_VLEN) != 0)
116113
{
117-
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
118-
"pg_krb4_recvauth: protocol version != \"%s\"\n",
119-
PG_KRB4_VERSION);
120-
fputs(PQerrormsg, stderr);
121-
pqdebug("%s", PQerrormsg);
114+
elog(LOG, "pg_krb4_recvauth: protocol version \"%s\" != \"%s\"",
115+
version, PG_KRB4_VERSION);
122116
return STATUS_ERROR;
123117
}
124-
if (strncmp(port->user, auth_data.pname, SM_USER))
118+
if (strncmp(port->user, auth_data.pname, SM_USER) != 0)
125119
{
126-
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
127-
"pg_krb4_recvauth: name \"%s\" != \"%s\"\n",
128-
port->user, auth_data.pname);
129-
fputs(PQerrormsg, stderr);
130-
pqdebug("%s", PQerrormsg);
120+
elog(LOG, "pg_krb4_recvauth: name \"%s\" != \"%s\"",
121+
port->user, auth_data.pname);
131122
return STATUS_ERROR;
132123
}
133124
return STATUS_OK;
134125
}
135126

136127
#else
128+
137129
static int
138130
pg_krb4_recvauth(Port *port)
139131
{
140-
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
141-
"pg_krb4_recvauth: Kerberos not implemented on this server.\n");
142-
fputs(PQerrormsg, stderr);
143-
pqdebug("%s", PQerrormsg);
144-
132+
elog(LOG, "pg_krb4_recvauth: Kerberos not implemented on this server");
145133
return STATUS_ERROR;
146134
}
135+
147136
#endif /* KRB4 */
148137

149138

@@ -201,19 +190,17 @@ pg_krb5_init(void)
201190
retval = krb5_init_context(&pg_krb5_context);
202191
if (retval)
203192
{
204-
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
205-
"pg_krb5_init: krb5_init_context returned"
206-
" Kerberos error %d\n", retval);
193+
elog(LOG, "pg_krb5_init: krb5_init_context returned Kerberos error %d",
194+
retval);
207195
com_err("postgres", retval, "while initializing krb5");
208196
return STATUS_ERROR;
209197
}
210198

211199
retval = krb5_kt_resolve(pg_krb5_context, pg_krb_server_keyfile, &pg_krb5_keytab);
212200
if (retval)
213201
{
214-
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
215-
"pg_krb5_init: krb5_kt_resolve returned"
216-
" Kerberos error %d\n", retval);
202+
elog(LOG, "pg_krb5_init: krb5_kt_resolve returned Kerberos error %d",
203+
retval);
217204
com_err("postgres", retval, "while resolving keytab file %s",
218205
pg_krb_server_keyfile);
219206
krb5_free_context(pg_krb5_context);
@@ -224,9 +211,8 @@ pg_krb5_init(void)
224211
KRB5_NT_SRV_HST, &pg_krb5_server);
225212
if (retval)
226213
{
227-
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
228-
"pg_krb5_init: krb5_sname_to_principal returned"
229-
" Kerberos error %d\n", retval);
214+
elog(LOG, "pg_krb5_init: krb5_sname_to_principal returned Kerberos error %d",
215+
retval);
230216
com_err("postgres", retval,
231217
"while getting server principal for service %s",
232218
PG_KRB_SRVNAM);
@@ -269,9 +255,8 @@ pg_krb5_recvauth(Port *port)
269255
pg_krb5_server, 0, pg_krb5_keytab, &ticket);
270256
if (retval)
271257
{
272-
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
273-
"pg_krb5_recvauth: krb5_recvauth returned"
274-
" Kerberos error %d\n", retval);
258+
elog(LOG, "pg_krb5_recvauth: krb5_recvauth returned Kerberos error %d",
259+
retval);
275260
com_err("postgres", retval, "from krb5_recvauth");
276261
return STATUS_ERROR;
277262
}
@@ -294,9 +279,8 @@ pg_krb5_recvauth(Port *port)
294279
#endif
295280
if (retval)
296281
{
297-
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
298-
"pg_krb5_recvauth: krb5_unparse_name returned"
299-
" Kerberos error %d\n", retval);
282+
elog(LOG, "pg_krb5_recvauth: krb5_unparse_name returned Kerberos error %d",
283+
retval);
300284
com_err("postgres", retval, "while unparsing client name");
301285
krb5_free_ticket(pg_krb5_context, ticket);
302286
krb5_auth_con_free(pg_krb5_context, auth_context);
@@ -306,9 +290,8 @@ pg_krb5_recvauth(Port *port)
306290
kusername = pg_an_to_ln(kusername);
307291
if (strncmp(port->user, kusername, SM_USER))
308292
{
309-
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
310-
"pg_krb5_recvauth: user name \"%s\" != krb5 name \"%s\"\n",
311-
port->user, kusername);
293+
elog(LOG, "pg_krb5_recvauth: user name \"%s\" != krb5 name \"%s\"",
294+
port->user, kusername);
312295
ret = STATUS_ERROR;
313296
}
314297
else
@@ -322,16 +305,14 @@ pg_krb5_recvauth(Port *port)
322305
}
323306

324307
#else
308+
325309
static int
326310
pg_krb5_recvauth(Port *port)
327311
{
328-
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
329-
"pg_krb5_recvauth: Kerberos not implemented on this server.\n");
330-
fputs(PQerrormsg, stderr);
331-
pqdebug("%s", PQerrormsg);
332-
312+
elog(LOG, "pg_krb5_recvauth: Kerberos not implemented on this server");
333313
return STATUS_ERROR;
334314
}
315+
335316
#endif /* KRB5 */
336317

337318

@@ -388,10 +369,7 @@ recv_and_check_passwordv0(Port *port)
388369

389370
if (user == NULL || password == NULL)
390371
{
391-
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
392-
"pg_password_recvauth: badly formed password packet.\n");
393-
fputs(PQerrormsg, stderr);
394-
pqdebug("%s", PQerrormsg);
372+
elog(LOG, "pg_password_recvauth: badly formed password packet");
395373
status = STATUS_ERROR;
396374
}
397375
else
@@ -530,7 +508,7 @@ ClientAuthentication(Port *port)
530508
if (port->raddr.sa.sa_family == AF_INET)
531509
hostinfo = inet_ntoa(port->raddr.in.sin_addr);
532510
elog(FATAL,
533-
"No pg_hba.conf entry for host %s, user %s, database %s",
511+
"No pg_hba.conf entry for host %s, user %s, database %s",
534512
hostinfo, port->user, port->database);
535513
break;
536514
}
@@ -563,8 +541,7 @@ ClientAuthentication(Port *port)
563541
int on = 1;
564542

565543
if (setsockopt(port->sock, 0, LOCAL_CREDS, &on, sizeof(on)) < 0)
566-
elog(FATAL,
567-
"pg_local_sendauth: can't do setsockopt: %s\n", strerror(errno));
544+
elog(FATAL, "pg_local_sendauth: can't do setsockopt: %m");
568545
}
569546
#endif
570547
if (port->raddr.sa.sa_family == AF_UNIX)
@@ -653,17 +630,12 @@ pam_passwd_conv_proc(int num_msg, const struct pam_message ** msg, struct pam_re
653630
switch (msg[0]->msg_style)
654631
{
655632
case PAM_ERROR_MSG:
656-
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
657-
"pam_passwd_conv_proc: Error from underlying PAM layer: '%s'\n", msg[0]->msg);
658-
fputs(PQerrormsg, stderr);
659-
pqdebug("%s", PQerrormsg);
633+
elog(LOG, "pam_passwd_conv_proc: Error from underlying PAM layer: '%s'",
634+
msg[0]->msg);
660635
return PAM_CONV_ERR;
661636
default:
662-
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
663-
"pam_passwd_conv_proc: Unexpected PAM conversation %d/'%s'\n",
664-
msg[0]->msg_style, msg[0]->msg);
665-
fputs(PQerrormsg, stderr);
666-
pqdebug("%s", PQerrormsg);
637+
elog(LOG, "pam_passwd_conv_proc: Unexpected PAM conversation %d/'%s'",
638+
msg[0]->msg_style, msg[0]->msg);
667639
return PAM_CONV_ERR;
668640
}
669641
}
@@ -691,12 +663,11 @@ pam_passwd_conv_proc(int num_msg, const struct pam_message ** msg, struct pam_re
691663

692664
initStringInfo(&buf);
693665
pq_getstr(&buf);
694-
elog(DEBUG5, "received PAM packet with len=%d, pw=%s\n", len, buf.data);
666+
elog(DEBUG5, "received PAM packet with len=%d, pw=%s", len, buf.data);
695667

696668
if (strlen(buf.data) == 0)
697669
{
698-
snprintf(PQerrormsg, PQERRORMSG_LENGTH, "pam_passwd_conv_proc: no password\n");
699-
fputs(PQerrormsg, stderr);
670+
elog(LOG, "pam_passwd_conv_proc: no password");
700671
return PAM_CONV_ERR;
701672
}
702673
appdata_ptr = buf.data;
@@ -709,9 +680,7 @@ pam_passwd_conv_proc(int num_msg, const struct pam_message ** msg, struct pam_re
709680
*resp = calloc(num_msg, sizeof(struct pam_response));
710681
if (!*resp)
711682
{
712-
snprintf(PQerrormsg, PQERRORMSG_LENGTH, "pam_passwd_conv_proc: Out of memory!\n");
713-
fputs(PQerrormsg, stderr);
714-
pqdebug("%s", PQerrormsg);
683+
elog(LOG, "pam_passwd_conv_proc: Out of memory!");
715684
if (buf.data)
716685
pfree(buf.data);
717686
return PAM_CONV_ERR;
@@ -755,11 +724,8 @@ CheckPAMAuth(Port *port, char *user, char *password)
755724

756725
if (retval != PAM_SUCCESS)
757726
{
758-
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
759-
"CheckPAMAuth: Failed to create PAM authenticator: '%s'\n",
760-
pam_strerror(pamh, retval));
761-
fputs(PQerrormsg, stderr);
762-
pqdebug("%s", PQerrormsg);
727+
elog(LOG, "CheckPAMAuth: Failed to create PAM authenticator: '%s'",
728+
pam_strerror(pamh, retval));
763729
pam_passwd = NULL; /* Unset pam_passwd */
764730
return STATUS_ERROR;
765731
}
@@ -768,11 +734,8 @@ CheckPAMAuth(Port *port, char *user, char *password)
768734

769735
if (retval != PAM_SUCCESS)
770736
{
771-
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
772-
"CheckPAMAuth: pam_set_item(PAM_USER) failed: '%s'\n",
773-
pam_strerror(pamh, retval));
774-
fputs(PQerrormsg, stderr);
775-
pqdebug("%s", PQerrormsg);
737+
elog(LOG, "CheckPAMAuth: pam_set_item(PAM_USER) failed: '%s'",
738+
pam_strerror(pamh, retval));
776739
pam_passwd = NULL; /* Unset pam_passwd */
777740
return STATUS_ERROR;
778741
}
@@ -781,11 +744,8 @@ CheckPAMAuth(Port *port, char *user, char *password)
781744

782745
if (retval != PAM_SUCCESS)
783746
{
784-
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
785-
"CheckPAMAuth: pam_set_item(PAM_CONV) failed: '%s'\n",
786-
pam_strerror(pamh, retval));
787-
fputs(PQerrormsg, stderr);
788-
pqdebug("%s", PQerrormsg);
747+
elog(LOG, "CheckPAMAuth: pam_set_item(PAM_CONV) failed: '%s'",
748+
pam_strerror(pamh, retval));
789749
pam_passwd = NULL; /* Unset pam_passwd */
790750
return STATUS_ERROR;
791751
}
@@ -794,11 +754,8 @@ CheckPAMAuth(Port *port, char *user, char *password)
794754

795755
if (retval != PAM_SUCCESS)
796756
{
797-
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
798-
"CheckPAMAuth: pam_authenticate failed: '%s'\n",
799-
pam_strerror(pamh, retval));
800-
fputs(PQerrormsg, stderr);
801-
pqdebug("%s", PQerrormsg);
757+
elog(LOG, "CheckPAMAuth: pam_authenticate failed: '%s'",
758+
pam_strerror(pamh, retval));
802759
pam_passwd = NULL; /* Unset pam_passwd */
803760
return STATUS_ERROR;
804761
}
@@ -807,11 +764,8 @@ CheckPAMAuth(Port *port, char *user, char *password)
807764

808765
if (retval != PAM_SUCCESS)
809766
{
810-
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
811-
"CheckPAMAuth: pam_acct_mgmt failed: '%s'\n",
812-
pam_strerror(pamh, retval));
813-
fputs(PQerrormsg, stderr);
814-
pqdebug("%s", PQerrormsg);
767+
elog(LOG, "CheckPAMAuth: pam_acct_mgmt failed: '%s'",
768+
pam_strerror(pamh, retval));
815769
pam_passwd = NULL; /* Unset pam_passwd */
816770
return STATUS_ERROR;
817771
}
@@ -820,11 +774,8 @@ CheckPAMAuth(Port *port, char *user, char *password)
820774

821775
if (retval != PAM_SUCCESS)
822776
{
823-
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
824-
"CheckPAMAuth: Failed to release PAM authenticator: '%s'\n",
825-
pam_strerror(pamh, retval));
826-
fputs(PQerrormsg, stderr);
827-
pqdebug("%s", PQerrormsg);
777+
elog(LOG, "CheckPAMAuth: Failed to release PAM authenticator: '%s'",
778+
pam_strerror(pamh, retval));
828779
}
829780

830781
pam_passwd = NULL; /* Unset pam_passwd */
@@ -854,8 +805,8 @@ recv_and_check_password_packet(Port *port)
854805
return STATUS_EOF;
855806
}
856807

857-
elog(DEBUG5, "received password packet with len=%d, pw=%s\n",
858-
len, buf.data);
808+
elog(DEBUG5, "received password packet with len=%d, pw=%s",
809+
len, buf.data);
859810

860811
result = checkPassword(port, port->user, buf.data);
861812
pfree(buf.data);
@@ -907,7 +858,7 @@ old_be_recvauth(Port *port)
907858
break;
908859

909860
default:
910-
fprintf(stderr, "Invalid startup message type: %u\n", msgtype);
861+
elog(LOG, "Invalid startup message type: %u", msgtype);
911862

912863
return STATUS_ERROR;
913864
}

src/backend/libpq/crypt.c

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
1010
* Portions Copyright (c) 1994, Regents of the University of California
1111
*
12-
* $Header: /cvsroot/pgsql/src/backend/libpq/crypt.c,v 1.43 2002/03/02 21:39:26 momjian Exp $
12+
* $Header: /cvsroot/pgsql/src/backend/libpq/crypt.c,v 1.44 2002/03/04 01:46:03 tgl Exp $
1313
*
1414
*-------------------------------------------------------------------------
1515
*/
@@ -273,11 +273,8 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass)
273273
/* If they encrypt their password, force MD5 */
274274
if (isMD5(passwd) && port->auth_method != uaMD5)
275275
{
276-
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
277-
"Password is stored MD5 encrypted. "
278-
"'password' and 'crypt' auth methods cannot be used.\n");
279-
fputs(PQerrormsg, stderr);
280-
pqdebug("%s", PQerrormsg);
276+
elog(LOG, "Password is stored MD5 encrypted. "
277+
"'password' and 'crypt' auth methods cannot be used.");
281278
return STATUS_ERROR;
282279
}
283280

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy