3939 * Global authentication functions
4040 *----------------------------------------------------------------
4141 */
42- static void sendAuthRequest (Port * port , AuthRequest areq );
42+ static void sendAuthRequest (Port * port , AuthRequest areq , char * extradata ,
43+ int extralen );
4344static void auth_failed (Port * port , int status , char * logdetail );
4445static char * recv_password_packet (Port * port );
4546static int recv_and_check_password_packet (Port * port , char * * logdetail );
@@ -507,7 +508,7 @@ ClientAuthentication(Port *port)
507508
508509 case uaGSS :
509510#ifdef ENABLE_GSS
510- sendAuthRequest (port , AUTH_REQ_GSS );
511+ sendAuthRequest (port , AUTH_REQ_GSS , NULL , 0 );
511512 status = pg_GSS_recvauth (port );
512513#else
513514 Assert (false);
@@ -516,7 +517,7 @@ ClientAuthentication(Port *port)
516517
517518 case uaSSPI :
518519#ifdef ENABLE_SSPI
519- sendAuthRequest (port , AUTH_REQ_SSPI );
520+ sendAuthRequest (port , AUTH_REQ_SSPI , NULL , 0 );
520521 status = pg_SSPI_recvauth (port );
521522#else
522523 Assert (false);
@@ -544,7 +545,7 @@ ClientAuthentication(Port *port)
544545 break ;
545546
546547 case uaPassword :
547- sendAuthRequest (port , AUTH_REQ_PASSWORD );
548+ sendAuthRequest (port , AUTH_REQ_PASSWORD , NULL , 0 );
548549 status = recv_and_check_password_packet (port , & logdetail );
549550 break ;
550551
@@ -591,7 +592,7 @@ ClientAuthentication(Port *port)
591592 (* ClientAuthentication_hook ) (port , status );
592593
593594 if (status == STATUS_OK )
594- sendAuthRequest (port , AUTH_REQ_OK );
595+ sendAuthRequest (port , AUTH_REQ_OK , NULL , 0 );
595596 else
596597 auth_failed (port , status , logdetail );
597598}
@@ -601,36 +602,16 @@ ClientAuthentication(Port *port)
601602 * Send an authentication request packet to the frontend.
602603 */
603604static void
604- sendAuthRequest (Port * port , AuthRequest areq )
605+ sendAuthRequest (Port * port , AuthRequest areq , char * extradata , int extralen )
605606{
606607 StringInfoData buf ;
607608
608609 CHECK_FOR_INTERRUPTS ();
609610
610611 pq_beginmessage (& buf , 'R' );
611612 pq_sendint (& buf , (int32 ) areq , sizeof (int32 ));
612-
613- /* Add the salt for encrypted passwords. */
614- if (areq == AUTH_REQ_MD5 )
615- pq_sendbytes (& buf , port -> md5Salt , 4 );
616-
617- #if defined(ENABLE_GSS ) || defined(ENABLE_SSPI )
618-
619- /*
620- * Add the authentication data for the next step of the GSSAPI or SSPI
621- * negotiation.
622- */
623- else if (areq == AUTH_REQ_GSS_CONT )
624- {
625- if (port -> gss -> outbuf .length > 0 )
626- {
627- elog (DEBUG4 , "sending GSS token of length %u" ,
628- (unsigned int ) port -> gss -> outbuf .length );
629-
630- pq_sendbytes (& buf , port -> gss -> outbuf .value , port -> gss -> outbuf .length );
631- }
632- }
633- #endif
613+ if (extralen > 0 )
614+ pq_sendbytes (& buf , extradata , extralen );
634615
635616 pq_endmessage (& buf );
636617
@@ -957,7 +938,8 @@ pg_GSS_recvauth(Port *port)
957938 elog (DEBUG4 , "sending GSS response token of length %u" ,
958939 (unsigned int ) port -> gss -> outbuf .length );
959940
960- sendAuthRequest (port , AUTH_REQ_GSS_CONT );
941+ sendAuthRequest (port , AUTH_REQ_GSS_CONT ,
942+ port -> gss -> outbuf .value , port -> gss -> outbuf .length );
961943
962944 gss_release_buffer (& lmin_s , & port -> gss -> outbuf );
963945 }
@@ -1202,7 +1184,8 @@ pg_SSPI_recvauth(Port *port)
12021184 port -> gss -> outbuf .length = outbuf .pBuffers [0 ].cbBuffer ;
12031185 port -> gss -> outbuf .value = outbuf .pBuffers [0 ].pvBuffer ;
12041186
1205- sendAuthRequest (port , AUTH_REQ_GSS_CONT );
1187+ sendAuthRequest (port , AUTH_REQ_GSS_CONT ,
1188+ port -> gss -> outbuf .value , port -> gss -> outbuf .length );
12061189
12071190 FreeContextBuffer (outbuf .pBuffers [0 ].pvBuffer );
12081191 }
@@ -1830,7 +1813,7 @@ pam_passwd_conv_proc(int num_msg, const struct pam_message ** msg,
18301813 * let's go ask the client to send a password, which we
18311814 * then stuff into PAM.
18321815 */
1833- sendAuthRequest (pam_port_cludge , AUTH_REQ_PASSWORD );
1816+ sendAuthRequest (pam_port_cludge , AUTH_REQ_PASSWORD , NULL , 0 );
18341817 passwd = recv_password_packet (pam_port_cludge );
18351818 if (passwd == NULL )
18361819 {
@@ -2160,7 +2143,7 @@ CheckLDAPAuth(Port *port)
21602143 if (port -> hba -> ldapport == 0 )
21612144 port -> hba -> ldapport = LDAP_PORT ;
21622145
2163- sendAuthRequest (port , AUTH_REQ_PASSWORD );
2146+ sendAuthRequest (port , AUTH_REQ_PASSWORD , NULL , 0 );
21642147
21652148 passwd = recv_password_packet (port );
21662149 if (passwd == NULL )
@@ -2520,7 +2503,7 @@ CheckRADIUSAuth(Port *port)
25202503 identifier = port -> hba -> radiusidentifier ;
25212504
25222505 /* Send regular password request to client, and get the response */
2523- sendAuthRequest (port , AUTH_REQ_PASSWORD );
2506+ sendAuthRequest (port , AUTH_REQ_PASSWORD , NULL , 0 );
25242507
25252508 passwd = recv_password_packet (port );
25262509 if (passwd == NULL )
0 commit comments