projects / pgbouncer.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 791bd63)
Fix password/md5 auth.
authorMarko Kreen <markokr@gmail.com>
Thu, 20 Aug 2015 16:58:26 +0000 (19:58 +0300)
committerMarko Kreen <markokr@gmail.com>
Thu, 20 Aug 2015 17:01:43 +0000 (20:01 +0300)
Password auth ignored auth method calculated by HBA.

Fixes: #64
include/bouncer.h patch | blob | blame | history
src/client.c patch | blob | blame | history

diff --git a/include/bouncer.h b/include/bouncer.h
index 51cfc885d875c5048725be6ce9437249998bfc1c..399d7bfa5733efdaa41e2251be2040cb11b4560a 100644 (file)
--- a/include/bouncer.h
+++ b/include/bouncer.h
@@ -328,6 +328,8 @@ struct PgSocket {
 
        PgUser *auth_user;      /* presented login, for client it may differ from pool->user */
 
+       int client_auth_type;   /* auth method decided by hba */
+
        SocketState state:8;    /* this also specifies socket location */
 
        bool ready:1;           /* server: accepts new query */
diff --git a/src/client.c b/src/client.c
index 5aa629f8be36791500868131b62bafcc0c7385ea..7348e34c7c1166273890bb570fd6bd9f89c5ce6a 100644 (file)
--- a/src/client.c
+++ b/src/client.c
@@ -37,12 +37,13 @@ static bool check_client_passwd(PgSocket *client, const char *passwd)
 {
        char md5[MD5_PASSWD_LEN + 1];
        PgUser *user = client->auth_user;
+       int auth_type = client->client_auth_type;
 
        /* disallow empty passwords */
        if (!*passwd || !*user->passwd)
                return false;
 
-       switch (cf_auth_type) {
+       switch (auth_type) {
        case AUTH_PLAIN:
                return strcmp(user->passwd, passwd) == 0;
        case AUTH_MD5:
@@ -60,18 +61,18 @@ static bool send_client_authreq(PgSocket *client)
 {
        uint8_t saltlen = 0;
        int res;
-       int auth = cf_auth_type;
+       int auth_type = client->client_auth_type;
 
-       if (cf_auth_type == AUTH_MD5) {
+       if (auth_type == AUTH_MD5) {
                saltlen = 4;
                get_random_bytes((void*)client->tmp_login_salt, saltlen);
-       } else if (cf_auth_type == AUTH_PLAIN) {
+       } else if (auth_type == AUTH_PLAIN) {
                /* nothing to do */
        } else {
                return false;
        }
 
-       SEND_generic(res, client, 'R', "ib", auth, client->tmp_login_salt, saltlen);
+       SEND_generic(res, client, 'R', "ib", auth_type, client->tmp_login_salt, saltlen);
        if (!res)
                disconnect_client(client, false, "failed to send auth req");
        return res;
@@ -215,6 +216,9 @@ static bool finish_set_pool(PgSocket *client, bool takeover)
                                client->db->name, client->auth_user->name);
        }
 
+       /* remember method */
+       client->client_auth_type = auth;
+
        switch (auth) {
        case AUTH_ANY:
        case AUTH_TRUST:
PgBouncer master repo