Further cleanup from the strong-random patch.

Also use the new facility for generating RADIUS authenticator requests,
and salt in chkpass extension.

Reword the error messages to be nicer. Fix bogus error code used in the
message in BackendStartup.

diff --git a/contrib/chkpass/chkpass.c b/contrib/chkpass/chkpass.c
index 9425c089b5b7da0a588fb107cd4aca41bf9c0cc2..3803ccff9ac88720ed3fcadc2455dcee0fcfdcb2 100644 (file)
--- a/contrib/chkpass/chkpass.c
+++ b/contrib/chkpass/chkpass.c
@@ -17,6 +17,7 @@
 #endif
 
 #include "fmgr.h"
+#include "utils/backend_random.h"
 #include "utils/builtins.h"
 
 PG_MODULE_MAGIC;
@@ -77,8 +78,12 @@ chkpass_in(PG_FUNCTION_ARGS)
 
        result = (chkpass *) palloc0(sizeof(chkpass));
 
-       mysalt[0] = salt_chars[random() & 0x3f];
-       mysalt[1] = salt_chars[random() & 0x3f];
+       if (!pg_backend_random(mysalt, 2))
+               ereport(ERROR,
+                               (errmsg("could not generate random salt")));
+
+       mysalt[0] = salt_chars[mysalt[0] & 0x3f];
+       mysalt[1] = salt_chars[mysalt[1] & 0x3f];
        mysalt[2] = 0;                          /* technically the terminator is not necessary
                                                                 * but I like to play safe */
 

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 2b1841fb9bbf700508a53aa05480de1cd6d38779..9b79dc517da472a400d77ce39c6d19c150a3975e 100644 (file)
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -194,9 +194,6 @@ static int pg_SSPI_make_upn(char *accountname,
  * RADIUS Authentication
  *----------------------------------------------------------------
  */
-#ifdef USE_OPENSSL
-#include <openssl/rand.h>
-#endif
 static int     CheckRADIUSAuth(Port *port);
 
 
@@ -718,7 +715,7 @@ CheckMD5Auth(Port *port, char **logdetail)
        if (!pg_backend_random(md5Salt, 4))
        {
                ereport(LOG,
-                               (errmsg("could not acquire random number for MD5 salt.")));
+                               (errmsg("could not generate random MD5 salt.")));
                return STATUS_ERROR;
        }
 
@@ -2550,18 +2547,12 @@ CheckRADIUSAuth(Port *port)
        /* Construct RADIUS packet */
        packet->code = RADIUS_ACCESS_REQUEST;
        packet->length = RADIUS_HEADER_LENGTH;
-#ifdef USE_OPENSSL
-       if (RAND_bytes(packet->vector, RADIUS_VECTOR_LENGTH) != 1)
+       if (!pg_backend_random((char *) packet->vector, RADIUS_VECTOR_LENGTH))
        {
                ereport(LOG,
                                (errmsg("could not generate random encryption vector")));
                return STATUS_ERROR;
        }
-#else
-       for (i = 0; i < RADIUS_VECTOR_LENGTH; i++)
-               /* Use a lower strengh random number of OpenSSL is not available */
-               packet->vector[i] = random() % 255;
-#endif
        packet->id = packet->vector[0];
        radius_add_attribute(packet, RADIUS_SERVICE_TYPE, (unsigned char *) &service, sizeof(service));
        radius_add_attribute(packet, RADIUS_USER_NAME, (unsigned char *) port->user_name, strlen(port->user_name));

diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c
index 09884b313256295b5b512aa4d6e41990cf1e0527..16dc075a3a1abbb31f9c67b70560dee44e12d4be 100644 (file)
--- a/src/backend/postmaster/postmaster.c
+++ b/src/backend/postmaster/postmaster.c
@@ -3903,8 +3903,8 @@ BackendStartup(Port *port)
        {
                free(bn);
                ereport(LOG,
-                               (errcode(ERRCODE_OUT_OF_MEMORY),
-                                errmsg("could not acquire random number")));
+                               (errcode(ERRCODE_INTERNAL_ERROR),
+                                errmsg("could not generate random cancel key")));
                return STATUS_ERROR;
        }
 
@@ -5288,7 +5288,7 @@ StartAutovacuumWorker(void)
                {
                        ereport(LOG,
                                        (errcode(ERRCODE_INTERNAL_ERROR),
-                                        errmsg("could not acquire random number")));
+                                        errmsg("could not generate random cancel key")));
                        return;
                }
 
@@ -5594,7 +5594,7 @@ assign_backendlist_entry(RegisteredBgWorker *rw)
        {
                ereport(LOG,
                                (errcode(ERRCODE_INTERNAL_ERROR),
-                                errmsg("could not acquire random number")));
+                                errmsg("could not generate random cancel key")));
 
                rw->rw_crashed_at = GetCurrentTimestamp();
                return false;