From faae1c918e8aaae034eaf3ea103fcb6ba9adc5ab Mon Sep 17 00:00:00 2001 From: Heikki Linnakangas Date: Tue, 18 Oct 2016 16:28:23 +0300 Subject: Revert "Replace PostmasterRandom() with a stronger way of generating randomness." This reverts commit 9e083fd4683294f41544e6d0d72f6e258ff3a77c. That was a few bricks shy of a load: * Query cancel stopped working * Buildfarm member pademelon stopped working, because the box doesn't have /dev/urandom nor /dev/random. This clearly needs some more discussion, and a quite different patch, so revert for now. --- src/backend/libpq/auth.c | 27 ++++----------------------- 1 file changed, 4 insertions(+), 23 deletions(-) (limited to 'src/backend/libpq/auth.c') diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 44b2212b1da..0ba85301149 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -45,12 +45,6 @@ static void auth_failed(Port *port, int status, char *logdetail); static char *recv_password_packet(Port *port); static int recv_and_check_password_packet(Port *port, char **logdetail); -/*---------------------------------------------------------------- - * MD5 authentication - *---------------------------------------------------------------- - */ -static int CheckMD5Auth(Port *port, char **logdetail); - /*---------------------------------------------------------------- * Ident authentication @@ -541,7 +535,9 @@ ClientAuthentication(Port *port) ereport(FATAL, (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled"))); - status = CheckMD5Auth(port, &logdetail); + /* include the salt to use for computing the response */ + sendAuthRequest(port, AUTH_REQ_MD5, port->md5Salt, 4); + status = recv_and_check_password_packet(port, &logdetail); break; case uaPassword: @@ -696,25 +692,10 @@ recv_password_packet(Port *port) /*---------------------------------------------------------------- - * MD5 and password authentication + * MD5 authentication *---------------------------------------------------------------- */ -static int -CheckMD5Auth(Port *port, char **logdetail) -{ - /* include the salt to use for computing the response */ - if (!pg_strong_random(port->md5Salt, sizeof(port->md5Salt))) - { - *logdetail = psprintf(_("Could not generate random salt")); - return STATUS_ERROR; - } - - sendAuthRequest(port, AUTH_REQ_MD5, port->md5Salt, 4); - return recv_and_check_password_packet(port, logdetail); -} - - /* * Called when we have sent an authorization request for a password. * Get the response and check it. -- cgit v1.2.3