Re: [BUGS] Possible password authentication bug in 6.3.1 - Mailing list pgsql-hackers

From Fernando Carello
Subject Re: [BUGS] Possible password authentication bug in 6.3.1
Date
Msg-id 199804041303.PAA09515@shadow.srd.it
Whole thread Raw
List pgsql-hackers
> Try adding another host line to the end of the file, and let me know if
> that fixes it.

Added:

host    users 192.168.0.1 255.255.255.255 password

at the end of pg_hba.conf, but the error is still there.

Please note that I don't make use of Unix sockets for the connection,
I use TCP/IP instead (" -i ").

I've also commented out the (original) last two lines that allowed
restrictless connections from the localhost.

I'm not very familiar with Postgres internals, but it *seems* to me
that the variable "areq" is not getting the right value: it should be
"3" ( = AUTH_REQ_PASSWORD) for plain-password authentication, while
it gets "13824".
----
Now I'm at home, and I'm playing a little with libpq sources: here
I've got Postgres 6.3 (not 6.3.1) and I get a value of areq = 14336
(and the same error, of course).
So I printed out areq value in "fe-connect.c", just after the
pqGetInt call: I get areq = "14336d", that is quite strange; of
course, shortly after, the call to fe_sendauth fails.
Then I tried to force areq=3 just before calling fe_sendauth (we are
near the middle of fe-connect.c), and it happens that the error
becomes:

FATAL 1: Socket command option.

Don't know if that helps in some way !  :-)

Please let me know if I can do something useful (btw, I'm in trouble
with that authentication stuff: for now I'm not able to protect my
data, so I shutted down the SQL server), and as always thanks to all
you people.


                Fernando Carello


pgsql-hackers by date:

Previous
From: Erwan MAS
Date:
Subject: lex/flex portability PB in version 6.3.1
Next
From: Bruce Momjian
Date:
Subject: Re: [BUGS] Possible password authentication bug in 6.3.1 (fwd)