Re: [BUGS] Possible password authentication bug in 6.3.1 (fwd) - Mailing list pgsql-hackers

From Bruce Momjian
Subject Re: [BUGS] Possible password authentication bug in 6.3.1 (fwd)
Date
Msg-id 199804041554.KAA14222@candle.pha.pa.us
Whole thread Raw
List pgsql-hackers
Does this make sense to anyone familiar with that area of the code.

Forwarded message:
> From fcarello@srd.it Sat Apr  4 08:59:43 1998
> Message-Id: <199804041303.PAA09515@shadow.srd.it>
> Comments: Authenticated sender is <fcarello@mail.srd.it>
> From: "Fernando Carello" <fcarello@srd.it>
> To: Bruce Momjian <maillist@candle.pha.pa.us>
> Date: Sat, 4 Apr 1998 16:08:35 +0000
> MIME-Version: 1.0
> Content-type: text/plain; charset=US-ASCII
> Content-transfer-encoding: 7BIT
> Subject: Re: [BUGS] Possible password authentication bug in 6.3.1
> Priority: normal
> In-reply-to: <199804032005.PAA16568@candle.pha.pa.us>
> References: <199804031722.TAA06756@shadow.srd.it> from "fcarello@srd.it" at Apr 3, 98 08:16:40 pm
> X-mailer: Pegasus Mail for Win32 (v2.54)
>
>
> > Try adding another host line to the end of the file, and let me know if
> > that fixes it.
>
> Added:
>
> host    users 192.168.0.1 255.255.255.255 password
>
> at the end of pg_hba.conf, but the error is still there.
>
> Please note that I don't make use of Unix sockets for the connection,
> I use TCP/IP instead (" -i ").
>
> I've also commented out the (original) last two lines that allowed
> restrictless connections from the localhost.
>
> I'm not very familiar with Postgres internals, but it *seems* to me
> that the variable "areq" is not getting the right value: it should be
> "3" ( = AUTH_REQ_PASSWORD) for plain-password authentication, while
> it gets "13824".
> ----
> Now I'm at home, and I'm playing a little with libpq sources: here
> I've got Postgres 6.3 (not 6.3.1) and I get a value of areq = 14336
> (and the same error, of course).
> So I printed out areq value in "fe-connect.c", just after the
> pqGetInt call: I get areq = "14336d", that is quite strange; of
> course, shortly after, the call to fe_sendauth fails.
> Then I tried to force areq=3 just before calling fe_sendauth (we are
> near the middle of fe-connect.c), and it happens that the error
> becomes:
>
> FATAL 1: Socket command option.
>
> Don't know if that helps in some way !  :-)
>
> Please let me know if I can do something useful (btw, I'm in trouble
> with that authentication stuff: for now I'm not able to protect my
> data, so I shutted down the SQL server), and as always thanks to all
> you people.
>
>
>                 Fernando Carello
>


--
Bruce Momjian                          |  830 Blythe Avenue
maillist@candle.pha.pa.us              |  Drexel Hill, Pennsylvania 19026
  +  If your life is a hard drive,     |  (610) 353-9879(w)
  +  Christ can be your backup.        |  (610) 853-3000(h)

pgsql-hackers by date:

Previous
From: "Fernando Carello"
Date:
Subject: Re: [BUGS] Possible password authentication bug in 6.3.1
Next
From: Bruce Momjian
Date:
Subject: Re: [HACKERS] Everything leaks; How it mm suppose to work?