Further cleanup from the strong-random patch.

Also use the new facility for generating RADIUS authenticator requests, and salt in chkpass extension. Reword the error messages to be nicer. Fix bogus error code used in the message in BackendStartup.
9 years ago · 58445c5c8d
parent 9bbbf029dd
commit 58445c5c8d
3 changed files with 13 additions and 17 deletions
--- a/contrib/chkpass/chkpass.c
+++ b/contrib/chkpass/chkpass.c
@ -17,6 +17,7 @@
 #endif

 #include "fmgr.h"
+#include "utils/backend_random.h"
 #include "utils/builtins.h"

 PG_MODULE_MAGIC;
@ -77,8 +78,12 @@ chkpass_in(PG_FUNCTION_ARGS)

 	result = (chkpass *) palloc0(sizeof(chkpass));

-	mysalt[0] = salt_chars[random() & 0x3f];
-	mysalt[1] = salt_chars[random() & 0x3f];
+	if (!pg_backend_random(mysalt, 2))
+		ereport(ERROR,
+				(errmsg("could not generate random salt")));
+
+	mysalt[0] = salt_chars[mysalt[0] & 0x3f];
+	mysalt[1] = salt_chars[mysalt[1] & 0x3f];
 	mysalt[2] = 0;				/* technically the terminator is not necessary
 								 * but I like to play safe */

--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@ -194,9 +194,6 @@ static int pg_SSPI_make_upn(char *accountname,
 * RADIUS Authentication
 *----------------------------------------------------------------
 */
-#ifdef USE_OPENSSL
-#include <openssl/rand.h>
-#endif
 static int	CheckRADIUSAuth(Port *port);


@ -718,7 +715,7 @@ CheckMD5Auth(Port *port, char **logdetail)
 	if (!pg_backend_random(md5Salt, 4))
 	{
 		ereport(LOG,
-				(errmsg("could not acquire random number for MD5 salt.")));
+				(errmsg("could not generate random MD5 salt.")));
 		return STATUS_ERROR;
 	}

@ -2550,18 +2547,12 @@ CheckRADIUSAuth(Port *port)
 	/* Construct RADIUS packet */
 	packet->code = RADIUS_ACCESS_REQUEST;
 	packet->length = RADIUS_HEADER_LENGTH;
-#ifdef USE_OPENSSL
-	if (RAND_bytes(packet->vector, RADIUS_VECTOR_LENGTH) != 1)
+	if (!pg_backend_random((char *) packet->vector, RADIUS_VECTOR_LENGTH))
 	{
 		ereport(LOG,
 				(errmsg("could not generate random encryption vector")));
 		return STATUS_ERROR;
 	}
-#else
-	for (i = 0; i < RADIUS_VECTOR_LENGTH; i++)
-		/* Use a lower strengh random number of OpenSSL is not available */
-		packet->vector[i] = random() % 255;
-#endif
 	packet->id = packet->vector[0];
 	radius_add_attribute(packet, RADIUS_SERVICE_TYPE, (unsigned char *) &service, sizeof(service));
 	radius_add_attribute(packet, RADIUS_USER_NAME, (unsigned char *) port->user_name, strlen(port->user_name));
--- a/src/backend/postmaster/postmaster.c
+++ b/src/backend/postmaster/postmaster.c
@ -3903,8 +3903,8 @@ BackendStartup(Port *port)
 	{
 		free(bn);
 		ereport(LOG,
-				(errcode(ERRCODE_OUT_OF_MEMORY),
-				 errmsg("could not acquire random number")));
+				(errcode(ERRCODE_INTERNAL_ERROR),
+				 errmsg("could not generate random cancel key")));
 		return STATUS_ERROR;
 	}

@ -5288,7 +5288,7 @@ StartAutovacuumWorker(void)
 		{
 			ereport(LOG,
 					(errcode(ERRCODE_INTERNAL_ERROR),
-					 errmsg("could not acquire random number")));
+					 errmsg("could not generate random cancel key")));
 			return;
 		}

@ -5594,7 +5594,7 @@ assign_backendlist_entry(RegisteredBgWorker *rw)
 	{
 		ereport(LOG,
 				(errcode(ERRCODE_INTERNAL_ERROR),
-				 errmsg("could not acquire random number")));
+				 errmsg("could not generate random cancel key")));

 		rw->rw_crashed_at = GetCurrentTimestamp();
 		return false;