aboutsummaryrefslogtreecommitdiffstats
path: root/community/lua-resty-postgres/0001-Support-trust-authentication-method.patch
diff options
context:
space:
mode:
Diffstat (limited to 'community/lua-resty-postgres/0001-Support-trust-authentication-method.patch')
-rw-r--r--community/lua-resty-postgres/0001-Support-trust-authentication-method.patch70
1 files changed, 70 insertions, 0 deletions
diff --git a/community/lua-resty-postgres/0001-Support-trust-authentication-method.patch b/community/lua-resty-postgres/0001-Support-trust-authentication-method.patch
new file mode 100644
index 00000000000..f66a26c2fcd
--- /dev/null
+++ b/community/lua-resty-postgres/0001-Support-trust-authentication-method.patch
@@ -0,0 +1,70 @@
+From edf340e359fe209797c584a387f897ac09c90b8b Mon Sep 17 00:00:00 2001
+From: Alex Dowad <alexinbeijing@gmail.com>
+Date: Mon, 18 Apr 2022 11:47:49 +0200
+Subject: [PATCH] Support 'trust' authentication method
+
+In the PostgreSQL server's response to the initial login packet, it
+includes a field indicating what kind of authentication the server
+would like the client to use. We were not checking that field. If it
+is 0, that means no authentication is needed and the client can just
+go ahead.
+
+As a bonus, since we are now checking the value of that field, we can
+provide a more specific error message if the server wants to use an
+authentication type which this library does not currently support.
+---
+ lib/resty/postgres.lua | 40 ++++++++++++++++++++++++----------------
+ 1 file changed, 24 insertions(+), 16 deletions(-)
+
+diff --git a/lib/resty/postgres.lua b/lib/resty/postgres.lua
+index 6907180..3e481ba 100644
+--- a/lib/resty/postgres.lua
++++ b/lib/resty/postgres.lua
+@@ -230,23 +230,31 @@ function connect(self, opts)
+ if typ ~= 'R' then
+ return nil, "handshake error, got packet type:" .. typ
+ end
+- local auth_type = string.sub(packet, 1, 4)
+- local salt = string.sub(packet, 5, 8)
+- -- send passsowrd
+- req = {_to_cstring(_compute_token(self, user, password, salt))}
+- req_len = 40
+- local bytes, err = _send_packet(self, req, req_len, 'p')
+- if not bytes then
+- return nil, "failed to send client authentication packet2: " .. err
+- end
+- -- receive response
+- packet, typ, err = _recv_packet(self)
+- if typ ~= 'R' then
+- return nil, "auth return type not support"
+- end
+- if packet ~= AUTH_REQ_OK then
+- return nil, "authentication failed"
++ local auth_type = _get_byte4(packet, 1)
++
++ if auth_type == 5 then
++ -- Authentication type 5 is MD5 password encryption
++ local salt = string.sub(packet, 5, 8)
++ -- send password
++ req = {_to_cstring(_compute_token(self, user, password, salt))}
++ req_len = 40
++ local bytes, err = _send_packet(self, req, req_len, 'p')
++ if not bytes then
++ return nil, "failed to send client authentication packet2: " .. err
++ end
++ -- receive response
++ packet, typ, err = _recv_packet(self)
++ if typ ~= 'R' then
++ return nil, "authentication response packet type was '"..typ.."'; expected 'R'"
++ end
++ if packet ~= AUTH_REQ_OK then
++ return nil, "authentication failed"
++ end
++ elseif auth_type ~= 0 then
++ -- 0 means authentication was already successful (with no password required)
++ return nil, "authentication failed: server wants to use type "..auth_type..", but we only support MD5 password encryption (type 5)"
+ end
++
+ while true do
+ packet, typ, err = _recv_packet(self)
+ if not packet then