From ad73fb17dcb1d183f646aaa3d50665484ce573fd Mon Sep 17 00:00:00 2001 From: Gurjeet Singh Date: Tue, 10 Oct 2023 02:46:48 -0700 Subject: [PATCH v4 10/11] pgindent run --- src/backend/commands/user.c | 170 ++++++++++++++++--------------- src/backend/libpq/auth-scram.c | 75 ++++++++------ src/backend/libpq/auth.c | 33 +++--- src/backend/libpq/crypt.c | 20 ++-- src/include/catalog/pg_authid.h | 3 +- src/include/utils/wait_event.h | 2 +- src/tools/pgindent/typedefs.list | 7 +- 7 files changed, 166 insertions(+), 144 deletions(-) diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c index 01bcb7e7f2..829a74205b 100644 --- a/src/backend/commands/user.c +++ b/src/backend/commands/user.c @@ -139,25 +139,29 @@ static bool get_salt(char *rolename, char **salt, const char **logdetail) { char **current_secrets; - int i, num_secrets; - char *salt1, *salt2 = NULL; + int i, + num_secrets; + char *salt1, + *salt2 = NULL; PasswordType passtype; if (Password_encryption == PASSWORD_TYPE_MD5) { - *salt = rolename; /* md5 always uses role name, no need to look through the passwords */ + *salt = rolename; /* md5 always uses role name, no need to look + * through the passwords */ return true; } else if (Password_encryption == PASSWORD_TYPE_PLAINTEXT) { - *salt = NULL; /* Plaintext does not have a salt */ + *salt = NULL; /* Plaintext does not have a salt */ return true; } current_secrets = get_role_passwords(rolename, logdetail, &num_secrets); if (num_secrets == 0) { - *salt = NULL; /* No existing passwords, allow salt to be generated */ + *salt = NULL; /* No existing passwords, allow salt to be + * generated */ return true; } @@ -166,34 +170,36 @@ get_salt(char *rolename, char **salt, const char **logdetail) passtype = get_password_type(current_secrets[i]); if (passtype == PASSWORD_TYPE_MD5 || passtype == PASSWORD_TYPE_PLAINTEXT) - continue; /* md5 uses rolename as salt so it is always the same, and plaintext has no salt */ + continue; /* md5 uses rolename as salt so it is always + * the same, and plaintext has no salt */ else if (passtype == PASSWORD_TYPE_SCRAM_SHA_256) { - int iterations; - int key_length = 0; - pg_cryptohash_type hash_type; - uint8 stored_key[SCRAM_MAX_KEY_LEN]; - uint8 server_key[SCRAM_MAX_KEY_LEN]; + int iterations; + int key_length = 0; + pg_cryptohash_type hash_type; + uint8 stored_key[SCRAM_MAX_KEY_LEN]; + uint8 server_key[SCRAM_MAX_KEY_LEN]; - if (!parse_scram_secret(current_secrets[i], &iterations, &hash_type, &key_length, - &salt1, stored_key, server_key)) - { - *logdetail = psprintf(_("could not parse SCRAM secret")); - *salt = NULL; - return false; - } + if (!parse_scram_secret(current_secrets[i], &iterations, &hash_type, &key_length, + &salt1, stored_key, server_key)) + { + *logdetail = psprintf(_("could not parse SCRAM secret")); + *salt = NULL; + return false; + } - if (salt2 != NULL) + if (salt2 != NULL) + { + if (strcmp(salt1, salt2)) { - if (strcmp(salt1, salt2)) - { - *logdetail = psprintf(_("inconsistent salts, clearing password")); // TODO: Better message - *salt = NULL; - return false; - } + *logdetail = psprintf(_("inconsistent salts, clearing password")); + //TODO: Better message + * salt = NULL; + return false; } - else - salt2 = salt1; + } + else + salt2 = salt1; } } @@ -524,12 +530,12 @@ CreateRole(ParseState *pstate, CreateRoleStmt *stmt) } else { - char *salt; + char *salt; if (!get_salt(stmt->role, &salt, &logdetail)) ereport(ERROR, (errmsg("could not get a valid salt for password"), - errdetail("%s", logdetail))); + errdetail("%s", logdetail))); /* Encrypt the password to the requested format. */ shadow_pass = encrypt_password(Password_encryption, salt, password); @@ -721,13 +727,15 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt) ListCell *option; char *rolename; char *password = NULL; /* user password */ - char *second_password = NULL; /* user's second password */ + char *second_password = NULL; /* user's second password */ int connlimit = -1; /* maximum connections allowed */ char *validUntil = NULL; /* time the password is valid until */ Datum validUntil_datum; /* validUntil, as timestamptz Datum */ bool validUntil_null; - char *secondValidUntil = NULL;/* time the second password is valid until */ - Datum secondValidUntil_datum; /* secondValidUntil, as timestamptz Datum */ + char *secondValidUntil = NULL; /* time the second password is + * valid until */ + Datum secondValidUntil_datum; /* secondValidUntil, as timestamptz + * Datum */ bool secondValidUntil_null; DefElem *dpassword = NULL; DefElem *dsecondpassword = NULL; @@ -816,6 +824,7 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt) errorConflictingDefElem(defel, pstate); dsecondpassword = defel; addSecondPassword = true; + /* * Adding and dropping passwords in the same command is not * supported. @@ -825,7 +834,7 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt) } else if (strcmp(defel->defname, "drop-password") == 0) { - char *which = strVal(defel->arg); + char *which = strVal(defel->arg); if (strcmp(which, "first") == 0) { @@ -948,15 +957,15 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt) * Disallow mixing VALID UNTIL with ADD FIRST/SECOND PASSWORD. * * VALID UNTIL and FIRST PASSWORD VALID UNTIL are functionally identical, - * but we track them separately to prevent the confusing invocation like the - * following. + * but we track them separately to prevent the confusing invocation like + * the following. * * ALTER ROLE x ADD SECOND PASSWORD 'y' VALID UNTIL '2020/01/01'; * * In the above command the user may expect the expiration of the _second_ - * password to be set to '2020/01/01', but it will lead to second password's - * expiration set to NULL and first password's expiration set to - * '2020/01/01', because a plain VALIF UNTIL applies to the _first_ + * password to be set to '2020/01/01', but it will lead to second + * password's expiration set to NULL and first password's expiration set + * to '2020/01/01', because a plain VALIF UNTIL applies to the _first_ * password. */ if (dvalidUntil && (addFirstPassword || addSecondPassword)) @@ -1073,17 +1082,17 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt) if (dsecondValidUntil) { secondValidUntil_datum = DirectFunctionCall3(timestamptz_in, - CStringGetDatum(secondValidUntil), - ObjectIdGetDatum(InvalidOid), - Int32GetDatum(-1)); + CStringGetDatum(secondValidUntil), + ObjectIdGetDatum(InvalidOid), + Int32GetDatum(-1)); secondValidUntil_null = false; } else { /* fetch existing setting in case hook needs it */ secondValidUntil_datum = SysCacheGetAttr(AUTHNAME, tuple, - Anum_pg_authid_rolsecondvaliduntil, - &secondValidUntil_null); + Anum_pg_authid_rolsecondvaliduntil, + &secondValidUntil_null); } /* @@ -1172,7 +1181,7 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt) if (addFirstPassword) { - bool firstPassword_null; + bool firstPassword_null; SysCacheGetAttr(AUTHNAME, tuple, Anum_pg_authid_rolpassword, @@ -1181,7 +1190,7 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt) if (!firstPassword_null) ereport(ERROR, (errmsg("first password is already in use"), - errdetail("Use ALTER ROLE DROP FIRST PASSWORD."))); + errdetail("Use ALTER ROLE DROP FIRST PASSWORD."))); } /* Like in CREATE USER, don't allow an empty password. */ @@ -1199,8 +1208,8 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt) if (!get_salt(rolename, &salt, &logdetail)) ereport(ERROR, (errcode(ERRCODE_INTERNAL_ERROR), - errmsg("could not get a valid salt for password"), - errdetail("%s", logdetail))); + errmsg("could not get a valid salt for password"), + errdetail("%s", logdetail))); /* Encrypt the password to the requested format. */ shadow_pass = encrypt_password(Password_encryption, salt, password); @@ -1224,7 +1233,7 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt) if (!secondPassword_null) ereport(ERROR, (errmsg("second password is already in use"), - errdetail("Use ALTER ROLE DROP SECOND PASSWORD"))); + errdetail("Use ALTER ROLE DROP SECOND PASSWORD"))); /* Like in CREATE USER, don't allow an empty password. */ if (second_password[0] == '\0' || @@ -1241,8 +1250,8 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt) if (!get_salt(rolename, &salt, &logdetail)) ereport(ERROR, (errcode(ERRCODE_INTERNAL_ERROR), - errmsg("could not get a valid salt for password"), - errdetail("%s", logdetail))); + errmsg("could not get a valid salt for password"), + errdetail("%s", logdetail))); /* Encrypt the password to the requested format. */ shadow_pass = encrypt_password(Password_encryption, salt, second_password); @@ -1253,28 +1262,29 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt) } /* - * Disallow more than one type of passwords for a role. If a role has an md5 - * password, then allow only md5 passwords; similarly for scram-sha-256 - * passwords. Having all passwords of the same type helps the server pick - * the correponding authentication method during connection attempt. + * Disallow more than one type of passwords for a role. If a role has an + * md5 password, then allow only md5 passwords; similarly for + * scram-sha-256 passwords. Having all passwords of the same type helps + * the server pick the correponding authentication method during + * connection attempt. */ if (overwriteFirstPassword || addFirstPassword || addSecondPassword) { - bool firstPassword_null; - bool secondPassword_null; - Datum firstPassword_datum; - Datum secondPassword_datum; - char *roleFirstPassword = NULL; - char *roleSecondPassword = NULL; - PasswordType roleFirstPasswordType = -1; /* silence the compiler */ - PasswordType roleSecondPasswordType = -1; /* silence the compiler */ + bool firstPassword_null; + bool secondPassword_null; + Datum firstPassword_datum; + Datum secondPassword_datum; + char *roleFirstPassword = NULL; + char *roleSecondPassword = NULL; + PasswordType roleFirstPasswordType = -1; /* silence the compiler */ + PasswordType roleSecondPasswordType = -1; /* silence the compiler */ firstPassword_datum = SysCacheGetAttr(AUTHNAME, tuple, - Anum_pg_authid_rolpassword, - &firstPassword_null); + Anum_pg_authid_rolpassword, + &firstPassword_null); secondPassword_datum = SysCacheGetAttr(AUTHNAME, tuple, - Anum_pg_authid_rolsecondpassword, - &secondPassword_null); + Anum_pg_authid_rolsecondpassword, + &secondPassword_null); if (!firstPassword_null) { roleFirstPassword = TextDatumGetCString(firstPassword_datum); @@ -1287,52 +1297,52 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt) roleSecondPasswordType = get_password_type(roleSecondPassword); } - /* if the user requested setting the first password ... */ + /* if the user requested setting the first password ... */ if ((overwriteFirstPassword || addFirstPassword) && - /* and we have decided to honor their request */ + /* and we have decided to honor their request */ new_record_repl[Anum_pg_authid_rolpassword - 1] == true && - /* and the resulting password hash about to be stored is not null */ + /* and the resulting password hash about to be stored is not null */ new_record_nulls[Anum_pg_authid_rolpassword - 1] == false && - /* and the algorithm used doesn't match existing password's algorithm */ + /* and the algorithm used doesn't match existing password's algorithm */ roleSecondPassword != NULL && roleSecondPasswordType != Password_encryption) { if (roleSecondPasswordType == PASSWORD_TYPE_MD5) ereport(ERROR, (errmsg("role has an md5 password"), - errdetail("The new password must also use md5."))); + errdetail("The new password must also use md5."))); else if (roleSecondPasswordType == PASSWORD_TYPE_SCRAM_SHA_256) ereport(ERROR, (errmsg("role has a scram-sha-256 password"), - errdetail("The new password must also use scram-sha-256."))); + errdetail("The new password must also use scram-sha-256."))); else ereport(ERROR, (errmsg("role has a plaintext password"), - errdetail("The new password must also use plaintext."))); + errdetail("The new password must also use plaintext."))); } - /* if the user requested setting the second password ... */ + /* if the user requested setting the second password ... */ if (addSecondPassword && - /* and we have decided to honor their request */ + /* and we have decided to honor their request */ new_record_repl[Anum_pg_authid_rolsecondpassword - 1] == true && - /* and the resulting password hash about to be stored is not null */ + /* and the resulting password hash about to be stored is not null */ new_record_nulls[Anum_pg_authid_rolsecondpassword - 1] == false && - /* and the algorithm used doesn't match existing password's algorithm */ + /* and the algorithm used doesn't match existing password's algorithm */ roleFirstPassword != NULL && roleFirstPasswordType != Password_encryption) { if (roleFirstPasswordType == PASSWORD_TYPE_MD5) ereport(ERROR, (errmsg("role has an md5 password"), - errdetail("The new password must also use md5."))); + errdetail("The new password must also use md5."))); else if (roleFirstPasswordType == PASSWORD_TYPE_SCRAM_SHA_256) ereport(ERROR, (errmsg("role has a scram-sha-256 password"), - errdetail("The new password must also use scram-sha-256."))); + errdetail("The new password must also use scram-sha-256."))); else ereport(ERROR, (errmsg("role has a plaintext password"), - errdetail("The new password must also use plaintext."))); + errdetail("The new password must also use plaintext."))); } } diff --git a/src/backend/libpq/auth-scram.c b/src/backend/libpq/auth-scram.c index cd52e962ec..e7a2c773ce 100644 --- a/src/backend/libpq/auth-scram.c +++ b/src/backend/libpq/auth-scram.c @@ -136,7 +136,7 @@ typedef struct { uint8 StoredKey[SCRAM_MAX_KEY_LEN]; uint8 ServerKey[SCRAM_MAX_KEY_LEN]; -} scram_secret; +} scram_secret; typedef struct { @@ -152,15 +152,15 @@ typedef struct int key_length; /* - * The salt and iterations must be the same for all - * secrets since they are sent as part of the initial message + * The salt and iterations must be the same for all secrets since they are + * sent as part of the initial message */ int iterations; char *salt; /* base64-encoded */ /* Array of possible secrets */ scram_secret *secrets; int num_secrets; - int chosen_secret; /* secret chosen during final client message */ + int chosen_secret; /* secret chosen during final client message */ /* Fields of the first message from client */ char cbind_flag; @@ -255,8 +255,8 @@ scram_init(Port *port, const char *selected_mech, const char **secrets, const in scram_state *state; bool got_secret = false; int i; - int iterations; - char *salt = NULL; /* base64-encoded */ + int iterations; + char *salt = NULL; /* base64-encoded */ state = (scram_state *) palloc0(sizeof(scram_state)); state->port = port; @@ -303,12 +303,16 @@ scram_init(Port *port, const char *selected_mech, const char **secrets, const in { if (salt) { - /* The stored iterations and salt must match or we cannot proceed, allow failure via mock */ + /* + * The stored iterations and salt must match or we + * cannot proceed, allow failure via mock + */ if (strcmp(salt, state->salt) || iterations != state->iterations) { ereport(WARNING, (errmsg("inconsistent salt or iterations for user \"%s\"", - state->port->user_name))); - got_secret = false; /* fail and allow mock creditials to be created */ + state->port->user_name))); + got_secret = false; /* fail and allow mock + * creditials to be created */ pfree(state->secrets); state->num_secrets = 0; break; @@ -318,15 +322,16 @@ scram_init(Port *port, const char *selected_mech, const char **secrets, const in { salt = state->salt; iterations = state->iterations; - got_secret = true; /* We got at least one good SCRAM secret */ + got_secret = true; /* We got at least one good SCRAM + * secret */ } } else { /* - * The password looked like a SCRAM secret, but could not be - * parsed. - */ + * The password looked like a SCRAM secret, but could not + * be parsed. + */ ereport(LOG, (errmsg("invalid SCRAM secret for user \"%s\"", state->port->user_name))); @@ -527,7 +532,7 @@ pg_be_scram_build_secret(const char *password, const char *salt) if (pg_b64_decode(salt, strlen(salt), saltbuf, SCRAM_DEFAULT_SALT_LEN) == -1) ereport(ERROR, (errcode(ERRCODE_INTERNAL_ERROR), - errmsg("could not decode SCRAM salt"))); + errmsg("could not decode SCRAM salt"))); } result = scram_build_secret(PG_SHA256, SCRAM_SHA_256_KEY_LEN, @@ -1176,8 +1181,10 @@ verify_client_proof(scram_state *state) uint8 ClientKey[SCRAM_MAX_KEY_LEN]; uint8 client_StoredKey[SCRAM_MAX_KEY_LEN]; pg_hmac_ctx *ctx; - int i, j; + int i, + j; const char *errstr = NULL; + /* * Calculate ClientSignature. Note that we don't log directly a failure * here even when processing the calculations as this could involve a mock @@ -1186,29 +1193,30 @@ verify_client_proof(scram_state *state) for (j = 0; j < state->num_secrets; j++) { ctx = pg_hmac_create(state->hash_type); - elog(LOG, "Trying to verify password %d", j); // TODO: Convert to DEBUG2 + elog(LOG, "Trying to verify password %d", j); +//TODO: Convert to DEBUG2 - if (pg_hmac_init(ctx, state->secrets[j].StoredKey, state->key_length) < 0 || - pg_hmac_update(ctx, - (uint8 *) state->client_first_message_bare, - strlen(state->client_first_message_bare)) < 0 || - pg_hmac_update(ctx, (uint8 *) ",", 1) < 0 || - pg_hmac_update(ctx, - (uint8 *) state->server_first_message, - strlen(state->server_first_message)) < 0 || - pg_hmac_update(ctx, (uint8 *) ",", 1) < 0 || - pg_hmac_update(ctx, - (uint8 *) state->client_final_message_without_proof, - strlen(state->client_final_message_without_proof)) < 0 || - pg_hmac_final(ctx, ClientSignature, state->key_length) < 0) + if (pg_hmac_init(ctx, state->secrets[j].StoredKey, state->key_length) < 0 || + pg_hmac_update(ctx, + (uint8 *) state->client_first_message_bare, + strlen(state->client_first_message_bare)) < 0 || + pg_hmac_update(ctx, (uint8 *) ",", 1) < 0 || + pg_hmac_update(ctx, + (uint8 *) state->server_first_message, + strlen(state->server_first_message)) < 0 || + pg_hmac_update(ctx, (uint8 *) ",", 1) < 0 || + pg_hmac_update(ctx, + (uint8 *) state->client_final_message_without_proof, + strlen(state->client_final_message_without_proof)) < 0 || + pg_hmac_final(ctx, ClientSignature, state->key_length) < 0) { - // TODO: Convert to DEBUG2 + /* TODO: Convert to DEBUG2 */ elog(LOG, "could not calculate client signature for secret %d", j); pg_hmac_free(ctx); continue; } - // TODO: Convert to DEBUG2 + /* TODO: Convert to DEBUG2 */ elog(LOG, "succeeded on %d password", j); pg_hmac_free(ctx); @@ -1222,8 +1230,9 @@ verify_client_proof(scram_state *state) client_StoredKey, &errstr) < 0) elog(ERROR, "could not hash stored key: %s", errstr); - if (memcmp(client_StoredKey, state->secrets[j].StoredKey, state->key_length) == 0) { - // TODO: Convert to DEBUG2 + if (memcmp(client_StoredKey, state->secrets[j].StoredKey, state->key_length) == 0) + { + /* TODO: Convert to DEBUG2 */ elog(LOG, "Moving forward with Password %d", j); state->chosen_secret = j; return true; diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 7cc9b13645..04022eb288 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -789,8 +789,9 @@ CheckPasswordAuth(Port *port, const char **logdetail) { char *passwd; int result = STATUS_ERROR; - int i, num_passwords; - char **passwords; + int i, + num_passwords; + char **passwords; sendAuthRequest(port, AUTH_REQ_PASSWORD, NULL, 0); @@ -806,7 +807,8 @@ CheckPasswordAuth(Port *port, const char **logdetail) result = plain_crypt_verify(port->user_name, passwords[i], passwd, logdetail); if (result == STATUS_OK) - break; /* Found a matching password, no need to try any others */ + break; /* Found a matching password, no need to try + * any others */ } for (i = 0; i < num_passwords; i++) pfree(passwords[i]); @@ -830,9 +832,10 @@ CheckPWChallengeAuth(Port *port, const char **logdetail) { bool scram_pw_avail = false; int auth_result = STATUS_ERROR; - int i, num_passwords; + int i, + num_passwords; char **passwords; - PasswordType pwtype; + PasswordType pwtype; Assert(port->hba->auth_method == uaSCRAM || port->hba->auth_method == uaMD5); @@ -842,12 +845,12 @@ CheckPWChallengeAuth(Port *port, const char **logdetail) /* * If the user does not exist, or has no passwords or they're all expired, - * we still go through the motions of authentication, to avoid revealing to - * the client that the user didn't exist. If 'md5' is allowed, we choose - * whether to use 'md5' or 'scram-sha-256' authentication based on current - * password_encryption setting. The idea is that most genuine users - * probably have a password of that type, and if we pretend that this user - * had a password of that type, too, it "blends in" best. + * we still go through the motions of authentication, to avoid revealing + * to the client that the user didn't exist. If 'md5' is allowed, we + * choose whether to use 'md5' or 'scram-sha-256' authentication based on + * current password_encryption setting. The idea is that most genuine + * users probably have a password of that type, and if we pretend that + * this user had a password of that type, too, it "blends in" best. */ if (!passwords) pwtype = Password_encryption; @@ -855,8 +858,8 @@ CheckPWChallengeAuth(Port *port, const char **logdetail) /* * If 'md5' authentication is allowed, decide whether to perform 'md5' or * 'scram-sha-256' authentication based on the type of password the user - * has. If there's a SCRAM password available then we'll do SCRAM, otherwise we - * will fall back to trying to use MD5. + * has. If there's a SCRAM password available then we'll do SCRAM, + * otherwise we will fall back to trying to use MD5. * * If MD5 authentication is not allowed, always use SCRAM. If the user * had an MD5 password, CheckSASLAuth() with the SCRAM mechanism will @@ -885,7 +888,7 @@ CheckPWChallengeAuth(Port *port, const char **logdetail) auth_result = CheckMD5Auth(port, (const char **) passwords, num_passwords, logdetail); else auth_result = CheckSASLAuth(&pg_be_scram_mech, port, (const char **) passwords, num_passwords, - logdetail); + logdetail); for (i = 0; i < num_passwords; i++) { @@ -893,7 +896,7 @@ CheckPWChallengeAuth(Port *port, const char **logdetail) pfree(passwords[i]); else ereport(DEBUG2, - (errmsg("Password %d was null", i))); + (errmsg("Password %d was null", i))); } pfree(passwords); } diff --git a/src/backend/libpq/crypt.c b/src/backend/libpq/crypt.c index eaea00e535..d56f3bc399 100644 --- a/src/backend/libpq/crypt.c +++ b/src/backend/libpq/crypt.c @@ -33,7 +33,7 @@ * for the postmaster log, in *logdetail. The error reason should *not* be * sent to the client, to avoid giving away user information! */ -char ** +char ** get_role_passwords(const char *role, const char **logdetail, int *num_passwords) { TimestampTz vuntil = 0; @@ -64,8 +64,8 @@ get_role_passwords(const char *role, const char **logdetail, int *num_passwords) Anum_pg_authid_rolpassword, &password_isnull); second_datum = SysCacheGetAttr(AUTHNAME, roleTup, - Anum_pg_authid_rolsecondpassword, - &second_password_isnull); + Anum_pg_authid_rolsecondpassword, + &second_password_isnull); if (password_isnull && second_password_isnull) { ReleaseSysCache(roleTup); @@ -82,8 +82,8 @@ get_role_passwords(const char *role, const char **logdetail, int *num_passwords) datum = SysCacheGetAttr(AUTHNAME, roleTup, Anum_pg_authid_rolvaliduntil, &vuntil_isnull); second_datum = SysCacheGetAttr(AUTHNAME, roleTup, - Anum_pg_authid_rolsecondvaliduntil, - &second_vuntil_isnull); + Anum_pg_authid_rolsecondvaliduntil, + &second_vuntil_isnull); if (!vuntil_isnull) vuntil = DatumGetTimestampTz(datum); if (!second_vuntil_isnull) @@ -96,14 +96,14 @@ get_role_passwords(const char *role, const char **logdetail, int *num_passwords) */ current_ts = GetCurrentTimestamp(); *num_passwords = (!password_isnull && - (vuntil_isnull || vuntil >= current_ts)) - + (!second_password_isnull && - (second_vuntil_isnull || second_vuntil >= current_ts)); + (vuntil_isnull || vuntil >= current_ts)) + + (!second_password_isnull && + (second_vuntil_isnull || second_vuntil >= current_ts)); if (*num_passwords >= 1) { - int i = 0; - char **passwords = palloc(sizeof(char *) * (*num_passwords)); + int i = 0; + char **passwords = palloc(sizeof(char *) * (*num_passwords)); if (!password_isnull && (vuntil_isnull || vuntil >= current_ts)) { diff --git a/src/include/catalog/pg_authid.h b/src/include/catalog/pg_authid.h index 2a27ae3e10..b5107950c5 100644 --- a/src/include/catalog/pg_authid.h +++ b/src/include/catalog/pg_authid.h @@ -46,7 +46,8 @@ CATALOG(pg_authid,1260,AuthIdRelationId) BKI_SHARED_RELATION BKI_ROWTYPE_OID(284 text rolpassword; /* password, if any */ timestamptz rolvaliduntil; /* password expiration time, if any */ text rolsecondpassword; /* second password, if any */ - timestamptz rolsecondvaliduntil; /* second password expiration time, if any */ + timestamptz rolsecondvaliduntil; /* second password expiration time, if + * any */ #endif } FormData_pg_authid; diff --git a/src/include/utils/wait_event.h b/src/include/utils/wait_event.h index 009b03a520..5a7817cb32 100644 --- a/src/include/utils/wait_event.h +++ b/src/include/utils/wait_event.h @@ -57,7 +57,7 @@ typedef enum { WAIT_EVENT_EXTENSION = PG_WAIT_EXTENSION, WAIT_EVENT_EXTENSION_FIRST_USER_DEFINED -} WaitEventExtension; +} WaitEventExtension; extern void WaitEventExtensionShmemInit(void); extern Size WaitEventExtensionShmemSize(void); diff --git a/src/tools/pgindent/typedefs.list b/src/tools/pgindent/typedefs.list index 8de90c4958..be8e472473 100644 --- a/src/tools/pgindent/typedefs.list +++ b/src/tools/pgindent/typedefs.list @@ -1275,9 +1275,9 @@ JsonManifestWALRangeField JsonObjectAgg JsonObjectConstructor JsonOutput -JsonParseExpr JsonParseContext JsonParseErrorType +JsonParseExpr JsonPath JsonPathBool JsonPathExecContext @@ -1340,6 +1340,7 @@ LINE LLVMAttributeRef LLVMBasicBlockRef LLVMBuilderRef +LLVMContextRef LLVMErrorRef LLVMIntPredicate LLVMJITEventListenerRef @@ -1913,7 +1914,6 @@ ParallelHashJoinBatch ParallelHashJoinBatchAccessor ParallelHashJoinState ParallelIndexScanDesc -ParallelReadyList ParallelSlot ParallelSlotArray ParallelSlotResultHandler @@ -2992,7 +2992,6 @@ WaitEvent WaitEventActivity WaitEventBufferPin WaitEventClient -WaitEventExtension WaitEventExtensionCounterData WaitEventExtensionEntryById WaitEventExtensionEntryByName @@ -3401,6 +3400,7 @@ indexed_tlist inet inetKEY inet_struct +initRowMethod init_function inline_cte_walker_context inline_error_callback_arg @@ -3868,7 +3868,6 @@ wchar2mb_with_len_converter wchar_t win32_deadchild_waitinfo wint_t -worker_spi_state worker_state worktable wrap -- 2.41.0