BUG #16106: Patch - Radius secrets always gets lowercased
The Post Office <noreply@postgresql.org>
From: PG Bug reporting form <noreply@postgresql.org>
To: pgsql-bugs@lists.postgresql.org
Cc: mdavid@palantir.com
Date: 2019-11-11T18:01:35Z
Lists: pgsql-bugs
The following bug has been logged on the website:
Bug reference: 16106
Logged by: Marcos David
Email address: mdavid@palantir.com
PostgreSQL version: 12.0
Operating system: Centos 7
Description:
I'm using radius authentication in pg_hba.conf and I've run into the
following issue.
The radiussecrets is always getting lowercased even if I start it with
double quotes. Seems the double quotes are removed by the tokenization
process and then the secret gets lowercased by
https://github.com/postgres/postgres/blob/REL_12_STABLE/src/backend/utils/adt/varlena.c#L3652
I'm attaching a patch for this since I don't think the secrets should ever
be lowercased.
--- src/backend/libpq/hba.c.old 2019-11-08 16:42:27.934508368 +0000
+++ src/backend/libpq/hba.c 2019-11-08 16:43:12.069173627 +0000
@@ -2011,7 +2011,7 @@
REQUIRE_AUTH_OPTION(uaRADIUS, "radiussecrets", "radius");
- if (!SplitIdentifierString(dupval, ',', &parsed_secrets))
+ if (!SplitGUCList(dupval, ',', &parsed_secrets))
{
/* syntax error in list */
ereport(elevel,
@@ -2033,7 +2033,7 @@
REQUIRE_AUTH_OPTION(uaRADIUS, "radiusidentifiers", "radius");
- if (!SplitIdentifierString(dupval, ',', &parsed_identifiers))
+ if (!SplitGUCList(dupval, ',', &parsed_identifiers))
{
/* syntax error in list */
ereport(elevel,
Commits
-
Avoid using SplitIdentifierString to parse ListenAddresses, too.
- 7bf40ea0d028 13.0 landed
-
Avoid downcasing/truncation of RADIUS authentication parameters.
- d9802590a1b3 12.2 landed
- d66e68207e99 11.7 landed
- 7618eaf5f315 13.0 landed
- 4be69e2ea14d 10.12 landed
-
Support multiple RADIUS servers
- 6b76f1bb58f5 10.0 cited