Re: [BUGS] Possible password authentication bug in 6.3.1 (fwd)

Does this make sense to anyone familiar with that area of the code.

Forwarded message:
> From fcarello(at)srd(dot)it Sat Apr 4 08:59:43 1998
> Message-Id: <199804041303(dot)PAA09515(at)shadow(dot)srd(dot)it>
> Comments: Authenticated sender is <fcarello(at)mail(dot)srd(dot)it>
> From: "Fernando Carello" <fcarello(at)srd(dot)it>
> To: Bruce Momjian <maillist(at)candle(dot)pha(dot)pa(dot)us>
> Date: Sat, 4 Apr 1998 16:08:35 +0000
> MIME-Version: 1.0
> Content-type: text/plain; charset=US-ASCII
> Content-transfer-encoding: 7BIT
> Subject: Re: [BUGS] Possible password authentication bug in 6.3.1
> Priority: normal
> In-reply-to: <199804032005(dot)PAA16568(at)candle(dot)pha(dot)pa(dot)us>
> References: <199804031722(dot)TAA06756(at)shadow(dot)srd(dot)it> from "fcarello(at)srd(dot)it" at Apr 3, 98 08:16:40 pm
> X-mailer: Pegasus Mail for Win32 (v2.54)
>
>
> > Try adding another host line to the end of the file, and let me know if
> > that fixes it.
>
> Added:
>
> host users 192.168.0.1 255.255.255.255 password
>
> at the end of pg_hba.conf, but the error is still there.
>
> Please note that I don't make use of Unix sockets for the connection,
> I use TCP/IP instead (" -i ").
>
> I've also commented out the (original) last two lines that allowed
> restrictless connections from the localhost.
>
> I'm not very familiar with Postgres internals, but it *seems* to me
> that the variable "areq" is not getting the right value: it should be
> "3" ( = AUTH_REQ_PASSWORD) for plain-password authentication, while
> it gets "13824".
> ----
> Now I'm at home, and I'm playing a little with libpq sources: here
> I've got Postgres 6.3 (not 6.3.1) and I get a value of areq = 14336
> (and the same error, of course).
> So I printed out areq value in "fe-connect.c", just after the
> pqGetInt call: I get areq = "14336d", that is quite strange; of
> course, shortly after, the call to fe_sendauth fails.
> Then I tried to force areq=3 just before calling fe_sendauth (we are
> near the middle of fe-connect.c), and it happens that the error
> becomes:
>
> FATAL 1: Socket command option.
>
> Don't know if that helps in some way ! :-)
>
> Please let me know if I can do something useful (btw, I'm in trouble
> with that authentication stuff: for now I'm not able to protect my
> data, so I shutted down the SQL server), and as always thanks to all
> you people.
>
>
> Fernando Carello
>

--
Bruce Momjian | 830 Blythe Avenue
maillist(at)candle(dot)pha(dot)pa(dot)us | Drexel Hill, Pennsylvania 19026
+ If your life is a hard drive, | (610) 353-9879(w)
+ Christ can be your backup. | (610) 853-3000(h)