head	1.39;
access;
symbols
	REL9_0_0:1.39
	REL9_1_ALPHA1:1.39
	REL9_0_RC1:1.39
	REL9_0_BETA4:1.39
	REL9_0_STABLE:1.39.0.14
	REL9_0_BETA3:1.39
	REL9_0_BETA2:1.39
	REL7_4_29:1.36
	REL8_0_25:1.37
	REL8_1_21:1.37
	REL8_2_17:1.37
	REL8_3_11:1.38
	REL8_4_4:1.39
	REL9_0_BETA1:1.39
	REL9_0_ALPHA5_BRANCH:1.39.0.12
	REL9_0_ALPHA5:1.39
	REL7_4_28:1.36
	REL8_0_24:1.37
	REL8_1_20:1.37
	REL8_2_16:1.37
	REL8_3_10:1.38
	REL8_4_3:1.39
	REL9_0_ALPHA4:1.39
	REL9_0_ALPHA4_BRANCH:1.39.0.10
	REL8_5_ALPHA3:1.39
	REL8_5_ALPHA3_BRANCH:1.39.0.8
	REL7_4_27:1.36
	REL8_0_23:1.37
	REL8_1_19:1.37
	REL8_2_15:1.37
	REL8_3_9:1.38
	REL8_4_2:1.39
	REL8_5_ALPHA2:1.39
	REL8_5_ALPHA2_BRANCH:1.39.0.6
	REL7_4_26:1.36
	REL8_0_22:1.37
	REL8_1_18:1.37
	REL8_2_14:1.37
	REL8_3_8:1.38
	REL8_4_1:1.39
	REL8_5_ALPHA1:1.39
	REL8_5_ALPHA1_BRANCH:1.39.0.4
	REL8_4_STABLE:1.39.0.2
	REL8_4_0:1.39
	REL8_4_RC2:1.39
	REL8_4_RC1:1.39
	REL8_4_BETA2:1.39
	REL8_4_BETA1:1.39
	REL7_4_25:1.36
	REL8_0_21:1.37
	REL8_1_17:1.37
	REL8_2_13:1.37
	REL8_3_7:1.38
	REL7_4_24:1.36
	REL8_0_20:1.37
	REL8_1_16:1.37
	REL8_2_12:1.37
	REL8_3_6:1.38
	REL7_4_23:1.36
	REL8_0_19:1.37
	REL8_1_15:1.37
	REL8_2_11:1.37
	REL8_3_5:1.38
	REL7_4_22:1.36
	REL8_0_18:1.37
	REL8_1_14:1.37
	REL8_2_10:1.37
	REL8_3_4:1.38
	REL7_4_21:1.36
	REL8_0_17:1.37
	REL8_1_13:1.37
	REL8_2_9:1.37
	REL8_3_3:1.38
	REL7_4_20:1.36
	REL8_0_16:1.37
	REL8_1_12:1.37
	REL8_2_8:1.37
	REL8_3_2:1.38
	REL8_2_7:1.37
	REL8_3_1:1.38
	REL8_3_STABLE:1.38.0.2
	REL8_3_0:1.38
	REL8_3_RC2:1.38
	REL7_3_21:1.33
	REL7_4_19:1.36
	REL8_0_15:1.37
	REL8_1_11:1.37
	REL8_2_6:1.37
	REL8_3_RC1:1.38
	REL8_3_BETA4:1.38
	REL8_3_BETA3:1.38
	REL8_3_BETA2:1.38
	REL8_3_BETA1:1.38
	REL7_3_20:1.33
	REL7_4_18:1.36
	REL8_0_14:1.37
	REL8_1_10:1.37
	REL8_2_5:1.37
	REL7_3_19:1.33
	REL7_4_17:1.36
	REL8_0_13:1.37
	REL8_1_9:1.37
	REL8_2_4:1.37
	REL8_0_12:1.37
	REL8_1_8:1.37
	REL8_2_3:1.37
	REL7_3_18:1.33
	REL7_4_16:1.36
	REL8_0_11:1.37
	REL8_1_7:1.37
	REL8_2_2:1.37
	REL8_0_10:1.37
	REL8_1_6:1.37
	REL8_2_1:1.37
	REL7_4_15:1.36
	REL7_3_17:1.33
	REL8_2_STABLE:1.37.0.8
	REL8_2_0:1.37
	REL8_2_RC1:1.37
	REL8_2_BETA3:1.37
	REL8_2_BETA2:1.37
	REL8_1_5:1.37
	REL8_0_9:1.37
	REL7_4_14:1.36
	REL7_3_16:1.33
	REL8_2_BETA1:1.37
	REL7_3_15:1.33
	REL7_4_13:1.36
	REL8_0_8:1.37
	REL8_1_4:1.37
	REL7_3_14:1.33
	REL7_4_12:1.36
	REL8_0_7:1.37
	REL8_1_3:1.37
	REL7_3_13:1.33
	REL7_4_11:1.36
	REL8_0_6:1.37
	REL8_1_2:1.37
	REL7_3_12:1.33
	REL7_4_10:1.36
	REL8_0_5:1.37
	REL8_1_1:1.37
	REL8_1_STABLE:1.37.0.6
	REL8_1_0:1.37
	REL8_1_0RC1:1.37
	REL8_1_0BETA4:1.37
	REL8_1_0BETA3:1.37
	REL7_3_11:1.33
	REL7_4_9:1.36
	REL8_0_4:1.37
	REL8_1_0BETA2:1.37
	REL8_1_0BETA1:1.37
	REL7_2_8:1.28
	REL7_3_10:1.33
	REL7_4_8:1.36
	REL8_0_3:1.37
	REL8_0_2:1.37
	REL7_2_7:1.28
	REL7_3_9:1.33
	REL7_4_7:1.36
	REL8_0_1:1.37
	REL8_0_STABLE:1.37.0.4
	REL8_0_0:1.37.0.2
	REL8_0_0RC5:1.37
	REL8_0_0RC4:1.37
	REL8_0_0RC3:1.37
	REL8_0_0RC2:1.37
	REL8_0_0RC1:1.37
	REL8_0_0BETA5:1.37
	REL8_0_0BETA4:1.37
	REL7_4_6:1.36
	REL7_3_8:1.33
	REL7_2_6:1.28
	REL8_0_0BETA3:1.37
	REL8_0_0BETA2:1.37
	REL7_2_5:1.28
	REL7_4_5:1.36
	REL7_3_7:1.33
	REL7_4_4:1.36
	REL8_0_0BETA1:1.37
	REL7_4_3:1.36
	REL7_4_2:1.36
	REL7_3_6:1.33
	REL7_4_1:1.36
	REL7_3_5:1.33
	REL7_4:1.36
	REL7_4_RC2:1.36
	REL7_4_STABLE:1.36.0.4
	REL7_4_RC1:1.36
	REL7_4_BETA5:1.36
	REL7_4_BETA4:1.36
	REL7_4_BETA3:1.36
	REL7_4_BETA2:1.36
	WIN32_DEV:1.36.0.2
	REL7_4_BETA1:1.36
	REL7_3_4:1.33
	REL7_3_2:1.33
	REL7_2_4:1.28
	REL7_3_STABLE:1.33.0.2
	REL7_2_3:1.28
	REL7_2_STABLE:1.28.0.2
	REL7_2:1.28
	REL7_2_RC2:1.28
	REL7_2_RC1:1.28
	REL7_2_BETA5:1.28
	REL7_2_BETA4:1.28
	REL7_2_BETA3:1.28
	REL7_2_BETA2:1.25
	REL7_2_BETA1:1.25
	REL7_1_2:1.24
	REL7_1_STABLE:1.24.0.2
	REL7_1_BETA:1.24
	REL7_1_BETA3:1.24
	REL7_1_BETA2:1.24
	REL7_1:1.24
	REL7_0_PATCHES:1.17.0.2
	REL7_0:1.17
	REL6_5_PATCHES:1.14.0.2
	REL6_5:1.14
	REL6_4:1.13.0.2
	release-6-3:1.10
	REL2_0B:1.4.0.2
	REL2_0:1.4;
locks; strict;
comment	@# @;


1.39
date	2008.02.19.10.30.07;	author petere;	state Exp;
branches;
next	1.38;

1.38
date	2007.01.20.17.16.11;	author petere;	state Exp;
branches;
next	1.37;

1.37
date	2003.11.29.19.51.49;	author pgsql;	state Exp;
branches;
next	1.36;

1.36
date	2003.01.06.03.18.26;	author momjian;	state Exp;
branches;
next	1.35;

1.35
date	2002.12.06.04.37.02;	author momjian;	state Exp;
branches;
next	1.34;

1.34
date	2002.12.06.03.46.24;	author momjian;	state Exp;
branches;
next	1.33;

1.33
date	2002.06.14.04.23.17;	author momjian;	state Exp;
branches;
next	1.32;

1.32
date	2002.06.14.04.09.36;	author momjian;	state Exp;
branches;
next	1.31;

1.31
date	2002.06.14.03.56.46;	author momjian;	state Exp;
branches;
next	1.30;

1.30
date	2002.04.04.04.25.46;	author momjian;	state Exp;
branches;
next	1.29;

1.29
date	2002.03.04.01.46.02;	author tgl;	state Exp;
branches;
next	1.28;

1.28
date	2001.11.13.22.06.58;	author momjian;	state Exp;
branches;
next	1.27;

1.27
date	2001.11.12.04.19.15;	author tgl;	state Exp;
branches;
next	1.26;

1.26
date	2001.11.12.01.42.03;	author momjian;	state Exp;
branches;
next	1.25;

1.25
date	2001.08.15.18.42.14;	author momjian;	state Exp;
branches;
next	1.24;

1.24
date	2000.08.25.10.00.30;	author petere;	state Exp;
branches;
next	1.23;

1.23
date	2000.07.09.13.48.45;	author petere;	state Exp;
branches;
next	1.22;

1.22
date	2000.07.09.13.14.05;	author petere;	state Exp;
branches;
next	1.21;

1.21
date	2000.07.08.03.04.39;	author tgl;	state Exp;
branches;
next	1.20;

1.20
date	2000.06.17.00.09.40;	author petere;	state Exp;
branches;
next	1.19;

1.19
date	2000.05.29.05.44.46;	author tgl;	state Exp;
branches;
next	1.18;

1.18
date	2000.05.28.17.55.56;	author tgl;	state Exp;
branches;
next	1.17;

1.17
date	2000.01.19.02.58.52;	author petere;	state Exp;
branches;
next	1.16;

1.16
date	99.12.13.22.32.43;	author momjian;	state Exp;
branches;
next	1.15;

1.15
date	99.12.09.19.14.40;	author momjian;	state Exp;
branches;
next	1.14;

1.14
date	99.04.25.03.27.15;	author tgl;	state Exp;
branches;
next	1.13;

1.13
date	98.07.26.04.30.27;	author scrappy;	state Exp;
branches;
next	1.12;

1.12
date	98.06.16.07.29.22;	author momjian;	state Exp;
branches;
next	1.11;

1.11
date	98.04.06.00.22.39;	author momjian;	state Exp;
branches;
next	1.10;

1.10
date	97.12.20.00.23.57;	author scrappy;	state Exp;
branches;
next	1.9;

1.9
date	97.12.17.04.58.58;	author scrappy;	state Exp;
branches;
next	1.8;

1.8
date	97.12.04.00.26.47;	author scrappy;	state Exp;
branches;
next	1.7;

1.7
date	97.04.04.10.39.19;	author scrappy;	state Exp;
branches;
next	1.6;

1.6
date	97.03.18.20.14.32;	author scrappy;	state Exp;
branches;
next	1.5;

1.5
date	97.03.12.21.17.45;	author scrappy;	state Exp;
branches;
next	1.4;

1.4
date	96.11.14.10.23.51;	author bryanh;	state Exp;
branches;
next	1.3;

1.3
date	96.11.06.08.48.21;	author scrappy;	state Exp;
branches;
next	1.2;

1.2
date	96.10.31.10.37.47;	author scrappy;	state Exp;
branches;
next	1.1;

1.1
date	96.10.27.09.47.47;	author bryanh;	state Exp;
branches;
next	;


desc
@@


1.39
log
@Refactor backend makefiles to remove lots of duplicate code
@
text
@#-------------------------------------------------------------------------
#
# Makefile--
#    Makefile for libpq subsystem (backend half of libpq interface)
#
# IDENTIFICATION
#    $PostgreSQL: pgsql/src/backend/libpq/Makefile,v 1.38 2007/01/20 17:16:11 petere Exp $
#
#-------------------------------------------------------------------------

subdir = src/backend/libpq
top_builddir = ../../..
include $(top_builddir)/src/Makefile.global

# be-fsstubs is here for historical reasons, probably belongs elsewhere

OBJS = be-fsstubs.o be-secure.o auth.o crypt.o hba.o ip.o md5.o pqcomm.o \
       pqformat.o pqsignal.o

include $(top_srcdir)/src/backend/common.mk
@


1.38
log
@Remove remains of old depend target.
@
text
@d7 1
a7 1
#    $PostgreSQL: pgsql/src/backend/libpq/Makefile,v 1.37 2003/11/29 19:51:49 pgsql Exp $
d20 1
a20 8

all: SUBSYS.o

SUBSYS.o: $(OBJS)
	$(LD) $(LDREL) $(LDOUT) SUBSYS.o $(OBJS)

clean: 
	rm -f SUBSYS.o $(OBJS) 
@


1.37
log
@
$Header: -> $PostgreSQL Changes ...
@
text
@d7 1
a7 1
#    $PostgreSQL: /cvsroot/pgsql-server/src/backend/libpq/Makefile,v 1.36 2003/01/06 03:18:26 momjian Exp $
a25 3
depend dep:
	$(CC) -MM $(CFLAGS) *.c >depend

a27 4

ifeq (depend,$(wildcard depend))
include depend
endif
@


1.36
log
@Enable IPv6 connections to the server, and add pg_hba.conf IPv6 entries
if the OS supports it.  Code will still compile on non-IPv6-aware
machines (feature added by Bruce).

Nigel Kukard
@
text
@d7 1
a7 1
#    $Header: /cvsroot/pgsql-server/src/backend/libpq/Makefile,v 1.35 2002/12/06 04:37:02 momjian Exp $
@


1.35
log
@Back out V6 code, caused postmaster startup failure.
@
text
@d7 1
a7 1
#    $Header: /cvsroot/pgsql-server/src/backend/libpq/Makefile,v 1.34 2002/12/06 03:46:24 momjian Exp $
d17 2
a18 2
OBJS = be-fsstubs.o be-secure.o auth.o crypt.o hba.o md5.o pqcomm.o \
	pqformat.o pqsignal.o
@


1.34
log
@We have just finished porting the old KAME IPv6 patch over to
postgresql version 7.3, but yea... this patch adds full IPv6
support to postgres. I've tested it out on 7.2.3 and has
been running perfectly stable.

CREDITS:
 The KAME Project  (Initial patch)
 Nigel Kukard  <nkukard@@lbsd.net>
 Johan Jordaan  <johanj@@lando.co.za>
@
text
@d7 1
a7 1
#    $Header: /cvsroot/pgsql-server/src/backend/libpq/Makefile,v 1.33 2002/06/14 04:23:17 momjian Exp $
d18 1
a18 1
	pqformat.o pqsignal.o v6util.o
@


1.33
log
@UPDATED PATCH:

Attached are a revised set of SSL patches.  Many of these patches
are motivated by security concerns, it's not just bug fixes.  The key
differences (from stock 7.2.1) are:

*) almost all code that directly uses the OpenSSL library is in two
   new files,

     src/interfaces/libpq/fe-ssl.c
     src/backend/postmaster/be-ssl.c

   in the long run, it would be nice to merge these two files.

*) the legacy code to read and write network data have been
   encapsulated into read_SSL() and write_SSL().  These functions
   should probably be renamed - they handle both SSL and non-SSL
   cases.

   the remaining code should eliminate the problems identified
   earlier, albeit not very cleanly.

*) both front- and back-ends will send a SSL shutdown via the
   new close_SSL() function.  This is necessary for sessions to
   work properly.

   (Sessions are not yet fully supported, but by cleanly closing
   the SSL connection instead of just sending a TCP FIN packet
   other SSL tools will be much happier.)

*) The client certificate and key are now expected in a subdirectory
   of the user's home directory.  Specifically,

	- the directory .postgresql must be owned by the user, and
	  allow no access by 'group' or 'other.'

	- the file .postgresql/postgresql.crt must be a regular file
	  owned by the user.

	- the file .postgresql/postgresql.key must be a regular file
	  owned by the user, and allow no access by 'group' or 'other'.

   At the current time encrypted private keys are not supported.
   There should also be a way to support multiple client certs/keys.

*) the front-end performs minimal validation of the back-end cert.
   Self-signed certs are permitted, but the common name *must*
   match the hostname used by the front-end.  (The cert itself
   should always use a fully qualified domain name (FDQN) in its
   common name field.)

   This means that

	  psql -h eris db

   will fail, but

	  psql -h eris.example.com db

   will succeed.  At the current time this must be an exact match;
   future patches may support any FQDN that resolves to the address
   returned by getpeername(2).

   Another common "problem" is expiring certs.  For now, it may be
   a good idea to use a very-long-lived self-signed cert.

   As a compile-time option, the front-end can specify a file
   containing valid root certificates, but it is not yet required.

*) the back-end performs minimal validation of the client cert.
   It allows self-signed certs.  It checks for expiration.  It
   supports a compile-time option specifying a file containing
   valid root certificates.

*) both front- and back-ends default to TLSv1, not SSLv3/SSLv2.

*) both front- and back-ends support DSA keys.  DSA keys are
   moderately more expensive on startup, but many people consider
   them preferable than RSA keys.  (E.g., SSH2 prefers DSA keys.)

*) if /dev/urandom exists, both client and server will read 16k
   of randomization data from it.

*) the server can read empheral DH parameters from the files

     $DataDir/dh512.pem
     $DataDir/dh1024.pem
     $DataDir/dh2048.pem
     $DataDir/dh4096.pem

   if none are provided, the server will default to hardcoded
   parameter files provided by the OpenSSL project.

Remaining tasks:

*) the select() clauses need to be revisited - the SSL abstraction
   layer may need to absorb more of the current code to avoid rare
   deadlock conditions.  This also touches on a true solution to
   the pg_eof() problem.

*) the SIGPIPE signal handler may need to be revisited.

*) support encrypted private keys.

*) sessions are not yet fully supported.  (SSL sessions can span
   multiple "connections," and allow the client and server to avoid
   costly renegotiations.)

*) makecert - a script that creates back-end certs.

*) pgkeygen - a tool that creates front-end certs.

*) the whole protocol issue, SASL, etc.

 *) certs are fully validated - valid root certs must be available.
    This is a hassle, but it means that you *can* trust the identity
    of the server.

 *) the client library can handle hardcoded root certificates, to
    avoid the need to copy these files.

 *) host name of server cert must resolve to IP address, or be a
    recognized alias.  This is more liberal than the previous
    iteration.

 *) the number of bytes transferred is tracked, and the session
    key is periodically renegotiated.

 *) basic cert generation scripts (mkcert.sh, pgkeygen.sh).  The
    configuration files have reasonable defaults for each type
    of use.

Bear Giles
@
text
@d7 1
a7 1
#    $Header: /cvsroot/pgsql/src/backend/libpq/Makefile,v 1.32 2002/06/14 04:09:36 momjian Exp $
d18 1
a18 1
	pqformat.o pqsignal.o
@


1.32
log
@Back out SSL changes.  Newer patch available.
@
text
@d7 1
a7 1
#    $Header: /cvsroot/pgsql/src/backend/libpq/Makefile,v 1.30 2002/04/04 04:25:46 momjian Exp $
d17 2
a18 1
OBJS = be-fsstubs.o auth.o crypt.o hba.o md5.o pqcomm.o pqformat.o pqsignal.o
@


1.31
log
@Attached are a revised set of SSL patches.  Many of these patches
are motivated by security concerns, it's not just bug fixes.  The key
differences (from stock 7.2.1) are:

*) almost all code that directly uses the OpenSSL library is in two
   new files,

     src/interfaces/libpq/fe-ssl.c
     src/backend/postmaster/be-ssl.c

   in the long run, it would be nice to merge these two files.

*) the legacy code to read and write network data have been
   encapsulated into read_SSL() and write_SSL().  These functions
   should probably be renamed - they handle both SSL and non-SSL
   cases.

   the remaining code should eliminate the problems identified
   earlier, albeit not very cleanly.

*) both front- and back-ends will send a SSL shutdown via the
   new close_SSL() function.  This is necessary for sessions to
   work properly.

   (Sessions are not yet fully supported, but by cleanly closing
   the SSL connection instead of just sending a TCP FIN packet
   other SSL tools will be much happier.)

*) The client certificate and key are now expected in a subdirectory
   of the user's home directory.  Specifically,

	- the directory .postgresql must be owned by the user, and
	  allow no access by 'group' or 'other.'

	- the file .postgresql/postgresql.crt must be a regular file
	  owned by the user.

	- the file .postgresql/postgresql.key must be a regular file
	  owned by the user, and allow no access by 'group' or 'other'.

   At the current time encrypted private keys are not supported.
   There should also be a way to support multiple client certs/keys.

*) the front-end performs minimal validation of the back-end cert.
   Self-signed certs are permitted, but the common name *must*
   match the hostname used by the front-end.  (The cert itself
   should always use a fully qualified domain name (FDQN) in its
   common name field.)

   This means that

	  psql -h eris db

   will fail, but

	  psql -h eris.example.com db

   will succeed.  At the current time this must be an exact match;
   future patches may support any FQDN that resolves to the address
   returned by getpeername(2).

   Another common "problem" is expiring certs.  For now, it may be
   a good idea to use a very-long-lived self-signed cert.

   As a compile-time option, the front-end can specify a file
   containing valid root certificates, but it is not yet required.

*) the back-end performs minimal validation of the client cert.
   It allows self-signed certs.  It checks for expiration.  It
   supports a compile-time option specifying a file containing
   valid root certificates.

*) both front- and back-ends default to TLSv1, not SSLv3/SSLv2.

*) both front- and back-ends support DSA keys.  DSA keys are
   moderately more expensive on startup, but many people consider
   them preferable than RSA keys.  (E.g., SSH2 prefers DSA keys.)

*) if /dev/urandom exists, both client and server will read 16k
   of randomization data from it.

*) the server can read empheral DH parameters from the files

     $DataDir/dh512.pem
     $DataDir/dh1024.pem
     $DataDir/dh2048.pem
     $DataDir/dh4096.pem

   if none are provided, the server will default to hardcoded
   parameter files provided by the OpenSSL project.

Remaining tasks:

*) the select() clauses need to be revisited - the SSL abstraction
   layer may need to absorb more of the current code to avoid rare
   deadlock conditions.  This also touches on a true solution to
   the pg_eof() problem.

*) the SIGPIPE signal handler may need to be revisited.

*) support encrypted private keys.

*) sessions are not yet fully supported.  (SSL sessions can span
   multiple "connections," and allow the client and server to avoid
   costly renegotiations.)

*) makecert - a script that creates back-end certs.

*) pgkeygen - a tool that creates front-end certs.

*) the whole protocol issue, SASL, etc.

 *) certs are fully validated - valid root certs must be available.
    This is a hassle, but it means that you *can* trust the identity
    of the server.

 *) the client library can handle hardcoded root certificates, to
    avoid the need to copy these files.

 *) host name of server cert must resolve to IP address, or be a
    recognized alias.  This is more liberal than the previous
    iteration.

 *) the number of bytes transferred is tracked, and the session
    key is periodically renegotiated.

 *) basic cert generation scripts (mkcert.sh, pgkeygen.sh).  The
    configuration files have reasonable defaults for each type
    of use.

Bear Giles
@
text
@d17 1
a17 2
OBJS = be-fsstubs.o be-ssl.o auth.o crypt.o hba.o md5.o pqcomm.o \
       pqformat.o pqsignal.o
@


1.30
log
@Authentication improvements:

A new pg_hba.conf column, USER
Allow specifiction of lists of users separated by commas
Allow group names specified by +
Allow include files containing lists of users specified by @@
Allow lists of databases, and database files
Allow samegroup in database column to match group name matching dbname
Removal of secondary password files
Remove pg_passwd utility
Lots of code cleanup in user.c and hba.c
New data/global/pg_pwd format
New data/global/pg_group file
@
text
@d7 1
a7 1
#    $Header: /cvsroot/pgsql/src/backend/libpq/Makefile,v 1.29 2002/03/04 01:46:02 tgl Exp $
d17 2
a18 1
OBJS = be-fsstubs.o auth.o crypt.o hba.o md5.o pqcomm.o pqformat.o pqsignal.o
@


1.29
log
@Further work on elog cleanup: fix some bogosities in elog's logic about
when to send what to which, prevent recursion by introducing new COMMERROR
elog level for client-communication problems, get rid of direct writes
to stderr in backend/libpq files, prevent non-error elogs from going to
client during the authentication cycle.
@
text
@d7 1
a7 1
#    $Header: /cvsroot/pgsql/src/backend/libpq/Makefile,v 1.28 2001/11/13 22:06:58 momjian Exp $
d17 1
a17 3
OBJS = be-fsstubs.o \
	auth.o crypt.o hba.o md5.o password.o \
	pqcomm.o pqformat.o pqsignal.o
@


1.28
log
@Remove md5.c check, add CVS log stamp.  Update comments.
@
text
@d7 1
a7 1
#    $Header: /cvsroot/pgsql/src/backend/libpq/Makefile,v 1.27 2001/11/12 04:19:15 tgl Exp $
d19 1
a19 1
	pqcomm.o pqformat.o pqsignal.o util.o
@


1.27
log
@The PacketReceive/PacketSend routines aren't used anymore.
@
text
@d7 1
a7 1
#    $Header: /cvsroot/pgsql/src/backend/libpq/Makefile,v 1.26 2001/11/12 01:42:03 momjian Exp $
d22 1
a22 6
all: check_md5 SUBSYS.o

check_md5:
	@@cmp -s md5.c ../../interfaces/odbc/md5.c || \
	(echo "src/interfaces/odbc/md5.c doesn't match src/backend/libpq/md5.c" && \
	 exit 1)
@


1.26
log
@Add code to check that md5.c files are in sync.
@
text
@d7 1
a7 1
#    $Header: /cvsroot/pgsql/src/backend/libpq/Makefile,v 1.25 2001/08/15 18:42:14 momjian Exp $
d19 1
a19 1
	pqcomm.o pqformat.o pqpacket.o pqsignal.o util.o
@


1.25
log
@Use MD5 for wire protocol encryption for >= 7.2 client/server.
Allow pg_shadow to be MD5 encrypted.
Add ENCRYPTED/UNENCRYPTED option to CREATE/ALTER user.
Add password_encryption postgresql.conf option.
Update wire protocol version to 2.1.
@
text
@d7 1
a7 1
#    $Header: /home/projects/pgsql/cvsroot/pgsql/src/backend/libpq/Makefile,v 1.24 2000/08/25 10:00:30 petere Exp $
d22 6
a27 1
all: SUBSYS.o
@


1.24
log
@Make the location of the Kerberos server key file run time configurable
(rather than compile time). For libpq, even when Kerberos support is
compiled in, the default user name should still fall back to geteuid()
if it can't be determined via the Kerberos system.

A couple of fixes for string type configuration parameters, now that there
is one.
@
text
@d7 1
a7 1
#    $Header: /home/projects/pgsql/cvsroot/pgsql/src/backend/libpq/Makefile,v 1.23 2000/07/09 13:48:45 petere Exp $
d18 1
a18 1
	auth.o crypt.o hba.o password.o \
@


1.23
log
@typo
@
text
@d7 1
a7 1
#    $Header: /home/projects/pgsql/cvsroot/pgsql/src/backend/libpq/Makefile,v 1.22 2000/07/09 13:14:05 petere Exp $
d13 1
a13 1
include ../../Makefile.global
a20 6
# This location might depend on the installation directories. Therefore
# we can't subsitute it into config.h.
ifdef krb_srvtab
CPPFLAGS += -DPG_KRB_SRVTAB='"$(krb_srvtab)"'
endif

a35 1

@


1.22
log
@Another round of those unportable config/build changes :-/

* Add option to build with OpenSSL out of the box. Fix thusly exposed
  bit rot. Although it compiles now, getting this to do something
  useful is left as an exercise.

* Fix Kerberos options to defer checking for required libraries until
  all the other libraries are checked for.

* Change default odbcinst.ini and krb5.srvtab path to PREFIX/etc.

* Install work around for Autoconf's install-sh relative path anomaly.
  Get rid of old INSTL_*_OPTS variables, now that we don't need them
  anymore.

* Use `gunzip -c' instead of g?zcat. Reportedly broke on AIX.

* Look for only one of readline.h or readline/readline.h, not both.

* Make check for PS_STRINGS cacheable. Don't test for the header files
  separately.

* Disable fcntl(F_SETLK) test on Linux.

* Substitute the standard GCC warnings set into CFLAGS in configure,
  don't add it on in Makefile.global.

* Sweep through contrib tree to teach makefiles standard semantics.

... and in completely unrelated news:

* Make postmaster.opts arbitrary options-aware. I still think we need to
  save the environment as well.
@
text
@d7 1
a7 1
#    $Header: /home/projects/pgsql/cvsroot/pgsql/src/backend/libpq/Makefile,v 1.21 2000/07/08 03:04:39 tgl Exp $
d12 1
a12 1
top_builddir = ../..
@


1.21
log
@Remove long-dead support for invoking queries from dynamically loaded
backend functions via backend PQexec().  The SPI interface has long
been our only documented way to do this, and the backend pqexec/portal
code is unused and suffering bit-rot.  I'm putting it out of its misery.
@
text
@d7 1
a7 1
#    $Header: /home/projects/pgsql/cvsroot/pgsql/src/backend/libpq/Makefile,v 1.20 2000/06/17 00:09:40 petere Exp $
d11 2
a12 1
SRCDIR = ../..
d20 6
@


1.20
log
@Remove fmgrstamp-h business -- not needed and confusing

Add options to configure to automatically build for Kerberos
support; no more editing of make files.
@
text
@d7 1
a7 1
#    $Header: /home/projects/pgsql/cvsroot/pgsql/src/backend/libpq/Makefile,v 1.19 2000/05/29 05:44:46 tgl Exp $
d14 4
a17 2
OBJS = be-dumpdata.o be-fsstubs.o be-pqexec.o portal.o portalbuf.o \
	auth.o hba.o crypt.o password.o \
@


1.19
log
@Generated header files parse.h and fmgroids.h are now copied into
the src/include tree, so that -I backend is no longer necessary anywhere.
Also, clean up some bit rot in contrib tree.
@
text
@d7 1
a7 1
#    $Header: /home/projects/pgsql/cvsroot/pgsql/src/backend/libpq/Makefile,v 1.18 2000/05/28 17:55:56 tgl Exp $
a12 6

# kerberos flags
ifdef KRBVERS
CFLAGS+= $(KRBFLAGS)
LDFLAGS+= $(KRBLIBS)
endif
@


1.18
log
@First round of changes for new fmgr interface.  fmgr itself and the
key call sites are changed, but most called functions are still oldstyle.
An exception is that the PL managers are updated (so, for example, NULL
handling now behaves as expected in plperl and plpgsql functions).
NOTE initdb is forced due to added column in pg_proc.
@
text
@d7 1
a7 1
#    $Header: /home/projects/pgsql/cvsroot/pgsql/src/backend/libpq/Makefile,v 1.17 2000/01/19 02:58:52 petere Exp $
a12 2

CFLAGS += -I..
@


1.17
log
@Removed MBFLAGS from makefiles since it's now done in include/config.h.
@
text
@d7 1
a7 1
#    $Header: /usr/local/cvsroot/pgsql/src/backend/libpq/Makefile,v 1.16 1999/12/13 22:32:43 momjian Exp $
a30 5

be-dumpdata.o be-pqexec.o: ../fmgr.h

../fmgr.h: 
	$(MAKE) -C .. fmgr.h
@


1.16
log
@New LDOUT makefile variable for QNX os.
@
text
@d7 1
a7 1
#    $Header: /usr/local/cvsroot/pgsql/src/backend/libpq/Makefile,v 1.15 1999/12/09 19:14:40 momjian Exp $
a19 4
endif

ifdef MULTIBYTE
CFLAGS+= $(MBFLAGS)
@


1.15
log
@Make LD -r as macros that can be changed for QNX.
@
text
@d7 1
a7 1
#    $Header: /usr/local/cvsroot/pgsql/src/backend/libpq/Makefile,v 1.14 1999/04/25 03:27:15 tgl Exp $
d34 1
a34 1
	$(LD) $(LDREL) -o SUBSYS.o $(OBJS)
@


1.14
log
@Ooops, missed committing this one...
@
text
@d7 1
a7 1
#    $Header: /usr/local/cvsroot/pgsql/src/backend/libpq/Makefile,v 1.13 1998/07/26 04:30:27 scrappy Exp $
d34 1
a34 1
	$(LD) -r -o SUBSYS.o $(OBJS)
@


1.13
log
@
From: t-ishii@@sra.co.jp

As Bruce mentioned, this is due to the conflict among changes we made.
Included patches should fix the problem(I changed all MB to
MULTIBYTE). Please let me know if you have further problem.

P.S. I did not include pathces to configure and gram.c to save the
file size(configure.in and gram.y modified).
@
text
@d7 1
a7 1
#    $Header: /usr/local/cvsroot/pgsql/src/backend/libpq/Makefile,v 1.12 1998/06/16 07:29:22 momjian Exp $
d26 4
a29 3
OBJS = be-dumpdata.o be-fsstubs.o be-pqexec.o pqcomprim.o\
       auth.o hba.o crypt.o pqcomm.o portal.o util.o portalbuf.o pqpacket.o pqsignal.o \
       password.o
@


1.12
log
@Hi, here are the patches to enhance existing MB handling. This time
I have implemented a framework of encoding translation between the
backend and the frontend. Also I have added a new variable setting
command:

SET CLIENT_ENCODING TO 'encoding';

Other features include:
	Latin1 support more 8 bit cleaness

See doc/README.mb for more details. Note that the pacthes are
against May 30 snapshot.

Tatsuo Ishii
@
text
@d7 1
a7 1
#    $Header: /usr/local/cvsroot/pgsql/src/backend/libpq/Makefile,v 1.11 1998/04/06 00:22:39 momjian Exp $
d22 2
a23 2
ifdef MB
CFLAGS+= -DMB=$(MB)
@


1.11
log
@Hi,

Attached you'll find a (big) patch that fixes make dep and make
depend in all Makefiles where I found it to be appropriate.

It also removes the dependency in Makefile.global for NAMEDATALEN
and OIDNAMELEN by making backend/catalog/genbki.sh and bin/initdb/initdb.sh
a little smarter.

This no longer requires initdb.sh that is turned into initdb with
a sed script when installing Postgres, hence initdb.sh should be
renamed to initdb (after the patch has been applied :-) )

This patch is against the 6.3 sources, as it took a while to
complete.

Please review and apply,

Cheers,

Jeroen van Vianen
@
text
@d7 1
a7 1
#    $Header: /usr/local/cvsroot/pgsql/src/backend/libpq/Makefile,v 1.10 1997/12/20 00:23:57 scrappy Exp $
d20 4
@


1.10
log
@Major cleanout of PORTNAME variables from Makefiles...bound to screw up
some of the ports...
@
text
@d7 1
a7 1
#    $Header: /usr/local/cvsroot/pgsql/src/backend/libpq/Makefile,v 1.9 1997/12/17 04:58:58 scrappy Exp $
d14 1
a14 3
INCLUDE_OPT = -I.. 

CFLAGS+=$(INCLUDE_OPT)
d37 1
a37 1
	$(CC) -MM $(INCLUDE_OPT) *.c >depend
@


1.9
log
@First pass through, of many to come, towards making the whole source
tree "non-PORTNAME" dependent.  Technically, anything that is PORTNAME
dependent should be able to be derived at compile time, through configure
or through gcc
@
text
@d7 1
a7 1
#    $Header: /usr/local/cvsroot/pgsql/src/backend/libpq/Makefile,v 1.8 1997/12/04 00:26:47 scrappy Exp $
a14 4

ifdef PORTNAME
INCLUDE_OPT+=-I../port/$(PORTNAME) 
endif
@


1.8
log
@From: todd brandys <brandys@@eng3.hep.uiuc.edu>

An extension to the code to allow for a pg_password authentication database
that is *seperate* from the system password file
@
text
@d7 1
a7 1
#    $Header: /usr/local/cvsroot/pgsql/src/backend/libpq/Makefile,v 1.7 1997/04/04 10:39:19 scrappy Exp $
d14 5
a18 3
INCLUDE_OPT = -I.. \
              -I../port/$(PORTNAME) \
              -I../../include
@


1.7
log
@This commit represents a clean compile with the new templates under
FreeBSD

The Makefile(s) have all been cleaned up such that there is a single
LDFLAGS vs LD_ADD or LDADD or LDFLAGS or LDFLAGS_BE.  The Makefile(s)
should be alot more straightforward then they were before...and
consistent
@
text
@d7 1
a7 1
#    $Header: /usr/local/cvsroot/postgres95/src/backend/libpq/Makefile,v 1.6 1997/03/18 20:14:32 scrappy Exp $
d27 1
a27 1
       auth.o hba.o pqcomm.o portal.o util.o portalbuf.o pqpacket.o pqsignal.o \
@


1.6
log
@  - Move most of the I/O in both libpq and the backend to a set
    of common routines in pqcomprim.c (pq communication primitives).
    Not all adapted to it yet, but it's a start.

  - Rewritten some of those routines, to write/read bigger chunks of
    data, precomputing stuff in buffers instead of sending out byte
    by byte.

  - As a consequence, I need to know the endianness of the machine.
    Currently I rely on getting it from machine/endian.h, but this
    may not be available everywhere? (Who the hell thought it was
    a good idea to pass integers to the backend the other way around
    than the normal network byte order? *argl*)

  - Libpq looks in the environment for magic variables, and upon
    establishing a connection to the backend, sends it queries
    of the form "SET var_name TO 'var_value'". This needs a change
    in the backend parser (Mr. Parser, are you there? :)

  - Currently it looks for two Env-Vars, namely PG_DATEFORMAT
    and PG_FLOATFORMAT. What else makes sense? PG_TIMEFORMAT?
    PG_TIMEZONE?

From: "Martin J. Laubach" <mjl@@wwx.vip.at>
@
text
@d7 1
a7 1
#    $Header: /usr/local/cvsroot/postgres95/src/backend/libpq/Makefile,v 1.5 1997/03/12 21:17:45 scrappy Exp $
d23 1
a23 1
LDADD+= $(KRBLIBS)
@


1.5
log
@From: Dan McGuirk <mcguirk@@indirect.com>
Subject: [HACKERS] password authentication

This patch adds support for plaintext password authentication.  To use
it, you add a line like

host         all         0.0.0.0       0.0.0.0           password  pg_pwd.conf


to your pg_hba.conf, where 'pg_pwd.conf' is the name of a file containing
the usernames and password hashes in the format of the first two fields
of a Unix /etc/passwd file.  (Of course, you can use a specific database
name or IP instead.)

Then, to connect with a password through libpq, you use the PQconnectdb()
function, specifying the "password=" tag in the connect string and also
adding the tag "authtype=password".

I also added a command-line switch '-u' to psql that tells it to prompt
for a username and password and use password authentication.
@
text
@d7 1
a7 1
#    $Header: /usr/local/cvsroot/postgres95/src/backend/libpq/Makefile,v 1.4 1996/11/14 10:23:51 bryanh Exp $
d26 1
a26 1
OBJS = be-dumpdata.o be-fsstubs.o be-pqexec.o \
@


1.4
log
@Remove most compile-time options, add a few runtime options to make up for it.
In particular, no more compiled-in default for PGDATA or LIBDIR.  Commands
that need them need either invocation options or environment variables.
PGPORT default is hardcoded as 5432, but overrideable with options or
environment variables.
@
text
@d7 1
a7 1
#    $Header: /usr/local/cvsroot/postgres95/src/backend/libpq/Makefile,v 1.3 1996/11/06 08:48:21 scrappy Exp $
d27 2
a28 1
       auth.o hba.o pqcomm.o portal.o util.o portalbuf.o pqpacket.o pqsignal.o
@


1.3
log
@I'm getting there, slowly :)
@
text
@d7 1
a7 1
#    $Header: /usr/local/cvsroot/postgres95/src/backend/libpq/Makefile,v 1.2 1996/10/31 10:37:47 scrappy Exp $
a18 1
CFLAGS+= -DPOSTPORT='"$(POSTPORT)"'
@


1.2
log
@clean up makefile

add #include "postgres.h"
@
text
@d7 1
a7 1
#    $Header: /usr/local/cvsroot/postgres95/src/backend/libpq/Makefile,v 1.1 1996/10/27 09:47:47 bryanh Exp $
d14 2
a15 1
INCLUDE_OPT = -I../port/$(PORTNAME) \
@


1.1
log
@Simplify make files, add full dependencies.
@
text
@d7 1
a7 1
#    $Header: /usr/local/cvsroot/postgres95/src/backend/access/common/Makefile.inc,v 1.1.1.1 1996/07/09 06:21:09 scrappy Exp $
d14 1
a14 3
INCLUDE_OPT = -I.. \
              -I../port/$(PORTNAME) \
              -I../include \
@
