mirror/postgresql
2
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2024-12-27 08:39:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

Allow 'password' encryption even when pg_shadow has MD5 passwords, per

Browse Source 
report from Terry Yapt and Hiroshi.

Backpatch to 7.3.
This commit is contained in:
Bruce Momjian 2002-12-05 18:39:43 +00:00
parent 1fd0c59e25
commit 44ab596b01
2 changed files with 24 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/backend/libpq/crypt.c
View File

@ -9,7 +9,7 @@
* Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* $Header: /cvsroot/pgsql/src/backend/libpq/crypt.c,v 1.49 2002/09/04 20:31:19 momjian Exp $
* $Header: /cvsroot/pgsql/src/backend/libpq/crypt.c,v 1.50 2002/12/05 18:39:43 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@ -29,7 +29,7 @@
int
md5_crypt_verify(const Port *port, const char *user, const char *pgpass)
md5_crypt_verify(const Port *port, const char *user, char *pgpass)
{
char *passwd = NULL,
*valuntil = NULL,
@ -37,6 +37,7 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass)
int retval = STATUS_ERROR;
List **line;
List *token;
char *crypt_pgpass = pgpass;
if ((line = get_user_line(user)) == NULL)
return STATUS_ERROR;
@ -54,11 +55,11 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass)
if (passwd == NULL || *passwd == '\0')
return STATUS_ERROR;
/* If they encrypt their password, force MD5 */
if (isMD5(passwd) && port->auth_method != uaMD5)
/* We can't do crypt with pg_shadow MD5 passwords */
if (isMD5(passwd) && port->auth_method == uaCrypt)
{
elog(LOG, "Password is stored MD5 encrypted. "
"'password' and 'crypt' auth methods cannot be used.");
"'crypt' auth method cannot be used.");
return STATUS_ERROR;
}
@ -72,6 +73,7 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass)
crypt_pwd = palloc(MD5_PASSWD_LEN + 1);
if (isMD5(passwd))
{
/* pg_shadow already encrypted, only do salt */
if (!EncryptMD5(passwd + strlen("md5"),
(char *) port->md5Salt,
sizeof(port->md5Salt), crypt_pwd))
@ -82,6 +84,7 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass)
}
else
{
/* pg_shadow plain, double-encrypt */
char *crypt_pwd2 = palloc(MD5_PASSWD_LEN + 1);
if (!EncryptMD5(passwd, port->user, strlen(port->user),
@ -110,11 +113,22 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass)
break;
}
default:
if (isMD5(passwd))
{
/* Encrypt user-supplied password to match MD5 in pg_shadow */
crypt_pgpass = palloc(MD5_PASSWD_LEN + 1);
if (!EncryptMD5(pgpass, port->user, strlen(port->user),
crypt_pgpass))
{
pfree(crypt_pgpass);
return STATUS_ERROR;
}
}
crypt_pwd = passwd;
break;
}
if (strcmp(pgpass, crypt_pwd) == 0)
if (strcmp(crypt_pgpass, crypt_pwd) == 0)
{
/*
* Password OK, now check to be sure we are not past valuntil
@ -136,6 +150,8 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass)
if (port->auth_method == uaMD5)
pfree(crypt_pwd);
if (crypt_pgpass != pgpass)
pfree(crypt_pgpass);
return retval;
}

4
src/include/libpq/crypt.h
View File

@ -6,7 +6,7 @@
* Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* $Id: crypt.h,v 1.22 2002/09/04 20:31:42 momjian Exp $
* $Id: crypt.h,v 1.23 2002/12/05 18:39:43 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@ -23,7 +23,7 @@
extern int md5_crypt_verify(const Port *port, const char *user,
const char *pgpass);
char *pgpass);
extern bool md5_hash(const void *buff, size_t len, char *hexsum);
extern bool CheckMD5Pwd(char *passwd, char *storedpwd, char *seed);