NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit44ab596

committed

Allow 'password' encryption even when pg_shadow has MD5 passwords, per

report from Terry Yapt and Hiroshi.Backpatch to 7.3.

1 parent1fd0c59 commit44ab596Copy full SHA for 44ab596

File tree

2 files changed

+24

-8

lines changed

src
- backend/libpq
  - crypt.c
- include/libpq
  - crypt.h

2 files changed

+24

-8

lines changed

`‎src/backend/libpq/crypt.c‎`

Lines changed: 22 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@`
`9`	`9`	`* Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group`
`10`	`10`	`* Portions Copyright (c) 1994, Regents of the University of California`
`11`	`11`	`*`
`12`		`- * $Header: /cvsroot/pgsql/src/backend/libpq/crypt.c,v 1.49 2002/09/04 20:31:19 momjian Exp $`
	`12`	`+ * $Header: /cvsroot/pgsql/src/backend/libpq/crypt.c,v 1.50 2002/12/05 18:39:43 momjian Exp $`
`13`	`13`	`*`
`14`	`14`	`*-------------------------------------------------------------------------`
`15`	`15`	`*/`
`@@ -29,14 +29,15 @@`
`29`	`29`
`30`	`30`
`31`	`31`	`int`
`32`		`-md5_crypt_verify(constPortport,constcharuser,constchar*pgpass)`
	`32`	`+md5_crypt_verify(constPortport,constcharuser,char*pgpass)`
`33`	`33`	`{`
`34`	`34`	`char*passwd=NULL,`
`35`	`35`	`*valuntil=NULL,`
`36`	`36`	`*crypt_pwd;`
`37`	`37`	`intretval=STATUS_ERROR;`
`38`	`38`	`List**line;`
`39`	`39`	`List*token;`
	`40`	`+char*crypt_pgpass=pgpass;`
`40`	`41`
`41`	`42`	`if ((line=get_user_line(user))==NULL)`
`42`	`43`	`returnSTATUS_ERROR;`
`@@ -54,11 +55,11 @@ md5_crypt_verify(const Port port, const char user, const char *pgpass)`
`54`	`55`	`if (passwd==NULL\|\|*passwd=='\0')`
`55`	`56`	`returnSTATUS_ERROR;`
`56`	`57`
`57`		`-/If they encrypt their password, force MD5 /`
`58`		`-if (isMD5(passwd)&&port->auth_method!=uaMD5)`
	`58`	`+/We can't do crypt with pg_shadow MD5 passwords /`
	`59`	`+if (isMD5(passwd)&&port->auth_method==uaCrypt)`
`59`	`60`	`{`
`60`	`61`	`elog(LOG,"Password is stored MD5 encrypted. "`
`61`		`-"'password' and 'crypt' authmethods cannot be used.");`
	`62`	`+"'crypt' authmethod cannot be used.");`
`62`	`63`	`returnSTATUS_ERROR;`
`63`	`64`	`}`
`64`	`65`
`@@ -72,6 +73,7 @@ md5_crypt_verify(const Port port, const char user, const char *pgpass)`
`72`	`73`	`crypt_pwd=palloc(MD5_PASSWD_LEN+1);`
`73`	`74`	`if (isMD5(passwd))`
`74`	`75`	`{`
	`76`	`+/* pg_shadow already encrypted, only do salt */`
`75`	`77`	`if (!EncryptMD5(passwd+strlen("md5"),`
`76`	`78`	`(char*)port->md5Salt,`
`77`	`79`	`sizeof(port->md5Salt),crypt_pwd))`
`@@ -82,6 +84,7 @@ md5_crypt_verify(const Port port, const char user, const char *pgpass)`
`82`	`84`	`}`
`83`	`85`	`else`
`84`	`86`	`{`
	`87`	`+/* pg_shadow plain, double-encrypt */`
`85`	`88`	`char*crypt_pwd2=palloc(MD5_PASSWD_LEN+1);`
`86`	`89`
`87`	`90`	`if (!EncryptMD5(passwd,port->user,strlen(port->user),`
`@@ -110,11 +113,22 @@ md5_crypt_verify(const Port port, const char user, const char *pgpass)`
`110`	`113`	`break;`
`111`	`114`	`}`
`112`	`115`	`default:`
	`116`	`+if (isMD5(passwd))`
	`117`	`+{`
	`118`	`+/* Encrypt user-supplied password to match MD5 in pg_shadow */`
	`119`	`+crypt_pgpass=palloc(MD5_PASSWD_LEN+1);`
	`120`	`+if (!EncryptMD5(pgpass,port->user,strlen(port->user),`
	`121`	`+crypt_pgpass))`
	`122`	`+{`
	`123`	`+pfree(crypt_pgpass);`
	`124`	`+returnSTATUS_ERROR;`
	`125`	`+}`
	`126`	`+}`
`113`	`127`	`crypt_pwd=passwd;`
`114`	`128`	`break;`
`115`	`129`	`}`
`116`	`130`
`117`		`-if (strcmp(pgpass,crypt_pwd)==0)`
	`131`	`+if (strcmp(crypt_pgpass,crypt_pwd)==0)`
`118`	`132`	`{`
`119`	`133`	`/*`
`120`	`134`	`* Password OK, now check to be sure we are not past valuntil`
`@@ -136,6 +150,8 @@ md5_crypt_verify(const Port port, const char user, const char *pgpass)`
`136`	`150`
`137`	`151`	`if (port->auth_method==uaMD5)`
`138`	`152`	`pfree(crypt_pwd);`
	`153`	`+if (crypt_pgpass!=pgpass)`
	`154`	`+pfree(crypt_pgpass);`
`139`	`155`
`140`	`156`	`returnretval;`
`141`	`157`	`}`

`‎src/include/libpq/crypt.h‎`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,7 @@`
`6`	`6`	`* Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group`
`7`	`7`	`* Portions Copyright (c) 1994, Regents of the University of California`
`8`	`8`	`*`
`9`		`- * $Id: crypt.h,v 1.22 2002/09/04 20:31:42 momjian Exp $`
	`9`	`+ * $Id: crypt.h,v 1.23 2002/12/05 18:39:43 momjian Exp $`
`10`	`10`	`*`
`11`	`11`	`*-------------------------------------------------------------------------`
`12`	`12`	`*/`
`@@ -23,7 +23,7 @@`
`23`	`23`
`24`	`24`
`25`	`25`	`externintmd5_crypt_verify(constPortport,constcharuser,`
`26`		`-constchar*pgpass);`
	`26`	`+char*pgpass);`
`27`	`27`	`externboolmd5_hash(constvoidbuff,size_tlen,charhexsum);`
`28`	`28`	`externboolCheckMD5Pwd(charpasswd,charstoredpwd,char*seed);`
`29`	`29`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit44ab596

File tree

2 files changed

2 files changed

`‎src/backend/libpq/crypt.c‎`

`‎src/include/libpq/crypt.h‎`

0 commit comments