NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitdbd6911

committed

Replace isMD5() with a more future-proof way to check if pw is encrypted.

The rule is that if pg_authid.rolpassword begins with "md5" and has theright length, it's an MD5 hash, otherwise it's a plaintext password. Theidiom has been to use isMD5() to check for that, but that gets awkward,when we add new kinds of verifiers, like the verifiers for SCRAMauthentication in the pending SCRAM patch set. Replace isMD5() with a newget_password_type() function, so that when new verifier types are added, wedon't need to remember to modify every place that currently calls isMD5(),to also recognize the new kinds of verifiers.Also, use the new plain_crypt_verify function in passwordcheck, so that itdoesn't need to know about MD5, or in the future, about other kinds ofhashes or password verifiers.Reviewed by Michael Paquier and Peter Eisentraut.Discussion:https://www.postgresql.org/message-id/2d07165c-1793-e243-a2a9-e45b624c7580@iki.fi

1 parent7ac4a38 commitdbd6911Copy full SHA for dbd6911

File tree

6 files changed

+220

-159

lines changed

contrib/passwordcheck
- passwordcheck.c
src
- backend
  - commands
    - user.c
  - libpq
    - crypt.c
- include
  - commands
    - user.h
  - common
    - md5.h
  - libpq
    - crypt.h

6 files changed

+220

-159

lines changed

`‎contrib/passwordcheck/passwordcheck.c`

Lines changed: 63 additions & 73 deletions

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,7 @@`
`21`	`21`	`#endif`
`22`	`22`
`23`	`23`	`#include"commands/user.h"`
`24`		`-#include"common/md5.h"`
	`24`	`+#include"libpq/crypt.h"`
`25`	`25`	`#include"fmgr.h"`
`26`	`26`
`27`	`27`	`PG_MODULE_MAGIC;`
`@@ -50,87 +50,77 @@ extern void _PG_init(void);`
`50`	`50`	`*/`
`51`	`51`	`staticvoid`
`52`	`52`	`check_password(constchar*username,`
`53`		`-constchar*password,`
`54`		`-intpassword_type,`
	`53`	`+constchar*shadow_pass,`
	`54`	`+PasswordTypepassword_type,`
`55`	`55`	`Datumvaliduntil_time,`
`56`	`56`	`boolvaliduntil_null)`
`57`	`57`	`{`
`58`		`-intnamelen=strlen(username);`
`59`		`-intpwdlen=strlen(password);`
`60`		`-charencrypted[MD5_PASSWD_LEN+1];`
`61`		`-inti;`
`62`		`-boolpwd_has_letter,`
`63`		`-pwd_has_nonletter;`
`64`		`-`
`65`		`-switch (password_type)`
	`58`	`+if (password_type!=PASSWORD_TYPE_PLAINTEXT)`
`66`	`59`	`{`
`67`		`-casePASSWORD_TYPE_MD5:`
`68`		`-`
`69`		`-/*`
`70`		`- * Unfortunately we cannot perform exhaustive checks on encrypted`
`71`		`- * passwords - we are restricted to guessing. (Alternatively, we`
`72`		`- * could insist on the password being presented non-encrypted, but`
`73`		`- * that has its own security disadvantages.)`
`74`		`- *`
`75`		`- * We only check for username = password.`
`76`		`- */`
`77`		`-if (!pg_md5_encrypt(username,username,namelen,encrypted))`
`78`		`-elog(ERROR,"password encryption failed");`
`79`		`-if (strcmp(password,encrypted)==0)`
`80`		`-ereport(ERROR,`
`81`		`-(errcode(ERRCODE_INVALID_PARAMETER_VALUE),`
`82`		`-errmsg("password must not contain user name")));`
`83`		`-break;`
`84`		`-`
`85`		`-casePASSWORD_TYPE_PLAINTEXT:`
`86`		`-`
	`60`	`+/*`
	`61`	`+ * Unfortunately we cannot perform exhaustive checks on encrypted`
	`62`	`+ * passwords - we are restricted to guessing. (Alternatively, we could`
	`63`	`+ * insist on the password being presented non-encrypted, but that has`
	`64`	`+ * its own security disadvantages.)`
	`65`	`+ *`
	`66`	`+ * We only check for username = password.`
	`67`	`+ */`
	`68`	`+char*logdetail;`
	`69`	`+`
	`70`	`+if (plain_crypt_verify(username,shadow_pass,username,&logdetail)==STATUS_OK)`
	`71`	`+ereport(ERROR,`
	`72`	`+(errcode(ERRCODE_INVALID_PARAMETER_VALUE),`
	`73`	`+errmsg("password must not contain user name")));`
	`74`	`+}`
	`75`	`+else`
	`76`	`+{`
	`77`	`+/*`
	`78`	`+ * For unencrypted passwords we can perform better checks`
	`79`	`+ */`
	`80`	`+constchar*password=shadow_pass;`
	`81`	`+intpwdlen=strlen(password);`
	`82`	`+inti;`
	`83`	`+boolpwd_has_letter,`
	`84`	`+pwd_has_nonletter;`
	`85`	`+`
	`86`	`+/* enforce minimum length */`
	`87`	`+if (pwdlen<MIN_PWD_LENGTH)`
	`88`	`+ereport(ERROR,`
	`89`	`+(errcode(ERRCODE_INVALID_PARAMETER_VALUE),`
	`90`	`+errmsg("password is too short")));`
	`91`	`+`
	`92`	`+/* check if the password contains the username */`
	`93`	`+if (strstr(password,username))`
	`94`	`+ereport(ERROR,`
	`95`	`+(errcode(ERRCODE_INVALID_PARAMETER_VALUE),`
	`96`	`+errmsg("password must not contain user name")));`
	`97`	`+`
	`98`	`+/* check if the password contains both letters and non-letters */`
	`99`	`+pwd_has_letter= false;`
	`100`	`+pwd_has_nonletter= false;`
	`101`	`+for (i=0;i<pwdlen;i++)`
	`102`	`+{`
`87`	`103`	`/*`
`88`		`- * For unencrypted passwords we can perform better checks`
	`104`	`+ * isalpha() does not work for multibyte encodings but let's`
	`105`	`+ * consider non-ASCII characters non-letters`
`89`	`106`	`*/`
`90`		`-`
`91`		`-/* enforce minimum length */`
`92`		`-if (pwdlen<MIN_PWD_LENGTH)`
`93`		`-ereport(ERROR,`
`94`		`-(errcode(ERRCODE_INVALID_PARAMETER_VALUE),`
`95`		`-errmsg("password is too short")));`
`96`		`-`
`97`		`-/* check if the password contains the username */`
`98`		`-if (strstr(password,username))`
`99`		`-ereport(ERROR,`
`100`		`-(errcode(ERRCODE_INVALID_PARAMETER_VALUE),`
`101`		`-errmsg("password must not contain user name")));`
`102`		`-`
`103`		`-/* check if the password contains both letters and non-letters */`
`104`		`-pwd_has_letter= false;`
`105`		`-pwd_has_nonletter= false;`
`106`		`-for (i=0;i<pwdlen;i++)`
`107`		`-{`
`108`		`-/*`
`109`		`- * isalpha() does not work for multibyte encodings but let's`
`110`		`- * consider non-ASCII characters non-letters`
`111`		`- */`
`112`		`-if (isalpha((unsignedchar)password[i]))`
`113`		`-pwd_has_letter= true;`
`114`		`-else`
`115`		`-pwd_has_nonletter= true;`
`116`		`-}`
`117`		`-if (!pwd_has_letter\|\| !pwd_has_nonletter)`
`118`		`-ereport(ERROR,`
`119`		`-(errcode(ERRCODE_INVALID_PARAMETER_VALUE),`
`120`		`-errmsg("password must contain both letters and nonletters")));`
	`107`	`+if (isalpha((unsignedchar)password[i]))`
	`108`	`+pwd_has_letter= true;`
	`109`	`+else`
	`110`	`+pwd_has_nonletter= true;`
	`111`	`+}`
	`112`	`+if (!pwd_has_letter\|\| !pwd_has_nonletter)`
	`113`	`+ereport(ERROR,`
	`114`	`+(errcode(ERRCODE_INVALID_PARAMETER_VALUE),`
	`115`	`+errmsg("password must contain both letters and nonletters")));`
`121`	`116`
`122`	`117`	`#ifdefUSE_CRACKLIB`
`123`		`-/* call cracklib to check password */`
`124`		`-if (FascistCheck(password,CRACKLIB_DICTPATH))`
`125`		`-ereport(ERROR,`
`126`		`-(errcode(ERRCODE_INVALID_PARAMETER_VALUE),`
`127`		`-errmsg("password is easily cracked")));`
	`118`	`+/* call cracklib to check password */`
	`119`	`+if (FascistCheck(password,CRACKLIB_DICTPATH))`
	`120`	`+ereport(ERROR,`
	`121`	`+(errcode(ERRCODE_INVALID_PARAMETER_VALUE),`
	`122`	`+errmsg("password is easily cracked")));`
`128`	`123`	`#endif`
`129`		`-break;`
`130`		`-`
`131`		`-default:`
`132`		`-elog(ERROR,"unrecognized password type: %d",password_type);`
`133`		`-break;`
`134`	`124`	`}`
`135`	`125`
`136`	`126`	`/* all checks passed, password is ok */`

`‎src/backend/commands/user.c`

Lines changed: 16 additions & 28 deletions

Original file line number	Diff line number	Diff line change
`@@ -29,7 +29,7 @@`
`29`	`29`	`#include"commands/dbcommands.h"`
`30`	`30`	`#include"commands/seclabel.h"`
`31`	`31`	`#include"commands/user.h"`
`32`		`-#include"common/md5.h"`
	`32`	`+#include"libpq/crypt.h"`
`33`	`33`	`#include"miscadmin.h"`
`34`	`34`	`#include"storage/lmgr.h"`
`35`	`35`	`#include"utils/acl.h"`
`@@ -81,7 +81,6 @@ CreateRole(ParseState pstate, CreateRoleStmt stmt)`
`81`	`81`	`ListCell*option;`
`82`	`82`	`charpassword=NULL;/ user password */`
`83`	`83`	`intpassword_type=Password_encryption;`
`84`		`-charencrypted_password[MD5_PASSWD_LEN+1];`
`85`	`84`	`boolissuper= false;/* Make the user a superuser? */`
`86`	`85`	`boolinherit= true;/* Auto inherit privileges? */`
`87`	`86`	`boolcreaterole= false;/* Can this user create roles? */`
`@@ -370,7 +369,7 @@ CreateRole(ParseState pstate, CreateRoleStmt stmt)`
`370`	`369`	`if (check_password_hook&&password)`
`371`	`370`	`(*check_password_hook) (stmt->role,`
`372`	`371`	`password,`
`373`		`-isMD5(password) ?PASSWORD_TYPE_MD5 :PASSWORD_TYPE_PLAINTEXT,`
	`372`	`+get_password_type(password),`
`374`	`373`	`validUntil_datum,`
`375`	`374`	`validUntil_null);`
`376`	`375`
`@@ -393,17 +392,12 @@ CreateRole(ParseState pstate, CreateRoleStmt stmt)`
`393`	`392`
`394`	`393`	`if (password)`
`395`	`394`	`{`
`396`		`-if (password_type==PASSWORD_TYPE_PLAINTEXT\|\|isMD5(password))`
`397`		`-new_record[Anum_pg_authid_rolpassword-1]=`
`398`		`-CStringGetTextDatum(password);`
`399`		`-else`
`400`		`-{`
`401`		`-if (!pg_md5_encrypt(password,stmt->role,strlen(stmt->role),`
`402`		`-encrypted_password))`
`403`		`-elog(ERROR,"password encryption failed");`
`404`		`-new_record[Anum_pg_authid_rolpassword-1]=`
`405`		`-CStringGetTextDatum(encrypted_password);`
`406`		`-}`
	`395`	`+/* Encrypt the password to the requested format. */`
	`396`	`+char*shadow_pass;`
	`397`	`+`
	`398`	`+shadow_pass=encrypt_password(password_type,stmt->role,password);`
	`399`	`+new_record[Anum_pg_authid_rolpassword-1]=`
	`400`	`+CStringGetTextDatum(shadow_pass);`
`407`	`401`	`}`
`408`	`402`	`else`
`409`	`403`	`new_record_nulls[Anum_pg_authid_rolpassword-1]= true;`
`@@ -505,7 +499,6 @@ AlterRole(AlterRoleStmt *stmt)`
`505`	`499`	`char*rolename=NULL;`
`506`	`500`	`charpassword=NULL;/ user password */`
`507`	`501`	`intpassword_type=Password_encryption;`
`508`		`-charencrypted_password[MD5_PASSWD_LEN+1];`
`509`	`502`	`intissuper=-1;/* Make the user a superuser? */`
`510`	`503`	`intinherit=-1;/* Auto inherit privileges? */`
`511`	`504`	`intcreaterole=-1;/* Can this user create roles? */`
`@@ -744,7 +737,7 @@ AlterRole(AlterRoleStmt *stmt)`
`744`	`737`	`if (check_password_hook&&password)`
`745`	`738`	`(*check_password_hook) (rolename,`
`746`	`739`	`password,`
`747`		`-isMD5(password) ?PASSWORD_TYPE_MD5 :PASSWORD_TYPE_PLAINTEXT,`
	`740`	`+get_password_type(password),`
`748`	`741`	`validUntil_datum,`
`749`	`742`	`validUntil_null);`
`750`	`743`
`@@ -803,17 +796,12 @@ AlterRole(AlterRoleStmt *stmt)`
`803`	`796`	`/* password */`
`804`	`797`	`if (password)`
`805`	`798`	`{`
`806`		`-if (password_type==PASSWORD_TYPE_PLAINTEXT\|\|isMD5(password))`
`807`		`-new_record[Anum_pg_authid_rolpassword-1]=`
`808`		`-CStringGetTextDatum(password);`
`809`		`-else`
`810`		`-{`
`811`		`-if (!pg_md5_encrypt(password,rolename,strlen(rolename),`
`812`		`-encrypted_password))`
`813`		`-elog(ERROR,"password encryption failed");`
`814`		`-new_record[Anum_pg_authid_rolpassword-1]=`
`815`		`-CStringGetTextDatum(encrypted_password);`
`816`		`-}`
	`799`	`+/* Encrypt the password to the requested format. */`
	`800`	`+char*shadow_pass;`
	`801`	`+`
	`802`	`+shadow_pass=encrypt_password(password_type,rolename,password);`
	`803`	`+new_record[Anum_pg_authid_rolpassword-1]=`
	`804`	`+CStringGetTextDatum(shadow_pass);`
`817`	`805`	`new_record_repl[Anum_pg_authid_rolpassword-1]= true;`
`818`	`806`	`}`
`819`	`807`
`@@ -1228,7 +1216,7 @@ RenameRole(const char oldname, const char newname)`
`1228`	`1216`
`1229`	`1217`	`datum=heap_getattr(oldtuple,Anum_pg_authid_rolpassword,dsc,&isnull);`
`1230`	`1218`
`1231`		`-if (!isnull&&isMD5(TextDatumGetCString(datum)))`
	`1219`	`+if (!isnull&&get_password_type(TextDatumGetCString(datum))==PASSWORD_TYPE_MD5)`
`1232`	`1220`	`{`
`1233`	`1221`	`/* MD5 uses the username as salt, so just clear it on a rename */`
`1234`	`1222`	`repl_repl[Anum_pg_authid_rolpassword-1]= true;`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitdbd6911

File tree

6 files changed

6 files changed

`‎contrib/passwordcheck/passwordcheck.c`

`‎src/backend/commands/user.c`

0 commit comments