11/*-------------------------------------------------------------------------
22 *
33 * crypt.c
4- *Set of routines to look into the password file and check the
5- *encrypted password with the one passed in from the frontend.
4+ *Look into the password file and check the encrypted password with
5+ * the one passed in from the frontend.
66 *
77 * Original coding by Todd A. Brandys
88 *
3030
3131
3232/*
33- * Fetch information of a given role necessary to check password data,
34- * and return STATUS_OK or STATUS_ERROR. In the case of an error,
35- * optionally store a palloc'd string at *logdetail that will be sent
36- * to the postmaster log (but not the client).
33+ * Check given password for given user, and return STATUS_OK or STATUS_ERROR.
34+ * In the error case, optionally store a palloc'd string at *logdetail
35+ * that will be sent to the postmaster log (but not the client).
3736 */
3837int
39- get_role_details (const char * role ,
40- char * * password ,
41- TimestampTz * vuntil ,
42- bool * vuntil_null ,
38+ md5_crypt_verify (const Port * port ,const char * role ,char * client_pass ,
4339char * * logdetail )
4440{
41+ int retval = STATUS_ERROR ;
42+ char * shadow_pass ,
43+ * crypt_pwd ;
44+ TimestampTz vuntil = 0 ;
45+ char * crypt_client_pass = client_pass ;
4546HeapTuple roleTup ;
4647Datum datum ;
4748bool isnull ;
4849
49- * vuntil = 0 ;
50- * vuntil_null = true;
51-
5250/* Get role info from pg_authid */
5351roleTup = SearchSysCache1 (AUTHNAME ,PointerGetDatum (role ));
5452if (!HeapTupleIsValid (roleTup ))
@@ -67,49 +65,22 @@ get_role_details(const char *role,
6765role );
6866return STATUS_ERROR ;/* user has no password */
6967}
70- * password = TextDatumGetCString (datum );
68+ shadow_pass = TextDatumGetCString (datum );
7169
7270datum = SysCacheGetAttr (AUTHNAME ,roleTup ,
7371Anum_pg_authid_rolvaliduntil ,& isnull );
7472if (!isnull )
75- {
76- * vuntil = DatumGetTimestampTz (datum );
77- * vuntil_null = false;
78- }
73+ vuntil = DatumGetTimestampTz (datum );
7974
8075ReleaseSysCache (roleTup );
8176
82- if (* * password == '\0' )
77+ if (* shadow_pass == '\0' )
8378{
8479* logdetail = psprintf (_ ("User \"%s\" has an empty password." ),
8580role );
8681return STATUS_ERROR ;/* empty password */
8782}
8883
89- return STATUS_OK ;
90- }
91-
92- /*
93- * Check given password for given user, and return STATUS_OK or STATUS_ERROR.
94- * In the error case, optionally store a palloc'd string at *logdetail
95- * that will be sent to the postmaster log (but not the client).
96- */
97- int
98- md5_crypt_verify (const Port * port ,const char * role ,char * client_pass ,
99- char * * logdetail )
100- {
101- int retval = STATUS_ERROR ;
102- char * shadow_pass ,
103- * crypt_pwd ;
104- TimestampTz vuntil ;
105- char * crypt_client_pass = client_pass ;
106- bool vuntil_null ;
107-
108- /* fetch details about role needed for password checks */
109- if (get_role_details (role ,& shadow_pass ,& vuntil ,& vuntil_null ,
110- logdetail )!= STATUS_OK )
111- return STATUS_ERROR ;
112-
11384/*
11485 * Compare with the encrypted or plain password depending on the
11586 * authentication method being used for this connection. (We do not
@@ -181,7 +152,7 @@ md5_crypt_verify(const Port *port, const char *role, char *client_pass,
181152/*
182153 * Password OK, now check to be sure we are not past rolvaliduntil
183154 */
184- if (vuntil_null )
155+ if (isnull )
185156retval = STATUS_OK ;
186157else if (vuntil < GetCurrentTimestamp ())
187158{