Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitda45a0b

Browse files
committed
Add 4-byte MD5 salt.
1 parenta61e15a commitda45a0b

File tree

11 files changed

+89
-43
lines changed

11 files changed

+89
-43
lines changed

‎src/backend/commands/user.c‎

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
77
* Portions Copyright (c) 1994, Regents of the University of California
88
*
9-
* $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.81 2001/08/15 21:08:20 momjian Exp $
9+
* $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.82 2001/08/17 02:59:19 momjian Exp $
1010
*
1111
*-------------------------------------------------------------------------
1212
*/
@@ -351,7 +351,8 @@ CreateUser(CreateUserStmt *stmt)
351351
DirectFunctionCall1(textin,CStringGetDatum(password));
352352
else
353353
{
354-
if (!EncryptMD5(password,stmt->user,encrypted_password))
354+
if (!EncryptMD5(password,stmt->user,strlen(stmt->user),
355+
encrypted_password))
355356
elog(ERROR,"CREATE USER: password encryption failed");
356357
new_record[Anum_pg_shadow_passwd-1]=
357358
DirectFunctionCall1(textin,CStringGetDatum(encrypted_password));
@@ -583,7 +584,8 @@ AlterUser(AlterUserStmt *stmt)
583584
DirectFunctionCall1(textin,CStringGetDatum(password));
584585
else
585586
{
586-
if (!EncryptMD5(password,stmt->user,encrypted_password))
587+
if (!EncryptMD5(password,stmt->user,strlen(stmt->user),
588+
encrypted_password))
587589
elog(ERROR,"CREATE USER: password encryption failed");
588590
new_record[Anum_pg_shadow_passwd-1]=
589591
DirectFunctionCall1(textin,CStringGetDatum(encrypted_password));

‎src/backend/libpq/auth.c‎

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.59 2001/08/16 16:24:15 momjian Exp $
11+
* $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.60 2001/08/17 02:59:19 momjian Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -536,10 +536,17 @@ sendAuthRequest(Port *port, AuthRequest areq)
536536
pq_sendint(&buf, (int32)areq,sizeof(int32));
537537

538538
/* Add the salt for encrypted passwords. */
539-
if (areq==AUTH_REQ_CRYPT||areq==AUTH_REQ_MD5)
539+
if (areq==AUTH_REQ_MD5)
540540
{
541-
pq_sendint(&buf,port->salt[0],1);
542-
pq_sendint(&buf,port->salt[1],1);
541+
pq_sendint(&buf,port->md5Salt[0],1);
542+
pq_sendint(&buf,port->md5Salt[1],1);
543+
pq_sendint(&buf,port->md5Salt[2],1);
544+
pq_sendint(&buf,port->md5Salt[3],1);
545+
}
546+
if (areq==AUTH_REQ_CRYPT)
547+
{
548+
pq_sendint(&buf,port->cryptSalt[0],1);
549+
pq_sendint(&buf,port->cryptSalt[1],1);
543550
}
544551

545552
pq_endmessage(&buf);

‎src/backend/libpq/crypt.c‎

Lines changed: 22 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
* Dec 17, 1997 - Todd A. Brandys
1010
*Orignal Version Completed.
1111
*
12-
* $Id: crypt.c,v 1.34 2001/08/15 21:08:21 momjian Exp $
12+
* $Id: crypt.c,v 1.35 2001/08/17 02:59:19 momjian Exp $
1313
*
1414
*-------------------------------------------------------------------------
1515
*/
@@ -19,6 +19,7 @@
1919

2020
#include"postgres.h"
2121
#include"libpq/crypt.h"
22+
#include"libpq/libpq.h"
2223
#include"miscadmin.h"
2324
#include"storage/fd.h"
2425
#include"utils/nabstime.h"
@@ -276,22 +277,33 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass)
276277
returnSTATUS_ERROR;
277278
}
278279

280+
/* If they encrypt their password, force MD5 */
281+
if (isMD5(passwd)&&port->auth_method!=uaMD5)
282+
{
283+
snprintf(PQerrormsg,PQERRORMSG_LENGTH,
284+
"Password is stored MD5 encrypted. "
285+
"Only pg_hba.conf's MD5 protocol can be used for this user.\n");
286+
fputs(PQerrormsg,stderr);
287+
pqdebug("%s",PQerrormsg);
288+
returnSTATUS_ERROR;
289+
}
290+
279291
/*
280292
* Compare with the encrypted or plain password depending on the
281293
* authentication method being used for this connection.
282294
*/
283-
switch (port->auth_method)
284-
{
295+
switch (port->auth_method)
296+
{
285297
caseuaCrypt:
286-
crypt_pwd=crypt(passwd,port->salt);
298+
crypt_pwd=crypt(passwd,port->cryptSalt);
287299
break;
288300
caseuaMD5:
289301
crypt_pwd=palloc(MD5_PASSWD_LEN+1);
290-
291302
if (isMD5(passwd))
292303
{
293304
if (!EncryptMD5(passwd+strlen("md5"),
294-
(char*)port->salt,crypt_pwd))
305+
(char*)port->md5Salt,
306+
sizeof(port->md5Salt),crypt_pwd))
295307
{
296308
pfree(crypt_pwd);
297309
returnSTATUS_ERROR;
@@ -301,14 +313,15 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass)
301313
{
302314
char*crypt_pwd2=palloc(MD5_PASSWD_LEN+1);
303315

304-
if (!EncryptMD5(passwd,port->user,crypt_pwd2))
316+
if (!EncryptMD5(passwd,port->user,strlen(port->user),
317+
crypt_pwd2))
305318
{
306319
pfree(crypt_pwd);
307320
pfree(crypt_pwd2);
308321
returnSTATUS_ERROR;
309322
}
310-
if (!EncryptMD5(crypt_pwd2+strlen("md5"),port->salt,
311-
crypt_pwd))
323+
if (!EncryptMD5(crypt_pwd2+strlen("md5"),port->md5Salt,
324+
sizeof(port->md5Salt),crypt_pwd))
312325
{
313326
pfree(crypt_pwd);
314327
pfree(crypt_pwd2);
@@ -324,7 +337,6 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass)
324337

325338
if (!strcmp(pgpass,crypt_pwd))
326339
{
327-
328340
/*
329341
* check here to be sure we are not past valuntil
330342
*/

‎src/backend/libpq/md5.c‎

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -295,16 +295,18 @@ md5_hash(const void *buff, size_t len, char *hexsum)
295295
* puts md5(username+passwd) in buf provided buflen is at least 36 bytes
296296
* returns 1 on success, 0 on any kind of failure and sets errno accordingly
297297
*/
298-
boolEncryptMD5(constchar*passwd,constchar*salt,char*buf)
298+
boolEncryptMD5(constchar*passwd,constchar*salt,size_tsalt_len,
299+
char*buf)
299300
{
300301
charcrypt_buf[128];
301302

302-
if (strlen(salt)+strlen(passwd)>127)
303+
if (salt_len+strlen(passwd)>127)
303304
return false;
304305

305306
strcpy(buf,"md5");
306307
memset(crypt_buf,0,128);
307-
sprintf(crypt_buf,"%s%s",salt,passwd);
308+
memcpy(crypt_buf,salt,salt_len);
309+
memcpy(crypt_buf+salt_len,passwd,strlen(passwd));
308310

309-
returnmd5_hash(crypt_buf,strlen(crypt_buf),buf+3);
311+
returnmd5_hash(crypt_buf,salt_len+strlen(passwd),buf+3);
310312
}

‎src/backend/postmaster/postmaster.c‎

Lines changed: 13 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@
3737
*
3838
*
3939
* IDENTIFICATION
40-
* $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.235 2001/08/05 02:06:50 tgl Exp $
40+
* $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.236 2001/08/17 02:59:19 momjian Exp $
4141
*
4242
* NOTES
4343
*
@@ -243,7 +243,7 @@ static voidprocessCancelRequest(Port *port, void *pkt);
243243
staticintinitMasks(fd_set*rmask,fd_set*wmask);
244244
staticchar*canAcceptConnections(void);
245245
staticlongPostmasterRandom(void);
246-
staticvoidRandomSalt(char*salt);
246+
staticvoidRandomSalt(char*cryptSalt,char*md5Salt);
247247
staticvoidSignalChildren(intsignal);
248248
staticintCountChildren(void);
249249
staticboolCreateOptsFile(intargc,char*argv[]);
@@ -1211,7 +1211,7 @@ ConnCreate(int serverFd)
12111211
}
12121212
else
12131213
{
1214-
RandomSalt(port->salt);
1214+
RandomSalt(port->cryptSalt,port->md5Salt);
12151215
port->pktInfo.state=Idle;
12161216
}
12171217

@@ -2099,12 +2099,19 @@ CharRemap(long int ch)
20992099
* RandomSalt
21002100
*/
21012101
staticvoid
2102-
RandomSalt(char*salt)
2102+
RandomSalt(char*cryptSalt,char*md5Salt)
21032103
{
21042104
longrand=PostmasterRandom();
21052105

2106-
*salt=CharRemap(rand %62);
2107-
*(salt+1)=CharRemap(rand /62);
2106+
cryptSalt[0]=CharRemap(rand %62);
2107+
cryptSalt[1]=CharRemap(rand /62);
2108+
/* Grab top 16-bits of two random runs so as not to send full
2109+
random value over the network. The high-order bits are more random. */
2110+
md5Salt[0]=rand&0xff000000;
2111+
md5Salt[1]=rand&0x00ff0000;
2112+
rand=PostmasterRandom();
2113+
md5Salt[2]=rand&0xff000000;
2114+
md5Salt[3]=rand&0x00ff0000;
21082115
}
21092116

21102117
/*

‎src/include/libpq/crypt.h‎

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,8 @@ extern int md5_crypt_verify(const Port *port, const char *user, const char *pgpa
2626

2727
externboolmd5_hash(constvoid*buff,size_tlen,char*hexsum);
2828
externboolCheckMD5Pwd(char*passwd,char*storedpwd,char*seed);
29-
externboolEncryptMD5(constchar*passwd,constchar*salt,char*buf);
29+
externboolEncryptMD5(constchar*passwd,constchar*salt,
30+
size_tsalt_len,char*buf);
3031

3132
#defineMD5_PASSWD_LEN35
3233

‎src/include/libpq/libpq-be.h‎

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
99
* Portions Copyright (c) 1994, Regents of the University of California
1010
*
11-
* $Id: libpq-be.h,v 1.21 2001/01/24 19:43:24 momjian Exp $
11+
* $Id: libpq-be.h,v 1.22 2001/08/17 02:59:19 momjian Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -58,7 +58,7 @@ typedef struct ErrorMessagePacket
5858

5959
typedefstructAuthRequestPacket
6060
{
61-
chardata[1+sizeof(AuthRequest)+2];/* 'R' + the request +
61+
chardata[1+sizeof(AuthRequest)+4];/* 'R' + the request +
6262
* optional salt. */
6363
}AuthRequestPacket;
6464

@@ -119,7 +119,8 @@ typedef struct Port
119119
PacketpktInfo;/* For the packet handlers */
120120
SockAddrladdr;/* local addr (us) */
121121
SockAddrraddr;/* remote addr (them) */
122-
charsalt[2];/* Password salt */
122+
charmd5Salt[4];/* Password salt */
123+
charcryptSalt[2];/* Password salt */
123124

124125
/*
125126
* Information that needs to be held during the fe/be authentication

‎src/interfaces/libpq/fe-auth.c‎

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
* exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
1111
*
1212
* IDENTIFICATION
13-
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.50 2001/08/15 21:08:21 momjian Exp $
13+
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.51 2001/08/17 02:59:19 momjian Exp $
1414
*
1515
*-------------------------------------------------------------------------
1616
*/
@@ -443,7 +443,7 @@ pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq)
443443
switch (areq)
444444
{
445445
caseAUTH_REQ_CRYPT:
446-
crypt_pwd=crypt(password,conn->salt);
446+
crypt_pwd=crypt(password,conn->cryptSalt);
447447
break;
448448
caseAUTH_REQ_MD5:
449449
{
@@ -455,14 +455,15 @@ pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq)
455455
perror("malloc");
456456
returnSTATUS_ERROR;
457457
}
458-
if (!EncryptMD5(password,conn->pguser,crypt_pwd2))
458+
if (!EncryptMD5(password,conn->pguser,
459+
strlen(conn->pguser),crypt_pwd2))
459460
{
460461
free(crypt_pwd);
461462
free(crypt_pwd2);
462463
returnSTATUS_ERROR;
463464
}
464-
if (!EncryptMD5(crypt_pwd2+strlen("md5"),conn->salt,
465-
crypt_pwd))
465+
if (!EncryptMD5(crypt_pwd2+strlen("md5"),conn->md5Salt,
466+
sizeof(conn->md5Salt),crypt_pwd))
466467
{
467468
free(crypt_pwd);
468469
free(crypt_pwd2);

‎src/interfaces/libpq/fe-connect.c‎

Lines changed: 13 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.173 2001/08/15 18:42:15 momjian Exp $
11+
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.174 2001/08/17 02:59:20 momjian Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -1341,9 +1341,19 @@ PQconnectPoll(PGconn *conn)
13411341
}
13421342

13431343
/* Get the password salt if there is one. */
1344-
if (areq==AUTH_REQ_CRYPT||areq==AUTH_REQ_MD5)
1344+
if (areq==AUTH_REQ_MD5)
13451345
{
1346-
if (pqGetnchar(conn->salt,sizeof(conn->salt),conn))
1346+
if (pqGetnchar(conn->md5Salt,
1347+
sizeof(conn->md5Salt),conn))
1348+
{
1349+
/* We'll come back when there are more data */
1350+
returnPGRES_POLLING_READING;
1351+
}
1352+
}
1353+
if (areq==AUTH_REQ_CRYPT)
1354+
{
1355+
if (pqGetnchar(conn->cryptSalt,
1356+
sizeof(conn->cryptSalt),conn))
13471357
{
13481358
/* We'll come back when there are more data */
13491359
returnPGRES_POLLING_READING;

‎src/interfaces/libpq/libpq-int.h‎

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212
* Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
1313
* Portions Copyright (c) 1994, Regents of the University of California
1414
*
15-
* $Id: libpq-int.h,v 1.38 2001/08/16 04:27:18 momjian Exp $
15+
* $Id: libpq-int.h,v 1.39 2001/08/17 02:59:20 momjian Exp $
1616
*
1717
*-------------------------------------------------------------------------
1818
*/
@@ -236,7 +236,8 @@ struct pg_conn
236236
/* Miscellaneous stuff */
237237
intbe_pid;/* PID of backend --- needed for cancels */
238238
intbe_key;/* key of backend --- needed for cancels */
239-
charsalt[2];/* password salt received from backend */
239+
charmd5Salt[4];/* password salt received from backend */
240+
charcryptSalt[2];/* password salt received from backend */
240241
PGlobjfuncs*lobjfuncs;/* private state for large-object access
241242
* fns */
242243

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp