1997-12-04 01:34:01 +01:00
|
|
|
/*-------------------------------------------------------------------------
|
|
|
|
*
|
1999-02-14 00:22:53 +01:00
|
|
|
* crypt.c
|
2001-11-01 19:10:48 +01:00
|
|
|
* Look into the password file and check the encrypted password with
|
|
|
|
* the one passed in from the frontend.
|
1997-12-04 01:34:01 +01:00
|
|
|
*
|
2001-11-01 19:10:48 +01:00
|
|
|
* Original coding by Todd A. Brandys
|
1997-12-30 03:26:56 +01:00
|
|
|
*
|
2002-06-20 22:29:54 +02:00
|
|
|
* Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
|
2001-11-01 19:10:48 +01:00
|
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
1997-12-30 03:26:56 +01:00
|
|
|
*
|
2003-08-04 02:43:34 +02:00
|
|
|
* $Header: /cvsroot/pgsql/src/backend/libpq/crypt.c,v 1.55 2003/08/04 00:43:18 momjian Exp $
|
1997-12-04 01:34:01 +01:00
|
|
|
*
|
|
|
|
*-------------------------------------------------------------------------
|
|
|
|
*/
|
2001-11-01 19:10:48 +01:00
|
|
|
#include "postgres.h"
|
1997-12-04 01:34:01 +01:00
|
|
|
|
|
|
|
#include <unistd.h>
|
2001-11-02 19:39:57 +01:00
|
|
|
#ifdef HAVE_CRYPT_H
|
|
|
|
#include <crypt.h>
|
|
|
|
#endif
|
1997-12-04 01:34:01 +01:00
|
|
|
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "libpq/crypt.h"
|
2001-08-17 04:59:20 +02:00
|
|
|
#include "libpq/libpq.h"
|
1997-12-12 17:26:36 +01:00
|
|
|
#include "miscadmin.h"
|
1997-12-09 04:11:25 +01:00
|
|
|
#include "storage/fd.h"
|
2002-04-04 06:25:54 +02:00
|
|
|
#include "nodes/pg_list.h"
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "utils/nabstime.h"
|
1997-12-30 03:26:56 +01:00
|
|
|
|
1998-01-26 02:42:53 +01:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
int
|
2002-12-05 19:52:43 +01:00
|
|
|
md5_crypt_verify(const Port *port, const char *user, char *client_pass)
|
1998-02-26 05:46:47 +01:00
|
|
|
{
|
2002-12-05 19:52:43 +01:00
|
|
|
char *shadow_pass = NULL,
|
2002-04-25 02:56:36 +02:00
|
|
|
*valuntil = NULL,
|
1999-05-25 18:15:34 +02:00
|
|
|
*crypt_pwd;
|
|
|
|
int retval = STATUS_ERROR;
|
2002-09-04 22:31:48 +02:00
|
|
|
List **line;
|
|
|
|
List *token;
|
2002-12-05 19:52:43 +01:00
|
|
|
char *crypt_client_pass = client_pass;
|
2002-09-04 22:31:48 +02:00
|
|
|
|
2002-04-04 06:25:54 +02:00
|
|
|
if ((line = get_user_line(user)) == NULL)
|
1998-02-26 05:46:47 +01:00
|
|
|
return STATUS_ERROR;
|
|
|
|
|
2002-04-25 02:56:36 +02:00
|
|
|
/* Skip over line number and username */
|
|
|
|
token = lnext(lnext(*line));
|
|
|
|
if (token)
|
|
|
|
{
|
2002-12-05 19:52:43 +01:00
|
|
|
shadow_pass = lfirst(token);
|
2002-04-25 02:56:36 +02:00
|
|
|
token = lnext(token);
|
|
|
|
if (token)
|
|
|
|
valuntil = lfirst(token);
|
|
|
|
}
|
2002-09-04 22:31:48 +02:00
|
|
|
|
2002-12-05 19:52:43 +01:00
|
|
|
if (shadow_pass == NULL || *shadow_pass == '\0')
|
1998-02-26 05:46:47 +01:00
|
|
|
return STATUS_ERROR;
|
|
|
|
|
2002-12-05 19:39:43 +01:00
|
|
|
/* We can't do crypt with pg_shadow MD5 passwords */
|
2002-12-05 19:52:43 +01:00
|
|
|
if (isMD5(shadow_pass) && port->auth_method == uaCrypt)
|
2001-08-17 04:59:20 +02:00
|
|
|
{
|
2003-07-22 21:00:12 +02:00
|
|
|
ereport(LOG,
|
|
|
|
(errmsg("cannot use CRYPT auth method because password is MD5-encrypted")));
|
2001-08-17 04:59:20 +02:00
|
|
|
return STATUS_ERROR;
|
|
|
|
}
|
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
/*
|
|
|
|
* Compare with the encrypted or plain password depending on the
|
|
|
|
* authentication method being used for this connection.
|
|
|
|
*/
|
2001-08-17 04:59:20 +02:00
|
|
|
switch (port->auth_method)
|
|
|
|
{
|
2001-08-15 20:42:16 +02:00
|
|
|
case uaMD5:
|
2001-10-25 07:50:21 +02:00
|
|
|
crypt_pwd = palloc(MD5_PASSWD_LEN + 1);
|
2002-12-05 19:52:43 +01:00
|
|
|
if (isMD5(shadow_pass))
|
2001-08-15 20:42:16 +02:00
|
|
|
{
|
2002-12-05 19:39:43 +01:00
|
|
|
/* pg_shadow already encrypted, only do salt */
|
2002-12-05 19:52:43 +01:00
|
|
|
if (!EncryptMD5(shadow_pass + strlen("md5"),
|
2001-10-25 07:50:21 +02:00
|
|
|
(char *) port->md5Salt,
|
2001-08-17 04:59:20 +02:00
|
|
|
sizeof(port->md5Salt), crypt_pwd))
|
2001-08-15 20:42:16 +02:00
|
|
|
{
|
|
|
|
pfree(crypt_pwd);
|
|
|
|
return STATUS_ERROR;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2002-12-05 19:39:43 +01:00
|
|
|
/* pg_shadow plain, double-encrypt */
|
2001-10-25 07:50:21 +02:00
|
|
|
char *crypt_pwd2 = palloc(MD5_PASSWD_LEN + 1);
|
2001-08-15 20:42:16 +02:00
|
|
|
|
2003-04-18 00:26:02 +02:00
|
|
|
if (!EncryptMD5(shadow_pass,
|
|
|
|
port->user_name,
|
|
|
|
strlen(port->user_name),
|
2001-08-17 04:59:20 +02:00
|
|
|
crypt_pwd2))
|
2001-08-15 20:42:16 +02:00
|
|
|
{
|
|
|
|
pfree(crypt_pwd);
|
|
|
|
pfree(crypt_pwd2);
|
|
|
|
return STATUS_ERROR;
|
|
|
|
}
|
2003-04-18 00:26:02 +02:00
|
|
|
if (!EncryptMD5(crypt_pwd2 + strlen("md5"),
|
|
|
|
port->md5Salt,
|
|
|
|
sizeof(port->md5Salt),
|
|
|
|
crypt_pwd))
|
2001-08-15 20:42:16 +02:00
|
|
|
{
|
|
|
|
pfree(crypt_pwd);
|
|
|
|
pfree(crypt_pwd2);
|
|
|
|
return STATUS_ERROR;
|
|
|
|
}
|
|
|
|
pfree(crypt_pwd2);
|
|
|
|
}
|
|
|
|
break;
|
2001-08-17 17:40:07 +02:00
|
|
|
case uaCrypt:
|
2001-10-25 07:50:21 +02:00
|
|
|
{
|
|
|
|
char salt[3];
|
|
|
|
|
|
|
|
StrNCpy(salt, port->cryptSalt, 3);
|
2002-12-05 19:52:43 +01:00
|
|
|
crypt_pwd = crypt(shadow_pass, salt);
|
2001-10-25 07:50:21 +02:00
|
|
|
break;
|
|
|
|
}
|
2001-08-15 20:42:16 +02:00
|
|
|
default:
|
2002-12-05 19:52:43 +01:00
|
|
|
if (isMD5(shadow_pass))
|
2002-12-05 19:39:43 +01:00
|
|
|
{
|
2003-08-04 02:43:34 +02:00
|
|
|
/*
|
|
|
|
* Encrypt user-supplied password to match MD5 in
|
|
|
|
* pg_shadow
|
|
|
|
*/
|
2002-12-05 19:52:43 +01:00
|
|
|
crypt_client_pass = palloc(MD5_PASSWD_LEN + 1);
|
2003-04-18 00:26:02 +02:00
|
|
|
if (!EncryptMD5(client_pass,
|
|
|
|
port->user_name,
|
|
|
|
strlen(port->user_name),
|
2002-12-05 19:52:43 +01:00
|
|
|
crypt_client_pass))
|
2002-12-05 19:39:43 +01:00
|
|
|
{
|
2002-12-05 19:52:43 +01:00
|
|
|
pfree(crypt_client_pass);
|
2002-12-05 19:39:43 +01:00
|
|
|
return STATUS_ERROR;
|
|
|
|
}
|
|
|
|
}
|
2002-12-05 19:52:43 +01:00
|
|
|
crypt_pwd = shadow_pass;
|
2001-08-15 20:42:16 +02:00
|
|
|
break;
|
|
|
|
}
|
1998-02-26 05:46:47 +01:00
|
|
|
|
2002-12-05 19:52:43 +01:00
|
|
|
if (strcmp(crypt_client_pass, crypt_pwd) == 0)
|
1998-02-26 05:46:47 +01:00
|
|
|
{
|
|
|
|
/*
|
2001-11-01 19:10:48 +01:00
|
|
|
* Password OK, now check to be sure we are not past valuntil
|
1998-02-26 05:46:47 +01:00
|
|
|
*/
|
2001-11-01 19:10:48 +01:00
|
|
|
AbsoluteTime vuntil,
|
|
|
|
current;
|
|
|
|
|
2002-04-25 02:56:36 +02:00
|
|
|
if (!valuntil)
|
1998-02-26 05:46:47 +01:00
|
|
|
vuntil = INVALID_ABSTIME;
|
|
|
|
else
|
2003-05-13 01:08:52 +02:00
|
|
|
vuntil = DatumGetAbsoluteTime(DirectFunctionCall1(abstimein,
|
2001-03-22 05:01:46 +01:00
|
|
|
CStringGetDatum(valuntil)));
|
1998-02-26 05:46:47 +01:00
|
|
|
current = GetCurrentAbsoluteTime();
|
|
|
|
if (vuntil != INVALID_ABSTIME && vuntil < current)
|
|
|
|
retval = STATUS_ERROR;
|
|
|
|
else
|
|
|
|
retval = STATUS_OK;
|
|
|
|
}
|
|
|
|
|
2001-08-15 20:42:16 +02:00
|
|
|
if (port->auth_method == uaMD5)
|
|
|
|
pfree(crypt_pwd);
|
2002-12-05 19:52:43 +01:00
|
|
|
if (crypt_client_pass != client_pass)
|
|
|
|
pfree(crypt_client_pass);
|
1998-02-26 05:46:47 +01:00
|
|
|
|
|
|
|
return retval;
|
1997-12-04 01:34:01 +01:00
|
|
|
}
|