postgresql/src/backend/libpq/crypt.c

/*-------------------------------------------------------------------------
 *
 * crypt.c
 *	  Look into the password file and check the encrypted password with
 *	  the one passed in from the frontend.
 *
 * Original coding by Todd A. Brandys
 *
 * Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
 * $Header: /cvsroot/pgsql/src/backend/libpq/crypt.c,v 1.50 2002/12/05 18:39:43 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
#include "postgres.h"

#include <unistd.h>
#ifdef HAVE_CRYPT_H
#include <crypt.h>
#endif

#include "libpq/crypt.h"
#include "libpq/libpq.h"
#include "miscadmin.h"
#include "storage/fd.h"
#include "nodes/pg_list.h"
#include "utils/nabstime.h"


int
md5_crypt_verify(const Port *port, const char *user, char *pgpass)
{
	char	   *passwd = NULL,
			   *valuntil = NULL,
			   *crypt_pwd;
	int			retval = STATUS_ERROR;
	List	  **line;
	List	   *token;
	char	   *crypt_pgpass = pgpass;

	if ((line = get_user_line(user)) == NULL)
		return STATUS_ERROR;

	/* Skip over line number and username */
	token = lnext(lnext(*line));
	if (token)
	{
		passwd = lfirst(token);
		token = lnext(token);
		if (token)
			valuntil = lfirst(token);
	}

	if (passwd == NULL || *passwd == '\0')
		return STATUS_ERROR;

	/* We can't do crypt with pg_shadow MD5 passwords */
	if (isMD5(passwd) && port->auth_method == uaCrypt)
	{
		elog(LOG, "Password is stored MD5 encrypted.  "
			 "'crypt' auth method cannot be used.");
		return STATUS_ERROR;
	}

	/*
	 * Compare with the encrypted or plain password depending on the
	 * authentication method being used for this connection.
	 */
	switch (port->auth_method)
	{
		case uaMD5:
			crypt_pwd = palloc(MD5_PASSWD_LEN + 1);
			if (isMD5(passwd))
			{
				/* pg_shadow already encrypted, only do salt */
				if (!EncryptMD5(passwd + strlen("md5"),
								(char *) port->md5Salt,
								sizeof(port->md5Salt), crypt_pwd))
				{
					pfree(crypt_pwd);
					return STATUS_ERROR;
				}
			}
			else
			{
				/* pg_shadow plain, double-encrypt */
				char	   *crypt_pwd2 = palloc(MD5_PASSWD_LEN + 1);

				if (!EncryptMD5(passwd, port->user, strlen(port->user),
								crypt_pwd2))
				{
					pfree(crypt_pwd);
					pfree(crypt_pwd2);
					return STATUS_ERROR;
				}
				if (!EncryptMD5(crypt_pwd2 + strlen("md5"), port->md5Salt,
								sizeof(port->md5Salt), crypt_pwd))
				{
					pfree(crypt_pwd);
					pfree(crypt_pwd2);
					return STATUS_ERROR;
				}
				pfree(crypt_pwd2);
			}
			break;
		case uaCrypt:
			{
				char		salt[3];

				StrNCpy(salt, port->cryptSalt, 3);
				crypt_pwd = crypt(passwd, salt);
				break;
			}
		default:
			if (isMD5(passwd))
			{
				/* Encrypt user-supplied password to match MD5 in pg_shadow */
				crypt_pgpass = palloc(MD5_PASSWD_LEN + 1);
				if (!EncryptMD5(pgpass, port->user, strlen(port->user),
								crypt_pgpass))
				{
					pfree(crypt_pgpass);
					return STATUS_ERROR;
				}
			}
			crypt_pwd = passwd;
			break;
	}

	if (strcmp(crypt_pgpass, crypt_pwd) == 0)
	{
		/*
		 * Password OK, now check to be sure we are not past valuntil
		 */
		AbsoluteTime vuntil,
					current;

		if (!valuntil)
			vuntil = INVALID_ABSTIME;
		else
			vuntil = DatumGetAbsoluteTime(DirectFunctionCall1(nabstimein,
											 CStringGetDatum(valuntil)));
		current = GetCurrentAbsoluteTime();
		if (vuntil != INVALID_ABSTIME && vuntil < current)
			retval = STATUS_ERROR;
		else
			retval = STATUS_OK;
	}

	if (port->auth_method == uaMD5)
		pfree(crypt_pwd);
	if (crypt_pgpass != pgpass)
		pfree(crypt_pgpass);

	return retval;
}
Missed a few files from Todd's patch...oops :) 1997-12-04 01:34:01 +01:00			`/*-------------------------------------------------------------------------`
			`*`
Change my-function-name-- to my_function_name, and optimizer renames. 1999-02-14 00:22:53 +01:00			`* crypt.c`
Minor code cleanups. 2001-11-01 19:10:48 +01:00			`* Look into the password file and check the encrypted password with`
			`* the one passed in from the frontend.`
Missed a few files from Todd's patch...oops :) 1997-12-04 01:34:01 +01:00			`*`
Minor code cleanups. 2001-11-01 19:10:48 +01:00			`* Original coding by Todd A. Brandys`
Slightly delayed patches from Todd...damn holidays :) o A new patch that contains the following changes: -- The pg_pwd file is now cached in the postmaster's memory. -- pg_pwd is reloaded when the postmaster detects a flag file creat()'ed by a backend. -- qsort() is used to sort loaded password entries, and bsearch() is is used to find entries in the pg_pwd cache. -- backends now copy the pg_user relation to pg_pwd.pid, and then rename the temp file to be pg_pwd. -- The delimiter for pg_pwd has been changed to a tab character. 1997-12-30 03:26:56 +01:00			`*`
Update copyright to 2002. 2002-06-20 22:29:54 +02:00			`* Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group`
Minor code cleanups. 2001-11-01 19:10:48 +01:00			`* Portions Copyright (c) 1994, Regents of the University of California`
Slightly delayed patches from Todd...damn holidays :) o A new patch that contains the following changes: -- The pg_pwd file is now cached in the postmaster's memory. -- pg_pwd is reloaded when the postmaster detects a flag file creat()'ed by a backend. -- qsort() is used to sort loaded password entries, and bsearch() is is used to find entries in the pg_pwd cache. -- backends now copy the pg_user relation to pg_pwd.pid, and then rename the temp file to be pg_pwd. -- The delimiter for pg_pwd has been changed to a tab character. 1997-12-30 03:26:56 +01:00			`*`
Allow 'password' encryption even when pg_shadow has MD5 passwords, per report from Terry Yapt and Hiroshi. Backpatch to 7.3. 2002-12-05 19:39:43 +01:00			`* $Header: /cvsroot/pgsql/src/backend/libpq/crypt.c,v 1.50 2002/12/05 18:39:43 momjian Exp $`
Missed a few files from Todd's patch...oops :) 1997-12-04 01:34:01 +01:00			`*`
			`*-------------------------------------------------------------------------`
			`*/`
Minor code cleanups. 2001-11-01 19:10:48 +01:00			`#include "postgres.h"`
Missed a few files from Todd's patch...oops :) 1997-12-04 01:34:01 +01:00
			`#include <unistd.h>`
Fix pg_pwd caching mechanism, which was broken by changes to fork postmaster children before client auth step. Postmaster now rereads pg_pwd on receipt of SIGHUP, the same way that pg_hba.conf is handled. No cycles need be expended to validate password cache validity during connection startup. 2001-11-02 19:39:57 +01:00			`#ifdef HAVE_CRYPT_H`
			`#include <crypt.h>`
			`#endif`
Missed a few files from Todd's patch...oops :) 1997-12-04 01:34:01 +01:00
Final cleanup. 1999-07-16 07:00:38 +02:00			`#include "libpq/crypt.h"`
Add 4-byte MD5 salt. 2001-08-17 04:59:20 +02:00			`#include "libpq/libpq.h"`
Make password null on startup. 1997-12-12 17:26:36 +01:00			`#include "miscadmin.h"`
Major code cleanup following the pg_password insertion... ...malloc/free -> palloc/pfree ...fopen/fclose -> AllocateFile/FreeFile 1997-12-09 04:11:25 +01:00			`#include "storage/fd.h"`
Authentication improvements: A new pg_hba.conf column, USER Allow specifiction of lists of users separated by commas Allow group names specified by + Allow include files containing lists of users specified by @ Allow lists of databases, and database files Allow samegroup in database column to match group name matching dbname Removal of secondary password files Remove pg_passwd utility Lots of code cleanup in user.c and hba.c New data/global/pg_pwd format New data/global/pg_group file 2002-04-04 06:25:54 +02:00			`#include "nodes/pg_list.h"`
Final cleanup. 1999-07-16 07:00:38 +02:00			`#include "utils/nabstime.h"`
Slightly delayed patches from Todd...damn holidays :) o A new patch that contains the following changes: -- The pg_pwd file is now cached in the postmaster's memory. -- pg_pwd is reloaded when the postmaster detects a flag file creat()'ed by a backend. -- qsort() is used to sort loaded password entries, and bsearch() is is used to find entries in the pg_pwd cache. -- backends now copy the pg_user relation to pg_pwd.pid, and then rename the temp file to be pg_pwd. -- The delimiter for pg_pwd has been changed to a tab character. 1997-12-30 03:26:56 +01:00
From: Phil Thompson <phil@river-bank.demon.co.uk> I've completed the patch to fix the protocol and authentication issues I was discussing a couple of weeks ago. The particular changes are: - the protocol has a version number - network byte order is used throughout - the pg_hba.conf file is used to specify what method is used to authenticate a frontend (either password, ident, trust, reject, krb4 or krb5) - support for multiplexed backends is removed - appropriate changes to man pages - the -a switch to many programs to specify an authentication service no longer has any effect - the libpq.so version number has changed to 1.1 The new backend still supports the old protocol so old interfaces won't break. 1998-01-26 02:42:53 +01:00
pgindent run before 6.3 release, with Thomas' requested changes. 1998-02-26 05:46:47 +01:00			`int`
Allow 'password' encryption even when pg_shadow has MD5 passwords, per report from Terry Yapt and Hiroshi. Backpatch to 7.3. 2002-12-05 19:39:43 +01:00			`md5_crypt_verify(const Port port, const char user, char *pgpass)`
pgindent run before 6.3 release, with Thomas' requested changes. 1998-02-26 05:46:47 +01:00			`{`
Fix password code to deal with new quoting code. 2002-04-25 02:56:36 +02:00			`char *passwd = NULL,`
			`*valuntil = NULL,`
pgindent run over code. 1999-05-25 18:15:34 +02:00			`*crypt_pwd;`
			`int retval = STATUS_ERROR;`
pgindent run. 2002-09-04 22:31:48 +02:00			`List **line;`
			`List *token;`
Allow 'password' encryption even when pg_shadow has MD5 passwords, per report from Terry Yapt and Hiroshi. Backpatch to 7.3. 2002-12-05 19:39:43 +01:00			`char *crypt_pgpass = pgpass;`
pgindent run. 2002-09-04 22:31:48 +02:00
Authentication improvements: A new pg_hba.conf column, USER Allow specifiction of lists of users separated by commas Allow group names specified by + Allow include files containing lists of users specified by @ Allow lists of databases, and database files Allow samegroup in database column to match group name matching dbname Removal of secondary password files Remove pg_passwd utility Lots of code cleanup in user.c and hba.c New data/global/pg_pwd format New data/global/pg_group file 2002-04-04 06:25:54 +02:00			`if ((line = get_user_line(user)) == NULL)`
pgindent run before 6.3 release, with Thomas' requested changes. 1998-02-26 05:46:47 +01:00			`return STATUS_ERROR;`

Fix password code to deal with new quoting code. 2002-04-25 02:56:36 +02:00			`/* Skip over line number and username */`
			`token = lnext(lnext(*line));`
			`if (token)`
			`{`
			`passwd = lfirst(token);`
			`token = lnext(token);`
			`if (token)`
			`valuntil = lfirst(token);`
			`}`
pgindent run. 2002-09-04 22:31:48 +02:00
pgindent run before 6.3 release, with Thomas' requested changes. 1998-02-26 05:46:47 +01:00			`if (passwd == NULL \|\| *passwd == '\0')`
			`return STATUS_ERROR;`

Allow 'password' encryption even when pg_shadow has MD5 passwords, per report from Terry Yapt and Hiroshi. Backpatch to 7.3. 2002-12-05 19:39:43 +01:00			`/* We can't do crypt with pg_shadow MD5 passwords */`
			`if (isMD5(passwd) && port->auth_method == uaCrypt)`
Add 4-byte MD5 salt. 2001-08-17 04:59:20 +02:00			`{`
Further work on elog cleanup: fix some bogosities in elog's logic about when to send what to which, prevent recursion by introducing new COMMERROR elog level for client-communication problems, get rid of direct writes to stderr in backend/libpq files, prevent non-error elogs from going to client during the authentication cycle. 2002-03-04 02:46:04 +01:00			`elog(LOG, "Password is stored MD5 encrypted. "`
Allow 'password' encryption even when pg_shadow has MD5 passwords, per report from Terry Yapt and Hiroshi. Backpatch to 7.3. 2002-12-05 19:39:43 +01:00			`"'crypt' auth method cannot be used.");`
Add 4-byte MD5 salt. 2001-08-17 04:59:20 +02:00			`return STATUS_ERROR;`
			`}`

pgindent run before 6.3 release, with Thomas' requested changes. 1998-02-26 05:46:47 +01:00			`/*`
			`* Compare with the encrypted or plain password depending on the`
			`* authentication method being used for this connection.`
			`*/`
Add 4-byte MD5 salt. 2001-08-17 04:59:20 +02:00			`switch (port->auth_method)`
			`{`
Use MD5 for wire protocol encryption for >= 7.2 client/server. Allow pg_shadow to be MD5 encrypted. Add ENCRYPTED/UNENCRYPTED option to CREATE/ALTER user. Add password_encryption postgresql.conf option. Update wire protocol version to 2.1. 2001-08-15 20:42:16 +02:00			`case uaMD5:`
pgindent run on all C files. Java run to follow. initdb/regression tests pass. 2001-10-25 07:50:21 +02:00			`crypt_pwd = palloc(MD5_PASSWD_LEN + 1);`
Use MD5 for wire protocol encryption for >= 7.2 client/server. Allow pg_shadow to be MD5 encrypted. Add ENCRYPTED/UNENCRYPTED option to CREATE/ALTER user. Add password_encryption postgresql.conf option. Update wire protocol version to 2.1. 2001-08-15 20:42:16 +02:00			`if (isMD5(passwd))`
			`{`
Allow 'password' encryption even when pg_shadow has MD5 passwords, per report from Terry Yapt and Hiroshi. Backpatch to 7.3. 2002-12-05 19:39:43 +01:00			`/* pg_shadow already encrypted, only do salt */`
Use MD5 for wire protocol encryption for >= 7.2 client/server. Allow pg_shadow to be MD5 encrypted. Add ENCRYPTED/UNENCRYPTED option to CREATE/ALTER user. Add password_encryption postgresql.conf option. Update wire protocol version to 2.1. 2001-08-15 20:42:16 +02:00			`if (!EncryptMD5(passwd + strlen("md5"),`
pgindent run on all C files. Java run to follow. initdb/regression tests pass. 2001-10-25 07:50:21 +02:00			`(char *) port->md5Salt,`
Add 4-byte MD5 salt. 2001-08-17 04:59:20 +02:00			`sizeof(port->md5Salt), crypt_pwd))`
Use MD5 for wire protocol encryption for >= 7.2 client/server. Allow pg_shadow to be MD5 encrypted. Add ENCRYPTED/UNENCRYPTED option to CREATE/ALTER user. Add password_encryption postgresql.conf option. Update wire protocol version to 2.1. 2001-08-15 20:42:16 +02:00			`{`
			`pfree(crypt_pwd);`
			`return STATUS_ERROR;`
			`}`
			`}`
			`else`
			`{`
Allow 'password' encryption even when pg_shadow has MD5 passwords, per report from Terry Yapt and Hiroshi. Backpatch to 7.3. 2002-12-05 19:39:43 +01:00			`/* pg_shadow plain, double-encrypt */`
pgindent run on all C files. Java run to follow. initdb/regression tests pass. 2001-10-25 07:50:21 +02:00			`char *crypt_pwd2 = palloc(MD5_PASSWD_LEN + 1);`
Use MD5 for wire protocol encryption for >= 7.2 client/server. Allow pg_shadow to be MD5 encrypted. Add ENCRYPTED/UNENCRYPTED option to CREATE/ALTER user. Add password_encryption postgresql.conf option. Update wire protocol version to 2.1. 2001-08-15 20:42:16 +02:00
Add 4-byte MD5 salt. 2001-08-17 04:59:20 +02:00			`if (!EncryptMD5(passwd, port->user, strlen(port->user),`
			`crypt_pwd2))`
Use MD5 for wire protocol encryption for >= 7.2 client/server. Allow pg_shadow to be MD5 encrypted. Add ENCRYPTED/UNENCRYPTED option to CREATE/ALTER user. Add password_encryption postgresql.conf option. Update wire protocol version to 2.1. 2001-08-15 20:42:16 +02:00			`{`
			`pfree(crypt_pwd);`
			`pfree(crypt_pwd2);`
			`return STATUS_ERROR;`
			`}`
Add 4-byte MD5 salt. 2001-08-17 04:59:20 +02:00			`if (!EncryptMD5(crypt_pwd2 + strlen("md5"), port->md5Salt,`
			`sizeof(port->md5Salt), crypt_pwd))`
Use MD5 for wire protocol encryption for >= 7.2 client/server. Allow pg_shadow to be MD5 encrypted. Add ENCRYPTED/UNENCRYPTED option to CREATE/ALTER user. Add password_encryption postgresql.conf option. Update wire protocol version to 2.1. 2001-08-15 20:42:16 +02:00			`{`
			`pfree(crypt_pwd);`
			`pfree(crypt_pwd2);`
			`return STATUS_ERROR;`
			`}`
			`pfree(crypt_pwd2);`
			`}`
			`break;`
Reorder MD5/crypt so MD5 comes first in the code. 2001-08-17 17:40:07 +02:00			`case uaCrypt:`
pgindent run on all C files. Java run to follow. initdb/regression tests pass. 2001-10-25 07:50:21 +02:00			`{`
			`char salt[3];`

			`StrNCpy(salt, port->cryptSalt, 3);`
			`crypt_pwd = crypt(passwd, salt);`
			`break;`
			`}`
Use MD5 for wire protocol encryption for >= 7.2 client/server. Allow pg_shadow to be MD5 encrypted. Add ENCRYPTED/UNENCRYPTED option to CREATE/ALTER user. Add password_encryption postgresql.conf option. Update wire protocol version to 2.1. 2001-08-15 20:42:16 +02:00			`default:`
Allow 'password' encryption even when pg_shadow has MD5 passwords, per report from Terry Yapt and Hiroshi. Backpatch to 7.3. 2002-12-05 19:39:43 +01:00			`if (isMD5(passwd))`
			`{`
			`/* Encrypt user-supplied password to match MD5 in pg_shadow */`
			`crypt_pgpass = palloc(MD5_PASSWD_LEN + 1);`
			`if (!EncryptMD5(pgpass, port->user, strlen(port->user),`
			`crypt_pgpass))`
			`{`
			`pfree(crypt_pgpass);`
			`return STATUS_ERROR;`
			`}`
			`}`
Use MD5 for wire protocol encryption for >= 7.2 client/server. Allow pg_shadow to be MD5 encrypted. Add ENCRYPTED/UNENCRYPTED option to CREATE/ALTER user. Add password_encryption postgresql.conf option. Update wire protocol version to 2.1. 2001-08-15 20:42:16 +02:00			`crypt_pwd = passwd;`
			`break;`
			`}`
pgindent run before 6.3 release, with Thomas' requested changes. 1998-02-26 05:46:47 +01:00
Allow 'password' encryption even when pg_shadow has MD5 passwords, per report from Terry Yapt and Hiroshi. Backpatch to 7.3. 2002-12-05 19:39:43 +01:00			`if (strcmp(crypt_pgpass, crypt_pwd) == 0)`
pgindent run before 6.3 release, with Thomas' requested changes. 1998-02-26 05:46:47 +01:00			`{`
			`/*`
Minor code cleanups. 2001-11-01 19:10:48 +01:00			`* Password OK, now check to be sure we are not past valuntil`
pgindent run before 6.3 release, with Thomas' requested changes. 1998-02-26 05:46:47 +01:00			`*/`
Minor code cleanups. 2001-11-01 19:10:48 +01:00			`AbsoluteTime vuntil,`
			`current;`

Fix password code to deal with new quoting code. 2002-04-25 02:56:36 +02:00			`if (!valuntil)`
pgindent run before 6.3 release, with Thomas' requested changes. 1998-02-26 05:46:47 +01:00			`vuntil = INVALID_ABSTIME;`
			`else`
Another round of updates for new fmgr, mostly in the datetime code. 2000-06-09 03:11:16 +02:00			`vuntil = DatumGetAbsoluteTime(DirectFunctionCall1(nabstimein,`
pgindent run. Make it all clean. 2001-03-22 05:01:46 +01:00			`CStringGetDatum(valuntil)));`
pgindent run before 6.3 release, with Thomas' requested changes. 1998-02-26 05:46:47 +01:00			`current = GetCurrentAbsoluteTime();`
			`if (vuntil != INVALID_ABSTIME && vuntil < current)`
			`retval = STATUS_ERROR;`
			`else`
			`retval = STATUS_OK;`
			`}`

Use MD5 for wire protocol encryption for >= 7.2 client/server. Allow pg_shadow to be MD5 encrypted. Add ENCRYPTED/UNENCRYPTED option to CREATE/ALTER user. Add password_encryption postgresql.conf option. Update wire protocol version to 2.1. 2001-08-15 20:42:16 +02:00			`if (port->auth_method == uaMD5)`
			`pfree(crypt_pwd);`
Allow 'password' encryption even when pg_shadow has MD5 passwords, per report from Terry Yapt and Hiroshi. Backpatch to 7.3. 2002-12-05 19:39:43 +01:00			`if (crypt_pgpass != pgpass)`
			`pfree(crypt_pgpass);`
pgindent run before 6.3 release, with Thomas' requested changes. 1998-02-26 05:46:47 +01:00
			`return retval;`
Missed a few files from Todd's patch...oops :) 1997-12-04 01:34:01 +01:00			`}`