1997-12-04 01:34:01 +01:00
|
|
|
/*-------------------------------------------------------------------------
|
|
|
|
*
|
1999-02-14 00:22:53 +01:00
|
|
|
* crypt.c
|
2001-11-01 19:10:48 +01:00
|
|
|
* Look into the password file and check the encrypted password with
|
|
|
|
* the one passed in from the frontend.
|
1997-12-04 01:34:01 +01:00
|
|
|
*
|
2001-11-01 19:10:48 +01:00
|
|
|
* Original coding by Todd A. Brandys
|
1997-12-30 03:26:56 +01:00
|
|
|
*
|
2009-01-01 18:24:05 +01:00
|
|
|
* Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
|
2001-11-01 19:10:48 +01:00
|
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
1997-12-30 03:26:56 +01:00
|
|
|
*
|
2009-01-01 18:24:05 +01:00
|
|
|
* $PostgreSQL: pgsql/src/backend/libpq/crypt.c,v 1.77 2009/01/01 17:23:42 momjian Exp $
|
1997-12-04 01:34:01 +01:00
|
|
|
*
|
|
|
|
*-------------------------------------------------------------------------
|
|
|
|
*/
|
2001-11-01 19:10:48 +01:00
|
|
|
#include "postgres.h"
|
1997-12-04 01:34:01 +01:00
|
|
|
|
|
|
|
#include <unistd.h>
|
2001-11-02 19:39:57 +01:00
|
|
|
#ifdef HAVE_CRYPT_H
|
|
|
|
#include <crypt.h>
|
|
|
|
#endif
|
1997-12-04 01:34:01 +01:00
|
|
|
|
1999-07-16 07:00:38 +02:00
|
|
|
#include "libpq/crypt.h"
|
2006-06-20 21:56:52 +02:00
|
|
|
#include "libpq/md5.h"
|
1997-12-30 03:26:56 +01:00
|
|
|
|
1998-01-26 02:42:53 +01:00
|
|
|
|
1998-02-26 05:46:47 +01:00
|
|
|
int
|
2005-06-28 07:09:14 +02:00
|
|
|
md5_crypt_verify(const Port *port, const char *role, char *client_pass)
|
1998-02-26 05:46:47 +01:00
|
|
|
{
|
2002-12-05 19:52:43 +01:00
|
|
|
char *shadow_pass = NULL,
|
2002-04-25 02:56:36 +02:00
|
|
|
*valuntil = NULL,
|
1999-05-25 18:15:34 +02:00
|
|
|
*crypt_pwd;
|
|
|
|
int retval = STATUS_ERROR;
|
2002-09-04 22:31:48 +02:00
|
|
|
List **line;
|
2004-05-26 06:41:50 +02:00
|
|
|
ListCell *token;
|
2002-12-05 19:52:43 +01:00
|
|
|
char *crypt_client_pass = client_pass;
|
2002-09-04 22:31:48 +02:00
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
if ((line = get_role_line(role)) == NULL)
|
1998-02-26 05:46:47 +01:00
|
|
|
return STATUS_ERROR;
|
|
|
|
|
2005-06-28 07:09:14 +02:00
|
|
|
/* Skip over rolename */
|
2005-02-20 05:45:59 +01:00
|
|
|
token = list_head(*line);
|
|
|
|
if (token)
|
|
|
|
token = lnext(token);
|
2002-04-25 02:56:36 +02:00
|
|
|
if (token)
|
|
|
|
{
|
2005-02-20 05:45:59 +01:00
|
|
|
shadow_pass = (char *) lfirst(token);
|
2002-04-25 02:56:36 +02:00
|
|
|
token = lnext(token);
|
|
|
|
if (token)
|
2005-02-20 05:45:59 +01:00
|
|
|
valuntil = (char *) lfirst(token);
|
2002-04-25 02:56:36 +02:00
|
|
|
}
|
2002-09-04 22:31:48 +02:00
|
|
|
|
2002-12-05 19:52:43 +01:00
|
|
|
if (shadow_pass == NULL || *shadow_pass == '\0')
|
1998-02-26 05:46:47 +01:00
|
|
|
return STATUS_ERROR;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Compare with the encrypted or plain password depending on the
|
|
|
|
* authentication method being used for this connection.
|
|
|
|
*/
|
2008-09-15 14:32:57 +02:00
|
|
|
switch (port->hba->auth_method)
|
2001-08-17 04:59:20 +02:00
|
|
|
{
|
2001-08-15 20:42:16 +02:00
|
|
|
case uaMD5:
|
2001-10-25 07:50:21 +02:00
|
|
|
crypt_pwd = palloc(MD5_PASSWD_LEN + 1);
|
2002-12-05 19:52:43 +01:00
|
|
|
if (isMD5(shadow_pass))
|
2001-08-15 20:42:16 +02:00
|
|
|
{
|
2005-08-15 04:40:36 +02:00
|
|
|
/* stored password already encrypted, only do salt */
|
2005-10-17 18:24:20 +02:00
|
|
|
if (!pg_md5_encrypt(shadow_pass + strlen("md5"),
|
|
|
|
(char *) port->md5Salt,
|
|
|
|
sizeof(port->md5Salt), crypt_pwd))
|
2001-08-15 20:42:16 +02:00
|
|
|
{
|
|
|
|
pfree(crypt_pwd);
|
|
|
|
return STATUS_ERROR;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2005-08-15 04:40:36 +02:00
|
|
|
/* stored password is plain, double-encrypt */
|
2001-10-25 07:50:21 +02:00
|
|
|
char *crypt_pwd2 = palloc(MD5_PASSWD_LEN + 1);
|
2001-08-15 20:42:16 +02:00
|
|
|
|
2005-10-17 18:24:20 +02:00
|
|
|
if (!pg_md5_encrypt(shadow_pass,
|
|
|
|
port->user_name,
|
|
|
|
strlen(port->user_name),
|
|
|
|
crypt_pwd2))
|
2001-08-15 20:42:16 +02:00
|
|
|
{
|
|
|
|
pfree(crypt_pwd);
|
|
|
|
pfree(crypt_pwd2);
|
|
|
|
return STATUS_ERROR;
|
|
|
|
}
|
2005-10-17 18:24:20 +02:00
|
|
|
if (!pg_md5_encrypt(crypt_pwd2 + strlen("md5"),
|
|
|
|
port->md5Salt,
|
|
|
|
sizeof(port->md5Salt),
|
|
|
|
crypt_pwd))
|
2001-08-15 20:42:16 +02:00
|
|
|
{
|
|
|
|
pfree(crypt_pwd);
|
|
|
|
pfree(crypt_pwd2);
|
|
|
|
return STATUS_ERROR;
|
|
|
|
}
|
|
|
|
pfree(crypt_pwd2);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
default:
|
2002-12-05 19:52:43 +01:00
|
|
|
if (isMD5(shadow_pass))
|
2002-12-05 19:39:43 +01:00
|
|
|
{
|
2005-08-15 04:40:36 +02:00
|
|
|
/* Encrypt user-supplied password to match stored MD5 */
|
2002-12-05 19:52:43 +01:00
|
|
|
crypt_client_pass = palloc(MD5_PASSWD_LEN + 1);
|
2005-10-17 18:24:20 +02:00
|
|
|
if (!pg_md5_encrypt(client_pass,
|
|
|
|
port->user_name,
|
|
|
|
strlen(port->user_name),
|
|
|
|
crypt_client_pass))
|
2002-12-05 19:39:43 +01:00
|
|
|
{
|
2002-12-05 19:52:43 +01:00
|
|
|
pfree(crypt_client_pass);
|
2002-12-05 19:39:43 +01:00
|
|
|
return STATUS_ERROR;
|
|
|
|
}
|
|
|
|
}
|
2002-12-05 19:52:43 +01:00
|
|
|
crypt_pwd = shadow_pass;
|
2001-08-15 20:42:16 +02:00
|
|
|
break;
|
|
|
|
}
|
1998-02-26 05:46:47 +01:00
|
|
|
|
2002-12-05 19:52:43 +01:00
|
|
|
if (strcmp(crypt_client_pass, crypt_pwd) == 0)
|
1998-02-26 05:46:47 +01:00
|
|
|
{
|
|
|
|
/*
|
2001-11-01 19:10:48 +01:00
|
|
|
* Password OK, now check to be sure we are not past valuntil
|
1998-02-26 05:46:47 +01:00
|
|
|
*/
|
2005-02-20 05:45:59 +01:00
|
|
|
if (valuntil == NULL || *valuntil == '\0')
|
1998-02-26 05:46:47 +01:00
|
|
|
retval = STATUS_OK;
|
2005-06-28 07:09:14 +02:00
|
|
|
else
|
|
|
|
{
|
|
|
|
TimestampTz vuntil;
|
|
|
|
|
|
|
|
vuntil = DatumGetTimestampTz(DirectFunctionCall3(timestamptz_in,
|
2005-10-15 04:49:52 +02:00
|
|
|
CStringGetDatum(valuntil),
|
|
|
|
ObjectIdGetDatum(InvalidOid),
|
|
|
|
Int32GetDatum(-1)));
|
2005-06-28 07:09:14 +02:00
|
|
|
|
2005-06-30 00:51:57 +02:00
|
|
|
if (vuntil < GetCurrentTimestamp())
|
2005-06-28 07:09:14 +02:00
|
|
|
retval = STATUS_ERROR;
|
|
|
|
else
|
|
|
|
retval = STATUS_OK;
|
|
|
|
}
|
1998-02-26 05:46:47 +01:00
|
|
|
}
|
|
|
|
|
2008-09-15 14:32:57 +02:00
|
|
|
if (port->hba->auth_method == uaMD5)
|
2001-08-15 20:42:16 +02:00
|
|
|
pfree(crypt_pwd);
|
2002-12-05 19:52:43 +01:00
|
|
|
if (crypt_client_pass != client_pass)
|
|
|
|
pfree(crypt_client_pass);
|
1998-02-26 05:46:47 +01:00
|
|
|
|
|
|
|
return retval;
|
1997-12-04 01:34:01 +01:00
|
|
|
}
|