1997-12-04 01:34:01 +01:00
|
|
|
/*-------------------------------------------------------------------------
|
|
|
|
*
|
|
|
|
* crypt.c--
|
|
|
|
* Look into pg_user and check the encrypted password with the one
|
|
|
|
* passed in from the frontend.
|
|
|
|
*
|
1997-12-30 03:26:56 +01:00
|
|
|
* Modification History
|
|
|
|
*
|
|
|
|
* Dec 17, 1997 - Todd A. Brandys
|
|
|
|
* Orignal Version Completed.
|
|
|
|
*
|
1997-12-04 01:34:01 +01:00
|
|
|
*
|
|
|
|
*-------------------------------------------------------------------------
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
#ifdef HAVE_CRYPT_H
|
|
|
|
#include <crypt.h>
|
|
|
|
#endif
|
|
|
|
|
1997-12-09 04:11:25 +01:00
|
|
|
#include "postgres.h"
|
1997-12-12 17:26:36 +01:00
|
|
|
#include "miscadmin.h"
|
1997-12-09 04:11:25 +01:00
|
|
|
#include "utils/nabstime.h"
|
|
|
|
#include "storage/fd.h"
|
1997-12-30 03:26:56 +01:00
|
|
|
#include "libpq/crypt.h"
|
|
|
|
|
|
|
|
char** pwd_cache = NULL;
|
|
|
|
int pwd_cache_count = 0;
|
|
|
|
|
|
|
|
/*-------------------------------------------------------------------------*/
|
1997-12-04 01:34:01 +01:00
|
|
|
|
|
|
|
char* crypt_getpwdfilename() {
|
|
|
|
|
1997-12-30 03:26:56 +01:00
|
|
|
static char* pfnam = NULL;
|
1997-12-04 01:34:01 +01:00
|
|
|
|
1997-12-30 03:26:56 +01:00
|
|
|
if (!pfnam) {
|
|
|
|
pfnam = (char*)malloc(strlen(DataDir) + strlen(CRYPT_PWD_FILE) + 2);
|
|
|
|
sprintf(pfnam, "%s/%s", DataDir, CRYPT_PWD_FILE);
|
1997-12-04 01:34:01 +01:00
|
|
|
}
|
|
|
|
|
1997-12-30 03:26:56 +01:00
|
|
|
return pfnam;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*-------------------------------------------------------------------------*/
|
|
|
|
|
|
|
|
char* crypt_getpwdreloadfilename() {
|
|
|
|
|
|
|
|
static char* rpfnam = NULL;
|
|
|
|
|
|
|
|
if (!rpfnam) {
|
|
|
|
char* pwdfilename;
|
|
|
|
|
|
|
|
pwdfilename = crypt_getpwdfilename();
|
|
|
|
rpfnam = (char*)malloc(strlen(pwdfilename) + strlen(CRYPT_PWD_RELOAD_SUFX) + 1);
|
|
|
|
sprintf(rpfnam, "%s%s", pwdfilename, CRYPT_PWD_RELOAD_SUFX);
|
|
|
|
}
|
|
|
|
|
|
|
|
return rpfnam;
|
1997-12-04 01:34:01 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/*-------------------------------------------------------------------------*/
|
|
|
|
|
|
|
|
static
|
|
|
|
FILE* crypt_openpwdfile() {
|
|
|
|
char* filename;
|
1997-12-30 03:26:56 +01:00
|
|
|
FILE* pwdfile;
|
1997-12-04 01:34:01 +01:00
|
|
|
|
|
|
|
filename = crypt_getpwdfilename();
|
1997-12-30 03:26:56 +01:00
|
|
|
pwdfile = AllocateFile(filename, "r");
|
|
|
|
|
|
|
|
return pwdfile;
|
1997-12-04 01:34:01 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/*-------------------------------------------------------------------------*/
|
|
|
|
|
|
|
|
static
|
1997-12-30 03:26:56 +01:00
|
|
|
int compar_user(const void* user_a, const void* user_b) {
|
1997-12-04 01:34:01 +01:00
|
|
|
|
1997-12-30 03:26:56 +01:00
|
|
|
int min,
|
|
|
|
value;
|
|
|
|
char* login_a;
|
|
|
|
char* login_b;
|
1997-12-04 01:34:01 +01:00
|
|
|
|
1997-12-30 03:26:56 +01:00
|
|
|
login_a = *((char**)user_a);
|
|
|
|
login_b = *((char**)user_b);
|
1997-12-04 01:34:01 +01:00
|
|
|
|
1997-12-30 03:26:56 +01:00
|
|
|
/* We only really want to compare the user logins which are first. We look
|
|
|
|
* for the first SEPSTR char getting the number of chars there are before it.
|
|
|
|
* We only need to compare to the min count from the two strings.
|
1997-12-04 01:34:01 +01:00
|
|
|
*/
|
1997-12-30 03:26:56 +01:00
|
|
|
min = strcspn(login_a, CRYPT_PWD_FILE_SEPSTR);
|
|
|
|
value = strcspn(login_b, CRYPT_PWD_FILE_SEPSTR);
|
|
|
|
if (value < min)
|
|
|
|
min = value;
|
|
|
|
|
|
|
|
/* We add one to min so that the separator character is included in the
|
|
|
|
* comparison. Why? I believe this will prevent logins that are proper
|
|
|
|
* prefixes of other logins from being 'masked out'. Being conservative!
|
|
|
|
*/
|
|
|
|
return strncmp(login_a, login_b, min + 1);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*-------------------------------------------------------------------------*/
|
|
|
|
|
|
|
|
static
|
|
|
|
void crypt_loadpwdfile() {
|
|
|
|
|
|
|
|
char* filename;
|
|
|
|
int result;
|
|
|
|
FILE* pwd_file;
|
|
|
|
char buffer[256];
|
|
|
|
|
|
|
|
filename = crypt_getpwdreloadfilename();
|
|
|
|
result = unlink(filename);
|
|
|
|
|
|
|
|
/* We want to delete the flag file before reading the contents of the pg_pwd
|
|
|
|
* file. If result == 0 then the unlink of the reload file was successful.
|
|
|
|
* This means that a backend performed a COPY of the pg_user file to
|
|
|
|
* pg_pwd. Therefore we must now do a reload.
|
|
|
|
*/
|
|
|
|
if (!pwd_cache || !result) {
|
|
|
|
if (pwd_cache) { /* free the old data only if this is a reload */
|
|
|
|
while (pwd_cache_count--) {
|
|
|
|
free((void*)pwd_cache[pwd_cache_count]);
|
|
|
|
}
|
|
|
|
free((void*)pwd_cache);
|
|
|
|
pwd_cache = NULL;
|
|
|
|
pwd_cache_count = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!(pwd_file = crypt_openpwdfile()))
|
|
|
|
return;
|
|
|
|
|
|
|
|
/* Here is where we load the data from pg_pwd.
|
|
|
|
*/
|
|
|
|
while (fgets(buffer, 256, pwd_file) != NULL) {
|
|
|
|
/* We must remove the return char at the end of the string, as this will
|
|
|
|
* affect the correct parsing of the password entry.
|
|
|
|
*/
|
|
|
|
if (buffer[(result = strlen(buffer) - 1)] == '\n')
|
|
|
|
buffer[result] = '\0';
|
|
|
|
|
|
|
|
pwd_cache = (char**)realloc((void*)pwd_cache, sizeof(char*) * (pwd_cache_count + 1));
|
|
|
|
pwd_cache[pwd_cache_count++] = strdup(buffer);
|
|
|
|
}
|
|
|
|
fclose(pwd_file);
|
|
|
|
|
|
|
|
/* Now sort the entries in the cache for faster searching later.
|
|
|
|
*/
|
|
|
|
qsort((void*)pwd_cache, pwd_cache_count, sizeof(char*), compar_user);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*-------------------------------------------------------------------------*/
|
|
|
|
|
|
|
|
static
|
|
|
|
void crypt_parsepwdentry(char* buffer, char** pwd, char** valdate) {
|
|
|
|
|
|
|
|
char* parse = buffer;
|
|
|
|
int count,
|
|
|
|
i;
|
1997-12-04 01:34:01 +01:00
|
|
|
|
|
|
|
/* skip to the password field
|
|
|
|
*/
|
1997-12-30 03:26:56 +01:00
|
|
|
for (i = 0; i < 6; i++)
|
|
|
|
parse += (strcspn(parse, CRYPT_PWD_FILE_SEPSTR) + 1);
|
1997-12-04 01:34:01 +01:00
|
|
|
|
|
|
|
/* store a copy of user password to return
|
|
|
|
*/
|
1997-12-30 03:26:56 +01:00
|
|
|
count = strcspn(parse, CRYPT_PWD_FILE_SEPSTR);
|
|
|
|
*pwd = (char*)malloc(count + 1);
|
1997-12-04 01:34:01 +01:00
|
|
|
strncpy(*pwd, parse, count);
|
|
|
|
(*pwd)[count] = '\0';
|
|
|
|
parse += (count + 1);
|
|
|
|
|
|
|
|
/* store a copy of date login becomes invalid
|
|
|
|
*/
|
1997-12-30 03:26:56 +01:00
|
|
|
count = strcspn(parse, CRYPT_PWD_FILE_SEPSTR);
|
|
|
|
*valdate = (char*)malloc(count + 1);
|
1997-12-04 01:34:01 +01:00
|
|
|
strncpy(*valdate, parse, count);
|
|
|
|
(*valdate)[count] = '\0';
|
|
|
|
parse += (count + 1);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*-------------------------------------------------------------------------*/
|
|
|
|
|
|
|
|
static
|
1997-12-30 03:26:56 +01:00
|
|
|
int crypt_getloginfo(const char* user, char** passwd, char** valuntil) {
|
1997-12-04 01:34:01 +01:00
|
|
|
|
|
|
|
char* pwd;
|
|
|
|
char* valdate;
|
1997-12-30 03:26:56 +01:00
|
|
|
void* fakeout;
|
1997-12-04 01:34:01 +01:00
|
|
|
|
|
|
|
*passwd = NULL;
|
|
|
|
*valuntil = NULL;
|
1997-12-30 03:26:56 +01:00
|
|
|
crypt_loadpwdfile();
|
1997-12-04 01:34:01 +01:00
|
|
|
|
1997-12-30 03:26:56 +01:00
|
|
|
if (pwd_cache) {
|
|
|
|
char** pwd_entry;
|
|
|
|
char user_search[NAMEDATALEN + 2];
|
1997-12-04 01:34:01 +01:00
|
|
|
|
1997-12-30 03:26:56 +01:00
|
|
|
sprintf(user_search, "%s\t", user);
|
|
|
|
fakeout = (void*)&user_search;
|
|
|
|
if ((pwd_entry = (char**)bsearch((void*)&fakeout, (void*)pwd_cache, pwd_cache_count, sizeof(char*), compar_user))) {
|
|
|
|
crypt_parsepwdentry(*pwd_entry, &pwd, &valdate);
|
1997-12-04 01:34:01 +01:00
|
|
|
*passwd = pwd;
|
|
|
|
*valuntil = valdate;
|
1997-12-30 03:26:56 +01:00
|
|
|
return STATUS_OK;
|
1997-12-04 01:34:01 +01:00
|
|
|
}
|
1997-12-30 03:26:56 +01:00
|
|
|
|
|
|
|
return STATUS_OK;
|
1997-12-04 01:34:01 +01:00
|
|
|
}
|
1997-12-30 03:26:56 +01:00
|
|
|
|
|
|
|
return STATUS_ERROR;
|
1997-12-04 01:34:01 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/*-------------------------------------------------------------------------*/
|
|
|
|
|
|
|
|
MsgType crypt_salt(const char* user) {
|
|
|
|
|
|
|
|
char* passwd;
|
|
|
|
char* valuntil;
|
|
|
|
|
1997-12-30 03:26:56 +01:00
|
|
|
if (crypt_getloginfo(user, &passwd, &valuntil) == STATUS_ERROR)
|
|
|
|
return STARTUP_UNSALT_MSG;
|
1997-12-04 01:34:01 +01:00
|
|
|
|
1997-12-12 17:26:36 +01:00
|
|
|
if (passwd == NULL || *passwd == '\0' || !strcmp(passwd, "\\N")) {
|
1997-12-30 03:26:56 +01:00
|
|
|
if (passwd) free((void*)passwd);
|
|
|
|
if (valuntil) free((void*)valuntil);
|
1997-12-04 01:34:01 +01:00
|
|
|
return STARTUP_UNSALT_MSG;
|
|
|
|
}
|
|
|
|
|
1997-12-30 03:26:56 +01:00
|
|
|
free((void*)passwd);
|
|
|
|
if (valuntil) free((void*)valuntil);
|
1997-12-04 01:34:01 +01:00
|
|
|
return STARTUP_SALT_MSG;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*-------------------------------------------------------------------------*/
|
|
|
|
|
|
|
|
int crypt_verify(Port* port, const char* user, const char* pgpass) {
|
|
|
|
|
|
|
|
char* passwd;
|
|
|
|
char* valuntil;
|
|
|
|
char* crypt_pwd;
|
|
|
|
int retval = STATUS_ERROR;
|
|
|
|
AbsoluteTime vuntil,
|
|
|
|
current;
|
|
|
|
|
1997-12-30 03:26:56 +01:00
|
|
|
if (crypt_getloginfo(user, &passwd, &valuntil) == STATUS_ERROR)
|
|
|
|
return STATUS_ERROR;
|
1997-12-04 01:34:01 +01:00
|
|
|
|
|
|
|
if (passwd == NULL || *passwd == '\0') {
|
1997-12-30 03:26:56 +01:00
|
|
|
if (passwd) free((void*)passwd);
|
|
|
|
if (valuntil) free((void*)valuntil);
|
1997-12-04 01:34:01 +01:00
|
|
|
return STATUS_ERROR;
|
|
|
|
}
|
|
|
|
|
|
|
|
crypt_pwd = crypt(passwd, port->salt);
|
|
|
|
if (!strcmp(pgpass, crypt_pwd)) {
|
|
|
|
/* check here to be sure we are not past valuntil
|
|
|
|
*/
|
|
|
|
if (!valuntil)
|
|
|
|
vuntil = INVALID_ABSTIME;
|
|
|
|
else
|
|
|
|
vuntil = nabstimein(valuntil);
|
|
|
|
current = GetCurrentAbsoluteTime();
|
|
|
|
if (vuntil != INVALID_ABSTIME && vuntil < current)
|
|
|
|
retval = STATUS_ERROR;
|
|
|
|
else
|
|
|
|
retval = STATUS_OK;
|
|
|
|
}
|
|
|
|
|
1997-12-30 03:26:56 +01:00
|
|
|
free((void*)passwd);
|
|
|
|
if (valuntil) free((void*)valuntil);
|
1997-12-04 01:34:01 +01:00
|
|
|
|
|
|
|
return retval;
|
|
|
|
}
|