rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/src/backend/libpq/crypt.c

169 lines
3.8 KiB
C
Raw Normal View History

Missed a few files from Todd's patch...oops :)
1997-12-04 01:34:01 +01:00
/*-------------------------------------------------------------------------
*
Change my-function-name-- to my_function_name, and optimizer renames.
1999-02-14 00:22:53 +01:00
* crypt.c
Minor code cleanups.
2001-11-01 19:10:48 +01:00
* Look into the password file and check the encrypted password with
* the one passed in from the frontend.
Missed a few files from Todd's patch...oops :)
1997-12-04 01:34:01 +01:00
*
Minor code cleanups.
2001-11-01 19:10:48 +01:00
* Original coding by Todd A. Brandys
Slightly delayed patches from Todd...damn holidays :) o A new patch that contains the following changes: -- The pg_pwd file is now cached in the postmaster's memory. -- pg_pwd is reloaded when the postmaster detects a flag file creat()'ed by a backend. -- qsort() is used to sort loaded password entries, and bsearch() is is used to find entries in the pg_pwd cache. -- backends now copy the pg_user relation to pg_pwd.pid, and then rename the temp file to be pg_pwd. -- The delimiter for pg_pwd has been changed to a tab character.
1997-12-30 03:26:56 +01:00
*
Tag appropriate files for rc3 Also performed an initial run through of upgrading our Copyright date to extend to 2005 ... first run here was very simple ... change everything where: grep 1996-2004 && the word 'Copyright' ... scanned through the generated list with 'less' first, and after, to make sure that I only picked up the right entries ...
2004-12-31 23:04:05 +01:00
* Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
Minor code cleanups.
2001-11-01 19:10:48 +01:00
* Portions Copyright (c) 1994, Regents of the University of California
Slightly delayed patches from Todd...damn holidays :) o A new patch that contains the following changes: -- The pg_pwd file is now cached in the postmaster's memory. -- pg_pwd is reloaded when the postmaster detects a flag file creat()'ed by a backend. -- qsort() is used to sort loaded password entries, and bsearch() is is used to find entries in the pg_pwd cache. -- backends now copy the pg_user relation to pg_pwd.pid, and then rename the temp file to be pg_pwd. -- The delimiter for pg_pwd has been changed to a tab character.
1997-12-30 03:26:56 +01:00
*
Flat file cleanup phase 2: make it work for pg_group. The flat group file now identifies group members by usesysid not name; this avoids needing to depend on SearchSysCache which we can't use during startup. (The old representation was entirely broken anyway, since we did not regenerate the file following RENAME USER.) It's only a 95% solution because if the group membership list is big enough to be toasted out of line, we cannot read it during startup. I think this will do for the moment, until we have time to implement the planned pg_role replacement for pg_group.
2005-02-20 05:45:59 +01:00
* $PostgreSQL: pgsql/src/backend/libpq/crypt.c,v 1.62 2005/02/20 04:45:57 tgl Exp $
Missed a few files from Todd's patch...oops :)
1997-12-04 01:34:01 +01:00
*
*-------------------------------------------------------------------------
*/
Minor code cleanups.
2001-11-01 19:10:48 +01:00
#include "postgres.h"
Missed a few files from Todd's patch...oops :)
1997-12-04 01:34:01 +01:00
#include <unistd.h>
Fix pg_pwd caching mechanism, which was broken by changes to fork postmaster children before client auth step. Postmaster now rereads pg_pwd on receipt of SIGHUP, the same way that pg_hba.conf is handled. No cycles need be expended to validate password cache validity during connection startup.
2001-11-02 19:39:57 +01:00
#ifdef HAVE_CRYPT_H
#include <crypt.h>
#endif
Missed a few files from Todd's patch...oops :)
1997-12-04 01:34:01 +01:00
Final cleanup.
1999-07-16 07:00:38 +02:00
#include "libpq/crypt.h"
Add 4-byte MD5 salt.
2001-08-17 04:59:20 +02:00
#include "libpq/libpq.h"
Make password null on startup.
1997-12-12 17:26:36 +01:00
#include "miscadmin.h"
Major code cleanup following the pg_password insertion... ...malloc/free -> palloc/pfree ...fopen/fclose -> AllocateFile/FreeFile
1997-12-09 04:11:25 +01:00
#include "storage/fd.h"
Authentication improvements: A new pg_hba.conf column, USER Allow specifiction of lists of users separated by commas Allow group names specified by + Allow include files containing lists of users specified by @ Allow lists of databases, and database files Allow samegroup in database column to match group name matching dbname Removal of secondary password files Remove pg_passwd utility Lots of code cleanup in user.c and hba.c New data/global/pg_pwd format New data/global/pg_group file
2002-04-04 06:25:54 +02:00
#include "nodes/pg_list.h"
Final cleanup.
1999-07-16 07:00:38 +02:00
#include "utils/nabstime.h"
Slightly delayed patches from Todd...damn holidays :) o A new patch that contains the following changes: -- The pg_pwd file is now cached in the postmaster's memory. -- pg_pwd is reloaded when the postmaster detects a flag file creat()'ed by a backend. -- qsort() is used to sort loaded password entries, and bsearch() is is used to find entries in the pg_pwd cache. -- backends now copy the pg_user relation to pg_pwd.pid, and then rename the temp file to be pg_pwd. -- The delimiter for pg_pwd has been changed to a tab character.
1997-12-30 03:26:56 +01:00
From: Phil Thompson <phil@river-bank.demon.co.uk> I've completed the patch to fix the protocol and authentication issues I was discussing a couple of weeks ago. The particular changes are: - the protocol has a version number - network byte order is used throughout - the pg_hba.conf file is used to specify what method is used to authenticate a frontend (either password, ident, trust, reject, krb4 or krb5) - support for multiplexed backends is removed - appropriate changes to man pages - the -a switch to many programs to specify an authentication service no longer has any effect - the libpq.so version number has changed to 1.1 The new backend still supports the old protocol so old interfaces won't break.
1998-01-26 02:42:53 +01:00
pgindent run before 6.3 release, with Thomas' requested changes.
1998-02-26 05:46:47 +01:00
int
Clearify variables names so it is clear which variable is the client-supplied password and which is from pg_shadow.
2002-12-05 19:52:43 +01:00
md5_crypt_verify(const Port *port, const char *user, char *client_pass)
pgindent run before 6.3 release, with Thomas' requested changes.
1998-02-26 05:46:47 +01:00
{
Clearify variables names so it is clear which variable is the client-supplied password and which is from pg_shadow.
2002-12-05 19:52:43 +01:00
char *shadow_pass = NULL,
Fix password code to deal with new quoting code.
2002-04-25 02:56:36 +02:00
*valuntil = NULL,
pgindent run over code.
1999-05-25 18:15:34 +02:00
*crypt_pwd;
int retval = STATUS_ERROR;
pgindent run.
2002-09-04 22:31:48 +02:00
List **line;
Reimplement the linked list data structure used throughout the backend. In the past, we used a 'Lispy' linked list implementation: a "list" was merely a pointer to the head node of the list. The problem with that design is that it makes lappend() and length() linear time. This patch fixes that problem (and others) by maintaining a count of the list length and a pointer to the tail node along with each head node pointer. A "list" is now a pointer to a structure containing some meta-data about the list; the head and tail pointers in that structure refer to ListCell structures that maintain the actual linked list of nodes. The function names of the list API have also been changed to, I hope, be more logically consistent. By default, the old function names are still available; they will be disabled-by-default once the rest of the tree has been updated to use the new API names.
2004-05-26 06:41:50 +02:00
ListCell *token;
Clearify variables names so it is clear which variable is the client-supplied password and which is from pg_shadow.
2002-12-05 19:52:43 +01:00
char *crypt_client_pass = client_pass;
pgindent run.
2002-09-04 22:31:48 +02:00
Authentication improvements: A new pg_hba.conf column, USER Allow specifiction of lists of users separated by commas Allow group names specified by + Allow include files containing lists of users specified by @ Allow lists of databases, and database files Allow samegroup in database column to match group name matching dbname Removal of secondary password files Remove pg_passwd utility Lots of code cleanup in user.c and hba.c New data/global/pg_pwd format New data/global/pg_group file
2002-04-04 06:25:54 +02:00
if ((line = get_user_line(user)) == NULL)
pgindent run before 6.3 release, with Thomas' requested changes.
1998-02-26 05:46:47 +01:00
return STATUS_ERROR;
Flat file cleanup phase 2: make it work for pg_group. The flat group file now identifies group members by usesysid not name; this avoids needing to depend on SearchSysCache which we can't use during startup. (The old representation was entirely broken anyway, since we did not regenerate the file following RENAME USER.) It's only a 95% solution because if the group membership list is big enough to be toasted out of line, we cannot read it during startup. I think this will do for the moment, until we have time to implement the planned pg_role replacement for pg_group.
2005-02-20 05:45:59 +01:00
/* Skip over username and usesysid */
token = list_head(*line);
if (token)
token = lnext(token);
if (token)
token = lnext(token);
Fix password code to deal with new quoting code.
2002-04-25 02:56:36 +02:00
if (token)
{
Flat file cleanup phase 2: make it work for pg_group. The flat group file now identifies group members by usesysid not name; this avoids needing to depend on SearchSysCache which we can't use during startup. (The old representation was entirely broken anyway, since we did not regenerate the file following RENAME USER.) It's only a 95% solution because if the group membership list is big enough to be toasted out of line, we cannot read it during startup. I think this will do for the moment, until we have time to implement the planned pg_role replacement for pg_group.
2005-02-20 05:45:59 +01:00
shadow_pass = (char *) lfirst(token);
Fix password code to deal with new quoting code.
2002-04-25 02:56:36 +02:00
token = lnext(token);
if (token)
Flat file cleanup phase 2: make it work for pg_group. The flat group file now identifies group members by usesysid not name; this avoids needing to depend on SearchSysCache which we can't use during startup. (The old representation was entirely broken anyway, since we did not regenerate the file following RENAME USER.) It's only a 95% solution because if the group membership list is big enough to be toasted out of line, we cannot read it during startup. I think this will do for the moment, until we have time to implement the planned pg_role replacement for pg_group.
2005-02-20 05:45:59 +01:00
valuntil = (char *) lfirst(token);
Fix password code to deal with new quoting code.
2002-04-25 02:56:36 +02:00
}
pgindent run.
2002-09-04 22:31:48 +02:00
Clearify variables names so it is clear which variable is the client-supplied password and which is from pg_shadow.
2002-12-05 19:52:43 +01:00
if (shadow_pass == NULL || *shadow_pass == '\0')
pgindent run before 6.3 release, with Thomas' requested changes.
1998-02-26 05:46:47 +01:00
return STATUS_ERROR;
Allow 'password' encryption even when pg_shadow has MD5 passwords, per report from Terry Yapt and Hiroshi. Backpatch to 7.3.
2002-12-05 19:39:43 +01:00
/* We can't do crypt with pg_shadow MD5 passwords */
Clearify variables names so it is clear which variable is the client-supplied password and which is from pg_shadow.
2002-12-05 19:52:43 +01:00
if (isMD5(shadow_pass) && port->auth_method == uaCrypt)
Add 4-byte MD5 salt.
2001-08-17 04:59:20 +02:00
{
Error message editing in backend/libpq, backend/postmaster, backend/tcop. Along the way, fix some logic problems in pgstat_initstats, notably the bogus assumption that malloc returns zeroed memory.
2003-07-22 21:00:12 +02:00
ereport(LOG,
Message editing: remove gratuitous variations in message wording, standardize terms, add some clarifications, fix some untranslatable attempts at dynamic message building.
2003-09-25 08:58:07 +02:00
(errmsg("cannot use authentication method \"crypt\" because password is MD5-encrypted")));
Add 4-byte MD5 salt.
2001-08-17 04:59:20 +02:00
return STATUS_ERROR;
}
pgindent run before 6.3 release, with Thomas' requested changes.
1998-02-26 05:46:47 +01:00
/*
* Compare with the encrypted or plain password depending on the
* authentication method being used for this connection.
*/
Add 4-byte MD5 salt.
2001-08-17 04:59:20 +02:00
switch (port->auth_method)
{
Use MD5 for wire protocol encryption for >= 7.2 client/server. Allow pg_shadow to be MD5 encrypted. Add ENCRYPTED/UNENCRYPTED option to CREATE/ALTER user. Add password_encryption postgresql.conf option. Update wire protocol version to 2.1.
2001-08-15 20:42:16 +02:00
case uaMD5:
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
crypt_pwd = palloc(MD5_PASSWD_LEN + 1);
Clearify variables names so it is clear which variable is the client-supplied password and which is from pg_shadow.
2002-12-05 19:52:43 +01:00
if (isMD5(shadow_pass))
Use MD5 for wire protocol encryption for >= 7.2 client/server. Allow pg_shadow to be MD5 encrypted. Add ENCRYPTED/UNENCRYPTED option to CREATE/ALTER user. Add password_encryption postgresql.conf option. Update wire protocol version to 2.1.
2001-08-15 20:42:16 +02:00
{
Allow 'password' encryption even when pg_shadow has MD5 passwords, per report from Terry Yapt and Hiroshi. Backpatch to 7.3.
2002-12-05 19:39:43 +01:00
/* pg_shadow already encrypted, only do salt */
Clearify variables names so it is clear which variable is the client-supplied password and which is from pg_shadow.
2002-12-05 19:52:43 +01:00
if (!EncryptMD5(shadow_pass + strlen("md5"),
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
(char *) port->md5Salt,
Add 4-byte MD5 salt.
2001-08-17 04:59:20 +02:00
sizeof(port->md5Salt), crypt_pwd))
Use MD5 for wire protocol encryption for >= 7.2 client/server. Allow pg_shadow to be MD5 encrypted. Add ENCRYPTED/UNENCRYPTED option to CREATE/ALTER user. Add password_encryption postgresql.conf option. Update wire protocol version to 2.1.
2001-08-15 20:42:16 +02:00
{
pfree(crypt_pwd);
return STATUS_ERROR;
}
}
else
{
Allow 'password' encryption even when pg_shadow has MD5 passwords, per report from Terry Yapt and Hiroshi. Backpatch to 7.3.
2002-12-05 19:39:43 +01:00
/* pg_shadow plain, double-encrypt */
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
char *crypt_pwd2 = palloc(MD5_PASSWD_LEN + 1);
Use MD5 for wire protocol encryption for >= 7.2 client/server. Allow pg_shadow to be MD5 encrypted. Add ENCRYPTED/UNENCRYPTED option to CREATE/ALTER user. Add password_encryption postgresql.conf option. Update wire protocol version to 2.1.
2001-08-15 20:42:16 +02:00
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
if (!EncryptMD5(shadow_pass,
port->user_name,
strlen(port->user_name),
Add 4-byte MD5 salt.
2001-08-17 04:59:20 +02:00
crypt_pwd2))
Use MD5 for wire protocol encryption for >= 7.2 client/server. Allow pg_shadow to be MD5 encrypted. Add ENCRYPTED/UNENCRYPTED option to CREATE/ALTER user. Add password_encryption postgresql.conf option. Update wire protocol version to 2.1.
2001-08-15 20:42:16 +02:00
{
pfree(crypt_pwd);
pfree(crypt_pwd2);
return STATUS_ERROR;
}
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
if (!EncryptMD5(crypt_pwd2 + strlen("md5"),
port->md5Salt,
sizeof(port->md5Salt),
crypt_pwd))
Use MD5 for wire protocol encryption for >= 7.2 client/server. Allow pg_shadow to be MD5 encrypted. Add ENCRYPTED/UNENCRYPTED option to CREATE/ALTER user. Add password_encryption postgresql.conf option. Update wire protocol version to 2.1.
2001-08-15 20:42:16 +02:00
{
pfree(crypt_pwd);
pfree(crypt_pwd2);
return STATUS_ERROR;
}
pfree(crypt_pwd2);
}
break;
Reorder MD5/crypt so MD5 comes first in the code.
2001-08-17 17:40:07 +02:00
case uaCrypt:
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
{
char salt[3];
StrNCpy(salt, port->cryptSalt, 3);
Clearify variables names so it is clear which variable is the client-supplied password and which is from pg_shadow.
2002-12-05 19:52:43 +01:00
crypt_pwd = crypt(shadow_pass, salt);
pgindent run on all C files. Java run to follow. initdb/regression tests pass.
2001-10-25 07:50:21 +02:00
break;
}
Use MD5 for wire protocol encryption for >= 7.2 client/server. Allow pg_shadow to be MD5 encrypted. Add ENCRYPTED/UNENCRYPTED option to CREATE/ALTER user. Add password_encryption postgresql.conf option. Update wire protocol version to 2.1.
2001-08-15 20:42:16 +02:00
default:
Clearify variables names so it is clear which variable is the client-supplied password and which is from pg_shadow.
2002-12-05 19:52:43 +01:00
if (isMD5(shadow_pass))
Allow 'password' encryption even when pg_shadow has MD5 passwords, per report from Terry Yapt and Hiroshi. Backpatch to 7.3.
2002-12-05 19:39:43 +01:00
{
pgindent run.
2003-08-04 02:43:34 +02:00
/*
* Encrypt user-supplied password to match MD5 in
* pg_shadow
*/
Clearify variables names so it is clear which variable is the client-supplied password and which is from pg_shadow.
2002-12-05 19:52:43 +01:00
crypt_client_pass = palloc(MD5_PASSWD_LEN + 1);
First phase of FE/BE protocol modifications: new StartupPacket layout with variable-width fields. No more truncation of long user names. Also, libpq can now send its environment-variable-driven SET commands as part of the startup packet, saving round trips to server.
2003-04-18 00:26:02 +02:00
if (!EncryptMD5(client_pass,
port->user_name,
strlen(port->user_name),
Clearify variables names so it is clear which variable is the client-supplied password and which is from pg_shadow.
2002-12-05 19:52:43 +01:00
crypt_client_pass))
Allow 'password' encryption even when pg_shadow has MD5 passwords, per report from Terry Yapt and Hiroshi. Backpatch to 7.3.
2002-12-05 19:39:43 +01:00
{
Clearify variables names so it is clear which variable is the client-supplied password and which is from pg_shadow.
2002-12-05 19:52:43 +01:00
pfree(crypt_client_pass);
Allow 'password' encryption even when pg_shadow has MD5 passwords, per report from Terry Yapt and Hiroshi. Backpatch to 7.3.
2002-12-05 19:39:43 +01:00
return STATUS_ERROR;
}
}
Clearify variables names so it is clear which variable is the client-supplied password and which is from pg_shadow.
2002-12-05 19:52:43 +01:00
crypt_pwd = shadow_pass;
Use MD5 for wire protocol encryption for >= 7.2 client/server. Allow pg_shadow to be MD5 encrypted. Add ENCRYPTED/UNENCRYPTED option to CREATE/ALTER user. Add password_encryption postgresql.conf option. Update wire protocol version to 2.1.
2001-08-15 20:42:16 +02:00
break;
}
pgindent run before 6.3 release, with Thomas' requested changes.
1998-02-26 05:46:47 +01:00
Clearify variables names so it is clear which variable is the client-supplied password and which is from pg_shadow.
2002-12-05 19:52:43 +01:00
if (strcmp(crypt_client_pass, crypt_pwd) == 0)
pgindent run before 6.3 release, with Thomas' requested changes.
1998-02-26 05:46:47 +01:00
{
/*
Minor code cleanups.
2001-11-01 19:10:48 +01:00
* Password OK, now check to be sure we are not past valuntil
pgindent run before 6.3 release, with Thomas' requested changes.
1998-02-26 05:46:47 +01:00
*/
Flat file cleanup phase 2: make it work for pg_group. The flat group file now identifies group members by usesysid not name; this avoids needing to depend on SearchSysCache which we can't use during startup. (The old representation was entirely broken anyway, since we did not regenerate the file following RENAME USER.) It's only a 95% solution because if the group membership list is big enough to be toasted out of line, we cannot read it during startup. I think this will do for the moment, until we have time to implement the planned pg_role replacement for pg_group.
2005-02-20 05:45:59 +01:00
AbsoluteTime vuntil;
Minor code cleanups.
2001-11-01 19:10:48 +01:00
Flat file cleanup phase 2: make it work for pg_group. The flat group file now identifies group members by usesysid not name; this avoids needing to depend on SearchSysCache which we can't use during startup. (The old representation was entirely broken anyway, since we did not regenerate the file following RENAME USER.) It's only a 95% solution because if the group membership list is big enough to be toasted out of line, we cannot read it during startup. I think this will do for the moment, until we have time to implement the planned pg_role replacement for pg_group.
2005-02-20 05:45:59 +01:00
if (valuntil == NULL || *valuntil == '\0')
pgindent run before 6.3 release, with Thomas' requested changes.
1998-02-26 05:46:47 +01:00
vuntil = INVALID_ABSTIME;
else
Add binary I/O routines for a bunch more datatypes. Still a few to go, but that was enough tedium for one day. Along the way, move the few support routines for types xid and cid into a more logical place.
2003-05-13 01:08:52 +02:00
vuntil = DatumGetAbsoluteTime(DirectFunctionCall1(abstimein,
pgindent run. Make it all clean.
2001-03-22 05:01:46 +01:00
CStringGetDatum(valuntil)));
Flat file cleanup phase 2: make it work for pg_group. The flat group file now identifies group members by usesysid not name; this avoids needing to depend on SearchSysCache which we can't use during startup. (The old representation was entirely broken anyway, since we did not regenerate the file following RENAME USER.) It's only a 95% solution because if the group membership list is big enough to be toasted out of line, we cannot read it during startup. I think this will do for the moment, until we have time to implement the planned pg_role replacement for pg_group.
2005-02-20 05:45:59 +01:00
if (vuntil != INVALID_ABSTIME && vuntil < GetCurrentAbsoluteTime())
pgindent run before 6.3 release, with Thomas' requested changes.
1998-02-26 05:46:47 +01:00
retval = STATUS_ERROR;
else
retval = STATUS_OK;
}
Use MD5 for wire protocol encryption for >= 7.2 client/server. Allow pg_shadow to be MD5 encrypted. Add ENCRYPTED/UNENCRYPTED option to CREATE/ALTER user. Add password_encryption postgresql.conf option. Update wire protocol version to 2.1.
2001-08-15 20:42:16 +02:00
if (port->auth_method == uaMD5)
pfree(crypt_pwd);
Clearify variables names so it is clear which variable is the client-supplied password and which is from pg_shadow.
2002-12-05 19:52:43 +01:00
if (crypt_client_pass != client_pass)
pfree(crypt_client_pass);
pgindent run before 6.3 release, with Thomas' requested changes.
1998-02-26 05:46:47 +01:00
return retval;
Missed a few files from Todd's patch...oops :)
1997-12-04 01:34:01 +01:00
}