From da45a0bdb7580b7b9cec62f6999605083dcec162 Mon Sep 17 00:00:00 2001 From: Bruce Momjian Date: Fri, 17 Aug 2001 02:59:20 +0000 Subject: [PATCH] Add 4-byte MD5 salt. --- src/backend/commands/user.c | 8 +++++--- src/backend/libpq/auth.c | 15 ++++++++++---- src/backend/libpq/crypt.c | 32 ++++++++++++++++++++--------- src/backend/libpq/md5.c | 10 +++++---- src/backend/postmaster/postmaster.c | 19 +++++++++++------ src/include/libpq/crypt.h | 3 ++- src/include/libpq/libpq-be.h | 7 ++++--- src/interfaces/libpq/fe-auth.c | 11 +++++----- src/interfaces/libpq/fe-connect.c | 16 ++++++++++++--- src/interfaces/libpq/libpq-int.h | 5 +++-- src/interfaces/odbc/connection.c | 6 ++++-- 11 files changed, 89 insertions(+), 43 deletions(-) diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c index 3b730a3a0d..d830dfdfc9 100644 --- a/src/backend/commands/user.c +++ b/src/backend/commands/user.c @@ -6,7 +6,7 @@ * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.81 2001/08/15 21:08:20 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.82 2001/08/17 02:59:19 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -351,7 +351,8 @@ CreateUser(CreateUserStmt *stmt) DirectFunctionCall1(textin, CStringGetDatum(password)); else { - if (!EncryptMD5(password, stmt->user, encrypted_password)) + if (!EncryptMD5(password, stmt->user, strlen(stmt->user), + encrypted_password)) elog(ERROR, "CREATE USER: password encryption failed"); new_record[Anum_pg_shadow_passwd - 1] = DirectFunctionCall1(textin, CStringGetDatum(encrypted_password)); @@ -583,7 +584,8 @@ AlterUser(AlterUserStmt *stmt) DirectFunctionCall1(textin, CStringGetDatum(password)); else { - if (!EncryptMD5(password, stmt->user, encrypted_password)) + if (!EncryptMD5(password, stmt->user, strlen(stmt->user), + encrypted_password)) elog(ERROR, "CREATE USER: password encryption failed"); new_record[Anum_pg_shadow_passwd - 1] = DirectFunctionCall1(textin, CStringGetDatum(encrypted_password)); diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index c139f93f71..048f67c301 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.59 2001/08/16 16:24:15 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.60 2001/08/17 02:59:19 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -536,10 +536,17 @@ sendAuthRequest(Port *port, AuthRequest areq) pq_sendint(&buf, (int32) areq, sizeof(int32)); /* Add the salt for encrypted passwords. */ - if (areq == AUTH_REQ_CRYPT || areq == AUTH_REQ_MD5) + if (areq == AUTH_REQ_MD5) { - pq_sendint(&buf, port->salt[0], 1); - pq_sendint(&buf, port->salt[1], 1); + pq_sendint(&buf, port->md5Salt[0], 1); + pq_sendint(&buf, port->md5Salt[1], 1); + pq_sendint(&buf, port->md5Salt[2], 1); + pq_sendint(&buf, port->md5Salt[3], 1); + } + if (areq == AUTH_REQ_CRYPT) + { + pq_sendint(&buf, port->cryptSalt[0], 1); + pq_sendint(&buf, port->cryptSalt[1], 1); } pq_endmessage(&buf); diff --git a/src/backend/libpq/crypt.c b/src/backend/libpq/crypt.c index a08c4f6baa..f82e44ccb2 100644 --- a/src/backend/libpq/crypt.c +++ b/src/backend/libpq/crypt.c @@ -9,7 +9,7 @@ * Dec 17, 1997 - Todd A. Brandys * Orignal Version Completed. * - * $Id: crypt.c,v 1.34 2001/08/15 21:08:21 momjian Exp $ + * $Id: crypt.c,v 1.35 2001/08/17 02:59:19 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -19,6 +19,7 @@ #include "postgres.h" #include "libpq/crypt.h" +#include "libpq/libpq.h" #include "miscadmin.h" #include "storage/fd.h" #include "utils/nabstime.h" @@ -276,22 +277,33 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass) return STATUS_ERROR; } + /* If they encrypt their password, force MD5 */ + if (isMD5(passwd) && port->auth_method != uaMD5) + { + snprintf(PQerrormsg, PQERRORMSG_LENGTH, + "Password is stored MD5 encrypted. " + "Only pg_hba.conf's MD5 protocol can be used for this user.\n"); + fputs(PQerrormsg, stderr); + pqdebug("%s", PQerrormsg); + return STATUS_ERROR; + } + /* * Compare with the encrypted or plain password depending on the * authentication method being used for this connection. */ - switch (port->auth_method) - { + switch (port->auth_method) + { case uaCrypt: - crypt_pwd = crypt(passwd, port->salt); + crypt_pwd = crypt(passwd, port->cryptSalt); break; case uaMD5: crypt_pwd = palloc(MD5_PASSWD_LEN+1); - if (isMD5(passwd)) { if (!EncryptMD5(passwd + strlen("md5"), - (char *)port->salt, crypt_pwd)) + (char *)port->md5Salt, + sizeof(port->md5Salt), crypt_pwd)) { pfree(crypt_pwd); return STATUS_ERROR; @@ -301,14 +313,15 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass) { char *crypt_pwd2 = palloc(MD5_PASSWD_LEN+1); - if (!EncryptMD5(passwd, port->user, crypt_pwd2)) + if (!EncryptMD5(passwd, port->user, strlen(port->user), + crypt_pwd2)) { pfree(crypt_pwd); pfree(crypt_pwd2); return STATUS_ERROR; } - if (!EncryptMD5(crypt_pwd2 + strlen("md5"), port->salt, - crypt_pwd)) + if (!EncryptMD5(crypt_pwd2 + strlen("md5"), port->md5Salt, + sizeof(port->md5Salt), crypt_pwd)) { pfree(crypt_pwd); pfree(crypt_pwd2); @@ -324,7 +337,6 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass) if (!strcmp(pgpass, crypt_pwd)) { - /* * check here to be sure we are not past valuntil */ diff --git a/src/backend/libpq/md5.c b/src/backend/libpq/md5.c index 846202a7b1..76d54d50b0 100644 --- a/src/backend/libpq/md5.c +++ b/src/backend/libpq/md5.c @@ -295,16 +295,18 @@ md5_hash(const void *buff, size_t len, char *hexsum) * puts md5(username+passwd) in buf provided buflen is at least 36 bytes * returns 1 on success, 0 on any kind of failure and sets errno accordingly */ -bool EncryptMD5(const char *passwd, const char *salt, char *buf) +bool EncryptMD5(const char *passwd, const char *salt, size_t salt_len, + char *buf) { char crypt_buf[128]; - if (strlen(salt) + strlen(passwd) > 127) + if (salt_len + strlen(passwd) > 127) return false; strcpy(buf, "md5"); memset(crypt_buf, 0, 128); - sprintf(crypt_buf,"%s%s", salt, passwd); + memcpy(crypt_buf, salt, salt_len); + memcpy(crypt_buf+salt_len, passwd, strlen(passwd)); - return md5_hash(crypt_buf, strlen(crypt_buf), buf + 3); + return md5_hash(crypt_buf, salt_len + strlen(passwd), buf + 3); } diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c index c3036630bc..1a6ebec5da 100644 --- a/src/backend/postmaster/postmaster.c +++ b/src/backend/postmaster/postmaster.c @@ -37,7 +37,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.235 2001/08/05 02:06:50 tgl Exp $ + * $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.236 2001/08/17 02:59:19 momjian Exp $ * * NOTES * @@ -243,7 +243,7 @@ static void processCancelRequest(Port *port, void *pkt); static int initMasks(fd_set *rmask, fd_set *wmask); static char *canAcceptConnections(void); static long PostmasterRandom(void); -static void RandomSalt(char *salt); +static void RandomSalt(char *cryptSalt, char *md5Salt); static void SignalChildren(int signal); static int CountChildren(void); static bool CreateOptsFile(int argc, char *argv[]); @@ -1211,7 +1211,7 @@ ConnCreate(int serverFd) } else { - RandomSalt(port->salt); + RandomSalt(port->cryptSalt, port->md5Salt); port->pktInfo.state = Idle; } @@ -2099,12 +2099,19 @@ CharRemap(long int ch) * RandomSalt */ static void -RandomSalt(char *salt) +RandomSalt(char *cryptSalt, char *md5Salt) { long rand = PostmasterRandom(); - *salt = CharRemap(rand % 62); - *(salt + 1) = CharRemap(rand / 62); + cryptSalt[0] = CharRemap(rand % 62); + cryptSalt[1] = CharRemap(rand / 62); + /* Grab top 16-bits of two random runs so as not to send full + random value over the network. The high-order bits are more random. */ + md5Salt[0] = rand & 0xff000000; + md5Salt[1] = rand & 0x00ff0000; + rand = PostmasterRandom(); + md5Salt[2] = rand & 0xff000000; + md5Salt[3] = rand & 0x00ff0000; } /* diff --git a/src/include/libpq/crypt.h b/src/include/libpq/crypt.h index 86b9f2497c..bec71ca168 100644 --- a/src/include/libpq/crypt.h +++ b/src/include/libpq/crypt.h @@ -26,7 +26,8 @@ extern int md5_crypt_verify(const Port *port, const char *user, const char *pgpa extern bool md5_hash(const void *buff, size_t len, char *hexsum); extern bool CheckMD5Pwd(char *passwd, char *storedpwd, char *seed); -extern bool EncryptMD5(const char *passwd, const char *salt, char *buf); +extern bool EncryptMD5(const char *passwd, const char *salt, + size_t salt_len, char *buf); #define MD5_PASSWD_LEN 35 diff --git a/src/include/libpq/libpq-be.h b/src/include/libpq/libpq-be.h index 1d4f9d06b0..56e6443cb7 100644 --- a/src/include/libpq/libpq-be.h +++ b/src/include/libpq/libpq-be.h @@ -8,7 +8,7 @@ * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $Id: libpq-be.h,v 1.21 2001/01/24 19:43:24 momjian Exp $ + * $Id: libpq-be.h,v 1.22 2001/08/17 02:59:19 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -58,7 +58,7 @@ typedef struct ErrorMessagePacket typedef struct AuthRequestPacket { - char data[1 + sizeof(AuthRequest) + 2]; /* 'R' + the request + + char data[1 + sizeof(AuthRequest) + 4]; /* 'R' + the request + * optional salt. */ } AuthRequestPacket; @@ -119,7 +119,8 @@ typedef struct Port Packet pktInfo; /* For the packet handlers */ SockAddr laddr; /* local addr (us) */ SockAddr raddr; /* remote addr (them) */ - char salt[2]; /* Password salt */ + char md5Salt[4]; /* Password salt */ + char cryptSalt[2]; /* Password salt */ /* * Information that needs to be held during the fe/be authentication diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c index d4cb0ffc31..4e4a8f6d93 100644 --- a/src/interfaces/libpq/fe-auth.c +++ b/src/interfaces/libpq/fe-auth.c @@ -10,7 +10,7 @@ * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes). * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.50 2001/08/15 21:08:21 momjian Exp $ + * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.51 2001/08/17 02:59:19 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -443,7 +443,7 @@ pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq) switch (areq) { case AUTH_REQ_CRYPT: - crypt_pwd = crypt(password, conn->salt); + crypt_pwd = crypt(password, conn->cryptSalt); break; case AUTH_REQ_MD5: { @@ -455,14 +455,15 @@ pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq) perror("malloc"); return STATUS_ERROR; } - if (!EncryptMD5(password, conn->pguser, crypt_pwd2)) + if (!EncryptMD5(password, conn->pguser, + strlen(conn->pguser), crypt_pwd2)) { free(crypt_pwd); free(crypt_pwd2); return STATUS_ERROR; } - if (!EncryptMD5(crypt_pwd2 + strlen("md5"), conn->salt, - crypt_pwd)) + if (!EncryptMD5(crypt_pwd2 + strlen("md5"), conn->md5Salt, + sizeof(conn->md5Salt), crypt_pwd)) { free(crypt_pwd); free(crypt_pwd2); diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index 32983c53ad..d97c1004b3 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.173 2001/08/15 18:42:15 momjian Exp $ + * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.174 2001/08/17 02:59:20 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -1341,9 +1341,19 @@ keep_going: /* We will come back to here until there } /* Get the password salt if there is one. */ - if (areq == AUTH_REQ_CRYPT || areq == AUTH_REQ_MD5) + if (areq == AUTH_REQ_MD5) { - if (pqGetnchar(conn->salt, sizeof(conn->salt), conn)) + if (pqGetnchar(conn->md5Salt, + sizeof(conn->md5Salt), conn)) + { + /* We'll come back when there are more data */ + return PGRES_POLLING_READING; + } + } + if (areq == AUTH_REQ_CRYPT) + { + if (pqGetnchar(conn->cryptSalt, + sizeof(conn->cryptSalt), conn)) { /* We'll come back when there are more data */ return PGRES_POLLING_READING; diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h index bab52c390b..580ac0f069 100644 --- a/src/interfaces/libpq/libpq-int.h +++ b/src/interfaces/libpq/libpq-int.h @@ -12,7 +12,7 @@ * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $Id: libpq-int.h,v 1.38 2001/08/16 04:27:18 momjian Exp $ + * $Id: libpq-int.h,v 1.39 2001/08/17 02:59:20 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -236,7 +236,8 @@ struct pg_conn /* Miscellaneous stuff */ int be_pid; /* PID of backend --- needed for cancels */ int be_key; /* key of backend --- needed for cancels */ - char salt[2]; /* password salt received from backend */ + char md5Salt[4]; /* password salt received from backend */ + char cryptSalt[2]; /* password salt received from backend */ PGlobjfuncs *lobjfuncs; /* private state for large-object access * fns */ diff --git a/src/interfaces/odbc/connection.c b/src/interfaces/odbc/connection.c index 42196df9ee..8c9719745f 100644 --- a/src/interfaces/odbc/connection.c +++ b/src/interfaces/odbc/connection.c @@ -507,7 +507,7 @@ CC_connect(ConnectionClass *self, char do_password) int areq = -1; int beresp; char msgbuffer[ERROR_MSG_LENGTH]; - char salt[2]; + char salt[5]; static char *func = "CC_connect"; mylog("%s: entering...\n", func); @@ -677,7 +677,9 @@ CC_connect(ConnectionClass *self, char do_password) mylog("auth got 'R'\n"); areq = SOCK_get_int(sock, 4); - if (areq == AUTH_REQ_CRYPT || areq == AUTH_REQ_MD5) + if (areq == AUTH_REQ_MD5) + SOCK_get_n_char(sock, salt, 4); + if (areq == AUTH_REQ_CRYPT) SOCK_get_n_char(sock, salt, 2); mylog("areq = %d\n", areq);