| blob | 629e51e00be9e53524aee2432239690edab31627 |
1 /*-------------------------------------------------------------------------
2 *
3 * crypt.c
4 * Functions for dealing with encrypted passwords stored in
5 * pg_authid.rolpassword.
6 *
7 * Portions Copyright (c) 1996-2024, PostgreSQL Global Development Group
8 * Portions Copyright (c) 1994, Regents of the University of California
9 *
10 * src/backend/libpq/crypt.c
11 *
12 *-------------------------------------------------------------------------
13 */
16 #include <unistd.h>
28 /*
29 * Fetch stored password for a user, for authentication.
30 *
31 * On error, returns NULL, and stores a palloc'd string describing the reason,
32 * for the postmaster log, in *logdetail. The error reason should *not* be
33 * sent to the client, to avoid giving away user information!
34 */
37 {
39 HeapTuple roleTup;
40 Datum datum;
44 /* Get role info from pg_authid */
47 {
49 role);
51 }
56 {
59 role);
61 }
71 /*
72 * Password OK, but check to be sure we are not past rolvaliduntil
73 */
75 {
77 role);
79 }
82 }
84 /*
85 * What kind of a password type is 'shadow_pass'?
86 */
87 PasswordType
89 {
93 pg_cryptohash_type hash_type;
105 }
107 /*
108 * Given a user-supplied password, convert it into a secret of
109 * 'target_type' kind.
110 *
111 * If the password is already in encrypted form, we cannot reverse the
112 * hash, so it is stored as it is regardless of the requested type.
113 */
117 {
123 {
124 /*
125 * Cannot convert an already-encrypted password from one format to
126 * another, so return it as it is.
127 */
129 }
132 {
146 }
148 /*
149 * This shouldn't happen, because the above switch statements should
150 * handle every combination of source and target password types.
151 */
154 }
156 /*
157 * Check MD5 authentication response, and return STATUS_OK or STATUS_ERROR.
158 *
159 * 'shadow_pass' is the user's correct password or password hash, as stored
160 * in pg_authid.rolpassword.
161 * 'client_pass' is the response given by the remote user to the MD5 challenge.
162 * 'md5_salt' is the salt used in the MD5 authentication challenge.
163 *
164 * In the error case, save a string at *logdetail that will be sent to the
165 * postmaster log (but not the client).
166 */
167 int
172 {
180 {
181 /* incompatible password hash format. */
182 *logdetail = psprintf(_("User \"%s\" has a password that cannot be used with MD5 authentication."),
183 role);
185 }
187 /*
188 * Compute the correct answer for the MD5 challenge.
189 */
190 /* stored password already encrypted, only do salt */
194 {
197 }
201 else
202 {
204 role);
206 }
209 }
211 /*
212 * Check given password for given user, and return STATUS_OK or STATUS_ERROR.
213 *
214 * 'shadow_pass' is the user's correct password hash, as stored in
215 * pg_authid.rolpassword.
216 * 'client_pass' is the password given by the remote user.
217 *
218 * In the error case, store a string at *logdetail that will be sent to the
219 * postmaster log (but not the client).
220 */
221 int
225 {
229 /*
230 * Client sent password in plaintext. If we have an MD5 hash stored, hash
231 * the password the client sent, and compare the hashes. Otherwise
232 * compare the plaintext passwords directly.
233 */
235 {
238 client_pass,
239 shadow_pass))
240 {
242 }
243 else
244 {
246 role);
248 }
253 role,
255 crypt_client_pass,
257 {
260 }
263 else
264 {
266 role);
268 }
273 /*
274 * We never store passwords in plaintext, so this shouldn't
275 * happen.
276 */
278 }
280 /*
281 * This shouldn't happen. Plain "password" authentication is possible
282 * with any kind of stored password hash.
283 */
285 role);
287 }