From: Phil Thompson <phil@river-bank.demon.co.uk>

I've completed the patch to fix the protocol and authentication issues I was discussing a couple of weeks ago. The particular changes are: - the protocol has a version number - network byte order is used throughout - the pg_hba.conf file is used to specify what method is used to authenticate a frontend (either password, ident, trust, reject, krb4 or krb5) - support for multiplexed backends is removed - appropriate changes to man pages - the -a switch to many programs to specify an authentication service no longer has any effect - the libpq.so version number has changed to 1.1 The new backend still supports the old protocol so old interfaces won't break.
2025-07-18 17:42:25 +03:00 · 1998-01-26 01:42:53 +00:00
parent 91d983aa11
commit d5bbe2aca5
41 changed files with 1611 additions and 2288 deletions
--- a/src/backend/libpq/crypt.c
+++ b/src/backend/libpq/crypt.c
@ -17,9 +17,6 @@
 #include <string.h>
 #include <stdlib.h>
 #include <unistd.h>
-#ifdef HAVE_CRYPT_H
-#include <crypt.h>
-#endif

 #include "postgres.h"
 #include "miscadmin.h"
@ -27,6 +24,10 @@
 #include "storage/fd.h"
 #include "libpq/crypt.h"

+#ifdef HAVE_CRYPT_H
+#include <crypt.h>
+#endif
+
 char**     pwd_cache = NULL;
 int        pwd_cache_count = 0;

@ -219,6 +220,7 @@ int crypt_getloginfo(const char* user, char** passwd, char** valuntil) {

 /*-------------------------------------------------------------------------*/

+#ifdef 0
 MsgType crypt_salt(const char* user) {

  char*     passwd;
@ -237,6 +239,7 @@ MsgType crypt_salt(const char* user) {
  if (valuntil) free((void*)valuntil);
  return STARTUP_SALT_MSG;
 }
+#endif

 /*-------------------------------------------------------------------------*/

@ -258,7 +261,13 @@ int crypt_verify(Port* port, const char* user, const char* pgpass) {
    return STATUS_ERROR;
  }

-  crypt_pwd = crypt(passwd, port->salt);
+  /*
+   * Compare with the encrypted or plain password depending on the
+   * authentication method being used for this connection.
+   */
+
+  crypt_pwd = (port->auth_method == uaCrypt ? crypt(passwd, port->salt) : passwd);
+
  if (!strcmp(pgpass, crypt_pwd)) {
    /* check here to be sure we are not past valuntil
     */