mirror of
https://github.com/postgres/postgres.git
synced 2025-08-31 17:02:12 +03:00
Add 4-byte MD5 salt.
This commit is contained in:
Bruce Momjian
@@ -8,7 +8,7 @@
|
||||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.59 2001/08/16 16:24:15 momjian Exp $
|
||||
* $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.60 2001/08/17 02:59:19 momjian Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@@ -536,10 +536,17 @@ sendAuthRequest(Port *port, AuthRequest areq)
|
||||
pq_sendint(&buf, (int32) areq, sizeof(int32));
|
||||
|
||||
/* Add the salt for encrypted passwords. */
|
||||
if (areq == AUTH_REQ_CRYPT || areq == AUTH_REQ_MD5)
|
||||
if (areq == AUTH_REQ_MD5)
|
||||
{
|
||||
pq_sendint(&buf, port->salt[0], 1);
|
||||
pq_sendint(&buf, port->salt[1], 1);
|
||||
pq_sendint(&buf, port->md5Salt[0], 1);
|
||||
pq_sendint(&buf, port->md5Salt[1], 1);
|
||||
pq_sendint(&buf, port->md5Salt[2], 1);
|
||||
pq_sendint(&buf, port->md5Salt[3], 1);
|
||||
}
|
||||
if (areq == AUTH_REQ_CRYPT)
|
||||
{
|
||||
pq_sendint(&buf, port->cryptSalt[0], 1);
|
||||
pq_sendint(&buf, port->cryptSalt[1], 1);
|
||||
}
|
||||
|
||||
pq_endmessage(&buf);
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
* Dec 17, 1997 - Todd A. Brandys
|
||||
* Orignal Version Completed.
|
||||
*
|
||||
* $Id: crypt.c,v 1.34 2001/08/15 21:08:21 momjian Exp $
|
||||
* $Id: crypt.c,v 1.35 2001/08/17 02:59:19 momjian Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
@@ -19,6 +19,7 @@
|
||||
|
||||
#include "postgres.h"
|
||||
#include "libpq/crypt.h"
|
||||
#include "libpq/libpq.h"
|
||||
#include "miscadmin.h"
|
||||
#include "storage/fd.h"
|
||||
#include "utils/nabstime.h"
|
||||
@@ -276,22 +277,33 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass)
|
||||
return STATUS_ERROR;
|
||||
}
|
||||
|
||||
/* If they encrypt their password, force MD5 */
|
||||
if (isMD5(passwd) && port->auth_method != uaMD5)
|
||||
{
|
||||
snprintf(PQerrormsg, PQERRORMSG_LENGTH,
|
||||
"Password is stored MD5 encrypted. "
|
||||
"Only pg_hba.conf's MD5 protocol can be used for this user.\n");
|
||||
fputs(PQerrormsg, stderr);
|
||||
pqdebug("%s", PQerrormsg);
|
||||
return STATUS_ERROR;
|
||||
}
|
||||
|
||||
/*
|
||||
* Compare with the encrypted or plain password depending on the
|
||||
* authentication method being used for this connection.
|
||||
*/
|
||||
switch (port->auth_method)
|
||||
{
|
||||
switch (port->auth_method)
|
||||
{
|
||||
case uaCrypt:
|
||||
crypt_pwd = crypt(passwd, port->salt);
|
||||
crypt_pwd = crypt(passwd, port->cryptSalt);
|
||||
break;
|
||||
case uaMD5:
|
||||
crypt_pwd = palloc(MD5_PASSWD_LEN+1);
|
||||
|
||||
if (isMD5(passwd))
|
||||
{
|
||||
if (!EncryptMD5(passwd + strlen("md5"),
|
||||
(char *)port->salt, crypt_pwd))
|
||||
(char *)port->md5Salt,
|
||||
sizeof(port->md5Salt), crypt_pwd))
|
||||
{
|
||||
pfree(crypt_pwd);
|
||||
return STATUS_ERROR;
|
||||
@@ -301,14 +313,15 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass)
|
||||
{
|
||||
char *crypt_pwd2 = palloc(MD5_PASSWD_LEN+1);
|
||||
|
||||
if (!EncryptMD5(passwd, port->user, crypt_pwd2))
|
||||
if (!EncryptMD5(passwd, port->user, strlen(port->user),
|
||||
crypt_pwd2))
|
||||
{
|
||||
pfree(crypt_pwd);
|
||||
pfree(crypt_pwd2);
|
||||
return STATUS_ERROR;
|
||||
}
|
||||
if (!EncryptMD5(crypt_pwd2 + strlen("md5"), port->salt,
|
||||
crypt_pwd))
|
||||
if (!EncryptMD5(crypt_pwd2 + strlen("md5"), port->md5Salt,
|
||||
sizeof(port->md5Salt), crypt_pwd))
|
||||
{
|
||||
pfree(crypt_pwd);
|
||||
pfree(crypt_pwd2);
|
||||
@@ -324,7 +337,6 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass)
|
||||
|
||||
if (!strcmp(pgpass, crypt_pwd))
|
||||
{
|
||||
|
||||
/*
|
||||
* check here to be sure we are not past valuntil
|
||||
*/
|
||||
|
||||
@@ -295,16 +295,18 @@ md5_hash(const void *buff, size_t len, char *hexsum)
|
||||
* puts md5(username+passwd) in buf provided buflen is at least 36 bytes
|
||||
* returns 1 on success, 0 on any kind of failure and sets errno accordingly
|
||||
*/
|
||||
bool EncryptMD5(const char *passwd, const char *salt, char *buf)
|
||||
bool EncryptMD5(const char *passwd, const char *salt, size_t salt_len,
|
||||
char *buf)
|
||||
{
|
||||
char crypt_buf[128];
|
||||
|
||||
if (strlen(salt) + strlen(passwd) > 127)
|
||||
if (salt_len + strlen(passwd) > 127)
|
||||
return false;
|
||||
|
||||
strcpy(buf, "md5");
|
||||
memset(crypt_buf, 0, 128);
|
||||
sprintf(crypt_buf,"%s%s", salt, passwd);
|
||||
memcpy(crypt_buf, salt, salt_len);
|
||||
memcpy(crypt_buf+salt_len, passwd, strlen(passwd));
|
||||
|
||||
return md5_hash(crypt_buf, strlen(crypt_buf), buf + 3);
|
||||
return md5_hash(crypt_buf, salt_len + strlen(passwd), buf + 3);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user