Add an officially exported libpq function to encrypt passwords, and

modify the previous \password patch to use it instead of depending
on a not-officially-exported function.  Per discussion.

src/interfaces/libpq/exports.txt

@@ -1,4 +1,4 @@
-# $PostgreSQL: pgsql/src/interfaces/libpq/exports.txt,v 1.5 2005/10/21 15:21:21 tgl Exp $
+# $PostgreSQL: pgsql/src/interfaces/libpq/exports.txt,v 1.6 2005/12/23 01:16:38 tgl Exp $
 # Functions to be exported by libpq DLLs
 PQconnectdb               1
 PQsetdbLogin              2
@@ -125,3 +125,4 @@ PQcancel                  122
 lo_create                 123
 PQinitSSL                 124
 PQregisterThreadLock      125
+pg_make_encrypted_password 126

src/interfaces/libpq/fe-auth.c

@@ -10,7 +10,7 @@
  * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.108 2005/11/22 18:17:32 momjian Exp $
+ *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.109 2005/12/23 01:16:38 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -531,3 +531,40 @@ pg_fe_getauthname(char *PQerrormsg)
 
 	return authn;
 }
+
+
+/*
+ * pg_make_encrypted_password -- exported routine to encrypt a password
+ *
+ * This is intended to be used by client applications that wish to send
+ * commands like ALTER USER joe PASSWORD 'pwd'.  The password need not
+ * be sent in cleartext if it is encrypted on the client side.  This is
+ * good because it ensures the cleartext password won't end up in logs,
+ * pg_stat displays, etc.  We export the function so that clients won't
+ * be dependent on low-level details like whether the enceyption is MD5
+ * or something else.
+ *
+ * Arguments are the cleartext password, and the SQL name of the user it
+ * is for.
+ *
+ * Return value is a malloc'd string, or NULL if out-of-memory.  The client
+ * may assume the string doesn't contain any weird characters that would
+ * require escaping.
+ */
+char *
+pg_make_encrypted_password(const char *passwd, const char *user)
+{
+	char	   *crypt_pwd;
+
+	crypt_pwd = malloc(MD5_PASSWD_LEN + 1);
+	if (!crypt_pwd)
+		return NULL;
+
+	if (!pg_md5_encrypt(passwd, user, strlen(user), crypt_pwd))
+	{
+		free(crypt_pwd);
+		return NULL;
+	}
+
+	return crypt_pwd;
+}

src/interfaces/libpq/libpq-fe.h

@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-fe.h,v 1.122 2005/11/23 04:23:28 momjian Exp $
+ * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-fe.h,v 1.123 2005/12/23 01:16:38 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -495,6 +495,10 @@ extern int	PQdsplen(const char *s, int encoding);
 /* Get encoding id from environment variable PGCLIENTENCODING */
 extern int	PQenv2encoding(void);
 
+/* === in fe-auth.c === */
+
+extern char *pg_make_encrypted_password(const char *passwd, const char *user);
+
 #ifdef __cplusplus
 }
 #endif