PostgreSQL Source Code: src/backend/libpq/crypt.c Source File (original) (raw)

1

2

3

4

5

6

7

8

9

10

11

12

13

15

17

26

27

29

30

31

32

33

34

35

36

37char *

39{

43 bool isnull;

44 char *shadow_pass;

45

46

49 {

50 *logdetail = psprintf(_("Role \"%s\" does not exist."),

51 role);

52 return NULL;

53 }

54

56 Anum_pg_authid_rolpassword, &isnull);

57 if (isnull)

58 {

60 *logdetail = psprintf(_("User \"%s\" has no password assigned."),

61 role);

62 return NULL;

63 }

65

67 Anum_pg_authid_rolvaliduntil, &isnull);

68 if (!isnull)

70

72

73

74

75

77 {

78 *logdetail = psprintf(_("User \"%s\" has an expired password."),

79 role);

80 return NULL;

81 }

82

83 return shadow_pass;

84}

85

86

87

88

91{

92 char *encoded_salt;

94 int key_length = 0;

98

99 if (strncmp(shadow_pass, "md5", 3) == 0 &&

104 &encoded_salt, stored_key, server_key))

107}

108

109

110

111

112

113

114

115

116char *

119{

121 char *encrypted_password = NULL;

122 const char *errstr = NULL;

123

125 {

126

127

128

129

131 }

132 else

133 {

134 switch (target_type)

135 {

138

140 encrypted_password, &errstr))

141 elog(ERROR, "password encryption failed: %s", errstr);

142 break;

143

146 break;

147

149 elog(ERROR, "cannot encrypt password with 'plaintext'");

150 break;

151 }

152 }

153

154 Assert(encrypted_password);

155

156

157

158

159

160

161

162

163 if (encrypted_password &&

165 {

166

167

168

169

171

173 (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),

174 errmsg("encrypted password is too long"),

175 errdetail("Encrypted passwords must be no longer than %d bytes.",

177 }

178

182 (errcode(ERRCODE_WARNING_DEPRECATED_FEATURE),

183 errmsg("setting an MD5-encrypted password"),

184 errdetail("MD5 password support is deprecated and will be removed in a future release of PostgreSQL."),

185 errhint("Refer to the PostgreSQL documentation for details about migrating to another password type.")));

186

187 return encrypted_password;

188}

189

190

191

192

193

194

195

196

197

198

199

200

201int

203 const char *client_pass,

204 const uint8 *md5_salt, int md5_salt_len,

205 const char **logdetail)

206{

207 int retval;

209 const char *errstr = NULL;

210

211 Assert(md5_salt_len > 0);

212

214 {

215

216 *logdetail = psprintf(_("User \"%s\" has a password that cannot be used with MD5 authentication."),

217 role);

219 }

220

221

222

223

224

226 md5_salt, md5_salt_len,

227 crypt_pwd, &errstr))

228 {

229 *logdetail = errstr;

231 }

232

233 if (strcmp(client_pass, crypt_pwd) == 0)

235 else

236 {

237 *logdetail = psprintf(_("Password does not match for user \"%s\"."),

238 role);

240 }

241

242 return retval;

243}

244

245

246

247

248

249

250

251

252

253

254

255int

257 const char *client_pass,

258 const char **logdetail)

259{

261 const char *errstr = NULL;

262

263

264

265

266

267

269 {

272 client_pass,

273 shadow_pass))

274 {

276 }

277 else

278 {

279 *logdetail = psprintf(_("Password does not match for user \"%s\"."),

280 role);

282 }

283 break;

284

288 strlen(role),

289 crypt_client_pass,

290 &errstr))

291 {

292 *logdetail = errstr;

294 }

295 if (strcmp(crypt_client_pass, shadow_pass) == 0)

297 else

298 {

299 *logdetail = psprintf(_("Password does not match for user \"%s\"."),

300 role);

302 }

303 break;

304

306

307

308

309

310

311 break;

312 }

313

314

315

316

317

318 *logdetail = psprintf(_("Password of user \"%s\" is in unrecognized format."),

319 role);

321}

bool parse_scram_secret(const char *secret, int *iterations, pg_cryptohash_type *hash_type, int *key_length, char **salt, uint8 *stored_key, uint8 *server_key)

char * pg_be_scram_build_secret(const char *password)

bool scram_verify_plain_password(const char *username, const char *password, const char *secret)

TimestampTz GetCurrentTimestamp(void)

#define TextDatumGetCString(d)

int md5_crypt_verify(const char *role, const char *shadow_pass, const char *client_pass, const uint8 *md5_salt, int md5_salt_len, const char **logdetail)

int plain_crypt_verify(const char *role, const char *shadow_pass, const char *client_pass, const char **logdetail)

char * get_role_password(const char *role, const char **logdetail)

bool md5_password_warnings

PasswordType get_password_type(const char *shadow_pass)

char * encrypt_password(PasswordType target_type, const char *role, const char *password)

@ PASSWORD_TYPE_PLAINTEXT

@ PASSWORD_TYPE_SCRAM_SHA_256

#define MAX_ENCRYPTED_PASSWORD_LEN

int errdetail(const char *fmt,...)

int errhint(const char *fmt,...)

int errcode(int sqlerrcode)

int errmsg(const char *fmt,...)

#define ereport(elevel,...)

Assert(PointerIsAligned(start, uint64))

#define HeapTupleIsValid(tuple)

char * pstrdup(const char *in)

#define MD5_PASSWD_CHARSET

bool pg_md5_encrypt(const char *passwd, const uint8 *salt, size_t salt_len, char *buf, const char **errstr)

static Datum PointerGetDatum(const void *X)

char * psprintf(const char *fmt,...)

#define SCRAM_MAX_KEY_LEN

void ReleaseSysCache(HeapTuple tuple)

HeapTuple SearchSysCache1(int cacheId, Datum key1)

Datum SysCacheGetAttr(int cacheId, HeapTuple tup, AttrNumber attributeNumber, bool *isNull)

static TimestampTz DatumGetTimestampTz(Datum X)