PostgreSQL Source Code: src/include/libpq/crypt.h File Reference (original) (raw)
Go to the source code of this file.
| Functions | |
|---|---|
| PasswordType | get_password_type (const char *shadow_pass) |
| char * | encrypt_password (PasswordType target_type, const char *role, const char *password) |
| char * | get_role_password (const char *role, const char **logdetail) |
| int | md5_crypt_verify (const char *role, const char *shadow_pass, const char *client_pass, const uint8 *md5_salt, int md5_salt_len, const char **logdetail) |
| int | plain_crypt_verify (const char *role, const char *shadow_pass, const char *client_pass, const char **logdetail) |
◆ MAX_ENCRYPTED_PASSWORD_LEN
#define MAX_ENCRYPTED_PASSWORD_LEN (512)
Definition at line 26 of file crypt.h.
◆ PasswordType
◆ PasswordType
| Enumerator |
|---|
| PASSWORD_TYPE_PLAINTEXT |
| PASSWORD_TYPE_MD5 |
| PASSWORD_TYPE_SCRAM_SHA_256 |
Definition at line 40 of file crypt.h.
41{
@ PASSWORD_TYPE_PLAINTEXT
@ PASSWORD_TYPE_SCRAM_SHA_256
◆ encrypt_password()
| char * encrypt_password | ( | PasswordType | target_type, |
|---|---|---|---|
| const char * | role, | ||
| const char * | password | ||
| ) |
Definition at line 117 of file crypt.c.
119{
121 char *encrypted_password = NULL;
122 const char *errstr = NULL;
123
125 {
126
127
128
129
131 }
132 else
133 {
134 switch (target_type)
135 {
138
140 encrypted_password, &errstr))
141 elog(ERROR, "password encryption failed: %s", errstr);
142 break;
143
146 break;
147
149 elog(ERROR, "cannot encrypt password with 'plaintext'");
150 break;
151 }
152 }
153
154 Assert(encrypted_password);
155
156
157
158
159
160
161
162
163 if (encrypted_password &&
165 {
166
167
168
169
171
173 (errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
174 errmsg("encrypted password is too long"),
175 errdetail("Encrypted passwords must be no longer than %d bytes.",
177 }
178
182 (errcode(ERRCODE_WARNING_DEPRECATED_FEATURE),
183 errmsg("setting an MD5-encrypted password"),
184 errdetail("MD5 password support is deprecated and will be removed in a future release of PostgreSQL."),
185 errhint("Refer to the PostgreSQL documentation for details about migrating to another password type.")));
186
187 return encrypted_password;
188}
char * pg_be_scram_build_secret(const char *password)
bool md5_password_warnings
PasswordType get_password_type(const char *shadow_pass)
#define MAX_ENCRYPTED_PASSWORD_LEN
int errdetail(const char *fmt,...)
int errhint(const char *fmt,...)
int errcode(int sqlerrcode)
int errmsg(const char *fmt,...)
#define ereport(elevel,...)
Assert(PointerIsAligned(start, uint64))
char * pstrdup(const char *in)
bool pg_md5_encrypt(const char *passwd, const uint8 *salt, size_t salt_len, char *buf, const char **errstr)
References Assert(), elog, ereport, errcode(), errdetail(), errhint(), errmsg(), ERROR, get_password_type(), MAX_ENCRYPTED_PASSWORD_LEN, MD5_PASSWD_LEN, md5_password_warnings, palloc(), password, PASSWORD_TYPE_MD5, PASSWORD_TYPE_PLAINTEXT, PASSWORD_TYPE_SCRAM_SHA_256, pg_be_scram_build_secret(), pg_md5_encrypt(), pstrdup(), and WARNING.
Referenced by AlterRole(), and CreateRole().
◆ get_password_type()
Definition at line 90 of file crypt.c.
91{
92 char *encoded_salt;
94 int key_length = 0;
98
99 if (strncmp(shadow_pass, "md5", 3) == 0 &&
104 &encoded_salt, stored_key, server_key))
107}
bool parse_scram_secret(const char *secret, int *iterations, pg_cryptohash_type *hash_type, int *key_length, char **salt, uint8 *stored_key, uint8 *server_key)
#define MD5_PASSWD_CHARSET
#define SCRAM_MAX_KEY_LEN
References iterations, MD5_PASSWD_CHARSET, MD5_PASSWD_LEN, parse_scram_secret(), PASSWORD_TYPE_MD5, PASSWORD_TYPE_PLAINTEXT, PASSWORD_TYPE_SCRAM_SHA_256, and SCRAM_MAX_KEY_LEN.
Referenced by AlterRole(), CheckPWChallengeAuth(), CreateRole(), encrypt_password(), md5_crypt_verify(), plain_crypt_verify(), RenameRole(), and scram_init().
◆ get_role_password()
| char * get_role_password | ( | const char * | role, |
|---|---|---|---|
| const char ** | logdetail | ||
| ) |
Definition at line 38 of file crypt.c.
39{
43 bool isnull;
44 char *shadow_pass;
45
46
49 {
50 *logdetail = psprintf(_("Role \"%s\" does not exist."),
51 role);
52 return NULL;
53 }
54
56 Anum_pg_authid_rolpassword, &isnull);
57 if (isnull)
58 {
60 *logdetail = psprintf(_("User \"%s\" has no password assigned."),
61 role);
62 return NULL;
63 }
65
67 Anum_pg_authid_rolvaliduntil, &isnull);
68 if (!isnull)
70
72
73
74
75
77 {
78 *logdetail = psprintf(_("User \"%s\" has an expired password."),
79 role);
80 return NULL;
81 }
82
83 return shadow_pass;
84}
TimestampTz GetCurrentTimestamp(void)
#define TextDatumGetCString(d)
#define HeapTupleIsValid(tuple)
static Datum PointerGetDatum(const void *X)
char * psprintf(const char *fmt,...)
void ReleaseSysCache(HeapTuple tuple)
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Datum SysCacheGetAttr(int cacheId, HeapTuple tup, AttrNumber attributeNumber, bool *isNull)
static TimestampTz DatumGetTimestampTz(Datum X)
References _, DatumGetTimestampTz(), GetCurrentTimestamp(), HeapTupleIsValid, PointerGetDatum(), psprintf(), ReleaseSysCache(), SearchSysCache1(), SysCacheGetAttr(), and TextDatumGetCString.
Referenced by CheckPasswordAuth(), and CheckPWChallengeAuth().
◆ md5_crypt_verify()
| int md5_crypt_verify | ( | const char * | role, |
|---|---|---|---|
| const char * | shadow_pass, | ||
| const char * | client_pass, | ||
| const uint8 * | md5_salt, | ||
| int | md5_salt_len, | ||
| const char ** | logdetail | ||
| ) |
Definition at line 202 of file crypt.c.
206{
207 int retval;
209 const char *errstr = NULL;
210
211 Assert(md5_salt_len > 0);
212
214 {
215
216 *logdetail = psprintf(_("User \"%s\" has a password that cannot be used with MD5 authentication."),
217 role);
219 }
220
221
222
223
224
226 md5_salt, md5_salt_len,
227 crypt_pwd, &errstr))
228 {
229 *logdetail = errstr;
231 }
232
233 if (strcmp(client_pass, crypt_pwd) == 0)
235 else
236 {
237 *logdetail = psprintf(_("Password does not match for user \"%s\"."),
238 role);
240 }
241
242 return retval;
243}
References _, Assert(), get_password_type(), MD5_PASSWD_LEN, PASSWORD_TYPE_MD5, pg_md5_encrypt(), psprintf(), STATUS_ERROR, and STATUS_OK.
Referenced by CheckMD5Auth().
◆ plain_crypt_verify()
| int plain_crypt_verify | ( | const char * | role, |
|---|---|---|---|
| const char * | shadow_pass, | ||
| const char * | client_pass, | ||
| const char ** | logdetail | ||
| ) |
Definition at line 256 of file crypt.c.
259{
261 const char *errstr = NULL;
262
263
264
265
266
267
269 {
272 client_pass,
273 shadow_pass))
274 {
276 }
277 else
278 {
279 *logdetail = psprintf(_("Password does not match for user \"%s\"."),
280 role);
282 }
283 break;
284
288 strlen(role),
289 crypt_client_pass,
290 &errstr))
291 {
292 *logdetail = errstr;
294 }
295 if (strcmp(crypt_client_pass, shadow_pass) == 0)
297 else
298 {
299 *logdetail = psprintf(_("Password does not match for user \"%s\"."),
300 role);
302 }
303 break;
304
306
307
308
309
310
311 break;
312 }
313
314
315
316
317
318 *logdetail = psprintf(_("Password of user \"%s\" is in unrecognized format."),
319 role);
321}
bool scram_verify_plain_password(const char *username, const char *password, const char *secret)
References _, get_password_type(), MD5_PASSWD_LEN, PASSWORD_TYPE_MD5, PASSWORD_TYPE_PLAINTEXT, PASSWORD_TYPE_SCRAM_SHA_256, pg_md5_encrypt(), psprintf(), scram_verify_plain_password(), STATUS_ERROR, and STATUS_OK.
Referenced by AlterRole(), check_password(), CheckPasswordAuth(), and CreateRole().