Remove support for (insecure) crypt authentication.

This breaks compatibility with pre-7.2 versions.

4 files changed, 9 insertions, 64 deletions

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 865d52fc56f..e89b040b67e 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.169 2008/10/23 13:31:10 mha Exp $
+ *	  $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.170 2008/10/28 12:10:43 mha Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -230,7 +230,6 @@ auth_failed(Port *port, int status)
 			errstr = gettext_noop("Ident authentication failed for user \"%s\"");
 			break;
 		case uaMD5:
-		case uaCrypt:
 		case uaPassword:
 			errstr = gettext_noop("password authentication failed for user \"%s\"");
 			break;
@@ -373,11 +372,6 @@ ClientAuthentication(Port *port)
 			status = recv_and_check_password_packet(port);
 			break;
 
-		case uaCrypt:
-			sendAuthRequest(port, AUTH_REQ_CRYPT);
-			status = recv_and_check_password_packet(port);
-			break;
-
 		case uaPassword:
 			sendAuthRequest(port, AUTH_REQ_PASSWORD);
 			status = recv_and_check_password_packet(port);
@@ -426,8 +420,6 @@ sendAuthRequest(Port *port, AuthRequest areq)
 	/* Add the salt for encrypted passwords. */
 	if (areq == AUTH_REQ_MD5)
 		pq_sendbytes(&buf, port->md5Salt, 4);
-	else if (areq == AUTH_REQ_CRYPT)
-		pq_sendbytes(&buf, port->cryptSalt, 2);
 
 #if defined(ENABLE_GSS) || defined(ENABLE_SSPI)
 
diff --git a/src/backend/libpq/crypt.c b/src/backend/libpq/crypt.c
index ab237ad3b11..68e685dd786 100644
--- a/src/backend/libpq/crypt.c
+++ b/src/backend/libpq/crypt.c
@@ -9,7 +9,7 @@
  * Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/backend/libpq/crypt.c,v 1.75 2008/09/15 12:32:56 mha Exp $
+ * $PostgreSQL: pgsql/src/backend/libpq/crypt.c,v 1.76 2008/10/28 12:10:43 mha Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -53,14 +53,6 @@ md5_crypt_verify(const Port *port, const char *role, char *client_pass)
 	if (shadow_pass == NULL || *shadow_pass == '\0')
 		return STATUS_ERROR;
 
-	/* We can't do crypt with MD5 passwords */
-	if (isMD5(shadow_pass) && port->hba->auth_method == uaCrypt)
-	{
-		ereport(LOG,
-				(errmsg("cannot use authentication method \"crypt\" because password is MD5-encrypted")));
-		return STATUS_ERROR;
-	}
-
 	/*
 	 * Compare with the encrypted or plain password depending on the
 	 * authentication method being used for this connection.
@@ -106,14 +98,6 @@ md5_crypt_verify(const Port *port, const char *role, char *client_pass)
 				pfree(crypt_pwd2);
 			}
 			break;
-		case uaCrypt:
-			{
-				char		salt[3];
-
-				strlcpy(salt, port->cryptSalt, sizeof(salt));
-				crypt_pwd = crypt(shadow_pass, salt);
-				break;
-			}
 		default:
 			if (isMD5(shadow_pass))
 			{
diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c
index fbeb185fc9f..d5e56bda453 100644
--- a/src/backend/libpq/hba.c
+++ b/src/backend/libpq/hba.c
@@ -10,7 +10,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.171 2008/10/27 20:04:45 mha Exp $
+ *	  $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.172 2008/10/28 12:10:43 mha Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -847,8 +847,6 @@ parse_hba_line(List *line, int line_num, HbaLine *parsedline)
 		parsedline->auth_method = uaReject;
 	else if (strcmp(token, "md5") == 0)
 		parsedline->auth_method = uaMD5;
-	else if (strcmp(token, "crypt") == 0)
-		parsedline->auth_method = uaCrypt;
 	else if (strcmp(token, "pam") == 0)
 #ifdef USE_PAM
 		parsedline->auth_method = uaPAM;
diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c
index 4de81673460..c955e1e4fac 100644
--- a/src/backend/postmaster/postmaster.c
+++ b/src/backend/postmaster/postmaster.c
@@ -37,7 +37,7 @@
  *
  *
  * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.565 2008/09/23 20:35:38 momjian Exp $
+ *	  $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.566 2008/10/28 12:10:43 mha Exp $
  *
  * NOTES
  *
@@ -323,7 +323,7 @@ static int	initMasks(fd_set *rmask);
 static void report_fork_failure_to_client(Port *port, int errnum);
 static enum CAC_state canAcceptConnections(void);
 static long PostmasterRandom(void);
-static void RandomSalt(char *cryptSalt, char *md5Salt);
+static void RandomSalt(char *md5Salt);
 static void signal_child(pid_t pid, int signal);
 static void SignalSomeChildren(int signal, bool only_autovac);
 
@@ -1808,7 +1808,7 @@ ConnCreate(int serverFd)
 		 * fork, not after.  Else the postmaster's random sequence won't get
 		 * advanced, and all backends would end up using the same salt...
 		 */
-		RandomSalt(port->cryptSalt, port->md5Salt);
+		RandomSalt(port->md5Salt);
 	}
 
 	/*
@@ -3910,49 +3910,20 @@ dummy_handler(SIGNAL_ARGS)
 {
 }
 
-
-/*
- * CharRemap: given an int in range 0..61, produce textual encoding of it
- * per crypt(3) conventions.
- */
-static char
-CharRemap(long ch)
-{
-	if (ch < 0)
-		ch = -ch;
-	ch = ch % 62;
-
-	if (ch < 26)
-		return 'A' + ch;
-
-	ch -= 26;
-	if (ch < 26)
-		return 'a' + ch;
-
-	ch -= 26;
-	return '0' + ch;
-}
-
 /*
  * RandomSalt
  */
 static void
-RandomSalt(char *cryptSalt, char *md5Salt)
+RandomSalt(char *md5Salt)
 {
-	long		rand = PostmasterRandom();
-
-	cryptSalt[0] = CharRemap(rand % 62);
-	cryptSalt[1] = CharRemap(rand / 62);
+	long		rand;
 
 	/*
-	 * It's okay to reuse the first random value for one of the MD5 salt
-	 * bytes, since only one of the two salts will be sent to the client.
-	 * After that we need to compute more random bits.
-	 *
 	 * We use % 255, sacrificing one possible byte value, so as to ensure that
 	 * all bits of the random() value participate in the result. While at it,
 	 * add one to avoid generating any null bytes.
 	 */
+	rand = PostmasterRandom();
 	md5Salt[0] = (rand % 255) + 1;
 	rand = PostmasterRandom();
 	md5Salt[1] = (rand % 255) + 1;