aboutsummaryrefslogtreecommitdiff
path: root/src/backend
diff options
context:
space:
mode:
Diffstat (limited to 'src/backend')
-rw-r--r--src/backend/libpq/auth.c18
-rw-r--r--src/backend/libpq/crypt.c4
-rw-r--r--src/backend/libpq/password.c30
3 files changed, 27 insertions, 25 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 5cd049062cb..4f0dc6a31a0 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
- * $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.47 2000/05/27 04:13:05 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.48 2000/07/04 16:31:53 petere Exp $
*
*-------------------------------------------------------------------------
*/
@@ -52,9 +52,6 @@ static void auth_failed(Port *port);
#ifdef KRB4
-/* This has to be ifdef'd out because krb.h does exist. This needs
- to be fixed.
-*/
/*----------------------------------------------------------------
* MIT Kerberos authentication system - protocol version 4
*----------------------------------------------------------------
@@ -141,9 +138,6 @@ pg_krb4_recvauth(Port *port)
#ifdef KRB5
-/* This needs to be ifdef'd out because krb5.h doesn't exist. This needs
- to be fixed.
-*/
/*----------------------------------------------------------------
* MIT Kerberos authentication system - protocol version 5
*----------------------------------------------------------------
@@ -692,16 +686,14 @@ readPasswordPacket(void *arg, PacketLen len, void *pkt)
/*
- * Use the local flat password file if clear passwords are used and the file is
- * specified. Otherwise use the password in the pg_shadow table, encrypted or
- * not.
+ * Handle `password' and `crypt' records. If an auth argument was
+ * specified, use the respective file. Else use pg_shadow passwords.
*/
-
static int
checkPassword(Port *port, char *user, char *password)
{
- if (port->auth_method == uaPassword && port->auth_arg[0] != '\0')
- return verify_password(port->auth_arg, user, password);
+ if (port->auth_arg[0] != '\0')
+ return verify_password(port, user, password);
return crypt_verify(port, user, password);
}
diff --git a/src/backend/libpq/crypt.c b/src/backend/libpq/crypt.c
index 38b8e0ed383..8b9eace73ef 100644
--- a/src/backend/libpq/crypt.c
+++ b/src/backend/libpq/crypt.c
@@ -9,7 +9,7 @@
* Dec 17, 1997 - Todd A. Brandys
* Orignal Version Completed.
*
- * $Id: crypt.c,v 1.26 2000/07/03 20:48:30 petere Exp $
+ * $Id: crypt.c,v 1.27 2000/07/04 16:31:53 petere Exp $
*
*-------------------------------------------------------------------------
*/
@@ -249,7 +249,7 @@ crypt_getloginfo(const char *user, char **passwd, char **valuntil)
/*-------------------------------------------------------------------------*/
int
-crypt_verify(Port *port, const char *user, const char *pgpass)
+crypt_verify(const Port *port, const char *user, const char *pgpass)
{
char *passwd,
diff --git a/src/backend/libpq/password.c b/src/backend/libpq/password.c
index c7656f8b98f..6f47d5d4378 100644
--- a/src/backend/libpq/password.c
+++ b/src/backend/libpq/password.c
@@ -2,7 +2,7 @@
* Portions Copyright (c) 1996-2000, PostgreSQL, Inc
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $Id: password.c,v 1.29 2000/06/02 15:57:21 momjian Exp $
+ * $Id: password.c,v 1.30 2000/07/04 16:31:53 petere Exp $
*
*/
@@ -15,18 +15,19 @@
#include "libpq/libpq.h"
#include "libpq/password.h"
+#include "libpq/crypt.h"
#include "miscadmin.h"
int
-verify_password(char *auth_arg, char *user, char *password)
+verify_password(const Port *port, const char *user, const char *password)
{
char *pw_file_fullname;
FILE *pw_file;
- pw_file_fullname = (char *) palloc(strlen(DataDir) + strlen(auth_arg) + 2);
+ pw_file_fullname = (char *) palloc(strlen(DataDir) + strlen(port->auth_arg) + 2);
strcpy(pw_file_fullname, DataDir);
strcat(pw_file_fullname, "/");
- strcat(pw_file_fullname, auth_arg);
+ strcat(pw_file_fullname, port->auth_arg);
pw_file = AllocateFile(pw_file_fullname, PG_BINARY_R);
if (!pw_file)
@@ -52,23 +53,32 @@ verify_password(char *auth_arg, char *user, char *password)
*test_pw;
fgets(pw_file_line, sizeof(pw_file_line), pw_file);
+ /* kill the newline */
+ if (pw_file_line[strlen(pw_file_line) - 1] == '\n')
+ pw_file_line[strlen(pw_file_line) - 1] = '\0';
+
p = pw_file_line;
test_user = strtok(p, ":");
test_pw = strtok(NULL, ":");
- if (!test_user || !test_pw ||
- test_user[0] == '\0' || test_pw[0] == '\0')
+ if (!test_user || test_user[0] == '\0')
continue;
- /* kill the newline */
- if (test_pw[strlen(test_pw) - 1] == '\n')
- test_pw[strlen(test_pw) - 1] = '\0';
-
if (strcmp(user, test_user) == 0)
{
/* we're outta here one way or the other, so close file */
FreeFile(pw_file);
+ /*
+ * If the password is empty of "+" then we use the regular
+ * pg_shadow passwords. If we use crypt then we have to
+ * use pg_shadow passwords no matter what.
+ */
+ if (port->auth_method == uaCrypt
+ || test_pw == NULL || test_pw[0] == '\0'
+ || strcmp(test_pw, "+")==0)
+ return crypt_verify(port, user, password);
+
if (strcmp(crypt(password, test_pw), test_pw) == 0)
{
/* it matched. */
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-18 02:13:45 +0000