diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/backend/libpq/auth.c | 10 | ||||
| -rw-r--r-- | src/backend/libpq/crypt.c | 18 | ||||
| -rw-r--r-- | src/backend/libpq/hba.c | 4 | ||||
| -rw-r--r-- | src/backend/postmaster/postmaster.c | 41 | ||||
| -rw-r--r-- | src/include/libpq/hba.h | 3 | ||||
| -rw-r--r-- | src/include/libpq/libpq-be.h | 3 | ||||
| -rw-r--r-- | src/include/libpq/pqcomm.h | 4 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-auth.c | 20 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-connect.c | 11 | ||||
| -rw-r--r-- | src/interfaces/libpq/libpq-int.h | 3 |
10 files changed, 21 insertions, 96 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 865d52fc56f..e89b040b67e 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.169 2008/10/23 13:31:10 mha Exp $ + * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.170 2008/10/28 12:10:43 mha Exp $ * *------------------------------------------------------------------------- */ @@ -230,7 +230,6 @@ auth_failed(Port *port, int status) errstr = gettext_noop("Ident authentication failed for user \"%s\""); break; case uaMD5: - case uaCrypt: case uaPassword: errstr = gettext_noop("password authentication failed for user \"%s\""); break; @@ -373,11 +372,6 @@ ClientAuthentication(Port *port) status = recv_and_check_password_packet(port); break; - case uaCrypt: - sendAuthRequest(port, AUTH_REQ_CRYPT); - status = recv_and_check_password_packet(port); - break; - case uaPassword: sendAuthRequest(port, AUTH_REQ_PASSWORD); status = recv_and_check_password_packet(port); @@ -426,8 +420,6 @@ sendAuthRequest(Port *port, AuthRequest areq) /* Add the salt for encrypted passwords. */ if (areq == AUTH_REQ_MD5) pq_sendbytes(&buf, port->md5Salt, 4); - else if (areq == AUTH_REQ_CRYPT) - pq_sendbytes(&buf, port->cryptSalt, 2); #if defined(ENABLE_GSS) || defined(ENABLE_SSPI) diff --git a/src/backend/libpq/crypt.c b/src/backend/libpq/crypt.c index ab237ad3b11..68e685dd786 100644 --- a/src/backend/libpq/crypt.c +++ b/src/backend/libpq/crypt.c @@ -9,7 +9,7 @@ * Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $PostgreSQL: pgsql/src/backend/libpq/crypt.c,v 1.75 2008/09/15 12:32:56 mha Exp $ + * $PostgreSQL: pgsql/src/backend/libpq/crypt.c,v 1.76 2008/10/28 12:10:43 mha Exp $ * *------------------------------------------------------------------------- */ @@ -53,14 +53,6 @@ md5_crypt_verify(const Port *port, const char *role, char *client_pass) if (shadow_pass == NULL || *shadow_pass == '\0') return STATUS_ERROR; - /* We can't do crypt with MD5 passwords */ - if (isMD5(shadow_pass) && port->hba->auth_method == uaCrypt) - { - ereport(LOG, - (errmsg("cannot use authentication method \"crypt\" because password is MD5-encrypted"))); - return STATUS_ERROR; - } - /* * Compare with the encrypted or plain password depending on the * authentication method being used for this connection. @@ -106,14 +98,6 @@ md5_crypt_verify(const Port *port, const char *role, char *client_pass) pfree(crypt_pwd2); } break; - case uaCrypt: - { - char salt[3]; - - strlcpy(salt, port->cryptSalt, sizeof(salt)); - crypt_pwd = crypt(shadow_pass, salt); - break; - } default: if (isMD5(shadow_pass)) { diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c index fbeb185fc9f..d5e56bda453 100644 --- a/src/backend/libpq/hba.c +++ b/src/backend/libpq/hba.c @@ -10,7 +10,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.171 2008/10/27 20:04:45 mha Exp $ + * $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.172 2008/10/28 12:10:43 mha Exp $ * *------------------------------------------------------------------------- */ @@ -847,8 +847,6 @@ parse_hba_line(List *line, int line_num, HbaLine *parsedline) parsedline->auth_method = uaReject; else if (strcmp(token, "md5") == 0) parsedline->auth_method = uaMD5; - else if (strcmp(token, "crypt") == 0) - parsedline->auth_method = uaCrypt; else if (strcmp(token, "pam") == 0) #ifdef USE_PAM parsedline->auth_method = uaPAM; diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c index 4de81673460..c955e1e4fac 100644 --- a/src/backend/postmaster/postmaster.c +++ b/src/backend/postmaster/postmaster.c @@ -37,7 +37,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.565 2008/09/23 20:35:38 momjian Exp $ + * $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.566 2008/10/28 12:10:43 mha Exp $ * * NOTES * @@ -323,7 +323,7 @@ static int initMasks(fd_set *rmask); static void report_fork_failure_to_client(Port *port, int errnum); static enum CAC_state canAcceptConnections(void); static long PostmasterRandom(void); -static void RandomSalt(char *cryptSalt, char *md5Salt); +static void RandomSalt(char *md5Salt); static void signal_child(pid_t pid, int signal); static void SignalSomeChildren(int signal, bool only_autovac); @@ -1808,7 +1808,7 @@ ConnCreate(int serverFd) * fork, not after. Else the postmaster's random sequence won't get * advanced, and all backends would end up using the same salt... */ - RandomSalt(port->cryptSalt, port->md5Salt); + RandomSalt(port->md5Salt); } /* @@ -3910,49 +3910,20 @@ dummy_handler(SIGNAL_ARGS) { } - -/* - * CharRemap: given an int in range 0..61, produce textual encoding of it - * per crypt(3) conventions. - */ -static char -CharRemap(long ch) -{ - if (ch < 0) - ch = -ch; - ch = ch % 62; - - if (ch < 26) - return 'A' + ch; - - ch -= 26; - if (ch < 26) - return 'a' + ch; - - ch -= 26; - return '0' + ch; -} - /* * RandomSalt */ static void -RandomSalt(char *cryptSalt, char *md5Salt) +RandomSalt(char *md5Salt) { - long rand = PostmasterRandom(); - - cryptSalt[0] = CharRemap(rand % 62); - cryptSalt[1] = CharRemap(rand / 62); + long rand; /* - * It's okay to reuse the first random value for one of the MD5 salt - * bytes, since only one of the two salts will be sent to the client. - * After that we need to compute more random bits. - * * We use % 255, sacrificing one possible byte value, so as to ensure that * all bits of the random() value participate in the result. While at it, * add one to avoid generating any null bytes. */ + rand = PostmasterRandom(); md5Salt[0] = (rand % 255) + 1; rand = PostmasterRandom(); md5Salt[1] = (rand % 255) + 1; diff --git a/src/include/libpq/hba.h b/src/include/libpq/hba.h index 54ecc560d81..79b5a51c6d0 100644 --- a/src/include/libpq/hba.h +++ b/src/include/libpq/hba.h @@ -4,7 +4,7 @@ * Interface to hba.c * * - * $PostgreSQL: pgsql/src/include/libpq/hba.h,v 1.50 2008/10/23 13:31:10 mha Exp $ + * $PostgreSQL: pgsql/src/include/libpq/hba.h,v 1.51 2008/10/28 12:10:44 mha Exp $ * *------------------------------------------------------------------------- */ @@ -22,7 +22,6 @@ typedef enum UserAuth uaTrust, uaIdent, uaPassword, - uaCrypt, uaMD5, uaGSS, uaSSPI, diff --git a/src/include/libpq/libpq-be.h b/src/include/libpq/libpq-be.h index 4d5e0039c89..73f42298c42 100644 --- a/src/include/libpq/libpq-be.h +++ b/src/include/libpq/libpq-be.h @@ -11,7 +11,7 @@ * Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $PostgreSQL: pgsql/src/include/libpq/libpq-be.h,v 1.67 2008/09/15 12:32:57 mha Exp $ + * $PostgreSQL: pgsql/src/include/libpq/libpq-be.h,v 1.68 2008/10/28 12:10:44 mha Exp $ * *------------------------------------------------------------------------- */ @@ -123,7 +123,6 @@ typedef struct Port */ HbaLine *hba; char md5Salt[4]; /* Password salt */ - char cryptSalt[2]; /* Password salt */ /* * Information that really has no business at all being in struct Port, diff --git a/src/include/libpq/pqcomm.h b/src/include/libpq/pqcomm.h index 31839b20152..6b9437ae045 100644 --- a/src/include/libpq/pqcomm.h +++ b/src/include/libpq/pqcomm.h @@ -9,7 +9,7 @@ * Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $PostgreSQL: pgsql/src/include/libpq/pqcomm.h,v 1.108 2008/01/01 19:45:58 momjian Exp $ + * $PostgreSQL: pgsql/src/include/libpq/pqcomm.h,v 1.109 2008/10/28 12:10:44 mha Exp $ * *------------------------------------------------------------------------- */ @@ -153,7 +153,7 @@ extern bool Db_user_namespace; #define AUTH_REQ_KRB4 1 /* Kerberos V4. Not supported any more. */ #define AUTH_REQ_KRB5 2 /* Kerberos V5 */ #define AUTH_REQ_PASSWORD 3 /* Password */ -#define AUTH_REQ_CRYPT 4 /* crypt password */ +#define AUTH_REQ_CRYPT 4 /* crypt password. Not supported any more. */ #define AUTH_REQ_MD5 5 /* md5 password */ #define AUTH_REQ_SCM_CREDS 6 /* transfer SCM credentials */ #define AUTH_REQ_GSS 7 /* GSSAPI without wrap() */ diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c index f0d79487129..64631966489 100644 --- a/src/interfaces/libpq/fe-auth.c +++ b/src/interfaces/libpq/fe-auth.c @@ -7,7 +7,7 @@ * Portions Copyright (c) 1994, Regents of the University of California * * IDENTIFICATION - * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.137 2008/01/31 18:58:30 tgl Exp $ + * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.138 2008/10/28 12:10:44 mha Exp $ * *------------------------------------------------------------------------- */ @@ -40,10 +40,6 @@ #include <pwd.h> #endif -#ifdef HAVE_CRYPT_H -#include <crypt.h> -#endif - #include "libpq-fe.h" #include "fe-auth.h" #include "libpq/md5.h" @@ -787,14 +783,6 @@ pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq) } break; } - case AUTH_REQ_CRYPT: - { - char salt[3]; - - strlcpy(salt, conn->cryptSalt, sizeof(salt)); - crypt_pwd = crypt(password, salt); - break; - } case AUTH_REQ_PASSWORD: /* discard const so we can assign it */ crypt_pwd = (char *) password; @@ -938,8 +926,12 @@ pg_fe_sendauth(AuthRequest areq, PGconn *conn) #endif - case AUTH_REQ_MD5: case AUTH_REQ_CRYPT: + printfPQExpBuffer(&conn->errorMessage, + libpq_gettext("Crypt authentication not supported\n")); + return STATUS_ERROR; + + case AUTH_REQ_MD5: case AUTH_REQ_PASSWORD: conn->password_needed = true; if (conn->pgpass == NULL || conn->pgpass[0] == '\0') diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index c611c0de1cb..87809fd7829 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.364 2008/10/27 09:42:31 mha Exp $ + * $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.365 2008/10/28 12:10:44 mha Exp $ * *------------------------------------------------------------------------- */ @@ -1674,15 +1674,6 @@ keep_going: /* We will come back to here until there is return PGRES_POLLING_READING; } } - if (areq == AUTH_REQ_CRYPT) - { - if (pqGetnchar(conn->cryptSalt, - sizeof(conn->cryptSalt), conn)) - { - /* We'll come back when there are more data */ - return PGRES_POLLING_READING; - } - } #if defined(ENABLE_GSS) || defined(ENABLE_SSPI) /* diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h index 8525fb15f05..d5ec8ce13fc 100644 --- a/src/interfaces/libpq/libpq-int.h +++ b/src/interfaces/libpq/libpq-int.h @@ -12,7 +12,7 @@ * Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.135 2008/10/27 09:42:31 mha Exp $ + * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.136 2008/10/28 12:10:44 mha Exp $ * *------------------------------------------------------------------------- */ @@ -340,7 +340,6 @@ struct pg_conn int be_pid; /* PID of backend --- needed for cancels */ int be_key; /* key of backend --- needed for cancels */ char md5Salt[4]; /* password salt received from backend */ - char cryptSalt[2]; /* password salt received from backend */ pgParameterStatus *pstatus; /* ParameterStatus data */ int client_encoding; /* encoding id */ bool std_strings; /* standard_conforming_strings */ |