src/backend/libpq/password.c


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103

/*
 * Copyright (c) 1994, Regents of the University of California
 *
 * $Id: password.c,v 1.25 1999/07/17 20:17:02 momjian Exp $
 *
 */

#include <unistd.h>

#include "postgres.h"
#ifdef HAVE_CRYPT_H
#include "crypt.h"
#endif

#include "libpq/libpq.h"
#include "libpq/password.h"
#include "miscadmin.h"

int
verify_password(char *auth_arg, char *user, char *password)
{
	char	   *pw_file_fullname;
	FILE	   *pw_file;

	pw_file_fullname = (char *) palloc(strlen(DataDir) + strlen(auth_arg) + 2);
	strcpy(pw_file_fullname, DataDir);
	strcat(pw_file_fullname, "/");
	strcat(pw_file_fullname, auth_arg);

#ifndef __CYGWIN32__
	pw_file = AllocateFile(pw_file_fullname, "r");
#else
	pw_file = AllocateFile(pw_file_fullname, "rb");
#endif
	if (!pw_file)
	{
		snprintf(PQerrormsg, ERROR_MSG_LENGTH,
				 "verify_password: couldn't open password file '%s'\n",
				 pw_file_fullname);
		fputs(PQerrormsg, stderr);
		pqdebug("%s", PQerrormsg);

		pfree(pw_file_fullname);

		return STATUS_ERROR;
	}

	while (!feof(pw_file))
	{
		char		pw_file_line[255],
				   *p,
				   *test_user,
				   *test_pw;

		fgets(pw_file_line, sizeof(pw_file_line), pw_file);
		p = pw_file_line;

		test_user = strtok(p, ":");
		test_pw = strtok(NULL, ":");
		if (!test_user || !test_pw ||
			test_user[0] == '\0' || test_pw[0] == '\0')
			continue;

		/* kill the newline */
		if (test_pw[strlen(test_pw) - 1] == '\n')
			test_pw[strlen(test_pw) - 1] = '\0';

		if (strcmp(user, test_user) == 0)
		{
			/* we're outta here one way or the other. */
			FreeFile(pw_file);

			if (strcmp(crypt(password, test_pw), test_pw) == 0)
			{
				/* it matched. */

				pfree(pw_file_fullname);

				return STATUS_OK;
			}

			snprintf(PQerrormsg, ERROR_MSG_LENGTH,
					 "verify_password: password mismatch for '%s'.\n",
					 user);
			fputs(PQerrormsg, stderr);
			pqdebug("%s", PQerrormsg);

			pfree(pw_file_fullname);

			return STATUS_ERROR;
		}
	}

	snprintf(PQerrormsg, ERROR_MSG_LENGTH,
			 "verify_password: user '%s' not found in password file.\n",
			 user);
	fputs(PQerrormsg, stderr);
	pqdebug("%s", PQerrormsg);

	pfree(pw_file_fullname);

	return STATUS_ERROR;
}