aboutsummaryrefslogtreecommitdiff
path: root/src/backend/libpq
diff options
context:
space:
mode:
authorMagnus Hagander <magnus@hagander.net>2008-10-28 12:10:44 +0000
committerMagnus Hagander <magnus@hagander.net>2008-10-28 12:10:44 +0000
commit53a5026b5cb359ec31e81fa6b20a69b053b87569 (patch)
treef0c3debd1187d1ff69ae6cb4a2d6604d75cdda0d /src/backend/libpq
parentba4eb01554fa02268823234983200a71b3b77c1b (diff)
downloadpostgresql-53a5026b5cb359ec31e81fa6b20a69b053b87569.tar.gz
postgresql-53a5026b5cb359ec31e81fa6b20a69b053b87569.zip
Remove support for (insecure) crypt authentication.
This breaks compatibility with pre-7.2 versions.
Diffstat (limited to 'src/backend/libpq')
-rw-r--r--src/backend/libpq/auth.c10
-rw-r--r--src/backend/libpq/crypt.c18
-rw-r--r--src/backend/libpq/hba.c4
3 files changed, 3 insertions, 29 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 865d52fc56f..e89b040b67e 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.169 2008/10/23 13:31:10 mha Exp $
+ * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.170 2008/10/28 12:10:43 mha Exp $
*
*-------------------------------------------------------------------------
*/
@@ -230,7 +230,6 @@ auth_failed(Port *port, int status)
errstr = gettext_noop("Ident authentication failed for user \"%s\"");
break;
case uaMD5:
- case uaCrypt:
case uaPassword:
errstr = gettext_noop("password authentication failed for user \"%s\"");
break;
@@ -373,11 +372,6 @@ ClientAuthentication(Port *port)
status = recv_and_check_password_packet(port);
break;
- case uaCrypt:
- sendAuthRequest(port, AUTH_REQ_CRYPT);
- status = recv_and_check_password_packet(port);
- break;
-
case uaPassword:
sendAuthRequest(port, AUTH_REQ_PASSWORD);
status = recv_and_check_password_packet(port);
@@ -426,8 +420,6 @@ sendAuthRequest(Port *port, AuthRequest areq)
/* Add the salt for encrypted passwords. */
if (areq == AUTH_REQ_MD5)
pq_sendbytes(&buf, port->md5Salt, 4);
- else if (areq == AUTH_REQ_CRYPT)
- pq_sendbytes(&buf, port->cryptSalt, 2);
#if defined(ENABLE_GSS) || defined(ENABLE_SSPI)
diff --git a/src/backend/libpq/crypt.c b/src/backend/libpq/crypt.c
index ab237ad3b11..68e685dd786 100644
--- a/src/backend/libpq/crypt.c
+++ b/src/backend/libpq/crypt.c
@@ -9,7 +9,7 @@
* Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $PostgreSQL: pgsql/src/backend/libpq/crypt.c,v 1.75 2008/09/15 12:32:56 mha Exp $
+ * $PostgreSQL: pgsql/src/backend/libpq/crypt.c,v 1.76 2008/10/28 12:10:43 mha Exp $
*
*-------------------------------------------------------------------------
*/
@@ -53,14 +53,6 @@ md5_crypt_verify(const Port *port, const char *role, char *client_pass)
if (shadow_pass == NULL || *shadow_pass == '\0')
return STATUS_ERROR;
- /* We can't do crypt with MD5 passwords */
- if (isMD5(shadow_pass) && port->hba->auth_method == uaCrypt)
- {
- ereport(LOG,
- (errmsg("cannot use authentication method \"crypt\" because password is MD5-encrypted")));
- return STATUS_ERROR;
- }
-
/*
* Compare with the encrypted or plain password depending on the
* authentication method being used for this connection.
@@ -106,14 +98,6 @@ md5_crypt_verify(const Port *port, const char *role, char *client_pass)
pfree(crypt_pwd2);
}
break;
- case uaCrypt:
- {
- char salt[3];
-
- strlcpy(salt, port->cryptSalt, sizeof(salt));
- crypt_pwd = crypt(shadow_pass, salt);
- break;
- }
default:
if (isMD5(shadow_pass))
{
diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c
index fbeb185fc9f..d5e56bda453 100644
--- a/src/backend/libpq/hba.c
+++ b/src/backend/libpq/hba.c
@@ -10,7 +10,7 @@
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.171 2008/10/27 20:04:45 mha Exp $
+ * $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.172 2008/10/28 12:10:43 mha Exp $
*
*-------------------------------------------------------------------------
*/
@@ -847,8 +847,6 @@ parse_hba_line(List *line, int line_num, HbaLine *parsedline)
parsedline->auth_method = uaReject;
else if (strcmp(token, "md5") == 0)
parsedline->auth_method = uaMD5;
- else if (strcmp(token, "crypt") == 0)
- parsedline->auth_method = uaCrypt;
else if (strcmp(token, "pam") == 0)
#ifdef USE_PAM
parsedline->auth_method = uaPAM;