diff options
author | Magnus Hagander <magnus@hagander.net> | 2008-10-28 12:10:44 +0000 |
---|---|---|
committer | Magnus Hagander <magnus@hagander.net> | 2008-10-28 12:10:44 +0000 |
commit | 53a5026b5cb359ec31e81fa6b20a69b053b87569 (patch) | |
tree | f0c3debd1187d1ff69ae6cb4a2d6604d75cdda0d /src/backend/libpq | |
parent | ba4eb01554fa02268823234983200a71b3b77c1b (diff) | |
download | postgresql-53a5026b5cb359ec31e81fa6b20a69b053b87569.tar.gz postgresql-53a5026b5cb359ec31e81fa6b20a69b053b87569.zip |
Remove support for (insecure) crypt authentication.
This breaks compatibility with pre-7.2 versions.
Diffstat (limited to 'src/backend/libpq')
-rw-r--r-- | src/backend/libpq/auth.c | 10 | ||||
-rw-r--r-- | src/backend/libpq/crypt.c | 18 | ||||
-rw-r--r-- | src/backend/libpq/hba.c | 4 |
3 files changed, 3 insertions, 29 deletions
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 865d52fc56f..e89b040b67e 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.169 2008/10/23 13:31:10 mha Exp $ + * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.170 2008/10/28 12:10:43 mha Exp $ * *------------------------------------------------------------------------- */ @@ -230,7 +230,6 @@ auth_failed(Port *port, int status) errstr = gettext_noop("Ident authentication failed for user \"%s\""); break; case uaMD5: - case uaCrypt: case uaPassword: errstr = gettext_noop("password authentication failed for user \"%s\""); break; @@ -373,11 +372,6 @@ ClientAuthentication(Port *port) status = recv_and_check_password_packet(port); break; - case uaCrypt: - sendAuthRequest(port, AUTH_REQ_CRYPT); - status = recv_and_check_password_packet(port); - break; - case uaPassword: sendAuthRequest(port, AUTH_REQ_PASSWORD); status = recv_and_check_password_packet(port); @@ -426,8 +420,6 @@ sendAuthRequest(Port *port, AuthRequest areq) /* Add the salt for encrypted passwords. */ if (areq == AUTH_REQ_MD5) pq_sendbytes(&buf, port->md5Salt, 4); - else if (areq == AUTH_REQ_CRYPT) - pq_sendbytes(&buf, port->cryptSalt, 2); #if defined(ENABLE_GSS) || defined(ENABLE_SSPI) diff --git a/src/backend/libpq/crypt.c b/src/backend/libpq/crypt.c index ab237ad3b11..68e685dd786 100644 --- a/src/backend/libpq/crypt.c +++ b/src/backend/libpq/crypt.c @@ -9,7 +9,7 @@ * Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $PostgreSQL: pgsql/src/backend/libpq/crypt.c,v 1.75 2008/09/15 12:32:56 mha Exp $ + * $PostgreSQL: pgsql/src/backend/libpq/crypt.c,v 1.76 2008/10/28 12:10:43 mha Exp $ * *------------------------------------------------------------------------- */ @@ -53,14 +53,6 @@ md5_crypt_verify(const Port *port, const char *role, char *client_pass) if (shadow_pass == NULL || *shadow_pass == '\0') return STATUS_ERROR; - /* We can't do crypt with MD5 passwords */ - if (isMD5(shadow_pass) && port->hba->auth_method == uaCrypt) - { - ereport(LOG, - (errmsg("cannot use authentication method \"crypt\" because password is MD5-encrypted"))); - return STATUS_ERROR; - } - /* * Compare with the encrypted or plain password depending on the * authentication method being used for this connection. @@ -106,14 +98,6 @@ md5_crypt_verify(const Port *port, const char *role, char *client_pass) pfree(crypt_pwd2); } break; - case uaCrypt: - { - char salt[3]; - - strlcpy(salt, port->cryptSalt, sizeof(salt)); - crypt_pwd = crypt(shadow_pass, salt); - break; - } default: if (isMD5(shadow_pass)) { diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c index fbeb185fc9f..d5e56bda453 100644 --- a/src/backend/libpq/hba.c +++ b/src/backend/libpq/hba.c @@ -10,7 +10,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.171 2008/10/27 20:04:45 mha Exp $ + * $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.172 2008/10/28 12:10:43 mha Exp $ * *------------------------------------------------------------------------- */ @@ -847,8 +847,6 @@ parse_hba_line(List *line, int line_num, HbaLine *parsedline) parsedline->auth_method = uaReject; else if (strcmp(token, "md5") == 0) parsedline->auth_method = uaMD5; - else if (strcmp(token, "crypt") == 0) - parsedline->auth_method = uaCrypt; else if (strcmp(token, "pam") == 0) #ifdef USE_PAM parsedline->auth_method = uaPAM; |