Add 4-byte MD5 salt.

author: Bruce Momjian <bruce@momjian.us> 2001-08-17 02:59:20 +0000
committer: Bruce Momjian <bruce@momjian.us> 2001-08-17 02:59:20 +0000
commit: da45a0bdb7580b7b9cec62f6999605083dcec162 (patch)
tree: fd40d31c441933caf2051c68886be65ac60f0e38 /src/backend
parent: a61e15a5664536896f9d3a7454962d91a13d83bd (diff)
download: postgresql-da45a0bdb7580b7b9cec62f6999605083dcec162.tar.gz
postgresql-da45a0bdb7580b7b9cec62f6999605083dcec162.zip
5 files changed, 57 insertions, 27 deletions
diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
index 3b730a3a0d8..d830dfdfc90 100644
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -6,7 +6,7 @@
  * Portions Copyright (c) 1996-2001, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.81 2001/08/15 21:08:20 momjian Exp $
+ * $Header: /cvsroot/pgsql/src/backend/commands/user.c,v 1.82 2001/08/17 02:59:19 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -351,7 +351,8 @@ CreateUser(CreateUserStmt *stmt)
 				DirectFunctionCall1(textin, CStringGetDatum(password));
 		else
 		{
-			if (!EncryptMD5(password, stmt->user, encrypted_password))
+			if (!EncryptMD5(password, stmt->user, strlen(stmt->user),
+				encrypted_password))
 				elog(ERROR, "CREATE USER: password encryption failed");
 			new_record[Anum_pg_shadow_passwd - 1] =
 				DirectFunctionCall1(textin, CStringGetDatum(encrypted_password));
@@ -583,7 +584,8 @@ AlterUser(AlterUserStmt *stmt)
 				DirectFunctionCall1(textin, CStringGetDatum(password));
 		else
 		{
-			if (!EncryptMD5(password, stmt->user, encrypted_password))
+			if (!EncryptMD5(password, stmt->user, strlen(stmt->user),
+				encrypted_password))
 				elog(ERROR, "CREATE USER: password encryption failed");
 			new_record[Anum_pg_shadow_passwd - 1] =
 				DirectFunctionCall1(textin, CStringGetDatum(encrypted_password));
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index c139f93f715..048f67c3013 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.59 2001/08/16 16:24:15 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.60 2001/08/17 02:59:19 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -536,10 +536,17 @@ sendAuthRequest(Port *port, AuthRequest areq)
 	pq_sendint(&buf, (int32) areq, sizeof(int32));
 
 	/* Add the salt for encrypted passwords. */
-	if (areq == AUTH_REQ_CRYPT || areq == AUTH_REQ_MD5)
+	if (areq == AUTH_REQ_MD5)
 	{
-		pq_sendint(&buf, port->salt[0], 1);
-		pq_sendint(&buf, port->salt[1], 1);
+		pq_sendint(&buf, port->md5Salt[0], 1);
+		pq_sendint(&buf, port->md5Salt[1], 1);
+		pq_sendint(&buf, port->md5Salt[2], 1);
+		pq_sendint(&buf, port->md5Salt[3], 1);
+	}
+	if (areq == AUTH_REQ_CRYPT)
+	{
+		pq_sendint(&buf, port->cryptSalt[0], 1);
+		pq_sendint(&buf, port->cryptSalt[1], 1);
 	}
 
 	pq_endmessage(&buf);
diff --git a/src/backend/libpq/crypt.c b/src/backend/libpq/crypt.c
index a08c4f6baae..f82e44ccb25 100644
--- a/src/backend/libpq/crypt.c
+++ b/src/backend/libpq/crypt.c
@@ -9,7 +9,7 @@
  * Dec 17, 1997 - Todd A. Brandys
  *	Orignal Version Completed.
  *
- * $Id: crypt.c,v 1.34 2001/08/15 21:08:21 momjian Exp $
+ * $Id: crypt.c,v 1.35 2001/08/17 02:59:19 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -19,6 +19,7 @@
 
 #include "postgres.h"
 #include "libpq/crypt.h"
+#include "libpq/libpq.h"
 #include "miscadmin.h"
 #include "storage/fd.h"
 #include "utils/nabstime.h"
@@ -276,22 +277,33 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass)
 		return STATUS_ERROR;
 	}
 
+	/* If they encrypt their password, force MD5 */
+	if (isMD5(passwd) && port->auth_method != uaMD5)
+	{
+		snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+		 	"Password is stored MD5 encrypted.  "
+			"Only pg_hba.conf's MD5 protocol can be used for this user.\n");
+		fputs(PQerrormsg, stderr);
+		pqdebug("%s", PQerrormsg);
+		return STATUS_ERROR;
+	}
+
 	/*
 	 * Compare with the encrypted or plain password depending on the
 	 * authentication method being used for this connection.
 	 */
-	 switch (port->auth_method)
-	 {
+	switch (port->auth_method)
+	{
 		case uaCrypt:
-			crypt_pwd = crypt(passwd, port->salt);
+			crypt_pwd = crypt(passwd, port->cryptSalt);
 			break;
 		case uaMD5:
 			crypt_pwd = palloc(MD5_PASSWD_LEN+1);
-
 			if (isMD5(passwd))
 			{
 				if (!EncryptMD5(passwd + strlen("md5"),
-								(char *)port->salt, crypt_pwd))
+								(char *)port->md5Salt,
+								sizeof(port->md5Salt), crypt_pwd))
 				{
 					pfree(crypt_pwd);
 					return STATUS_ERROR;
@@ -301,14 +313,15 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass)
 			{
 				char *crypt_pwd2 = palloc(MD5_PASSWD_LEN+1);
 
-				if (!EncryptMD5(passwd, port->user, crypt_pwd2))
+				if (!EncryptMD5(passwd, port->user, strlen(port->user),
+								crypt_pwd2))
 				{
 					pfree(crypt_pwd);
 					pfree(crypt_pwd2);
 					return STATUS_ERROR;
 				}
-				if (!EncryptMD5(crypt_pwd2 + strlen("md5"), port->salt,
-								crypt_pwd))
+				if (!EncryptMD5(crypt_pwd2 + strlen("md5"), port->md5Salt,
+								sizeof(port->md5Salt), crypt_pwd))
 				{
 					pfree(crypt_pwd);
 					pfree(crypt_pwd2);
@@ -324,7 +337,6 @@ md5_crypt_verify(const Port *port, const char *user, const char *pgpass)
 
 	if (!strcmp(pgpass, crypt_pwd))
 	{
-
 		/*
 		 * check here to be sure we are not past valuntil
 		 */
diff --git a/src/backend/libpq/md5.c b/src/backend/libpq/md5.c
index 846202a7b17..76d54d50b0d 100644
--- a/src/backend/libpq/md5.c
+++ b/src/backend/libpq/md5.c
@@ -295,16 +295,18 @@ md5_hash(const void *buff, size_t len, char *hexsum)
  * puts  md5(username+passwd)  in buf provided buflen is at least 36 bytes
  * returns 1 on success, 0 on any kind of failure and sets errno accordingly
  */
-bool EncryptMD5(const char *passwd, const char *salt, char *buf)
+bool EncryptMD5(const char *passwd, const char *salt, size_t salt_len,
+				char *buf)
 {
 	char crypt_buf[128];
 
-	if (strlen(salt) + strlen(passwd) > 127)
+	if (salt_len + strlen(passwd) > 127)
 		return false;
 
 	strcpy(buf, "md5");
 	memset(crypt_buf, 0, 128);
-	sprintf(crypt_buf,"%s%s", salt, passwd);
+	memcpy(crypt_buf, salt, salt_len);
+	memcpy(crypt_buf+salt_len, passwd, strlen(passwd));
 
-	return md5_hash(crypt_buf, strlen(crypt_buf), buf + 3);
+	return md5_hash(crypt_buf, salt_len + strlen(passwd), buf + 3);
 }
diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c
index c3036630bc5..1a6ebec5daf 100644
--- a/src/backend/postmaster/postmaster.c
+++ b/src/backend/postmaster/postmaster.c
@@ -37,7 +37,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.235 2001/08/05 02:06:50 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v 1.236 2001/08/17 02:59:19 momjian Exp $
  *
  * NOTES
  *
@@ -243,7 +243,7 @@ static void	processCancelRequest(Port *port, void *pkt);
 static int	initMasks(fd_set *rmask, fd_set *wmask);
 static char *canAcceptConnections(void);
 static long PostmasterRandom(void);
-static void RandomSalt(char *salt);
+static void RandomSalt(char *cryptSalt, char *md5Salt);
 static void SignalChildren(int signal);
 static int	CountChildren(void);
 static bool CreateOptsFile(int argc, char *argv[]);
@@ -1211,7 +1211,7 @@ ConnCreate(int serverFd)
 	}
 	else
 	{
-		RandomSalt(port->salt);
+		RandomSalt(port->cryptSalt, port->md5Salt);
 		port->pktInfo.state = Idle;
 	}
 
@@ -2099,12 +2099,19 @@ CharRemap(long int ch)
  * RandomSalt
  */
 static void
-RandomSalt(char *salt)
+RandomSalt(char *cryptSalt, char *md5Salt)
 {
 	long		rand = PostmasterRandom();
 
-	*salt = CharRemap(rand % 62);
-	*(salt + 1) = CharRemap(rand / 62);
+	cryptSalt[0] = CharRemap(rand % 62);
+	cryptSalt[1] = CharRemap(rand / 62);
+	/* Grab top 16-bits of two random runs so as not to send full
+	   random value over the network.  The high-order bits are more random. */
+	md5Salt[0] = rand & 0xff000000;
+	md5Salt[1] = rand & 0x00ff0000;
+	rand = PostmasterRandom();
+	md5Salt[2] = rand & 0xff000000;
+	md5Salt[3] = rand & 0x00ff0000;
 }
 
 /*
author	Bruce Momjian <bruce@momjian.us>	2001-08-17 02:59:20 +0000
committer	Bruce Momjian <bruce@momjian.us>	2001-08-17 02:59:20 +0000
commit	da45a0bdb7580b7b9cec62f6999605083dcec162 (patch)
tree	fd40d31c441933caf2051c68886be65ac60f0e38 /src/backend
parent	a61e15a5664536896f9d3a7454962d91a13d83bd (diff)
download	postgresql-da45a0bdb7580b7b9cec62f6999605083dcec162.tar.gz postgresql-da45a0bdb7580b7b9cec62f6999605083dcec162.zip