Postgres Pro
Downloads
Home   >   mailing lists

Re: Re: Proposal for encrypting pg_shadow passwords - Mailing list pgsql-patches

From Bruce Momjian
Subject Re: Re: Proposal for encrypting pg_shadow passwords
Date
Msg-id 200108160426.f7G4Q2I23415@candle.pha.pa.us
Whole thread Raw
In response to Re: Re: Proposal for encrypting pg_shadow passwords  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: Re: Proposal for encrypting pg_shadow passwords
List pgsql-patches
Tree view 
> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> >> BTW, a protocol version bump for this is a horrid idea.  That will
> >> create lots of compatibility problems for people, whether they use
> >> the new auth mode or not.
>
> > I thought protocol bumps were the way to handle such things.  The SCM
> > patch does it as well.  How should I tell if I am talking to a >=7.2
> > client?
>
> You send it the new auth request code and see if it copes or not.
> There's no need to bump the overall protocol version, and every reason
> *not* to.

OK, patch attached.  Pretty nifty. Try MD5 first, and if it fails, try
crypt.  I tested by corrupting the MD5 on the client side, and the
crypt() fallback worked, but only if pg_shadow was plaintext.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026
Index: src/backend/libpq/auth.c
===================================================================
RCS file: /home/projects/pgsql/cvsroot/pgsql/src/backend/libpq/auth.c,v
retrieving revision 1.57
diff -c -r1.57 auth.c
*** src/backend/libpq/auth.c    2001/08/15 18:42:14    1.57
--- src/backend/libpq/auth.c    2001/08/16 04:22:50
***************
*** 501,513 ****
              status = recv_and_check_password_packet(port);
              break;

-         case uaCrypt:
-             sendAuthRequest(port, AUTH_REQ_CRYPT);
-             status = recv_and_check_password_packet(port);
-             break;
-
          case uaMD5:
              sendAuthRequest(port, AUTH_REQ_MD5);
              status = recv_and_check_password_packet(port);
              break;

--- 501,516 ----
              status = recv_and_check_password_packet(port);
              break;

          case uaMD5:
              sendAuthRequest(port, AUTH_REQ_MD5);
+             if ((status = recv_and_check_password_packet(port)) == STATUS_OK)
+                 break;
+             port->auth_method = uaCrypt;
+             /* Try crypt() for old client */
+             /* FALL THROUGH */
+
+         case uaCrypt:
+             sendAuthRequest(port, AUTH_REQ_CRYPT);
              status = recv_and_check_password_packet(port);
              break;

Index: src/backend/libpq/hba.c
===================================================================
RCS file: /home/projects/pgsql/cvsroot/pgsql/src/backend/libpq/hba.c,v
retrieving revision 1.62
diff -c -r1.62 hba.c
*** src/backend/libpq/hba.c    2001/08/15 18:42:15    1.62
--- src/backend/libpq/hba.c    2001/08/16 04:22:51
***************
*** 227,241 ****
          else if (strcmp(token, "reject") == 0)
              *userauth_p = uaReject;
          else if (strcmp(token, "crypt") == 0)
!         {
!             /* if the client supports it, use MD5 */
!             if (PG_PROTOCOL_MAJOR(proto) > 2 ||
!                 (PG_PROTOCOL_MAJOR(proto) == 2 &&
!                  PG_PROTOCOL_MINOR(proto) >= 1))
!                 *userauth_p = uaMD5;
!             else
!                 *userauth_p = uaCrypt;
!         }
          else
              *error_p = true;
          line = lnext(line);
--- 227,234 ----
          else if (strcmp(token, "reject") == 0)
              *userauth_p = uaReject;
          else if (strcmp(token, "crypt") == 0)
!             /* Try MD5 first; on failure, switch to crypt() */
!             *userauth_p = uaMD5;
          else
              *error_p = true;
          line = lnext(line);
Index: src/include/libpq/pqcomm.h
===================================================================
RCS file: /home/projects/pgsql/cvsroot/pgsql/src/include/libpq/pqcomm.h,v
retrieving revision 1.56
diff -c -r1.56 pqcomm.h
*** src/include/libpq/pqcomm.h    2001/08/15 18:42:15    1.56
--- src/include/libpq/pqcomm.h    2001/08/16 04:23:00
***************
*** 90,96 ****
  /* The earliest and latest frontend/backend protocol version supported. */

  #define PG_PROTOCOL_EARLIEST    PG_PROTOCOL(0,0)
! #define PG_PROTOCOL_LATEST    PG_PROTOCOL(2,1)

  /*
   * All packets sent to the postmaster start with the length.  This is omitted
--- 90,96 ----
  /* The earliest and latest frontend/backend protocol version supported. */

  #define PG_PROTOCOL_EARLIEST    PG_PROTOCOL(0,0)
! #define PG_PROTOCOL_LATEST    PG_PROTOCOL(2,0)

  /*
   * All packets sent to the postmaster start with the length.  This is omitted
Index: src/interfaces/libpq/libpq-int.h
===================================================================
RCS file: /home/projects/pgsql/cvsroot/pgsql/src/interfaces/libpq/libpq-int.h,v
retrieving revision 1.37
diff -c -r1.37 libpq-int.h
*** src/interfaces/libpq/libpq-int.h    2001/08/15 18:42:16    1.37
--- src/interfaces/libpq/libpq-int.h    2001/08/16 04:23:01
***************
*** 45,51 ****
   * pqcomm.h describe what the backend knows, not what libpq knows.
   */

! #define PG_PROTOCOL_LIBPQ    PG_PROTOCOL(2,1)

  /*
   * POSTGRES backend dependent Constants.
--- 45,51 ----
   * pqcomm.h describe what the backend knows, not what libpq knows.
   */

! #define PG_PROTOCOL_LIBPQ    PG_PROTOCOL(2,0)

  /*
   * POSTGRES backend dependent Constants.

pgsql-patches by date:

Previous
From: Tom Lane
Date:
Subject: Re: patch for 60 seconds bug
Next
From: Barry Lind
Date:
Subject: Re: JDBC Array Support, Take III