Fix PQencryptPasswordConn to work with older server versions.

password_encryption was a boolean before version 10, so cope with "on" and
"off".

Also, change the behavior with "plain", to treat it the same as "md5".
We're discussing removing the password_encryption='plain' option from the
server altogether, which will make this the only reasonable choice, but
even if we kept it, it seems best to never send the password in cleartext.

diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index 4f60b203fbc502750963078cf3660b7907425ecf..c2b7abc603e1ab0e305cd7f74dbc8473934679b6 100644 (file)
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -5902,7 +5902,9 @@ char *PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user,
       are the cleartext password, and the SQL name of the user it is for.
       <parameter>algorithm</> specifies the encryption algorithm
       to use to encrypt the password. Currently supported algorithms are
-      <literal>md5</>, <literal>scram-sha-256</> and <literal>plain</>.
+      <literal>md5</> and <literal>scram-sha-256</> (<literal>on</> and
+      <literal>off</> are also accepted as aliases for <literal>md5</>, for
+      compatibility with older server versions). Note that support for
       <literal>scram-sha-256</> was introduced in <productname>PostgreSQL</>
       version 10, and will not work correctly with older server versions. If
       <parameter>algorithm</> is <symbol>NULL</>, this function will query

diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
index daa7cc95858b8fefeb1258a85fd09e71e89aff39..54acd0f6bf8694be0827b45ae95a486fc0cc5b4a 100644 (file)
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -1168,7 +1168,7 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user,
                {
                        PQclear(res);
                        printfPQExpBuffer(&conn->errorMessage,
-                                                         libpq_gettext("password_encryption value too long\n"));
+                                         libpq_gettext("password_encryption value too long\n"));
                        return NULL;
                }
                strcpy(algobuf, val);
@@ -1177,8 +1177,19 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user,
                algorithm = algobuf;
        }
 
-       /* Ok, now we know what algorithm to use */
+       /*
+        * Also accept "on" and "off" as aliases for "md5", because
+        * password_encryption was a boolean before PostgreSQL 10.  We refuse to
+        * send the password in plaintext even if it was "off".
+        */
+       if (strcmp(algorithm, "on") == 0 ||
+               strcmp(algorithm, "off") == 0 ||
+               strcmp(algorithm, "plain") == 0)
+               algorithm = "md5";
 
+       /*
+        * Ok, now we know what algorithm to use
+        */
        if (strcmp(algorithm, "scram-sha-256") == 0)
        {
                crypt_pwd = pg_fe_scram_build_verifier(passwd);
@@ -1195,14 +1206,10 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user,
                        }
                }
        }
-       else if (strcmp(algorithm, "plain") == 0)
-       {
-               crypt_pwd = strdup(passwd);
-       }
        else
        {
                printfPQExpBuffer(&conn->errorMessage,
-                                                 libpq_gettext("unknown password encryption algorithm\n"));
+                                  libpq_gettext("unknown password encryption algorithm\n"));
                return NULL;
        }