Handle auth_type=password when the stored password is md5

This matches what a PostgreSQL server would do.

Author: @hashbrowncipher

fixes #129

diff --git a/src/client.c b/src/client.c
index 031e4e56e5e8ff54404b5ef8fd2c867c94f2479b..80cbcb6973a8cbd349b2fd60c7dd9800fb2b0e06 100644 (file)
--- a/src/client.c
+++ b/src/client.c
@@ -46,7 +46,11 @@ static bool check_client_passwd(PgSocket *client, const char *passwd)
 
        switch (auth_type) {
        case AUTH_PLAIN:
-               return strcmp(user->passwd, passwd) == 0;
+               if (isMD5(user->passwd)) {
+                       pg_md5_encrypt(passwd, user->name, strlen(user->name), md5);
+                       return strcmp(user->passwd, md5) == 0;
+               } else
+                       return strcmp(user->passwd, passwd) == 0;
        case AUTH_MD5:
                if (strlen(passwd) != MD5_PASSWD_LEN)
                        return false;

diff --git a/test/test.sh b/test/test.sh
index d39a4f7dd738addb2b16efb8e7a61191174b4270..d424dbf2791ec805bf46948c3034634066f4c5b1 100755 (executable)
--- a/test/test.sh
+++ b/test/test.sh
@@ -612,6 +612,13 @@ test_password_client() {
        # bad password
        PGPASSWORD=wrong psql -X -U puser2 -c "select 2" p1 && return 1
 
+       # test with users that have an md5 password stored
+
+       # good password
+       PGPASSWORD=foo psql -X -U muser1 -c "select 1" p1 || return 1
+       # bad password
+       PGPASSWORD=wrong psql -X -U muser2 -c "select 2" p1 && return 1
+
        admin "set auth_type='trust'"
 
        return 0