This breaks compatibility with pre-7.2 versions.
-<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.109 2008/10/23 13:31:09 mha Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.110 2008/10/28 12:10:42 mha Exp $ -->
<chapter id="client-authentication">
<title>Client Authentication</title>
</listitem>
</varlistentry>
- <varlistentry>
- <term><literal>crypt</></term>
- <listitem>
- <note>
- <para>
- This option is recommended only for communicating with pre-7.2
- clients.
- </para>
- </note>
- <para>
- Require the client to supply a <function>crypt()</>-encrypted
- password for authentication.
- <literal>md5</literal> is now recommended over <literal>crypt</>.
- See <xref linkend="auth-password"> for details.
- </para>
- </listitem>
- </varlistentry>
-
<varlistentry>
<term><literal>password</></term>
<listitem>
<indexterm>
<primary>MD5</>
</indexterm>
- <indexterm>
- <primary>crypt</>
- </indexterm>
<indexterm>
<primary>password</primary>
<secondary>authentication</secondary>
<para>
The password-based authentication methods are <literal>md5</>,
- <literal>crypt</>, and <literal>password</>. These methods operate
+ and <literal>password</>. These methods operate
similarly except for the way that the password is sent across the
- connection: respectively, MD5-hashed, crypt-encrypted, and clear-text.
- A limitation is that the <literal>crypt</> method does not work with
- passwords that have been encrypted in <structname>pg_authid</structname>.
+ connection: respectively, MD5-hashed and clear-text.
</para>
<para>
If you are at all concerned about password
- <quote>sniffing</> attacks then <literal>md5</> is preferred, with
- <literal>crypt</> to be used only if you must support pre-7.2
- clients. Plain <literal>password</> should be avoided especially for
- connections over the open Internet (unless you use <acronym>SSL</acronym>,
- <acronym>SSH</>, or another
- communications security wrapper around the connection).
+ <quote>sniffing</> attacks then <literal>md5</> is preferred.
+ Plain <literal>password</> should always be avoided if possible.
</para>
<para>
-<!-- $PostgreSQL: pgsql/doc/src/sgml/protocol.sgml,v 1.73 2008/02/08 18:18:05 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/protocol.sgml,v 1.74 2008/10/28 12:10:42 mha Exp $ -->
<chapter id="protocol">
<title>Frontend/Backend Protocol</title>
</listitem>
</varlistentry>
- <varlistentry>
- <term>AuthenticationCryptPassword</term>
- <listitem>
- <para>
- The frontend must now send a PasswordMessage containing the
- password encrypted via crypt(3), using the 2-character salt
- specified in the AuthenticationCryptPassword message. If
- this is the correct password, the server responds with an
- AuthenticationOk, otherwise it responds with an ErrorResponse.
- </para>
- </listitem>
- </varlistentry>
-
<varlistentry>
<term>AuthenticationMD5Password</term>
<listitem>
</varlistentry>
-<varlistentry>
-<term>
-AuthenticationCryptPassword (B)
-</term>
-<listitem>
-<para>
-
-<variablelist>
-<varlistentry>
-<term>
- Byte1('R')
-</term>
-<listitem>
-<para>
- Identifies the message as an authentication request.
-</para>
-</listitem>
-</varlistentry>
-<varlistentry>
-<term>
- Int32(10)
-</term>
-<listitem>
-<para>
- Length of message contents in bytes, including self.
-</para>
-</listitem>
-</varlistentry>
-<varlistentry>
-<term>
- Int32(4)
-</term>
-<listitem>
-<para>
- Specifies that a crypt()-encrypted password is required.
-</para>
-</listitem>
-</varlistentry>
-<varlistentry>
-<term>
- Byte2
-</term>
-<listitem>
-<para>
- The salt to use when encrypting the password.
-</para>
-</listitem>
-</varlistentry>
-</variablelist>
-
-</para>
-</listitem>
-</varlistentry>
-
-
<varlistentry>
<term>
AuthenticationMD5Password (B)
-<!-- $PostgreSQL: pgsql/doc/src/sgml/user-manag.sgml,v 1.40 2008/09/08 00:47:40 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/user-manag.sgml,v 1.41 2008/10/28 12:10:42 mha Exp $ -->
<chapter id="user-manag">
<title>Database Roles and Privileges</title>
<para>
A password is only significant if the client authentication
method requires the user to supply a password when connecting
- to the database. The <option>password</>,
- <option>md5</>, and <option>crypt</> authentication methods
+ to the database. The <option>password</> and
+ <option>md5</> authentication methods
make use of passwords. Database passwords are separate from
operating system passwords. Specify a password upon role
creation with <literal>CREATE ROLE
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.169 2008/10/23 13:31:10 mha Exp $
+ * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.170 2008/10/28 12:10:43 mha Exp $
*
*-------------------------------------------------------------------------
*/
errstr = gettext_noop("Ident authentication failed for user \"%s\"");
break;
case uaMD5:
- case uaCrypt:
case uaPassword:
errstr = gettext_noop("password authentication failed for user \"%s\"");
break;
status = recv_and_check_password_packet(port);
break;
- case uaCrypt:
- sendAuthRequest(port, AUTH_REQ_CRYPT);
- status = recv_and_check_password_packet(port);
- break;
-
case uaPassword:
sendAuthRequest(port, AUTH_REQ_PASSWORD);
status = recv_and_check_password_packet(port);
/* Add the salt for encrypted passwords. */
if (areq == AUTH_REQ_MD5)
pq_sendbytes(&buf, port->md5Salt, 4);
- else if (areq == AUTH_REQ_CRYPT)
- pq_sendbytes(&buf, port->cryptSalt, 2);
#if defined(ENABLE_GSS) || defined(ENABLE_SSPI)
* Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $PostgreSQL: pgsql/src/backend/libpq/crypt.c,v 1.75 2008/09/15 12:32:56 mha Exp $
+ * $PostgreSQL: pgsql/src/backend/libpq/crypt.c,v 1.76 2008/10/28 12:10:43 mha Exp $
*
*-------------------------------------------------------------------------
*/
if (shadow_pass == NULL || *shadow_pass == '\0')
return STATUS_ERROR;
- /* We can't do crypt with MD5 passwords */
- if (isMD5(shadow_pass) && port->hba->auth_method == uaCrypt)
- {
- ereport(LOG,
- (errmsg("cannot use authentication method \"crypt\" because password is MD5-encrypted")));
- return STATUS_ERROR;
- }
-
/*
* Compare with the encrypted or plain password depending on the
* authentication method being used for this connection.
pfree(crypt_pwd2);
}
break;
- case uaCrypt:
- {
- char salt[3];
-
- strlcpy(salt, port->cryptSalt, sizeof(salt));
- crypt_pwd = crypt(shadow_pass, salt);
- break;
- }
default:
if (isMD5(shadow_pass))
{
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.171 2008/10/27 20:04:45 mha Exp $
+ * $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.172 2008/10/28 12:10:43 mha Exp $
*
*-------------------------------------------------------------------------
*/
parsedline->auth_method = uaReject;
else if (strcmp(token, "md5") == 0)
parsedline->auth_method = uaMD5;
- else if (strcmp(token, "crypt") == 0)
- parsedline->auth_method = uaCrypt;
else if (strcmp(token, "pam") == 0)
#ifdef USE_PAM
parsedline->auth_method = uaPAM;
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.565 2008/09/23 20:35:38 momjian Exp $
+ * $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.566 2008/10/28 12:10:43 mha Exp $
*
* NOTES
*
static void report_fork_failure_to_client(Port *port, int errnum);
static enum CAC_state canAcceptConnections(void);
static long PostmasterRandom(void);
-static void RandomSalt(char *cryptSalt, char *md5Salt);
+static void RandomSalt(char *md5Salt);
static void signal_child(pid_t pid, int signal);
static void SignalSomeChildren(int signal, bool only_autovac);
* fork, not after. Else the postmaster's random sequence won't get
* advanced, and all backends would end up using the same salt...
*/
- RandomSalt(port->cryptSalt, port->md5Salt);
+ RandomSalt(port->md5Salt);
}
/*
{
}
-
-/*
- * CharRemap: given an int in range 0..61, produce textual encoding of it
- * per crypt(3) conventions.
- */
-static char
-CharRemap(long ch)
-{
- if (ch < 0)
- ch = -ch;
- ch = ch % 62;
-
- if (ch < 26)
- return 'A' + ch;
-
- ch -= 26;
- if (ch < 26)
- return 'a' + ch;
-
- ch -= 26;
- return '0' + ch;
-}
-
/*
* RandomSalt
*/
static void
-RandomSalt(char *cryptSalt, char *md5Salt)
+RandomSalt(char *md5Salt)
{
- long rand = PostmasterRandom();
-
- cryptSalt[0] = CharRemap(rand % 62);
- cryptSalt[1] = CharRemap(rand / 62);
+ long rand;
/*
- * It's okay to reuse the first random value for one of the MD5 salt
- * bytes, since only one of the two salts will be sent to the client.
- * After that we need to compute more random bits.
- *
* We use % 255, sacrificing one possible byte value, so as to ensure that
* all bits of the random() value participate in the result. While at it,
* add one to avoid generating any null bytes.
*/
+ rand = PostmasterRandom();
md5Salt[0] = (rand % 255) + 1;
rand = PostmasterRandom();
md5Salt[1] = (rand % 255) + 1;
* Interface to hba.c
*
*
- * $PostgreSQL: pgsql/src/include/libpq/hba.h,v 1.50 2008/10/23 13:31:10 mha Exp $
+ * $PostgreSQL: pgsql/src/include/libpq/hba.h,v 1.51 2008/10/28 12:10:44 mha Exp $
*
*-------------------------------------------------------------------------
*/
uaTrust,
uaIdent,
uaPassword,
- uaCrypt,
uaMD5,
uaGSS,
uaSSPI,
* Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $PostgreSQL: pgsql/src/include/libpq/libpq-be.h,v 1.67 2008/09/15 12:32:57 mha Exp $
+ * $PostgreSQL: pgsql/src/include/libpq/libpq-be.h,v 1.68 2008/10/28 12:10:44 mha Exp $
*
*-------------------------------------------------------------------------
*/
*/
HbaLine *hba;
char md5Salt[4]; /* Password salt */
- char cryptSalt[2]; /* Password salt */
/*
* Information that really has no business at all being in struct Port,
* Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $PostgreSQL: pgsql/src/include/libpq/pqcomm.h,v 1.108 2008/01/01 19:45:58 momjian Exp $
+ * $PostgreSQL: pgsql/src/include/libpq/pqcomm.h,v 1.109 2008/10/28 12:10:44 mha Exp $
*
*-------------------------------------------------------------------------
*/
#define AUTH_REQ_KRB4 1 /* Kerberos V4. Not supported any more. */
#define AUTH_REQ_KRB5 2 /* Kerberos V5 */
#define AUTH_REQ_PASSWORD 3 /* Password */
-#define AUTH_REQ_CRYPT 4 /* crypt password */
+#define AUTH_REQ_CRYPT 4 /* crypt password. Not supported any more. */
#define AUTH_REQ_MD5 5 /* md5 password */
#define AUTH_REQ_SCM_CREDS 6 /* transfer SCM credentials */
#define AUTH_REQ_GSS 7 /* GSSAPI without wrap() */
* Portions Copyright (c) 1994, Regents of the University of California
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.137 2008/01/31 18:58:30 tgl Exp $
+ * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.138 2008/10/28 12:10:44 mha Exp $
*
*-------------------------------------------------------------------------
*/
#include <pwd.h>
#endif
-#ifdef HAVE_CRYPT_H
-#include <crypt.h>
-#endif
-
#include "libpq-fe.h"
#include "fe-auth.h"
#include "libpq/md5.h"
}
break;
}
- case AUTH_REQ_CRYPT:
- {
- char salt[3];
-
- strlcpy(salt, conn->cryptSalt, sizeof(salt));
- crypt_pwd = crypt(password, salt);
- break;
- }
case AUTH_REQ_PASSWORD:
/* discard const so we can assign it */
crypt_pwd = (char *) password;
#endif
- case AUTH_REQ_MD5:
case AUTH_REQ_CRYPT:
+ printfPQExpBuffer(&conn->errorMessage,
+ libpq_gettext("Crypt authentication not supported\n"));
+ return STATUS_ERROR;
+
+ case AUTH_REQ_MD5:
case AUTH_REQ_PASSWORD:
conn->password_needed = true;
if (conn->pgpass == NULL || conn->pgpass[0] == '\0')
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.364 2008/10/27 09:42:31 mha Exp $
+ * $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.365 2008/10/28 12:10:44 mha Exp $
*
*-------------------------------------------------------------------------
*/
return PGRES_POLLING_READING;
}
}
- if (areq == AUTH_REQ_CRYPT)
- {
- if (pqGetnchar(conn->cryptSalt,
- sizeof(conn->cryptSalt), conn))
- {
- /* We'll come back when there are more data */
- return PGRES_POLLING_READING;
- }
- }
#if defined(ENABLE_GSS) || defined(ENABLE_SSPI)
/*
* Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.135 2008/10/27 09:42:31 mha Exp $
+ * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.136 2008/10/28 12:10:44 mha Exp $
*
*-------------------------------------------------------------------------
*/
int be_pid; /* PID of backend --- needed for cancels */
int be_key; /* key of backend --- needed for cancels */
char md5Salt[4]; /* password salt received from backend */
- char cryptSalt[2]; /* password salt received from backend */
pgParameterStatus *pstatus; /* ParameterStatus data */
int client_encoding; /* encoding id */
bool std_strings; /* standard_conforming_strings */