]> granicus.if.org Git - postgresql/commitdiff
Remove support for (insecure) crypt authentication.
authorMagnus Hagander <magnus@hagander.net>
Tue, 28 Oct 2008 12:10:44 +0000 (12:10 +0000)
committerMagnus Hagander <magnus@hagander.net>
Tue, 28 Oct 2008 12:10:44 +0000 (12:10 +0000)
This breaks compatibility with pre-7.2 versions.

13 files changed:
doc/src/sgml/client-auth.sgml
doc/src/sgml/protocol.sgml
doc/src/sgml/user-manag.sgml
src/backend/libpq/auth.c
src/backend/libpq/crypt.c
src/backend/libpq/hba.c
src/backend/postmaster/postmaster.c
src/include/libpq/hba.h
src/include/libpq/libpq-be.h
src/include/libpq/pqcomm.h
src/interfaces/libpq/fe-auth.c
src/interfaces/libpq/fe-connect.c
src/interfaces/libpq/libpq-int.h

index 5a308eb89589eb4b1c5f7bd5bf5dcbd3a0aafcf9..93482be6eab48c000b83511bb4b47d5ef00ace30 100644 (file)
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.109 2008/10/23 13:31:09 mha Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.110 2008/10/28 12:10:42 mha Exp $ -->
 
 <chapter id="client-authentication">
  <title>Client Authentication</title>
@@ -315,24 +315,6 @@ hostnossl  <replaceable>database</replaceable>  <replaceable>user</replaceable>
         </listitem>
        </varlistentry>
 
-       <varlistentry>
-        <term><literal>crypt</></term>
-        <listitem>
-         <note>
-         <para>
-          This option is recommended only for communicating with pre-7.2
-          clients.
-         </para>
-         </note>
-         <para>
-          Require the client to supply a <function>crypt()</>-encrypted
-          password for authentication.
-          <literal>md5</literal> is now recommended over <literal>crypt</>.
-          See <xref linkend="auth-password"> for details.
-         </para>
-        </listitem>
-       </varlistentry>
-
        <varlistentry>
         <term><literal>password</></term>
         <listitem>
@@ -704,9 +686,6 @@ omicron       bryanh            guest1
    <indexterm>
     <primary>MD5</>
    </indexterm>
-   <indexterm>
-    <primary>crypt</>
-   </indexterm>
    <indexterm>
     <primary>password</primary>
     <secondary>authentication</secondary>
@@ -714,21 +693,15 @@ omicron       bryanh            guest1
 
    <para>
     The password-based authentication methods are <literal>md5</>,
-    <literal>crypt</>, and <literal>password</>. These methods operate
+    and <literal>password</>. These methods operate
     similarly except for the way that the password is sent across the
-    connection: respectively, MD5-hashed, crypt-encrypted, and clear-text.
-    A limitation is that the <literal>crypt</> method does not work with
-    passwords that have been encrypted in <structname>pg_authid</structname>.
+    connection: respectively, MD5-hashed and clear-text.
    </para>
 
    <para>
     If you are at all concerned about password
-    <quote>sniffing</> attacks then <literal>md5</> is preferred, with
-    <literal>crypt</> to be used only if you must support pre-7.2
-    clients. Plain <literal>password</> should be avoided especially for
-    connections over the open Internet (unless you use <acronym>SSL</acronym>,
-    <acronym>SSH</>, or another
-    communications security wrapper around the connection).
+    <quote>sniffing</> attacks then <literal>md5</> is preferred.
+    Plain <literal>password</> should always be avoided if possible.
    </para>
 
    <para>
index 0797812c000fc3294b51da89ef353ac8add43c11..c9a0c7abde79dc0eff1a31a741fecf5dfd256305 100644 (file)
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/protocol.sgml,v 1.73 2008/02/08 18:18:05 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/protocol.sgml,v 1.74 2008/10/28 12:10:42 mha Exp $ -->
 
 <chapter id="protocol">
  <title>Frontend/Backend Protocol</title>
       </listitem>
      </varlistentry>
 
-     <varlistentry>
-      <term>AuthenticationCryptPassword</term>
-      <listitem>
-       <para>
-        The frontend must now send a PasswordMessage containing the
-        password encrypted via crypt(3), using the 2-character salt
-        specified in the AuthenticationCryptPassword message.  If
-        this is the correct password, the server responds with an
-        AuthenticationOk, otherwise it responds with an ErrorResponse.
-       </para>
-      </listitem>
-     </varlistentry>
-
      <varlistentry>
       <term>AuthenticationMD5Password</term>
       <listitem>
@@ -1531,61 +1518,6 @@ AuthenticationCleartextPassword (B)
 </varlistentry>
 
 
-<varlistentry>
-<term>
-AuthenticationCryptPassword (B)
-</term>
-<listitem>
-<para>
-
-<variablelist>
-<varlistentry>
-<term>
-        Byte1('R')
-</term>
-<listitem>
-<para>
-                Identifies the message as an authentication request.
-</para>
-</listitem>
-</varlistentry>
-<varlistentry>
-<term>
-        Int32(10)
-</term>
-<listitem>
-<para>
-                Length of message contents in bytes, including self.
-</para>
-</listitem>
-</varlistentry>
-<varlistentry>
-<term>
-        Int32(4)
-</term>
-<listitem>
-<para>
-                Specifies that a crypt()-encrypted password is required.
-</para>
-</listitem>
-</varlistentry>
-<varlistentry>
-<term>
-        Byte2
-</term>
-<listitem>
-<para>
-                The salt to use when encrypting the password.
-</para>
-</listitem>
-</varlistentry>
-</variablelist>
-
-</para>
-</listitem>
-</varlistentry>
-
-
 <varlistentry>
 <term>
 AuthenticationMD5Password (B)
index d4d9fcc51501e6de448eb1f09a51a7f25707a4e6..7023c2c724a77a8e2c057071f78793af1027dcd8 100644 (file)
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/user-manag.sgml,v 1.40 2008/09/08 00:47:40 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/user-manag.sgml,v 1.41 2008/10/28 12:10:42 mha Exp $ -->
 
 <chapter id="user-manag">
  <title>Database Roles and Privileges</title>
@@ -215,8 +215,8 @@ CREATE USER <replaceable>name</replaceable>;
        <para>
         A password is only significant if the client authentication
         method requires the user to supply a password when connecting
-        to the database. The <option>password</>,
-        <option>md5</>, and <option>crypt</> authentication methods
+        to the database. The <option>password</> and
+        <option>md5</> authentication methods
         make use of passwords. Database passwords are separate from
         operating system passwords. Specify a password upon role
         creation with <literal>CREATE ROLE
index 865d52fc56ff7e5e91140817ed9ebb5a8b90f177..e89b040b67e9bf438fe15a767af0131d65cc7e34 100644 (file)
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.169 2008/10/23 13:31:10 mha Exp $
+ *       $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.170 2008/10/28 12:10:43 mha Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -230,7 +230,6 @@ auth_failed(Port *port, int status)
                        errstr = gettext_noop("Ident authentication failed for user \"%s\"");
                        break;
                case uaMD5:
-               case uaCrypt:
                case uaPassword:
                        errstr = gettext_noop("password authentication failed for user \"%s\"");
                        break;
@@ -373,11 +372,6 @@ ClientAuthentication(Port *port)
                        status = recv_and_check_password_packet(port);
                        break;
 
-               case uaCrypt:
-                       sendAuthRequest(port, AUTH_REQ_CRYPT);
-                       status = recv_and_check_password_packet(port);
-                       break;
-
                case uaPassword:
                        sendAuthRequest(port, AUTH_REQ_PASSWORD);
                        status = recv_and_check_password_packet(port);
@@ -426,8 +420,6 @@ sendAuthRequest(Port *port, AuthRequest areq)
        /* Add the salt for encrypted passwords. */
        if (areq == AUTH_REQ_MD5)
                pq_sendbytes(&buf, port->md5Salt, 4);
-       else if (areq == AUTH_REQ_CRYPT)
-               pq_sendbytes(&buf, port->cryptSalt, 2);
 
 #if defined(ENABLE_GSS) || defined(ENABLE_SSPI)
 
index ab237ad3b116519edb2b9e8ebb9bb6a75613c274..68e685dd7866c4980e6fd86b4a277aad583b2466 100644 (file)
@@ -9,7 +9,7 @@
  * Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/backend/libpq/crypt.c,v 1.75 2008/09/15 12:32:56 mha Exp $
+ * $PostgreSQL: pgsql/src/backend/libpq/crypt.c,v 1.76 2008/10/28 12:10:43 mha Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -53,14 +53,6 @@ md5_crypt_verify(const Port *port, const char *role, char *client_pass)
        if (shadow_pass == NULL || *shadow_pass == '\0')
                return STATUS_ERROR;
 
-       /* We can't do crypt with MD5 passwords */
-       if (isMD5(shadow_pass) && port->hba->auth_method == uaCrypt)
-       {
-               ereport(LOG,
-                               (errmsg("cannot use authentication method \"crypt\" because password is MD5-encrypted")));
-               return STATUS_ERROR;
-       }
-
        /*
         * Compare with the encrypted or plain password depending on the
         * authentication method being used for this connection.
@@ -106,14 +98,6 @@ md5_crypt_verify(const Port *port, const char *role, char *client_pass)
                                pfree(crypt_pwd2);
                        }
                        break;
-               case uaCrypt:
-                       {
-                               char            salt[3];
-
-                               strlcpy(salt, port->cryptSalt, sizeof(salt));
-                               crypt_pwd = crypt(shadow_pass, salt);
-                               break;
-                       }
                default:
                        if (isMD5(shadow_pass))
                        {
index fbeb185fc9f21427e17daf3492f4b079949e3068..d5e56bda453796edbd3b86d753ef82e2bbba40ed 100644 (file)
@@ -10,7 +10,7 @@
  *
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.171 2008/10/27 20:04:45 mha Exp $
+ *       $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.172 2008/10/28 12:10:43 mha Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -847,8 +847,6 @@ parse_hba_line(List *line, int line_num, HbaLine *parsedline)
                parsedline->auth_method = uaReject;
        else if (strcmp(token, "md5") == 0)
                parsedline->auth_method = uaMD5;
-       else if (strcmp(token, "crypt") == 0)
-               parsedline->auth_method = uaCrypt;
        else if (strcmp(token, "pam") == 0)
 #ifdef USE_PAM
                parsedline->auth_method = uaPAM;
index 4de816734604d3ad811f86b4eb7eea11ae266c8e..c955e1e4fac5ef5e878877dc5a6d23c58ffca183 100644 (file)
@@ -37,7 +37,7 @@
  *
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.565 2008/09/23 20:35:38 momjian Exp $
+ *       $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.566 2008/10/28 12:10:43 mha Exp $
  *
  * NOTES
  *
@@ -323,7 +323,7 @@ static int  initMasks(fd_set *rmask);
 static void report_fork_failure_to_client(Port *port, int errnum);
 static enum CAC_state canAcceptConnections(void);
 static long PostmasterRandom(void);
-static void RandomSalt(char *cryptSalt, char *md5Salt);
+static void RandomSalt(char *md5Salt);
 static void signal_child(pid_t pid, int signal);
 static void SignalSomeChildren(int signal, bool only_autovac);
 
@@ -1808,7 +1808,7 @@ ConnCreate(int serverFd)
                 * fork, not after.  Else the postmaster's random sequence won't get
                 * advanced, and all backends would end up using the same salt...
                 */
-               RandomSalt(port->cryptSalt, port->md5Salt);
+               RandomSalt(port->md5Salt);
        }
 
        /*
@@ -3910,49 +3910,20 @@ dummy_handler(SIGNAL_ARGS)
 {
 }
 
-
-/*
- * CharRemap: given an int in range 0..61, produce textual encoding of it
- * per crypt(3) conventions.
- */
-static char
-CharRemap(long ch)
-{
-       if (ch < 0)
-               ch = -ch;
-       ch = ch % 62;
-
-       if (ch < 26)
-               return 'A' + ch;
-
-       ch -= 26;
-       if (ch < 26)
-               return 'a' + ch;
-
-       ch -= 26;
-       return '0' + ch;
-}
-
 /*
  * RandomSalt
  */
 static void
-RandomSalt(char *cryptSalt, char *md5Salt)
+RandomSalt(char *md5Salt)
 {
-       long            rand = PostmasterRandom();
-
-       cryptSalt[0] = CharRemap(rand % 62);
-       cryptSalt[1] = CharRemap(rand / 62);
+       long            rand;
 
        /*
-        * It's okay to reuse the first random value for one of the MD5 salt
-        * bytes, since only one of the two salts will be sent to the client.
-        * After that we need to compute more random bits.
-        *
         * We use % 255, sacrificing one possible byte value, so as to ensure that
         * all bits of the random() value participate in the result. While at it,
         * add one to avoid generating any null bytes.
         */
+       rand = PostmasterRandom();
        md5Salt[0] = (rand % 255) + 1;
        rand = PostmasterRandom();
        md5Salt[1] = (rand % 255) + 1;
index 54ecc560d81027db58997400fdb93e6e4fa9228d..79b5a51c6d02bed454c8230faa8deaa8cee8c31d 100644 (file)
@@ -4,7 +4,7 @@
  *       Interface to hba.c
  *
  *
- * $PostgreSQL: pgsql/src/include/libpq/hba.h,v 1.50 2008/10/23 13:31:10 mha Exp $
+ * $PostgreSQL: pgsql/src/include/libpq/hba.h,v 1.51 2008/10/28 12:10:44 mha Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -22,7 +22,6 @@ typedef enum UserAuth
        uaTrust,
        uaIdent,
        uaPassword,
-       uaCrypt,
        uaMD5,
        uaGSS,
        uaSSPI,
index 4d5e0039c89dc4bffec1fd00b6d72cfc4966d74f..73f42298c427671a348b34c0825aed382690b2bb 100644 (file)
@@ -11,7 +11,7 @@
  * Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/include/libpq/libpq-be.h,v 1.67 2008/09/15 12:32:57 mha Exp $
+ * $PostgreSQL: pgsql/src/include/libpq/libpq-be.h,v 1.68 2008/10/28 12:10:44 mha Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -123,7 +123,6 @@ typedef struct Port
         */
        HbaLine    *hba;
        char            md5Salt[4];             /* Password salt */
-       char            cryptSalt[2];   /* Password salt */
 
        /*
         * Information that really has no business at all being in struct Port,
index 31839b201523e6f7e152b239d853f36f9e57daee..6b9437ae045e8e3a23425b15688b3c0d01de4b7d 100644 (file)
@@ -9,7 +9,7 @@
  * Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/include/libpq/pqcomm.h,v 1.108 2008/01/01 19:45:58 momjian Exp $
+ * $PostgreSQL: pgsql/src/include/libpq/pqcomm.h,v 1.109 2008/10/28 12:10:44 mha Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -153,7 +153,7 @@ extern bool Db_user_namespace;
 #define AUTH_REQ_KRB4          1       /* Kerberos V4. Not supported any more. */
 #define AUTH_REQ_KRB5          2       /* Kerberos V5 */
 #define AUTH_REQ_PASSWORD      3       /* Password */
-#define AUTH_REQ_CRYPT         4       /* crypt password */
+#define AUTH_REQ_CRYPT         4       /* crypt password. Not supported any more. */
 #define AUTH_REQ_MD5           5       /* md5 password */
 #define AUTH_REQ_SCM_CREDS     6       /* transfer SCM credentials */
 #define AUTH_REQ_GSS           7       /* GSSAPI without wrap() */
index f0d7948712921d80ce568ef601cd35720b15a4ab..64631966489423d20268cfef771f8a2c544d08c1 100644 (file)
@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1994, Regents of the University of California
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.137 2008/01/31 18:58:30 tgl Exp $
+ *       $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.138 2008/10/28 12:10:44 mha Exp $
  *
  *-------------------------------------------------------------------------
  */
 #include <pwd.h>
 #endif
 
-#ifdef HAVE_CRYPT_H
-#include <crypt.h>
-#endif
-
 #include "libpq-fe.h"
 #include "fe-auth.h"
 #include "libpq/md5.h"
@@ -787,14 +783,6 @@ pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq)
                                }
                                break;
                        }
-               case AUTH_REQ_CRYPT:
-                       {
-                               char            salt[3];
-
-                               strlcpy(salt, conn->cryptSalt, sizeof(salt));
-                               crypt_pwd = crypt(password, salt);
-                               break;
-                       }
                case AUTH_REQ_PASSWORD:
                        /* discard const so we can assign it */
                        crypt_pwd = (char *) password;
@@ -938,8 +926,12 @@ pg_fe_sendauth(AuthRequest areq, PGconn *conn)
 #endif
 
 
-               case AUTH_REQ_MD5:
                case AUTH_REQ_CRYPT:
+                       printfPQExpBuffer(&conn->errorMessage,
+                                libpq_gettext("Crypt authentication not supported\n"));
+                       return STATUS_ERROR;
+
+               case AUTH_REQ_MD5:
                case AUTH_REQ_PASSWORD:
                        conn->password_needed = true;
                        if (conn->pgpass == NULL || conn->pgpass[0] == '\0')
index c611c0de1cbf969033cd3eeb638684510de3935d..87809fd7829b4db22246d597423bd6607cc18fe4 100644 (file)
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *       $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.364 2008/10/27 09:42:31 mha Exp $
+ *       $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.365 2008/10/28 12:10:44 mha Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -1674,15 +1674,6 @@ keep_going:                                              /* We will come back to here until there is
                                                return PGRES_POLLING_READING;
                                        }
                                }
-                               if (areq == AUTH_REQ_CRYPT)
-                               {
-                                       if (pqGetnchar(conn->cryptSalt,
-                                                                  sizeof(conn->cryptSalt), conn))
-                                       {
-                                               /* We'll come back when there are more data */
-                                               return PGRES_POLLING_READING;
-                                       }
-                               }
 #if defined(ENABLE_GSS) || defined(ENABLE_SSPI)
 
                                /*
index 8525fb15f05906838dacf2c81dcfb589e492c8de..d5ec8ce13fcaa3d9eb168354213ccfd6975a6497 100644 (file)
@@ -12,7 +12,7 @@
  * Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.135 2008/10/27 09:42:31 mha Exp $
+ * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.136 2008/10/28 12:10:44 mha Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -340,7 +340,6 @@ struct pg_conn
        int                     be_pid;                 /* PID of backend --- needed for cancels */
        int                     be_key;                 /* key of backend --- needed for cancels */
        char            md5Salt[4];             /* password salt received from backend */
-       char            cryptSalt[2];   /* password salt received from backend */
        pgParameterStatus *pstatus; /* ParameterStatus data */
        int                     client_encoding;        /* encoding id */
        bool            std_strings;    /* standard_conforming_strings */