Remove crypt auth.

Highly obsolete.

diff --git a/NEWS.rst b/NEWS.rst
index b6beea6f70e315e198ad3043e1434d9eda2a8914..7e2e3ff4cb759078f3f34932ae2fc961de7d323b 100644 (file)
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -12,6 +12,10 @@ Unreleased
 
   * Unix sockets support "peer" auth.
 
+- Cleanups
+
+  * Remove **crypt** auth.
+
 PgBouncer 1.6.x
 ---------------
 

diff --git a/configure.ac b/configure.ac
index 36add68a9d3d5b031bbfd3411341ec31509a0bb2..86c27ba004920e6ec04c06ec0ab04704b859558e 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -26,7 +26,6 @@ AC_CHECK_TOOL([STRIP], [strip])
 
 dnl Checks for header files.
 AC_USUAL_HEADER_CHECK
-AC_CHECK_HEADERS([crypt.h])
 AC_CHECK_HEADERS([sys/resource.h sys/wait.h])
 
 dnl Checks for typedefs, structures, and compiler characteristics.
@@ -46,12 +45,11 @@ m4_ifdef([AC_TYPE_UINT8_T], [
 
 dnl Checks for library functions.
 AC_USUAL_FUNCTION_CHECK
-AC_SEARCH_LIBS(crypt, crypt)
 AC_SEARCH_LIBS(clock_gettime, rt)
 AC_SEARCH_LIBS(getsockname, socket)
 AC_SEARCH_LIBS(gethostbyname, nsl)
 AC_SEARCH_LIBS(hstrerror, resolv)
-AC_CHECK_FUNCS(crypt lstat)
+AC_CHECK_FUNCS(lstat)
 
 dnl Find libevent
 AC_USUAL_LIBEVENT

diff --git a/doc/config.rst b/doc/config.rst
index 266a83cd7d8240c26a8037b20be1b76a6da8ed93..07a13f70448c9b4e1f75e3491a52f25554e1bce3 100644 (file)
--- a/doc/config.rst
+++ b/doc/config.rst
@@ -119,10 +119,6 @@ md5
     Use MD5-based password check. `auth_file`_ may contain both MD5-encrypted
     or plain-text passwords.  This is the default authentication method.
 
-crypt
-    Use crypt(3) based password check. `auth_file`_ must contain plain-text
-    passwords.  Deprecated, removed in PostgreSQL 8.4.
-
 plain
     Clear-text password is sent over wire.  Deprecated.
 

diff --git a/include/bouncer.h b/include/bouncer.h
index d409227f4c62b2c24b75ec278f9001aa35945ce8..ca33199108655e8c34f923e356b9c84d7351d552 100644 (file)
--- a/include/bouncer.h
+++ b/include/bouncer.h
@@ -119,9 +119,9 @@ extern int cf_sbuf_len;
 #define AUTH_ANY       -1 /* same as trust but without username check */
 #define AUTH_TRUST     0
 #define AUTH_PLAIN     3
-#define AUTH_CRYPT     4
+/* #define AUTH_CRYPT  4 */
 #define AUTH_MD5       5
-#define AUTH_CREDS     6
+/* #define AUTH_CREDS  6 */
 #define AUTH_CERT      7
 #define AUTH_PEER      8
 #define AUTH_HBA       9

diff --git a/include/system.h b/include/system.h
index ab8e0aa57d03eab35e7394eb803771f9c52dc346..4fa3f9653dbba2c07b7d9804286b3f3412fff051 100644 (file)
--- a/include/system.h
+++ b/include/system.h
@@ -34,9 +34,6 @@
 
 #include <usual/tls/tls.h>
 
-#ifdef HAVE_CRYPT_H
-#include <crypt.h>
-#endif
 #ifdef HAVE_LIBGEN_H
 #include <libgen.h>
 #endif
@@ -60,9 +57,6 @@
  * libc compat functions.
  */
 
-#ifndef HAVE_CRYPT
-static inline char *crypt(const char *p, const char *s) { return NULL; }
-#endif
 #ifndef HAVE_LSTAT
 static inline int lstat(const char *path, struct stat *st) { return stat(path, st); }
 #endif

diff --git a/src/client.c b/src/client.c
index 9f0c48fdbda307d291b412a07635d7353a2b94cb..43784746cb8971d3df518dea4862149c0f609f02 100644 (file)
--- a/src/client.c
+++ b/src/client.c
@@ -36,7 +36,6 @@ static const char *hdr2hex(const struct MBuf *data, char *buf, unsigned buflen)
 static bool check_client_passwd(PgSocket *client, const char *passwd)
 {
        char md5[MD5_PASSWD_LEN + 1];
-       const char *correct;
        PgUser *user = client->auth_user;
 
        /* disallow empty passwords */
@@ -46,9 +45,6 @@ static bool check_client_passwd(PgSocket *client, const char *passwd)
        switch (cf_auth_type) {
        case AUTH_PLAIN:
                return strcmp(user->passwd, passwd) == 0;
-       case AUTH_CRYPT:
-               correct = crypt(user->passwd, (char *)client->tmp_login_salt);
-               return correct && strcmp(correct, passwd) == 0;
        case AUTH_MD5:
                if (strlen(passwd) != MD5_PASSWD_LEN)
                        return false;
@@ -60,26 +56,13 @@ static bool check_client_passwd(PgSocket *client, const char *passwd)
        return false;
 }
 
-/* mask to get offset into valid_crypt_salt[] */
-#define SALT_MASK  0x3F
-
-static const char valid_crypt_salt[] =
-"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
-
 static bool send_client_authreq(PgSocket *client)
 {
        uint8_t saltlen = 0;
        int res;
        int auth = cf_auth_type;
-       uint8_t randbuf[2];
-
-       if (auth == AUTH_CRYPT) {
-               saltlen = 2;
-               get_random_bytes(randbuf, saltlen);
-               client->tmp_login_salt[0] = valid_crypt_salt[randbuf[0] & SALT_MASK];
-               client->tmp_login_salt[1] = valid_crypt_salt[randbuf[1] & SALT_MASK];
-               client->tmp_login_salt[2] = 0;
-       } else if (cf_auth_type == AUTH_MD5) {
+
+       if (cf_auth_type == AUTH_MD5) {
                saltlen = 4;
                get_random_bytes((void*)client->tmp_login_salt, saltlen);
        } else if (cf_auth_type == AUTH_PLAIN) {
@@ -237,7 +220,6 @@ static bool finish_set_pool(PgSocket *client, bool takeover)
                ok = finish_client_login(client);
                break;
        case AUTH_PLAIN:
-       case AUTH_CRYPT:
        case AUTH_MD5:
                ok = send_client_authreq(client);
                break;

diff --git a/src/main.c b/src/main.c
index 983faaa13fbd19999ae0c4d8058c70e38d6bac43..b6c2f2838de6fe0f146a16a963b916f36bccf774 100644 (file)
--- a/src/main.c
+++ b/src/main.c
@@ -167,9 +167,6 @@ static const struct CfLookup auth_type_map[] = {
        { "any", AUTH_ANY },
        { "trust", AUTH_TRUST },
        { "plain", AUTH_PLAIN },
-#ifdef HAVE_CRYPT
-       { "crypt", AUTH_CRYPT },
-#endif
        { "md5", AUTH_MD5 },
        { "cert", AUTH_CERT },
        { "hba", AUTH_HBA },

diff --git a/src/proto.c b/src/proto.c
index 8aad019dcc90ef77afb88df4c77d396793a9b56b..670b7c78cd3628abd73ed159a8b3e853de3f4504 100644 (file)
--- a/src/proto.c
+++ b/src/proto.c
@@ -275,23 +275,6 @@ static bool login_clear_psw(PgSocket *server)
        return send_password(server, user->passwd);
 }
 
-static bool login_crypt_psw(PgSocket *server, const uint8_t *salt)
-{
-       char saltbuf[3];
-       const char *enc;
-       PgUser *user = get_srv_psw(server);
-
-       slog_debug(server, "P: send crypt password");
-       memcpy(saltbuf, salt, 2);
-       saltbuf[2] = 0;
-       enc = crypt(user->passwd, saltbuf);
-       if (!enc) {
-               slog_warning(server, "crypt failed");
-               return false;
-       }
-       return send_password(server, enc);
-}
-
 static bool login_md5_psw(PgSocket *server, const uint8_t *salt)
 {
        char txt[MD5_PASSWD_LEN + 1], *src;
@@ -331,12 +314,6 @@ bool answer_authreq(PgSocket *server, PktHdr *pkt)
                slog_debug(server, "S: req cleartext password");
                res = login_clear_psw(server);
                break;
-       case 4:
-               slog_debug(server, "S: req crypt psw");
-               if (!mbuf_get_bytes(&pkt->data, 2, &salt))
-                       return false;
-               res = login_crypt_psw(server, salt);
-               break;
        case 5:
                slog_debug(server, "S: req md5-crypted psw");
                if (!mbuf_get_bytes(&pkt->data, 4, &salt))