From: Peter Eisentraut <peter@eisentraut.org>
Date: Sat, 3 Aug 2019 15:38:27 +0000 (+0200)
Subject: Handle auth_type=password when the stored password is md5
X-Git-Tag: pgbouncer_1_11_0~18
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=50b89eb7cd7608fab929350100419412a1a8ff8e;p=pgbouncer

Handle auth_type=password when the stored password is md5

This matches what a PostgreSQL server would do.

Author: @hashbrowncipher

fixes #129
---

diff --git a/src/client.c b/src/client.c
index 031e4e5..80cbcb6 100644
--- a/src/client.c
+++ b/src/client.c
@@ -46,7 +46,11 @@ static bool check_client_passwd(PgSocket *client, const char *passwd)
 
 	switch (auth_type) {
 	case AUTH_PLAIN:
-		return strcmp(user->passwd, passwd) == 0;
+		if (isMD5(user->passwd)) {
+			pg_md5_encrypt(passwd, user->name, strlen(user->name), md5);
+			return strcmp(user->passwd, md5) == 0;
+		} else
+			return strcmp(user->passwd, passwd) == 0;
 	case AUTH_MD5:
 		if (strlen(passwd) != MD5_PASSWD_LEN)
 			return false;
diff --git a/test/test.sh b/test/test.sh
index d39a4f7..d424dbf 100755
--- a/test/test.sh
+++ b/test/test.sh
@@ -612,6 +612,13 @@ test_password_client() {
 	# bad password
 	PGPASSWORD=wrong psql -X -U puser2 -c "select 2" p1 && return 1
 
+	# test with users that have an md5 password stored
+
+	# good password
+	PGPASSWORD=foo psql -X -U muser1 -c "select 1" p1 || return 1
+	# bad password
+	PGPASSWORD=wrong psql -X -U muser2 -c "select 2" p1 && return 1
+
 	admin "set auth_type='trust'"
 
 	return 0