From b52950cc3d3a6759314b59710e97917972798b6a Mon Sep 17 00:00:00 2001 From: Hiroshi Inoue Date: Mon, 12 Nov 2001 00:54:28 +0000 Subject: [PATCH] Add md5 authentication support thanks to Bruce Momjian. --- src/interfaces/odbc/GNUmakefile | 6 +- src/interfaces/odbc/connection.c | 50 ++++- src/interfaces/odbc/md5.c | 339 +++++++++++++++++++++++++++++++ src/interfaces/odbc/md5.h | 52 +++++ src/interfaces/odbc/win32.mak | 10 + src/interfaces/odbc/win_md5.c | 15 ++ 6 files changed, 468 insertions(+), 4 deletions(-) create mode 100644 src/interfaces/odbc/md5.c create mode 100644 src/interfaces/odbc/md5.h create mode 100644 src/interfaces/odbc/win_md5.c diff --git a/src/interfaces/odbc/GNUmakefile b/src/interfaces/odbc/GNUmakefile index cba0e143bb..8d62f9079a 100644 --- a/src/interfaces/odbc/GNUmakefile +++ b/src/interfaces/odbc/GNUmakefile @@ -2,7 +2,7 @@ # # GNUMakefile for psqlodbc (Postgres ODBC driver) # -# $Header: /cvsroot/pgsql/src/interfaces/odbc/Attic/GNUmakefile,v 1.22 2001/10/09 22:32:33 petere Exp $ +# $Header: /cvsroot/pgsql/src/interfaces/odbc/Attic/GNUmakefile,v 1.23 2001/11/12 00:54:28 inoue Exp $ # #------------------------------------------------------------------------- @@ -19,11 +19,11 @@ endif SO_MAJOR_VERSION = 0 SO_MINOR_VERSION = 27 -override CPPFLAGS := -I$(srcdir) $(CPPFLAGS) +override CPPFLAGS := -I$(srcdir) $(CPPFLAGS) -DFRONTEND -DMD5_ODBC OBJS = info.o bind.o columninfo.o connection.o convert.o drvconn.o \ - environ.o execute.o lobj.o misc.o options.o \ + environ.o execute.o lobj.o md5.o misc.o options.o \ pgtypes.o psqlodbc.o qresult.o results.o socket.o parse.o statement.o \ tuple.o tuplelist.o dlg_specific.o odbcapi.o diff --git a/src/interfaces/odbc/connection.c b/src/interfaces/odbc/connection.c index a8abb12d12..e39501f800 100644 --- a/src/interfaces/odbc/connection.c +++ b/src/interfaces/odbc/connection.c @@ -32,6 +32,7 @@ #endif #include "pgapifunc.h" +#include "md5.h" #define STMT_INCREMENT 16 /* how many statement holders to allocate * at a time */ @@ -508,6 +509,39 @@ CC_set_translation(ConnectionClass *self) return TRUE; } +static int +md5_auth_send(ConnectionClass *self, const char *salt) +{ + char *pwd1 = NULL, *pwd2 = NULL; + ConnInfo *ci = &(self->connInfo); + SocketClass *sock = self->sock; + +mylog("MD5 user=%s password=%s\n", ci->username, ci->password); + if (!(pwd1 = malloc(MD5_PASSWD_LEN + 1))) + return 1; + if (!EncryptMD5(ci->password, ci->username, strlen(ci->username), pwd1)) + { + free(pwd1); + return 1; + } + if (!(pwd2 = malloc(MD5_PASSWD_LEN + 1))) + { + free(pwd1); + return 1; + } + if (!EncryptMD5(pwd1 + strlen("md5"), salt, 4, pwd2)) + { + free(pwd2); + free(pwd1); + return 1; + } + free(pwd1); + SOCK_put_int(sock, 4 + strlen(pwd2) + 1, 4); + SOCK_put_n_char(sock, pwd2, strlen(pwd2) + 1); + SOCK_flush_output(sock); + free(pwd2); + return 0; +} char CC_connect(ConnectionClass *self, char do_password) @@ -763,10 +797,24 @@ another_version_retry: break; case AUTH_REQ_CRYPT: - case AUTH_REQ_MD5: self->errormsg = "Password crypt authentication not supported"; self->errornumber = CONN_AUTH_TYPE_UNSUPPORTED; return 0; + case AUTH_REQ_MD5: + mylog("in AUTH_REQ_MD5\n"); + if (ci->password[0] == '\0') + { + self->errornumber = CONNECTION_NEED_PASSWORD; + self->errormsg = "A password is required for this connection."; + return -1; /* need password */ + } + if (md5_auth_send(self, salt)) + { + self->errormsg = "md5 hashing failed"; + self->errornumber = CONN_INVALID_AUTHENTICATION; + return 0; + } + break; case AUTH_REQ_SCM_CREDS: self->errormsg = "Unix socket credential authentication not supported"; diff --git a/src/interfaces/odbc/md5.c b/src/interfaces/odbc/md5.c new file mode 100644 index 0000000000..e44afe0c44 --- /dev/null +++ b/src/interfaces/odbc/md5.c @@ -0,0 +1,339 @@ +/* + * md5.c + * + * Implements the MD5 Message-Digest Algorithm as specified in + * RFC 1321. This implementation is a simple one, in that it + * needs every input byte to be buffered before doing any + * calculations. I do not expect this file to be used for + * general purpose MD5'ing of large amounts of data, only for + * generating hashed passwords from limited input. + * + * Sverre H. Huseby + * + * $Header: /cvsroot/pgsql/src/interfaces/odbc/Attic/md5.c,v 1.1 2001/11/12 00:54:28 inoue Exp $ + */ + + +#ifndef MD5_ODBC +#include "postgres.h" +#include "libpq/crypt.h" +#else +#include "md5.h" +#endif + +#ifdef FRONTEND +#undef palloc +#define palloc malloc +#undef pfree +#define pfree free +#endif + + +/* + * PRIVATE FUNCTIONS + */ + + +/* + * The returned array is allocated using malloc. the caller should free it + * when it is no longer needed. + */ +static uint8 * +createPaddedCopyWithLength(uint8 *b, uint32 *l) +{ + uint8 *ret; + uint32 q; + uint32 len, + newLen448; + uint32 len_high, + len_low; /* 64-bit value split into 32-bit sections */ + + len = ((b == NULL) ? 0 : *l); + newLen448 = len + 64 - (len % 64) - 8; + if (newLen448 <= len) + newLen448 += 64; + + *l = newLen448 + 8; + if ((ret = (uint8 *) malloc(sizeof(uint8) * *l)) == NULL) + return NULL; + + if (b != NULL) + memcpy(ret, b, sizeof(uint8) * len); + + /* pad */ + ret[len] = 0x80; + for (q = len + 1; q < newLen448; q++) + ret[q] = 0x00; + + /* append length as a 64 bit bitcount */ + len_low = len; + /* split into two 32-bit values */ + /* we only look at the bottom 32-bits */ + len_high = len >> 29; + len_low <<= 3; + q = newLen448; + ret[q++] = (len_low & 0xff); + len_low >>= 8; + ret[q++] = (len_low & 0xff); + len_low >>= 8; + ret[q++] = (len_low & 0xff); + len_low >>= 8; + ret[q++] = (len_low & 0xff); + ret[q++] = (len_high & 0xff); + len_high >>= 8; + ret[q++] = (len_high & 0xff); + len_high >>= 8; + ret[q++] = (len_high & 0xff); + len_high >>= 8; + ret[q] = (len_high & 0xff); + + return ret; +} + +#define F(x, y, z) (((x) & (y)) | (~(x) & (z))) +#define G(x, y, z) (((x) & (z)) | ((y) & ~(z))) +#define H(x, y, z) ((x) ^ (y) ^ (z)) +#define I(x, y, z) ((y) ^ ((x) | ~(z))) +#define ROT_LEFT(x, n) (((x) << (n)) | ((x) >> (32 - (n)))) + +static void +doTheRounds(uint32 X[16], uint32 state[4]) +{ + uint32 a, + b, + c, + d; + + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + + /* round 1 */ + a = b + ROT_LEFT((a + F(b, c, d) + X[0] + 0xd76aa478), 7); /* 1 */ + d = a + ROT_LEFT((d + F(a, b, c) + X[1] + 0xe8c7b756), 12); /* 2 */ + c = d + ROT_LEFT((c + F(d, a, b) + X[2] + 0x242070db), 17); /* 3 */ + b = c + ROT_LEFT((b + F(c, d, a) + X[3] + 0xc1bdceee), 22); /* 4 */ + a = b + ROT_LEFT((a + F(b, c, d) + X[4] + 0xf57c0faf), 7); /* 5 */ + d = a + ROT_LEFT((d + F(a, b, c) + X[5] + 0x4787c62a), 12); /* 6 */ + c = d + ROT_LEFT((c + F(d, a, b) + X[6] + 0xa8304613), 17); /* 7 */ + b = c + ROT_LEFT((b + F(c, d, a) + X[7] + 0xfd469501), 22); /* 8 */ + a = b + ROT_LEFT((a + F(b, c, d) + X[8] + 0x698098d8), 7); /* 9 */ + d = a + ROT_LEFT((d + F(a, b, c) + X[9] + 0x8b44f7af), 12); /* 10 */ + c = d + ROT_LEFT((c + F(d, a, b) + X[10] + 0xffff5bb1), 17); /* 11 */ + b = c + ROT_LEFT((b + F(c, d, a) + X[11] + 0x895cd7be), 22); /* 12 */ + a = b + ROT_LEFT((a + F(b, c, d) + X[12] + 0x6b901122), 7); /* 13 */ + d = a + ROT_LEFT((d + F(a, b, c) + X[13] + 0xfd987193), 12); /* 14 */ + c = d + ROT_LEFT((c + F(d, a, b) + X[14] + 0xa679438e), 17); /* 15 */ + b = c + ROT_LEFT((b + F(c, d, a) + X[15] + 0x49b40821), 22); /* 16 */ + + /* round 2 */ + a = b + ROT_LEFT((a + G(b, c, d) + X[1] + 0xf61e2562), 5); /* 17 */ + d = a + ROT_LEFT((d + G(a, b, c) + X[6] + 0xc040b340), 9); /* 18 */ + c = d + ROT_LEFT((c + G(d, a, b) + X[11] + 0x265e5a51), 14); /* 19 */ + b = c + ROT_LEFT((b + G(c, d, a) + X[0] + 0xe9b6c7aa), 20); /* 20 */ + a = b + ROT_LEFT((a + G(b, c, d) + X[5] + 0xd62f105d), 5); /* 21 */ + d = a + ROT_LEFT((d + G(a, b, c) + X[10] + 0x02441453), 9); /* 22 */ + c = d + ROT_LEFT((c + G(d, a, b) + X[15] + 0xd8a1e681), 14); /* 23 */ + b = c + ROT_LEFT((b + G(c, d, a) + X[4] + 0xe7d3fbc8), 20); /* 24 */ + a = b + ROT_LEFT((a + G(b, c, d) + X[9] + 0x21e1cde6), 5); /* 25 */ + d = a + ROT_LEFT((d + G(a, b, c) + X[14] + 0xc33707d6), 9); /* 26 */ + c = d + ROT_LEFT((c + G(d, a, b) + X[3] + 0xf4d50d87), 14); /* 27 */ + b = c + ROT_LEFT((b + G(c, d, a) + X[8] + 0x455a14ed), 20); /* 28 */ + a = b + ROT_LEFT((a + G(b, c, d) + X[13] + 0xa9e3e905), 5); /* 29 */ + d = a + ROT_LEFT((d + G(a, b, c) + X[2] + 0xfcefa3f8), 9); /* 30 */ + c = d + ROT_LEFT((c + G(d, a, b) + X[7] + 0x676f02d9), 14); /* 31 */ + b = c + ROT_LEFT((b + G(c, d, a) + X[12] + 0x8d2a4c8a), 20); /* 32 */ + + /* round 3 */ + a = b + ROT_LEFT((a + H(b, c, d) + X[5] + 0xfffa3942), 4); /* 33 */ + d = a + ROT_LEFT((d + H(a, b, c) + X[8] + 0x8771f681), 11); /* 34 */ + c = d + ROT_LEFT((c + H(d, a, b) + X[11] + 0x6d9d6122), 16); /* 35 */ + b = c + ROT_LEFT((b + H(c, d, a) + X[14] + 0xfde5380c), 23); /* 36 */ + a = b + ROT_LEFT((a + H(b, c, d) + X[1] + 0xa4beea44), 4); /* 37 */ + d = a + ROT_LEFT((d + H(a, b, c) + X[4] + 0x4bdecfa9), 11); /* 38 */ + c = d + ROT_LEFT((c + H(d, a, b) + X[7] + 0xf6bb4b60), 16); /* 39 */ + b = c + ROT_LEFT((b + H(c, d, a) + X[10] + 0xbebfbc70), 23); /* 40 */ + a = b + ROT_LEFT((a + H(b, c, d) + X[13] + 0x289b7ec6), 4); /* 41 */ + d = a + ROT_LEFT((d + H(a, b, c) + X[0] + 0xeaa127fa), 11); /* 42 */ + c = d + ROT_LEFT((c + H(d, a, b) + X[3] + 0xd4ef3085), 16); /* 43 */ + b = c + ROT_LEFT((b + H(c, d, a) + X[6] + 0x04881d05), 23); /* 44 */ + a = b + ROT_LEFT((a + H(b, c, d) + X[9] + 0xd9d4d039), 4); /* 45 */ + d = a + ROT_LEFT((d + H(a, b, c) + X[12] + 0xe6db99e5), 11); /* 46 */ + c = d + ROT_LEFT((c + H(d, a, b) + X[15] + 0x1fa27cf8), 16); /* 47 */ + b = c + ROT_LEFT((b + H(c, d, a) + X[2] + 0xc4ac5665), 23); /* 48 */ + + /* round 4 */ + a = b + ROT_LEFT((a + I(b, c, d) + X[0] + 0xf4292244), 6); /* 49 */ + d = a + ROT_LEFT((d + I(a, b, c) + X[7] + 0x432aff97), 10); /* 50 */ + c = d + ROT_LEFT((c + I(d, a, b) + X[14] + 0xab9423a7), 15); /* 51 */ + b = c + ROT_LEFT((b + I(c, d, a) + X[5] + 0xfc93a039), 21); /* 52 */ + a = b + ROT_LEFT((a + I(b, c, d) + X[12] + 0x655b59c3), 6); /* 53 */ + d = a + ROT_LEFT((d + I(a, b, c) + X[3] + 0x8f0ccc92), 10); /* 54 */ + c = d + ROT_LEFT((c + I(d, a, b) + X[10] + 0xffeff47d), 15); /* 55 */ + b = c + ROT_LEFT((b + I(c, d, a) + X[1] + 0x85845dd1), 21); /* 56 */ + a = b + ROT_LEFT((a + I(b, c, d) + X[8] + 0x6fa87e4f), 6); /* 57 */ + d = a + ROT_LEFT((d + I(a, b, c) + X[15] + 0xfe2ce6e0), 10); /* 58 */ + c = d + ROT_LEFT((c + I(d, a, b) + X[6] + 0xa3014314), 15); /* 59 */ + b = c + ROT_LEFT((b + I(c, d, a) + X[13] + 0x4e0811a1), 21); /* 60 */ + a = b + ROT_LEFT((a + I(b, c, d) + X[4] + 0xf7537e82), 6); /* 61 */ + d = a + ROT_LEFT((d + I(a, b, c) + X[11] + 0xbd3af235), 10); /* 62 */ + c = d + ROT_LEFT((c + I(d, a, b) + X[2] + 0x2ad7d2bb), 15); /* 63 */ + b = c + ROT_LEFT((b + I(c, d, a) + X[9] + 0xeb86d391), 21); /* 64 */ + + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; +} + +static int +calculateDigestFromBuffer(uint8 *b, uint32 len, uint8 sum[16]) +{ + register uint32 i, + j, + k, + newI; + uint32 l; + uint8 *input; + register uint32 *wbp; + uint32 workBuff[16], + state[4]; + + l = len; + + state[0] = 0x67452301; + state[1] = 0xEFCDAB89; + state[2] = 0x98BADCFE; + state[3] = 0x10325476; + + if ((input = createPaddedCopyWithLength(b, &l)) == NULL) + return 0; + + for (i = 0;;) + { + if ((newI = i + 16 * 4) > l) + break; + k = i + 3; + for (j = 0; j < 16; j++) + { + wbp = (workBuff + j); + *wbp = input[k--]; + *wbp <<= 8; + *wbp |= input[k--]; + *wbp <<= 8; + *wbp |= input[k--]; + *wbp <<= 8; + *wbp |= input[k]; + k += 7; + } + doTheRounds(workBuff, state); + i = newI; + } + free(input); + + j = 0; + for (i = 0; i < 4; i++) + { + k = state[i]; + sum[j++] = (k & 0xff); + k >>= 8; + sum[j++] = (k & 0xff); + k >>= 8; + sum[j++] = (k & 0xff); + k >>= 8; + sum[j++] = (k & 0xff); + } + return 1; +} + +static void +bytesToHex(uint8 b[16], char *s) +{ + static char *hex = "0123456789abcdef"; + int q, + w; + + for (q = 0, w = 0; q < 16; q++) + { + s[w++] = hex[(b[q] >> 4) & 0x0F]; + s[w++] = hex[b[q] & 0x0F]; + } + s[w] = '\0'; +} + +/* + * PUBLIC FUNCTIONS + */ + +/* + * md5_hash + * + * Calculates the MD5 sum of the bytes in a buffer. + * + * SYNOPSIS #include "crypt.h" + * int md5_hash(const void *buff, size_t len, char *hexsum) + * + * INPUT buff the buffer containing the bytes that you want + * the MD5 sum of. + * len number of bytes in the buffer. + * + * OUTPUT hexsum the MD5 sum as a '\0'-terminated string of + * hexadecimal digits. an MD5 sum is 16 bytes long. + * each byte is represented by two heaxadecimal + * characters. you thus need to provide an array + * of 33 characters, including the trailing '\0'. + * + * RETURNS 0 on failure (out of memory for internal buffers) or + * non-zero on success. + * + * STANDARDS MD5 is described in RFC 1321. + * + * AUTHOR Sverre H. Huseby + * + */ +bool +md5_hash(const void *buff, size_t len, char *hexsum) +{ + uint8 sum[16]; + + if (!calculateDigestFromBuffer((uint8 *) buff, len, sum)) + return false; + + bytesToHex(sum, hexsum); + return true; +} + + + +/* + * Computes MD5 checksum of "passwd" (a null-terminated string) followed + * by "salt" (which need not be null-terminated). + * + * Output format is "md5" followed by a 32-hex-digit MD5 checksum. + * Hence, the output buffer "buf" must be at least 36 bytes long. + * + * Returns TRUE if okay, FALSE on error (out of memory). + */ +bool +EncryptMD5(const char *passwd, const char *salt, size_t salt_len, + char *buf) +{ + size_t passwd_len = strlen(passwd); + char *crypt_buf = palloc(passwd_len + salt_len); + bool ret; + + /* + * Place salt at the end because it may be known by users trying to + * crack the MD5 output. + */ + strcpy(crypt_buf, passwd); + memcpy(crypt_buf + passwd_len, salt, salt_len); + + strcpy(buf, "md5"); + ret = md5_hash(crypt_buf, passwd_len + salt_len, buf + 3); + + pfree(crypt_buf); + + return ret; +} diff --git a/src/interfaces/odbc/md5.h b/src/interfaces/odbc/md5.h new file mode 100644 index 0000000000..faaf21682c --- /dev/null +++ b/src/interfaces/odbc/md5.h @@ -0,0 +1,52 @@ +/* File: connection.h + * + * Description: See "connection.c" + * + * Comments: See "notice.txt" for copyright and license information. + * + */ + +#ifndef __MD5_H__ +#define __MD5_H__ + +#include "psqlodbc.h" + +#include +#include + +#ifdef WIN32 +#define MD5_ODBC +#define FRONTEND +#endif +#define MD5_PASSWD_LEN 35 + +/* From c.h */ +#ifndef __BEOS__ + +#ifndef __cplusplus + +#ifndef bool +typedef char bool; +#endif + +#ifndef true +#define true ((bool) 1) +#endif + +#ifndef false +#define false ((bool) 0) +#endif +#endif /* not C++ */ +#endif /* __BEOS__ */ + +#ifndef __BEOS__ /* this shouldn't be required, but is is! */ +typedef unsigned char uint8; /* == 8 bits */ +typedef unsigned short uint16; /* == 16 bits */ +typedef unsigned int uint32; /* == 32 bits */ +#endif /* __BEOS__ */ + +extern bool EncryptMD5(const char *passwd, const char *salt, + size_t salt_len, char *buf); + + +#endif diff --git a/src/interfaces/odbc/win32.mak b/src/interfaces/odbc/win32.mak index 6d83b1c7aa..1d92eec1bb 100644 --- a/src/interfaces/odbc/win32.mak +++ b/src/interfaces/odbc/win32.mak @@ -67,6 +67,7 @@ CLEAN : -@erase "$(INTDIR)\gpps.obj" -@erase "$(INTDIR)\info.obj" -@erase "$(INTDIR)\lobj.obj" + -@erase "$(INTDIR)\win_md5.obj" -@erase "$(INTDIR)\misc.obj" !IF "$(CFG)" == "MultibyteRelease" -@erase "$(INTDIR)\multibyte.obj" @@ -152,6 +153,7 @@ LINK32_OBJS= \ "$(INTDIR)\gpps.obj" \ "$(INTDIR)\info.obj" \ "$(INTDIR)\lobj.obj" \ + "$(INTDIR)\win_md5.obj" \ "$(INTDIR)\misc.obj" \ !IF "$(CFG)" == "MultibyteRelease" "$(INTDIR)\multibyte.obj" \ @@ -200,6 +202,7 @@ CLEAN : -@erase "$(INTDIR)\gpps.obj" -@erase "$(INTDIR)\info.obj" -@erase "$(INTDIR)\lobj.obj" + -@erase "$(INTDIR)\win_md5.obj" -@erase "$(INTDIR)\misc.obj" !IF "$(CFG)" == "MultibyteDebug" -@erase "$(INTDIR)\multibyte.obj" @@ -288,6 +291,7 @@ LINK32_OBJS= \ "$(INTDIR)\gpps.obj" \ "$(INTDIR)\info.obj" \ "$(INTDIR)\lobj.obj" \ + "$(INTDIR)\win_md5.obj" "$(INTDIR)\misc.obj" \ !IF "$(CFG)" == "MultibyteDebug" "$(INTDIR)\multibyte.obj" \ @@ -486,6 +490,12 @@ SOURCE=tuplelist.c $(CPP) $(CPP_PROJ) $(SOURCE) +SOURCE=win_md5.c + +"$(INTDIR)\win_md5.obj" : $(SOURCE) "$(INTDIR)" + $(CPP) $(CPP_PROJ) $(SOURCE) + + SOURCE=odbcapi.c "$(INTDIR)\odbcapi.obj" : $(SOURCE) "$(INTDIR)" diff --git a/src/interfaces/odbc/win_md5.c b/src/interfaces/odbc/win_md5.c new file mode 100644 index 0000000000..2a7c4014c7 --- /dev/null +++ b/src/interfaces/odbc/win_md5.c @@ -0,0 +1,15 @@ +/* + * win_md5.c + * Under Windows I don't love the following /D in makefiles. - inoue + */ +#define MD5_ODBC +#define FRONTEND + +/* + * md5.c is the exact copy of the src/backend/libpq/md5.c. + * + * psqlodbc driver stuff never refer(link) to other + * stuff directly. + * + */ +#include "md5.c" -- 2.40.0