Commit 20bf7b2b authored by Heikki Linnakangas's avatar Heikki Linnakangas

Fix PQencryptPasswordConn to work with older server versions.

password_encryption was a boolean before version 10, so cope with "on" and
"off".

Also, change the behavior with "plain", to treat it the same as "md5".
We're discussing removing the password_encryption='plain' option from the
server altogether, which will make this the only reasonable choice, but
even if we kept it, it seems best to never send the password in cleartext.
parent 0de791ed
...@@ -5902,7 +5902,9 @@ char *PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user, ...@@ -5902,7 +5902,9 @@ char *PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user,
are the cleartext password, and the SQL name of the user it is for. are the cleartext password, and the SQL name of the user it is for.
<parameter>algorithm</> specifies the encryption algorithm <parameter>algorithm</> specifies the encryption algorithm
to use to encrypt the password. Currently supported algorithms are to use to encrypt the password. Currently supported algorithms are
<literal>md5</>, <literal>scram-sha-256</> and <literal>plain</>. <literal>md5</> and <literal>scram-sha-256</> (<literal>on</> and
<literal>off</> are also accepted as aliases for <literal>md5</>, for
compatibility with older server versions). Note that support for
<literal>scram-sha-256</> was introduced in <productname>PostgreSQL</> <literal>scram-sha-256</> was introduced in <productname>PostgreSQL</>
version 10, and will not work correctly with older server versions. If version 10, and will not work correctly with older server versions. If
<parameter>algorithm</> is <symbol>NULL</>, this function will query <parameter>algorithm</> is <symbol>NULL</>, this function will query
......
...@@ -1168,7 +1168,7 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user, ...@@ -1168,7 +1168,7 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user,
{ {
PQclear(res); PQclear(res);
printfPQExpBuffer(&conn->errorMessage, printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("password_encryption value too long\n")); libpq_gettext("password_encryption value too long\n"));
return NULL; return NULL;
} }
strcpy(algobuf, val); strcpy(algobuf, val);
...@@ -1177,8 +1177,19 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user, ...@@ -1177,8 +1177,19 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user,
algorithm = algobuf; algorithm = algobuf;
} }
/* Ok, now we know what algorithm to use */ /*
* Also accept "on" and "off" as aliases for "md5", because
* password_encryption was a boolean before PostgreSQL 10. We refuse to
* send the password in plaintext even if it was "off".
*/
if (strcmp(algorithm, "on") == 0 ||
strcmp(algorithm, "off") == 0 ||
strcmp(algorithm, "plain") == 0)
algorithm = "md5";
/*
* Ok, now we know what algorithm to use
*/
if (strcmp(algorithm, "scram-sha-256") == 0) if (strcmp(algorithm, "scram-sha-256") == 0)
{ {
crypt_pwd = pg_fe_scram_build_verifier(passwd); crypt_pwd = pg_fe_scram_build_verifier(passwd);
...@@ -1195,14 +1206,10 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user, ...@@ -1195,14 +1206,10 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user,
} }
} }
} }
else if (strcmp(algorithm, "plain") == 0)
{
crypt_pwd = strdup(passwd);
}
else else
{ {
printfPQExpBuffer(&conn->errorMessage, printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("unknown password encryption algorithm\n")); libpq_gettext("unknown password encryption algorithm\n"));
return NULL; return NULL;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment