Fix PQencryptPasswordConn to work with older server versions.

password_encryption was a boolean before version 10, so cope with "on" and "off". Also, change the behavior with "plain", to treat it the same as "md5". We're discussing removing the password_encryption='plain' option from the server altogether, which will make this the only reasonable choice, but even if we kept it, it seems best to never send the password in cleartext.

Fix PQencryptPasswordConn to work with older server versions.
password_encryption was a boolean before version 10, so cope with "on" and "off". Also, change the behavior with "plain", to treat it the same as "md5". We're discussing removing the password_encryption='plain' option from the server altogether, which will make this the only reasonable choice, but even if we kept it, it seems best to never send the password in cleartext.
20bf7b2b · Heikki Linnakangas · 0de791ed · 20bf7b2b · 20bf7b2b
Commit 20bf7b2b authored May 04, 2017 by Heikki Linnakangas
Show whitespace changes
Inline Side-by-side

Showing with 17 additions and 8 deletions

doc/src/sgml/libpq.sgml doc/src/sgml/libpq.sgml +3 -1

src/interfaces/libpq/fe-auth.c src/interfaces/libpq/fe-auth.c +14 -7

No files found.
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -5902,7 +5902,9 @@ char *PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user,
      are the cleartext password, and the SQL name of the user it is for.
      <parameter>algorithm</> specifies the encryption algorithm
      to use to encrypt the password. Currently supported algorithms are
-      <literal>md5</>, <literal>scram-sha-256</> and <literal>plain</>.
+      <literal>md5</> and <literal>scram-sha-256</> (<literal>on</> and
+      <literal>off</> are also accepted as aliases for <literal>md5</>, for
+      compatibility with older server versions). Note that support for
      <literal>scram-sha-256</> was introduced in <productname>PostgreSQL</>
      version 10, and will not work correctly with older server versions. If
      <parameter>algorithm</> is <symbol>NULL</>, this function will query

--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -1177,8 +1177,19 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user,
 		algorithm = algobuf;
 	}

-	/* Ok, now we know what algorithm to use */
+	/*
+	 * Also accept "on" and "off" as aliases for "md5", because
+	 * password_encryption was a boolean before PostgreSQL 10.  We refuse to
+	 * send the password in plaintext even if it was "off".
+	 */
+	if (strcmp(algorithm, "on") == 0 ||
+		strcmp(algorithm, "off") == 0 ||
+		strcmp(algorithm, "plain") == 0)
+		algorithm = "md5";

+	/*
+	 * Ok, now we know what algorithm to use
+	 */
 	if (strcmp(algorithm, "scram-sha-256") == 0)
 	{
 		crypt_pwd = pg_fe_scram_build_verifier(passwd);
@@ -1195,10 +1206,6 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user,
 			}
 		}
 	}
-	else if (strcmp(algorithm, "plain") == 0)
-	{
-		crypt_pwd = strdup(passwd);
-	}
 	else
 	{
 		printfPQExpBuffer(&conn->errorMessage,