diff options
| author | Heikki Linnakangas | 2017-05-04 09:28:25 +0000 |
|---|---|---|
| committer | Heikki Linnakangas | 2017-05-04 09:28:25 +0000 |
| commit | 20bf7b2b0afcb53608ec37005ee7f831132925d2 (patch) | |
| tree | 0a7e4dae434ee7afdf62d5c4f87d3ba534b49117 | |
| parent | 0de791ed760614991e7cb8a78fddd6874ea6919d (diff) | |
Fix PQencryptPasswordConn to work with older server versions.
password_encryption was a boolean before version 10, so cope with "on" and
"off".
Also, change the behavior with "plain", to treat it the same as "md5".
We're discussing removing the password_encryption='plain' option from the
server altogether, which will make this the only reasonable choice, but
even if we kept it, it seems best to never send the password in cleartext.
| -rw-r--r-- | doc/src/sgml/libpq.sgml | 4 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-auth.c | 21 |
2 files changed, 17 insertions, 8 deletions
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index 4f60b203fbc..c2b7abc603e 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -5902,7 +5902,9 @@ char *PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user, are the cleartext password, and the SQL name of the user it is for. <parameter>algorithm</> specifies the encryption algorithm to use to encrypt the password. Currently supported algorithms are - <literal>md5</>, <literal>scram-sha-256</> and <literal>plain</>. + <literal>md5</> and <literal>scram-sha-256</> (<literal>on</> and + <literal>off</> are also accepted as aliases for <literal>md5</>, for + compatibility with older server versions). Note that support for <literal>scram-sha-256</> was introduced in <productname>PostgreSQL</> version 10, and will not work correctly with older server versions. If <parameter>algorithm</> is <symbol>NULL</>, this function will query diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c index daa7cc95858..54acd0f6bf8 100644 --- a/src/interfaces/libpq/fe-auth.c +++ b/src/interfaces/libpq/fe-auth.c @@ -1168,7 +1168,7 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user, { PQclear(res); printfPQExpBuffer(&conn->errorMessage, - libpq_gettext("password_encryption value too long\n")); + libpq_gettext("password_encryption value too long\n")); return NULL; } strcpy(algobuf, val); @@ -1177,8 +1177,19 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user, algorithm = algobuf; } - /* Ok, now we know what algorithm to use */ + /* + * Also accept "on" and "off" as aliases for "md5", because + * password_encryption was a boolean before PostgreSQL 10. We refuse to + * send the password in plaintext even if it was "off". + */ + if (strcmp(algorithm, "on") == 0 || + strcmp(algorithm, "off") == 0 || + strcmp(algorithm, "plain") == 0) + algorithm = "md5"; + /* + * Ok, now we know what algorithm to use + */ if (strcmp(algorithm, "scram-sha-256") == 0) { crypt_pwd = pg_fe_scram_build_verifier(passwd); @@ -1195,14 +1206,10 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user, } } } - else if (strcmp(algorithm, "plain") == 0) - { - crypt_pwd = strdup(passwd); - } else { printfPQExpBuffer(&conn->errorMessage, - libpq_gettext("unknown password encryption algorithm\n")); + libpq_gettext("unknown password encryption algorithm\n")); return NULL; } |