auth.patch

text/plain

Filename: auth.patch
Type: text/plain
Part: 0
Message: oops Re: Encrypting pg_shadow passwords
*** backend/libpq/auth.c.orig	Sat Jun 16 01:01:50 2001
--- backend/libpq/auth.c	Sat Jun 16 01:00:42 2001
***************
*** 700,706 ****
  static int
  checkPassword(Port *port, char *user, char *password)
  {
! 	if (port->auth_arg[0] != '\0')
  		return verify_password(port, user, password);
  
  	return crypt_verify(port, user, password);
--- 700,706 ----
  static int
  checkPassword(Port *port, char *user, char *password)
  {
! 	if (port->auth_arg[0] != '\0' && strcmp(port->auth_arg, "pg_shadow") != 0)
  		return verify_password(port, user, password);
  
  	return crypt_verify(port, user, password);
*** backend/libpq/crypt.c.orig	Sat Jun 16 01:01:56 2001
--- backend/libpq/crypt.c	Sat Jun 16 01:00:42 2001
***************
*** 260,266 ****
  
  	char	   *passwd,
  			   *valuntil,
! 			   *crypt_pwd;
  	int			retval = STATUS_ERROR;
  	AbsoluteTime vuntil,
  				current;
--- 260,267 ----
  
  	char	   *passwd,
  			   *valuntil,
! 			   *client_passwd,
! 			   *server_passwd;
  	int			retval = STATUS_ERROR;
  	AbsoluteTime vuntil,
  				current;
***************
*** 282,291 ****
  	 * authentication method being used for this connection.
  	 */
  
! 	crypt_pwd =
! 		(port->auth_method == uaCrypt ? crypt(passwd, port->salt) : passwd);
  
! 	if (!strcmp(pgpass, crypt_pwd))
  	{
  
  		/*
--- 283,325 ----
  	 * authentication method being used for this connection.
  	 */
  
! 	/*
! 	 * default behaviours
! 	 * - host dbname x.x.x.x x.x.x.x password
! 	 *      client passwd - clear text
! 	 *      pg_shadow passwd - stored as clear text
! 	*/
! 
! 	client_passwd = (char *)pgpass;
! 	server_passwd = passwd;
! 
! 	/*
! 	 * - host dbname x.x.x.x x.x.x.x crypt
! 	 *      client passwd - encrypted by client
! 	 *      pg_shadow passwd - stored as clear text, encrypted before compare
! 	*/
! 
! 	if (port->auth_method == uaCrypt)
! 	{
! 		client_passwd = (char *)pgpass;
! 		server_passwd = crypt(passwd, port->salt);
! 	}
! 
! 	/*
! 	 * enhanced behavior
! 	 * - host dbname x.x.x.x x.x.x.x password pg_shadow
! 	 *      client passwd - clear text, encrypted before compare
! 	 *      pg_shadow passwd - stored as encrypted
! 	*/
! 
! 	if (port->auth_method != uaCrypt &&
! 			strcmp(port->auth_arg, "pg_shadow") == 0)
! 	{
! 		client_passwd = crypt(pgpass, passwd);
! 		server_passwd = passwd;
! 	}
  
! 	if (!strcmp(client_passwd, server_passwd))
  	{
  
  		/*