From 53a5026b5cb359ec31e81fa6b20a69b053b87569 Mon Sep 17 00:00:00 2001
From: Magnus Hagander <magnus@hagander.net>
Date: Tue, 28 Oct 2008 12:10:44 +0000
Subject: [PATCH] Remove support for (insecure) crypt authentication.
This breaks compatibility with pre-7.2 versions.
---
doc/src/sgml/client-auth.sgml | 37 +++------------
doc/src/sgml/protocol.sgml | 70 +----------------------------
doc/src/sgml/user-manag.sgml | 6 +--
src/backend/libpq/auth.c | 10 +----
src/backend/libpq/crypt.c | 18 +-------
src/backend/libpq/hba.c | 4 +-
src/backend/postmaster/postmaster.c | 41 +++--------------
src/include/libpq/hba.h | 3 +-
src/include/libpq/libpq-be.h | 3 +-
src/include/libpq/pqcomm.h | 4 +-
src/interfaces/libpq/fe-auth.c | 20 +++------
src/interfaces/libpq/fe-connect.c | 11 +----
src/interfaces/libpq/libpq-int.h | 3 +-
13 files changed, 30 insertions(+), 200 deletions(-)
diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml
index 5a308eb8958..93482be6eab 100644
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.109 2008/10/23 13:31:09 mha Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.110 2008/10/28 12:10:42 mha Exp $ -->
<chapter id="client-authentication">
<title>Client Authentication</title>
@@ -315,24 +315,6 @@ hostnossl <replaceable>database</replaceable> <replaceable>user</replaceable>
</listitem>
</varlistentry>
- <varlistentry>
- <term><literal>crypt</></term>
- <listitem>
- <note>
- <para>
- This option is recommended only for communicating with pre-7.2
- clients.
- </para>
- </note>
- <para>
- Require the client to supply a <function>crypt()</>-encrypted
- password for authentication.
- <literal>md5</literal> is now recommended over <literal>crypt</>.
- See <xref linkend="auth-password"> for details.
- </para>
- </listitem>
- </varlistentry>
-
<varlistentry>
<term><literal>password</></term>
<listitem>
@@ -704,9 +686,6 @@ omicron bryanh guest1
<indexterm>
<primary>MD5</>
</indexterm>
- <indexterm>
- <primary>crypt</>
- </indexterm>
<indexterm>
<primary>password</primary>
<secondary>authentication</secondary>
@@ -714,21 +693,15 @@ omicron bryanh guest1
<para>
The password-based authentication methods are <literal>md5</>,
- <literal>crypt</>, and <literal>password</>. These methods operate
+ and <literal>password</>. These methods operate
similarly except for the way that the password is sent across the
- connection: respectively, MD5-hashed, crypt-encrypted, and clear-text.
- A limitation is that the <literal>crypt</> method does not work with
- passwords that have been encrypted in <structname>pg_authid</structname>.
+ connection: respectively, MD5-hashed and clear-text.
</para>
<para>
If you are at all concerned about password
- <quote>sniffing</> attacks then <literal>md5</> is preferred, with
- <literal>crypt</> to be used only if you must support pre-7.2
- clients. Plain <literal>password</> should be avoided especially for
- connections over the open Internet (unless you use <acronym>SSL</acronym>,
- <acronym>SSH</>, or another
- communications security wrapper around the connection).
+ <quote>sniffing</> attacks then <literal>md5</> is preferred.
+ Plain <literal>password</> should always be avoided if possible.
</para>
<para>
diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml
index 0797812c000..c9a0c7abde7 100644
--- a/doc/src/sgml/protocol.sgml
+++ b/doc/src/sgml/protocol.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/protocol.sgml,v 1.73 2008/02/08 18:18:05 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/protocol.sgml,v 1.74 2008/10/28 12:10:42 mha Exp $ -->
<chapter id="protocol">
<title>Frontend/Backend Protocol</title>
@@ -295,19 +295,6 @@
</listitem>
</varlistentry>
- <varlistentry>
- <term>AuthenticationCryptPassword</term>
- <listitem>
- <para>
- The frontend must now send a PasswordMessage containing the
- password encrypted via crypt(3), using the 2-character salt
- specified in the AuthenticationCryptPassword message. If
- this is the correct password, the server responds with an
- AuthenticationOk, otherwise it responds with an ErrorResponse.
- </para>
- </listitem>
- </varlistentry>
-
<varlistentry>
<term>AuthenticationMD5Password</term>
<listitem>
@@ -1531,61 +1518,6 @@ AuthenticationCleartextPassword (B)
</varlistentry>
-<varlistentry>
-<term>
-AuthenticationCryptPassword (B)
-</term>
-<listitem>
-<para>
-
-<variablelist>
-<varlistentry>
-<term>
- Byte1('R')
-</term>
-<listitem>
-<para>
- Identifies the message as an authentication request.
-</para>
-</listitem>
-</varlistentry>
-<varlistentry>
-<term>
- Int32(10)
-</term>
-<listitem>
-<para>
- Length of message contents in bytes, including self.
-</para>
-</listitem>
-</varlistentry>
-<varlistentry>
-<term>
- Int32(4)
-</term>
-<listitem>
-<para>
- Specifies that a crypt()-encrypted password is required.
-</para>
-</listitem>
-</varlistentry>
-<varlistentry>
-<term>
- Byte2
-</term>
-<listitem>
-<para>
- The salt to use when encrypting the password.
-</para>
-</listitem>
-</varlistentry>
-</variablelist>
-
-</para>
-</listitem>
-</varlistentry>
-
-
<varlistentry>
<term>
AuthenticationMD5Password (B)
diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml
index d4d9fcc5150..7023c2c724a 100644
--- a/doc/src/sgml/user-manag.sgml
+++ b/doc/src/sgml/user-manag.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/user-manag.sgml,v 1.40 2008/09/08 00:47:40 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/user-manag.sgml,v 1.41 2008/10/28 12:10:42 mha Exp $ -->
<chapter id="user-manag">
<title>Database Roles and Privileges</title>
@@ -215,8 +215,8 @@ CREATE USER <replaceable>name</replaceable>;
<para>
A password is only significant if the client authentication
method requires the user to supply a password when connecting
- to the database. The <option>password</>,
- <option>md5</>, and <option>crypt</> authentication methods
+ to the database. The <option>password</> and
+ <option>md5</> authentication methods
make use of passwords. Database passwords are separate from
operating system passwords. Specify a password upon role
creation with <literal>CREATE ROLE
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 865d52fc56f..e89b040b67e 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.169 2008/10/23 13:31:10 mha Exp $
+ * $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.170 2008/10/28 12:10:43 mha Exp $
*
*-------------------------------------------------------------------------
*/
@@ -230,7 +230,6 @@ auth_failed(Port *port, int status)
errstr = gettext_noop("Ident authentication failed for user \"%s\"");
break;
case uaMD5:
- case uaCrypt:
case uaPassword:
errstr = gettext_noop("password authentication failed for user \"%s\"");
break;
@@ -373,11 +372,6 @@ ClientAuthentication(Port *port)
status = recv_and_check_password_packet(port);
break;
- case uaCrypt:
- sendAuthRequest(port, AUTH_REQ_CRYPT);
- status = recv_and_check_password_packet(port);
- break;
-
case uaPassword:
sendAuthRequest(port, AUTH_REQ_PASSWORD);
status = recv_and_check_password_packet(port);
@@ -426,8 +420,6 @@ sendAuthRequest(Port *port, AuthRequest areq)
/* Add the salt for encrypted passwords. */
if (areq == AUTH_REQ_MD5)
pq_sendbytes(&buf, port->md5Salt, 4);
- else if (areq == AUTH_REQ_CRYPT)
- pq_sendbytes(&buf, port->cryptSalt, 2);
#if defined(ENABLE_GSS) || defined(ENABLE_SSPI)
diff --git a/src/backend/libpq/crypt.c b/src/backend/libpq/crypt.c
index ab237ad3b11..68e685dd786 100644
--- a/src/backend/libpq/crypt.c
+++ b/src/backend/libpq/crypt.c
@@ -9,7 +9,7 @@
* Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $PostgreSQL: pgsql/src/backend/libpq/crypt.c,v 1.75 2008/09/15 12:32:56 mha Exp $
+ * $PostgreSQL: pgsql/src/backend/libpq/crypt.c,v 1.76 2008/10/28 12:10:43 mha Exp $
*
*-------------------------------------------------------------------------
*/
@@ -53,14 +53,6 @@ md5_crypt_verify(const Port *port, const char *role, char *client_pass)
if (shadow_pass == NULL || *shadow_pass == '\0')
return STATUS_ERROR;
- /* We can't do crypt with MD5 passwords */
- if (isMD5(shadow_pass) && port->hba->auth_method == uaCrypt)
- {
- ereport(LOG,
- (errmsg("cannot use authentication method \"crypt\" because password is MD5-encrypted")));
- return STATUS_ERROR;
- }
-
/*
* Compare with the encrypted or plain password depending on the
* authentication method being used for this connection.
@@ -106,14 +98,6 @@ md5_crypt_verify(const Port *port, const char *role, char *client_pass)
pfree(crypt_pwd2);
}
break;
- case uaCrypt:
- {
- char salt[3];
-
- strlcpy(salt, port->cryptSalt, sizeof(salt));
- crypt_pwd = crypt(shadow_pass, salt);
- break;
- }
default:
if (isMD5(shadow_pass))
{
diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c
index fbeb185fc9f..d5e56bda453 100644
--- a/src/backend/libpq/hba.c
+++ b/src/backend/libpq/hba.c
@@ -10,7 +10,7 @@
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.171 2008/10/27 20:04:45 mha Exp $
+ * $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.172 2008/10/28 12:10:43 mha Exp $
*
*-------------------------------------------------------------------------
*/
@@ -847,8 +847,6 @@ parse_hba_line(List *line, int line_num, HbaLine *parsedline)
parsedline->auth_method = uaReject;
else if (strcmp(token, "md5") == 0)
parsedline->auth_method = uaMD5;
- else if (strcmp(token, "crypt") == 0)
- parsedline->auth_method = uaCrypt;
else if (strcmp(token, "pam") == 0)
#ifdef USE_PAM
parsedline->auth_method = uaPAM;
diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c
index 4de81673460..c955e1e4fac 100644
--- a/src/backend/postmaster/postmaster.c
+++ b/src/backend/postmaster/postmaster.c
@@ -37,7 +37,7 @@
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.565 2008/09/23 20:35:38 momjian Exp $
+ * $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.566 2008/10/28 12:10:43 mha Exp $
*
* NOTES
*
@@ -323,7 +323,7 @@ static int initMasks(fd_set *rmask);
static void report_fork_failure_to_client(Port *port, int errnum);
static enum CAC_state canAcceptConnections(void);
static long PostmasterRandom(void);
-static void RandomSalt(char *cryptSalt, char *md5Salt);
+static void RandomSalt(char *md5Salt);
static void signal_child(pid_t pid, int signal);
static void SignalSomeChildren(int signal, bool only_autovac);
@@ -1808,7 +1808,7 @@ ConnCreate(int serverFd)
* fork, not after. Else the postmaster's random sequence won't get
* advanced, and all backends would end up using the same salt...
*/
- RandomSalt(port->cryptSalt, port->md5Salt);
+ RandomSalt(port->md5Salt);
}
/*
@@ -3910,49 +3910,20 @@ dummy_handler(SIGNAL_ARGS)
{
}
-
-/*
- * CharRemap: given an int in range 0..61, produce textual encoding of it
- * per crypt(3) conventions.
- */
-static char
-CharRemap(long ch)
-{
- if (ch < 0)
- ch = -ch;
- ch = ch % 62;
-
- if (ch < 26)
- return 'A' + ch;
-
- ch -= 26;
- if (ch < 26)
- return 'a' + ch;
-
- ch -= 26;
- return '0' + ch;
-}
-
/*
* RandomSalt
*/
static void
-RandomSalt(char *cryptSalt, char *md5Salt)
+RandomSalt(char *md5Salt)
{
- long rand = PostmasterRandom();
-
- cryptSalt[0] = CharRemap(rand % 62);
- cryptSalt[1] = CharRemap(rand / 62);
+ long rand;
/*
- * It's okay to reuse the first random value for one of the MD5 salt
- * bytes, since only one of the two salts will be sent to the client.
- * After that we need to compute more random bits.
- *
* We use % 255, sacrificing one possible byte value, so as to ensure that
* all bits of the random() value participate in the result. While at it,
* add one to avoid generating any null bytes.
*/
+ rand = PostmasterRandom();
md5Salt[0] = (rand % 255) + 1;
rand = PostmasterRandom();
md5Salt[1] = (rand % 255) + 1;
diff --git a/src/include/libpq/hba.h b/src/include/libpq/hba.h
index 54ecc560d81..79b5a51c6d0 100644
--- a/src/include/libpq/hba.h
+++ b/src/include/libpq/hba.h
@@ -4,7 +4,7 @@
* Interface to hba.c
*
*
- * $PostgreSQL: pgsql/src/include/libpq/hba.h,v 1.50 2008/10/23 13:31:10 mha Exp $
+ * $PostgreSQL: pgsql/src/include/libpq/hba.h,v 1.51 2008/10/28 12:10:44 mha Exp $
*
*-------------------------------------------------------------------------
*/
@@ -22,7 +22,6 @@ typedef enum UserAuth
uaTrust,
uaIdent,
uaPassword,
- uaCrypt,
uaMD5,
uaGSS,
uaSSPI,
diff --git a/src/include/libpq/libpq-be.h b/src/include/libpq/libpq-be.h
index 4d5e0039c89..73f42298c42 100644
--- a/src/include/libpq/libpq-be.h
+++ b/src/include/libpq/libpq-be.h
@@ -11,7 +11,7 @@
* Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $PostgreSQL: pgsql/src/include/libpq/libpq-be.h,v 1.67 2008/09/15 12:32:57 mha Exp $
+ * $PostgreSQL: pgsql/src/include/libpq/libpq-be.h,v 1.68 2008/10/28 12:10:44 mha Exp $
*
*-------------------------------------------------------------------------
*/
@@ -123,7 +123,6 @@ typedef struct Port
*/
HbaLine *hba;
char md5Salt[4]; /* Password salt */
- char cryptSalt[2]; /* Password salt */
/*
* Information that really has no business at all being in struct Port,
diff --git a/src/include/libpq/pqcomm.h b/src/include/libpq/pqcomm.h
index 31839b20152..6b9437ae045 100644
--- a/src/include/libpq/pqcomm.h
+++ b/src/include/libpq/pqcomm.h
@@ -9,7 +9,7 @@
* Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $PostgreSQL: pgsql/src/include/libpq/pqcomm.h,v 1.108 2008/01/01 19:45:58 momjian Exp $
+ * $PostgreSQL: pgsql/src/include/libpq/pqcomm.h,v 1.109 2008/10/28 12:10:44 mha Exp $
*
*-------------------------------------------------------------------------
*/
@@ -153,7 +153,7 @@ extern bool Db_user_namespace;
#define AUTH_REQ_KRB4 1 /* Kerberos V4. Not supported any more. */
#define AUTH_REQ_KRB5 2 /* Kerberos V5 */
#define AUTH_REQ_PASSWORD 3 /* Password */
-#define AUTH_REQ_CRYPT 4 /* crypt password */
+#define AUTH_REQ_CRYPT 4 /* crypt password. Not supported any more. */
#define AUTH_REQ_MD5 5 /* md5 password */
#define AUTH_REQ_SCM_CREDS 6 /* transfer SCM credentials */
#define AUTH_REQ_GSS 7 /* GSSAPI without wrap() */
diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
index f0d79487129..64631966489 100644
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -7,7 +7,7 @@
* Portions Copyright (c) 1994, Regents of the University of California
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.137 2008/01/31 18:58:30 tgl Exp $
+ * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.138 2008/10/28 12:10:44 mha Exp $
*
*-------------------------------------------------------------------------
*/
@@ -40,10 +40,6 @@
#include <pwd.h>
#endif
-#ifdef HAVE_CRYPT_H
-#include <crypt.h>
-#endif
-
#include "libpq-fe.h"
#include "fe-auth.h"
#include "libpq/md5.h"
@@ -787,14 +783,6 @@ pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq)
}
break;
}
- case AUTH_REQ_CRYPT:
- {
- char salt[3];
-
- strlcpy(salt, conn->cryptSalt, sizeof(salt));
- crypt_pwd = crypt(password, salt);
- break;
- }
case AUTH_REQ_PASSWORD:
/* discard const so we can assign it */
crypt_pwd = (char *) password;
@@ -938,8 +926,12 @@ pg_fe_sendauth(AuthRequest areq, PGconn *conn)
#endif
- case AUTH_REQ_MD5:
case AUTH_REQ_CRYPT:
+ printfPQExpBuffer(&conn->errorMessage,
+ libpq_gettext("Crypt authentication not supported\n"));
+ return STATUS_ERROR;
+
+ case AUTH_REQ_MD5:
case AUTH_REQ_PASSWORD:
conn->password_needed = true;
if (conn->pgpass == NULL || conn->pgpass[0] == '\0')
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index c611c0de1cb..87809fd7829 100644
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.364 2008/10/27 09:42:31 mha Exp $
+ * $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.365 2008/10/28 12:10:44 mha Exp $
*
*-------------------------------------------------------------------------
*/
@@ -1674,15 +1674,6 @@ keep_going: /* We will come back to here until there is
return PGRES_POLLING_READING;
}
}
- if (areq == AUTH_REQ_CRYPT)
- {
- if (pqGetnchar(conn->cryptSalt,
- sizeof(conn->cryptSalt), conn))
- {
- /* We'll come back when there are more data */
- return PGRES_POLLING_READING;
- }
- }
#if defined(ENABLE_GSS) || defined(ENABLE_SSPI)
/*
diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h
index 8525fb15f05..d5ec8ce13fc 100644
--- a/src/interfaces/libpq/libpq-int.h
+++ b/src/interfaces/libpq/libpq-int.h
@@ -12,7 +12,7 @@
* Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.135 2008/10/27 09:42:31 mha Exp $
+ * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.136 2008/10/28 12:10:44 mha Exp $
*
*-------------------------------------------------------------------------
*/
@@ -340,7 +340,6 @@ struct pg_conn
int be_pid; /* PID of backend --- needed for cancels */
int be_key; /* key of backend --- needed for cancels */
char md5Salt[4]; /* password salt received from backend */
- char cryptSalt[2]; /* password salt received from backend */
pgParameterStatus *pstatus; /* ParameterStatus data */
int client_encoding; /* encoding id */
bool std_strings; /* standard_conforming_strings */
--
GitLab