pgsql: Replace isMD5() with a more future-proof way to check if pw is e

From: Heikki Linnakangas <heikki(dot)linnakangas(at)iki(dot)fi>
To: pgsql-committers(at)postgresql(dot)org
Subject: pgsql: Replace isMD5() with a more future-proof way to check if pw is e
Date: 2017-02-01 11:13:33
Message-ID: E1cYsqz-0001Jj-Ai@gemulon.postgresql.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-committers

Replace isMD5() with a more future-proof way to check if pw is encrypted.

The rule is that if pg_authid.rolpassword begins with "md5" and has the
right length, it's an MD5 hash, otherwise it's a plaintext password. The
idiom has been to use isMD5() to check for that, but that gets awkward,
when we add new kinds of verifiers, like the verifiers for SCRAM
authentication in the pending SCRAM patch set. Replace isMD5() with a new
get_password_type() function, so that when new verifier types are added, we
don't need to remember to modify every place that currently calls isMD5(),
to also recognize the new kinds of verifiers.

Also, use the new plain_crypt_verify function in passwordcheck, so that it
doesn't need to know about MD5, or in the future, about other kinds of
hashes or password verifiers.

Reviewed by Michael Paquier and Peter Eisentraut.

Discussion: https://www.postgresql.org/message-id/2d07165c-1793-e243-a2a9-e45b624c7580@iki.fi

Branch
------
master

Details
-------
http://git.postgresql.org/pg/commitdiff/dbd69118c05d73969a1bd52ead6702c6e40b0fee

Modified Files
--------------
contrib/passwordcheck/passwordcheck.c | 136 ++++++++++++++---------------
src/backend/commands/user.c | 44 ++++------
src/backend/libpq/crypt.c | 159 +++++++++++++++++++++++++---------
src/include/commands/user.h | 17 +---
src/include/common/md5.h | 4 -
src/include/libpq/crypt.h | 19 +++-
6 files changed, 220 insertions(+), 159 deletions(-)

Browse pgsql-committers by date

  From Date Subject
Next Message Tom Lane 2017-02-01 16:02:46 pgsql: Improve psql's behavior for \set and \unset of its control varia
Previous Message Heikki Linnakangas 2017-02-01 10:18:41 pgsql: Don't create "holes" in BufFiles, in the new logtape code.