mirror of
https://github.com/postgres/postgres.git
synced 2026-03-13 22:28:01 -04:00
7f56d43663
This commit fixes a couple of issues related to the way password verifiers hashed with MD5 or SCRAM-SHA-256 are detected, leading to being able to store in catalogs passwords which do not follow the supported hash formats: - A MD5-hashed entry was checked based on if its header uses "md5" and if the string length matches what is expected. Unfortunately the code never checked if the hash only used hexadecimal characters, as reported by Tom Lane. - A SCRAM-hashed entry was checked based on only its header, which should be "SCRAM-SHA-256$", but it never checked for any fields afterwards, as reported by Jonathan Katz. Backpatch down to v10, which is where SCRAM has been introduced, and where password verifiers in plain format have been removed. Author: Jonathan Katz Reviewed-by: Tom Lane, Michael Paquier Discussion: https://postgr.es/m/016deb6b-1f0a-8e9f-1833-a8675b170aa9@postgresql.org Backpatch-through: 10
27 lines
846 B
C
27 lines
846 B
C
/*-------------------------------------------------------------------------
|
|
*
|
|
* md5.h
|
|
* Interface to libpq/md5.c
|
|
*
|
|
* These definitions are needed by both frontend and backend code to work
|
|
* with MD5-encrypted passwords.
|
|
*
|
|
* Portions Copyright (c) 1996-2018, PostgreSQL Global Development Group
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
|
*
|
|
* src/include/common/md5.h
|
|
*
|
|
*-------------------------------------------------------------------------
|
|
*/
|
|
#ifndef PG_MD5_H
|
|
#define PG_MD5_H
|
|
|
|
#define MD5_PASSWD_CHARSET "0123456789abcdef"
|
|
#define MD5_PASSWD_LEN 35
|
|
|
|
extern bool pg_md5_hash(const void *buff, size_t len, char *hexsum);
|
|
extern bool pg_md5_binary(const void *buff, size_t len, void *outbuf);
|
|
extern bool pg_md5_encrypt(const char *passwd, const char *salt,
|
|
size_t salt_len, char *buf);
|
|
|
|
#endif
|