diff options
| author | Heikki Linnakangas | 2017-02-01 11:11:37 +0000 |
|---|---|---|
| committer | Heikki Linnakangas | 2017-02-01 11:11:37 +0000 |
| commit | dbd69118c05d73969a1bd52ead6702c6e40b0fee (patch) | |
| tree | 66d8ab158c9b8cec81b37db64bdaaa1a170aba4c /src/include/commands/user.h | |
| parent | 7ac4a389a7dbddaa8b19deb228f0a988e79c5795 (diff) | |
Replace isMD5() with a more future-proof way to check if pw is encrypted.
The rule is that if pg_authid.rolpassword begins with "md5" and has the
right length, it's an MD5 hash, otherwise it's a plaintext password. The
idiom has been to use isMD5() to check for that, but that gets awkward,
when we add new kinds of verifiers, like the verifiers for SCRAM
authentication in the pending SCRAM patch set. Replace isMD5() with a new
get_password_type() function, so that when new verifier types are added, we
don't need to remember to modify every place that currently calls isMD5(),
to also recognize the new kinds of verifiers.
Also, use the new plain_crypt_verify function in passwordcheck, so that it
doesn't need to know about MD5, or in the future, about other kinds of
hashes or password verifiers.
Reviewed by Michael Paquier and Peter Eisentraut.
Discussion: https://www.postgresql.org/message-id/[email protected]
Diffstat (limited to 'src/include/commands/user.h')
| -rw-r--r-- | src/include/commands/user.h | 17 |
1 files changed, 4 insertions, 13 deletions
diff --git a/src/include/commands/user.h b/src/include/commands/user.h index 102c2a5861f..08037e0f81a 100644 --- a/src/include/commands/user.h +++ b/src/include/commands/user.h @@ -12,24 +12,15 @@ #define USER_H #include "catalog/objectaddress.h" +#include "libpq/crypt.h" #include "nodes/parsenodes.h" #include "parser/parse_node.h" - -/* - * Types of password, for Password_encryption GUC and the password_type - * argument of the check-password hook. - */ -typedef enum PasswordType -{ - PASSWORD_TYPE_PLAINTEXT = 0, - PASSWORD_TYPE_MD5 -} PasswordType; - -extern int Password_encryption; /* GUC */ +/* GUC. Is actually of type PasswordType. */ +extern int Password_encryption; /* Hook to check passwords in CreateRole() and AlterRole() */ -typedef void (*check_password_hook_type) (const char *username, const char *password, int password_type, Datum validuntil_time, bool validuntil_null); +typedef void (*check_password_hook_type) (const char *username, const char *shadow_pass, PasswordType password_type, Datum validuntil_time, bool validuntil_null); extern PGDLLIMPORT check_password_hook_type check_password_hook; |