diff options
| author | Heikki Linnakangas | 2016-12-12 10:48:13 +0000 |
|---|---|---|
| committer | Heikki Linnakangas | 2016-12-12 10:48:13 +0000 |
| commit | e7f051b8f9a6341f6d3bf80b29c1dbc1837be9ab (patch) | |
| tree | 80671dc0282a774373dba495f6e29e7a7631d2ee /src/include/libpq | |
| parent | 58445c5c8d1424038d654ad9ee8af3724c60105e (diff) | |
Refactor the code for verifying user's password.
Split md5_crypt_verify() into three functions:
* get_role_password() to fetch user's password from pg_authid, and check
its expiration.
* md5_crypt_verify() to check an MD5 authentication challenge
* plain_crypt_verify() to check a plaintext password.
get_role_password() will be needed as a separate function by the upcoming
SCRAM authentication patch set. Most of the remaining functionality in
md5_crypt_verify() was different for MD5 and plaintext authentication, so
split that for readability.
While we're at it, simplify the *_crypt_verify functions by using
stack-allocated buffers to hold the temporary MD5 hashes, instead of
pallocing.
Reviewed by Michael Paquier.
Discussion: https://www.postgresql.org/message-id/3029e460-d47c-710e-507e-d8ba759d7cbb@iki.fi
Diffstat (limited to 'src/include/libpq')
| -rw-r--r-- | src/include/libpq/crypt.h | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/include/libpq/crypt.h b/src/include/libpq/crypt.h index 4ca8a75c468..229ce76b61e 100644 --- a/src/include/libpq/crypt.h +++ b/src/include/libpq/crypt.h @@ -15,7 +15,12 @@ #include "datatype/timestamp.h" -extern int md5_crypt_verify(const char *role, char *client_pass, - char *md5_salt, int md5_salt_len, char **logdetail); +extern int get_role_password(const char *role, char **shadow_pass, char **logdetail); + +extern int md5_crypt_verify(const char *role, const char *shadow_pass, + const char *client_pass, const char *md5_salt, + int md5_salt_len, char **logdetail); +extern int plain_crypt_verify(const char *role, const char *shadow_pass, + const char *client_pass, char **logdetail); #endif |