diff options
| author | Tom Lane | 2005-12-23 01:16:38 +0000 |
|---|---|---|
| committer | Tom Lane | 2005-12-23 01:16:38 +0000 |
| commit | ea9b028dc77e961b290087972b9bfbe8e91ce82f (patch) | |
| tree | b71ed0d93dfd0f180020275ca3906c2f50aa94d8 /src/interfaces/libpq | |
| parent | e80f9dfa8095656c0d671d89663439c66b806288 (diff) | |
Add an officially exported libpq function to encrypt passwords, and
modify the previous \password patch to use it instead of depending
on a not-officially-exported function. Per discussion.
Diffstat (limited to 'src/interfaces/libpq')
| -rw-r--r-- | src/interfaces/libpq/exports.txt | 3 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-auth.c | 39 | ||||
| -rw-r--r-- | src/interfaces/libpq/libpq-fe.h | 6 |
3 files changed, 45 insertions, 3 deletions
diff --git a/src/interfaces/libpq/exports.txt b/src/interfaces/libpq/exports.txt index bcb18f829ce..3b95bccb467 100644 --- a/src/interfaces/libpq/exports.txt +++ b/src/interfaces/libpq/exports.txt @@ -1,4 +1,4 @@ -# $PostgreSQL: pgsql/src/interfaces/libpq/exports.txt,v 1.5 2005/10/21 15:21:21 tgl Exp $ +# $PostgreSQL: pgsql/src/interfaces/libpq/exports.txt,v 1.6 2005/12/23 01:16:38 tgl Exp $ # Functions to be exported by libpq DLLs PQconnectdb 1 PQsetdbLogin 2 @@ -125,3 +125,4 @@ PQcancel 122 lo_create 123 PQinitSSL 124 PQregisterThreadLock 125 +pg_make_encrypted_password 126 diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c index 95609114f99..039964a9fe5 100644 --- a/src/interfaces/libpq/fe-auth.c +++ b/src/interfaces/libpq/fe-auth.c @@ -10,7 +10,7 @@ * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes). * * IDENTIFICATION - * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.108 2005/11/22 18:17:32 momjian Exp $ + * $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.109 2005/12/23 01:16:38 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -531,3 +531,40 @@ pg_fe_getauthname(char *PQerrormsg) return authn; } + + +/* + * pg_make_encrypted_password -- exported routine to encrypt a password + * + * This is intended to be used by client applications that wish to send + * commands like ALTER USER joe PASSWORD 'pwd'. The password need not + * be sent in cleartext if it is encrypted on the client side. This is + * good because it ensures the cleartext password won't end up in logs, + * pg_stat displays, etc. We export the function so that clients won't + * be dependent on low-level details like whether the enceyption is MD5 + * or something else. + * + * Arguments are the cleartext password, and the SQL name of the user it + * is for. + * + * Return value is a malloc'd string, or NULL if out-of-memory. The client + * may assume the string doesn't contain any weird characters that would + * require escaping. + */ +char * +pg_make_encrypted_password(const char *passwd, const char *user) +{ + char *crypt_pwd; + + crypt_pwd = malloc(MD5_PASSWD_LEN + 1); + if (!crypt_pwd) + return NULL; + + if (!pg_md5_encrypt(passwd, user, strlen(user), crypt_pwd)) + { + free(crypt_pwd); + return NULL; + } + + return crypt_pwd; +} diff --git a/src/interfaces/libpq/libpq-fe.h b/src/interfaces/libpq/libpq-fe.h index f0f0cede54e..fc42c2b28a7 100644 --- a/src/interfaces/libpq/libpq-fe.h +++ b/src/interfaces/libpq/libpq-fe.h @@ -7,7 +7,7 @@ * Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-fe.h,v 1.122 2005/11/23 04:23:28 momjian Exp $ + * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-fe.h,v 1.123 2005/12/23 01:16:38 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -495,6 +495,10 @@ extern int PQdsplen(const char *s, int encoding); /* Get encoding id from environment variable PGCLIENTENCODING */ extern int PQenv2encoding(void); +/* === in fe-auth.c === */ + +extern char *pg_make_encrypted_password(const char *passwd, const char *user); + #ifdef __cplusplus } #endif |