Remove support for (insecure) crypt authentication.

This breaks compatibility with pre-7.2 versions.
2025-06-02 00:01:40 -04:00 · 2008-10-28 12:10:44 +00:00 · 2008-10-28 12:10:44 +00:00 · 53a5026b5c
commit 53a5026b5c
parent ba4eb01554
13 changed files with 30 additions and 200 deletions
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.109 2008/10/23 13:31:09 mha Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.110 2008/10/28 12:10:42 mha Exp $ -->
 <chapter id="client-authentication">
 <title>Client Authentication</title>
@ -315,24 +315,6 @@ hostnossl  <replaceable>database</replaceable>  <replaceable>user</replaceable>
        </listitem>
       </varlistentry>
       <varlistentry>
        <term><literal>crypt</></term>
        <listitem>
         <note>
         <para>
          This option is recommended only for communicating with pre-7.2
          clients.
         </para>
         </note>
         <para>
          Require the client to supply a <function>crypt()</>-encrypted
          password for authentication.
          <literal>md5</literal> is now recommended over <literal>crypt</>.
          See <xref linkend="auth-password"> for details.
         </para>
        </listitem>
       </varlistentry>
       <varlistentry>
        <term><literal>password</></term>
        <listitem>
@ -704,9 +686,6 @@ omicron       bryanh            guest1
   <indexterm>
    <primary>MD5</>
   </indexterm>
   <indexterm>
    <primary>crypt</>
   </indexterm>
   <indexterm>
    <primary>password</primary>
    <secondary>authentication</secondary>
@ -714,21 +693,15 @@ omicron       bryanh            guest1
   <para>
    The password-based authentication methods are <literal>md5</>,
-    <literal>crypt</>, and <literal>password</>. These methods operate
+    and <literal>password</>. These methods operate
    similarly except for the way that the password is sent across the
-    connection: respectively, MD5-hashed, crypt-encrypted, and clear-text.
+    connection: respectively, MD5-hashed and clear-text.
    A limitation is that the <literal>crypt</> method does not work with
    passwords that have been encrypted in <structname>pg_authid</structname>.
   </para>
   <para>
    If you are at all concerned about password
-    <quote>sniffing</> attacks then <literal>md5</> is preferred, with
+    <quote>sniffing</> attacks then <literal>md5</> is preferred.
-    <literal>crypt</> to be used only if you must support pre-7.2
+    Plain <literal>password</> should always be avoided if possible.
    clients. Plain <literal>password</> should be avoided especially for
    connections over the open Internet (unless you use <acronym>SSL</acronym>,
    <acronym>SSH</>, or another
    communications security wrapper around the connection).
   </para>
   <para>
--- a/doc/src/sgml/protocol.sgml
+++ b/doc/src/sgml/protocol.sgml
@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/protocol.sgml,v 1.73 2008/02/08 18:18:05 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/protocol.sgml,v 1.74 2008/10/28 12:10:42 mha Exp $ -->
 <chapter id="protocol">
 <title>Frontend/Backend Protocol</title>
@ -295,19 +295,6 @@
      </listitem>
     </varlistentry>
     <varlistentry>
      <term>AuthenticationCryptPassword</term>
      <listitem>
       <para>
        The frontend must now send a PasswordMessage containing the
        password encrypted via crypt(3), using the 2-character salt
        specified in the AuthenticationCryptPassword message.  If
        this is the correct password, the server responds with an
        AuthenticationOk, otherwise it responds with an ErrorResponse.
       </para>
      </listitem>
     </varlistentry>
     <varlistentry>
      <term>AuthenticationMD5Password</term>
      <listitem>
@ -1531,61 +1518,6 @@ AuthenticationCleartextPassword (B)
 </varlistentry>
 <varlistentry>
 <term>
 AuthenticationCryptPassword (B)
 </term>
 <listitem>
 <para>
 <variablelist>
 <varlistentry>
 <term>
        Byte1('R')
 </term>
 <listitem>
 <para>
                Identifies the message as an authentication request.
 </para>
 </listitem>
 </varlistentry>
 <varlistentry>
 <term>
        Int32(10)
 </term>
 <listitem>
 <para>
                Length of message contents in bytes, including self.
 </para>
 </listitem>
 </varlistentry>
 <varlistentry>
 <term>
        Int32(4)
 </term>
 <listitem>
 <para>
                Specifies that a crypt()-encrypted password is required.
 </para>
 </listitem>
 </varlistentry>
 <varlistentry>
 <term>
        Byte2
 </term>
 <listitem>
 <para>
                The salt to use when encrypting the password.
 </para>
 </listitem>
 </varlistentry>
 </variablelist>
 </para>
 </listitem>
 </varlistentry>
 <varlistentry>
 <term>
 AuthenticationMD5Password (B)
--- a/doc/src/sgml/user-manag.sgml
+++ b/doc/src/sgml/user-manag.sgml
@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/user-manag.sgml,v 1.40 2008/09/08 00:47:40 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/user-manag.sgml,v 1.41 2008/10/28 12:10:42 mha Exp $ -->
 <chapter id="user-manag">
 <title>Database Roles and Privileges</title>
@ -215,8 +215,8 @@ CREATE USER <replaceable>name</replaceable>;
       <para>
        A password is only significant if the client authentication
        method requires the user to supply a password when connecting
-        to the database. The <option>password</>,
+        to the database. The <option>password</> and
-        <option>md5</>, and <option>crypt</> authentication methods
+        <option>md5</> authentication methods
        make use of passwords. Database passwords are separate from
        operating system passwords. Specify a password upon role
        creation with <literal>CREATE ROLE
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.169 2008/10/23 13:31:10 mha Exp $
+ *	  $PostgreSQL: pgsql/src/backend/libpq/auth.c,v 1.170 2008/10/28 12:10:43 mha Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -230,7 +230,6 @@ auth_failed(Port *port, int status)
 			errstr = gettext_noop("Ident authentication failed for user \"%s\"");
 			break;
 		case uaMD5:
 		case uaCrypt:
 		case uaPassword:
 			errstr = gettext_noop("password authentication failed for user \"%s\"");
 			break;
@ -373,11 +372,6 @@ ClientAuthentication(Port *port)
 			status = recv_and_check_password_packet(port);
 			break;
 		case uaCrypt:
 			sendAuthRequest(port, AUTH_REQ_CRYPT);
 			status = recv_and_check_password_packet(port);
 			break;
 		case uaPassword:
 			sendAuthRequest(port, AUTH_REQ_PASSWORD);
 			status = recv_and_check_password_packet(port);
@ -426,8 +420,6 @@ sendAuthRequest(Port *port, AuthRequest areq)
 	/* Add the salt for encrypted passwords. */
 	if (areq == AUTH_REQ_MD5)
 		pq_sendbytes(&buf, port->md5Salt, 4);
 	else if (areq == AUTH_REQ_CRYPT)
 		pq_sendbytes(&buf, port->cryptSalt, 2);
 #if defined(ENABLE_GSS) || defined(ENABLE_SSPI)
--- a/src/backend/libpq/crypt.c
+++ b/src/backend/libpq/crypt.c
@ -9,7 +9,7 @@
 * Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $PostgreSQL: pgsql/src/backend/libpq/crypt.c,v 1.75 2008/09/15 12:32:56 mha Exp $
+ * $PostgreSQL: pgsql/src/backend/libpq/crypt.c,v 1.76 2008/10/28 12:10:43 mha Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -53,14 +53,6 @@ md5_crypt_verify(const Port *port, const char *role, char *client_pass)
 	if (shadow_pass == NULL || *shadow_pass == '\0')
 		return STATUS_ERROR;
 	/* We can't do crypt with MD5 passwords */
 	if (isMD5(shadow_pass) && port->hba->auth_method == uaCrypt)
 	{
 		ereport(LOG,
 				(errmsg("cannot use authentication method \"crypt\" because password is MD5-encrypted")));
 		return STATUS_ERROR;
 	}
 	/*
 	 * Compare with the encrypted or plain password depending on the
 	 * authentication method being used for this connection.
@ -106,14 +98,6 @@ md5_crypt_verify(const Port *port, const char *role, char *client_pass)
 				pfree(crypt_pwd2);
 			}
 			break;
 		case uaCrypt:
 			{
 				char		salt[3];
 				strlcpy(salt, port->cryptSalt, sizeof(salt));
 				crypt_pwd = crypt(shadow_pass, salt);
 				break;
 			}
 		default:
 			if (isMD5(shadow_pass))
 			{
--- a/src/backend/libpq/hba.c
+++ b/src/backend/libpq/hba.c
@ -10,7 +10,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.171 2008/10/27 20:04:45 mha Exp $
+ *	  $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.172 2008/10/28 12:10:43 mha Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -847,8 +847,6 @@ parse_hba_line(List *line, int line_num, HbaLine *parsedline)
 		parsedline->auth_method = uaReject;
 	else if (strcmp(token, "md5") == 0)
 		parsedline->auth_method = uaMD5;
 	else if (strcmp(token, "crypt") == 0)
 		parsedline->auth_method = uaCrypt;
 	else if (strcmp(token, "pam") == 0)
 #ifdef USE_PAM
 		parsedline->auth_method = uaPAM;
--- a/src/backend/postmaster/postmaster.c
+++ b/src/backend/postmaster/postmaster.c
@ -37,7 +37,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.565 2008/09/23 20:35:38 momjian Exp $
+ *	  $PostgreSQL: pgsql/src/backend/postmaster/postmaster.c,v 1.566 2008/10/28 12:10:43 mha Exp $
 *
 * NOTES
 *
@ -323,7 +323,7 @@ static int	initMasks(fd_set *rmask);
 static void report_fork_failure_to_client(Port *port, int errnum);
 static enum CAC_state canAcceptConnections(void);
 static long PostmasterRandom(void);
-static void RandomSalt(char *cryptSalt, char *md5Salt);
+static void RandomSalt(char *md5Salt);
 static void signal_child(pid_t pid, int signal);
 static void SignalSomeChildren(int signal, bool only_autovac);
@ -1808,7 +1808,7 @@ ConnCreate(int serverFd)
 		 * fork, not after.  Else the postmaster's random sequence won't get
 		 * advanced, and all backends would end up using the same salt...
 		 */
-		RandomSalt(port->cryptSalt, port->md5Salt);
+		RandomSalt(port->md5Salt);
 	}
 	/*
@ -3910,49 +3910,20 @@ dummy_handler(SIGNAL_ARGS)
 {
 }
 /*
 * CharRemap: given an int in range 0..61, produce textual encoding of it
 * per crypt(3) conventions.
 */
 static char
 CharRemap(long ch)
 {
 	if (ch < 0)
 		ch = -ch;
 	ch = ch % 62;
 	if (ch < 26)
 		return 'A' + ch;
 	ch -= 26;
 	if (ch < 26)
 		return 'a' + ch;
 	ch -= 26;
 	return '0' + ch;
 }
 /*
 * RandomSalt
 */
 static void
-RandomSalt(char *cryptSalt, char *md5Salt)
+RandomSalt(char *md5Salt)
 {
-	long		rand = PostmasterRandom();
+	long		rand;
 	cryptSalt[0] = CharRemap(rand % 62);
 	cryptSalt[1] = CharRemap(rand / 62);
 	/*
 	 * It's okay to reuse the first random value for one of the MD5 salt
 	 * bytes, since only one of the two salts will be sent to the client.
 	 * After that we need to compute more random bits.
 	 *
 	 * We use % 255, sacrificing one possible byte value, so as to ensure that
 	 * all bits of the random() value participate in the result. While at it,
 	 * add one to avoid generating any null bytes.
 	 */
 	rand = PostmasterRandom();
 	md5Salt[0] = (rand % 255) + 1;
 	rand = PostmasterRandom();
 	md5Salt[1] = (rand % 255) + 1;
--- a/src/include/libpq/hba.h
+++ b/src/include/libpq/hba.h
@ -4,7 +4,7 @@
 *	  Interface to hba.c
 *
 *
- * $PostgreSQL: pgsql/src/include/libpq/hba.h,v 1.50 2008/10/23 13:31:10 mha Exp $
+ * $PostgreSQL: pgsql/src/include/libpq/hba.h,v 1.51 2008/10/28 12:10:44 mha Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -22,7 +22,6 @@ typedef enum UserAuth
 	uaTrust,
 	uaIdent,
 	uaPassword,
 	uaCrypt,
 	uaMD5,
 	uaGSS,
 	uaSSPI,
--- a/src/include/libpq/libpq-be.h
+++ b/src/include/libpq/libpq-be.h
@ -11,7 +11,7 @@
 * Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $PostgreSQL: pgsql/src/include/libpq/libpq-be.h,v 1.67 2008/09/15 12:32:57 mha Exp $
+ * $PostgreSQL: pgsql/src/include/libpq/libpq-be.h,v 1.68 2008/10/28 12:10:44 mha Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -123,7 +123,6 @@ typedef struct Port
 	 */
 	HbaLine	   *hba;
 	char		md5Salt[4];		/* Password salt */
 	char		cryptSalt[2];	/* Password salt */
 	/*
 	 * Information that really has no business at all being in struct Port,
--- a/src/include/libpq/pqcomm.h
+++ b/src/include/libpq/pqcomm.h
@ -9,7 +9,7 @@
 * Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $PostgreSQL: pgsql/src/include/libpq/pqcomm.h,v 1.108 2008/01/01 19:45:58 momjian Exp $
+ * $PostgreSQL: pgsql/src/include/libpq/pqcomm.h,v 1.109 2008/10/28 12:10:44 mha Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -153,7 +153,7 @@ extern bool Db_user_namespace;
 #define AUTH_REQ_KRB4		1	/* Kerberos V4. Not supported any more. */
 #define AUTH_REQ_KRB5		2	/* Kerberos V5 */
 #define AUTH_REQ_PASSWORD	3	/* Password */
-#define AUTH_REQ_CRYPT		4	/* crypt password */
+#define AUTH_REQ_CRYPT		4	/* crypt password. Not supported any more. */
 #define AUTH_REQ_MD5		5	/* md5 password */
 #define AUTH_REQ_SCM_CREDS	6	/* transfer SCM credentials */
 #define AUTH_REQ_GSS		7	/* GSSAPI without wrap() */
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@ -7,7 +7,7 @@
 * Portions Copyright (c) 1994, Regents of the University of California
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.137 2008/01/31 18:58:30 tgl Exp $
+ *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-auth.c,v 1.138 2008/10/28 12:10:44 mha Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -40,10 +40,6 @@
 #include <pwd.h>
 #endif
 #ifdef HAVE_CRYPT_H
 #include <crypt.h>
 #endif
 #include "libpq-fe.h"
 #include "fe-auth.h"
 #include "libpq/md5.h"
@ -787,14 +783,6 @@ pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq)
 				}
 				break;
 			}
 		case AUTH_REQ_CRYPT:
 			{
 				char		salt[3];
 				strlcpy(salt, conn->cryptSalt, sizeof(salt));
 				crypt_pwd = crypt(password, salt);
 				break;
 			}
 		case AUTH_REQ_PASSWORD:
 			/* discard const so we can assign it */
 			crypt_pwd = (char *) password;
@ -938,8 +926,12 @@ pg_fe_sendauth(AuthRequest areq, PGconn *conn)
 #endif
 		case AUTH_REQ_MD5:
 		case AUTH_REQ_CRYPT:
 			printfPQExpBuffer(&conn->errorMessage,
 				 libpq_gettext("Crypt authentication not supported\n"));
 			return STATUS_ERROR;
 		case AUTH_REQ_MD5:
 		case AUTH_REQ_PASSWORD:
 			conn->password_needed = true;
 			if (conn->pgpass == NULL || conn->pgpass[0] == '\0')
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@ -8,7 +8,7 @@
 *
 *
 * IDENTIFICATION
- *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.364 2008/10/27 09:42:31 mha Exp $
+ *	  $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.365 2008/10/28 12:10:44 mha Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -1674,15 +1674,6 @@ keep_going:						/* We will come back to here until there is
 						return PGRES_POLLING_READING;
 					}
 				}
 				if (areq == AUTH_REQ_CRYPT)
 				{
 					if (pqGetnchar(conn->cryptSalt,
 								   sizeof(conn->cryptSalt), conn))
 					{
 						/* We'll come back when there are more data */
 						return PGRES_POLLING_READING;
 					}
 				}
 #if defined(ENABLE_GSS) || defined(ENABLE_SSPI)
 				/*
--- a/src/interfaces/libpq/libpq-int.h
+++ b/src/interfaces/libpq/libpq-int.h
@ -12,7 +12,7 @@
 * Portions Copyright (c) 1996-2008, PostgreSQL Global Development Group
 * Portions Copyright (c) 1994, Regents of the University of California
 *
- * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.135 2008/10/27 09:42:31 mha Exp $
+ * $PostgreSQL: pgsql/src/interfaces/libpq/libpq-int.h,v 1.136 2008/10/28 12:10:44 mha Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -340,7 +340,6 @@ struct pg_conn
 	int			be_pid;			/* PID of backend --- needed for cancels */
 	int			be_key;			/* key of backend --- needed for cancels */
 	char		md5Salt[4];		/* password salt received from backend */
 	char		cryptSalt[2];	/* password salt received from backend */
 	pgParameterStatus *pstatus; /* ParameterStatus data */
 	int			client_encoding;	/* encoding id */
 	bool		std_strings;	/* standard_conforming_strings */