sharpetronics/PostgreSQL
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-05-29 00:03:09 -04:00
Code Issues Projects Releases Wiki Activity
PostgreSQL/src/include/libpq/crypt.h
Heikki Linnakangas c727f120ff Rename "scram" to "scram-sha-256" in pg_hba.conf and password_encryption. 
Per discussion, plain "scram" is confusing because we actually implement
SCRAM-SHA-256 rather than the original SCRAM that uses SHA-1 as the hash
algorithm. If we add support for SCRAM-SHA-512 or some other mechanism in
the SCRAM family in the future, that would become even more confusing.

Most of the internal files and functions still use just "scram" as a
shorthand for SCRMA-SHA-256, but I did change PASSWORD_TYPE_SCRAM to
PASSWORD_TYPE_SCRAM_SHA_256, as that could potentially be used by 3rd
party extensions that hook into the password-check hook.

Michael Paquier did this in an earlier version of the SCRAM patch set
already, but I didn't include that in the version that was committed.

Discussion: https://www.postgresql.org/message-id/fde71ff1-5858-90c8-99a9-1c2427e7bafb@iki.fi
2017-04-18 14:50:50 +03:00

44 lines
1.2 KiB
C
Raw Blame History

/*-------------------------------------------------------------------------
*
* crypt.h
* Interface to libpq/crypt.c
*
* Portions Copyright (c) 1996-2017, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* src/include/libpq/crypt.h
*
*-------------------------------------------------------------------------
*/
#ifndef PG_CRYPT_H
#define PG_CRYPT_H
#include "datatype/timestamp.h"
/*
* Types of password hashes or verifiers that can be stored in
* pg_authid.rolpassword.
*
* This is also used for the password_encryption GUC.
*/
typedef enum PasswordType
{
PASSWORD_TYPE_PLAINTEXT = 0,
PASSWORD_TYPE_MD5,
PASSWORD_TYPE_SCRAM_SHA_256
} PasswordType;
extern PasswordType get_password_type(const char *shadow_pass);
extern char *encrypt_password(PasswordType target_type, const char *role,
const char *password);
extern char *get_role_password(const char *role, char **logdetail);
extern int md5_crypt_verify(const char *role, const char *shadow_pass,
const char *client_pass, const char *md5_salt,
int md5_salt_len, char **logdetail);
extern int plain_crypt_verify(const char *role, const char *shadow_pass,
const char *client_pass, char **logdetail);
#endif
Reference in New Issue View Git Blame Copy Permalink