Apply 0005-Refactor-decision-making-of-password-encryption-into.patch + cherry-pick babe05b

afiskon · afiskon · commit 2cc896b8b008 · 2016-11-10T18:35:42.000+03:00
diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
@@ -1163,21 +1163,22 @@ include_dir 'conf.d'
      </varlistentry>
 
      <varlistentry id="guc-password-encryption" xreflabel="password_encryption">
-      <term><varname>password_encryption</varname> (<type>boolean</type>)
+      <term><varname>password_encryption</varname> (<type>enum</type>)
       <indexterm>
        <primary><varname>password_encryption</> configuration parameter</primary>
       </indexterm>
       </term>
       <listitem>
        <para>
-        When a password is specified in <xref
-        linkend="sql-createuser"> or
-        <xref linkend="sql-alterrole">
-        without writing either <literal>ENCRYPTED</> or
-        <literal>UNENCRYPTED</>, this parameter determines whether the
-        password is to be encrypted. The default is <literal>on</>
-        (encrypt the password).
+        When a password is specified in <xref linkend="sql-createuser"> or
+        <xref linkend="sql-alterrole"> without writing either <literal>ENCRYPTED</>
+        or <literal>UNENCRYPTED</>, this parameter determines whether the
+        password is to be encrypted. The default value is <literal>md5</>, which
+        stores the password as an MD5 hash. Setting this to <literal>plain</> stores
+        it in plaintext. <literal>on</> and <literal>off</> are also accepted, as
+        aliases for <literal>md5</> and <literal>plain</>, respectively.
        </para>
+       
       </listitem>
      </varlistentry>
 
diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
@@ -44,7 +44,7 @@ Oid			binary_upgrade_next_pg_authid_oid = InvalidOid;
 
 
 /* GUC parameter */
-extern bool Password_encryption;
+int			Password_encryption = PASSWORD_TYPE_MD5;
 
 /* Hook to check passwords in CreateRole() and AlterRole() */
 check_password_hook_type check_password_hook = NULL;
@@ -55,6 +55,8 @@ static void AddRoleMems(const char *rolename, Oid roleid,
 static void DelRoleMems(const char *rolename, Oid roleid,
 			List *memberSpecs, List *memberIds,
 			bool admin_opt);
+static char *encrypt_password(char *passwd, char *rolname,
+			int passwd_type);
 
 
 /* Check if current user has createrole privileges */
@@ -64,6 +66,48 @@ have_createrole_privilege(void)
 	return has_createrole_privilege(GetUserId());
 }
 
+/*
+ * Encrypt a password if necessary for insertion in pg_authid.
+ *
+ * If a password is found as already MD5-encrypted, no error is raised
+ * to ease the dump and reload of such data. Returns a palloc'ed string
+ * holding the encrypted password.
+ */
+static char *
+encrypt_password(char *password, char *rolname, int passwd_type)
+{
+	char *res;
+
+	Assert(password != NULL);
+
+	/*
+	 * If a password is already identified as MD5-encrypted, it is used
+	 * as such.  If the password given is not encrypted, adapt it depending
+	 * on the type wanted by the caller of this routine.
+	 */
+	if (isMD5(password))
+		res = pstrdup(password);
+	else
+	{
+		switch (passwd_type)
+		{
+			case PASSWORD_TYPE_PLAINTEXT:
+				res = pstrdup(password);
+				break;
+			case PASSWORD_TYPE_MD5:
+				res = (char *) palloc(MD5_PASSWD_LEN + 1);
+				if (!pg_md5_encrypt(password, rolname,
+									strlen(rolname),
+									res))
+					elog(ERROR, "password encryption failed");
+				break;
+			default:
+				Assert(0);	/* should not come here */
+		}
+	}
+
+	return res;
+}
 
 /*
  * CREATE ROLE
@@ -80,8 +124,8 @@ CreateRole(CreateRoleStmt *stmt)
 	ListCell   *item;
 	ListCell   *option;
 	char	   *password = NULL;	/* user password */
-	bool		encrypt_password = Password_encryption; /* encrypt password? */
-	char		encrypted_password[MD5_PASSWD_LEN + 1];
+	int			password_type = Password_encryption; /* encrypt password? */
+	char	   *encrypted_passwd;
 	bool		issuper = false;	/* Make the user a superuser? */
 	bool		inherit = true; /* Auto inherit privileges? */
 	bool		createrole = false;		/* Can this user create roles? */
@@ -139,9 +183,9 @@ CreateRole(CreateRoleStmt *stmt)
 						 errmsg("conflicting or redundant options")));
 			dpassword = defel;
 			if (strcmp(defel->defname, "encryptedPassword") == 0)
-				encrypt_password = true;
+				password_type = PASSWORD_TYPE_MD5;
 			else if (strcmp(defel->defname, "unencryptedPassword") == 0)
-				encrypt_password = false;
+				password_type = PASSWORD_TYPE_PLAINTEXT;
 		}
 		else if (strcmp(defel->defname, "sysid") == 0)
 		{
@@ -380,17 +424,13 @@ CreateRole(CreateRoleStmt *stmt)
 
 	if (password)
 	{
-		if (!encrypt_password || isMD5(password))
-			new_record[Anum_pg_authid_rolpassword - 1] =
-				CStringGetTextDatum(password);
-		else
-		{
-			if (!pg_md5_encrypt(password, stmt->role, strlen(stmt->role),
-								encrypted_password))
-				elog(ERROR, "password encryption failed");
-			new_record[Anum_pg_authid_rolpassword - 1] =
-				CStringGetTextDatum(encrypted_password);
-		}
+		encrypted_passwd = encrypt_password(password,
+											stmt->role,
+											password_type);
+
+		new_record[Anum_pg_authid_rolpassword - 1] =
+			CStringGetTextDatum(encrypted_passwd);
+		pfree(encrypted_passwd);
 	}
 	else
 		new_record_nulls[Anum_pg_authid_rolpassword - 1] = true;
@@ -492,8 +532,8 @@ AlterRole(AlterRoleStmt *stmt)
 	ListCell   *option;
 	char	   *rolename = NULL;
 	char	   *password = NULL;	/* user password */
-	bool		encrypt_password = Password_encryption; /* encrypt password? */
-	char		encrypted_password[MD5_PASSWD_LEN + 1];
+	int			password_type = Password_encryption; /* encrypt password? */
+	char	   *encrypted_passwd;
 	int			issuper = -1;	/* Make the user a superuser? */
 	int			inherit = -1;	/* Auto inherit privileges? */
 	int			createrole = -1;	/* Can this user create roles? */
@@ -537,9 +577,9 @@ AlterRole(AlterRoleStmt *stmt)
 						 errmsg("conflicting or redundant options")));
 			dpassword = defel;
 			if (strcmp(defel->defname, "encryptedPassword") == 0)
-				encrypt_password = true;
+				password_type = PASSWORD_TYPE_MD5;
 			else if (strcmp(defel->defname, "unencryptedPassword") == 0)
-				encrypt_password = false;
+				password_type = PASSWORD_TYPE_PLAINTEXT;
 		}
 		else if (strcmp(defel->defname, "superuser") == 0)
 		{
@@ -791,18 +831,14 @@ AlterRole(AlterRoleStmt *stmt)
 	/* password */
 	if (password)
 	{
-		if (!encrypt_password || isMD5(password))
-			new_record[Anum_pg_authid_rolpassword - 1] =
-				CStringGetTextDatum(password);
-		else
-		{
-			if (!pg_md5_encrypt(password, rolename, strlen(rolename),
-								encrypted_password))
-				elog(ERROR, "password encryption failed");
-			new_record[Anum_pg_authid_rolpassword - 1] =
-				CStringGetTextDatum(encrypted_password);
-		}
+		encrypted_passwd = encrypt_password(password,
+											rolename,
+											password_type);
+
+		new_record[Anum_pg_authid_rolpassword - 1] =
+			CStringGetTextDatum(encrypted_passwd);
 		new_record_repl[Anum_pg_authid_rolpassword - 1] = true;
+		pfree(encrypted_passwd);
 	}
 
 	/* unset password */
diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
@@ -35,6 +35,7 @@
 #include "catalog/namespace.h"
 #include "commands/async.h"
 #include "commands/prepare.h"
+#include "commands/user.h"
 #include "commands/vacuum.h"
 #include "commands/variable.h"
 #include "commands/trigger.h"
@@ -395,6 +396,24 @@ static const struct config_enum_entry force_parallel_mode_options[] = {
 	{NULL, 0, false}
 };
 
+/*
+ * password_encryption used to be a boolean, so accept all the likely
+ * variants of "on" and "off", too.
+ */
+static const struct config_enum_entry password_encryption_options[] = {
+	{"plain", PASSWORD_TYPE_PLAINTEXT, false},
+	{"md5", PASSWORD_TYPE_MD5, false},
+	{"off", PASSWORD_TYPE_PLAINTEXT, false},
+	{"on", PASSWORD_TYPE_MD5, false},
+	{"true", PASSWORD_TYPE_MD5, true},
+	{"false", PASSWORD_TYPE_PLAINTEXT, true},
+	{"yes", PASSWORD_TYPE_MD5, true},
+	{"no", PASSWORD_TYPE_PLAINTEXT, true},
+	{"1", PASSWORD_TYPE_MD5, true},
+	{"0", PASSWORD_TYPE_PLAINTEXT, true},
+	{NULL, 0, false}
+};
+
 /*
  * Options for enum values stored in other modules
  */
@@ -425,8 +444,6 @@ bool		check_function_bodies = true;
 bool		default_with_oids = false;
 bool		SQL_inheritance = true;
 
-bool		Password_encryption = true;
-
 int			log_min_error_statement = ERROR;
 int			log_min_messages = WARNING;
 int			client_min_messages = NOTICE;
@@ -1325,17 +1342,6 @@ static struct config_bool ConfigureNamesBool[] =
 		true,
 		NULL, NULL, NULL
 	},
-	{
-		{"password_encryption", PGC_USERSET, CONN_AUTH_SECURITY,
-			gettext_noop("Encrypt passwords."),
-			gettext_noop("When a password is specified in CREATE USER or "
-			   "ALTER USER without writing either ENCRYPTED or UNENCRYPTED, "
-						 "this parameter determines whether the password is to be encrypted.")
-		},
-		&Password_encryption,
-		true,
-		NULL, NULL, NULL
-	},
 	{
 		{"transform_null_equals", PGC_USERSET, COMPAT_OPTIONS_CLIENT,
 			gettext_noop("Treats \"expr=NULL\" as \"expr IS NULL\"."),
@@ -3899,6 +3905,18 @@ static struct config_enum ConfigureNamesEnum[] =
 		NULL, NULL, NULL
 	},
 
+	{
+		{"password_encryption", PGC_USERSET, CONN_AUTH_SECURITY,
+			gettext_noop("Encrypt passwords."),
+			gettext_noop("When a password is specified in CREATE USER or "
+			   "ALTER USER without writing either ENCRYPTED or UNENCRYPTED, "
+						 "this parameter determines whether the password is to be encrypted.")
+		},
+		&Password_encryption,
+		PASSWORD_TYPE_MD5, password_encryption_options,
+		NULL, NULL, NULL
+	},
+
 	/* End-of-list marker */
 	{
 		{NULL, 0, 0, NULL, NULL}, NULL, 0, NULL, NULL, NULL, NULL
diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample
@@ -85,7 +85,7 @@
 #ssl_key_file = 'server.key'		# (change requires restart)
 #ssl_ca_file = ''			# (change requires restart)
 #ssl_crl_file = ''			# (change requires restart)
-#password_encryption = on
+#password_encryption = md5		# md5 or plain
 #db_user_namespace = off
 #row_security = on
 
diff --git a/src/include/commands/user.h b/src/include/commands/user.h
@@ -15,10 +15,19 @@
 #include "nodes/parsenodes.h"
 
 
-/* Hook to check passwords in CreateRole() and AlterRole() */
-#define PASSWORD_TYPE_PLAINTEXT		0
-#define PASSWORD_TYPE_MD5			1
+/*
+ * Types of password, for Password_encryption GUC and the password_type
+ * argument of the check-password hook.
+ */
+typedef enum PasswordType
+{
+	PASSWORD_TYPE_PLAINTEXT = 0,
+	PASSWORD_TYPE_MD5
+} PasswordType;
+ 
+extern int	Password_encryption;	/* GUC */
 
+/* Hook to check passwords in CreateRole() and AlterRole() */
 typedef void (*check_password_hook_type) (const char *username, const char *password, int password_type, Datum validuntil_time, bool validuntil_null);
 
 extern PGDLLIMPORT check_password_hook_type check_password_hook;
