Skip to content

Commit 759de09

Browse files
afiskonafiskon
committed
apply 0004-Refactor-decision-making-of-password-encryption-into.patch
1 parent 6b8921c commit 759de09

File tree

1 file changed

+60
-24
lines changed

1 file changed

+60
-24
lines changed

src/backend/commands/user.c

Lines changed: 60 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,8 @@ static void AddRoleMems(const char *rolename, Oid roleid,
5555
static void DelRoleMems(const char *rolename, Oid roleid,
5656
List *memberSpecs, List *memberIds,
5757
bool admin_opt);
58+
static char *encrypt_password(char *passwd, char *rolname,
59+
int passwd_type);
5860

5961

6062
/* Check if current user has createrole privileges */
@@ -64,6 +66,48 @@ have_createrole_privilege(void)
6466
return has_createrole_privilege(GetUserId());
6567
}
6668

69+
/*
70+
* Encrypt a password if necessary for insertion in pg_authid.
71+
*
72+
* If a password is found as already MD5-encrypted, no error is raised
73+
* to ease the dump and reload of such data. Returns a palloc'ed string
74+
* holding the encrypted password.
75+
*/
76+
static char *
77+
encrypt_password(char *password, char *rolname, int passwd_type)
78+
{
79+
char *res;
80+
81+
Assert(password != NULL);
82+
83+
/*
84+
* If a password is already identified as MD5-encrypted, it is used
85+
* as such. If the password given is not encrypted, adapt it depending
86+
* on the type wanted by the caller of this routine.
87+
*/
88+
if (isMD5(password))
89+
res = pstrdup(password);
90+
else
91+
{
92+
switch (passwd_type)
93+
{
94+
case PASSWORD_TYPE_PLAINTEXT:
95+
res = pstrdup(password);
96+
break;
97+
case PASSWORD_TYPE_MD5:
98+
res = (char *) palloc(MD5_PASSWD_LEN + 1);
99+
if (!pg_md5_encrypt(password, rolname,
100+
strlen(rolname),
101+
res))
102+
elog(ERROR, "password encryption failed");
103+
break;
104+
default:
105+
Assert(0); /* should not come here */
106+
}
107+
}
108+
109+
return res;
110+
}
67111

68112
/*
69113
* CREATE ROLE
@@ -81,7 +125,7 @@ CreateRole(CreateRoleStmt *stmt)
81125
ListCell *option;
82126
char *password = NULL; /* user password */
83127
int password_type = Password_encryption;
84-
char encrypted_password[MD5_PASSWD_LEN + 1];
128+
char *encrypted_passwd;
85129
bool issuper = false; /* Make the user a superuser? */
86130
bool inherit = true; /* Auto inherit privileges? */
87131
bool createrole = false; /* Can this user create roles? */
@@ -380,17 +424,13 @@ CreateRole(CreateRoleStmt *stmt)
380424

381425
if (password)
382426
{
383-
if (password_type == PASSWORD_TYPE_PLAINTEXT || isMD5(password))
384-
new_record[Anum_pg_authid_rolpassword - 1] =
385-
CStringGetTextDatum(password);
386-
else
387-
{
388-
if (!pg_md5_encrypt(password, stmt->role, strlen(stmt->role),
389-
encrypted_password))
390-
elog(ERROR, "password encryption failed");
391-
new_record[Anum_pg_authid_rolpassword - 1] =
392-
CStringGetTextDatum(encrypted_password);
393-
}
427+
encrypted_passwd = encrypt_password(password,
428+
stmt->role,
429+
password_type);
430+
431+
new_record[Anum_pg_authid_rolpassword - 1] =
432+
CStringGetTextDatum(encrypted_passwd);
433+
pfree(encrypted_passwd);
394434
}
395435
else
396436
new_record_nulls[Anum_pg_authid_rolpassword - 1] = true;
@@ -493,7 +533,7 @@ AlterRole(AlterRoleStmt *stmt)
493533
char *rolename = NULL;
494534
char *password = NULL; /* user password */
495535
int password_type = Password_encryption;
496-
char encrypted_password[MD5_PASSWD_LEN + 1];
536+
char *encrypted_passwd;
497537
int issuper = -1; /* Make the user a superuser? */
498538
int inherit = -1; /* Auto inherit privileges? */
499539
int createrole = -1; /* Can this user create roles? */
@@ -791,18 +831,14 @@ AlterRole(AlterRoleStmt *stmt)
791831
/* password */
792832
if (password)
793833
{
794-
if (password_type == PASSWORD_TYPE_PLAINTEXT || isMD5(password))
795-
new_record[Anum_pg_authid_rolpassword - 1] =
796-
CStringGetTextDatum(password);
797-
else
798-
{
799-
if (!pg_md5_encrypt(password, rolename, strlen(rolename),
800-
encrypted_password))
801-
elog(ERROR, "password encryption failed");
802-
new_record[Anum_pg_authid_rolpassword - 1] =
803-
CStringGetTextDatum(encrypted_password);
804-
}
834+
encrypted_passwd = encrypt_password(password,
835+
rolename,
836+
password_type);
837+
838+
new_record[Anum_pg_authid_rolpassword - 1] =
839+
CStringGetTextDatum(encrypted_passwd);
805840
new_record_repl[Anum_pg_authid_rolpassword - 1] = true;
841+
pfree(encrypted_passwd);
806842
}
807843

808844
/* unset password */

0 commit comments

Comments
 (0)