Skip to content

Commit a8007eb

Browse files
afiskonafiskon
committed
Apply new/0005-Refactor-decision-making-of-password-encryption-into.patch
1 parent f8d5948 commit a8007eb

File tree

1 file changed

+59
-24
lines changed

1 file changed

+59
-24
lines changed

src/backend/commands/user.c

Lines changed: 59 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,8 @@ static void AddRoleMems(const char *rolename, Oid roleid,
5555
static void DelRoleMems(const char *rolename, Oid roleid,
5656
List *memberSpecs, List *memberIds,
5757
bool admin_opt);
58+
static char *encrypt_password(char *passwd, char *rolname,
59+
int passwd_type);
5860

5961

6062
/* Check if current user has createrole privileges */
@@ -64,6 +66,49 @@ have_createrole_privilege(void)
6466
return has_createrole_privilege(GetUserId());
6567
}
6668

69+
/*
70+
* Encrypt a password if necessary for insertion in pg_authid.
71+
*
72+
* If a password is found as already MD5-encrypted, no error is raised
73+
* to ease the dump and reload of such data. Returns a palloc'ed string
74+
* holding the encrypted password if any transformation on the input
75+
* string has been done.
76+
*/
77+
static char *
78+
encrypt_password(char *password, char *rolname, int passwd_type)
79+
{
80+
char *res;
81+
82+
Assert(password != NULL);
83+
84+
/*
85+
* If a password is already identified as MD5-encrypted, it is used
86+
* as such. If the password given is not encrypted, adapt it depending
87+
* on the type wanted by the caller of this routine.
88+
*/
89+
if (isMD5(password))
90+
res = password;
91+
else
92+
{
93+
switch (passwd_type)
94+
{
95+
case PASSWORD_TYPE_PLAINTEXT:
96+
res = password;
97+
break;
98+
case PASSWORD_TYPE_MD5:
99+
res = (char *) palloc(MD5_PASSWD_LEN + 1);
100+
if (!pg_md5_encrypt(password, rolname,
101+
strlen(rolname),
102+
res))
103+
elog(ERROR, "password encryption failed");
104+
break;
105+
default:
106+
elog(ERROR, "incorrect password type");
107+
}
108+
}
109+
110+
return res;
111+
}
67112

68113
/*
69114
* CREATE ROLE
@@ -81,7 +126,7 @@ CreateRole(ParseState *pstate, CreateRoleStmt *stmt)
81126
ListCell *option;
82127
char *password = NULL; /* user password */
83128
int password_type = Password_encryption;
84-
char encrypted_password[MD5_PASSWD_LEN + 1];
129+
char *encrypted_passwd;
85130
bool issuper = false; /* Make the user a superuser? */
86131
bool inherit = true; /* Auto inherit privileges? */
87132
bool createrole = false; /* Can this user create roles? */
@@ -393,17 +438,12 @@ CreateRole(ParseState *pstate, CreateRoleStmt *stmt)
393438

394439
if (password)
395440
{
396-
if (password_type == PASSWORD_TYPE_PLAINTEXT || isMD5(password))
397-
new_record[Anum_pg_authid_rolpassword - 1] =
398-
CStringGetTextDatum(password);
399-
else
400-
{
401-
if (!pg_md5_encrypt(password, stmt->role, strlen(stmt->role),
402-
encrypted_password))
403-
elog(ERROR, "password encryption failed");
404-
new_record[Anum_pg_authid_rolpassword - 1] =
405-
CStringGetTextDatum(encrypted_password);
406-
}
441+
encrypted_passwd = encrypt_password(password,
442+
stmt->role,
443+
password_type);
444+
445+
new_record[Anum_pg_authid_rolpassword - 1] =
446+
CStringGetTextDatum(encrypted_passwd);
407447
}
408448
else
409449
new_record_nulls[Anum_pg_authid_rolpassword - 1] = true;
@@ -506,7 +546,7 @@ AlterRole(AlterRoleStmt *stmt)
506546
char *rolename = NULL;
507547
char *password = NULL; /* user password */
508548
int password_type = Password_encryption;
509-
char encrypted_password[MD5_PASSWD_LEN + 1];
549+
char *encrypted_passwd;
510550
int issuper = -1; /* Make the user a superuser? */
511551
int inherit = -1; /* Auto inherit privileges? */
512552
int createrole = -1; /* Can this user create roles? */
@@ -804,17 +844,12 @@ AlterRole(AlterRoleStmt *stmt)
804844
/* password */
805845
if (password)
806846
{
807-
if (password_type == PASSWORD_TYPE_PLAINTEXT || isMD5(password))
808-
new_record[Anum_pg_authid_rolpassword - 1] =
809-
CStringGetTextDatum(password);
810-
else
811-
{
812-
if (!pg_md5_encrypt(password, rolename, strlen(rolename),
813-
encrypted_password))
814-
elog(ERROR, "password encryption failed");
815-
new_record[Anum_pg_authid_rolpassword - 1] =
816-
CStringGetTextDatum(encrypted_password);
817-
}
847+
encrypted_passwd = encrypt_password(password,
848+
rolename,
849+
password_type);
850+
851+
new_record[Anum_pg_authid_rolpassword - 1] =
852+
CStringGetTextDatum(encrypted_passwd);
818853
new_record_repl[Anum_pg_authid_rolpassword - 1] = true;
819854
}
820855

0 commit comments

Comments
 (0)