*
* We only check for username = password.
*/
- const char *logdetail = NULL;
+ char *logdetail;
if (plain_crypt_verify(username, shadow_pass, username, &logdetail) == STATUS_OK)
ereport(ERROR,
pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr;
if (pg_cryptohash_update(ctx, data, dlen) < 0)
- elog(ERROR, "could not update %s context: %s", "SHA2",
- pg_cryptohash_error(ctx));
+ elog(ERROR, "could not update %s context", "SHA2");
}
static void
pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr;
if (pg_cryptohash_init(ctx) < 0)
- elog(ERROR, "could not initialize %s context: %s", "SHA2",
- pg_cryptohash_error(ctx));
+ elog(ERROR, "could not initialize %s context", "SHA2");
}
static void
pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr;
if (pg_cryptohash_final(ctx, dst, h->result_size(h)) < 0)
- elog(ERROR, "could not finalize %s context: %s", "SHA2",
- pg_cryptohash_error(ctx));
+ elog(ERROR, "could not finalize %s context", "SHA2");
}
static void
pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr;
if (pg_cryptohash_update(ctx, data, dlen) < 0)
- elog(ERROR, "could not update %s context: %s", "MD5",
- pg_cryptohash_error(ctx));
+ elog(ERROR, "could not update %s context", "MD5");
}
static void
pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr;
if (pg_cryptohash_init(ctx) < 0)
- elog(ERROR, "could not initialize %s context: %s", "MD5",
- pg_cryptohash_error(ctx));
+ elog(ERROR, "could not initialize %s context", "MD5");
}
static void
pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr;
if (pg_cryptohash_final(ctx, dst, h->result_size(h)) < 0)
- elog(ERROR, "could not finalize %s context: %s", "MD5",
- pg_cryptohash_error(ctx));
+ elog(ERROR, "could not finalize %s context", "MD5");
}
static void
pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr;
if (pg_cryptohash_update(ctx, data, dlen) < 0)
- elog(ERROR, "could not update %s context: %s", "SHA1",
- pg_cryptohash_error(ctx));
+ elog(ERROR, "could not update %s context", "SHA1");
}
static void
pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr;
if (pg_cryptohash_init(ctx) < 0)
- elog(ERROR, "could not initialize %s context: %s", "SHA1",
- pg_cryptohash_error(ctx));
+ elog(ERROR, "could not initialize %s context", "SHA1");
}
static void
pg_cryptohash_ctx *ctx = (pg_cryptohash_ctx *) h->p.ptr;
if (pg_cryptohash_final(ctx, dst, h->result_size(h)) < 0)
- elog(ERROR, "could not finalize %s context: %s", "SHA1",
- pg_cryptohash_error(ctx));
+ elog(ERROR, "could not finalize %s context", "SHA1");
}
static void
pg_cryptohash_ctx *ctx = pg_cryptohash_create(PG_MD5);
if (pg_cryptohash_init(ctx) < 0)
- elog(ERROR, "could not initialize %s context: %s", "MD5",
- pg_cryptohash_error(ctx));
+ elog(ERROR, "could not initialize %s context", "MD5");
if (pg_cryptohash_update(ctx, ns, sizeof(uu)) < 0 ||
pg_cryptohash_update(ctx, (unsigned char *) ptr, len) < 0)
- elog(ERROR, "could not update %s context: %s", "MD5",
- pg_cryptohash_error(ctx));
+ elog(ERROR, "could not update %s context", "MD5");
/* we assume sizeof MD5 result is 16, same as UUID size */
if (pg_cryptohash_final(ctx, (unsigned char *) &uu,
sizeof(uu)) < 0)
- elog(ERROR, "could not finalize %s context: %s", "MD5",
- pg_cryptohash_error(ctx));
+ elog(ERROR, "could not finalize %s context", "MD5");
pg_cryptohash_free(ctx);
}
else
unsigned char sha1result[SHA1_DIGEST_LENGTH];
if (pg_cryptohash_init(ctx) < 0)
- elog(ERROR, "could not initialize %s context: %s", "SHA1",
- pg_cryptohash_error(ctx));
+ elog(ERROR, "could not initialize %s context", "SHA1");
if (pg_cryptohash_update(ctx, ns, sizeof(uu)) < 0 ||
pg_cryptohash_update(ctx, (unsigned char *) ptr, len) < 0)
- elog(ERROR, "could not update %s context: %s", "SHA1",
- pg_cryptohash_error(ctx));
+ elog(ERROR, "could not update %s context", "SHA1");
if (pg_cryptohash_final(ctx, sha1result, sizeof(sha1result)) < 0)
- elog(ERROR, "could not finalize %s context: %s", "SHA1",
- pg_cryptohash_error(ctx));
+ elog(ERROR, "could not finalize %s context", "SHA1");
pg_cryptohash_free(ctx);
memcpy(&uu, sha1result, sizeof(uu));
if (password)
{
char *shadow_pass;
- const char *logdetail = NULL;
+ char *logdetail;
/*
* Don't allow an empty password. Libpq treats an empty password the
if (password)
{
char *shadow_pass;
- const char *logdetail = NULL;
+ char *logdetail;
/* Like in CREATE USER, don't allow an empty password. */
if (password[0] == '\0' ||
*/
int
pg_be_scram_exchange(void *opaq, const char *input, int inputlen,
- char **output, int *outputlen, const char **logdetail)
+ char **output, int *outputlen, char **logdetail)
{
scram_state *state = (scram_state *) opaq;
int result;
*/
static void sendAuthRequest(Port *port, AuthRequest areq, const char *extradata,
int extralen);
-static void auth_failed(Port *port, int status, const char *logdetail);
+static void auth_failed(Port *port, int status, char *logdetail);
static char *recv_password_packet(Port *port);
static void set_authn_id(Port *port, const char *id);
* Password-based authentication methods (password, md5, and scram-sha-256)
*----------------------------------------------------------------
*/
-static int CheckPasswordAuth(Port *port, const char **logdetail);
-static int CheckPWChallengeAuth(Port *port, const char **logdetail);
+static int CheckPasswordAuth(Port *port, char **logdetail);
+static int CheckPWChallengeAuth(Port *port, char **logdetail);
-static int CheckMD5Auth(Port *port, char *shadow_pass, const char **logdetail);
-static int CheckSCRAMAuth(Port *port, char *shadow_pass, const char **logdetail);
+static int CheckMD5Auth(Port *port, char *shadow_pass, char **logdetail);
+static int CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail);
/*----------------------------------------------------------------
* particular, if logdetail isn't NULL, we send that string to the log.
*/
static void
-auth_failed(Port *port, int status, const char *logdetail)
+auth_failed(Port *port, int status, char *logdetail)
{
const char *errstr;
char *cdetail;
ClientAuthentication(Port *port)
{
int status = STATUS_ERROR;
- const char *logdetail = NULL;
+ char *logdetail = NULL;
/*
* Get the authentication method to use for this frontend/database
* Plaintext password authentication.
*/
static int
-CheckPasswordAuth(Port *port, const char **logdetail)
+CheckPasswordAuth(Port *port, char **logdetail)
{
char *passwd;
int result;
* MD5 and SCRAM authentication.
*/
static int
-CheckPWChallengeAuth(Port *port, const char **logdetail)
+CheckPWChallengeAuth(Port *port, char **logdetail)
{
int auth_result;
char *shadow_pass;
}
static int
-CheckMD5Auth(Port *port, char *shadow_pass, const char **logdetail)
+CheckMD5Auth(Port *port, char *shadow_pass, char **logdetail)
{
char md5Salt[4]; /* Password salt */
char *passwd;
}
static int
-CheckSCRAMAuth(Port *port, char *shadow_pass, const char **logdetail)
+CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail)
{
StringInfoData sasl_mechs;
int mtype;
md5trailer = packet->vector;
for (i = 0; i < encryptedpasswordlen; i += RADIUS_VECTOR_LENGTH)
{
- const char *errstr = NULL;
-
memcpy(cryptvector + strlen(secret), md5trailer, RADIUS_VECTOR_LENGTH);
/*
*/
md5trailer = encryptedpassword + i;
- if (!pg_md5_binary(cryptvector, strlen(secret) + RADIUS_VECTOR_LENGTH,
- encryptedpassword + i, &errstr))
+ if (!pg_md5_binary(cryptvector, strlen(secret) + RADIUS_VECTOR_LENGTH, encryptedpassword + i))
{
ereport(LOG,
- (errmsg("could not perform MD5 encryption of password: %s",
- errstr)));
+ (errmsg("could not perform MD5 encryption of password")));
pfree(cryptvector);
pg_freeaddrinfo_all(hint.ai_family, serveraddrs);
return STATUS_ERROR;
struct timeval timeout;
struct timeval now;
int64 timeoutval;
- const char *errstr = NULL;
gettimeofday(&now, NULL);
timeoutval = (endtime.tv_sec * 1000000 + endtime.tv_usec) - (now.tv_sec * 1000000 + now.tv_usec);
if (!pg_md5_binary(cryptvector,
packetlength + strlen(secret),
- encryptedpassword, &errstr))
+ encryptedpassword))
{
ereport(LOG,
- (errmsg("could not perform MD5 encryption of received packet: %s",
- errstr)));
+ (errmsg("could not perform MD5 encryption of received packet")));
pfree(cryptvector);
continue;
}
* sent to the client, to avoid giving away user information!
*/
char *
-get_role_password(const char *role, const char **logdetail)
+get_role_password(const char *role, char **logdetail)
{
TimestampTz vuntil = 0;
HeapTuple roleTup;
{
PasswordType guessed_type = get_password_type(password);
char *encrypted_password;
- const char *errstr = NULL;
if (guessed_type != PASSWORD_TYPE_PLAINTEXT)
{
encrypted_password = palloc(MD5_PASSWD_LEN + 1);
if (!pg_md5_encrypt(password, role, strlen(role),
- encrypted_password, &errstr))
- elog(ERROR, "password encryption failed: %s", errstr);
+ encrypted_password))
+ elog(ERROR, "password encryption failed");
return encrypted_password;
case PASSWORD_TYPE_SCRAM_SHA_256:
* 'client_pass' is the response given by the remote user to the MD5 challenge.
* 'md5_salt' is the salt used in the MD5 authentication challenge.
*
- * In the error case, save a string at *logdetail that will be sent to the
- * postmaster log (but not the client).
+ * In the error case, optionally store a palloc'd string at *logdetail
+ * that will be sent to the postmaster log (but not the client).
*/
int
md5_crypt_verify(const char *role, const char *shadow_pass,
const char *client_pass,
const char *md5_salt, int md5_salt_len,
- const char **logdetail)
+ char **logdetail)
{
int retval;
char crypt_pwd[MD5_PASSWD_LEN + 1];
- const char *errstr = NULL;
Assert(md5_salt_len > 0);
/*
* Compute the correct answer for the MD5 challenge.
+ *
+ * We do not bother setting logdetail for any pg_md5_encrypt failure
+ * below: the only possible error is out-of-memory, which is unlikely, and
+ * if it did happen adding a psprintf call would only make things worse.
*/
/* stored password already encrypted, only do salt */
if (!pg_md5_encrypt(shadow_pass + strlen("md5"),
md5_salt, md5_salt_len,
- crypt_pwd, &errstr))
+ crypt_pwd))
{
- *logdetail = errstr;
return STATUS_ERROR;
}
* pg_authid.rolpassword.
* 'client_pass' is the password given by the remote user.
*
- * In the error case, store a string at *logdetail that will be sent to the
- * postmaster log (but not the client).
+ * In the error case, optionally store a palloc'd string at *logdetail
+ * that will be sent to the postmaster log (but not the client).
*/
int
plain_crypt_verify(const char *role, const char *shadow_pass,
const char *client_pass,
- const char **logdetail)
+ char **logdetail)
{
char crypt_client_pass[MD5_PASSWD_LEN + 1];
- const char *errstr = NULL;
/*
* Client sent password in plaintext. If we have an MD5 hash stored, hash
if (!pg_md5_encrypt(client_pass,
role,
strlen(role),
- crypt_client_pass,
- &errstr))
+ crypt_client_pass))
{
- *logdetail = errstr;
+ /*
+ * We do not bother setting logdetail for pg_md5_encrypt
+ * failure: the only possible error is out-of-memory, which is
+ * unlikely, and if it did happen adding a psprintf call would
+ * only make things worse.
+ */
return STATUS_ERROR;
}
if (strcmp(crypt_client_pass, shadow_pass) == 0)
manifest->buffile = BufFileCreateTemp(false);
manifest->manifest_ctx = pg_cryptohash_create(PG_SHA256);
if (pg_cryptohash_init(manifest->manifest_ctx) < 0)
- elog(ERROR, "failed to initialize checksum of backup manifest: %s",
- pg_cryptohash_error(manifest->manifest_ctx));
+ elog(ERROR, "failed to initialize checksum of backup manifest");
}
manifest->manifest_size = UINT64CONST(0);
manifest->still_checksumming = false;
if (pg_cryptohash_final(manifest->manifest_ctx, checksumbuf,
sizeof(checksumbuf)) < 0)
- elog(ERROR, "failed to finalize checksum of backup manifest: %s",
- pg_cryptohash_error(manifest->manifest_ctx));
+ elog(ERROR, "failed to finalize checksum of backup manifest");
AppendStringToManifest(manifest, "\"Manifest-Checksum\": \"");
hex_encode((char *) checksumbuf, sizeof checksumbuf, checksumstringbuf);
if (manifest->still_checksumming)
{
if (pg_cryptohash_update(manifest->manifest_ctx, (uint8 *) s, len) < 0)
- elog(ERROR, "failed to update checksum of backup manifest: %s",
- pg_cryptohash_error(manifest->manifest_ctx));
+ elog(ERROR, "failed to update checksum of backup manifest");
}
BufFileWrite(manifest->buffile, s, len);
manifest->manifest_size += len;
text *in_text = PG_GETARG_TEXT_PP(0);
size_t len;
char hexsum[MD5_HASH_LEN + 1];
- const char *errstr = NULL;
/* Calculate the length of the buffer using varlena metadata */
len = VARSIZE_ANY_EXHDR(in_text);
/* get the hash result */
- if (pg_md5_hash(VARDATA_ANY(in_text), len, hexsum, &errstr) == false)
+ if (pg_md5_hash(VARDATA_ANY(in_text), len, hexsum) == false)
ereport(ERROR,
- (errcode(ERRCODE_INTERNAL_ERROR),
- errmsg("could not compute %s hash: %s", "MD5",
- errstr)));
+ (errcode(ERRCODE_OUT_OF_MEMORY),
+ errmsg("out of memory")));
/* convert to text and return it */
PG_RETURN_TEXT_P(cstring_to_text(hexsum));
bytea *in = PG_GETARG_BYTEA_PP(0);
size_t len;
char hexsum[MD5_HASH_LEN + 1];
- const char *errstr = NULL;
len = VARSIZE_ANY_EXHDR(in);
- if (pg_md5_hash(VARDATA_ANY(in), len, hexsum, &errstr) == false)
+ if (pg_md5_hash(VARDATA_ANY(in), len, hexsum) == false)
ereport(ERROR,
- (errcode(ERRCODE_INTERNAL_ERROR),
- errmsg("could not compute %s hash: %s", "MD5",
- errstr)));
+ (errcode(ERRCODE_OUT_OF_MEMORY),
+ errmsg("out of memory")));
PG_RETURN_TEXT_P(cstring_to_text(hexsum));
}
ctx = pg_cryptohash_create(type);
if (pg_cryptohash_init(ctx) < 0)
- elog(ERROR, "could not initialize %s context: %s", typestr,
- pg_cryptohash_error(ctx));
+ elog(ERROR, "could not initialize %s context", typestr);
if (pg_cryptohash_update(ctx, data, len) < 0)
- elog(ERROR, "could not update %s context: %s", typestr,
- pg_cryptohash_error(ctx));
+ elog(ERROR, "could not update %s context", typestr);
if (pg_cryptohash_final(ctx, (unsigned char *) VARDATA(result),
digest_len) < 0)
- elog(ERROR, "could not finalize %s context: %s", typestr,
- pg_cryptohash_error(ctx));
+ elog(ERROR, "could not finalize %s context", typestr);
pg_cryptohash_free(ctx);
SET_VARSIZE(result, digest_len + VARHDRSZ);
#define FREE(ptr) free(ptr)
#endif
-/* Set of error states */
-typedef enum pg_cryptohash_errno
-{
- PG_CRYPTOHASH_ERROR_NONE = 0,
- PG_CRYPTOHASH_ERROR_DEST_LEN
-} pg_cryptohash_errno;
-
/* Internal pg_cryptohash_ctx structure */
struct pg_cryptohash_ctx
{
pg_cryptohash_type type;
- pg_cryptohash_errno error;
union
{
ctx = ALLOC(sizeof(pg_cryptohash_ctx));
if (ctx == NULL)
return NULL;
-
memset(ctx, 0, sizeof(pg_cryptohash_ctx));
ctx->type = type;
- ctx->error = PG_CRYPTOHASH_ERROR_NONE;
+
return ctx;
}
{
case PG_MD5:
if (len < MD5_DIGEST_LENGTH)
- {
- ctx->error = PG_CRYPTOHASH_ERROR_DEST_LEN;
return -1;
- }
pg_md5_final(&ctx->data.md5, dest);
break;
case PG_SHA1:
if (len < SHA1_DIGEST_LENGTH)
- {
- ctx->error = PG_CRYPTOHASH_ERROR_DEST_LEN;
return -1;
- }
pg_sha1_final(&ctx->data.sha1, dest);
break;
case PG_SHA224:
if (len < PG_SHA224_DIGEST_LENGTH)
- {
- ctx->error = PG_CRYPTOHASH_ERROR_DEST_LEN;
return -1;
- }
pg_sha224_final(&ctx->data.sha224, dest);
break;
case PG_SHA256:
if (len < PG_SHA256_DIGEST_LENGTH)
- {
- ctx->error = PG_CRYPTOHASH_ERROR_DEST_LEN;
return -1;
- }
pg_sha256_final(&ctx->data.sha256, dest);
break;
case PG_SHA384:
if (len < PG_SHA384_DIGEST_LENGTH)
- {
- ctx->error = PG_CRYPTOHASH_ERROR_DEST_LEN;
return -1;
- }
pg_sha384_final(&ctx->data.sha384, dest);
break;
case PG_SHA512:
if (len < PG_SHA512_DIGEST_LENGTH)
- {
- ctx->error = PG_CRYPTOHASH_ERROR_DEST_LEN;
return -1;
- }
pg_sha512_final(&ctx->data.sha512, dest);
break;
}
explicit_bzero(ctx, sizeof(pg_cryptohash_ctx));
FREE(ctx);
}
-
-/*
- * pg_cryptohash_error
- *
- * Returns a static string providing details about an error that
- * happened during a computation.
- */
-const char *
-pg_cryptohash_error(pg_cryptohash_ctx *ctx)
-{
- /*
- * This implementation would never fail because of an out-of-memory error,
- * except when creating the context.
- */
- if (ctx == NULL)
- return _("out of memory");
-
- switch (ctx->error)
- {
- case PG_CRYPTOHASH_ERROR_NONE:
- return _("success");
- case PG_CRYPTOHASH_ERROR_DEST_LEN:
- return _("destination buffer too small");
- }
-
- Assert(false);
- return _("success");
-}
#include "postgres_fe.h"
#endif
-#include
#include
#include "common/cryptohash.h"
#define FREE(ptr) free(ptr)
#endif
-/* Set of error states */
-typedef enum pg_cryptohash_errno
-{
- PG_CRYPTOHASH_ERROR_NONE = 0,
- PG_CRYPTOHASH_ERROR_DEST_LEN,
- PG_CRYPTOHASH_ERROR_OPENSSL
-} pg_cryptohash_errno;
-
/*
* Internal pg_cryptohash_ctx structure.
*
struct pg_cryptohash_ctx
{
pg_cryptohash_type type;
- pg_cryptohash_errno error;
- const char *errreason;
EVP_MD_CTX *evpctx;
#endif
};
-static const char *
-SSLerrmessage(unsigned long ecode)
-{
- if (ecode == 0)
- return NULL;
-
- /*
- * This may return NULL, but we would fall back to a default error path if
- * that were the case.
- */
- return ERR_reason_error_string(ecode);
-}
-
/*
* pg_cryptohash_create
*
return NULL;
memset(ctx, 0, sizeof(pg_cryptohash_ctx));
ctx->type = type;
- ctx->error = PG_CRYPTOHASH_ERROR_NONE;
- ctx->errreason = NULL;
/*
* Initialization takes care of assigning the correct type for OpenSSL.
/* OpenSSL internals return 1 on success, 0 on failure */
if (status <= 0)
- {
- ctx->errreason = SSLerrmessage(ERR_get_error());
- ctx->error = PG_CRYPTOHASH_ERROR_OPENSSL;
return -1;
- }
return 0;
}
/* OpenSSL internals return 1 on success, 0 on failure */
if (status <= 0)
- {
- ctx->errreason = SSLerrmessage(ERR_get_error());
- ctx->error = PG_CRYPTOHASH_ERROR_OPENSSL;
return -1;
- }
return 0;
}
{
case PG_MD5:
if (len < MD5_DIGEST_LENGTH)
- {
- ctx->error = PG_CRYPTOHASH_ERROR_DEST_LEN;
return -1;
- }
break;
case PG_SHA1:
if (len < SHA1_DIGEST_LENGTH)
- {
- ctx->error = PG_CRYPTOHASH_ERROR_DEST_LEN;
return -1;
- }
break;
case PG_SHA224:
if (len < PG_SHA224_DIGEST_LENGTH)
- {
- ctx->error = PG_CRYPTOHASH_ERROR_DEST_LEN;
return -1;
- }
break;
case PG_SHA256:
if (len < PG_SHA256_DIGEST_LENGTH)
- {
- ctx->error = PG_CRYPTOHASH_ERROR_DEST_LEN;
return -1;
- }
break;
case PG_SHA384:
if (len < PG_SHA384_DIGEST_LENGTH)
- {
- ctx->error = PG_CRYPTOHASH_ERROR_DEST_LEN;
return -1;
- }
break;
case PG_SHA512:
if (len < PG_SHA512_DIGEST_LENGTH)
- {
- ctx->error = PG_CRYPTOHASH_ERROR_DEST_LEN;
return -1;
- }
break;
}
/* OpenSSL internals return 1 on success, 0 on failure */
if (status <= 0)
- {
- ctx->errreason = SSLerrmessage(ERR_get_error());
- ctx->error = PG_CRYPTOHASH_ERROR_OPENSSL;
return -1;
- }
return 0;
}
explicit_bzero(ctx, sizeof(pg_cryptohash_ctx));
FREE(ctx);
}
-
-/*
- * pg_cryptohash_error
- *
- * Returns a static string providing details about an error that
- * happened during a computation.
- */
-const char *
-pg_cryptohash_error(pg_cryptohash_ctx *ctx)
-{
- /*
- * This implementation would never fail because of an out-of-memory error,
- * except when creating the context.
- */
- if (ctx == NULL)
- return _("out of memory");
-
- /*
- * If a reason is provided, rely on it, else fallback to any error code
- * set.
- */
- if (ctx->errreason)
- return ctx->errreason;
-
- switch (ctx->error)
- {
- case PG_CRYPTOHASH_ERROR_NONE:
- return _("success");
- case PG_CRYPTOHASH_ERROR_DEST_LEN:
- return _("destination buffer too small");
- case PG_CRYPTOHASH_ERROR_OPENSSL:
- return _("OpenSSL failure");
- }
-
- Assert(false); /* cannot be reached */
- return _("success");
-}
*/
bool
-pg_md5_hash(const void *buff, size_t len, char *hexsum, const char **errstr)
+pg_md5_hash(const void *buff, size_t len, char *hexsum)
{
uint8 sum[MD5_DIGEST_LENGTH];
pg_cryptohash_ctx *ctx;
pg_cryptohash_update(ctx, buff, len) < 0 ||
pg_cryptohash_final(ctx, sum, sizeof(sum)) < 0)
{
- *errstr = pg_cryptohash_error(ctx);
pg_cryptohash_free(ctx);
return false;
}
}
bool
-pg_md5_binary(const void *buff, size_t len, void *outbuf, const char **errstr)
+pg_md5_binary(const void *buff, size_t len, void *outbuf)
{
pg_cryptohash_ctx *ctx;
- *errstr = NULL;
ctx = pg_cryptohash_create(PG_MD5);
if (ctx == NULL)
- {
- *errstr = pg_cryptohash_error(NULL); /* returns OOM */
return false;
- }
if (pg_cryptohash_init(ctx) < 0 ||
pg_cryptohash_update(ctx, buff, len) < 0 ||
pg_cryptohash_final(ctx, outbuf, MD5_DIGEST_LENGTH) < 0)
{
- *errstr = pg_cryptohash_error(ctx);
pg_cryptohash_free(ctx);
return false;
}
* Output format is "md5" followed by a 32-hex-digit MD5 checksum.
* Hence, the output buffer "buf" must be at least 36 bytes long.
*
- * Returns true if okay, false on error with *errstr providing some
- * error context.
+ * Returns true if okay, false on error (out of memory).
*/
bool
pg_md5_encrypt(const char *passwd, const char *salt, size_t salt_len,
- char *buf, const char **errstr)
+ char *buf)
{
size_t passwd_len = strlen(passwd);
bool ret;
if (!crypt_buf)
- {
- *errstr = _("out of memory");
return false;
- }
/*
* Place salt at the end because it may be known by users trying to crack
memcpy(crypt_buf + passwd_len, salt, salt_len);
strcpy(buf, "md5");
- ret = pg_md5_hash(crypt_buf, passwd_len + salt_len, buf + 3, errstr);
+ ret = pg_md5_hash(crypt_buf, passwd_len + salt_len, buf + 3);
free(crypt_buf);
extern int pg_cryptohash_update(pg_cryptohash_ctx *ctx, const uint8 *data, size_t len);
extern int pg_cryptohash_final(pg_cryptohash_ctx *ctx, uint8 *dest, size_t len);
extern void pg_cryptohash_free(pg_cryptohash_ctx *ctx);
-extern const char *pg_cryptohash_error(pg_cryptohash_ctx *ctx);
#endif /* PG_CRYPTOHASH_H */
#define MD5_PASSWD_LEN 35
/* Utilities common to all the MD5 implementations, as of md5_common.c */
-extern bool pg_md5_hash(const void *buff, size_t len, char *hexsum,
- const char **errstr);
-extern bool pg_md5_binary(const void *buff, size_t len, void *outbuf,
- const char **errstr);
+extern bool pg_md5_hash(const void *buff, size_t len, char *hexsum);
+extern bool pg_md5_binary(const void *buff, size_t len, void *outbuf);
extern bool pg_md5_encrypt(const char *passwd, const char *salt,
- size_t salt_len, char *buf,
- const char **errstr);
+ size_t salt_len, char *buf);
#endif /* PG_MD5_H */
extern char *encrypt_password(PasswordType target_type, const char *role,
const char *password);
-extern char *get_role_password(const char *role, const char **logdetail);
+extern char *get_role_password(const char *role, char **logdetail);
extern int md5_crypt_verify(const char *role, const char *shadow_pass,
const char *client_pass, const char *md5_salt,
- int md5_salt_len, const char **logdetail);
+ int md5_salt_len, char **logdetail);
extern int plain_crypt_verify(const char *role, const char *shadow_pass,
- const char *client_pass,
- const char **logdetail);
+ const char *client_pass, char **logdetail);
#endif
extern void pg_be_scram_get_mechanisms(Port *port, StringInfo buf);
extern void *pg_be_scram_init(Port *port, const char *selected_mech, const char *shadow_pass);
extern int pg_be_scram_exchange(void *opaq, const char *input, int inputlen,
- char **output, int *outputlen,
- const char **logdetail);
+ char **output, int *outputlen, char **logdetail);
/* Routines to handle and check SCRAM-SHA-256 secret */
extern char *pg_be_scram_build_secret(const char *password);
case AUTH_REQ_MD5:
{
char *crypt_pwd2;
- const char *errstr = NULL;
/* Allocate enough space for two MD5 hashes */
crypt_pwd = malloc(2 * (MD5_PASSWD_LEN + 1));
crypt_pwd2 = crypt_pwd + MD5_PASSWD_LEN + 1;
if (!pg_md5_encrypt(password, conn->pguser,
- strlen(conn->pguser), crypt_pwd2,
- &errstr))
+ strlen(conn->pguser), crypt_pwd2))
{
- appendPQExpBuffer(&conn->errorMessage,
- libpq_gettext("could not encrypt password: %s\n"),
- errstr);
free(crypt_pwd);
return STATUS_ERROR;
}
if (!pg_md5_encrypt(crypt_pwd2 + strlen("md5"), md5Salt,
- 4, crypt_pwd, &errstr))
+ 4, crypt_pwd))
{
- appendPQExpBuffer(&conn->errorMessage,
- libpq_gettext("could not encrypt password: %s\n"),
- errstr);
free(crypt_pwd);
return STATUS_ERROR;
}
PQencryptPassword(const char *passwd, const char *user)
{
char *crypt_pwd;
- const char *errstr = NULL;
crypt_pwd = malloc(MD5_PASSWD_LEN + 1);
if (!crypt_pwd)
return NULL;
- if (!pg_md5_encrypt(passwd, user, strlen(user), crypt_pwd, &errstr))
+ if (!pg_md5_encrypt(passwd, user, strlen(user), crypt_pwd))
{
free(crypt_pwd);
return NULL;
if (strcmp(algorithm, "scram-sha-256") == 0)
{
crypt_pwd = pg_fe_scram_build_secret(passwd);
- /* We assume the only possible failure is OOM */
- if (!crypt_pwd)
- appendPQExpBufferStr(&conn->errorMessage,
- libpq_gettext("out of memory\n"));
}
else if (strcmp(algorithm, "md5") == 0)
{
crypt_pwd = malloc(MD5_PASSWD_LEN + 1);
if (crypt_pwd)
{
- const char *errstr = NULL;
-
- if (!pg_md5_encrypt(passwd, user, strlen(user), crypt_pwd, &errstr))
+ if (!pg_md5_encrypt(passwd, user, strlen(user), crypt_pwd))
{
- appendPQExpBuffer(&conn->errorMessage,
- libpq_gettext("could not encrypt password: %s\n"),
- errstr);
free(crypt_pwd);
crypt_pwd = NULL;
}
}
- else
- appendPQExpBufferStr(&conn->errorMessage,
- libpq_gettext("out of memory\n"));
}
else
{
return NULL;
}
+ if (!crypt_pwd)
+ appendPQExpBufferStr(&conn->errorMessage,
+ libpq_gettext("out of memory\n"));
+
return crypt_pwd;
}
pg_crc32
pg_crc32c
pg_cryptohash_ctx
-pg_cryptohash_errno
pg_cryptohash_type
pg_ctype_cache
pg_enc
projects / postgresql.git / commitdiff