Re: MD5-based passwords

On Wed, Nov 07, 2001 at 02:23:28PM -0500, Bruce Momjian wrote:
> > On Wed, Nov 07, 2001 at 12:27:53AM -0500, Bruce Momjian wrote:
> > I'm not clear on the SendInteger(5 + .. code, seen elsewhere. Why isn't
> > this (4 + ...?
>
> I think the 5+ is correct. Looking at fe-auth.c, I see:
>
> ret = pqPacketSend(conn, crypt_pwd, strlen(crypt_pwd) + 1);
>
> and pqPacketSend() has:
>
> if (pqPutInt(4 + len, 4, conn))
>
> so I think it is the +1 and the +4 added together to make 5. If you
> want to put 4+1+, that would be fine too and perhaps be clearer.

Right. I read it right the first time, and proceeded to convince myself
the wrong way..

> One more question. Have you tested this against a 7.2 backend to see if
> it actually does MD5 encryption correctly?

Yes, that's what I'm using. Tested that the unpatched code fails, that the
patched code succeeds and md5-allows removed from pg_hba.conf still works with
crypt-based passwords.

A context diff is attached. My indenting is probably off.

p.s. Your mailer doesn't seem to put "Jeremy wrote" tags anywhere. Useful
for following the conversation.
p.p.s. You don't need to Cc me. I'm on the list. :)

-jeremy
_____________________________________________________________________
jeremy wohl ..: http://igmus.org