Re: MD5-based passwords

Looks good. Can I ask for a context diff, "diff -c"?

---------------------------------------------------------------------------

> On Wed, Nov 07, 2001 at 12:27:53AM -0500, Bruce Momjian wrote:
> > > Hey folks,
> > >
> > > I don't see MD5-based password code in the JDBC CVS tree. Is anyone
> > > working on this?
> > >
> > > I'll take a stab, if not.
> >
> > There is no one working on it. ODBC needs it too. It wasn't on the
> > TODO list but I just added it.
> >
> > I can assist with any questions. See libpq for a sample implementation.
>
> OK, how about this? Someone will have to help me with appropriate exception
> behavior and where the bytesToHex util is placed.
>
> I'm not clear on the SendInteger(5 + .. code, seen elsewhere. Why isn't
> this (4 + ...?
>
> Index: Connection.java
> ===================================================================
> RCS file: /projects/cvsroot/pgsql/src/interfaces/jdbc/org/postgresql/Connection.java,v
> retrieving revision 1.34
> diff -r1.34 Connection.java
> 6a7
> > import java.security.*;
> 65a67
> > private static final int AUTH_REQ_MD5 = 5;
> 183c185
> < // Get the password salt if there is one
> ---
> > // Get the crypt password salt if there is one
> 190c192,204
> < DriverManager.println("Salt=" + salt);
> ---
> > DriverManager.println("Crypt salt=" + salt);
> > }
> >
> > // Or get the md5 password salt if there is one
> > if (areq == AUTH_REQ_MD5)
> > {
> > byte[] rst = new byte[4];
> > rst[0] = (byte)pg_stream.ReceiveChar();
> > rst[1] = (byte)pg_stream.ReceiveChar();
> > rst[2] = (byte)pg_stream.ReceiveChar();
> > rst[3] = (byte)pg_stream.ReceiveChar();
> > salt = new String(rst, 0, 4);
> > DriverManager.println("MD5 salt=" + salt);
> 197,198c211,212
> < break;
> <
> ---
> > break;
> >
> 223a238,266
> > case AUTH_REQ_MD5:
> > try {
> > MessageDigest md = MessageDigest.getInstance("MD5");
> > byte[] temp_digest, pass_digest;
> > byte[] hex_digest = new byte[35];
> >
> > DriverManager.println("postgresql: MD5");
> >
> > md.update(PG_PASSWORD.getBytes());
> > md.update(PG_USER.getBytes());
> > temp_digest = md.digest();
> >
> > bytesToHex(temp_digest, hex_digest, 0);
> > md.update(hex_digest, 0, 32);
> > md.update(salt.getBytes());
> > pass_digest = md.digest();
> >
> > bytesToHex(pass_digest, hex_digest, 3);
> > hex_digest[0] = 'm'; hex_digest[1] = 'd'; hex_digest[2] = '5';
> >
> > pg_stream.SendInteger(5 + hex_digest.length, 4);
> > pg_stream.Send(hex_digest);
> > pg_stream.SendInteger(0, 1);
> > pg_stream.flush();
> > } catch (Exception e) {
> > ; // "MessageDigest failure; " + e
> > }
> > break;
> >
> 310a354,368
> >
> > private static void bytesToHex(byte[] bytes, byte[] hex, int offset)
> > {
> > final char lookup[] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
> > 'a', 'b', 'c', 'd', 'e', 'f' };
> >
> > int i, c, j, pos = offset;
> >
> > for (i = 0; i < 16; i++) {
> > c = bytes[i] & 0xFF; j = c >> 4;
> > hex[pos++] = (byte) lookup[j];
> > j = (c & 0xF);
> > hex[pos++] = (byte) lookup[j];
> > }
> > }
>
> -jeremy
> _____________________________________________________________________
> jeremy wohl ..: http://igmus.org

[ Attachment, skipping... ]

>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo(at)postgresql(dot)org so that your
> message can get through to the mailing list cleanly

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026