| From: | Heikki Linnakangas <heikki(dot)linnakangas(at)iki(dot)fi> |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Refactor the code for verifying user's password. |
| Date: | 2016-12-12 10:49:30 |
| Message-ID: | E1cGOAk-0007zk-Vd@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Refactor the code for verifying user's password.
Split md5_crypt_verify() into three functions:
* get_role_password() to fetch user's password from pg_authid, and check
its expiration.
* md5_crypt_verify() to check an MD5 authentication challenge
* plain_crypt_verify() to check a plaintext password.
get_role_password() will be needed as a separate function by the upcoming
SCRAM authentication patch set. Most of the remaining functionality in
md5_crypt_verify() was different for MD5 and plaintext authentication, so
split that for readability.
While we're at it, simplify the *_crypt_verify functions by using
stack-allocated buffers to hold the temporary MD5 hashes, instead of
pallocing.
Reviewed by Michael Paquier.
Discussion: https://www.postgresql.org/message-id/3029e460-d47c-710e-507e-d8ba759d7cbb@iki.fi
Branch
------
master
Details
-------
http://git.postgresql.org/pg/commitdiff/e7f051b8f9a6341f6d3bf80b29c1dbc1837be9ab
Modified Files
--------------
src/backend/libpq/auth.c | 18 +++-
src/backend/libpq/crypt.c | 217 ++++++++++++++++++++++++++++------------------
src/include/libpq/crypt.h | 9 +-
3 files changed, 153 insertions(+), 91 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2016-12-12 14:16:34 | pgsql: Add support for temporary replication slots |
| Previous Message | Heikki Linnakangas | 2016-12-12 09:59:40 | pgsql: Further cleanup from the strong-random patch. |