From d381840ddc1f80621955c252ede49ad0e0a38608 Mon Sep 17 00:00:00 2001 From: Nathan Bossart Date: Tue, 3 Jun 2025 11:52:03 -0500 Subject: [PATCH v2 2/2] [WIP] add warning upon authentication with MD5 password --- src/backend/libpq/crypt.c | 17 +++++++++++++++++ src/backend/utils/init/postinit.c | 3 +++ src/include/libpq/crypt.h | 1 + src/test/authentication/t/001_password.pl | 1 + 4 files changed, 22 insertions(+) diff --git a/src/backend/libpq/crypt.c b/src/backend/libpq/crypt.c index f6b641e726e..90050dcfc12 100644 --- a/src/backend/libpq/crypt.c +++ b/src/backend/libpq/crypt.c @@ -27,6 +27,8 @@ /* Enables deprecation warnings for MD5 passwords. */ bool md5_password_warnings = true; +static bool used_md5_auth = false; + /* * Fetch stored password for a user, for authentication. * @@ -210,6 +212,8 @@ md5_crypt_verify(const char *role, const char *shadow_pass, Assert(md5_salt_len > 0); + used_md5_auth = true; + if (get_password_type(shadow_pass) != PASSWORD_TYPE_MD5) { /* incompatible password hash format. */ @@ -242,6 +246,19 @@ md5_crypt_verify(const char *role, const char *shadow_pass, return retval; } +void +warn_if_md5_auth(void) +{ + if (md5_password_warnings && used_md5_auth) + ereport(WARNING, + (errcode(ERRCODE_WARNING_DEPRECATED_FEATURE), + errmsg("authenticated with an MD5-encrypted password"), + errdetail("MD5 password support is deprecated and will be removed in a future release of PostgreSQL."), + errhint("Refer to the PostgreSQL documentation for details about migrating to another password type."))); + + used_md5_auth = false; +} + /* * Check given password for given user, and return STATUS_OK or STATUS_ERROR. * diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c index c86ceefda94..b77c5967468 100644 --- a/src/backend/utils/init/postinit.c +++ b/src/backend/utils/init/postinit.c @@ -34,6 +34,7 @@ #include "catalog/pg_db_role_setting.h" #include "catalog/pg_tablespace.h" #include "libpq/auth.h" +#include "libpq/crypt.h" #include "libpq/libpq-be.h" #include "mb/pg_wchar.h" #include "miscadmin.h" @@ -1234,6 +1235,8 @@ InitPostgres(const char *in_dbname, Oid dboid, /* close the transaction we started above */ if (!bootstrap) CommitTransactionCommand(); + + warn_if_md5_auth(); } /* diff --git a/src/include/libpq/crypt.h b/src/include/libpq/crypt.h index a1b4b363143..ca42210aaa3 100644 --- a/src/include/libpq/crypt.h +++ b/src/include/libpq/crypt.h @@ -53,6 +53,7 @@ extern char *get_role_password(const char *role, const char **logdetail); extern int md5_crypt_verify(const char *role, const char *shadow_pass, const char *client_pass, const uint8 *md5_salt, int md5_salt_len, const char **logdetail); +extern void warn_if_md5_auth(void); extern int plain_crypt_verify(const char *role, const char *shadow_pass, const char *client_pass, const char **logdetail); diff --git a/src/test/authentication/t/001_password.pl b/src/test/authentication/t/001_password.pl index 37d96d95a1a..3d94b323c09 100644 --- a/src/test/authentication/t/001_password.pl +++ b/src/test/authentication/t/001_password.pl @@ -68,6 +68,7 @@ $node->init; $node->append_conf('postgresql.conf', "log_connections = on\n"); # Needed to allow connect_fails to inspect postmaster log: $node->append_conf('postgresql.conf', "log_min_messages = debug2"); +$node->append_conf('postgresql.conf', "md5_password_warnings = off"); $node->start; # Test behavior of log_connections GUC -- 2.39.5 (Apple Git-154)