50 *logdetail =
psprintf(
_(
"Role \"%s\" does not exist."),
56 Anum_pg_authid_rolpassword, &isnull);
60 *logdetail =
psprintf(
_(
"User \"%s\" has no password assigned."),
67 Anum_pg_authid_rolvaliduntil, &isnull);
78 *logdetail =
psprintf(
_(
"User \"%s\" has an expired password."),
99 if (strncmp(shadow_pass,
"md5", 3) == 0 &&
104 &encoded_salt, stored_key, server_key))
121 char *encrypted_password = NULL;
122 const char *errstr = NULL;
140 encrypted_password, &errstr))
141 elog(
ERROR,
"password encryption failed: %s", errstr);
149 elog(
ERROR,
"cannot encrypt password with 'plaintext'");
154 Assert(encrypted_password);
163 if (encrypted_password &&
173 (
errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
174 errmsg(
"encrypted password is too long"),
175 errdetail(
"Encrypted passwords must be no longer than %d bytes.",
182 (
errcode(ERRCODE_WARNING_DEPRECATED_FEATURE),
183 errmsg(
"setting an MD5-encrypted password"),
184 errdetail(
"MD5 password support is deprecated and will be removed in a future release of PostgreSQL."),
185 errhint(
"Refer to the PostgreSQL documentation for details about migrating to another password type.")));
187 return encrypted_password;
203 const char *client_pass,
204 const char *md5_salt,
int md5_salt_len,
205 const char **logdetail)
209 const char *errstr = NULL;
216 *logdetail =
psprintf(
_(
"User \"%s\" has a password that cannot be used with MD5 authentication."),
226 md5_salt, md5_salt_len,
233 if (strcmp(client_pass, crypt_pwd) == 0)
237 *logdetail =
psprintf(
_(
"Password does not match for user \"%s\"."),
257 const char *client_pass,
258 const char **logdetail)
261 const char *errstr = NULL;
279 *logdetail =
psprintf(
_(
"Password does not match for user \"%s\"."),
295 if (strcmp(crypt_client_pass, shadow_pass) == 0)
299 *logdetail =
psprintf(
_(
"Password does not match for user \"%s\"."),
318 *logdetail =
psprintf(
_(
"Password of user \"%s\" is in unrecognized format."),
bool parse_scram_secret(const char *secret, int *iterations, pg_cryptohash_type *hash_type, int *key_length, char **salt, uint8 *stored_key, uint8 *server_key)
char * pg_be_scram_build_secret(const char *password)
bool scram_verify_plain_password(const char *username, const char *password, const char *secret)
TimestampTz GetCurrentTimestamp(void)
#define TextDatumGetCString(d)
#define Assert(condition)
int plain_crypt_verify(const char *role, const char *shadow_pass, const char *client_pass, const char **logdetail)
bool md5_password_warnings
char * get_role_password(const char *role, const char **logdetail)
PasswordType get_password_type(const char *shadow_pass)
char * encrypt_password(PasswordType target_type, const char *role, const char *password)
int md5_crypt_verify(const char *role, const char *shadow_pass, const char *client_pass, const char *md5_salt, int md5_salt_len, const char **logdetail)
@ PASSWORD_TYPE_PLAINTEXT
@ PASSWORD_TYPE_SCRAM_SHA_256
#define MAX_ENCRYPTED_PASSWORD_LEN
int errdetail(const char *fmt,...)
int errhint(const char *fmt,...)
int errcode(int sqlerrcode)
int errmsg(const char *fmt,...)
#define ereport(elevel,...)
#define HeapTupleIsValid(tuple)
char * pstrdup(const char *in)
#define MD5_PASSWD_CHARSET
bool pg_md5_encrypt(const char *passwd, const char *salt, size_t salt_len, char *buf, const char **errstr)
static Datum PointerGetDatum(const void *X)
char * psprintf(const char *fmt,...)
#define SCRAM_MAX_KEY_LEN
void ReleaseSysCache(HeapTuple tuple)
HeapTuple SearchSysCache1(int cacheId, Datum key1)
Datum SysCacheGetAttr(int cacheId, HeapTuple tup, AttrNumber attributeNumber, bool *isNull)
static TimestampTz DatumGetTimestampTz(Datum X)