PostgreSQL Source Code  git master
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
crypt.h
Go to the documentation of this file.
1 /*-------------------------------------------------------------------------
2  *
3  * crypt.h
4  * Interface to libpq/crypt.c
5  *
6  * Portions Copyright (c) 1996-2024, PostgreSQL Global Development Group
7  * Portions Copyright (c) 1994, Regents of the University of California
8  *
9  * src/include/libpq/crypt.h
10  *
11  *-------------------------------------------------------------------------
12  */
13 #ifndef PG_CRYPT_H
14 #define PG_CRYPT_H
15 
16 #include "datatype/timestamp.h"
17 
18 /*
19  * Valid password hashes may be very long, but we don't want to store anything
20  * that might need out-of-line storage, since de-TOASTing won't work during
21  * authentication because we haven't selected a database yet and cannot read
22  * pg_class. 512 bytes should be more than enough for all practical use, and
23  * our own password encryption routines should never produce hashes longer than
24  * this.
25  */
26 #define MAX_ENCRYPTED_PASSWORD_LEN (512)
27 
28 /* Enables deprecation warnings for MD5 passwords. */
30 
31 /*
32  * Types of password hashes or secrets.
33  *
34  * Plaintext passwords can be passed in by the user, in a CREATE/ALTER USER
35  * command. They will be encrypted to MD5 or SCRAM-SHA-256 format, before
36  * storing on-disk, so only MD5 and SCRAM-SHA-256 passwords should appear
37  * in pg_authid.rolpassword. They are also the allowed values for the
38  * password_encryption GUC.
39  */
40 typedef enum PasswordType
41 {
46 
47 extern PasswordType get_password_type(const char *shadow_pass);
48 extern char *encrypt_password(PasswordType target_type, const char *role,
49  const char *password);
50 
51 extern char *get_role_password(const char *role, const char **logdetail);
52 
53 extern int md5_crypt_verify(const char *role, const char *shadow_pass,
54  const char *client_pass, const char *md5_salt,
55  int md5_salt_len, const char **logdetail);
56 extern int plain_crypt_verify(const char *role, const char *shadow_pass,
57  const char *client_pass,
58  const char **logdetail);
59 
60 #endif
#define PGDLLIMPORT
Definition: c.h:1295
int plain_crypt_verify(const char *role, const char *shadow_pass, const char *client_pass, const char **logdetail)
Definition: crypt.c:256
PasswordType
Definition: crypt.h:41
@ PASSWORD_TYPE_PLAINTEXT
Definition: crypt.h:42
@ PASSWORD_TYPE_SCRAM_SHA_256
Definition: crypt.h:44
@ PASSWORD_TYPE_MD5
Definition: crypt.h:43
char * get_role_password(const char *role, const char **logdetail)
Definition: crypt.c:38
PasswordType get_password_type(const char *shadow_pass)
Definition: crypt.c:90
PGDLLIMPORT bool md5_password_warnings
Definition: crypt.c:28
char * encrypt_password(PasswordType target_type, const char *role, const char *password)
Definition: crypt.c:117
int md5_crypt_verify(const char *role, const char *shadow_pass, const char *client_pass, const char *md5_salt, int md5_salt_len, const char **logdetail)
Definition: crypt.c:202
static char * password
Definition: streamutil.c:52