|
| 1 | +/* |
| 2 | + * PostgreSQL type definitions for chkpass |
| 3 | + * Written by D'Arcy J.M. Cain |
| 4 | + * darcy@druid.net |
| 5 | + * http://www.druid.net/darcy/ |
| 6 | + * |
| 7 | + * $Header: /cvsroot/pgsql/contrib/chkpass/chkpass.c,v 1.1 2001/05/03 12:32:13 darcy Exp $ |
| 8 | + * best viewed with tabs set to 4 |
| 9 | + */ |
| 10 | + |
| 11 | +#include <stdio.h> |
| 12 | +#include <string.h> |
| 13 | +#include <time.h> |
| 14 | +#include <unistd.h> |
| 15 | + |
| 16 | +#include <postgres.h> |
| 17 | +#include <utils/palloc.h> |
| 18 | + |
| 19 | +/* |
| 20 | + * This type encrypts it's input unless the first character is a colon. |
| 21 | + * The output is the encrypted form with a leading colon. The output |
| 22 | + * format is designed to allow dump and reload operations to work as |
| 23 | + * expected without doing special tricks. |
| 24 | + */ |
| 25 | + |
| 26 | + |
| 27 | +/* |
| 28 | + * This is the internal storage format for CHKPASSs. |
| 29 | + * 15 is all I need but add a little buffer |
| 30 | + */ |
| 31 | + |
| 32 | +typedef struct chkpass |
| 33 | +{ |
| 34 | + char password[16]; |
| 35 | +} chkpass; |
| 36 | + |
| 37 | +/* |
| 38 | + * Various forward declarations: |
| 39 | + */ |
| 40 | + |
| 41 | +chkpass *chkpass_in(char *str); |
| 42 | +char *chkpass_out(chkpass * addr); |
| 43 | +text *chkpass_rout(chkpass * addr); |
| 44 | + |
| 45 | +/* Only equal or not equal make sense */ |
| 46 | +bool chkpass_eq(chkpass * a1, text * a2); |
| 47 | +bool chkpass_ne(chkpass * a1, text * a2); |
| 48 | + |
| 49 | +/* This function checks that the password is a good one |
| 50 | + * It's just a placeholder for now */ |
| 51 | +static int |
| 52 | +verify_pass(const char *str) |
| 53 | +{ |
| 54 | + return 0; |
| 55 | +} |
| 56 | + |
| 57 | +/* |
| 58 | + * CHKPASS reader. |
| 59 | + */ |
| 60 | +chkpass * |
| 61 | +chkpass_in(char *str) |
| 62 | +{ |
| 63 | + chkpass *result; |
| 64 | + char mysalt[4]; |
| 65 | + static bool random_initialized = false; |
| 66 | + static char salt_chars[] = |
| 67 | + "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; |
| 68 | + |
| 69 | + /* special case to let us enter encrypted passwords */ |
| 70 | + if (*str == ':') |
| 71 | + { |
| 72 | + result = (chkpass *) palloc(sizeof(chkpass)); |
| 73 | + strncpy(result->password, str + 1, 13); |
| 74 | + result->password[13] = 0; |
| 75 | + return (result); |
| 76 | + } |
| 77 | + |
| 78 | + if (verify_pass(str) != 0) |
| 79 | + { |
| 80 | + elog(ERROR, "chkpass_in: purported CHKPASS \"%s\" is a weak password", |
| 81 | + str); |
| 82 | + return NULL; |
| 83 | + } |
| 84 | + |
| 85 | + result = (chkpass *) palloc(sizeof(chkpass)); |
| 86 | + |
| 87 | + if (!random_initialized) |
| 88 | + { |
| 89 | + srandom((unsigned int) time(NULL)); |
| 90 | + random_initialized = true; |
| 91 | + } |
| 92 | + |
| 93 | + mysalt[0] = salt_chars[random() & 0x3f]; |
| 94 | + mysalt[1] = salt_chars[random() & 0x3f]; |
| 95 | + mysalt[2] = 0; /* technically the terminator is not |
| 96 | + * necessary but I like to play safe */ |
| 97 | + strcpy(result->password, crypt(str, mysalt)); |
| 98 | + return (result); |
| 99 | +} |
| 100 | + |
| 101 | +/* |
| 102 | + * CHKPASS output function. |
| 103 | + * Just like any string but we know it is max 15 (13 plus colon and terminator.) |
| 104 | + */ |
| 105 | + |
| 106 | +char * |
| 107 | +chkpass_out(chkpass * password) |
| 108 | +{ |
| 109 | + char *result; |
| 110 | + |
| 111 | + if (password == NULL) |
| 112 | + return (NULL); |
| 113 | + |
| 114 | + if ((result = (char *) palloc(16)) != NULL) |
| 115 | + { |
| 116 | + result[0] = ':'; |
| 117 | + strcpy(result + 1, password->password); |
| 118 | + } |
| 119 | + |
| 120 | + return (result); |
| 121 | +} |
| 122 | + |
| 123 | + |
| 124 | +/* |
| 125 | + * special output function that doesn't output the colon |
| 126 | + */ |
| 127 | + |
| 128 | +text * |
| 129 | +chkpass_rout(chkpass *password) |
| 130 | +{ |
| 131 | + text *result = NULL; |
| 132 | + |
| 133 | + if (password == NULL) |
| 134 | + return (NULL); |
| 135 | + |
| 136 | + if ((result = (text *) palloc(VARHDRSZ + 16)) != NULL) |
| 137 | + { |
| 138 | + VARSIZE(result) = VARHDRSZ + strlen(password->password); |
| 139 | + memcpy(VARDATA(result), password->password, strlen(password->password)); |
| 140 | + } |
| 141 | + |
| 142 | + return (result); |
| 143 | +} |
| 144 | + |
| 145 | + |
| 146 | +/* |
| 147 | + * Boolean tests |
| 148 | + */ |
| 149 | + |
| 150 | +bool |
| 151 | +chkpass_eq(chkpass * a1, text *a2) |
| 152 | +{ |
| 153 | + char str[10]; |
| 154 | + int sz = 8; |
| 155 | + |
| 156 | + if (!a1 || !a2) return 0; |
| 157 | + if (a2->vl_len < 12) sz = a2->vl_len - 4; |
| 158 | + strncpy(str, a2->vl_dat, sz); |
| 159 | + str[sz] = 0; |
| 160 | + return (strcmp(a1->password, crypt(str, a1->password)) == 0); |
| 161 | +} |
| 162 | + |
| 163 | +bool |
| 164 | +chkpass_ne(chkpass * a1, text *a2) |
| 165 | +{ |
| 166 | + char str[10]; |
| 167 | + int sz = 8; |
| 168 | + |
| 169 | + if (!a1 || !a2) return 0; |
| 170 | + if (a2->vl_len < 12) sz = a2->vl_len - 4; |
| 171 | + strncpy(str, a2->vl_dat, sz); |
| 172 | + str[sz] = 0; |
| 173 | + return (strcmp(a1->password, crypt(str, a1->password)) != 0); |
| 174 | +} |
| 175 | + |
0 commit comments