Fix PQencryptPasswordConn to work with older server versions.

password_encryption was a boolean before version 10, so cope with "on" and "off". Also, change the behavior with "plain", to treat it the same as "md5". We're discussing removing the password_encryption='plain' option from the server altogether, which will make this the only reasonable choice, but even if we kept it, it seems best to never send the password in cleartext.
9 years ago · 20bf7b2b0a
parent 0de791ed76
commit 20bf7b2b0a
2 changed files with 17 additions and 8 deletions
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@ -5902,7 +5902,9 @@ char *PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user,
      are the cleartext password, and the SQL name of the user it is for.
      <parameter>algorithm</> specifies the encryption algorithm
      to use to encrypt the password. Currently supported algorithms are
-      <literal>md5</>, <literal>scram-sha-256</> and <literal>plain</>.
+      <literal>md5</> and <literal>scram-sha-256</> (<literal>on</> and
+      <literal>off</> are also accepted as aliases for <literal>md5</>, for
+      compatibility with older server versions). Note that support for
      <literal>scram-sha-256</> was introduced in <productname>PostgreSQL</>
      version 10, and will not work correctly with older server versions. If
      <parameter>algorithm</> is <symbol>NULL</>, this function will query
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@ -1168,7 +1168,7 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user,
 		{
 			PQclear(res);
 			printfPQExpBuffer(&conn->errorMessage,
-							  libpq_gettext("password_encryption value too long\n"));
+					  libpq_gettext("password_encryption value too long\n"));
 			return NULL;
 		}
 		strcpy(algobuf, val);
@ -1177,8 +1177,19 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user,
 		algorithm = algobuf;
 	}

-	/* Ok, now we know what algorithm to use */
+	/*
+	 * Also accept "on" and "off" as aliases for "md5", because
+	 * password_encryption was a boolean before PostgreSQL 10.  We refuse to
+	 * send the password in plaintext even if it was "off".
+	 */
+	if (strcmp(algorithm, "on") == 0 ||
+		strcmp(algorithm, "off") == 0 ||
+		strcmp(algorithm, "plain") == 0)
+		algorithm = "md5";

+	/*
+	 * Ok, now we know what algorithm to use
+	 */
 	if (strcmp(algorithm, "scram-sha-256") == 0)
 	{
 		crypt_pwd = pg_fe_scram_build_verifier(passwd);
@ -1195,14 +1206,10 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user,
 			}
 		}
 	}
-	else if (strcmp(algorithm, "plain") == 0)
-	{
-		crypt_pwd = strdup(passwd);
-	}
 	else
 	{
 		printfPQExpBuffer(&conn->errorMessage,
-						  libpq_gettext("unknown password encryption algorithm\n"));
+				   libpq_gettext("unknown password encryption algorithm\n"));
 		return NULL;
 	}