Use MD5 for wire protocol encryption for >= 7.2 client/server.

Allow pg_shadow to be MD5 encrypted.
Add ENCRYPTED/UNENCRYPTED option to CREATE/ALTER user.
Add password_encryption postgresql.conf option.
Update wire protocol version to 2.1.

diff --git a/connection.c b/connection.c
index 90fc132b98114c4f2ed67859d376b392c13b747a..42196df9eedd2e005edc350f51b15ba32643f388 100644 (file)
--- a/connection.c
+++ b/connection.c
@@ -677,7 +677,7 @@ CC_connect(ConnectionClass *self, char do_password)
                        mylog("auth got 'R'\n");
 
                        areq = SOCK_get_int(sock, 4);
-                       if (areq == AUTH_REQ_CRYPT)
+                       if (areq == AUTH_REQ_CRYPT || areq == AUTH_REQ_MD5)
                            SOCK_get_n_char(sock, salt, 2);
 
                        mylog("areq = %d\n", areq);
@@ -717,6 +717,7 @@ CC_connect(ConnectionClass *self, char do_password)
                            break;
 
                        case AUTH_REQ_CRYPT:
+                       case AUTH_REQ_MD5:
                            self->errormsg = "Password crypt authentication not supported";
                            self->errornumber = CONN_AUTH_TYPE_UNSUPPORTED;
                            return 0;
@@ -1672,15 +1673,15 @@ CC_log_error(char *func, char *desc, ConnectionClass *self)
 
 int     CC_get_max_query_len(const ConnectionClass *conn)
 {
-        int     value;
-        /* Long Queries in 7.0+ */
-        if (PG_VERSION_GE(conn, 7.0))
-                value = 0 /* MAX_STATEMENT_LEN */;
-        /* Prior to 7.0 we used 2*BLCKSZ */
-        else if (PG_VERSION_GE(conn, 6.5))
-                value = (2 * BLCKSZ);
-        else
-                /* Prior to 6.5 we used BLCKSZ */
-                value = BLCKSZ;
-        return value;
+       int     value;
+       /* Long Queries in 7.0+ */
+       if (PG_VERSION_GE(conn, 7.0))
+               value = 0 /* MAX_STATEMENT_LEN */;
+       /* Prior to 7.0 we used 2*BLCKSZ */
+       else if (PG_VERSION_GE(conn, 6.5))
+               value = (2 * BLCKSZ);
+       else
+               /* Prior to 6.5 we used BLCKSZ */
+               value = BLCKSZ;
+       return value;
 }

diff --git a/connection.h b/connection.h
index d3eb8700b2861ccc40ed4719e825cfc3cbedf2ec..1038bf117ba01d39162b5dcf4a5260ccb68c88dc 100644 (file)
--- a/connection.h
+++ b/connection.h
@@ -93,6 +93,7 @@ typedef enum
 #define AUTH_REQ_KRB5                              2
 #define AUTH_REQ_PASSWORD                          3
 #define AUTH_REQ_CRYPT                             4
+#define AUTH_REQ_MD5                               5
 
 /* Startup Packet sizes */
 #define SM_DATABASE                                    64