public inbox for [email protected]help / color / mirror / Atom feed
[PATCH 07/10] add wal_compression_method: zstd 4+ messages / 3 participants [nested] [flat]
* [PATCH 07/10] add wal_compression_method: zstd @ 2021-03-12 20:43 Justin Pryzby <[email protected]> 0 siblings, 0 replies; 4+ messages in thread From: Justin Pryzby @ 2021-03-12 20:43 UTC (permalink / raw) --- configure | 163 ++++++++++++++++++ configure.ac | 26 +++ doc/src/sgml/config.sgml | 2 +- src/backend/access/transam/xlog.c | 3 + src/backend/access/transam/xloginsert.c | 19 ++ src/backend/access/transam/xlogreader.c | 16 ++ src/backend/utils/misc/postgresql.conf.sample | 2 +- src/include/access/xlog_internal.h | 1 + src/include/pg_config.h.in | 3 + src/tools/msvc/Solution.pm | 1 + 10 files changed, 234 insertions(+), 2 deletions(-) diff --git a/configure b/configure index 8d76be00c1..81e23418b2 100755 --- a/configure +++ b/configure @@ -699,6 +699,9 @@ with_gnu_ld LD LDFLAGS_SL LDFLAGS_EX +ZSTD_LIBS +ZSTD_CFLAGS +with_zstd LZ4_LIBS LZ4_CFLAGS with_lz4 @@ -868,6 +871,7 @@ with_libxslt with_system_tzdata with_zlib with_lz4 +with_zstd with_gnu_ld with_ssl with_openssl @@ -897,6 +901,8 @@ XML2_CFLAGS XML2_LIBS LZ4_CFLAGS LZ4_LIBS +ZSTD_CFLAGS +ZSTD_LIBS LDFLAGS_EX LDFLAGS_SL PERL @@ -1576,6 +1582,7 @@ Optional Packages: use system time zone data in DIR --without-zlib do not use Zlib --without-lz4 build without LZ4 support + --with-zstd build with Zstd compression library --with-gnu-ld assume the C compiler uses GNU ld [default=no] --with-ssl=LIB use LIB for SSL/TLS support (openssl) --with-openssl obsolete spelling of --with-ssl=openssl @@ -1605,6 +1612,8 @@ Some influential environment variables: XML2_LIBS linker flags for XML2, overriding pkg-config LZ4_CFLAGS C compiler flags for LZ4, overriding pkg-config LZ4_LIBS linker flags for LZ4, overriding pkg-config + ZSTD_CFLAGS C compiler flags for ZSTD, overriding pkg-config + ZSTD_LIBS linker flags for ZSTD, overriding pkg-config LDFLAGS_EX extra linker flags for linking executables only LDFLAGS_SL extra linker flags for linking shared libraries only PERL Perl program @@ -8705,6 +8714,137 @@ fi CFLAGS="$LZ4_CFLAGS $CFLAGS" fi +# +# ZSTD +# +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build with zstd support" >&5 +$as_echo_n "checking whether to build with zstd support... " >&6; } + + + +# Check whether --with-zstd was given. +if test "${with_zstd+set}" = set; then : + withval=$with_zstd; + case $withval in + yes) + +$as_echo "#define USE_ZSTD 1" >>confdefs.h + + ;; + no) + : + ;; + *) + as_fn_error $? "no argument expected for --with-zstd option" "$LINENO" 5 + ;; + esac + +else + with_zstd=no + +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_zstd" >&5 +$as_echo "$with_zstd" >&6; } + + +if test "$with_zstd" = yes; then + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libzstd" >&5 +$as_echo_n "checking for libzstd... " >&6; } + +if test -n "$ZSTD_CFLAGS"; then + pkg_cv_ZSTD_CFLAGS="$ZSTD_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libzstd\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libzstd") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_ZSTD_CFLAGS=`$PKG_CONFIG --cflags "libzstd" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$ZSTD_LIBS"; then + pkg_cv_ZSTD_LIBS="$ZSTD_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libzstd\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libzstd") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_ZSTD_LIBS=`$PKG_CONFIG --libs "libzstd" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + ZSTD_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libzstd" 2>&1` + else + ZSTD_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libzstd" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$ZSTD_PKG_ERRORS" >&5 + + as_fn_error $? "Package requirements (libzstd) were not met: + +$ZSTD_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +Alternatively, you may set the environment variables ZSTD_CFLAGS +and ZSTD_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details." "$LINENO" 5 +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +Alternatively, you may set the environment variables ZSTD_CFLAGS +and ZSTD_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. + +To get pkg-config, see <http://pkg-config.freedesktop.org/;. +See \`config.log' for more details" "$LINENO" 5; } +else + ZSTD_CFLAGS=$pkg_cv_ZSTD_CFLAGS + ZSTD_LIBS=$pkg_cv_ZSTD_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +fi + LIBS="$ZSTD_LIBS $LIBS" + CFLAGS="$ZSTD_CFLAGS $CFLAGS" +fi + # # Assignments # @@ -13559,6 +13699,29 @@ done CPPFLAGS=$ac_save_CPPFLAGS fi +if test "$with_zstd" = yes; then + ac_save_CPPFLAGS=$CPPFLAGS + CPPFLAGS="$ZSTD_CFLAGS $CPPFLAGS" + + # Verify we have zstd's header files + for ac_header in zstd.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "zstd.h" "ac_cv_header_zstd_h" "$ac_includes_default" +if test "x$ac_cv_header_zstd_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_ZSTD_H 1 +_ACEOF + +else + as_fn_error $? "zstd.h header file is required for zstd" "$LINENO" 5 +fi + +done + + + CPPFLAGS=$ac_save_CPPFLAGS +fi + if test "$with_gssapi" = yes ; then for ac_header in gssapi/gssapi.h do : diff --git a/configure.ac b/configure.ac index bfcdc88be0..d6f6349067 100644 --- a/configure.ac +++ b/configure.ac @@ -1001,6 +1001,21 @@ if test "$with_lz4" = yes; then CFLAGS="$LZ4_CFLAGS $CFLAGS" fi +# +# ZSTD +# +AC_MSG_CHECKING([whether to build with zstd support]) +PGAC_ARG_BOOL(with, zstd, no, [build with Zstd compression library], + [AC_DEFINE([USE_ZSTD], 1, [Define to 1 to build with zstd support. (--with-zstd)])]) +AC_MSG_RESULT([$with_zstd]) +AC_SUBST(with_zstd) + +if test "$with_zstd" = yes; then + PKG_CHECK_MODULES(ZSTD, libzstd) + LIBS="$ZSTD_LIBS $LIBS" + CFLAGS="$ZSTD_CFLAGS $CFLAGS" +fi + # # Assignments # @@ -1436,6 +1451,17 @@ if test "$with_lz4" = yes; then CPPFLAGS=$ac_save_CPPFLAGS fi +if test "$with_zstd" = yes; then + ac_save_CPPFLAGS=$CPPFLAGS + CPPFLAGS="$ZSTD_CFLAGS $CPPFLAGS" + + # Verify we have zstd's header files + AC_CHECK_HEADERS(zstd.h, [], + [AC_MSG_ERROR([zstd.h header file is required for zstd])]) + + CPPFLAGS=$ac_save_CPPFLAGS +fi + if test "$with_gssapi" = yes ; then AC_CHECK_HEADERS(gssapi/gssapi.h, [], [AC_CHECK_HEADERS(gssapi.h, [], [AC_MSG_ERROR([gssapi.h header file is required for GSSAPI])])]) diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index 257775c83b..94dd6ef3e9 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -3083,7 +3083,7 @@ include_dir 'conf.d' This parameter selects the compression method used to compress WAL when <varname>wal_compression</varname> is enabled. The supported methods are pglz, zlib, and (if configured when - <productname>PostgreSQL</productname> was built) lz4. + <productname>PostgreSQL</productname> was built) lz4 and zstd. The default value is <literal>pglz</literal>. Only superusers can change this setting. </para> diff --git a/src/backend/access/transam/xlog.c b/src/backend/access/transam/xlog.c index 3657f74de9..307eee6626 100644 --- a/src/backend/access/transam/xlog.c +++ b/src/backend/access/transam/xlog.c @@ -189,6 +189,9 @@ const struct config_enum_entry wal_compression_options[] = { #endif #ifdef USE_LZ4 {"lz4", WAL_COMPRESSION_LZ4, false}, +#endif +#ifdef USE_ZSTD + {"zstd", WAL_COMPRESSION_ZSTD, false}, #endif {NULL, 0, false} }; diff --git a/src/backend/access/transam/xloginsert.c b/src/backend/access/transam/xloginsert.c index 9fe5c30236..5d1ae37dae 100644 --- a/src/backend/access/transam/xloginsert.c +++ b/src/backend/access/transam/xloginsert.c @@ -41,6 +41,10 @@ #include "lz4.h" #endif +#ifdef USE_ZSTD +#include "zstd.h" +#endif + /* Buffer size required to store a compressed version of backup block image */ #define PGLZ_MAX_BLCKSZ PGLZ_MAX_OUTPUT(BLCKSZ) @@ -896,6 +900,21 @@ XLogCompressBackupBlock(char *page, uint16 hole_offset, uint16 hole_length, break; #endif +#ifdef USE_ZSTD + case WAL_COMPRESSION_ZSTD: + len = ZSTD_compress(dest, PGLZ_MAX_BLCKSZ, source, orig_len, 1); + if (ZSTD_isError(len)) + { + ereport(ERROR, + (errcode(ERRCODE_FEATURE_NOT_SUPPORTED), + errmsg("failed compressing zstd: %s", + ZSTD_getErrorName(len)))); + len = -1; + } + + break; +#endif + default: /* * It should be impossible to get here for unsupported algorithms, diff --git a/src/backend/access/transam/xlogreader.c b/src/backend/access/transam/xlogreader.c index fa1e38a810..caa1031d63 100644 --- a/src/backend/access/transam/xlogreader.c +++ b/src/backend/access/transam/xlogreader.c @@ -41,6 +41,10 @@ #include "lz4.h" #endif +#ifdef USE_ZSTD +#include "zstd.h" +#endif + static void report_invalid_record(XLogReaderState *state, const char *fmt,...) pg_attribute_printf(2, 3); static bool allocate_recordbuf(XLogReaderState *state, uint32 reclength); @@ -1564,6 +1568,8 @@ wal_compression_name(WalCompression compression) return "zlib"; case WAL_COMPRESSION_LZ4: return "lz4"; + case WAL_COMPRESSION_ZSTD: + return "zstd"; default: return "???"; } @@ -1621,6 +1627,16 @@ RestoreBlockImage(XLogReaderState *record, uint8 block_id, char *page) break; #endif +#ifdef USE_ZSTD + case WAL_COMPRESSION_ZSTD: + decomp_result = ZSTD_decompress(tmp.data, BLCKSZ-bkpb->hole_length, + ptr, bkpb->bimg_len); + // XXX: ZSTD_getErrorName + if (ZSTD_isError(decomp_result)) + decomp_result = -1; + break; +#endif + default: report_invalid_record(record, "image at %X/%X is compressed with unsupported codec, block %d (%d/%s)", (uint32) (record->ReadRecPtr >> 32), diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample index 76f494cb9b..d372e2a817 100644 --- a/src/backend/utils/misc/postgresql.conf.sample +++ b/src/backend/utils/misc/postgresql.conf.sample @@ -213,7 +213,7 @@ # open_sync #full_page_writes = on # recover from partial page writes #wal_compression = off # enable compression of full-page writes -#wal_compression_method = pglz # pglz, zlib, lz4 +#wal_compression_method = pglz # pglz, zlib, lz4, zstd #wal_log_hints = off # also do full page writes of non-critical updates # (change requires restart) #wal_init_zero = on # zero-fill new WAL files diff --git a/src/include/access/xlog_internal.h b/src/include/access/xlog_internal.h index e70886b81c..48b16b6083 100644 --- a/src/include/access/xlog_internal.h +++ b/src/include/access/xlog_internal.h @@ -329,6 +329,7 @@ typedef enum WalCompression WAL_COMPRESSION_PGLZ, WAL_COMPRESSION_ZLIB, WAL_COMPRESSION_LZ4, + WAL_COMPRESSION_ZSTD, } WalCompression; extern const char *wal_compression_name(WalCompression compression); diff --git a/src/include/pg_config.h.in b/src/include/pg_config.h.in index 0a6422da4f..ad26393352 100644 --- a/src/include/pg_config.h.in +++ b/src/include/pg_config.h.in @@ -902,6 +902,9 @@ /* Define to 1 to build with LZ4 support (--with-lz4) */ #undef USE_LZ4 +/* Define to 1 if you have the `zstd' library (-lzstd). */ +#undef USE_ZSTD + /* Define to select named POSIX semaphores. */ #undef USE_NAMED_POSIX_SEMAPHORES diff --git a/src/tools/msvc/Solution.pm b/src/tools/msvc/Solution.pm index 14605371bb..fff0212087 100644 --- a/src/tools/msvc/Solution.pm +++ b/src/tools/msvc/Solution.pm @@ -486,6 +486,7 @@ sub GenerateFiles USE_LIBXML => undef, USE_LIBXSLT => undef, USE_LZ4 => undef, + USE_ZSTD => $self->{options}->{zstd} ? 1 : undef, USE_LDAP => $self->{options}->{ldap} ? 1 : undef, USE_LLVM => undef, USE_NAMED_POSIX_SEMAPHORES => undef, -- 2.17.0 --XsQoSWH+UP9D9v3l Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="0008-Default-to-zstd.patch" ^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: [HACKERS] Changing references of password encryption to hashing @ 2023-12-27 01:04 Bruce Momjian <[email protected]> 0 siblings, 1 reply; 4+ messages in thread From: Bruce Momjian @ 2023-12-27 01:04 UTC (permalink / raw) To: Robert Haas <[email protected]>; +Cc: Stephen Frost <[email protected]>; Michael Paquier <[email protected]>; pgsql-hackers On Tue, Nov 28, 2023 at 10:01:57AM -0500, Robert Haas wrote: > On Tue, Nov 28, 2023 at 9:55 AM Stephen Frost <[email protected]> wrote: > > I do think we should use the correct terminology in our documentation > > and would support your working on improving things in this area. > > +1. Attached is a draft patch to use the term "hash" instead of "encrypt" for password storage. I was not able to use Michael Paquier's version from 2017 because the code has changed too much. I did _not_ change the user API, so CREATE/ALTER ROLE still uses [ENCRYPTED] PASSWORD, the GUC is still called password_encryption, and the libpq function is still called PQencryptPasswordConn(). This makes the user interface confusing since the API uses "encryption" but the text calls it "hashing". Is there support for renaming the API to use "hash" and keeping "encrypt" for backward compatiblity. -- Bruce Momjian <[email protected]> https://momjian.us EDB https://enterprisedb.com Only you can decide what is important to you. Attachments: [text/x-diff] hash.diff (42.0K, ../../[email protected]/2-hash.diff) download | inline diff: diff --git a/contrib/passwordcheck/expected/passwordcheck.out b/contrib/passwordcheck/expected/passwordcheck.out index 2027681daf..627b556bdf 100644 --- a/contrib/passwordcheck/expected/passwordcheck.out +++ b/contrib/passwordcheck/expected/passwordcheck.out @@ -11,7 +11,7 @@ ERROR: password must not contain user name -- error: contains only letters ALTER USER regress_passwordcheck_user1 PASSWORD 'alessnicelongpassword'; ERROR: password must contain both letters and nonletters --- encrypted ok (password is "secret") +-- hashed ok (password is "secret") ALTER USER regress_passwordcheck_user1 PASSWORD 'md592350e12ac34e52dd598f90893bb3ae7'; -- error: password is user name ALTER USER regress_passwordcheck_user1 PASSWORD 'md507a112732ed9f2087fa90b192d44e358'; diff --git a/contrib/passwordcheck/expected/passwordcheck_1.out b/contrib/passwordcheck/expected/passwordcheck_1.out index 5d8d5dcc1c..cff6da9a63 100644 --- a/contrib/passwordcheck/expected/passwordcheck_1.out +++ b/contrib/passwordcheck/expected/passwordcheck_1.out @@ -11,7 +11,7 @@ ERROR: password must not contain user name -- error: contains only letters ALTER USER regress_passwordcheck_user1 PASSWORD 'alessnicelongpassword'; ERROR: password must contain both letters and nonletters --- encrypted ok (password is "secret") +-- hashed ok (password is "secret") ALTER USER regress_passwordcheck_user1 PASSWORD 'md592350e12ac34e52dd598f90893bb3ae7'; -- error: password is user name ALTER USER regress_passwordcheck_user1 PASSWORD 'md507a112732ed9f2087fa90b192d44e358'; diff --git a/contrib/passwordcheck/passwordcheck.c b/contrib/passwordcheck/passwordcheck.c index ae4a0abe2e..6abd5c1634 100644 --- a/contrib/passwordcheck/passwordcheck.c +++ b/contrib/passwordcheck/passwordcheck.c @@ -35,13 +35,13 @@ static check_password_hook_type prev_check_password_hook = NULL; /* * check_password * - * performs checks on an encrypted or unencrypted password + * performs checks on an hashed or unencrypted password * ereport's if not acceptable * * username: name of role being created or changed - * password: new password (possibly already encrypted) + * password: new password (possibly already hashed) * password_type: PASSWORD_TYPE_* code, to indicate if the password is - * in plaintext or encrypted form. + * in plaintext or hashed form. * validuntil_time: password expiration time, as a timestamptz Datum * validuntil_null: true if password expiration time is NULL * @@ -64,9 +64,9 @@ check_password(const char *username, if (password_type != PASSWORD_TYPE_PLAINTEXT) { /* - * Unfortunately we cannot perform exhaustive checks on encrypted + * Unfortunately we cannot perform exhaustive checks on hashed * passwords - we are restricted to guessing. (Alternatively, we could - * insist on the password being presented non-encrypted, but that has + * insist on the password being presented non-hashed, but that has * its own security disadvantages.) * * We only check for username = password. diff --git a/contrib/passwordcheck/sql/passwordcheck.sql b/contrib/passwordcheck/sql/passwordcheck.sql index 1fbd6b0e96..f7befd2e41 100644 --- a/contrib/passwordcheck/sql/passwordcheck.sql +++ b/contrib/passwordcheck/sql/passwordcheck.sql @@ -14,7 +14,7 @@ ALTER USER regress_passwordcheck_user1 PASSWORD 'xyzregress_passwordcheck_user1' -- error: contains only letters ALTER USER regress_passwordcheck_user1 PASSWORD 'alessnicelongpassword'; --- encrypted ok (password is "secret") +-- hashed ok (password is "secret") ALTER USER regress_passwordcheck_user1 PASSWORD 'md592350e12ac34e52dd598f90893bb3ae7'; -- error: password is user name diff --git a/contrib/pgcrypto/crypt-des.c b/contrib/pgcrypto/crypt-des.c index 98c30ea122..4d4bac7c39 100644 --- a/contrib/pgcrypto/crypt-des.c +++ b/contrib/pgcrypto/crypt-des.c @@ -750,7 +750,7 @@ px_crypt_des(const char *key, const char *setting) output[0] = setting[0]; /* - * If the encrypted password that the salt was extracted from is only + * If the hashed password that the salt was extracted from is only * 1 character long, the salt will be corrupted. We need to ensure * that the output string doesn't have an extra NUL in it! */ diff --git a/contrib/pgcrypto/expected/pgp-encrypt-md5.out b/contrib/pgcrypto/expected/pgp-encrypt-md5.out index 339e12a434..fd5a193ba8 100644 --- a/contrib/pgcrypto/expected/pgp-encrypt-md5.out +++ b/contrib/pgcrypto/expected/pgp-encrypt-md5.out @@ -1,5 +1,5 @@ -- --- PGP encrypt using MD5 +-- PGP encrypt using MD5 hash -- select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=md5'), diff --git a/contrib/pgcrypto/expected/pgp-encrypt-md5_1.out b/contrib/pgcrypto/expected/pgp-encrypt-md5_1.out index 612ca1d19c..80fba13a2a 100644 --- a/contrib/pgcrypto/expected/pgp-encrypt-md5_1.out +++ b/contrib/pgcrypto/expected/pgp-encrypt-md5_1.out @@ -1,5 +1,5 @@ -- --- PGP encrypt using MD5 +-- PGP encrypt using MD5 hash -- select pgp_sym_decrypt( pgp_sym_encrypt('Secret.', 'key', 's2k-digest-algo=md5'), diff --git a/contrib/pgcrypto/sql/pgp-encrypt-md5.sql b/contrib/pgcrypto/sql/pgp-encrypt-md5.sql index 201636c820..a5dd74485c 100644 --- a/contrib/pgcrypto/sql/pgp-encrypt-md5.sql +++ b/contrib/pgcrypto/sql/pgp-encrypt-md5.sql @@ -1,5 +1,5 @@ -- --- PGP encrypt using MD5 +-- PGP encrypt using MD5 hash -- select pgp_sym_decrypt( diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml index 3ec7391ec5..fb57701c3c 100644 --- a/doc/src/sgml/catalogs.sgml +++ b/doc/src/sgml/catalogs.sgml @@ -1591,8 +1591,8 @@ <structfield>rolpassword</structfield> <type>text</type> </para> <para> - Password (possibly encrypted); null if none. The format depends - on the form of encryption used. + Password (possibly hashed); null if none. The format depends + on the form of hashing used. </para></entry> </row> @@ -1610,7 +1610,7 @@ </table> <para> - For an MD5 encrypted password, <structfield>rolpassword</structfield> + For an MD5 hashed password, <structfield>rolpassword</structfield> column will begin with the string <literal>md5</literal> followed by a 32-character hexadecimal MD5 hash. The MD5 hash will be of the user's password concatenated to their user name. For example, if user @@ -1619,7 +1619,7 @@ </para> <para> - If the password is encrypted with SCRAM-SHA-256, it has the format: + If the password is hashed with SCRAM-SHA-256, it has the format: <synopsis> SCRAM-SHA-256$<replaceable><iteration count></replaceable>:<replaceable><salt></replaceable>$<replaceable><StoredKey></replaceable>:<replaceable><ServerKey></replaceable> </synopsis> @@ -1630,7 +1630,7 @@ SCRAM-SHA-256$<replaceable><iteration count></replaceable>:<replaceable>&l <para> A password that does not follow either of those formats is assumed to be - unencrypted. + unhashed. </para> </sect1> diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml index 477f70a65d..1fefb0e88e 100644 --- a/doc/src/sgml/client-auth.sgml +++ b/doc/src/sgml/client-auth.sgml @@ -538,7 +538,7 @@ include_dir <replaceable>directory</replaceable> <term><literal>password</literal></term> <listitem> <para> - Require the client to supply an unencrypted password for + Require the client to supply an unhashed password for authentication. Since the password is sent in clear text over the network, this should not be used on untrusted networks. @@ -1258,7 +1258,7 @@ omicron bryanh guest1 To ease transition from the <literal>md5</literal> method to the newer SCRAM method, if <literal>md5</literal> is specified as a method in <filename>pg_hba.conf</filename> but the user's password on the - server is encrypted for SCRAM (see below), then SCRAM-based + server is hashed for SCRAM (see below), then SCRAM-based authentication will automatically be chosen instead. </para> </listitem> @@ -1295,17 +1295,17 @@ omicron bryanh guest1 <para> The availability of the different password-based authentication methods - depends on how a user's password on the server is encrypted (or hashed, - more accurately). This is controlled by the configuration + depends on how a user's password on the server is hashed. + This is controlled by the configuration parameter <xref linkend="guc-password-encryption"/> at the time the - password is set. If a password was encrypted using + password is set. If a password was hashed using the <literal>scram-sha-256</literal> setting, then it can be used for the authentication methods <literal>scram-sha-256</literal> and <literal>password</literal> (but password transmission will be in plain text in the latter case). The authentication method specification <literal>md5</literal> will automatically switch to using the <literal>scram-sha-256</literal> method in this case, as explained - above, so it will also work. If a password was encrypted using + above, so it will also work. If a password was hashed using the <literal>md5</literal> setting, then it can be used only for the <literal>md5</literal> and <literal>password</literal> authentication method specifications (again, with the password transmitted in plain text diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index b5624ca884..20bf72ecdf 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -1106,14 +1106,14 @@ include_dir 'conf.d' <para> When a password is specified in <xref linkend="sql-createrole"/> or <xref linkend="sql-alterrole"/>, this parameter determines the - algorithm to use to encrypt the password. Possible values are - <literal>scram-sha-256</literal>, which will encrypt the password with + algorithm to use to hash the password. Possible values are + <literal>scram-sha-256</literal>, which will hash the password with SCRAM-SHA-256, and <literal>md5</literal>, which stores the password as an MD5 hash. The default is <literal>scram-sha-256</literal>. </para> <para> Note that older clients might lack support for the SCRAM authentication - mechanism, and hence not work with passwords encrypted with + mechanism, and hence not work with passwords hashed with SCRAM-SHA-256. See <xref linkend="auth-password"/> for more details. </para> </listitem> @@ -1127,13 +1127,13 @@ include_dir 'conf.d' </term> <listitem> <para> - The number of computational iterations to be performed when encrypting + The number of computational iterations to be performed when hashing a password using SCRAM-SHA-256. The default is <literal>4096</literal>. A higher number of iterations provides additional protection against brute-force attacks on stored passwords, but makes authentication slower. Changing the value has no effect on existing passwords - encrypted with SCRAM-SHA-256 as the iteration count is fixed at the - time of encryption. In order to make use of a changed value, a new + hashed with SCRAM-SHA-256 as the iteration count is fixed at the + time of hashing. In order to make use of a changed value, a new password must be set. </para> </listitem> diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index ed88ac001a..b9ce68b58c 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -7072,7 +7072,7 @@ void PQconninfoFree(PQconninfoOption *connOptions); <listitem> <para> - Prepares the encrypted form of a <productname>PostgreSQL</productname> password. + Prepares the hashed form of a <productname>PostgreSQL</productname> password. <synopsis> char *PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user, const char *algorithm); </synopsis> @@ -7081,14 +7081,14 @@ char *PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user, 'pwd'</literal>. It is good practice not to send the original cleartext password in such a command, because it might be exposed in command logs, activity displays, and so on. Instead, use this function to - convert the password to encrypted form before it is sent. + convert the password to hashed form before it is sent. </para> <para> The <parameter>passwd</parameter> and <parameter>user</parameter> arguments are the cleartext password, and the SQL name of the user it is for. - <parameter>algorithm</parameter> specifies the encryption algorithm - to use to encrypt the password. Currently supported algorithms are + <parameter>algorithm</parameter> specifies the hashing algorithm + to use to hash the password. Currently supported algorithms are <literal>md5</literal> and <literal>scram-sha-256</literal> (<literal>on</literal> and <literal>off</literal> are also accepted as aliases for <literal>md5</literal>, for compatibility with older server versions). Note that support for @@ -7121,7 +7121,7 @@ char *PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user, <listitem> <para> - Prepares the md5-encrypted form of a <productname>PostgreSQL</productname> password. + Prepares the md5-hashed form of a <productname>PostgreSQL</productname> password. <synopsis> char *PQencryptPassword(const char *passwd, const char *user); </synopsis> @@ -7129,7 +7129,7 @@ char *PQencryptPassword(const char *passwd, const char *user); <xref linkend="libpq-PQencryptPasswordConn"/>. The difference is that <xref linkend="libpq-PQencryptPassword"/> does not require a connection object, and <literal>md5</literal> is always used as the - encryption algorithm. + hashing algorithm. </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/passwordcheck.sgml b/doc/src/sgml/passwordcheck.sgml index 601f489227..936940292e 100644 --- a/doc/src/sgml/passwordcheck.sgml +++ b/doc/src/sgml/passwordcheck.sgml @@ -40,8 +40,8 @@ To prevent unencrypted passwords from being sent across the network, written to the server log or otherwise stolen by a database administrator, <productname>PostgreSQL</productname> allows the user to supply - pre-encrypted passwords. Many client programs make use of this - functionality and encrypt the password before sending it to the server. + pre-hashed passwords. Many client programs make use of this + functionality and hash the password before sending it to the server. </para> <para> This limits the usefulness of the <filename>passwordcheck</filename> @@ -54,7 +54,7 @@ </para> <para> Alternatively, you could modify <filename>passwordcheck</filename> - to reject pre-encrypted passwords, but forcing users to set their + to reject pre-hashed passwords, but forcing users to set their passwords in clear text carries its own security risks. </para> </caution> diff --git a/doc/src/sgml/pgcrypto.sgml b/doc/src/sgml/pgcrypto.sgml index 2e29f1d6f7..39176c8dbb 100644 --- a/doc/src/sgml/pgcrypto.sgml +++ b/doc/src/sgml/pgcrypto.sgml @@ -119,7 +119,7 @@ hmac(data bytea, key bytea, type text) returns bytea <listitem> <para> They use a random value, called the <firstterm>salt</firstterm>, so that users - having the same password will have different encrypted passwords. + having the same password will have different hashed passwords. This is also an additional defense against reversing the algorithm. </para> </listitem> diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml index 6c3e8a631d..d84d0dacba 100644 --- a/doc/src/sgml/protocol.sgml +++ b/doc/src/sgml/protocol.sgml @@ -302,7 +302,7 @@ <listitem> <para> The frontend must now send a PasswordMessage containing the - password (with user name) encrypted via MD5, then encrypted + password (with user name) hashed via MD5, then hashed again using the 4-byte random salt specified in the AuthenticationMD5Password message. If this is the correct password, the server responds with an AuthenticationOk, @@ -3527,7 +3527,7 @@ psql "dbname=postgres replication=database" -c "IDENTIFY_SYSTEM;" <term>Int32(5)</term> <listitem> <para> - Specifies that an MD5-encrypted password is required. + Specifies that an MD5-hashed password is required. </para> </listitem> </varlistentry> @@ -3536,7 +3536,7 @@ psql "dbname=postgres replication=database" -c "IDENTIFY_SYSTEM;" <term>Byte4</term> <listitem> <para> - The salt to use when encrypting the password. + The salt to use when hashing the password. </para> </listitem> </varlistentry> @@ -5398,7 +5398,7 @@ psql "dbname=postgres replication=database" -c "IDENTIFY_SYSTEM;" <term>String</term> <listitem> <para> - The password (encrypted, if requested). + The password (hashed, if requested). </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/ref/alter_role.sgml b/doc/src/sgml/ref/alter_role.sgml index ab1ee45d54..68aeaa128a 100644 --- a/doc/src/sgml/ref/alter_role.sgml +++ b/doc/src/sgml/ref/alter_role.sgml @@ -88,9 +88,9 @@ ALTER ROLE { <replaceable class="parameter">role_specification</replaceable> | A roles for which they have been granted <literal>ADMIN OPTION</literal>. The current session user cannot be renamed. (Connect as a different user if you need to do that.) - Because <literal>MD5</literal>-encrypted passwords use the role name as + Because <literal>MD5</literal>-hashed passwords use the role name as cryptographic salt, renaming a role clears its password if the - password is <literal>MD5</literal>-encrypted. + password is <literal>MD5</literal>-hashed. </para> <para> @@ -258,7 +258,7 @@ ALTER ROLE { <replaceable class="parameter">role_specification</replaceable> | A </para> <para> - Caution must be exercised when specifying an unencrypted password + Caution must be exercised when specifying an unhashed password with this command. The password will be transmitted to the server in cleartext, and it might also be logged in the client's command history or the server log. <xref linkend="app-psql"/> diff --git a/doc/src/sgml/ref/create_role.sgml b/doc/src/sgml/ref/create_role.sgml index 8dd2a6395c..70f17c2794 100644 --- a/doc/src/sgml/ref/create_role.sgml +++ b/doc/src/sgml/ref/create_role.sgml @@ -254,15 +254,15 @@ in sync when changing the above synopsis! </para> </note> <para> - The password is always stored encrypted in the system catalogs. The + The password is always stored hashed in the system catalogs. The <literal>ENCRYPTED</literal> keyword has no effect, but is accepted for - backwards compatibility. The method of encryption is determined + backwards compatibility. The method of hashing is determined by the configuration parameter <xref linkend="guc-password-encryption"/>. - If the presented password string is already in MD5-encrypted or - SCRAM-encrypted format, then it is stored as-is regardless of + If the presented password string is already in MD5-hashed or + SCRAM-hashed format, then it is stored as-is regardless of <varname>password_encryption</varname> (since the system cannot decrypt - the specified encrypted password string, to encrypt it in a - different format). This allows reloading of encrypted passwords + the specified hashed password string, to hash it in a + different format). This allows reloading of hashed passwords during dump/restore. </para> </listitem> @@ -387,12 +387,12 @@ in sync when changing the above synopsis! </para> <para> - Caution must be exercised when specifying an unencrypted password + Caution must be exercised when specifying an unhashed password with this command. The password will be transmitted to the server in cleartext, and it might also be logged in the client's command history or the server log. The command <xref linkend="app-createuser"/>, however, transmits - the password encrypted. Also, <xref linkend="app-psql"/> + the password hashed. Also, <xref linkend="app-psql"/> contains a command <command>\password</command> that can be used to safely change the password later. diff --git a/doc/src/sgml/ref/createuser.sgml b/doc/src/sgml/ref/createuser.sgml index 5c34c62342..780f5ce5d0 100644 --- a/doc/src/sgml/ref/createuser.sgml +++ b/doc/src/sgml/ref/createuser.sgml @@ -543,7 +543,7 @@ PostgreSQL documentation </screen> In the above example, the new password isn't actually echoed when typed, but we show what was typed for clarity. As you see, the password is - encrypted before it is sent to the client. + hashed before it is sent to the client. </para> </refsect1> diff --git a/doc/src/sgml/ref/psql-ref.sgml b/doc/src/sgml/ref/psql-ref.sgml index cc7d797159..68bbc5dc57 100644 --- a/doc/src/sgml/ref/psql-ref.sgml +++ b/doc/src/sgml/ref/psql-ref.sgml @@ -2784,7 +2784,7 @@ lo_import 152801 <listitem> <para> Changes the password of the specified user (by default, the current - user). This command prompts for the new password, encrypts it, and + user). This command prompts for the new password, hashes it, and sends it to the server as an <command>ALTER ROLE</command> command. This makes sure that the new password does not appear in cleartext in the command history, the server log, or elsewhere. diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml index 64753d9c01..226def6a6e 100644 --- a/doc/src/sgml/runtime.sgml +++ b/doc/src/sgml/runtime.sgml @@ -2054,15 +2054,15 @@ pg_dumpall -p 5432 | psql -d postgres -p 5433 <variablelist> <varlistentry> - <term>Password Encryption</term> + <term>Password Hashing</term> <listitem> <para> Database user passwords are stored as hashes (determined by the setting <xref linkend="guc-password-encryption"/>), so the administrator cannot determine the actual password assigned to the user. If SCRAM or MD5 - encryption is used for client authentication, the unencrypted password is - never even temporarily present on the server because the client encrypts + hashing is used for client authentication, the unhashed password is + never even temporarily present on the server because the client hashes it before being sent across the network. SCRAM is preferred, because it is an Internet standard and is more secure than the PostgreSQL-specific MD5 authentication protocol. diff --git a/doc/src/sgml/system-views.sgml b/doc/src/sgml/system-views.sgml index 0ef1745631..f5f7f20be2 100644 --- a/doc/src/sgml/system-views.sgml +++ b/doc/src/sgml/system-views.sgml @@ -3478,9 +3478,9 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx <structfield>passwd</structfield> <type>text</type> </para> <para> - Password (possibly encrypted); null if none. See + Password (possibly hashed); null if none. See <link linkend="catalog-pg-authid"><structname>pg_authid</structname></link> - for details of how encrypted passwords are stored. + for details of how hashed passwords are stored. </para></entry> </row> diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c index f47aa38231..46ab4f351b 100644 --- a/src/backend/commands/user.c +++ b/src/backend/commands/user.c @@ -442,7 +442,7 @@ CreateRole(ParseState *pstate, CreateRoleStmt *stmt) } else { - /* Encrypt the password to the requested format. */ + /* Hash the password to the requested format. */ shadow_pass = encrypt_password(Password_encryption, stmt->role, password); new_record[Anum_pg_authid_rolpassword - 1] = @@ -927,7 +927,7 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt) } else { - /* Encrypt the password to the requested format. */ + /* Hash the password to the requested format. */ shadow_pass = encrypt_password(Password_encryption, rolename, password); new_record[Anum_pg_authid_rolpassword - 1] = diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 81dabb9c27..25cd042f15 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -3029,7 +3029,7 @@ PerformRadiusTransaction(const char *server, const char *secret, const char *por encryptedpassword + i, &errstr)) { ereport(LOG, - (errmsg("could not perform MD5 encryption of password: %s", + (errmsg("could not perform MD5 hashing of password: %s", errstr))); pfree(cryptvector); pg_freeaddrinfo_all(hint.ai_family, serveraddrs); @@ -3221,7 +3221,7 @@ PerformRadiusTransaction(const char *server, const char *secret, const char *por encryptedpassword, &errstr)) { ereport(LOG, - (errmsg("could not perform MD5 encryption of received packet: %s", + (errmsg("could not perform MD5 hashing of received packet: %s", errstr))); pfree(cryptvector); continue; diff --git a/src/backend/libpq/crypt.c b/src/backend/libpq/crypt.c index ef496a0bea..b856c6ab3b 100644 --- a/src/backend/libpq/crypt.c +++ b/src/backend/libpq/crypt.c @@ -1,7 +1,7 @@ /*------------------------------------------------------------------------- * * crypt.c - * Functions for dealing with encrypted passwords stored in + * Functions for dealing with hashed passwords stored in * pg_authid.rolpassword. * * Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group @@ -109,7 +109,7 @@ get_password_type(const char *shadow_pass) * Given a user-supplied password, convert it into a secret of * 'target_type' kind. * - * If the password is already in encrypted form, we cannot reverse the + * If the password is already in hashed form, we cannot reverse the * hash, so it is stored as it is regardless of the requested type. */ char * @@ -123,7 +123,7 @@ encrypt_password(PasswordType target_type, const char *role, if (guessed_type != PASSWORD_TYPE_PLAINTEXT) { /* - * Cannot convert an already-encrypted password from one format to + * Cannot convert an already-hashed password from one format to * another, so return it as it is. */ return pstrdup(password); @@ -136,21 +136,21 @@ encrypt_password(PasswordType target_type, const char *role, if (!pg_md5_encrypt(password, role, strlen(role), encrypted_password, &errstr)) - elog(ERROR, "password encryption failed: %s", errstr); + elog(ERROR, "password hashing failed: %s", errstr); return encrypted_password; case PASSWORD_TYPE_SCRAM_SHA_256: return pg_be_scram_build_secret(password); case PASSWORD_TYPE_PLAINTEXT: - elog(ERROR, "cannot encrypt password with 'plaintext'"); + elog(ERROR, "cannot hash password with 'plaintext'"); } /* * This shouldn't happen, because the above switch statements should * handle every combination of source and target password types. */ - elog(ERROR, "cannot encrypt password to requested type"); + elog(ERROR, "cannot hash password to requested type"); return NULL; /* keep compiler quiet */ } @@ -188,7 +188,7 @@ md5_crypt_verify(const char *role, const char *shadow_pass, /* * Compute the correct answer for the MD5 challenge. */ - /* stored password already encrypted, only do salt */ + /* stored password already hashed, only do salt */ if (!pg_md5_encrypt(shadow_pass + strlen("md5"), md5_salt, md5_salt_len, crypt_pwd, &errstr)) diff --git a/src/backend/libpq/pg_hba.conf.sample b/src/backend/libpq/pg_hba.conf.sample index bad13497a3..dbec18478f 100644 --- a/src/backend/libpq/pg_hba.conf.sample +++ b/src/backend/libpq/pg_hba.conf.sample @@ -55,7 +55,7 @@ # METHOD can be "trust", "reject", "md5", "password", "scram-sha-256", # "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert". # Note that "password" sends passwords in clear text; "md5" or -# "scram-sha-256" are preferred since they send encrypted passwords. +# "scram-sha-256" are preferred since they send hashed passwords. # # OPTIONS are a set of options for the authentication in the format # NAME=VALUE. The available options depend on the different diff --git a/src/backend/parser/gram.y b/src/backend/parser/gram.y index 63f172e175..c87a276063 100644 --- a/src/backend/parser/gram.y +++ b/src/backend/parser/gram.y @@ -1197,7 +1197,7 @@ AlterOptRoleElem: | ENCRYPTED PASSWORD Sconst { /* - * These days, passwords are always stored in encrypted + * These days, passwords are always stored in hashed * form, so there is no difference between PASSWORD and * ENCRYPTED PASSWORD. */ @@ -1209,7 +1209,7 @@ AlterOptRoleElem: ereport(ERROR, (errcode(ERRCODE_FEATURE_NOT_SUPPORTED), errmsg("UNENCRYPTED PASSWORD is no longer supported"), - errhint("Remove UNENCRYPTED to store the password in encrypted form instead."), + errhint("Remove UNENCRYPTED to store the password in hashed form instead."), parser_errposition(@1))); } | INHERIT diff --git a/src/backend/utils/misc/guc_tables.c b/src/backend/utils/misc/guc_tables.c index 9f59440526..0820da2215 100644 --- a/src/backend/utils/misc/guc_tables.c +++ b/src/backend/utils/misc/guc_tables.c @@ -4943,7 +4943,7 @@ struct config_enum ConfigureNamesEnum[] = { {"password_encryption", PGC_USERSET, CONN_AUTH_AUTH, - gettext_noop("Chooses the algorithm for encrypting passwords."), + gettext_noop("Chooses the algorithm for hashing passwords."), NULL }, &Password_encryption, diff --git a/src/bin/scripts/createuser.c b/src/bin/scripts/createuser.c index 0709491185..662e94a07f 100644 --- a/src/bin/scripts/createuser.c +++ b/src/bin/scripts/createuser.c @@ -306,7 +306,7 @@ main(int argc, char *argv[]) newuser, NULL); if (!encrypted_password) - pg_fatal("password encryption failed: %s", + pg_fatal("password hashing failed: %s", PQerrorMessage(conn)); appendStringLiteralConn(&sql, encrypted_password, conn); PQfreemem(encrypted_password); diff --git a/src/common/md5_common.c b/src/common/md5_common.c index 82ce75dcf2..e9de420c76 100644 --- a/src/common/md5_common.c +++ b/src/common/md5_common.c @@ -1,7 +1,7 @@ /*------------------------------------------------------------------------- * * md5_common.c - * Routines shared between all MD5 implementations used for encrypted + * Routines shared between all MD5 implementations used for hashed * passwords. * * Sverre H. Huseby <[email protected]> diff --git a/src/include/common/md5.h b/src/include/common/md5.h index b6089bacff..39284770f6 100644 --- a/src/include/common/md5.h +++ b/src/include/common/md5.h @@ -4,7 +4,7 @@ * Constants and common utilities related to MD5. * * These definitions are needed by both frontend and backend code to work - * with MD5-encrypted passwords. + * with MD5-hashed passwords. * * Portions Copyright (c) 1996-2023, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California diff --git a/src/include/libpq/crypt.h b/src/include/libpq/crypt.h index d62ad4371a..b8f6a480d1 100644 --- a/src/include/libpq/crypt.h +++ b/src/include/libpq/crypt.h @@ -19,7 +19,7 @@ * Types of password hashes or secrets. * * Plaintext passwords can be passed in by the user, in a CREATE/ALTER USER - * command. They will be encrypted to MD5 or SCRAM-SHA-256 format, before + * command. They will be hashed to MD5 or SCRAM-SHA-256 format, before * storing on-disk, so only MD5 and SCRAM-SHA-256 passwords should appear * in pg_authid.rolpassword. They are also the allowed values for the * password_encryption GUC. diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c index 912aa14821..b55d742870 100644 --- a/src/interfaces/libpq/fe-auth.c +++ b/src/interfaces/libpq/fe-auth.c @@ -713,7 +713,7 @@ pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq) return STATUS_ERROR; /* shouldn't happen */ } - /* Encrypt the password if needed. */ + /* Hash the password if needed. */ switch (areq) { @@ -735,14 +735,14 @@ pg_password_sendauth(PGconn *conn, const char *password, AuthRequest areq) strlen(conn->pguser), crypt_pwd2, &errstr)) { - libpq_append_conn_error(conn, "could not encrypt password: %s", errstr); + libpq_append_conn_error(conn, "could not hash password: %s", errstr); free(crypt_pwd); return STATUS_ERROR; } if (!pg_md5_encrypt(crypt_pwd2 + strlen("md5"), md5Salt, 4, crypt_pwd, &errstr)) { - libpq_append_conn_error(conn, "could not encrypt password: %s", errstr); + libpq_append_conn_error(conn, "could not hash password: %s", errstr); free(crypt_pwd); return STATUS_ERROR; } @@ -1223,10 +1223,10 @@ pg_fe_getauthname(PQExpBuffer errorMessage) /* - * PQencryptPassword -- exported routine to encrypt a password with MD5 + * PQencryptPassword -- exported routine to hash a password with MD5 * * This function is equivalent to calling PQencryptPasswordConn with - * "md5" as the encryption method, except that this doesn't require + * "md5" as the hashing method, except that this doesn't require * a connection object. This function is deprecated, use * PQencryptPasswordConn instead. */ @@ -1250,19 +1250,19 @@ PQencryptPassword(const char *passwd, const char *user) } /* - * PQencryptPasswordConn -- exported routine to encrypt a password + * PQencryptPasswordConn -- exported routine to hash a password * * This is intended to be used by client applications that wish to send * commands like ALTER USER joe PASSWORD 'pwd'. The password need not - * be sent in cleartext if it is encrypted on the client side. This is + * be sent in cleartext if it is hashed on the client side. This is * good because it ensures the cleartext password won't end up in logs, * pg_stat displays, etc. We export the function so that clients won't - * be dependent on low-level details like whether the encryption is MD5 + * be dependent on low-level details like whether the hashing is MD5 * or something else. * * Arguments are a connection object, the cleartext password, the SQL * name of the user it is for, and a string indicating the algorithm to - * use for encrypting the password. If algorithm is NULL, this queries + * use for hashing the password. If algorithm is NULL, this queries * the server for the current 'password_encryption' value. If you wish * to avoid that, e.g. to avoid blocking, you can execute * 'show password_encryption' yourself before calling this function, and @@ -1344,7 +1344,7 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user, conn->scram_sha_256_iterations, &errstr); if (!crypt_pwd) - libpq_append_conn_error(conn, "could not encrypt password: %s", errstr); + libpq_append_conn_error(conn, "could not hash password: %s", errstr); } else if (strcmp(algorithm, "md5") == 0) { @@ -1355,7 +1355,7 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user, if (!pg_md5_encrypt(passwd, user, strlen(user), crypt_pwd, &errstr)) { - libpq_append_conn_error(conn, "could not encrypt password: %s", errstr); + libpq_append_conn_error(conn, "could not hash password: %s", errstr); free(crypt_pwd); crypt_pwd = NULL; } @@ -1365,7 +1365,7 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user, } else { - libpq_append_conn_error(conn, "unrecognized password encryption algorithm \"%s\"", + libpq_append_conn_error(conn, "unrecognized password hashing algorithm \"%s\"", algorithm); return NULL; } diff --git a/src/test/authentication/t/001_password.pl b/src/test/authentication/t/001_password.pl index 320e45ef84..918c58ec39 100644 --- a/src/test/authentication/t/001_password.pl +++ b/src/test/authentication/t/001_password.pl @@ -4,8 +4,8 @@ # Set of tests for authentication and pg_hba.conf. The following password # methods are checked through this test: # - Plain -# - MD5-encrypted -# - SCRAM-encrypted +# - MD5-hashed +# - SCRAM-hashed # This test can only run with Unix-domain sockets. use strict; diff --git a/src/test/regress/expected/password.out b/src/test/regress/expected/password.out index 924d6e001d..2273e9239b 100644 --- a/src/test/regress/expected/password.out +++ b/src/test/regress/expected/password.out @@ -52,18 +52,18 @@ SELECT rolname, rolpassword (1 row) ALTER ROLE regress_passwd2_new RENAME TO regress_passwd2; --- Change passwords with ALTER USER. With plaintext or already-encrypted +-- Change passwords with ALTER USER. With plaintext or already-hashed -- passwords. SET password_encryption = 'md5'; --- encrypt with MD5 +-- hash with MD5 ALTER ROLE regress_passwd2 PASSWORD 'foo'; --- already encrypted, use as they are +-- already hashed, use as they are ALTER ROLE regress_passwd1 PASSWORD 'md5cd3578025fe2c3d7ed1b9a9b26238b70'; ALTER ROLE regress_passwd3 PASSWORD 'SCRAM-SHA-256$4096:VLK4RMaQLCvNtQ==$6YtlR4t69SguDiwFvbVgVZtuz6gpJQQqUMZ7IQJK5yI=:ps75jrHeYU4lXCcXI4O8oIdJ3eO8o2jirjruw9phBTo='; SET password_encryption = 'scram-sha-256'; -- create SCRAM secret ALTER ROLE regress_passwd4 PASSWORD 'foo'; --- already encrypted with MD5, use as it is +-- already hashed with MD5, use as it is CREATE ROLE regress_passwd5 PASSWORD 'md5e73a4b11df52a6068f8b39f90be36023'; -- This looks like a valid SCRAM-SHA-256 secret, but it is not -- so it should be hashed with SCRAM-SHA-256. diff --git a/src/test/regress/expected/password_1.out b/src/test/regress/expected/password_1.out index 9d2cc94f37..1bdd90a7d4 100644 --- a/src/test/regress/expected/password_1.out +++ b/src/test/regress/expected/password_1.out @@ -14,10 +14,10 @@ SET password_encryption = 'scram-sha-256'; -- ok SET password_encryption = 'md5'; CREATE ROLE regress_passwd1; ALTER ROLE regress_passwd1 PASSWORD 'role_pwd1'; -ERROR: password encryption failed: unsupported +ERROR: password hashing failed: unsupported CREATE ROLE regress_passwd2; ALTER ROLE regress_passwd2 PASSWORD 'role_pwd2'; -ERROR: password encryption failed: unsupported +ERROR: password hashing failed: unsupported SET password_encryption = 'scram-sha-256'; CREATE ROLE regress_passwd3 PASSWORD 'role_pwd3'; CREATE ROLE regress_passwd4 PASSWORD NULL; @@ -53,19 +53,19 @@ SELECT rolname, rolpassword (1 row) ALTER ROLE regress_passwd2_new RENAME TO regress_passwd2; --- Change passwords with ALTER USER. With plaintext or already-encrypted +-- Change passwords with ALTER USER. With plaintext or already-hashed -- passwords. SET password_encryption = 'md5'; --- encrypt with MD5 +-- hash with MD5 ALTER ROLE regress_passwd2 PASSWORD 'foo'; -ERROR: password encryption failed: unsupported --- already encrypted, use as they are +ERROR: password hash failed: unsupported +-- already hashed, use as they are ALTER ROLE regress_passwd1 PASSWORD 'md5cd3578025fe2c3d7ed1b9a9b26238b70'; ALTER ROLE regress_passwd3 PASSWORD 'SCRAM-SHA-256$4096:VLK4RMaQLCvNtQ==$6YtlR4t69SguDiwFvbVgVZtuz6gpJQQqUMZ7IQJK5yI=:ps75jrHeYU4lXCcXI4O8oIdJ3eO8o2jirjruw9phBTo='; SET password_encryption = 'scram-sha-256'; -- create SCRAM secret ALTER ROLE regress_passwd4 PASSWORD 'foo'; --- already encrypted with MD5, use as it is +-- already hashed with MD5, use as it is CREATE ROLE regress_passwd5 PASSWORD 'md5e73a4b11df52a6068f8b39f90be36023'; -- This looks like a valid SCRAM-SHA-256 secret, but it is not -- so it should be hashed with SCRAM-SHA-256. diff --git a/src/test/regress/sql/password.sql b/src/test/regress/sql/password.sql index bb82aa4aa2..f2f07f23bf 100644 --- a/src/test/regress/sql/password.sql +++ b/src/test/regress/sql/password.sql @@ -39,20 +39,20 @@ SELECT rolname, rolpassword ORDER BY rolname, rolpassword; ALTER ROLE regress_passwd2_new RENAME TO regress_passwd2; --- Change passwords with ALTER USER. With plaintext or already-encrypted +-- Change passwords with ALTER USER. With plaintext or already-hashed -- passwords. SET password_encryption = 'md5'; --- encrypt with MD5 +-- hash with MD5 ALTER ROLE regress_passwd2 PASSWORD 'foo'; --- already encrypted, use as they are +-- already hashed, use as they are ALTER ROLE regress_passwd1 PASSWORD 'md5cd3578025fe2c3d7ed1b9a9b26238b70'; ALTER ROLE regress_passwd3 PASSWORD 'SCRAM-SHA-256$4096:VLK4RMaQLCvNtQ==$6YtlR4t69SguDiwFvbVgVZtuz6gpJQQqUMZ7IQJK5yI=:ps75jrHeYU4lXCcXI4O8oIdJ3eO8o2jirjruw9phBTo='; SET password_encryption = 'scram-sha-256'; -- create SCRAM secret ALTER ROLE regress_passwd4 PASSWORD 'foo'; --- already encrypted with MD5, use as it is +-- already hashed with MD5, use as it is CREATE ROLE regress_passwd5 PASSWORD 'md5e73a4b11df52a6068f8b39f90be36023'; -- This looks like a valid SCRAM-SHA-256 secret, but it is not diff --git a/src/test/ssl/t/002_scram.pl b/src/test/ssl/t/002_scram.pl index 91e771ec47..cb55e66986 100644 --- a/src/test/ssl/t/002_scram.pl +++ b/src/test/ssl/t/002_scram.pl @@ -93,7 +93,7 @@ $node->connect_ok("$common_connstr user=ssltestuser channel_binding=disable", $node->connect_ok("$common_connstr user=ssltestuser channel_binding=require", "SCRAM with SSL and channel_binding=require"); -# Now test when the user has an MD5-encrypted password; should fail +# Now test when the user has an MD5-hashed password; should fail SKIP: { skip "MD5 not supported" unless $md5_works; diff --git a/src/test/ssl/t/SSL/Server.pm b/src/test/ssl/t/SSL/Server.pm index 2c5c055222..295160d72a 100644 --- a/src/test/ssl/t/SSL/Server.pm +++ b/src/test/ssl/t/SSL/Server.pm @@ -169,7 +169,7 @@ sub configure_test_server_for_ssl $node->psql('postgres', "SET password_encryption='$params{password_enc}'; ALTER USER ssltestuser PASSWORD '$params{password}';" ); - # A special user that always has an md5-encrypted password + # A special user that always has an md5-hashed password $node->psql('postgres', "SET password_encryption='md5'; ALTER USER md5testuser PASSWORD '$params{password}';" ); ^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: [HACKERS] Changing references of password encryption to hashing @ 2023-12-27 21:52 Peter Eisentraut <[email protected]> parent: Bruce Momjian <[email protected]> 0 siblings, 1 reply; 4+ messages in thread From: Peter Eisentraut @ 2023-12-27 21:52 UTC (permalink / raw) To: Bruce Momjian <[email protected]>; Robert Haas <[email protected]>; +Cc: Stephen Frost <[email protected]>; Michael Paquier <[email protected]>; pgsql-hackers On 27.12.23 02:04, Bruce Momjian wrote: > I did_not_ change the user API, so CREATE/ALTER ROLE still uses > [ENCRYPTED] PASSWORD, the GUC is still called password_encryption, and > the libpq function is still called PQencryptPasswordConn(). This makes > the user interface confusing since the API uses "encryption" but the > text calls it "hashing". Is there support for renaming the API to use > "hash" and keeping "encrypt" for backward compatiblity. Yeah, this is clearly confusing. I think we should just leave it alone. Some gentle rewording here and there to clarify things might be appropriate (but the text already uses hashing on some occasions), but the blanket replacement does not make things better, I think. ^ permalink raw reply [nested|flat] 4+ messages in thread
* Re: [HACKERS] Changing references of password encryption to hashing @ 2023-12-29 17:46 Bruce Momjian <[email protected]> parent: Peter Eisentraut <[email protected]> 0 siblings, 0 replies; 4+ messages in thread From: Bruce Momjian @ 2023-12-29 17:46 UTC (permalink / raw) To: Peter Eisentraut <[email protected]>; +Cc: Robert Haas <[email protected]>; Stephen Frost <[email protected]>; Michael Paquier <[email protected]>; pgsql-hackers On Wed, Dec 27, 2023 at 10:52:15PM +0100, Peter Eisentraut wrote: > On 27.12.23 02:04, Bruce Momjian wrote: > > I did_not_ change the user API, so CREATE/ALTER ROLE still uses > > [ENCRYPTED] PASSWORD, the GUC is still called password_encryption, and > > the libpq function is still called PQencryptPasswordConn(). This makes > > the user interface confusing since the API uses "encryption" but the > > text calls it "hashing". Is there support for renaming the API to use > > "hash" and keeping "encrypt" for backward compatiblity. > > Yeah, this is clearly confusing. I think we should just leave it alone. > Some gentle rewording here and there to clarify things might be appropriate > (but the text already uses hashing on some occasions), but the blanket > replacement does not make things better, I think. Seeing no more replies, I will abandon this improvement idea. -- Bruce Momjian <[email protected]> https://momjian.us EDB https://enterprisedb.com Only you can decide what is important to you. ^ permalink raw reply [nested|flat] 4+ messages in thread
end of thread, other threads:[~2023-12-29 17:46 UTC | newest] Thread overview: 4+ messages (download: mbox mbox.gz follow: Atom feed) -- links below jump to the message on this page -- 2021-03-12 20:43 [PATCH 07/10] add wal_compression_method: zstd Justin Pryzby <[email protected]> 2023-12-27 01:04 Re: [HACKERS] Changing references of password encryption to hashing Bruce Momjian <[email protected]> 2023-12-27 21:52 ` Re: [HACKERS] Changing references of password encryption to hashing Peter Eisentraut <[email protected]> 2023-12-29 17:46 ` Re: [HACKERS] Changing references of password encryption to hashing Bruce Momjian <[email protected]>
This inbox is served by agora; see mirroring instructions for how to clone and mirror all data and code used for this inbox