This uses the "connection warning" infrastructure introduced by
commit
1d92e0c2cc to emit a WARNING when an MD5 password is used to
authenticate. MD5 password support was marked as deprecated in
v18 and will be removed in a future release of Postgres. These
warnings are on by default but can be turned off via the existing
md5_password_warnings parameter.
Reviewed-by: Andreas Karlsson <andreas@proxel.se>
Reviewed-by: Xiangyu Liang <liangxiangyu_2013@163.com>
Discussion: https://postgr.es/m/aYzeAYEbodkkg5e-%40nathan
<listitem>
<para>
Controls whether a <literal>WARNING</literal> about MD5 password
- deprecation is produced when a <command>CREATE ROLE</command> or
+ deprecation is produced upon successful MD5 password authentication or
+ when a <command>CREATE ROLE</command> or
<command>ALTER ROLE</command> statement sets an MD5-encrypted password.
The default value is <literal>on</literal>.
</para>
}
if (strcmp(client_pass, crypt_pwd) == 0)
+ {
retval = STATUS_OK;
+
+ if (md5_password_warnings)
+ {
+ MemoryContext oldcontext;
+ char *warning;
+ char *detail;
+
+ oldcontext = MemoryContextSwitchTo(TopMemoryContext);
+
+ warning = pstrdup(_("authenticated with an MD5-encrypted password"));
+ detail = pstrdup(_("MD5 password support is deprecated and will be removed in a future release of PostgreSQL."));
+ StoreConnectionWarning(warning, detail);
+
+ MemoryContextSwitchTo(oldcontext);
+ }
+ }
else
{
*logdetail = psprintf(_("Password does not match for user \"%s\"."),
{
skip "MD5 not supported" unless $md5_works;
test_conn($node, 'user=md5_role', 'md5', 0,
+ expected_stderr =>
+ qr/authenticated with an MD5-encrypted password/,
log_like =>
[qr/connection authenticated: identity="md5_role" method=md5/]);
}
projects / thirdparty / postgresql.git / commitdiff
