From f5d59a1895f27358c0284e9b194c8675c7bde407 Mon Sep 17 00:00:00 2001 From: zhaojun Date: Wed, 9 Aug 2023 21:51:57 +0800 Subject: [PATCH 1/2] fix auth sha1 compared failed --- contrib/dolphin/include/plugin_protocol/password.h | 2 +- contrib/dolphin/plugin_protocol/auth.cpp | 13 +++++++++---- contrib/dolphin/plugin_protocol/password.cpp | 14 +++++++------- contrib/dolphin/plugin_utils/adt/varlena.cpp | 4 +++- 4 files changed, 20 insertions(+), 13 deletions(-) diff --git a/contrib/dolphin/include/plugin_protocol/password.h b/contrib/dolphin/include/plugin_protocol/password.h index b8d7ba5bb..fe2ae1e6b 100644 --- a/contrib/dolphin/include/plugin_protocol/password.h +++ b/contrib/dolphin/include/plugin_protocol/password.h @@ -24,6 +24,6 @@ #include "openssl/sha.h" -extern char* sha1_hex_to_bytes(const char b[SHA_DIGEST_LENGTH * 2]); +void sha1_hex_to_bytes(const char b[SHA_DIGEST_LENGTH * 2], char t[SHA_DIGEST_LENGTH]); #endif \ No newline at end of file diff --git a/contrib/dolphin/plugin_protocol/auth.cpp b/contrib/dolphin/plugin_protocol/auth.cpp index 059157e43..303035dd5 100644 --- a/contrib/dolphin/plugin_protocol/auth.cpp +++ b/contrib/dolphin/plugin_protocol/auth.cpp @@ -268,22 +268,27 @@ bool exec_native_password_auth(Port *port) } stored_password = TextDatumGetCString(datum); + char stored_password_bytes[SHA_DIGEST_LENGTH + 1]; + sha1_hex_to_bytes(stored_password, stored_password_bytes); // 2. compute SHA1(scramble + rolpasswordext) as PASSWORD rc = memcpy_s(scramble_password, AUTH_PLUGIN_DATA_LEN, scramble, AUTH_PLUGIN_DATA_LEN); securec_check(rc, "", ""); - rc = memcpy_s(scramble_password + AUTH_PLUGIN_DATA_LEN, SHA_DIGEST_LENGTH, sha1_hex_to_bytes(stored_password), AUTH_PLUGIN_DATA_LEN); + rc = memcpy_s(scramble_password + AUTH_PLUGIN_DATA_LEN, SHA_DIGEST_LENGTH, stored_password_bytes, AUTH_PLUGIN_DATA_LEN); securec_check(rc, "", ""); scramble_password[AUTH_PLUGIN_DATA_LEN + SHA_DIGEST_LENGTH] = 0x00; - sha1_scramble_password = TextDatumGetCString(DirectFunctionCall1(sha1, CStringGetTextDatum(scramble_password))); + sha1_scramble_password = TextDatumGetCString( + DirectFunctionCall1(sha1, CStringGetByteaDatum(scramble_password, AUTH_PLUGIN_DATA_LEN + SHA_DIGEST_LENGTH))); // 3. compute token XOR PASSWORD as stage1_hash - XOR_between_password(token, sha1_hex_to_bytes(sha1_scramble_password), stage1_hash, SHA_DIGEST_LENGTH); + char sha1_scramble_password_bytes[SHA_DIGEST_LENGTH + 1]; + sha1_hex_to_bytes(sha1_scramble_password, sha1_scramble_password_bytes); + XOR_between_password(token, sha1_scramble_password_bytes, stage1_hash, SHA_DIGEST_LENGTH); stage1_hash[SHA_DIGEST_LENGTH] = 0x00; // 4. compare SHA1(statge1_hash) and rolpasswordext - stage2_hash = TextDatumGetCString(DirectFunctionCall1(sha1, CStringGetTextDatum(stage1_hash))); + stage2_hash = TextDatumGetCString(DirectFunctionCall1(sha1, CStringGetByteaDatum(stage1_hash, SHA_DIGEST_LENGTH))); if (!strcasecmp(stored_password, stage2_hash)) { ret = true; } else { diff --git a/contrib/dolphin/plugin_protocol/password.cpp b/contrib/dolphin/plugin_protocol/password.cpp index ffb4f928e..0906a2f60 100644 --- a/contrib/dolphin/plugin_protocol/password.cpp +++ b/contrib/dolphin/plugin_protocol/password.cpp @@ -51,7 +51,10 @@ Datum set_native_password(PG_FUNCTION_ARGS) text *password = PG_GETARG_TEXT_PP(ARG_1); char *sha1_password = TextDatumGetCString(DirectFunctionCall1(sha1, PointerGetDatum(password))); - Datum double_sha1_password = DirectFunctionCall1(sha1, CStringGetTextDatum(sha1_hex_to_bytes(sha1_password))); + char sha1_password_byte[SHA_DIGEST_LENGTH + 1]; + sha1_hex_to_bytes(sha1_password, sha1_password_byte); + + Datum double_sha1_password = DirectFunctionCall1(sha1, CStringGetByteaDatum(sha1_password_byte, SHA_DIGEST_LENGTH)); /* * Open pg_authid with RowExclusiveLock, do not release it until the end of the transaction. @@ -97,18 +100,15 @@ Datum set_native_password(PG_FUNCTION_ARGS) } /* Tranform string(40Bytes) to binary(20Bytes) */ -char* sha1_hex_to_bytes(const char b[SHA_DIGEST_LENGTH * 2]) +void sha1_hex_to_bytes(const char b[SHA_DIGEST_LENGTH * 2], char t[SHA_DIGEST_LENGTH + 1]) { int i = 0; uint8 v1, v2; - char *to = (char*)palloc0(SHA_DIGEST_LENGTH + 1); for (i = 0; i < SHA_DIGEST_LENGTH * 2; i += 2) { v1 = (b[i] >= 'a') ? (b[i] - 'a' + 10) : (b[i] - '0'); v2 = (*((b + i) + 1)) >= 'a' ? (*((b + i) + 1)) - 'a' + 10 : (*((b + i) + 1)) - '0'; - to[i / 2] = (v1 << 4) + v2; + t[i / 2] = (v1 << 4) + v2; } - to[SHA_DIGEST_LENGTH] = 0x00; - - return to; + t[SHA_DIGEST_LENGTH] = 0x00; } \ No newline at end of file diff --git a/contrib/dolphin/plugin_utils/adt/varlena.cpp b/contrib/dolphin/plugin_utils/adt/varlena.cpp index 400349b41..9a1e8420e 100644 --- a/contrib/dolphin/plugin_utils/adt/varlena.cpp +++ b/contrib/dolphin/plugin_utils/adt/varlena.cpp @@ -6081,7 +6081,9 @@ Datum sha1(PG_FUNCTION_ARGS) char* text_str = text_to_cstring(source_text); char* source_str = text_str; - GS_UINT32 source_len = strlen(source_str); + + text* tunpacked = pg_detoast_datum_packed((struct varlena*)source_text); + GS_UINT32 source_len = VARSIZE_ANY_EXHDR(tunpacked); /* calculate the hash result */ char* result = (char*)palloc((SHA1_DIGEST_LENGTH * 2 + 1) * (sizeof(char))); -- Gitee From bb858df19b2f897c43efacd9c80363b1098a3bd7 Mon Sep 17 00:00:00 2001 From: zhaojun Date: Fri, 8 Sep 2023 15:27:18 +0800 Subject: [PATCH 2/2] fix code view --- contrib/dolphin/plugin_utils/adt/varlena.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/contrib/dolphin/plugin_utils/adt/varlena.cpp b/contrib/dolphin/plugin_utils/adt/varlena.cpp index 9a1e8420e..456d76876 100644 --- a/contrib/dolphin/plugin_utils/adt/varlena.cpp +++ b/contrib/dolphin/plugin_utils/adt/varlena.cpp @@ -6082,8 +6082,12 @@ Datum sha1(PG_FUNCTION_ARGS) char* text_str = text_to_cstring(source_text); char* source_str = text_str; +#ifdef DOLPHIN text* tunpacked = pg_detoast_datum_packed((struct varlena*)source_text); GS_UINT32 source_len = VARSIZE_ANY_EXHDR(tunpacked); +#else + GS_UINT32 source_len = strlen(source_str); +#endif /* calculate the hash result */ char* result = (char*)palloc((SHA1_DIGEST_LENGTH * 2 + 1) * (sizeof(char))); -- Gitee