Support for encrypted passwords seems to be missing when using postgresql

I have a patch for this. The attached patch mostly copies the code from the MySQL driver with changes for PG. There are also a few other minor changes.

 - Removed some extraneous, trailing whitespace.
 - Added some missing "static" keywords.
 - Removed quotes from queries.

The last is probably a separate issue. Let me know if you need the patch split. To explain, the existing code wraps the PG entities in quotes. Sounds like a good idea but it breaks some code. In my case, for example, I need this query:

  SELECT * from vex.jabberauth WHERE username =...

The "vex" part is a PostgreSQL schema. Putting quotes around the table turns it into a table called "vex.jabberauth" in the public (default) schema instead of table "jabberauth" in the "vex" schema. I think that if the caller needs quotes there they should add them in c2s.xml.

Already fixed in 152dcafc

I added the missing 'static' keywords though.
Thanks. :-)

Fixed in 2.2.15

Can you please clarify what exactly is fixed in 2.2.15? I just installed 2.2.16 and neither the pgsql crypt feature or the namespace quoting fix are in it.

Your patch was merged in https://github.com/Jabberd2/jabberd2/commit/152dcafc on 2012-02-12 resulting in status 'Fix Committed'
On 2012-04-30 jabberd 2.2.15 was released moving this bug Fix Committed → Fix Released

Oh. Now I see it wasn't your patch but similar functionality.
This bug need reopening then.

My patch no longer applies cleanly. I have created a new one against 2.17. Hopefully this can be applied before the code base changes again.

I think there is a problem with your patch.
It removes "authreg.pgsql.sql.checkpassword" configuration option support (setting the query for ctx->sql_check_password).
It always uses _ar_pgsql_get_password() method.

This breaks the use case, when one defines the hashing function in query and uses DB to hash the provided password for comparison. (like "SELECT login FROM user WHERE login = '%s' AND password = MD5(%s) AND domain = '%s'")
There are people using this option (though it is undocumented in sm.xml) and we cannot remove its support.

Yes, I was trying to make it as close to the MySQL module behaviour as possible. I guess MySQL doesn't have that option.

I will try to figure this out and generate a new patch. I guess need to look at authreg.pgsql.sql.checkpassword and branch to the old code if it is defined. I think I should create a new function _ar_pgsql_dbcheck_password with the old code and point to it in the init function if needed.

I also wonder if this crypt code shouldn't be in authreg.c but that's a larger rototill.

OK, here is the new patch.

It doesn't apply cleanly on the current codebase either. ;-)
But it was trivial to merge it.

Merged at: https://github.com/Jabberd2/jabberd2/commit/dbfba4645f1c055d8e4fd675221085584e1a0187

On Thu, 11 Oct 2012 12:24:45 -0000
Tomasz Sterna <email address hidden> wrote:

> It doesn't apply cleanly on the current codebase either. ;-)
> But it was trivial to merge it.

Cool. Thanks.

--
D'Arcy J.M. Cain
System Administrator, Vex.Net
http://www.Vex.Net/ IM:<email address hidden>