in src/afs.cc [1719:1787]
bool check_password(SharedSessionData* session,
const char* databaseName,
const char* userName,
const char* password,
const char* clientAddress)
{
const char* tag = "check password";
MemoryContext memoryContext =
AllocSetContextCreate(CurrentMemoryContext,
"arrow-flight-sql: Executor::check_password()",
ALLOCSET_DEFAULT_SIZES);
ScopedMemoryContext scopedMemoryContext(memoryContext);
Port port = {};
port.database_name = pstrdup(databaseName);
port.user_name = pstrdup(userName);
if (!fill_client_address(session, &port, clientAddress))
{
return false;
}
load_hba();
hba_getauthmethod(&port);
if (!port.hba)
{
set_error_message(session, "failed to get auth method", tag);
return false;
}
switch (port.hba->auth_method)
{
case uaMD5:
// TODO
set_error_message(session, "MD5 auth method isn't supported yet", tag);
return false;
case uaSCRAM:
// TODO
set_error_message(session, "SCRAM auth method isn't supported yet", tag);
return false;
case uaPassword:
{
const char* logDetail = nullptr;
auto shadowPassword = get_role_password(port.user_name, &logDetail);
if (!shadowPassword)
{
set_error_message(session,
std::string("failed to get password: ") + logDetail,
tag);
return false;
}
auto result = plain_crypt_verify(
port.user_name, shadowPassword, password, &logDetail);
if (result != STATUS_OK)
{
set_error_message(
session,
std::string("failed to verify password: ") + logDetail,
tag);
return false;
}
return true;
}
case uaTrust:
return true;
default:
set_error_message(session,
std::string("unsupported auth method: ") +
hba_authname(port.hba->auth_method),
tag);
return false;
}
}