in src/afs.cc [722:788]
bool check_password(const char* databaseName,
const char* userName,
const char* password,
const char* clientAddress)
{
MemoryContext memoryContext =
AllocSetContextCreate(CurrentMemoryContext,
"arrow-flight-sql: Executor::check_password()",
ALLOCSET_DEFAULT_SIZES);
ScopedMemoryContext scopedMemoryContext(memoryContext);
Port port = {};
port.database_name = pstrdup(databaseName);
port.user_name = pstrdup(userName);
if (!fill_client_address(&port, clientAddress))
{
return false;
}
load_hba();
hba_getauthmethod(&port);
if (!port.hba)
{
set_shared_string(session_->errorMessage, "failed to get auth method");
return false;
}
switch (port.hba->auth_method)
{
case uaMD5:
// TODO
set_shared_string(session_->errorMessage,
"MD5 auth method isn't supported yet");
return false;
case uaSCRAM:
// TODO
set_shared_string(session_->errorMessage,
"SCRAM auth method isn't supported yet");
return false;
case uaPassword:
{
const char* logDetail = nullptr;
auto shadowPassword = get_role_password(port.user_name, &logDetail);
if (!shadowPassword)
{
set_shared_string(
session_->errorMessage,
std::string("failed to get password: ") + logDetail);
return false;
}
auto result = plain_crypt_verify(
port.user_name, shadowPassword, password, &logDetail);
if (result != STATUS_OK)
{
set_shared_string(
session_->errorMessage,
std::string("failed to verify password: ") + logDetail);
return false;
}
return true;
}
case uaTrust:
return true;
default:
set_shared_string(session_->errorMessage,
std::string("unsupported auth method: ") +
hba_authname(port.hba->auth_method));
return false;
}
}