1/*-------------------------------------------------------------------------
4 * Interface to libpq/crypt.c
6 * Portions Copyright (c) 1996-2025, PostgreSQL Global Development Group
7 * Portions Copyright (c) 1994, Regents of the University of California
9 * src/include/libpq/crypt.h
11 *-------------------------------------------------------------------------
19 * Valid password hashes may be very long, but we don't want to store anything
20 * that might need out-of-line storage, since de-TOASTing won't work during
21 * authentication because we haven't selected a database yet and cannot read
22 * pg_class. 512 bytes should be more than enough for all practical use, and
23 * our own password encryption routines should never produce hashes longer than
26 #define MAX_ENCRYPTED_PASSWORD_LEN (512)
28/* Enables deprecation warnings for MD5 passwords. */
32 * Types of password hashes or secrets.
34 * Plaintext passwords can be passed in by the user, in a CREATE/ALTER USER
35 * command. They will be encrypted to MD5 or SCRAM-SHA-256 format, before
36 * storing on-disk, so only MD5 and SCRAM-SHA-256 passwords should appear
37 * in pg_authid.rolpassword. They are also the allowed values for the
38 * password_encryption GUC.
54 const char *client_pass,
const uint8 *md5_salt,
55 int md5_salt_len,
const char **logdetail);
57 const char *client_pass,
58 const char **logdetail);
int md5_crypt_verify(const char *role, const char *shadow_pass, const char *client_pass, const uint8 *md5_salt, int md5_salt_len, const char **logdetail)
int plain_crypt_verify(const char *role, const char *shadow_pass, const char *client_pass, const char **logdetail)
@ PASSWORD_TYPE_PLAINTEXT
@ PASSWORD_TYPE_SCRAM_SHA_256
char * get_role_password(const char *role, const char **logdetail)
PasswordType get_password_type(const char *shadow_pass)
PGDLLIMPORT bool md5_password_warnings
char * encrypt_password(PasswordType target_type, const char *role, const char *password)