open-dsi
/
postgres
mirror of https://github.com/postgres/postgres
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix up references to scram-sha-256

Browse Source 
pg_hba_file_rules erroneously reported this as scram-sha256.  Fix that.

To avoid future errors and confusion, also adjust documentation links
and internal symbols to have a separator between "sha" and "256".

Reported-by: Christophe Courtois <christophe.courtois@dalibo.com>
Author: Michael Paquier <michael.paquier@gmail.com>
pull/31/merge
Peter Eisentraut 8 years ago
parent 99f6a17dd6
commit 38d485fdaa
6 changed files with 18 additions and 18 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      doc/src/sgml/protocol.sgml
  2. 16
      src/backend/libpq/auth.c
  3. 2
      src/backend/libpq/hba.c
  4. 4
      src/include/common/scram-common.h
  5. 4
      src/interfaces/libpq/fe-auth-scram.c
  6. 8
      src/interfaces/libpq/fe-auth.c

2
doc/src/sgml/protocol.sgml
Unescape View File

@ -1540,7 +1540,7 @@ On error, the server can abort the authentication at any stage, and send an
ErrorMessage. ErrorMessage.
</para> </para>
<sect2 id="sasl-scram-sha256"> <sect2 id="sasl-scram-sha-256">
<title>SCRAM-SHA-256 authentication</title> <title>SCRAM-SHA-256 authentication</title>
<para> <para>

16
src/backend/libpq/auth.c
Unescape View File

@ -894,18 +894,18 @@ CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail)
* channel-binding variants go first, if they are supported. Channel * channel-binding variants go first, if they are supported. Channel
* binding is only supported in SSL builds. * binding is only supported in SSL builds.
*/ */
sasl_mechs = palloc(strlen(SCRAM_SHA256_PLUS_NAME) + sasl_mechs = palloc(strlen(SCRAM_SHA_256_PLUS_NAME) +
strlen(SCRAM_SHA256_NAME) + 3); strlen(SCRAM_SHA_256_NAME) + 3);
p = sasl_mechs; p = sasl_mechs;
if (port->ssl_in_use) if (port->ssl_in_use)
{ {
strcpy(p, SCRAM_SHA256_PLUS_NAME); strcpy(p, SCRAM_SHA_256_PLUS_NAME);
p += strlen(SCRAM_SHA256_PLUS_NAME) + 1; p += strlen(SCRAM_SHA_256_PLUS_NAME) + 1;
} }
strcpy(p, SCRAM_SHA256_NAME); strcpy(p, SCRAM_SHA_256_NAME);
p += strlen(SCRAM_SHA256_NAME) + 1; p += strlen(SCRAM_SHA_256_NAME) + 1;
/* Put another '\0' to mark that list is finished. */ /* Put another '\0' to mark that list is finished. */
p[0] = '\0'; p[0] = '\0';
@ -973,8 +973,8 @@ CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail)
const char *selected_mech; const char *selected_mech;
selected_mech = pq_getmsgrawstring(&buf); selected_mech = pq_getmsgrawstring(&buf);
if (strcmp(selected_mech, SCRAM_SHA256_NAME) != 0 && if (strcmp(selected_mech, SCRAM_SHA_256_NAME) != 0 &&
strcmp(selected_mech, SCRAM_SHA256_PLUS_NAME) != 0) strcmp(selected_mech, SCRAM_SHA_256_PLUS_NAME) != 0)
{ {
ereport(ERROR, ereport(ERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION), (errcode(ERRCODE_PROTOCOL_VIOLATION),

2
src/backend/libpq/hba.c
Unescape View File

@ -126,7 +126,7 @@ static const char *const UserAuthName[] =
"ident", "ident",
"password", "password",
"md5", "md5",
"scram-sha256", "scram-sha-256",
"gss", "gss",
"sspi", "sspi",
"pam", "pam",

4
src/include/common/scram-common.h
Unescape View File

@ -16,8 +16,8 @@
#include "common/sha2.h" #include "common/sha2.h"
/* Name of SCRAM mechanisms per IANA */ /* Name of SCRAM mechanisms per IANA */
#define SCRAM_SHA256_NAME "SCRAM-SHA-256" #define SCRAM_SHA_256_NAME "SCRAM-SHA-256"
#define SCRAM_SHA256_PLUS_NAME "SCRAM-SHA-256-PLUS" /* with channel binding */ #define SCRAM_SHA_256_PLUS_NAME "SCRAM-SHA-256-PLUS" /* with channel binding */
/* Channel binding types */ /* Channel binding types */
#define SCRAM_CHANNEL_BINDING_TLS_UNIQUE "tls-unique" #define SCRAM_CHANNEL_BINDING_TLS_UNIQUE "tls-unique"

4
src/interfaces/libpq/fe-auth-scram.c
Unescape View File

@ -349,7 +349,7 @@ build_client_first_message(fe_scram_state *state)
/* /*
* First build the gs2-header with channel binding information. * First build the gs2-header with channel binding information.
*/ */
if (strcmp(state->sasl_mechanism, SCRAM_SHA256_PLUS_NAME) == 0) if (strcmp(state->sasl_mechanism, SCRAM_SHA_256_PLUS_NAME) == 0)
{ {
Assert(conn->ssl_in_use); Assert(conn->ssl_in_use);
appendPQExpBuffer(&buf, "p=%s", conn->scram_channel_binding); appendPQExpBuffer(&buf, "p=%s", conn->scram_channel_binding);
@ -430,7 +430,7 @@ build_client_final_message(fe_scram_state *state)
* build_client_first_message(), because the server will check that it's * build_client_first_message(), because the server will check that it's
* the same flag both times. * the same flag both times.
*/ */
if (strcmp(state->sasl_mechanism, SCRAM_SHA256_PLUS_NAME) == 0) if (strcmp(state->sasl_mechanism, SCRAM_SHA_256_PLUS_NAME) == 0)
{ {
char *cbind_data = NULL; char *cbind_data = NULL;
size_t cbind_data_len = 0; size_t cbind_data_len = 0;

8
src/interfaces/libpq/fe-auth.c
Unescape View File

@ -533,11 +533,11 @@ pg_SASL_init(PGconn *conn, int payloadlen)
if (conn->ssl_in_use && if (conn->ssl_in_use &&
conn->scram_channel_binding && conn->scram_channel_binding &&
strlen(conn->scram_channel_binding) > 0 && strlen(conn->scram_channel_binding) > 0 &&
strcmp(mechanism_buf.data, SCRAM_SHA256_PLUS_NAME) == 0) strcmp(mechanism_buf.data, SCRAM_SHA_256_PLUS_NAME) == 0)
selected_mechanism = SCRAM_SHA256_PLUS_NAME; selected_mechanism = SCRAM_SHA_256_PLUS_NAME;
else if (strcmp(mechanism_buf.data, SCRAM_SHA256_NAME) == 0 && else if (strcmp(mechanism_buf.data, SCRAM_SHA_256_NAME) == 0 &&
!selected_mechanism) !selected_mechanism)
selected_mechanism = SCRAM_SHA256_NAME; selected_mechanism = SCRAM_SHA_256_NAME;
} }
if (!selected_mechanism) if (!selected_mechanism)

Write Preview
Loading…
Cancel
Save