mirrors/postgres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix up references to scram-sha-256

Browse Source 
pg_hba_file_rules erroneously reported this as scram-sha256.  Fix that.

To avoid future errors and confusion, also adjust documentation links
and internal symbols to have a separator between "sha" and "256".

Reported-by: Christophe Courtois <christophe.courtois@dalibo.com>
Author: Michael Paquier <michael.paquier@gmail.com>
This commit is contained in:
Peter Eisentraut 2018-01-30 16:50:30 -05:00
parent 99f6a17dd6
commit 38d485fdaa
6 changed files with 18 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/src/sgml/protocol.sgml
View File

@ -1540,7 +1540,7 @@ On error, the server can abort the authentication at any stage, and send an
ErrorMessage. ErrorMessage.
</para> </para>
<sect2 id="sasl-scram-sha256"> <sect2 id="sasl-scram-sha-256">
<title>SCRAM-SHA-256 authentication</title> <title>SCRAM-SHA-256 authentication</title>
<para> <para>

16
src/backend/libpq/auth.c
View File

@ -894,18 +894,18 @@ CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail)
* channel-binding variants go first, if they are supported. Channel * channel-binding variants go first, if they are supported. Channel
* binding is only supported in SSL builds. * binding is only supported in SSL builds.
*/ */
sasl_mechs = palloc(strlen(SCRAM_SHA256_PLUS_NAME) + sasl_mechs = palloc(strlen(SCRAM_SHA_256_PLUS_NAME) +
strlen(SCRAM_SHA256_NAME) + 3); strlen(SCRAM_SHA_256_NAME) + 3);
p = sasl_mechs; p = sasl_mechs;
if (port->ssl_in_use) if (port->ssl_in_use)
{ {
strcpy(p, SCRAM_SHA256_PLUS_NAME); strcpy(p, SCRAM_SHA_256_PLUS_NAME);
p += strlen(SCRAM_SHA256_PLUS_NAME) + 1; p += strlen(SCRAM_SHA_256_PLUS_NAME) + 1;
} }
strcpy(p, SCRAM_SHA256_NAME); strcpy(p, SCRAM_SHA_256_NAME);
p += strlen(SCRAM_SHA256_NAME) + 1; p += strlen(SCRAM_SHA_256_NAME) + 1;
/* Put another '\0' to mark that list is finished. */ /* Put another '\0' to mark that list is finished. */
p[0] = '\0'; p[0] = '\0';
@ -973,8 +973,8 @@ CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail)
const char *selected_mech; const char *selected_mech;
selected_mech = pq_getmsgrawstring(&buf); selected_mech = pq_getmsgrawstring(&buf);
if (strcmp(selected_mech, SCRAM_SHA256_NAME) != 0 && if (strcmp(selected_mech, SCRAM_SHA_256_NAME) != 0 &&
strcmp(selected_mech, SCRAM_SHA256_PLUS_NAME) != 0) strcmp(selected_mech, SCRAM_SHA_256_PLUS_NAME) != 0)
{ {
ereport(ERROR, ereport(ERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION), (errcode(ERRCODE_PROTOCOL_VIOLATION),

2
src/backend/libpq/hba.c
View File

@ -126,7 +126,7 @@ static const char *const UserAuthName[] =
"ident", "ident",
"password", "password",
"md5", "md5",
"scram-sha256", "scram-sha-256",
"gss", "gss",
"sspi", "sspi",
"pam", "pam",

4
src/include/common/scram-common.h
View File

@ -16,8 +16,8 @@
#include "common/sha2.h" #include "common/sha2.h"
/* Name of SCRAM mechanisms per IANA */ /* Name of SCRAM mechanisms per IANA */
#define SCRAM_SHA256_NAME "SCRAM-SHA-256" #define SCRAM_SHA_256_NAME "SCRAM-SHA-256"
#define SCRAM_SHA256_PLUS_NAME "SCRAM-SHA-256-PLUS" /* with channel binding */ #define SCRAM_SHA_256_PLUS_NAME "SCRAM-SHA-256-PLUS" /* with channel binding */
/* Channel binding types */ /* Channel binding types */
#define SCRAM_CHANNEL_BINDING_TLS_UNIQUE "tls-unique" #define SCRAM_CHANNEL_BINDING_TLS_UNIQUE "tls-unique"

4
src/interfaces/libpq/fe-auth-scram.c
View File

@ -349,7 +349,7 @@ build_client_first_message(fe_scram_state *state)
/* /*
* First build the gs2-header with channel binding information. * First build the gs2-header with channel binding information.
*/ */
if (strcmp(state->sasl_mechanism, SCRAM_SHA256_PLUS_NAME) == 0) if (strcmp(state->sasl_mechanism, SCRAM_SHA_256_PLUS_NAME) == 0)
{ {
Assert(conn->ssl_in_use); Assert(conn->ssl_in_use);
appendPQExpBuffer(&buf, "p=%s", conn->scram_channel_binding); appendPQExpBuffer(&buf, "p=%s", conn->scram_channel_binding);
@ -430,7 +430,7 @@ build_client_final_message(fe_scram_state *state)
* build_client_first_message(), because the server will check that it's * build_client_first_message(), because the server will check that it's
* the same flag both times. * the same flag both times.
*/ */
if (strcmp(state->sasl_mechanism, SCRAM_SHA256_PLUS_NAME) == 0) if (strcmp(state->sasl_mechanism, SCRAM_SHA_256_PLUS_NAME) == 0)
{ {
char *cbind_data = NULL; char *cbind_data = NULL;
size_t cbind_data_len = 0; size_t cbind_data_len = 0;

8
src/interfaces/libpq/fe-auth.c
View File

@ -533,11 +533,11 @@ pg_SASL_init(PGconn *conn, int payloadlen)
if (conn->ssl_in_use && if (conn->ssl_in_use &&
conn->scram_channel_binding && conn->scram_channel_binding &&
strlen(conn->scram_channel_binding) > 0 && strlen(conn->scram_channel_binding) > 0 &&
strcmp(mechanism_buf.data, SCRAM_SHA256_PLUS_NAME) == 0) strcmp(mechanism_buf.data, SCRAM_SHA_256_PLUS_NAME) == 0)
selected_mechanism = SCRAM_SHA256_PLUS_NAME; selected_mechanism = SCRAM_SHA_256_PLUS_NAME;
else if (strcmp(mechanism_buf.data, SCRAM_SHA256_NAME) == 0 && else if (strcmp(mechanism_buf.data, SCRAM_SHA_256_NAME) == 0 &&
!selected_mechanism) !selected_mechanism)
selected_mechanism = SCRAM_SHA256_NAME; selected_mechanism = SCRAM_SHA_256_NAME;
} }
if (!selected_mechanism) if (!selected_mechanism)