pg_hba_file_rules erroneously reported this as scram-sha256. Fix that.
To avoid future errors and confusion, also adjust documentation links
and internal symbols to have a separator between "sha" and "256".
Reported-by: Christophe Courtois <christophe.courtois@dalibo.com>
Author: Michael Paquier <michael.paquier@gmail.com>
ErrorMessage.
</para>
- <sect2 id="sasl-scram-sha256">
+ <sect2 id="sasl-scram-sha-256">
<title>SCRAM-SHA-256 authentication</title>
<para>
* channel-binding variants go first, if they are supported. Channel
* binding is only supported in SSL builds.
*/
- sasl_mechs = palloc(strlen(SCRAM_SHA256_PLUS_NAME) +
- strlen(SCRAM_SHA256_NAME) + 3);
+ sasl_mechs = palloc(strlen(SCRAM_SHA_256_PLUS_NAME) +
+ strlen(SCRAM_SHA_256_NAME) + 3);
p = sasl_mechs;
if (port->ssl_in_use)
{
- strcpy(p, SCRAM_SHA256_PLUS_NAME);
- p += strlen(SCRAM_SHA256_PLUS_NAME) + 1;
+ strcpy(p, SCRAM_SHA_256_PLUS_NAME);
+ p += strlen(SCRAM_SHA_256_PLUS_NAME) + 1;
}
- strcpy(p, SCRAM_SHA256_NAME);
- p += strlen(SCRAM_SHA256_NAME) + 1;
+ strcpy(p, SCRAM_SHA_256_NAME);
+ p += strlen(SCRAM_SHA_256_NAME) + 1;
/* Put another '\0' to mark that list is finished. */
p[0] = '\0';
const char *selected_mech;
selected_mech = pq_getmsgrawstring(&buf);
- if (strcmp(selected_mech, SCRAM_SHA256_NAME) != 0 &&
- strcmp(selected_mech, SCRAM_SHA256_PLUS_NAME) != 0)
+ if (strcmp(selected_mech, SCRAM_SHA_256_NAME) != 0 &&
+ strcmp(selected_mech, SCRAM_SHA_256_PLUS_NAME) != 0)
{
ereport(ERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION),
"ident",
"password",
"md5",
- "scram-sha256",
+ "scram-sha-256",
"gss",
"sspi",
"pam",
#include "common/sha2.h"
/* Name of SCRAM mechanisms per IANA */
-#define SCRAM_SHA256_NAME "SCRAM-SHA-256"
-#define SCRAM_SHA256_PLUS_NAME "SCRAM-SHA-256-PLUS" /* with channel binding */
+#define SCRAM_SHA_256_NAME "SCRAM-SHA-256"
+#define SCRAM_SHA_256_PLUS_NAME "SCRAM-SHA-256-PLUS" /* with channel binding */
/* Channel binding types */
#define SCRAM_CHANNEL_BINDING_TLS_UNIQUE "tls-unique"
/*
* First build the gs2-header with channel binding information.
*/
- if (strcmp(state->sasl_mechanism, SCRAM_SHA256_PLUS_NAME) == 0)
+ if (strcmp(state->sasl_mechanism, SCRAM_SHA_256_PLUS_NAME) == 0)
{
Assert(conn->ssl_in_use);
appendPQExpBuffer(&buf, "p=%s", conn->scram_channel_binding);
* build_client_first_message(), because the server will check that it's
* the same flag both times.
*/
- if (strcmp(state->sasl_mechanism, SCRAM_SHA256_PLUS_NAME) == 0)
+ if (strcmp(state->sasl_mechanism, SCRAM_SHA_256_PLUS_NAME) == 0)
{
char *cbind_data = NULL;
size_t cbind_data_len = 0;
if (conn->ssl_in_use &&
conn->scram_channel_binding &&
strlen(conn->scram_channel_binding) > 0 &&
- strcmp(mechanism_buf.data, SCRAM_SHA256_PLUS_NAME) == 0)
- selected_mechanism = SCRAM_SHA256_PLUS_NAME;
- else if (strcmp(mechanism_buf.data, SCRAM_SHA256_NAME) == 0 &&
+ strcmp(mechanism_buf.data, SCRAM_SHA_256_PLUS_NAME) == 0)
+ selected_mechanism = SCRAM_SHA_256_PLUS_NAME;
+ else if (strcmp(mechanism_buf.data, SCRAM_SHA_256_NAME) == 0 &&
!selected_mechanism)
- selected_mechanism = SCRAM_SHA256_NAME;
+ selected_mechanism = SCRAM_SHA_256_NAME;
}
if (!selected_mechanism)
projects / postgresql / commitdiff