From 38d485fdaa5739627b642303cc172acc1487b90a Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Tue, 30 Jan 2018 16:50:30 -0500 Subject: [PATCH] Fix up references to scram-sha-256 pg_hba_file_rules erroneously reported this as scram-sha256. Fix that. To avoid future errors and confusion, also adjust documentation links and internal symbols to have a separator between "sha" and "256". Reported-by: Christophe Courtois Author: Michael Paquier --- doc/src/sgml/protocol.sgml | 2 +- src/backend/libpq/auth.c | 16 ++++++++-------- src/backend/libpq/hba.c | 2 +- src/include/common/scram-common.h | 4 ++-- src/interfaces/libpq/fe-auth-scram.c | 4 ++-- src/interfaces/libpq/fe-auth.c | 8 ++++---- 6 files changed, 18 insertions(+), 18 deletions(-) diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml index 4c5ed1e6d6..3cec9e0b0c 100644 --- a/doc/src/sgml/protocol.sgml +++ b/doc/src/sgml/protocol.sgml @@ -1540,7 +1540,7 @@ On error, the server can abort the authentication at any stage, and send an ErrorMessage. - + SCRAM-SHA-256 authentication diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 746d7cbb8a..3014b17a7c 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -894,18 +894,18 @@ CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail) * channel-binding variants go first, if they are supported. Channel * binding is only supported in SSL builds. */ - sasl_mechs = palloc(strlen(SCRAM_SHA256_PLUS_NAME) + - strlen(SCRAM_SHA256_NAME) + 3); + sasl_mechs = palloc(strlen(SCRAM_SHA_256_PLUS_NAME) + + strlen(SCRAM_SHA_256_NAME) + 3); p = sasl_mechs; if (port->ssl_in_use) { - strcpy(p, SCRAM_SHA256_PLUS_NAME); - p += strlen(SCRAM_SHA256_PLUS_NAME) + 1; + strcpy(p, SCRAM_SHA_256_PLUS_NAME); + p += strlen(SCRAM_SHA_256_PLUS_NAME) + 1; } - strcpy(p, SCRAM_SHA256_NAME); - p += strlen(SCRAM_SHA256_NAME) + 1; + strcpy(p, SCRAM_SHA_256_NAME); + p += strlen(SCRAM_SHA_256_NAME) + 1; /* Put another '\0' to mark that list is finished. */ p[0] = '\0'; @@ -973,8 +973,8 @@ CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail) const char *selected_mech; selected_mech = pq_getmsgrawstring(&buf); - if (strcmp(selected_mech, SCRAM_SHA256_NAME) != 0 && - strcmp(selected_mech, SCRAM_SHA256_PLUS_NAME) != 0) + if (strcmp(selected_mech, SCRAM_SHA_256_NAME) != 0 && + strcmp(selected_mech, SCRAM_SHA_256_PLUS_NAME) != 0) { ereport(ERROR, (errcode(ERRCODE_PROTOCOL_VIOLATION), diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c index aa20f266b8..acf625e4ec 100644 --- a/src/backend/libpq/hba.c +++ b/src/backend/libpq/hba.c @@ -126,7 +126,7 @@ static const char *const UserAuthName[] = "ident", "password", "md5", - "scram-sha256", + "scram-sha-256", "gss", "sspi", "pam", diff --git a/src/include/common/scram-common.h b/src/include/common/scram-common.h index e1d742ba89..17373cce3a 100644 --- a/src/include/common/scram-common.h +++ b/src/include/common/scram-common.h @@ -16,8 +16,8 @@ #include "common/sha2.h" /* Name of SCRAM mechanisms per IANA */ -#define SCRAM_SHA256_NAME "SCRAM-SHA-256" -#define SCRAM_SHA256_PLUS_NAME "SCRAM-SHA-256-PLUS" /* with channel binding */ +#define SCRAM_SHA_256_NAME "SCRAM-SHA-256" +#define SCRAM_SHA_256_PLUS_NAME "SCRAM-SHA-256-PLUS" /* with channel binding */ /* Channel binding types */ #define SCRAM_CHANNEL_BINDING_TLS_UNIQUE "tls-unique" diff --git a/src/interfaces/libpq/fe-auth-scram.c b/src/interfaces/libpq/fe-auth-scram.c index 23bd5fb2b6..8415bbb5c6 100644 --- a/src/interfaces/libpq/fe-auth-scram.c +++ b/src/interfaces/libpq/fe-auth-scram.c @@ -349,7 +349,7 @@ build_client_first_message(fe_scram_state *state) /* * First build the gs2-header with channel binding information. */ - if (strcmp(state->sasl_mechanism, SCRAM_SHA256_PLUS_NAME) == 0) + if (strcmp(state->sasl_mechanism, SCRAM_SHA_256_PLUS_NAME) == 0) { Assert(conn->ssl_in_use); appendPQExpBuffer(&buf, "p=%s", conn->scram_channel_binding); @@ -430,7 +430,7 @@ build_client_final_message(fe_scram_state *state) * build_client_first_message(), because the server will check that it's * the same flag both times. */ - if (strcmp(state->sasl_mechanism, SCRAM_SHA256_PLUS_NAME) == 0) + if (strcmp(state->sasl_mechanism, SCRAM_SHA_256_PLUS_NAME) == 0) { char *cbind_data = NULL; size_t cbind_data_len = 0; diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c index 7bcbca9df6..3b2073a47f 100644 --- a/src/interfaces/libpq/fe-auth.c +++ b/src/interfaces/libpq/fe-auth.c @@ -533,11 +533,11 @@ pg_SASL_init(PGconn *conn, int payloadlen) if (conn->ssl_in_use && conn->scram_channel_binding && strlen(conn->scram_channel_binding) > 0 && - strcmp(mechanism_buf.data, SCRAM_SHA256_PLUS_NAME) == 0) - selected_mechanism = SCRAM_SHA256_PLUS_NAME; - else if (strcmp(mechanism_buf.data, SCRAM_SHA256_NAME) == 0 && + strcmp(mechanism_buf.data, SCRAM_SHA_256_PLUS_NAME) == 0) + selected_mechanism = SCRAM_SHA_256_PLUS_NAME; + else if (strcmp(mechanism_buf.data, SCRAM_SHA_256_NAME) == 0 && !selected_mechanism) - selected_mechanism = SCRAM_SHA256_NAME; + selected_mechanism = SCRAM_SHA_256_NAME; } if (!selected_mechanism) -- 2.40.0