Commit 38d485fd authored by Peter Eisentraut's avatar Peter Eisentraut

Fix up references to scram-sha-256

pg_hba_file_rules erroneously reported this as scram-sha256.  Fix that.

To avoid future errors and confusion, also adjust documentation links
and internal symbols to have a separator between "sha" and "256".
Reported-by: default avatarChristophe Courtois <christophe.courtois@dalibo.com>
Author: Michael Paquier <michael.paquier@gmail.com>
parent 99f6a17d
...@@ -1540,7 +1540,7 @@ On error, the server can abort the authentication at any stage, and send an ...@@ -1540,7 +1540,7 @@ On error, the server can abort the authentication at any stage, and send an
ErrorMessage. ErrorMessage.
</para> </para>
<sect2 id="sasl-scram-sha256"> <sect2 id="sasl-scram-sha-256">
<title>SCRAM-SHA-256 authentication</title> <title>SCRAM-SHA-256 authentication</title>
<para> <para>
......
...@@ -894,18 +894,18 @@ CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail) ...@@ -894,18 +894,18 @@ CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail)
* channel-binding variants go first, if they are supported. Channel * channel-binding variants go first, if they are supported. Channel
* binding is only supported in SSL builds. * binding is only supported in SSL builds.
*/ */
sasl_mechs = palloc(strlen(SCRAM_SHA256_PLUS_NAME) + sasl_mechs = palloc(strlen(SCRAM_SHA_256_PLUS_NAME) +
strlen(SCRAM_SHA256_NAME) + 3); strlen(SCRAM_SHA_256_NAME) + 3);
p = sasl_mechs; p = sasl_mechs;
if (port->ssl_in_use) if (port->ssl_in_use)
{ {
strcpy(p, SCRAM_SHA256_PLUS_NAME); strcpy(p, SCRAM_SHA_256_PLUS_NAME);
p += strlen(SCRAM_SHA256_PLUS_NAME) + 1; p += strlen(SCRAM_SHA_256_PLUS_NAME) + 1;
} }
strcpy(p, SCRAM_SHA256_NAME); strcpy(p, SCRAM_SHA_256_NAME);
p += strlen(SCRAM_SHA256_NAME) + 1; p += strlen(SCRAM_SHA_256_NAME) + 1;
/* Put another '\0' to mark that list is finished. */ /* Put another '\0' to mark that list is finished. */
p[0] = '\0'; p[0] = '\0';
...@@ -973,8 +973,8 @@ CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail) ...@@ -973,8 +973,8 @@ CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail)
const char *selected_mech; const char *selected_mech;
selected_mech = pq_getmsgrawstring(&buf); selected_mech = pq_getmsgrawstring(&buf);
if (strcmp(selected_mech, SCRAM_SHA256_NAME) != 0 && if (strcmp(selected_mech, SCRAM_SHA_256_NAME) != 0 &&
strcmp(selected_mech, SCRAM_SHA256_PLUS_NAME) != 0) strcmp(selected_mech, SCRAM_SHA_256_PLUS_NAME) != 0)
{ {
ereport(ERROR, ereport(ERROR,
(errcode(ERRCODE_PROTOCOL_VIOLATION), (errcode(ERRCODE_PROTOCOL_VIOLATION),
......
...@@ -126,7 +126,7 @@ static const char *const UserAuthName[] = ...@@ -126,7 +126,7 @@ static const char *const UserAuthName[] =
"ident", "ident",
"password", "password",
"md5", "md5",
"scram-sha256", "scram-sha-256",
"gss", "gss",
"sspi", "sspi",
"pam", "pam",
......
...@@ -16,8 +16,8 @@ ...@@ -16,8 +16,8 @@
#include "common/sha2.h" #include "common/sha2.h"
/* Name of SCRAM mechanisms per IANA */ /* Name of SCRAM mechanisms per IANA */
#define SCRAM_SHA256_NAME "SCRAM-SHA-256" #define SCRAM_SHA_256_NAME "SCRAM-SHA-256"
#define SCRAM_SHA256_PLUS_NAME "SCRAM-SHA-256-PLUS" /* with channel binding */ #define SCRAM_SHA_256_PLUS_NAME "SCRAM-SHA-256-PLUS" /* with channel binding */
/* Channel binding types */ /* Channel binding types */
#define SCRAM_CHANNEL_BINDING_TLS_UNIQUE "tls-unique" #define SCRAM_CHANNEL_BINDING_TLS_UNIQUE "tls-unique"
......
...@@ -349,7 +349,7 @@ build_client_first_message(fe_scram_state *state) ...@@ -349,7 +349,7 @@ build_client_first_message(fe_scram_state *state)
/* /*
* First build the gs2-header with channel binding information. * First build the gs2-header with channel binding information.
*/ */
if (strcmp(state->sasl_mechanism, SCRAM_SHA256_PLUS_NAME) == 0) if (strcmp(state->sasl_mechanism, SCRAM_SHA_256_PLUS_NAME) == 0)
{ {
Assert(conn->ssl_in_use); Assert(conn->ssl_in_use);
appendPQExpBuffer(&buf, "p=%s", conn->scram_channel_binding); appendPQExpBuffer(&buf, "p=%s", conn->scram_channel_binding);
...@@ -430,7 +430,7 @@ build_client_final_message(fe_scram_state *state) ...@@ -430,7 +430,7 @@ build_client_final_message(fe_scram_state *state)
* build_client_first_message(), because the server will check that it's * build_client_first_message(), because the server will check that it's
* the same flag both times. * the same flag both times.
*/ */
if (strcmp(state->sasl_mechanism, SCRAM_SHA256_PLUS_NAME) == 0) if (strcmp(state->sasl_mechanism, SCRAM_SHA_256_PLUS_NAME) == 0)
{ {
char *cbind_data = NULL; char *cbind_data = NULL;
size_t cbind_data_len = 0; size_t cbind_data_len = 0;
......
...@@ -533,11 +533,11 @@ pg_SASL_init(PGconn *conn, int payloadlen) ...@@ -533,11 +533,11 @@ pg_SASL_init(PGconn *conn, int payloadlen)
if (conn->ssl_in_use && if (conn->ssl_in_use &&
conn->scram_channel_binding && conn->scram_channel_binding &&
strlen(conn->scram_channel_binding) > 0 && strlen(conn->scram_channel_binding) > 0 &&
strcmp(mechanism_buf.data, SCRAM_SHA256_PLUS_NAME) == 0) strcmp(mechanism_buf.data, SCRAM_SHA_256_PLUS_NAME) == 0)
selected_mechanism = SCRAM_SHA256_PLUS_NAME; selected_mechanism = SCRAM_SHA_256_PLUS_NAME;
else if (strcmp(mechanism_buf.data, SCRAM_SHA256_NAME) == 0 && else if (strcmp(mechanism_buf.data, SCRAM_SHA_256_NAME) == 0 &&
!selected_mechanism) !selected_mechanism)
selected_mechanism = SCRAM_SHA256_NAME; selected_mechanism = SCRAM_SHA_256_NAME;
} }
if (!selected_mechanism) if (!selected_mechanism)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment