Commit 60f11b87 authored by Heikki Linnakangas's avatar Heikki Linnakangas

Use SASLprep to normalize passwords for SCRAM authentication.

An important step of SASLprep normalization, is to convert the string to
Unicode normalization form NFKC. Unicode normalization requires a fairly
large table of character decompositions, which is generated from data
published by the Unicode consortium. The script to generate the table is
put in src/common/unicode, as well test code for the normalization.
A pre-generated version of the tables is included in src/include/common,
so you don't need the code in src/common/unicode to build PostgreSQL, only
if you wish to modify the normalization tables.

The SASLprep implementation depends on the UTF-8 functions from
src/backend/utils/mb/wchar.c. So to use it, you must also compile and link
that. That doesn't change anything for the current users of these
functions, the backend and libpq, as they both already link with wchar.o.
It would be good to move those functions into a separate file in
src/commmon, but I'll leave that for another day.

No documentation changes included, because there is no details on the
SCRAM mechanism in the docs anyway. An overview on that in the protocol
specification would probably be good, even though SCRAM is documented in
detail in RFC5802. I'll write that as a separate patch. An important thing
to mention there is that we apply SASLprep even on invalid UTF-8 strings,
to support other encodings.

Patch by Michael Paquier and me.

Discussion: https://www.postgresql.org/message-id/CAB7nPqSByyEmAVLtEf1KxTRh=PWNKiWKEKQR=e1yGehz=wbymQ@mail.gmail.com
parent 32e33a79
...@@ -11,13 +11,43 @@ ...@@ -11,13 +11,43 @@
* *
* - Username from the authentication exchange is not used. The client * - Username from the authentication exchange is not used. The client
* should send an empty string as the username. * should send an empty string as the username.
* - Password is not processed with the SASLprep algorithm. *
* - If the password isn't valid UTF-8, or contains characters prohibited
* by the SASLprep profile, we skip the SASLprep pre-processing and use
* the raw bytes in calculating the hash.
*
* - Channel binding is not supported yet. * - Channel binding is not supported yet.
* *
*
* The password stored in pg_authid consists of the salt, iteration count, * The password stored in pg_authid consists of the salt, iteration count,
* StoredKey and ServerKey. * StoredKey and ServerKey.
* *
* On error handling: * SASLprep usage
* --------------
*
* One notable difference to the SCRAM specification is that while the
* specification dictates that the password is in UTF-8, and prohibits
* certain characters, we are more lenient. If the password isn't a valid
* UTF-8 string, or contains prohibited characters, the raw bytes are used
* to calculate the hash instead, without SASLprep processing. This is
* because PostgreSQL supports other encodings too, and the encoding being
* used during authentication is undefined (client_encoding isn't set until
* after authentication). In effect, we try to interpret the password as
* UTF-8 and apply SASLprep processing, but if it looks invalid, we assume
* that it's in some other encoding.
*
* In the worst case, we misinterpret a password that's in a different
* encoding as being Unicode, because it happens to consists entirely of
* valid UTF-8 bytes, and we apply Unicode normalization to it. As long
* as we do that consistently, that will not lead to failed logins.
* Fortunately, the UTF-8 byte sequences that are ignored by SASLprep
* don't correspond to any commonly used characters in any of the other
* supported encodings, so it should not lead to any significant loss in
* entropy, even if the normalization is incorrectly applied to a
* non-UTF-8 password.
*
* Error handling
* --------------
* *
* Don't reveal user information to an unauthenticated client. We don't * Don't reveal user information to an unauthenticated client. We don't
* want an attacker to be able to probe whether a particular username is * want an attacker to be able to probe whether a particular username is
...@@ -37,6 +67,7 @@ ...@@ -37,6 +67,7 @@
* to the encoding being used, whatever that is. We cannot avoid that in * to the encoding being used, whatever that is. We cannot avoid that in
* general, after logging in, but let's do what we can here. * general, after logging in, but let's do what we can here.
* *
*
* Portions Copyright (c) 1996-2017, PostgreSQL Global Development Group * Portions Copyright (c) 1996-2017, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California * Portions Copyright (c) 1994, Regents of the University of California
* *
...@@ -52,6 +83,7 @@ ...@@ -52,6 +83,7 @@
#include "catalog/pg_authid.h" #include "catalog/pg_authid.h"
#include "catalog/pg_control.h" #include "catalog/pg_control.h"
#include "common/base64.h" #include "common/base64.h"
#include "common/saslprep.h"
#include "common/scram-common.h" #include "common/scram-common.h"
#include "common/sha2.h" #include "common/sha2.h"
#include "libpq/auth.h" #include "libpq/auth.h"
...@@ -344,6 +376,17 @@ scram_build_verifier(const char *username, const char *password, ...@@ -344,6 +376,17 @@ scram_build_verifier(const char *username, const char *password,
char salt[SCRAM_SALT_LEN]; char salt[SCRAM_SALT_LEN];
char *encoded_salt; char *encoded_salt;
int encoded_len; int encoded_len;
char *prep_password = NULL;
pg_saslprep_rc rc;
/*
* Normalize the password with SASLprep. If that doesn't work, because
* the password isn't valid UTF-8 or contains prohibited characters, just
* proceed with the original password. (See comments at top of file.)
*/
rc = pg_saslprep(password, &prep_password);
if (rc == SASLPREP_SUCCESS)
password = (const char *) prep_password;
if (iterations <= 0) if (iterations <= 0)
iterations = SCRAM_ITERATIONS_DEFAULT; iterations = SCRAM_ITERATIONS_DEFAULT;
...@@ -373,6 +416,9 @@ scram_build_verifier(const char *username, const char *password, ...@@ -373,6 +416,9 @@ scram_build_verifier(const char *username, const char *password,
(void) hex_encode((const char *) keybuf, SCRAM_KEY_LEN, serverkey_hex); (void) hex_encode((const char *) keybuf, SCRAM_KEY_LEN, serverkey_hex);
serverkey_hex[SCRAM_KEY_LEN * 2] = '\0'; serverkey_hex[SCRAM_KEY_LEN * 2] = '\0';
if (prep_password)
pfree(prep_password);
return psprintf("scram-sha-256:%s:%d:%s:%s", encoded_salt, iterations, storedkey_hex, serverkey_hex); return psprintf("scram-sha-256:%s:%d:%s:%s", encoded_salt, iterations, storedkey_hex, serverkey_hex);
} }
...@@ -392,13 +438,14 @@ scram_verify_plain_password(const char *username, const char *password, ...@@ -392,13 +438,14 @@ scram_verify_plain_password(const char *username, const char *password,
uint8 stored_key[SCRAM_KEY_LEN]; uint8 stored_key[SCRAM_KEY_LEN];
uint8 server_key[SCRAM_KEY_LEN]; uint8 server_key[SCRAM_KEY_LEN];
uint8 computed_key[SCRAM_KEY_LEN]; uint8 computed_key[SCRAM_KEY_LEN];
char *prep_password = NULL;
pg_saslprep_rc rc;
if (!parse_scram_verifier(verifier, &encoded_salt, &iterations, if (!parse_scram_verifier(verifier, &encoded_salt, &iterations,
stored_key, server_key)) stored_key, server_key))
{ {
/* /*
* The password looked like a SCRAM verifier, but could not be * The password looked like a SCRAM verifier, but could not be parsed.
* parsed.
*/ */
elog(LOG, "invalid SCRAM verifier for user \"%s\"", username); elog(LOG, "invalid SCRAM verifier for user \"%s\"", username);
return false; return false;
...@@ -412,10 +459,18 @@ scram_verify_plain_password(const char *username, const char *password, ...@@ -412,10 +459,18 @@ scram_verify_plain_password(const char *username, const char *password,
return false; return false;
} }
/* Normalize the password */
rc = pg_saslprep(password, &prep_password);
if (rc == SASLPREP_SUCCESS)
password = prep_password;
/* Compute Server key based on the user-supplied plaintext password */ /* Compute Server key based on the user-supplied plaintext password */
scram_ClientOrServerKey(password, salt, saltlen, iterations, scram_ClientOrServerKey(password, salt, saltlen, iterations,
SCRAM_SERVER_KEY_NAME, computed_key); SCRAM_SERVER_KEY_NAME, computed_key);
if (prep_password)
pfree(prep_password);
/* /*
* Compare the verifier's Server Key with the one computed from the * Compare the verifier's Server Key with the one computed from the
* user-supplied password. * user-supplied password.
......
...@@ -42,7 +42,8 @@ override CPPFLAGS += -DVAL_LIBS="\"$(LIBS)\"" ...@@ -42,7 +42,8 @@ override CPPFLAGS += -DVAL_LIBS="\"$(LIBS)\""
OBJS_COMMON = base64.o config_info.o controldata_utils.o exec.o ip.o \ OBJS_COMMON = base64.o config_info.o controldata_utils.o exec.o ip.o \
keywords.o md5.o pg_lzcompress.o pgfnames.o psprintf.o relpath.o \ keywords.o md5.o pg_lzcompress.o pgfnames.o psprintf.o relpath.o \
rmtree.o scram-common.o string.o username.o wait_error.o rmtree.o saslprep.o scram-common.o string.o unicode_norm.o \
username.o wait_error.o
ifeq ($(with_openssl),yes) ifeq ($(with_openssl),yes)
OBJS_COMMON += sha2_openssl.o OBJS_COMMON += sha2_openssl.o
......
/*-------------------------------------------------------------------------
* saslprep.c
* SASLprep normalization, for SCRAM authentication
*
* The SASLprep algorithm is used to process a user-supplied password into
* canonical form. For more details, see:
*
* [RFC3454] Preparation of Internationalized Strings ("stringprep"),
* http://www.ietf.org/rfc/rfc3454.txt
*
* [RFC4013] SASLprep: Stringprep Profile for User Names and Passwords
* http://www.ietf.org/rfc/rfc4013.txt
*
*
* Portions Copyright (c) 2017, PostgreSQL Global Development Group
*
* IDENTIFICATION
* src/common/saslprep.c
*
*-------------------------------------------------------------------------
*/
#ifndef FRONTEND
#include "postgres.h"
#else
#include "postgres_fe.h"
#endif
#include "common/saslprep.h"
#include "common/unicode_norm.h"
/*
* Note: The functions in this file depend on functions from
* src/backend/utils/mb/wchar.c, so in order to use this in frontend
* code, you will need to link that in, too.
*/
#include "mb/pg_wchar.h"
/*
* Limit on how large password's we will try to process. A password
* larger than this will be treated the same as out-of-memory.
*/
#define MAX_PASSWORD_LENGTH 1024
/*
* In backend, we will use palloc/pfree. In frontend, use malloc, and
* return SASLPREP_OOM on out-of-memory.
*/
#ifndef FRONTEND
#define STRDUP(s) pstrdup(s)
#define ALLOC(size) palloc(size)
#define FREE(size) pfree(size)
#else
#define STRDUP(s) strdup(s)
#define ALLOC(size) malloc(size)
#define FREE(size) free(size)
#endif
/* Prototypes for local functions */
static int codepoint_range_cmp(const void *a, const void *b);
static bool is_code_in_table(pg_wchar code, const pg_wchar *map, int mapsize);
static int pg_utf8_string_len(const char *source);
static bool pg_is_ascii_string(const char *p);
/*
* Stringprep Mapping Tables.
*
* The stringprep specification includes a number of tables of Unicode
* codepoints, used in different parts of the algorithm. They are below,
* as arrays of codepoint ranges. Each range is a pair of codepoints,
* for the first and last codepoint included the range (inclusive!).
*/
/*
* C.1.2 Non-ASCII space characters
*
* These are all mapped to the ASCII space character (U+00A0).
*/
static const pg_wchar non_ascii_space_ranges[] =
{
0x00A0, 0x00A0,
0x1680, 0x1680,
0x2000, 0x200B,
0x202F, 0x202F,
0x205F, 0x205F,
0x3000, 0x3000
};
/*
* B.1 Commonly mapped to nothing
*
* If any of these appear in the input, they are removed.
*/
static const pg_wchar commonly_mapped_to_nothing_ranges[] =
{
0x00AD, 0x00AD,
0x034F, 0x034F,
0x1806, 0x1806,
0x180B, 0x180D,
0x200B, 0x200D,
0x2060, 0x2060,
0xFE00, 0xFE0F,
0xFEFF, 0xFEFF
};
/*
* prohibited_output_ranges is a union of all the characters from
* the following tables:
*
* C.1.2 Non-ASCII space characters
* C.2.1 ASCII control characters
* C.2.2 Non-ASCII control characters
* C.3 Private Use characters
* C.4 Non-character code points
* C.5 Surrogate code points
* C.6 Inappropriate for plain text characters
* C.7 Inappropriate for canonical representation characters
* C.7 Change display properties or deprecated characters
* C.8 Tagging characters
*
* These are the tables that are listed as "prohibited output"
* characters in the SASLprep profile.
*
* The comment after each code range indicates which source table
* the code came from. Note that there is some overlap in the source
* tables, so one code might originate from multiple source tables.
* Adjacent ranges have also been merged together, to save space.
*/
static const pg_wchar prohibited_output_ranges[] =
{
0x0000, 0x001F, /* C.2.1 */
0x007F, 0x00A0, /* C.1.2, C.2.1, C.2.2 */
0x0340, 0x0341, /* C.8 */
0x06DD, 0x06DD, /* C.2.2 */
0x070F, 0x070F, /* C.2.2 */
0x1680, 0x1680, /* C.1.2 */
0x180E, 0x180E, /* C.2.2 */
0x2000, 0x200F, /* C.1.2, C.2.2, C.8 */
0x2028, 0x202F, /* C.1.2, C.2.2, C.8 */
0x205F, 0x2063, /* C.1.2, C.2.2 */
0x206A, 0x206F, /* C.2.2, C.8 */
0x2FF0, 0x2FFB, /* C.7 */
0x3000, 0x3000, /* C.1.2 */
0xD800, 0xF8FF, /* C.3, C.5 */
0xFDD0, 0xFDEF, /* C.4 */
0xFEFF, 0xFEFF, /* C.2.2 */
0xFFF9, 0xFFFF, /* C.2.2, C.4, C.6 */
0x1D173, 0x1D17A, /* C.2.2 */
0x1FFFE, 0x1FFFF, /* C.4 */
0x2FFFE, 0x2FFFF, /* C.4 */
0x3FFFE, 0x3FFFF, /* C.4 */
0x4FFFE, 0x4FFFF, /* C.4 */
0x5FFFE, 0x5FFFF, /* C.4 */
0x6FFFE, 0x6FFFF, /* C.4 */
0x7FFFE, 0x7FFFF, /* C.4 */
0x8FFFE, 0x8FFFF, /* C.4 */
0x9FFFE, 0x9FFFF, /* C.4 */
0xAFFFE, 0xAFFFF, /* C.4 */
0xBFFFE, 0xBFFFF, /* C.4 */
0xCFFFE, 0xCFFFF, /* C.4 */
0xDFFFE, 0xDFFFF, /* C.4 */
0xE0001, 0xE0001, /* C.9 */
0xE0020, 0xE007F, /* C.9 */
0xEFFFE, 0xEFFFF, /* C.4 */
0xF0000, 0xFFFFF, /* C.3, C.4 */
0x100000, 0x10FFFF /* C.3, C.4 */
};
/* A.1 Unassigned code points in Unicode 3.2 */
static const pg_wchar unassigned_codepoint_ranges[] =
{
0x0221, 0x0221,
0x0234, 0x024F,
0x02AE, 0x02AF,
0x02EF, 0x02FF,
0x0350, 0x035F,
0x0370, 0x0373,
0x0376, 0x0379,
0x037B, 0x037D,
0x037F, 0x0383,
0x038B, 0x038B,
0x038D, 0x038D,
0x03A2, 0x03A2,
0x03CF, 0x03CF,
0x03F7, 0x03FF,
0x0487, 0x0487,
0x04CF, 0x04CF,
0x04F6, 0x04F7,
0x04FA, 0x04FF,
0x0510, 0x0530,
0x0557, 0x0558,
0x0560, 0x0560,
0x0588, 0x0588,
0x058B, 0x0590,
0x05A2, 0x05A2,
0x05BA, 0x05BA,
0x05C5, 0x05CF,
0x05EB, 0x05EF,
0x05F5, 0x060B,
0x060D, 0x061A,
0x061C, 0x061E,
0x0620, 0x0620,
0x063B, 0x063F,
0x0656, 0x065F,
0x06EE, 0x06EF,
0x06FF, 0x06FF,
0x070E, 0x070E,
0x072D, 0x072F,
0x074B, 0x077F,
0x07B2, 0x0900,
0x0904, 0x0904,
0x093A, 0x093B,
0x094E, 0x094F,
0x0955, 0x0957,
0x0971, 0x0980,
0x0984, 0x0984,
0x098D, 0x098E,
0x0991, 0x0992,
0x09A9, 0x09A9,
0x09B1, 0x09B1,
0x09B3, 0x09B5,
0x09BA, 0x09BB,
0x09BD, 0x09BD,
0x09C5, 0x09C6,
0x09C9, 0x09CA,
0x09CE, 0x09D6,
0x09D8, 0x09DB,
0x09DE, 0x09DE,
0x09E4, 0x09E5,
0x09FB, 0x0A01,
0x0A03, 0x0A04,
0x0A0B, 0x0A0E,
0x0A11, 0x0A12,
0x0A29, 0x0A29,
0x0A31, 0x0A31,
0x0A34, 0x0A34,
0x0A37, 0x0A37,
0x0A3A, 0x0A3B,
0x0A3D, 0x0A3D,
0x0A43, 0x0A46,
0x0A49, 0x0A4A,
0x0A4E, 0x0A58,
0x0A5D, 0x0A5D,
0x0A5F, 0x0A65,
0x0A75, 0x0A80,
0x0A84, 0x0A84,
0x0A8C, 0x0A8C,
0x0A8E, 0x0A8E,
0x0A92, 0x0A92,
0x0AA9, 0x0AA9,
0x0AB1, 0x0AB1,
0x0AB4, 0x0AB4,
0x0ABA, 0x0ABB,
0x0AC6, 0x0AC6,
0x0ACA, 0x0ACA,
0x0ACE, 0x0ACF,
0x0AD1, 0x0ADF,
0x0AE1, 0x0AE5,
0x0AF0, 0x0B00,
0x0B04, 0x0B04,
0x0B0D, 0x0B0E,
0x0B11, 0x0B12,
0x0B29, 0x0B29,
0x0B31, 0x0B31,
0x0B34, 0x0B35,
0x0B3A, 0x0B3B,
0x0B44, 0x0B46,
0x0B49, 0x0B4A,
0x0B4E, 0x0B55,
0x0B58, 0x0B5B,
0x0B5E, 0x0B5E,
0x0B62, 0x0B65,
0x0B71, 0x0B81,
0x0B84, 0x0B84,
0x0B8B, 0x0B8D,
0x0B91, 0x0B91,
0x0B96, 0x0B98,
0x0B9B, 0x0B9B,
0x0B9D, 0x0B9D,
0x0BA0, 0x0BA2,
0x0BA5, 0x0BA7,
0x0BAB, 0x0BAD,
0x0BB6, 0x0BB6,
0x0BBA, 0x0BBD,
0x0BC3, 0x0BC5,
0x0BC9, 0x0BC9,
0x0BCE, 0x0BD6,
0x0BD8, 0x0BE6,
0x0BF3, 0x0C00,
0x0C04, 0x0C04,
0x0C0D, 0x0C0D,
0x0C11, 0x0C11,
0x0C29, 0x0C29,
0x0C34, 0x0C34,
0x0C3A, 0x0C3D,
0x0C45, 0x0C45,
0x0C49, 0x0C49,
0x0C4E, 0x0C54,
0x0C57, 0x0C5F,
0x0C62, 0x0C65,
0x0C70, 0x0C81,
0x0C84, 0x0C84,
0x0C8D, 0x0C8D,
0x0C91, 0x0C91,
0x0CA9, 0x0CA9,
0x0CB4, 0x0CB4,
0x0CBA, 0x0CBD,
0x0CC5, 0x0CC5,
0x0CC9, 0x0CC9,
0x0CCE, 0x0CD4,
0x0CD7, 0x0CDD,
0x0CDF, 0x0CDF,
0x0CE2, 0x0CE5,
0x0CF0, 0x0D01,
0x0D04, 0x0D04,
0x0D0D, 0x0D0D,
0x0D11, 0x0D11,
0x0D29, 0x0D29,
0x0D3A, 0x0D3D,
0x0D44, 0x0D45,
0x0D49, 0x0D49,
0x0D4E, 0x0D56,
0x0D58, 0x0D5F,
0x0D62, 0x0D65,
0x0D70, 0x0D81,
0x0D84, 0x0D84,
0x0D97, 0x0D99,
0x0DB2, 0x0DB2,
0x0DBC, 0x0DBC,
0x0DBE, 0x0DBF,
0x0DC7, 0x0DC9,
0x0DCB, 0x0DCE,
0x0DD5, 0x0DD5,
0x0DD7, 0x0DD7,
0x0DE0, 0x0DF1,
0x0DF5, 0x0E00,
0x0E3B, 0x0E3E,
0x0E5C, 0x0E80,
0x0E83, 0x0E83,
0x0E85, 0x0E86,
0x0E89, 0x0E89,
0x0E8B, 0x0E8C,
0x0E8E, 0x0E93,
0x0E98, 0x0E98,
0x0EA0, 0x0EA0,
0x0EA4, 0x0EA4,
0x0EA6, 0x0EA6,
0x0EA8, 0x0EA9,
0x0EAC, 0x0EAC,
0x0EBA, 0x0EBA,
0x0EBE, 0x0EBF,
0x0EC5, 0x0EC5,
0x0EC7, 0x0EC7,
0x0ECE, 0x0ECF,
0x0EDA, 0x0EDB,
0x0EDE, 0x0EFF,
0x0F48, 0x0F48,
0x0F6B, 0x0F70,
0x0F8C, 0x0F8F,
0x0F98, 0x0F98,
0x0FBD, 0x0FBD,
0x0FCD, 0x0FCE,
0x0FD0, 0x0FFF,
0x1022, 0x1022,
0x1028, 0x1028,
0x102B, 0x102B,
0x1033, 0x1035,
0x103A, 0x103F,
0x105A, 0x109F,
0x10C6, 0x10CF,
0x10F9, 0x10FA,
0x10FC, 0x10FF,
0x115A, 0x115E,
0x11A3, 0x11A7,
0x11FA, 0x11FF,
0x1207, 0x1207,
0x1247, 0x1247,
0x1249, 0x1249,
0x124E, 0x124F,
0x1257, 0x1257,
0x1259, 0x1259,
0x125E, 0x125F,
0x1287, 0x1287,
0x1289, 0x1289,
0x128E, 0x128F,
0x12AF, 0x12AF,
0x12B1, 0x12B1,
0x12B6, 0x12B7,
0x12BF, 0x12BF,
0x12C1, 0x12C1,
0x12C6, 0x12C7,
0x12CF, 0x12CF,
0x12D7, 0x12D7,
0x12EF, 0x12EF,
0x130F, 0x130F,
0x1311, 0x1311,
0x1316, 0x1317,
0x131F, 0x131F,
0x1347, 0x1347,
0x135B, 0x1360,
0x137D, 0x139F,
0x13F5, 0x1400,
0x1677, 0x167F,
0x169D, 0x169F,
0x16F1, 0x16FF,
0x170D, 0x170D,
0x1715, 0x171F,
0x1737, 0x173F,
0x1754, 0x175F,
0x176D, 0x176D,
0x1771, 0x1771,
0x1774, 0x177F,
0x17DD, 0x17DF,
0x17EA, 0x17FF,
0x180F, 0x180F,
0x181A, 0x181F,
0x1878, 0x187F,
0x18AA, 0x1DFF,
0x1E9C, 0x1E9F,
0x1EFA, 0x1EFF,
0x1F16, 0x1F17,
0x1F1E, 0x1F1F,
0x1F46, 0x1F47,
0x1F4E, 0x1F4F,
0x1F58, 0x1F58,
0x1F5A, 0x1F5A,
0x1F5C, 0x1F5C,
0x1F5E, 0x1F5E,
0x1F7E, 0x1F7F,
0x1FB5, 0x1FB5,
0x1FC5, 0x1FC5,
0x1FD4, 0x1FD5,
0x1FDC, 0x1FDC,
0x1FF0, 0x1FF1,
0x1FF5, 0x1FF5,
0x1FFF, 0x1FFF,
0x2053, 0x2056,
0x2058, 0x205E,
0x2064, 0x2069,
0x2072, 0x2073,
0x208F, 0x209F,
0x20B2, 0x20CF,
0x20EB, 0x20FF,
0x213B, 0x213C,
0x214C, 0x2152,
0x2184, 0x218F,
0x23CF, 0x23FF,
0x2427, 0x243F,
0x244B, 0x245F,
0x24FF, 0x24FF,
0x2614, 0x2615,
0x2618, 0x2618,
0x267E, 0x267F,
0x268A, 0x2700,
0x2705, 0x2705,
0x270A, 0x270B,
0x2728, 0x2728,
0x274C, 0x274C,
0x274E, 0x274E,
0x2753, 0x2755,
0x2757, 0x2757,
0x275F, 0x2760,
0x2795, 0x2797,
0x27B0, 0x27B0,
0x27BF, 0x27CF,
0x27EC, 0x27EF,
0x2B00, 0x2E7F,
0x2E9A, 0x2E9A,
0x2EF4, 0x2EFF,
0x2FD6, 0x2FEF,
0x2FFC, 0x2FFF,
0x3040, 0x3040,
0x3097, 0x3098,
0x3100, 0x3104,
0x312D, 0x3130,
0x318F, 0x318F,
0x31B8, 0x31EF,
0x321D, 0x321F,
0x3244, 0x3250,
0x327C, 0x327E,
0x32CC, 0x32CF,
0x32FF, 0x32FF,
0x3377, 0x337A,
0x33DE, 0x33DF,
0x33FF, 0x33FF,
0x4DB6, 0x4DFF,
0x9FA6, 0x9FFF,
0xA48D, 0xA48F,
0xA4C7, 0xABFF,
0xD7A4, 0xD7FF,
0xFA2E, 0xFA2F,
0xFA6B, 0xFAFF,
0xFB07, 0xFB12,
0xFB18, 0xFB1C,
0xFB37, 0xFB37,
0xFB3D, 0xFB3D,
0xFB3F, 0xFB3F,
0xFB42, 0xFB42,
0xFB45, 0xFB45,
0xFBB2, 0xFBD2,
0xFD40, 0xFD4F,
0xFD90, 0xFD91,
0xFDC8, 0xFDCF,
0xFDFD, 0xFDFF,
0xFE10, 0xFE1F,
0xFE24, 0xFE2F,
0xFE47, 0xFE48,
0xFE53, 0xFE53,
0xFE67, 0xFE67,
0xFE6C, 0xFE6F,
0xFE75, 0xFE75,
0xFEFD, 0xFEFE,
0xFF00, 0xFF00,
0xFFBF, 0xFFC1,
0xFFC8, 0xFFC9,
0xFFD0, 0xFFD1,
0xFFD8, 0xFFD9,
0xFFDD, 0xFFDF,
0xFFE7, 0xFFE7,
0xFFEF, 0xFFF8,
0x10000, 0x102FF,
0x1031F, 0x1031F,
0x10324, 0x1032F,
0x1034B, 0x103FF,
0x10426, 0x10427,
0x1044E, 0x1CFFF,
0x1D0F6, 0x1D0FF,
0x1D127, 0x1D129,
0x1D1DE, 0x1D3FF,
0x1D455, 0x1D455,
0x1D49D, 0x1D49D,
0x1D4A0, 0x1D4A1,
0x1D4A3, 0x1D4A4,
0x1D4A7, 0x1D4A8,
0x1D4AD, 0x1D4AD,
0x1D4BA, 0x1D4BA,
0x1D4BC, 0x1D4BC,
0x1D4C1, 0x1D4C1,
0x1D4C4, 0x1D4C4,
0x1D506, 0x1D506,
0x1D50B, 0x1D50C,
0x1D515, 0x1D515,
0x1D51D, 0x1D51D,
0x1D53A, 0x1D53A,
0x1D53F, 0x1D53F,
0x1D545, 0x1D545,
0x1D547, 0x1D549,
0x1D551, 0x1D551,
0x1D6A4, 0x1D6A7,
0x1D7CA, 0x1D7CD,
0x1D800, 0x1FFFD,
0x2A6D7, 0x2F7FF,
0x2FA1E, 0x2FFFD,
0x30000, 0x3FFFD,
0x40000, 0x4FFFD,
0x50000, 0x5FFFD,
0x60000, 0x6FFFD,
0x70000, 0x7FFFD,
0x80000, 0x8FFFD,
0x90000, 0x9FFFD,
0xA0000, 0xAFFFD,
0xB0000, 0xBFFFD,
0xC0000, 0xCFFFD,
0xD0000, 0xDFFFD,
0xE0000, 0xE0000,
0xE0002, 0xE001F,
0xE0080, 0xEFFFD
};
/* D.1 Characters with bidirectional property "R" or "AL" */
static const pg_wchar RandALCat_codepoint_ranges[] =
{
0x05BE, 0x05BE,
0x05C0, 0x05C0,
0x05C3, 0x05C3,
0x05D0, 0x05EA,
0x05F0, 0x05F4,
0x061B, 0x061B,
0x061F, 0x061F,
0x0621, 0x063A,
0x0640, 0x064A,
0x066D, 0x066F,
0x0671, 0x06D5,
0x06DD, 0x06DD,
0x06E5, 0x06E6,
0x06FA, 0x06FE,
0x0700, 0x070D,
0x0710, 0x0710,
0x0712, 0x072C,
0x0780, 0x07A5,
0x07B1, 0x07B1,
0x200F, 0x200F,
0xFB1D, 0xFB1D,
0xFB1F, 0xFB28,
0xFB2A, 0xFB36,
0xFB38, 0xFB3C,
0xFB3E, 0xFB3E,
0xFB40, 0xFB41,
0xFB43, 0xFB44,
0xFB46, 0xFBB1,
0xFBD3, 0xFD3D,
0xFD50, 0xFD8F,
0xFD92, 0xFDC7,
0xFDF0, 0xFDFC,
0xFE70, 0xFE74,
0xFE76, 0xFEFC
};
/* D.2 Characters with bidirectional property "L" */
static const pg_wchar LCat_codepoint_ranges[] =
{
0x0041, 0x005A,
0x0061, 0x007A,
0x00AA, 0x00AA,
0x00B5, 0x00B5,
0x00BA, 0x00BA,
0x00C0, 0x00D6,
0x00D8, 0x00F6,
0x00F8, 0x0220,
0x0222, 0x0233,
0x0250, 0x02AD,
0x02B0, 0x02B8,
0x02BB, 0x02C1,
0x02D0, 0x02D1,
0x02E0, 0x02E4,
0x02EE, 0x02EE,
0x037A, 0x037A,
0x0386, 0x0386,
0x0388, 0x038A,
0x038C, 0x038C,
0x038E, 0x03A1,
0x03A3, 0x03CE,
0x03D0, 0x03F5,
0x0400, 0x0482,
0x048A, 0x04CE,
0x04D0, 0x04F5,
0x04F8, 0x04F9,
0x0500, 0x050F,
0x0531, 0x0556,
0x0559, 0x055F,
0x0561, 0x0587,
0x0589, 0x0589,
0x0903, 0x0903,
0x0905, 0x0939,
0x093D, 0x0940,
0x0949, 0x094C,
0x0950, 0x0950,
0x0958, 0x0961,
0x0964, 0x0970,
0x0982, 0x0983,
0x0985, 0x098C,
0x098F, 0x0990,
0x0993, 0x09A8,
0x09AA, 0x09B0,
0x09B2, 0x09B2,
0x09B6, 0x09B9,
0x09BE, 0x09C0,
0x09C7, 0x09C8,
0x09CB, 0x09CC,
0x09D7, 0x09D7,
0x09DC, 0x09DD,
0x09DF, 0x09E1,
0x09E6, 0x09F1,
0x09F4, 0x09FA,
0x0A05, 0x0A0A,
0x0A0F, 0x0A10,
0x0A13, 0x0A28,
0x0A2A, 0x0A30,
0x0A32, 0x0A33,
0x0A35, 0x0A36,
0x0A38, 0x0A39,
0x0A3E, 0x0A40,
0x0A59, 0x0A5C,
0x0A5E, 0x0A5E,
0x0A66, 0x0A6F,
0x0A72, 0x0A74,
0x0A83, 0x0A83,
0x0A85, 0x0A8B,
0x0A8D, 0x0A8D,
0x0A8F, 0x0A91,
0x0A93, 0x0AA8,
0x0AAA, 0x0AB0,
0x0AB2, 0x0AB3,
0x0AB5, 0x0AB9,
0x0ABD, 0x0AC0,
0x0AC9, 0x0AC9,
0x0ACB, 0x0ACC,
0x0AD0, 0x0AD0,
0x0AE0, 0x0AE0,
0x0AE6, 0x0AEF,
0x0B02, 0x0B03,
0x0B05, 0x0B0C,
0x0B0F, 0x0B10,
0x0B13, 0x0B28,
0x0B2A, 0x0B30,
0x0B32, 0x0B33,
0x0B36, 0x0B39,
0x0B3D, 0x0B3E,
0x0B40, 0x0B40,
0x0B47, 0x0B48,
0x0B4B, 0x0B4C,
0x0B57, 0x0B57,
0x0B5C, 0x0B5D,
0x0B5F, 0x0B61,
0x0B66, 0x0B70,
0x0B83, 0x0B83,
0x0B85, 0x0B8A,
0x0B8E, 0x0B90,
0x0B92, 0x0B95,
0x0B99, 0x0B9A,
0x0B9C, 0x0B9C,
0x0B9E, 0x0B9F,
0x0BA3, 0x0BA4,
0x0BA8, 0x0BAA,
0x0BAE, 0x0BB5,
0x0BB7, 0x0BB9,
0x0BBE, 0x0BBF,
0x0BC1, 0x0BC2,
0x0BC6, 0x0BC8,
0x0BCA, 0x0BCC,
0x0BD7, 0x0BD7,
0x0BE7, 0x0BF2,
0x0C01, 0x0C03,
0x0C05, 0x0C0C,
0x0C0E, 0x0C10,
0x0C12, 0x0C28,
0x0C2A, 0x0C33,
0x0C35, 0x0C39,
0x0C41, 0x0C44,
0x0C60, 0x0C61,
0x0C66, 0x0C6F,
0x0C82, 0x0C83,
0x0C85, 0x0C8C,
0x0C8E, 0x0C90,
0x0C92, 0x0CA8,
0x0CAA, 0x0CB3,
0x0CB5, 0x0CB9,
0x0CBE, 0x0CBE,
0x0CC0, 0x0CC4,
0x0CC7, 0x0CC8,
0x0CCA, 0x0CCB,
0x0CD5, 0x0CD6,
0x0CDE, 0x0CDE,
0x0CE0, 0x0CE1,
0x0CE6, 0x0CEF,
0x0D02, 0x0D03,
0x0D05, 0x0D0C,
0x0D0E, 0x0D10,
0x0D12, 0x0D28,
0x0D2A, 0x0D39,
0x0D3E, 0x0D40,
0x0D46, 0x0D48,
0x0D4A, 0x0D4C,
0x0D57, 0x0D57,
0x0D60, 0x0D61,
0x0D66, 0x0D6F,
0x0D82, 0x0D83,
0x0D85, 0x0D96,
0x0D9A, 0x0DB1,
0x0DB3, 0x0DBB,
0x0DBD, 0x0DBD,
0x0DC0, 0x0DC6,
0x0DCF, 0x0DD1,
0x0DD8, 0x0DDF,
0x0DF2, 0x0DF4,
0x0E01, 0x0E30,
0x0E32, 0x0E33,
0x0E40, 0x0E46,
0x0E4F, 0x0E5B,
0x0E81, 0x0E82,
0x0E84, 0x0E84,
0x0E87, 0x0E88,
0x0E8A, 0x0E8A,
0x0E8D, 0x0E8D,
0x0E94, 0x0E97,
0x0E99, 0x0E9F,
0x0EA1, 0x0EA3,
0x0EA5, 0x0EA5,
0x0EA7, 0x0EA7,
0x0EAA, 0x0EAB,
0x0EAD, 0x0EB0,
0x0EB2, 0x0EB3,
0x0EBD, 0x0EBD,
0x0EC0, 0x0EC4,
0x0EC6, 0x0EC6,
0x0ED0, 0x0ED9,
0x0EDC, 0x0EDD,
0x0F00, 0x0F17,
0x0F1A, 0x0F34,
0x0F36, 0x0F36,
0x0F38, 0x0F38,
0x0F3E, 0x0F47,
0x0F49, 0x0F6A,
0x0F7F, 0x0F7F,
0x0F85, 0x0F85,
0x0F88, 0x0F8B,
0x0FBE, 0x0FC5,
0x0FC7, 0x0FCC,
0x0FCF, 0x0FCF,
0x1000, 0x1021,
0x1023, 0x1027,
0x1029, 0x102A,
0x102C, 0x102C,
0x1031, 0x1031,
0x1038, 0x1038,
0x1040, 0x1057,
0x10A0, 0x10C5,
0x10D0, 0x10F8,
0x10FB, 0x10FB,
0x1100, 0x1159,
0x115F, 0x11A2,
0x11A8, 0x11F9,
0x1200, 0x1206,
0x1208, 0x1246,
0x1248, 0x1248,
0x124A, 0x124D,
0x1250, 0x1256,
0x1258, 0x1258,
0x125A, 0x125D,
0x1260, 0x1286,
0x1288, 0x1288,
0x128A, 0x128D,
0x1290, 0x12AE,
0x12B0, 0x12B0,
0x12B2, 0x12B5,
0x12B8, 0x12BE,
0x12C0, 0x12C0,
0x12C2, 0x12C5,
0x12C8, 0x12CE,
0x12D0, 0x12D6,
0x12D8, 0x12EE,
0x12F0, 0x130E,
0x1310, 0x1310,
0x1312, 0x1315,
0x1318, 0x131E,
0x1320, 0x1346,
0x1348, 0x135A,
0x1361, 0x137C,
0x13A0, 0x13F4,
0x1401, 0x1676,
0x1681, 0x169A,
0x16A0, 0x16F0,
0x1700, 0x170C,
0x170E, 0x1711,
0x1720, 0x1731,
0x1735, 0x1736,
0x1740, 0x1751,
0x1760, 0x176C,
0x176E, 0x1770,
0x1780, 0x17B6,
0x17BE, 0x17C5,
0x17C7, 0x17C8,
0x17D4, 0x17DA,
0x17DC, 0x17DC,
0x17E0, 0x17E9,
0x1810, 0x1819,
0x1820, 0x1877,
0x1880, 0x18A8,
0x1E00, 0x1E9B,
0x1EA0, 0x1EF9,
0x1F00, 0x1F15,
0x1F18, 0x1F1D,
0x1F20, 0x1F45,
0x1F48, 0x1F4D,
0x1F50, 0x1F57,
0x1F59, 0x1F59,
0x1F5B, 0x1F5B,
0x1F5D, 0x1F5D,
0x1F5F, 0x1F7D,
0x1F80, 0x1FB4,
0x1FB6, 0x1FBC,
0x1FBE, 0x1FBE,
0x1FC2, 0x1FC4,
0x1FC6, 0x1FCC,
0x1FD0, 0x1FD3,
0x1FD6, 0x1FDB,
0x1FE0, 0x1FEC,
0x1FF2, 0x1FF4,
0x1FF6, 0x1FFC,
0x200E, 0x200E,
0x2071, 0x2071,
0x207F, 0x207F,
0x2102, 0x2102,
0x2107, 0x2107,
0x210A, 0x2113,
0x2115, 0x2115,
0x2119, 0x211D,
0x2124, 0x2124,
0x2126, 0x2126,
0x2128, 0x2128,
0x212A, 0x212D,
0x212F, 0x2131,
0x2133, 0x2139,
0x213D, 0x213F,
0x2145, 0x2149,
0x2160, 0x2183,
0x2336, 0x237A,
0x2395, 0x2395,
0x249C, 0x24E9,
0x3005, 0x3007,
0x3021, 0x3029,
0x3031, 0x3035,
0x3038, 0x303C,
0x3041, 0x3096,
0x309D, 0x309F,
0x30A1, 0x30FA,
0x30FC, 0x30FF,
0x3105, 0x312C,
0x3131, 0x318E,
0x3190, 0x31B7,
0x31F0, 0x321C,
0x3220, 0x3243,
0x3260, 0x327B,
0x327F, 0x32B0,
0x32C0, 0x32CB,
0x32D0, 0x32FE,
0x3300, 0x3376,
0x337B, 0x33DD,
0x33E0, 0x33FE,
0x3400, 0x4DB5,
0x4E00, 0x9FA5,
0xA000, 0xA48C,
0xAC00, 0xD7A3,
0xD800, 0xFA2D,
0xFA30, 0xFA6A,
0xFB00, 0xFB06,
0xFB13, 0xFB17,
0xFF21, 0xFF3A,
0xFF41, 0xFF5A,
0xFF66, 0xFFBE,
0xFFC2, 0xFFC7,
0xFFCA, 0xFFCF,
0xFFD2, 0xFFD7,
0xFFDA, 0xFFDC,
0x10300, 0x1031E,
0x10320, 0x10323,
0x10330, 0x1034A,
0x10400, 0x10425,
0x10428, 0x1044D,
0x1D000, 0x1D0F5,
0x1D100, 0x1D126,
0x1D12A, 0x1D166,
0x1D16A, 0x1D172,
0x1D183, 0x1D184,
0x1D18C, 0x1D1A9,
0x1D1AE, 0x1D1DD,
0x1D400, 0x1D454,
0x1D456, 0x1D49C,
0x1D49E, 0x1D49F,
0x1D4A2, 0x1D4A2,
0x1D4A5, 0x1D4A6,
0x1D4A9, 0x1D4AC,
0x1D4AE, 0x1D4B9,
0x1D4BB, 0x1D4BB,
0x1D4BD, 0x1D4C0,
0x1D4C2, 0x1D4C3,
0x1D4C5, 0x1D505,
0x1D507, 0x1D50A,
0x1D50D, 0x1D514,
0x1D516, 0x1D51C,
0x1D51E, 0x1D539,
0x1D53B, 0x1D53E,
0x1D540, 0x1D544,
0x1D546, 0x1D546,
0x1D54A, 0x1D550,
0x1D552, 0x1D6A3,
0x1D6A8, 0x1D7C9,
0x20000, 0x2A6D6,
0x2F800, 0x2FA1D,
0xF0000, 0xFFFFD,
0x100000, 0x10FFFD
};
/* End of stringprep tables */
/* Is the given Unicode codepoint in the given table of ranges? */
#define IS_CODE_IN_TABLE(code, map) is_code_in_table(code, map, lengthof(map))
static int
codepoint_range_cmp(const void *a, const void *b)
{
const pg_wchar *key = (const pg_wchar *) a;
const pg_wchar *range = (const pg_wchar *) b;
if (*key < range[0])
return -1; /* less than lower bound */
if (*key > range[1])
return 1; /* greater than upper bound */
return 0; /* within range */
}
static bool
is_code_in_table(pg_wchar code, const pg_wchar *map, int mapsize)
{
Assert(mapsize % 2 == 0);
if (code < map[0] || code > map[mapsize - 1])
return false;
if (bsearch(&code, map, mapsize / 2, sizeof(pg_wchar) * 2,
codepoint_range_cmp))
return true;
else
return false;
}
/*
* Calculate the length in characters of a null-terminated UTF-8 string.
*
* Returns -1 if the input is not valid UTF-8.
*/
static int
pg_utf8_string_len(const char *source)
{
const unsigned char *p = (const unsigned char *) source;
int l;
int num_chars = 0;
while (*p)
{
l = pg_utf_mblen(p);
if (!pg_utf8_islegal(p, l))
return -1;
p += l;
num_chars++;
}
return num_chars;
}
/*
* Returns true if the input string is pure ASCII.
*/
static bool
pg_is_ascii_string(const char *p)
{
while (*p)
{
if (IS_HIGHBIT_SET(*p))
return false;
p++;
}
return true;
}
/*
* pg_saslprep - Normalize a password with SASLprep.
*
* SASLprep requires the input to be in UTF-8 encoding, but PostgreSQL
* supports many encodings, so we don't blindly assume that. pg_saslprep
* will check if the input looks like valid UTF-8, and returns
* SASLPREP_INVALID_UTF8 if not.
*
* If the string contains prohibited characters (or more precisely, if the
* output string would contain prohibited characters after normalization),
* returns SASLPREP_PROHIBITED.
*
* On success, returns SASLPREP_SUCCESS, and the normalized string in
* *output.
*
* In frontend, the normalized string is malloc'd, and the caller is
* responsible for freeing it. If an allocation fails, returns
* SASLPREP_OOM. In backend, the normalized string is palloc'd instead,
* and a failed allocation leads to ereport(ERROR).
*/
pg_saslprep_rc
pg_saslprep(const char *input, char **output)
{
pg_wchar *input_chars = NULL;
pg_wchar *output_chars = NULL;
int input_size;
char *result;
int result_size;
int count;
int i;
bool contains_RandALCat;
unsigned char *p;
pg_wchar *wp;
/* Check that the password isn't stupendously long */
if (strlen(input) > MAX_PASSWORD_LENGTH)
{
#ifndef FRONTEND
ereport(ERROR,
(errcode(ERRCODE_PROGRAM_LIMIT_EXCEEDED),
errmsg("password too long")));
#else
return SASLPREP_OOM;
#endif
}
/*
* Quick check if the input is pure ASCII. An ASCII string requires
* no further processing.
*/
if (pg_is_ascii_string(input))
{
*output = STRDUP(input);
if (!(*output))
goto oom;
return SASLPREP_SUCCESS;
}
/*
* Convert the input from UTF-8 to an array of Unicode codepoints.
*
* This also checks that the input is a legal UTF-8 string.
*/
input_size = pg_utf8_string_len(input);
if (input_size < 0)
{
*output = NULL;
return SASLPREP_INVALID_UTF8;
}
input_chars = ALLOC((input_size + 1) * sizeof(pg_wchar));
if (!input_chars)
goto oom;
p = (unsigned char *) input;
for (i = 0; i < input_size; i++)
{
input_chars[i] = utf8_to_unicode(p);
p += pg_utf_mblen(p);
}
input_chars[i] = (pg_wchar) '\0';
/*
* The steps below correspond to the steps listed in [RFC3454], Section
* "2. Preparation Overview"
*/
/*
* 1) Map -- For each character in the input, check if it has a mapping
* and, if so, replace it with its mapping.
*/
count = 0;
for (i = 0; i < input_size; i++)
{
pg_wchar code = input_chars[i];
if (IS_CODE_IN_TABLE(code, non_ascii_space_ranges))
input_chars[count++] = 0x0020;
else if (IS_CODE_IN_TABLE(code, commonly_mapped_to_nothing_ranges))
{
/* map to nothing */
}
else
input_chars[count++] = code;
}
input_chars[count] = (pg_wchar) '\0';
input_size = count;
if (input_size == 0)
goto prohibited; /* don't allow empty password */
/*
* 2) Normalize -- Normalize the result of step 1 using Unicode
* normalization.
*/
output_chars = unicode_normalize_kc(input_chars);
if (!output_chars)
goto oom;
/*
* 3) Prohibit -- Check for any characters that are not allowed in the
* output. If any are found, return an error.
*/
for (i = 0; i < input_size; i++)
{
pg_wchar code = input_chars[i];
if (IS_CODE_IN_TABLE(code, prohibited_output_ranges))
goto prohibited;
if (IS_CODE_IN_TABLE(code, unassigned_codepoint_ranges))
goto prohibited;
}
/*
* 4) Check bidi -- Possibly check for right-to-left characters, and if
* any are found, make sure that the whole string satisfies the
* requirements for bidirectional strings. If the string does not satisfy
* the requirements for bidirectional strings, return an error.
*
* [RFC3454], Section "6. Bidirectional Characters" explains in more
* detail what that means:
*
* "In any profile that specifies bidirectional character handling, all
* three of the following requirements MUST be met:
*
* 1) The characters in section 5.8 MUST be prohibited.
*
* 2) If a string contains any RandALCat character, the string MUST NOT
* contain any LCat character.
*
* 3) If a string contains any RandALCat character, a RandALCat character
* MUST be the first character of the string, and a RandALCat character
* MUST be the last character of the string."
*/
contains_RandALCat = false;
for (i = 0; i < input_size; i++)
{
pg_wchar code = input_chars[i];
if (IS_CODE_IN_TABLE(code, RandALCat_codepoint_ranges))
{
contains_RandALCat = true;
break;
}
}
if (contains_RandALCat)
{
pg_wchar first = input_chars[0];
pg_wchar last = input_chars[input_size - 1];
for (i = 0; i < input_size; i++)
{
pg_wchar code = input_chars[i];
if (IS_CODE_IN_TABLE(code, LCat_codepoint_ranges))
goto prohibited;
}
if (!IS_CODE_IN_TABLE(first, RandALCat_codepoint_ranges) ||
!IS_CODE_IN_TABLE(last, RandALCat_codepoint_ranges))
goto prohibited;
}
/*
* Finally, convert the result back to UTF-8.
*/
result_size = 0;
for (wp = output_chars; *wp; wp++)
{
unsigned char buf[4];
unicode_to_utf8(*wp, buf);
result_size += pg_utf_mblen(buf);
}
result = ALLOC(result_size + 1);
if (!result)
goto oom;
p = (unsigned char *) result;
for (wp = output_chars; *wp; wp++)
{
unicode_to_utf8(*wp, p);
p += pg_utf_mblen(p);
}
Assert((char *) p == result + result_size);
*p = '\0';
FREE(input_chars);
FREE(output_chars);
*output = result;
return SASLPREP_SUCCESS;
prohibited:
if (input_chars)
FREE(input_chars);
if (output_chars)
FREE(output_chars);
return SASLPREP_PROHIBITED;
oom:
if (input_chars)
FREE(input_chars);
if (output_chars)
FREE(output_chars);
return SASLPREP_OOM;
}
...@@ -147,29 +147,10 @@ scram_H(const uint8 *input, int len, uint8 *result) ...@@ -147,29 +147,10 @@ scram_H(const uint8 *input, int len, uint8 *result)
pg_sha256_final(&ctx, result); pg_sha256_final(&ctx, result);
} }
/*
* Encrypt password for SCRAM authentication. This basically applies the
* normalization of the password and a hash calculation using the salt
* value given by caller.
*/
static void
scram_SaltedPassword(const char *password, const char *salt, int saltlen, int iterations,
uint8 *result)
{
/*
* XXX: Here SASLprep should be applied on password. However, per RFC5802,
* it is required that the password is encoded in UTF-8, something that is
* not guaranteed in this protocol. We may want to revisit this
* normalization function once encoding functions are available as well in
* the frontend in order to be able to encode properly this string, and
* then apply SASLprep on it.
*/
scram_Hi(password, salt, saltlen, iterations, result);
}
/* /*
* Calculate ClientKey or ServerKey. * Calculate ClientKey or ServerKey.
*
* The password should already be normalized by SASLprep.
*/ */
void void
scram_ClientOrServerKey(const char *password, scram_ClientOrServerKey(const char *password,
...@@ -179,7 +160,7 @@ scram_ClientOrServerKey(const char *password, ...@@ -179,7 +160,7 @@ scram_ClientOrServerKey(const char *password,
uint8 keybuf[SCRAM_KEY_LEN]; uint8 keybuf[SCRAM_KEY_LEN];
scram_HMAC_ctx ctx; scram_HMAC_ctx ctx;
scram_SaltedPassword(password, salt, saltlen, iterations, keybuf); scram_Hi(password, salt, saltlen, iterations, keybuf);
scram_HMAC_init(&ctx, keybuf, SCRAM_KEY_LEN); scram_HMAC_init(&ctx, keybuf, SCRAM_KEY_LEN);
scram_HMAC_update(&ctx, keystr, strlen(keystr)); scram_HMAC_update(&ctx, keystr, strlen(keystr));
scram_HMAC_final(result, &ctx); scram_HMAC_final(result, &ctx);
......
/norm_test
/norm_test_table.h
# Files downloaded from the Unicode Character Database
/CompositionExclusions.txt
/NormalizationTest.txt
/UnicodeData.txt
#-------------------------------------------------------------------------
#
# Makefile
# Makefile for src/common/unicode
#
# IDENTIFICATION
# src/common/unicode/Makefile
#
#-------------------------------------------------------------------------
subdir = src/common/unicode
top_builddir = ../../..
include $(top_builddir)/src/Makefile.global
override CPPFLAGS := -DFRONTEND $(CPPFLAGS)
LIBS += $(PTHREAD_LIBS)
# By default, do nothing.
all:
DOWNLOAD = wget -O $@ --no-use-server-timestamps
# These files are part of the Unicode Character Database. Download
# them on demand.
UnicodeData.txt CompositionExclusions.txt NormalizationTest.txt:
$(DOWNLOAD) http://unicode.org/Public/UNIDATA/$(@F)
# Generation of conversion tables used for string normalization with
# UTF-8 strings.
unicode_norm_table.h: generate-unicode_norm_table.pl UnicodeData.txt CompositionExclusions.txt
$(PERL) generate-unicode_norm_table.pl
# Test suite
normalization-check: norm_test
./norm_test
norm_test: norm_test.o ../unicode_norm.o
norm_test.o: norm_test_table.h
norm_test_table.h: generate-norm_test_table.pl NormalizationTest.txt
perl generate-norm_test_table.pl NormalizationTest.txt $@
.PHONY: normalization-check
clean:
rm -f $(OBJS) norm_test norm_test.o
distclean: clean
rm -f UnicodeData.txt CompositionExclusions.txt NormalizationTest.txt norm_test_table.h unicode_norm_table.h
maintainer-clean: distclean
This directory contains tools to generate the tables in
src/include/common/unicode_norm.h, used for Unicode normalization. The
generated .h file is included in the source tree, so these are normally not
needed to build PostgreSQL, only if you need to re-generate the .h file
from the Unicode data files for some reason, e.g. to update to a new version
of Unicode.
Generating unicode_norm_table.h
-------------------------------
1. Download the Unicode data file, UnicodeData.txt, from the Unicode
consortium and place it to the current directory. Run the perl script
"norm_test_generate.pl", to process it, and to generate the
"unicode_norm_table.h" file. The Makefile contains a rule to download the
data files if they don't exist.
make unicode_norm_table.h
2. Inspect the resulting header file. Once you're happy with it, copy it to
the right location.
cp unicode_norm_table.h ../../../src/include/common/
Tests
-----
The Unicode consortium publishes a comprehensive test suite for the
normalization algorithm, in a file called NormalizationTest.txt. This
directory also contains a perl script and some C code, to run our
normalization code with all the test strings in NormalizationTest.txt.
To download NormalizationTest.txt and run the tests:
make normalization-check
#!/usr/bin/perl
#
# Read Unicode consortium's normalization test suite, NormalizationTest.txt,
# and generate a C array from it, for norm_test.c.
#
# NormalizationTest.txt is part of the Unicode Character Database.
#
# Copyright (c) 2000-2017, PostgreSQL Global Development Group
use strict;
use warnings;
use File::Basename;
die "Usage: $0 INPUT_FILE OUTPUT_FILE\n" if @ARGV != 2;
my $input_file = $ARGV[0];
my $output_file = $ARGV[1];
my $output_base = basename($output_file);
# Open the input and output files
open my $INPUT, $input_file
or die "Could not open input file $input_file: $!";
open my $OUTPUT, "> $output_file"
or die "Could not open output file $output_file: $!\n";
# Print header of output file.
print $OUTPUT <<HEADER;
/*-------------------------------------------------------------------------
*
* norm_test_table.h
* Test strings for Unicode normalization.
*
* Portions Copyright (c) 1996-2017, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* src/common/unicode/norm_test_table.h
*
*-------------------------------------------------------------------------
*/
/*
* File auto-generated by src/common/unicode/generate-norm_test_table.pl, do
* not edit. There is deliberately not an #ifndef PG_NORM_TEST_TABLE_H
* here.
*/
typedef struct
{
int linenum;
pg_wchar input[50];
pg_wchar output[50];
} pg_unicode_test;
/* test table */
HEADER
print $OUTPUT
"static const pg_unicode_test UnicodeNormalizationTests[] =\n{\n";
# Helper routine to conver a space-separated list of Unicode characters to
# hexadecimal list format, suitable for outputting in a C array.
sub codepoint_string_to_hex
{
my $codepoint_string = shift;
my $result;
foreach (split(' ', $codepoint_string))
{
my $cp = $_;
my $utf8 = "0x$cp, ";
$result .= $utf8;
}
$result .= '0'; # null-terminated the array
return $result;
}
# Process the input file line by line
my $linenum = 0;
while (my $line = <$INPUT>)
{
$linenum = $linenum + 1;
if ($line =~ /^\s*#/) { next; } # ignore comments
if ($line =~ /^@/) { next; } # ignore @Part0 like headers
# Split the line wanted and get the fields needed:
#
# source; NFC; NFD; NFKC; NFKD
my ($source, $nfc, $nfd, $nfkc, $nfkd) = split(';', $line);
my $source_utf8 = codepoint_string_to_hex($source);
my $nfkc_utf8 = codepoint_string_to_hex($nfkc);
print $OUTPUT "\t{ $linenum, { $source_utf8 }, { $nfkc_utf8 } },\n";
}
# Output terminator entry
print $OUTPUT "\t{ 0, { 0 }, { 0 } }";
print $OUTPUT "\n};\n";
close $OUTPUT;
close $INPUT;
#!/usr/bin/perl
#
# Generate a composition table, using Unicode data files as input
#
# Input: UnicodeData.txt and CompositionExclusions.txt
# Output: unicode_norm_table.h
#
# Copyright (c) 2000-2017, PostgreSQL Global Development Group
use strict;
use warnings;
my $output_file = "unicode_norm_table.h";
my $FH;
# Read list of codes that should be excluded from re-composition.
my @composition_exclusion_codes = ();
open($FH, "CompositionExclusions.txt")
or die "Could not open CompositionExclusions.txt: $!.";
while (my $line = <$FH>)
{
if ($line =~ /^([[:xdigit:]]+)/)
{
push @composition_exclusion_codes, $1;
}
}
close $FH;
# Read entries from UnicodeData.txt into a list, and a hash table. We need
# three fields from each row: the codepoint, canonical combining class,
# and character decomposition mapping
my @characters = ();
my %character_hash = ();
open($FH, "UnicodeData.txt") or die "Could not open UnicodeData.txt: $!.";
while (my $line = <$FH>)
{
# Split the line wanted and get the fields needed:
# - Unicode code value
# - Canonical Combining Class
# - Character Decomposition Mapping
my @elts = split(';', $line);
my $code = $elts[0];
my $class = $elts[3];
my $decomp = $elts[5];
# Skip codepoints above U+10FFFF. They cannot be represented in 4 bytes
# in UTF-8, and PostgreSQL doesn't support UTF-8 characters longer than
# 4 bytes. (This is just pro forma, as there aren't any such entries in
# the data file, currently.)
next if hex($code) > 0x10FFFF;
# Skip characters with no decompositions and a class of 0, to reduce the
# table size.
next if $class eq '0' && $decomp eq '';
my %char_entry = (code => $code, class => $class, decomp => $decomp);
push(@characters, \%char_entry);
$character_hash{$code} = \%char_entry;
}
close $FH;
my $num_characters = scalar @characters;
# Start writing out the output file
open my $OUTPUT, "> $output_file"
or die "Could not open output file $output_file: $!\n";
print $OUTPUT <<HEADER;
/*-------------------------------------------------------------------------
*
* unicode_norm_table.h
* Composition table used for Unicode normalization
*
* Portions Copyright (c) 1996-2017, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* src/include/common/unicode_norm_table.h
*
*-------------------------------------------------------------------------
*/
/*
* File auto-generated by src/common/unicode/generate-unicode_norm_table.pl,
* do not edit. There is deliberately not an #ifndef PG_UNICODE_NORM_TABLE_H
* here.
*/
typedef struct
{
uint32 codepoint; /* Unicode codepoint */
uint8 class; /* combining class of character */
uint8 dec_size_flags; /* size and flags of decomposition code list */
uint16 dec_index; /* index into UnicodeDecomp_codepoints, or the
* decomposition itself if DECOMP_INLINE */
} pg_unicode_decomposition;
#define DECOMP_NO_COMPOSE 0x80 /* don't use for re-composition */
#define DECOMP_INLINE 0x40 /* decomposition is stored inline in dec_index */
#define DECOMPOSITION_SIZE(x) ((x)->dec_size_flags & 0x3F)
#define DECOMPOSITION_NO_COMPOSE(x) (((x)->dec_size_flags & DECOMP_NO_COMPOSE) != 0)
#define DECOMPOSITION_IS_INLINE(x) (((x)->dec_size_flags & DECOMP_INLINE) != 0)
/* Table of Unicode codepoints and their decompositions */
static const pg_unicode_decomposition UnicodeDecompMain[$num_characters] =
{
HEADER
my $decomp_index = 0;
my $decomp_string = "";
my $last_code = $characters[-1]->{code};
foreach my $char (@characters)
{
my $code = $char->{code};
my $class = $char->{class};
my $decomp = $char->{decomp};
# The character decomposition mapping field in UnicodeData.txt is a list
# of unicode codepoints, separated by space. But it can be prefixed with
# so-called compatibility formatting tag, like "<compat>", or "<font>".
# The entries with compatibility formatting tags should not be used for
# re-composing characters during normalization, so flag them in the table.
# (The tag doesn't matter, only whether there is a tag or not)
my $compat = 0;
if ($decomp =~ /\<.*\>/)
{
$compat = 1;
$decomp =~ s/\<[^][]*\>//g;
}
my @decomp_elts = split(" ", $decomp);
# Decomposition size
# Print size of decomposition
my $decomp_size = scalar(@decomp_elts);
my $first_decomp = shift @decomp_elts;
my $flags = "";
my $comment = "";
if ($decomp_size == 2)
{
# Should this be used for recomposition?
if ($compat)
{
$flags .= " | DECOMP_NO_COMPOSE";
$comment = "compatibility mapping";
}
elsif ($character_hash{$first_decomp}
&& $character_hash{$first_decomp}->{class} != 0)
{
$flags .= " | DECOMP_NO_COMPOSE";
$comment = "non-starter decomposition";
}
else
{
foreach my $lcode (@composition_exclusion_codes)
{
if ($lcode eq $char->{code})
{
$flags .= " | DECOMP_NO_COMPOSE";
$comment = "in exclusion list";
last;
}
}
}
}
if ($decomp_size == 0)
{
print $OUTPUT "\t{0x$code, $class, 0$flags, 0}";
}
elsif ($decomp_size == 1 && length($first_decomp) <= 4)
{
# The decomposition consists of a single codepoint, and it fits
# in a uint16, so we can store it "inline" in the main table.
$flags .= " | DECOMP_INLINE";
print $OUTPUT "\t{0x$code, $class, 1$flags, 0x$first_decomp}";
}
else
{
print $OUTPUT
"\t{0x$code, $class, $decomp_size$flags, $decomp_index}";
# Now save the decompositions into a dedicated area that will
# be written afterwards. First build the entry dedicated to
# a sub-table with the code and decomposition.
$decomp_string .= ",\n" if ($decomp_string ne "");
$decomp_string .= "\t /* $decomp_index */ 0x$first_decomp";
foreach (@decomp_elts)
{
$decomp_string .= ", 0x$_";
}
$decomp_index = $decomp_index + $decomp_size;
}
# Print a comma after all items except the last one.
print $OUTPUT "," unless ($code eq $last_code);
if ($comment ne "")
{
# If the line is wide already, indent the comment with one tab,
# otherwise with two. This is to make the output match the way
# pgindent would mangle it. (This is quite hacky. To do this
# properly, we should actually track how long the line is so far,
# but this works for now.)
print $OUTPUT "\t" if ($decomp_index < 10);
print $OUTPUT "\t/* $comment */" if ($comment ne "");
}
print $OUTPUT "\n";
}
print $OUTPUT "\n};\n\n";
# Print the array of decomposed codes.
print $OUTPUT <<HEADER;
/* codepoints array */
static const uint32 UnicodeDecomp_codepoints[$decomp_index] =
{
$decomp_string
};
HEADER
close $OUTPUT;
/*-------------------------------------------------------------------------
* norm_test.c
* Program to test Unicode normalization functions.
*
* Portions Copyright (c) 2017, PostgreSQL Global Development Group
*
* IDENTIFICATION
* src/common/unicode_norm.c
*
*-------------------------------------------------------------------------
*/
#include "postgres_fe.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "common/unicode_norm.h"
#include "norm_test_table.h"
static char *
print_wchar_str(const pg_wchar *s)
{
#define BUF_DIGITS 50
static char buf[BUF_DIGITS * 2 + 1];
int i;
i = 0;
while (*s && i < BUF_DIGITS)
{
snprintf(&buf[i * 2], 3, "%04X", *s);
i++;
s++;
}
buf[i * 2] = '\0';
return buf;
}
static int
pg_wcscmp(const pg_wchar *s1, const pg_wchar *s2)
{
for (;;)
{
if (*s1 < *s2)
return -1;
if (*s1 > *s2)
return 1;
if (*s1 == 0)
return 0;
s1++;
s2++;
}
}
int
main(int argc, char **argv)
{
const pg_unicode_test *test;
for (test = UnicodeNormalizationTests; test->input[0] != 0; test++)
{
pg_wchar *result;
result = unicode_normalize_kc(test->input);
if (pg_wcscmp(test->output, result) != 0)
{
printf("FAILURE (Normalizationdata.txt line %d):\n", test->linenum);
printf("input:\t%s\n", print_wchar_str(test->input));
printf("expected:\t%s\n", print_wchar_str(test->output));
printf("got\t%s\n", print_wchar_str(result));
printf("\n");
exit(1);
}
}
printf("All tests successful!\n");
exit(0);
}
/*-------------------------------------------------------------------------
* unicode_norm.c
* Normalize a Unicode string to NFKC form
*
* This implements Unicode normalization, per the documentation at
* http://www.unicode.org/reports/tr15/.
*
* Portions Copyright (c) 2017, PostgreSQL Global Development Group
*
* IDENTIFICATION
* src/common/unicode_norm.c
*
*-------------------------------------------------------------------------
*/
#ifndef FRONTEND
#include "postgres.h"
#else
#include "postgres_fe.h"
#endif
#include "common/unicode_norm.h"
#include "common/unicode_norm_table.h"
#ifndef FRONTEND
#define ALLOC(size) palloc(size)
#define FREE(size) pfree(size)
#else
#define ALLOC(size) malloc(size)
#define FREE(size) free(size)
#endif
/* Constants for calculations with Hangul characters */
#define SBASE 0xAC00 /* U+AC00 */
#define LBASE 0x1100 /* U+1100 */
#define VBASE 0x1161 /* U+1161 */
#define TBASE 0x11A7 /* U+11A7 */
#define LCOUNT 19
#define VCOUNT 21
#define TCOUNT 28
#define NCOUNT VCOUNT * TCOUNT
#define SCOUNT LCOUNT * NCOUNT
/* comparison routine for bsearch() of decomposition lookup table. */
static int
conv_compare(const void *p1, const void *p2)
{
uint32 v1,
v2;
v1 = *(const uint32 *) p1;
v2 = ((const pg_unicode_decomposition *) p2)->codepoint;
return (v1 > v2) ? 1 : ((v1 == v2) ? 0 : -1);
}
/*
* Get the entry corresponding to code in the decomposition lookup table.
*/
static pg_unicode_decomposition *
get_code_entry(pg_wchar code)
{
return bsearch(&(code),
(void *) UnicodeDecompMain,
lengthof(UnicodeDecompMain),
sizeof(pg_unicode_decomposition),
conv_compare);
}
/*
* Given a decomposition entry looked up earlier, get the decomposed
* characters.
*
* Note: the returned pointer can point to statically allocated buffer, and
* is only valid until next call to this function!
*/
static const pg_wchar *
get_code_decomposition(pg_unicode_decomposition * entry, int *dec_size)
{
static pg_wchar x;
if (DECOMPOSITION_IS_INLINE(entry))
{
Assert(DECOMPOSITION_SIZE(entry) == 1);
x = (pg_wchar) entry->dec_index;
*dec_size = 1;
return &x;
}
else
{
*dec_size = DECOMPOSITION_SIZE(entry);
return &UnicodeDecomp_codepoints[entry->dec_index];
}
}
/*
* Calculate how many characters a given character will decompose to.
*
* This needs to recurse, if the character decomposes into characters that
* are, in turn, decomposable.
*/
static int
get_decomposed_size(pg_wchar code)
{
pg_unicode_decomposition *entry;
int size = 0;
int i;
const uint32 *decomp;
int dec_size;
/*
* Fast path for Hangul characters not stored in tables to save memory as
* decomposition is algorithmic. See
* http://unicode.org/reports/tr15/tr15-18.html, annex 10 for details on
* the matter.
*/
if (code >= SBASE && code < SBASE + SCOUNT)
{
uint32 tindex,
sindex;
sindex = code - SBASE;
tindex = sindex % TCOUNT;
if (tindex != 0)
return 3;
return 2;
}
entry = get_code_entry(code);
/*
* Just count current code if no other decompositions. A NULL entry is
* equivalent to a character with class 0 and no decompositions.
*/
if (entry == NULL || DECOMPOSITION_SIZE(entry) == 0)
return 1;
/*
* If this entry has other decomposition codes look at them as well. First
* get its decomposition in the list of tables available.
*/
decomp = get_code_decomposition(entry, &dec_size);
for (i = 0; i < dec_size; i++)
{
uint32 lcode = decomp[i];
size += get_decomposed_size(lcode);
}
return size;
}
/*
* Recompose a set of characters. For hangul characters, the calculation
* is algorithmic. For others, an inverse lookup at the decomposition
* table is necessary. Returns true if a recomposition can be done, and
* false otherwise.
*/
static bool
recompose_code(uint32 start, uint32 code, uint32 *result)
{
/*
* Handle Hangul characters algorithmically, per the Unicode spec.
*
* Check if two current characters are L and V.
*/
if (start >= LBASE && start < LBASE + LCOUNT &&
code >= VBASE && code < VBASE + VCOUNT)
{
/* make syllable of form LV */
uint32 lindex = start - LBASE;
uint32 vindex = code - VBASE;
*result = SBASE + (lindex * VCOUNT + vindex) * TCOUNT;
return true;
}
/* Check if two current characters are LV and T */
else if (start >= SBASE && start < (SBASE + SCOUNT) &&
((start - SBASE) % TCOUNT) == 0 &&
code >= TBASE && code < (TBASE + TCOUNT))
{
/* make syllable of from LVT */
uint32 tindex = code - TBASE;
*result = start + tindex;
return true;
}
else
{
int i;
/*
* Do an inverse lookup of the decomposition tables to see if anything
* matches. The comparison just needs to be a perfect match on the
* sub-table of size two, because the start character has already been
* recomposed partially.
*/
for (i = 0; i < lengthof(UnicodeDecompMain); i++)
{
const pg_unicode_decomposition *entry = &UnicodeDecompMain[i];
if (DECOMPOSITION_SIZE(entry) != 2)
continue;
if (DECOMPOSITION_NO_COMPOSE(entry))
continue;
if (start == UnicodeDecomp_codepoints[entry->dec_index] &&
code == UnicodeDecomp_codepoints[entry->dec_index + 1])
{
*result = entry->codepoint;
return true;
}
}
}
return false;
}
/*
* Decompose the given code into the array given by caller. The
* decomposition begins at the position given by caller, saving one
* lookup on the decomposition table. The current position needs to be
* updated here to let the caller know from where to continue filling
* in the array result.
*/
static void
decompose_code(pg_wchar code, pg_wchar **result, int *current)
{
pg_unicode_decomposition *entry;
int i;
const uint32 *decomp;
int dec_size;
/*
* Fast path for Hangul characters not stored in tables to save memory as
* decomposition is algorithmic. See
* http://unicode.org/reports/tr15/tr15-18.html, annex 10 for details on
* the matter.
*/
if (code >= SBASE && code < SBASE + SCOUNT)
{
uint32 l,
v,
tindex,
sindex;
pg_wchar *res = *result;
sindex = code - SBASE;
l = LBASE + sindex / (VCOUNT * TCOUNT);
v = VBASE + (sindex % (VCOUNT * TCOUNT)) / TCOUNT;
tindex = sindex % TCOUNT;
res[*current] = l;
(*current)++;
res[*current] = v;
(*current)++;
if (tindex != 0)
{
res[*current] = TBASE + tindex;
(*current)++;
}
return;
}
entry = get_code_entry(code);
/*
* Just fill in with the current decomposition if there are no
* decomposition codes to recurse to. A NULL entry is equivalent to a
* character with class 0 and no decompositions, so just leave also in
* this case.
*/
if (entry == NULL || DECOMPOSITION_SIZE(entry) == 0)
{
pg_wchar *res = *result;
res[*current] = code;
(*current)++;
return;
}
/*
* If this entry has other decomposition codes look at them as well.
*/
decomp = get_code_decomposition(entry, &dec_size);
for (i = 0; i < dec_size; i++)
{
pg_wchar lcode = (pg_wchar) decomp[i];
/* Leave if no more decompositions */
decompose_code(lcode, result, current);
}
}
/*
* unicode_normalize_kc - Normalize a Unicode string to NFKC form.
*
* The input is a 0-terminated array of codepoints.
*
* In frontend, returns a 0-terminated array of codepoints, allocated with
* malloc. Or NULL if we run out of memory. In frontend, the returned
* string is palloc'd instead, and OOM is reported with ereport().
*/
pg_wchar *
unicode_normalize_kc(const pg_wchar *input)
{
pg_wchar *decomp_chars;
pg_wchar *recomp_chars;
int decomp_size,
current_size;
int count;
const pg_wchar *p;
/* variables for recomposition */
int last_class;
int starter_pos;
int target_pos;
uint32 starter_ch;
/* First, do character decomposition */
/*
* Calculate how many characters long the decomposed version will be.
*/
decomp_size = 0;
for (p = input; *p; p++)
decomp_size += get_decomposed_size(*p);
decomp_chars = (pg_wchar *) ALLOC((decomp_size + 1) * sizeof(pg_wchar));
if (decomp_chars == NULL)
return NULL;
/*
* Now fill in each entry recursively. This needs a second pass on the
* decomposition table.
*/
current_size = 0;
for (p = input; *p; p++)
decompose_code(*p, &decomp_chars, &current_size);
decomp_chars[decomp_size] = '\0';
Assert(decomp_size == current_size);
/*
* Now apply canonical ordering.
*/
for (count = 1; count < decomp_size; count++)
{
pg_wchar prev = decomp_chars[count - 1];
pg_wchar next = decomp_chars[count];
pg_wchar tmp;
pg_unicode_decomposition *prevEntry = get_code_entry(prev);
pg_unicode_decomposition *nextEntry = get_code_entry(next);
/*
* If no entries are found, the character used is either an Hangul
* character or a character with a class of 0 and no decompositions,
* so move to next result.
*/
if (prevEntry == NULL || nextEntry == NULL)
continue;
/*
* Per Unicode (http://unicode.org/reports/tr15/tr15-18.html) annex 4,
* a sequence of two adjacent characters in a string is an
* exchangeable pair if the combining class (from the Unicode
* Character Database) for the first character is greater than the
* combining class for the second, and the second is not a starter. A
* character is a starter if its combining class is 0.
*/
if (nextEntry->class == 0x0 || prevEntry->class == 0x0)
continue;
if (prevEntry->class <= nextEntry->class)
continue;
/* exchange can happen */
tmp = decomp_chars[count - 1];
decomp_chars[count - 1] = decomp_chars[count];
decomp_chars[count] = tmp;
/* backtrack to check again */
if (count > 1)
count -= 2;
}
/*
* The last phase of NFKC is the recomposition of the reordered Unicode
* string using combining classes. The recomposed string cannot be longer
* than the decomposed one, so make the allocation of the output string
* based on that assumption.
*/
recomp_chars = (pg_wchar *) ALLOC((decomp_size + 1) * sizeof(pg_wchar));
if (!recomp_chars)
{
FREE(decomp_chars);
return NULL;
}
last_class = -1; /* this eliminates a special check */
starter_pos = 0;
target_pos = 1;
starter_ch = recomp_chars[0] = decomp_chars[0];
for (count = 1; count < decomp_size; count++)
{
pg_wchar ch = decomp_chars[count];
pg_unicode_decomposition *ch_entry = get_code_entry(ch);
int ch_class = (ch_entry == NULL) ? 0 : ch_entry->class;
pg_wchar composite;
if (last_class < ch_class &&
recompose_code(starter_ch, ch, &composite))
{
recomp_chars[starter_pos] = composite;
starter_ch = composite;
}
else if (ch_class == 0)
{
starter_pos = target_pos;
starter_ch = ch;
last_class = -1;
recomp_chars[target_pos++] = ch;
}
else
{
last_class = ch_class;
recomp_chars[target_pos++] = ch;
}
}
recomp_chars[target_pos] = (pg_wchar) '\0';
FREE(decomp_chars);
return recomp_chars;
}
/*-------------------------------------------------------------------------
*
* saslprep.h
* SASLprep normalization, for SCRAM authentication
*
* These definitions are used by both frontend and backend code.
*
* Copyright (c) 2017, PostgreSQL Global Development Group
*
* src/include/common/saslprep.h
*
*-------------------------------------------------------------------------
*/
#ifndef SASLPREP_H
#define SASLPREP_H
/*
* Return codes for pg_saslprep() function.
*/
typedef enum
{
SASLPREP_SUCCESS = 0,
SASLPREP_OOM = -1, /* out of memory (only in frontend) */
SASLPREP_INVALID_UTF8 = -2, /* input is not a valid UTF-8 string */
SASLPREP_PROHIBITED = -3 /* output would contain prohibited characters */
} pg_saslprep_rc;
extern pg_saslprep_rc pg_saslprep(const char *input, char **output);
#endif /* SASLPREP_H */
/*-------------------------------------------------------------------------
*
* unicode_norm.h
* Routines for normalizing Unicode strings
*
* These definitions are used by both frontend and backend code.
*
* Copyright (c) 2017, PostgreSQL Global Development Group
*
* src/include/common/unicode_norm.h
*
*-------------------------------------------------------------------------
*/
#ifndef UNICODE_NORM_H
#define UNICODE_NORM_H
#include "mb/pg_wchar.h"
extern pg_wchar *unicode_normalize_kc(const pg_wchar *input);
#endif /* UNICODE_NORM_H */
This source diff could not be displayed because it is too large. You can view the blob instead.
...@@ -11,6 +11,7 @@ ...@@ -11,6 +11,7 @@
/pg_strong_random.c /pg_strong_random.c
/pgstrcasecmp.c /pgstrcasecmp.c
/pqsignal.c /pqsignal.c
/saslprep.c
/scram-common.c /scram-common.c
/sha2.c /sha2.c
/sha2_openssl.c /sha2_openssl.c
...@@ -19,6 +20,7 @@ ...@@ -19,6 +20,7 @@
/strlcpy.c /strlcpy.c
/system.c /system.c
/thread.c /thread.c
/unicode_norm.c
/win32error.c /win32error.c
/win32setlocale.c /win32setlocale.c
/pgsleep.c /pgsleep.c
......
...@@ -49,7 +49,7 @@ endif ...@@ -49,7 +49,7 @@ endif
# src/backend/utils/mb # src/backend/utils/mb
OBJS += encnames.o wchar.o OBJS += encnames.o wchar.o
# src/common # src/common
OBJS += base64.o ip.o md5.o scram-common.o OBJS += base64.o ip.o md5.o scram-common.o saslprep.o unicode_norm.o
ifeq ($(with_openssl),yes) ifeq ($(with_openssl),yes)
OBJS += fe-secure-openssl.o sha2_openssl.o OBJS += fe-secure-openssl.o sha2_openssl.o
...@@ -106,7 +106,7 @@ backend_src = $(top_srcdir)/src/backend ...@@ -106,7 +106,7 @@ backend_src = $(top_srcdir)/src/backend
chklocale.c crypt.c erand48.c getaddrinfo.c getpeereid.c inet_aton.c inet_net_ntop.c noblock.c open.c system.c pgsleep.c pg_strong_random.c pgstrcasecmp.c pqsignal.c snprintf.c strerror.c strlcpy.c thread.c win32error.c win32setlocale.c: % : $(top_srcdir)/src/port/% chklocale.c crypt.c erand48.c getaddrinfo.c getpeereid.c inet_aton.c inet_net_ntop.c noblock.c open.c system.c pgsleep.c pg_strong_random.c pgstrcasecmp.c pqsignal.c snprintf.c strerror.c strlcpy.c thread.c win32error.c win32setlocale.c: % : $(top_srcdir)/src/port/%
rm -f $@ && $(LN_S) $< . rm -f $@ && $(LN_S) $< .
ip.c md5.c base64.c scram-common.c sha2.c sha2_openssl.c: % : $(top_srcdir)/src/common/% ip.c md5.c base64.c scram-common.c sha2.c sha2_openssl.c saslprep.c unicode_norm.c: % : $(top_srcdir)/src/common/%
rm -f $@ && $(LN_S) $< . rm -f $@ && $(LN_S) $< .
encnames.c wchar.c: % : $(backend_src)/utils/mb/% encnames.c wchar.c: % : $(backend_src)/utils/mb/%
......
...@@ -15,6 +15,7 @@ ...@@ -15,6 +15,7 @@
#include "postgres_fe.h" #include "postgres_fe.h"
#include "common/base64.h" #include "common/base64.h"
#include "common/saslprep.h"
#include "common/scram-common.h" #include "common/scram-common.h"
#include "fe-auth.h" #include "fe-auth.h"
...@@ -42,7 +43,7 @@ typedef struct ...@@ -42,7 +43,7 @@ typedef struct
/* These are supplied by the user */ /* These are supplied by the user */
const char *username; const char *username;
const char *password; char *password;
/* We construct these */ /* We construct these */
char *client_nonce; char *client_nonce;
...@@ -82,6 +83,8 @@ void * ...@@ -82,6 +83,8 @@ void *
pg_fe_scram_init(const char *username, const char *password) pg_fe_scram_init(const char *username, const char *password)
{ {
fe_scram_state *state; fe_scram_state *state;
char *prep_password;
pg_saslprep_rc rc;
state = (fe_scram_state *) malloc(sizeof(fe_scram_state)); state = (fe_scram_state *) malloc(sizeof(fe_scram_state));
if (!state) if (!state)
...@@ -89,7 +92,24 @@ pg_fe_scram_init(const char *username, const char *password) ...@@ -89,7 +92,24 @@ pg_fe_scram_init(const char *username, const char *password)
memset(state, 0, sizeof(fe_scram_state)); memset(state, 0, sizeof(fe_scram_state));
state->state = FE_SCRAM_INIT; state->state = FE_SCRAM_INIT;
state->username = username; state->username = username;
state->password = password;
/* Normalize the password with SASLprep, if possible */
rc = pg_saslprep(password, &prep_password);
if (rc == SASLPREP_OOM)
{
free(state);
return NULL;
}
if (rc != SASLPREP_SUCCESS)
{
prep_password = strdup(password);
if (!prep_password)
{
free(state);
return NULL;
}
}
state->password = prep_password;
return state; return state;
} }
...@@ -102,6 +122,9 @@ pg_fe_scram_free(void *opaq) ...@@ -102,6 +122,9 @@ pg_fe_scram_free(void *opaq)
{ {
fe_scram_state *state = (fe_scram_state *) opaq; fe_scram_state *state = (fe_scram_state *) opaq;
if (state->password)
free(state->password);
/* client messages */ /* client messages */
if (state->client_nonce) if (state->client_nonce)
free(state->client_nonce); free(state->client_nonce);
......
# Test password normalization in SCRAM.
#
# This test cannot run on Windows as Postgres cannot be set up with Unix
# sockets and needs to go through SSPI.
use strict;
use warnings;
use PostgresNode;
use TestLib;
use Test::More tests => 12;
# Delete pg_hba.conf from the given node, add a new entry to it
# and then execute a reload to refresh it.
sub reset_pg_hba
{
my $node = shift;
my $hba_method = shift;
unlink($node->data_dir . '/pg_hba.conf');
$node->append_conf('pg_hba.conf', "local all all $hba_method");
$node->reload;
}
# Test access for a single role, useful to wrap all tests into one.
sub test_login
{
my $node = shift;
my $role = shift;
my $password = shift;
my $expected_res = shift;
my $status_string = 'failed';
$status_string = 'success' if ($expected_res eq 0);
$ENV{"PGPASSWORD"} = $password;
my $res = $node->psql('postgres', 'SELECT 1', extra_params => ['-U', $role]);
is($res, $expected_res,
"authentication $status_string for role $role with password $password");
}
SKIP:
{
skip "authentication tests cannot run on Windows", 12 if ($windows_os);
# Initialize master node
my $node = get_new_node('master');
$node->init;
$node->start;
# These tests are based on the example strings from RFC4013.txt,
# Section "3. Examples":
#
# # Input Output Comments
# - ----- ------ --------
# 1 I<U+00AD>X IX SOFT HYPHEN mapped to nothing
# 2 user user no transformation
# 3 USER USER case preserved, will not match #2
# 4 <U+00AA> a output is NFKC, input in ISO 8859-1
# 5 <U+2168> IX output is NFKC, will match #1
# 6 <U+0007> Error - prohibited character
# 7 <U+0627><U+0031> Error - bidirectional check
# Create test roles.
$node->safe_psql('postgres',
"SET password_encryption='scram';
SET client_encoding='utf8';
CREATE ROLE saslpreptest1_role LOGIN PASSWORD 'IX';
CREATE ROLE saslpreptest4a_role LOGIN PASSWORD 'a';
CREATE ROLE saslpreptest4b_role LOGIN PASSWORD E'\\xc2\\xaa';
CREATE ROLE saslpreptest6_role LOGIN PASSWORD E'foo\\x07bar';
CREATE ROLE saslpreptest7_role LOGIN PASSWORD E'foo\\u0627\\u0031bar';
");
# Require password from now on.
reset_pg_hba($node, 'scram');
# Check that #1 and #5 are treated the same as just 'IX'
test_login($node, 'saslpreptest1_role', "I\xc2\xadX", 0);
test_login($node, 'saslpreptest1_role', "\xe2\x85\xa8", 0);
# but different from lower case 'ix'
test_login($node, 'saslpreptest1_role', "ix", 2);
# Check #4
test_login($node, 'saslpreptest4a_role', "a", 0);
test_login($node, 'saslpreptest4a_role', "\xc2\xaa", 0);
test_login($node, 'saslpreptest4b_role', "a", 0);
test_login($node, 'saslpreptest4b_role', "\xc2\xaa", 0);
# Check #6 and #7 - In PostgreSQL, contrary to the spec, if the password
# contains prohibited characters, we use it as is, without normalization.
test_login($node, 'saslpreptest6_role', "foo\x07bar", 0);
test_login($node, 'saslpreptest6_role', "foobar", 2);
test_login($node, 'saslpreptest7_role', "foo\xd8\xa71bar", 0);
test_login($node, 'saslpreptest7_role', "foo1\xd8\xa7bar", 2);
test_login($node, 'saslpreptest7_role', "foobar", 2);
}
...@@ -112,7 +112,8 @@ sub mkvcbuild ...@@ -112,7 +112,8 @@ sub mkvcbuild
our @pgcommonallfiles = qw( our @pgcommonallfiles = qw(
base64.c config_info.c controldata_utils.c exec.c ip.c keywords.c base64.c config_info.c controldata_utils.c exec.c ip.c keywords.c
md5.c pg_lzcompress.c pgfnames.c psprintf.c relpath.c rmtree.c md5.c pg_lzcompress.c pgfnames.c psprintf.c relpath.c rmtree.c
scram-common.c string.c username.c wait_error.c); saslprep.c scram-common.c string.c unicode_norm.c username.c
wait_error.c);
if ($solution->{options}->{openssl}) if ($solution->{options}->{openssl})
{ {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment