Commit b4675a8a authored by Peter Eisentraut's avatar Peter Eisentraut

Fix use of term "verifier"

Within the context of SCRAM, "verifier" has a specific meaning in the
protocol, per RFCs.  The existing code used "verifier" differently, to
mean whatever is or would be stored in pg_auth.rolpassword.

Fix this by using the term "secret" for this, following RFC 5803.
Reviewed-by: default avatarMichael Paquier <michael@paquier.xyz>
Discussion: https://www.postgresql.org/message-id/flat/be397b06-6e4b-ba71-c7fb-54cae84a7e18%402ndquadrant.com
parent 5f3d271d
...@@ -64,10 +64,10 @@ ...@@ -64,10 +64,10 @@
* Don't reveal user information to an unauthenticated client. We don't * Don't reveal user information to an unauthenticated client. We don't
* want an attacker to be able to probe whether a particular username is * want an attacker to be able to probe whether a particular username is
* valid. In SCRAM, the server has to read the salt and iteration count * valid. In SCRAM, the server has to read the salt and iteration count
* from the user's password verifier, and send it to the client. To avoid * from the user's stored secret, and send it to the client. To avoid
* revealing whether a user exists, when the client tries to authenticate * revealing whether a user exists, when the client tries to authenticate
* with a username that doesn't exist, or doesn't have a valid SCRAM * with a username that doesn't exist, or doesn't have a valid SCRAM
* verifier in pg_authid, we create a fake salt and iteration count * secret in pg_authid, we create a fake salt and iteration count
* on-the-fly, and proceed with the authentication with that. In the end, * on-the-fly, and proceed with the authentication with that. In the end,
* we'll reject the attempt, as if an incorrect password was given. When * we'll reject the attempt, as if an incorrect password was given. When
* we are performing a "mock" authentication, the 'doomed' flag in * we are performing a "mock" authentication, the 'doomed' flag in
...@@ -161,7 +161,7 @@ static char *build_server_first_message(scram_state *state); ...@@ -161,7 +161,7 @@ static char *build_server_first_message(scram_state *state);
static char *build_server_final_message(scram_state *state); static char *build_server_final_message(scram_state *state);
static bool verify_client_proof(scram_state *state); static bool verify_client_proof(scram_state *state);
static bool verify_final_nonce(scram_state *state); static bool verify_final_nonce(scram_state *state);
static void mock_scram_verifier(const char *username, int *iterations, static void mock_scram_secret(const char *username, int *iterations,
char **salt, uint8 *stored_key, uint8 *server_key); char **salt, uint8 *stored_key, uint8 *server_key);
static bool is_scram_printable(char *p); static bool is_scram_printable(char *p);
static char *sanitize_char(char c); static char *sanitize_char(char c);
...@@ -202,13 +202,13 @@ pg_be_scram_get_mechanisms(Port *port, StringInfo buf) ...@@ -202,13 +202,13 @@ pg_be_scram_get_mechanisms(Port *port, StringInfo buf)
* *
* Initialize a new SCRAM authentication exchange status tracker. This * Initialize a new SCRAM authentication exchange status tracker. This
* needs to be called before doing any exchange. It will be filled later * needs to be called before doing any exchange. It will be filled later
* after the beginning of the exchange with verifier data. * after the beginning of the exchange with authentication information.
* *
* 'selected_mech' identifies the SASL mechanism that the client selected. * 'selected_mech' identifies the SASL mechanism that the client selected.
* It should be one of the mechanisms that we support, as returned by * It should be one of the mechanisms that we support, as returned by
* pg_be_scram_get_mechanisms(). * pg_be_scram_get_mechanisms().
* *
* 'shadow_pass' is the role's password verifier, from pg_authid.rolpassword. * 'shadow_pass' is the role's stored secret, from pg_authid.rolpassword.
* The username was provided by the client in the startup message, and is * The username was provided by the client in the startup message, and is
* available in port->user_name. If 'shadow_pass' is NULL, we still perform * available in port->user_name. If 'shadow_pass' is NULL, we still perform
* an authentication exchange, but it will fail, as if an incorrect password * an authentication exchange, but it will fail, as if an incorrect password
...@@ -220,7 +220,7 @@ pg_be_scram_init(Port *port, ...@@ -220,7 +220,7 @@ pg_be_scram_init(Port *port,
const char *shadow_pass) const char *shadow_pass)
{ {
scram_state *state; scram_state *state;
bool got_verifier; bool got_secret;
state = (scram_state *) palloc0(sizeof(scram_state)); state = (scram_state *) palloc0(sizeof(scram_state));
state->port = port; state->port = port;
...@@ -248,7 +248,7 @@ pg_be_scram_init(Port *port, ...@@ -248,7 +248,7 @@ pg_be_scram_init(Port *port,
errmsg("client selected an invalid SASL authentication mechanism"))); errmsg("client selected an invalid SASL authentication mechanism")));
/* /*
* Parse the stored password verifier. * Parse the stored secret.
*/ */
if (shadow_pass) if (shadow_pass)
{ {
...@@ -256,30 +256,30 @@ pg_be_scram_init(Port *port, ...@@ -256,30 +256,30 @@ pg_be_scram_init(Port *port,
if (password_type == PASSWORD_TYPE_SCRAM_SHA_256) if (password_type == PASSWORD_TYPE_SCRAM_SHA_256)
{ {
if (parse_scram_verifier(shadow_pass, &state->iterations, &state->salt, if (parse_scram_secret(shadow_pass, &state->iterations, &state->salt,
state->StoredKey, state->ServerKey)) state->StoredKey, state->ServerKey))
got_verifier = true; got_secret = true;
else else
{ {
/* /*
* The password looked like a SCRAM verifier, but could not be * The password looked like a SCRAM secret, but could not be
* parsed. * parsed.
*/ */
ereport(LOG, ereport(LOG,
(errmsg("invalid SCRAM verifier for user \"%s\"", (errmsg("invalid SCRAM secret for user \"%s\"",
state->port->user_name))); state->port->user_name)));
got_verifier = false; got_secret = false;
} }
} }
else else
{ {
/* /*
* The user doesn't have SCRAM verifier. (You cannot do SCRAM * The user doesn't have SCRAM secret. (You cannot do SCRAM
* authentication with an MD5 hash.) * authentication with an MD5 hash.)
*/ */
state->logdetail = psprintf(_("User \"%s\" does not have a valid SCRAM verifier."), state->logdetail = psprintf(_("User \"%s\" does not have a valid SCRAM secret."),
state->port->user_name); state->port->user_name);
got_verifier = false; got_secret = false;
} }
} }
else else
...@@ -289,18 +289,18 @@ pg_be_scram_init(Port *port, ...@@ -289,18 +289,18 @@ pg_be_scram_init(Port *port,
* considered normal, since the caller requested it, so don't set log * considered normal, since the caller requested it, so don't set log
* detail. * detail.
*/ */
got_verifier = false; got_secret = false;
} }
/* /*
* If the user did not have a valid SCRAM verifier, we still go through * If the user did not have a valid SCRAM secret, we still go through
* the motions with a mock one, and fail as if the client supplied an * the motions with a mock one, and fail as if the client supplied an
* incorrect password. This is to avoid revealing information to an * incorrect password. This is to avoid revealing information to an
* attacker. * attacker.
*/ */
if (!got_verifier) if (!got_secret)
{ {
mock_scram_verifier(state->port->user_name, &state->iterations, mock_scram_secret(state->port->user_name, &state->iterations,
&state->salt, state->StoredKey, state->ServerKey); &state->salt, state->StoredKey, state->ServerKey);
state->doomed = true; state->doomed = true;
} }
...@@ -443,12 +443,12 @@ pg_be_scram_exchange(void *opaq, const char *input, int inputlen, ...@@ -443,12 +443,12 @@ pg_be_scram_exchange(void *opaq, const char *input, int inputlen,
} }
/* /*
* Construct a verifier string for SCRAM, stored in pg_authid.rolpassword. * Construct a SCRAM secret, for storing in pg_authid.rolpassword.
* *
* The result is palloc'd, so caller is responsible for freeing it. * The result is palloc'd, so caller is responsible for freeing it.
*/ */
char * char *
pg_be_scram_build_verifier(const char *password) pg_be_scram_build_secret(const char *password)
{ {
char *prep_password; char *prep_password;
pg_saslprep_rc rc; pg_saslprep_rc rc;
...@@ -470,7 +470,7 @@ pg_be_scram_build_verifier(const char *password) ...@@ -470,7 +470,7 @@ pg_be_scram_build_verifier(const char *password)
(errcode(ERRCODE_INTERNAL_ERROR), (errcode(ERRCODE_INTERNAL_ERROR),
errmsg("could not generate random salt"))); errmsg("could not generate random salt")));
result = scram_build_verifier(saltbuf, SCRAM_DEFAULT_SALT_LEN, result = scram_build_secret(saltbuf, SCRAM_DEFAULT_SALT_LEN,
SCRAM_DEFAULT_ITERATIONS, password); SCRAM_DEFAULT_ITERATIONS, password);
if (prep_password) if (prep_password)
...@@ -480,13 +480,13 @@ pg_be_scram_build_verifier(const char *password) ...@@ -480,13 +480,13 @@ pg_be_scram_build_verifier(const char *password)
} }
/* /*
* Verify a plaintext password against a SCRAM verifier. This is used when * Verify a plaintext password against a SCRAM secret. This is used when
* performing plaintext password authentication for a user that has a SCRAM * performing plaintext password authentication for a user that has a SCRAM
* verifier stored in pg_authid. * secret stored in pg_authid.
*/ */
bool bool
scram_verify_plain_password(const char *username, const char *password, scram_verify_plain_password(const char *username, const char *password,
const char *verifier) const char *secret)
{ {
char *encoded_salt; char *encoded_salt;
char *salt; char *salt;
...@@ -499,14 +499,14 @@ scram_verify_plain_password(const char *username, const char *password, ...@@ -499,14 +499,14 @@ scram_verify_plain_password(const char *username, const char *password,
char *prep_password; char *prep_password;
pg_saslprep_rc rc; pg_saslprep_rc rc;
if (!parse_scram_verifier(verifier, &iterations, &encoded_salt, if (!parse_scram_secret(secret, &iterations, &encoded_salt,
stored_key, server_key)) stored_key, server_key))
{ {
/* /*
* The password looked like a SCRAM verifier, but could not be parsed. * The password looked like a SCRAM secret, but could not be parsed.
*/ */
ereport(LOG, ereport(LOG,
(errmsg("invalid SCRAM verifier for user \"%s\"", username))); (errmsg("invalid SCRAM secret for user \"%s\"", username)));
return false; return false;
} }
...@@ -517,7 +517,7 @@ scram_verify_plain_password(const char *username, const char *password, ...@@ -517,7 +517,7 @@ scram_verify_plain_password(const char *username, const char *password,
if (saltlen < 0) if (saltlen < 0)
{ {
ereport(LOG, ereport(LOG,
(errmsg("invalid SCRAM verifier for user \"%s\"", username))); (errmsg("invalid SCRAM secret for user \"%s\"", username)));
return false; return false;
} }
...@@ -534,7 +534,7 @@ scram_verify_plain_password(const char *username, const char *password, ...@@ -534,7 +534,7 @@ scram_verify_plain_password(const char *username, const char *password,
pfree(prep_password); pfree(prep_password);
/* /*
* Compare the verifier's Server Key with the one computed from the * Compare the secret's Server Key with the one computed from the
* user-supplied password. * user-supplied password.
*/ */
return memcmp(computed_key, server_key, SCRAM_KEY_LEN) == 0; return memcmp(computed_key, server_key, SCRAM_KEY_LEN) == 0;
...@@ -542,18 +542,18 @@ scram_verify_plain_password(const char *username, const char *password, ...@@ -542,18 +542,18 @@ scram_verify_plain_password(const char *username, const char *password,
/* /*
* Parse and validate format of given SCRAM verifier. * Parse and validate format of given SCRAM secret.
* *
* On success, the iteration count, salt, stored key, and server key are * On success, the iteration count, salt, stored key, and server key are
* extracted from the verifier, and returned to the caller. For 'stored_key' * extracted from the secret, and returned to the caller. For 'stored_key'
* and 'server_key', the caller must pass pre-allocated buffers of size * and 'server_key', the caller must pass pre-allocated buffers of size
* SCRAM_KEY_LEN. Salt is returned as a base64-encoded, null-terminated * SCRAM_KEY_LEN. Salt is returned as a base64-encoded, null-terminated
* string. The buffer for the salt is palloc'd by this function. * string. The buffer for the salt is palloc'd by this function.
* *
* Returns true if the SCRAM verifier has been parsed, and false otherwise. * Returns true if the SCRAM secret has been parsed, and false otherwise.
*/ */
bool bool
parse_scram_verifier(const char *verifier, int *iterations, char **salt, parse_scram_secret(const char *secret, int *iterations, char **salt,
uint8 *stored_key, uint8 *server_key) uint8 *stored_key, uint8 *server_key)
{ {
char *v; char *v;
...@@ -569,30 +569,30 @@ parse_scram_verifier(const char *verifier, int *iterations, char **salt, ...@@ -569,30 +569,30 @@ parse_scram_verifier(const char *verifier, int *iterations, char **salt,
char *decoded_server_buf; char *decoded_server_buf;
/* /*
* The verifier is of form: * The secret is of form:
* *
* SCRAM-SHA-256$<iterations>:<salt>$<storedkey>:<serverkey> * SCRAM-SHA-256$<iterations>:<salt>$<storedkey>:<serverkey>
*/ */
v = pstrdup(verifier); v = pstrdup(secret);
if ((scheme_str = strtok(v, "$")) == NULL) if ((scheme_str = strtok(v, "$")) == NULL)
goto invalid_verifier; goto invalid_secret;
if ((iterations_str = strtok(NULL, ":")) == NULL) if ((iterations_str = strtok(NULL, ":")) == NULL)
goto invalid_verifier; goto invalid_secret;
if ((salt_str = strtok(NULL, "$")) == NULL) if ((salt_str = strtok(NULL, "$")) == NULL)
goto invalid_verifier; goto invalid_secret;
if ((storedkey_str = strtok(NULL, ":")) == NULL) if ((storedkey_str = strtok(NULL, ":")) == NULL)
goto invalid_verifier; goto invalid_secret;
if ((serverkey_str = strtok(NULL, "")) == NULL) if ((serverkey_str = strtok(NULL, "")) == NULL)
goto invalid_verifier; goto invalid_secret;
/* Parse the fields */ /* Parse the fields */
if (strcmp(scheme_str, "SCRAM-SHA-256") != 0) if (strcmp(scheme_str, "SCRAM-SHA-256") != 0)
goto invalid_verifier; goto invalid_secret;
errno = 0; errno = 0;
*iterations = strtol(iterations_str, &p, 10); *iterations = strtol(iterations_str, &p, 10);
if (*p || errno != 0) if (*p || errno != 0)
goto invalid_verifier; goto invalid_secret;
/* /*
* Verify that the salt is in Base64-encoded format, by decoding it, * Verify that the salt is in Base64-encoded format, by decoding it,
...@@ -603,7 +603,7 @@ parse_scram_verifier(const char *verifier, int *iterations, char **salt, ...@@ -603,7 +603,7 @@ parse_scram_verifier(const char *verifier, int *iterations, char **salt,
decoded_len = pg_b64_decode(salt_str, strlen(salt_str), decoded_len = pg_b64_decode(salt_str, strlen(salt_str),
decoded_salt_buf, decoded_len); decoded_salt_buf, decoded_len);
if (decoded_len < 0) if (decoded_len < 0)
goto invalid_verifier; goto invalid_secret;
*salt = pstrdup(salt_str); *salt = pstrdup(salt_str);
/* /*
...@@ -614,7 +614,7 @@ parse_scram_verifier(const char *verifier, int *iterations, char **salt, ...@@ -614,7 +614,7 @@ parse_scram_verifier(const char *verifier, int *iterations, char **salt,
decoded_len = pg_b64_decode(storedkey_str, strlen(storedkey_str), decoded_len = pg_b64_decode(storedkey_str, strlen(storedkey_str),
decoded_stored_buf, decoded_len); decoded_stored_buf, decoded_len);
if (decoded_len != SCRAM_KEY_LEN) if (decoded_len != SCRAM_KEY_LEN)
goto invalid_verifier; goto invalid_secret;
memcpy(stored_key, decoded_stored_buf, SCRAM_KEY_LEN); memcpy(stored_key, decoded_stored_buf, SCRAM_KEY_LEN);
decoded_len = pg_b64_dec_len(strlen(serverkey_str)); decoded_len = pg_b64_dec_len(strlen(serverkey_str));
...@@ -622,29 +622,29 @@ parse_scram_verifier(const char *verifier, int *iterations, char **salt, ...@@ -622,29 +622,29 @@ parse_scram_verifier(const char *verifier, int *iterations, char **salt,
decoded_len = pg_b64_decode(serverkey_str, strlen(serverkey_str), decoded_len = pg_b64_decode(serverkey_str, strlen(serverkey_str),
decoded_server_buf, decoded_len); decoded_server_buf, decoded_len);
if (decoded_len != SCRAM_KEY_LEN) if (decoded_len != SCRAM_KEY_LEN)
goto invalid_verifier; goto invalid_secret;
memcpy(server_key, decoded_server_buf, SCRAM_KEY_LEN); memcpy(server_key, decoded_server_buf, SCRAM_KEY_LEN);
return true; return true;
invalid_verifier: invalid_secret:
*salt = NULL; *salt = NULL;
return false; return false;
} }
/* /*
* Generate plausible SCRAM verifier parameters for mock authentication. * Generate plausible SCRAM secret parameters for mock authentication.
* *
* In a normal authentication, these are extracted from the verifier * In a normal authentication, these are extracted from the secret
* stored in the server. This function generates values that look * stored in the server. This function generates values that look
* realistic, for when there is no stored verifier. * realistic, for when there is no stored secret.
* *
* Like in parse_scram_verifier(), for 'stored_key' and 'server_key', the * Like in parse_scram_secret(), for 'stored_key' and 'server_key', the
* caller must pass pre-allocated buffers of size SCRAM_KEY_LEN, and * caller must pass pre-allocated buffers of size SCRAM_KEY_LEN, and
* the buffer for the salt is palloc'd by this function. * the buffer for the salt is palloc'd by this function.
*/ */
static void static void
mock_scram_verifier(const char *username, int *iterations, char **salt, mock_scram_secret(const char *username, int *iterations, char **salt,
uint8 *stored_key, uint8 *server_key) uint8 *stored_key, uint8 *server_key)
{ {
char *raw_salt; char *raw_salt;
......
...@@ -818,7 +818,7 @@ CheckPWChallengeAuth(Port *port, char **logdetail) ...@@ -818,7 +818,7 @@ CheckPWChallengeAuth(Port *port, char **logdetail)
* If 'md5' authentication is allowed, decide whether to perform 'md5' or * If 'md5' authentication is allowed, decide whether to perform 'md5' or
* 'scram-sha-256' authentication based on the type of password the user * 'scram-sha-256' authentication based on the type of password the user
* has. If it's an MD5 hash, we must do MD5 authentication, and if it's a * has. If it's an MD5 hash, we must do MD5 authentication, and if it's a
* SCRAM verifier, we must do SCRAM authentication. * SCRAM secret, we must do SCRAM authentication.
* *
* If MD5 authentication is not allowed, always use SCRAM. If the user * If MD5 authentication is not allowed, always use SCRAM. If the user
* had an MD5 password, CheckSCRAMAuth() will fail. * had an MD5 password, CheckSCRAMAuth() will fail.
......
...@@ -83,7 +83,7 @@ get_role_password(const char *role, char **logdetail) ...@@ -83,7 +83,7 @@ get_role_password(const char *role, char **logdetail)
} }
/* /*
* What kind of a password verifier is 'shadow_pass'? * What kind of a password type is 'shadow_pass'?
*/ */
PasswordType PasswordType
get_password_type(const char *shadow_pass) get_password_type(const char *shadow_pass)
...@@ -97,14 +97,14 @@ get_password_type(const char *shadow_pass) ...@@ -97,14 +97,14 @@ get_password_type(const char *shadow_pass)
strlen(shadow_pass) == MD5_PASSWD_LEN && strlen(shadow_pass) == MD5_PASSWD_LEN &&
strspn(shadow_pass + 3, MD5_PASSWD_CHARSET) == MD5_PASSWD_LEN - 3) strspn(shadow_pass + 3, MD5_PASSWD_CHARSET) == MD5_PASSWD_LEN - 3)
return PASSWORD_TYPE_MD5; return PASSWORD_TYPE_MD5;
if (parse_scram_verifier(shadow_pass, &iterations, &encoded_salt, if (parse_scram_secret(shadow_pass, &iterations, &encoded_salt,
stored_key, server_key)) stored_key, server_key))
return PASSWORD_TYPE_SCRAM_SHA_256; return PASSWORD_TYPE_SCRAM_SHA_256;
return PASSWORD_TYPE_PLAINTEXT; return PASSWORD_TYPE_PLAINTEXT;
} }
/* /*
* Given a user-supplied password, convert it into a verifier of * Given a user-supplied password, convert it into a secret of
* 'target_type' kind. * 'target_type' kind.
* *
* If the password is already in encrypted form, we cannot reverse the * If the password is already in encrypted form, we cannot reverse the
...@@ -137,7 +137,7 @@ encrypt_password(PasswordType target_type, const char *role, ...@@ -137,7 +137,7 @@ encrypt_password(PasswordType target_type, const char *role,
return encrypted_password; return encrypted_password;
case PASSWORD_TYPE_SCRAM_SHA_256: case PASSWORD_TYPE_SCRAM_SHA_256:
return pg_be_scram_build_verifier(password); return pg_be_scram_build_secret(password);
case PASSWORD_TYPE_PLAINTEXT: case PASSWORD_TYPE_PLAINTEXT:
elog(ERROR, "cannot encrypt password with 'plaintext'"); elog(ERROR, "cannot encrypt password with 'plaintext'");
......
...@@ -181,7 +181,7 @@ scram_ServerKey(const uint8 *salted_password, uint8 *result) ...@@ -181,7 +181,7 @@ scram_ServerKey(const uint8 *salted_password, uint8 *result)
/* /*
* Construct a verifier string for SCRAM, stored in pg_authid.rolpassword. * Construct a SCRAM secret, for storing in pg_authid.rolpassword.
* *
* The password should already have been processed with SASLprep, if necessary! * The password should already have been processed with SASLprep, if necessary!
* *
...@@ -189,7 +189,7 @@ scram_ServerKey(const uint8 *salted_password, uint8 *result) ...@@ -189,7 +189,7 @@ scram_ServerKey(const uint8 *salted_password, uint8 *result)
* palloc'd or malloc'd, so caller is responsible for freeing it. * palloc'd or malloc'd, so caller is responsible for freeing it.
*/ */
char * char *
scram_build_verifier(const char *salt, int saltlen, int iterations, scram_build_secret(const char *salt, int saltlen, int iterations,
const char *password) const char *password)
{ {
uint8 salted_password[SCRAM_KEY_LEN]; uint8 salted_password[SCRAM_KEY_LEN];
......
...@@ -33,14 +33,14 @@ ...@@ -33,14 +33,14 @@
#define SCRAM_RAW_NONCE_LEN 18 #define SCRAM_RAW_NONCE_LEN 18
/* /*
* Length of salt when generating new verifiers, in bytes. (It will be stored * Length of salt when generating new secrets, in bytes. (It will be stored
* and sent over the wire encoded in Base64.) 16 bytes is what the example in * and sent over the wire encoded in Base64.) 16 bytes is what the example in
* RFC 7677 uses. * RFC 7677 uses.
*/ */
#define SCRAM_DEFAULT_SALT_LEN 16 #define SCRAM_DEFAULT_SALT_LEN 16
/* /*
* Default number of iterations when generating verifier. Should be at least * Default number of iterations when generating secret. Should be at least
* 4096 per RFC 7677. * 4096 per RFC 7677.
*/ */
#define SCRAM_DEFAULT_ITERATIONS 4096 #define SCRAM_DEFAULT_ITERATIONS 4096
...@@ -64,7 +64,7 @@ extern void scram_H(const uint8 *str, int len, uint8 *result); ...@@ -64,7 +64,7 @@ extern void scram_H(const uint8 *str, int len, uint8 *result);
extern void scram_ClientKey(const uint8 *salted_password, uint8 *result); extern void scram_ClientKey(const uint8 *salted_password, uint8 *result);
extern void scram_ServerKey(const uint8 *salted_password, uint8 *result); extern void scram_ServerKey(const uint8 *salted_password, uint8 *result);
extern char *scram_build_verifier(const char *salt, int saltlen, int iterations, extern char *scram_build_secret(const char *salt, int saltlen, int iterations,
const char *password); const char *password);
#endif /* SCRAM_COMMON_H */ #endif /* SCRAM_COMMON_H */
...@@ -16,7 +16,7 @@ ...@@ -16,7 +16,7 @@
#include "datatype/timestamp.h" #include "datatype/timestamp.h"
/* /*
* Types of password hashes or verifiers. * Types of password hashes or secrets.
* *
* Plaintext passwords can be passed in by the user, in a CREATE/ALTER USER * Plaintext passwords can be passed in by the user, in a CREATE/ALTER USER
* command. They will be encrypted to MD5 or SCRAM-SHA-256 format, before * command. They will be encrypted to MD5 or SCRAM-SHA-256 format, before
......
...@@ -27,11 +27,11 @@ extern void *pg_be_scram_init(Port *port, const char *selected_mech, const char ...@@ -27,11 +27,11 @@ extern void *pg_be_scram_init(Port *port, const char *selected_mech, const char
extern int pg_be_scram_exchange(void *opaq, const char *input, int inputlen, extern int pg_be_scram_exchange(void *opaq, const char *input, int inputlen,
char **output, int *outputlen, char **logdetail); char **output, int *outputlen, char **logdetail);
/* Routines to handle and check SCRAM-SHA-256 verifier */ /* Routines to handle and check SCRAM-SHA-256 secret */
extern char *pg_be_scram_build_verifier(const char *password); extern char *pg_be_scram_build_secret(const char *password);
extern bool parse_scram_verifier(const char *verifier, int *iterations, char **salt, extern bool parse_scram_secret(const char *secret, int *iterations, char **salt,
uint8 *stored_key, uint8 *server_key); uint8 *stored_key, uint8 *server_key);
extern bool scram_verify_plain_password(const char *username, extern bool scram_verify_plain_password(const char *username,
const char *password, const char *verifier); const char *password, const char *secret);
#endif /* PG_SCRAM_H */ #endif /* PG_SCRAM_H */
...@@ -822,10 +822,10 @@ verify_server_signature(fe_scram_state *state) ...@@ -822,10 +822,10 @@ verify_server_signature(fe_scram_state *state)
} }
/* /*
* Build a new SCRAM verifier. * Build a new SCRAM secret.
*/ */
char * char *
pg_fe_scram_build_verifier(const char *password) pg_fe_scram_build_secret(const char *password)
{ {
char *prep_password; char *prep_password;
pg_saslprep_rc rc; pg_saslprep_rc rc;
...@@ -851,7 +851,7 @@ pg_fe_scram_build_verifier(const char *password) ...@@ -851,7 +851,7 @@ pg_fe_scram_build_verifier(const char *password)
return NULL; return NULL;
} }
result = scram_build_verifier(saltbuf, SCRAM_DEFAULT_SALT_LEN, result = scram_build_secret(saltbuf, SCRAM_DEFAULT_SALT_LEN,
SCRAM_DEFAULT_ITERATIONS, password); SCRAM_DEFAULT_ITERATIONS, password);
if (prep_password) if (prep_password)
......
...@@ -1251,7 +1251,7 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user, ...@@ -1251,7 +1251,7 @@ PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user,
*/ */
if (strcmp(algorithm, "scram-sha-256") == 0) if (strcmp(algorithm, "scram-sha-256") == 0)
{ {
crypt_pwd = pg_fe_scram_build_verifier(passwd); crypt_pwd = pg_fe_scram_build_secret(passwd);
} }
else if (strcmp(algorithm, "md5") == 0) else if (strcmp(algorithm, "md5") == 0)
{ {
......
...@@ -31,6 +31,6 @@ extern void pg_fe_scram_free(void *opaq); ...@@ -31,6 +31,6 @@ extern void pg_fe_scram_free(void *opaq);
extern void pg_fe_scram_exchange(void *opaq, char *input, int inputlen, extern void pg_fe_scram_exchange(void *opaq, char *input, int inputlen,
char **output, int *outputlen, char **output, int *outputlen,
bool *done, bool *success); bool *done, bool *success);
extern char *pg_fe_scram_build_verifier(const char *password); extern char *pg_fe_scram_build_secret(const char *password);
#endif /* FE_AUTH_H */ #endif /* FE_AUTH_H */
...@@ -82,7 +82,7 @@ test_role($node, 'scram_role', 'scram-sha-256', 0); ...@@ -82,7 +82,7 @@ test_role($node, 'scram_role', 'scram-sha-256', 0);
test_role($node, 'md5_role', 'scram-sha-256', 2); test_role($node, 'md5_role', 'scram-sha-256', 2);
# For "md5" method, all users should be able to connect (SCRAM # For "md5" method, all users should be able to connect (SCRAM
# authentication will be performed for the user with a scram verifier.) # authentication will be performed for the user with a SCRAM secret.)
reset_pg_hba($node, 'md5'); reset_pg_hba($node, 'md5');
test_role($node, 'scram_role', 'md5', 0); test_role($node, 'scram_role', 'md5', 0);
test_role($node, 'md5_role', 'md5', 0); test_role($node, 'md5_role', 'md5', 0);
......
-- --
-- Tests for password verifiers -- Tests for password types
-- --
-- Tests for GUC password_encryption -- Tests for GUC password_encryption
SET password_encryption = 'novalue'; -- error SET password_encryption = 'novalue'; -- error
...@@ -18,7 +18,7 @@ CREATE ROLE regress_passwd3 PASSWORD 'role_pwd3'; ...@@ -18,7 +18,7 @@ CREATE ROLE regress_passwd3 PASSWORD 'role_pwd3';
CREATE ROLE regress_passwd4 PASSWORD NULL; CREATE ROLE regress_passwd4 PASSWORD NULL;
-- check list of created entries -- check list of created entries
-- --
-- The scram verifier will look something like: -- The scram secret will look something like:
-- SCRAM-SHA-256$4096:E4HxLGtnRzsYwg==$6YtlR4t69SguDiwFvbVgVZtuz6gpJQQqUMZ7IQJK5yI=:ps75jrHeYU4lXCcXI4O8oIdJ3eO8o2jirjruw9phBTo= -- SCRAM-SHA-256$4096:E4HxLGtnRzsYwg==$6YtlR4t69SguDiwFvbVgVZtuz6gpJQQqUMZ7IQJK5yI=:ps75jrHeYU4lXCcXI4O8oIdJ3eO8o2jirjruw9phBTo=
-- --
-- Since the salt is random, the exact value stored will be different on every test -- Since the salt is random, the exact value stored will be different on every test
...@@ -58,14 +58,14 @@ ALTER ROLE regress_passwd2 PASSWORD 'foo'; ...@@ -58,14 +58,14 @@ ALTER ROLE regress_passwd2 PASSWORD 'foo';
ALTER ROLE regress_passwd1 PASSWORD 'md5cd3578025fe2c3d7ed1b9a9b26238b70'; ALTER ROLE regress_passwd1 PASSWORD 'md5cd3578025fe2c3d7ed1b9a9b26238b70';
ALTER ROLE regress_passwd3 PASSWORD 'SCRAM-SHA-256$4096:VLK4RMaQLCvNtQ==$6YtlR4t69SguDiwFvbVgVZtuz6gpJQQqUMZ7IQJK5yI=:ps75jrHeYU4lXCcXI4O8oIdJ3eO8o2jirjruw9phBTo='; ALTER ROLE regress_passwd3 PASSWORD 'SCRAM-SHA-256$4096:VLK4RMaQLCvNtQ==$6YtlR4t69SguDiwFvbVgVZtuz6gpJQQqUMZ7IQJK5yI=:ps75jrHeYU4lXCcXI4O8oIdJ3eO8o2jirjruw9phBTo=';
SET password_encryption = 'scram-sha-256'; SET password_encryption = 'scram-sha-256';
-- create SCRAM verifier -- create SCRAM secret
ALTER ROLE regress_passwd4 PASSWORD 'foo'; ALTER ROLE regress_passwd4 PASSWORD 'foo';
-- already encrypted with MD5, use as it is -- already encrypted with MD5, use as it is
CREATE ROLE regress_passwd5 PASSWORD 'md5e73a4b11df52a6068f8b39f90be36023'; CREATE ROLE regress_passwd5 PASSWORD 'md5e73a4b11df52a6068f8b39f90be36023';
-- This looks like a valid SCRAM-SHA-256 verifier, but it is not -- This looks like a valid SCRAM-SHA-256 secret, but it is not
-- so it should be hashed with SCRAM-SHA-256. -- so it should be hashed with SCRAM-SHA-256.
CREATE ROLE regress_passwd6 PASSWORD 'SCRAM-SHA-256$1234'; CREATE ROLE regress_passwd6 PASSWORD 'SCRAM-SHA-256$1234';
-- These may look like valid MD5 verifiers, but they are not, so they -- These may look like valid MD5 secrets, but they are not, so they
-- should be hashed with SCRAM-SHA-256. -- should be hashed with SCRAM-SHA-256.
-- trailing garbage at the end -- trailing garbage at the end
CREATE ROLE regress_passwd7 PASSWORD 'md5012345678901234567890123456789zz'; CREATE ROLE regress_passwd7 PASSWORD 'md5012345678901234567890123456789zz';
...@@ -107,7 +107,7 @@ SELECT rolpassword FROM pg_authid WHERE rolname='regress_passwd_empty'; ...@@ -107,7 +107,7 @@ SELECT rolpassword FROM pg_authid WHERE rolname='regress_passwd_empty';
CREATE ROLE regress_passwd_sha_len0 PASSWORD 'SCRAM-SHA-256$4096:A6xHKoH/494E941doaPOYg==$Ky+A30sewHIH3VHQLRN9vYsuzlgNyGNKCh37dy96Rqw=:COPdlNiIkrsacU5QoxydEuOH6e/KfiipeETb/bPw8ZI='; CREATE ROLE regress_passwd_sha_len0 PASSWORD 'SCRAM-SHA-256$4096:A6xHKoH/494E941doaPOYg==$Ky+A30sewHIH3VHQLRN9vYsuzlgNyGNKCh37dy96Rqw=:COPdlNiIkrsacU5QoxydEuOH6e/KfiipeETb/bPw8ZI=';
CREATE ROLE regress_passwd_sha_len1 PASSWORD 'SCRAM-SHA-256$4096:A6xHKoH/494E941doaPOYg==$Ky+A30sewHIH3VHQLRN9vYsuzlgNyGNKCh37dy96RqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=:COPdlNiIkrsacU5QoxydEuOH6e/KfiipeETb/bPw8ZI='; CREATE ROLE regress_passwd_sha_len1 PASSWORD 'SCRAM-SHA-256$4096:A6xHKoH/494E941doaPOYg==$Ky+A30sewHIH3VHQLRN9vYsuzlgNyGNKCh37dy96RqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=:COPdlNiIkrsacU5QoxydEuOH6e/KfiipeETb/bPw8ZI=';
CREATE ROLE regress_passwd_sha_len2 PASSWORD 'SCRAM-SHA-256$4096:A6xHKoH/494E941doaPOYg==$Ky+A30sewHIH3VHQLRN9vYsuzlgNyGNKCh37dy96Rqw=:COPdlNiIkrsacU5QoxydEuOH6e/KfiipeETb/bPw8ZIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='; CREATE ROLE regress_passwd_sha_len2 PASSWORD 'SCRAM-SHA-256$4096:A6xHKoH/494E941doaPOYg==$Ky+A30sewHIH3VHQLRN9vYsuzlgNyGNKCh37dy96Rqw=:COPdlNiIkrsacU5QoxydEuOH6e/KfiipeETb/bPw8ZIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=';
-- Check that the invalid verifiers were re-hashed. A re-hashed verifier -- Check that the invalid secrets were re-hashed. A re-hashed secret
-- should not contain the original salt. -- should not contain the original salt.
SELECT rolname, rolpassword not like '%A6xHKoH/494E941doaPOYg==%' as is_rolpassword_rehashed SELECT rolname, rolpassword not like '%A6xHKoH/494E941doaPOYg==%' as is_rolpassword_rehashed
FROM pg_authid FROM pg_authid
......
-- --
-- Tests for password verifiers -- Tests for password types
-- --
-- Tests for GUC password_encryption -- Tests for GUC password_encryption
...@@ -19,7 +19,7 @@ CREATE ROLE regress_passwd4 PASSWORD NULL; ...@@ -19,7 +19,7 @@ CREATE ROLE regress_passwd4 PASSWORD NULL;
-- check list of created entries -- check list of created entries
-- --
-- The scram verifier will look something like: -- The scram secret will look something like:
-- SCRAM-SHA-256$4096:E4HxLGtnRzsYwg==$6YtlR4t69SguDiwFvbVgVZtuz6gpJQQqUMZ7IQJK5yI=:ps75jrHeYU4lXCcXI4O8oIdJ3eO8o2jirjruw9phBTo= -- SCRAM-SHA-256$4096:E4HxLGtnRzsYwg==$6YtlR4t69SguDiwFvbVgVZtuz6gpJQQqUMZ7IQJK5yI=:ps75jrHeYU4lXCcXI4O8oIdJ3eO8o2jirjruw9phBTo=
-- --
-- Since the salt is random, the exact value stored will be different on every test -- Since the salt is random, the exact value stored will be different on every test
...@@ -49,15 +49,15 @@ ALTER ROLE regress_passwd1 PASSWORD 'md5cd3578025fe2c3d7ed1b9a9b26238b70'; ...@@ -49,15 +49,15 @@ ALTER ROLE regress_passwd1 PASSWORD 'md5cd3578025fe2c3d7ed1b9a9b26238b70';
ALTER ROLE regress_passwd3 PASSWORD 'SCRAM-SHA-256$4096:VLK4RMaQLCvNtQ==$6YtlR4t69SguDiwFvbVgVZtuz6gpJQQqUMZ7IQJK5yI=:ps75jrHeYU4lXCcXI4O8oIdJ3eO8o2jirjruw9phBTo='; ALTER ROLE regress_passwd3 PASSWORD 'SCRAM-SHA-256$4096:VLK4RMaQLCvNtQ==$6YtlR4t69SguDiwFvbVgVZtuz6gpJQQqUMZ7IQJK5yI=:ps75jrHeYU4lXCcXI4O8oIdJ3eO8o2jirjruw9phBTo=';
SET password_encryption = 'scram-sha-256'; SET password_encryption = 'scram-sha-256';
-- create SCRAM verifier -- create SCRAM secret
ALTER ROLE regress_passwd4 PASSWORD 'foo'; ALTER ROLE regress_passwd4 PASSWORD 'foo';
-- already encrypted with MD5, use as it is -- already encrypted with MD5, use as it is
CREATE ROLE regress_passwd5 PASSWORD 'md5e73a4b11df52a6068f8b39f90be36023'; CREATE ROLE regress_passwd5 PASSWORD 'md5e73a4b11df52a6068f8b39f90be36023';
-- This looks like a valid SCRAM-SHA-256 verifier, but it is not -- This looks like a valid SCRAM-SHA-256 secret, but it is not
-- so it should be hashed with SCRAM-SHA-256. -- so it should be hashed with SCRAM-SHA-256.
CREATE ROLE regress_passwd6 PASSWORD 'SCRAM-SHA-256$1234'; CREATE ROLE regress_passwd6 PASSWORD 'SCRAM-SHA-256$1234';
-- These may look like valid MD5 verifiers, but they are not, so they -- These may look like valid MD5 secrets, but they are not, so they
-- should be hashed with SCRAM-SHA-256. -- should be hashed with SCRAM-SHA-256.
-- trailing garbage at the end -- trailing garbage at the end
CREATE ROLE regress_passwd7 PASSWORD 'md5012345678901234567890123456789zz'; CREATE ROLE regress_passwd7 PASSWORD 'md5012345678901234567890123456789zz';
...@@ -83,7 +83,7 @@ CREATE ROLE regress_passwd_sha_len0 PASSWORD 'SCRAM-SHA-256$4096:A6xHKoH/494E941 ...@@ -83,7 +83,7 @@ CREATE ROLE regress_passwd_sha_len0 PASSWORD 'SCRAM-SHA-256$4096:A6xHKoH/494E941
CREATE ROLE regress_passwd_sha_len1 PASSWORD 'SCRAM-SHA-256$4096:A6xHKoH/494E941doaPOYg==$Ky+A30sewHIH3VHQLRN9vYsuzlgNyGNKCh37dy96RqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=:COPdlNiIkrsacU5QoxydEuOH6e/KfiipeETb/bPw8ZI='; CREATE ROLE regress_passwd_sha_len1 PASSWORD 'SCRAM-SHA-256$4096:A6xHKoH/494E941doaPOYg==$Ky+A30sewHIH3VHQLRN9vYsuzlgNyGNKCh37dy96RqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=:COPdlNiIkrsacU5QoxydEuOH6e/KfiipeETb/bPw8ZI=';
CREATE ROLE regress_passwd_sha_len2 PASSWORD 'SCRAM-SHA-256$4096:A6xHKoH/494E941doaPOYg==$Ky+A30sewHIH3VHQLRN9vYsuzlgNyGNKCh37dy96Rqw=:COPdlNiIkrsacU5QoxydEuOH6e/KfiipeETb/bPw8ZIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA='; CREATE ROLE regress_passwd_sha_len2 PASSWORD 'SCRAM-SHA-256$4096:A6xHKoH/494E941doaPOYg==$Ky+A30sewHIH3VHQLRN9vYsuzlgNyGNKCh37dy96Rqw=:COPdlNiIkrsacU5QoxydEuOH6e/KfiipeETb/bPw8ZIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=';
-- Check that the invalid verifiers were re-hashed. A re-hashed verifier -- Check that the invalid secrets were re-hashed. A re-hashed secret
-- should not contain the original salt. -- should not contain the original salt.
SELECT rolname, rolpassword not like '%A6xHKoH/494E941doaPOYg==%' as is_rolpassword_rehashed SELECT rolname, rolpassword not like '%A6xHKoH/494E941doaPOYg==%' as is_rolpassword_rehashed
FROM pg_authid FROM pg_authid
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment