NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitb4675a8

committed

Fix use of term "verifier"

Within the context of SCRAM, "verifier" has a specific meaning in theprotocol, per RFCs. The existing code used "verifier" differently, tomean whatever is or would be stored in pg_auth.rolpassword.Fix this by using the term "secret" for this, following RFC 5803.Reviewed-by: Michael Paquier <michael@paquier.xyz>Discussion:https://www.postgresql.org/message-id/flat/be397b06-6e4b-ba71-c7fb-54cae84a7e18%402ndquadrant.com

1 parent5f3d271 commitb4675a8Copy full SHA for b4675a8

File tree

13 files changed

+85

-85

lines changed

src
- backend/libpq
- common
  - scram-common.c
- include
  - common
    - scram-common.h
  - libpq
    - crypt.h
    - scram.h
- interfaces/libpq
- test
  - authentication/t
    - 001_password.pl
  - regress
    - expected
      - password.out
    - sql
      - password.sql

13 files changed

+85

-85

lines changed

`‎src/backend/libpq/auth-scram.c`

Lines changed: 52 additions & 52 deletions

Original file line number	Diff line number	Diff line change
`@@ -64,10 +64,10 @@`
`64`	`64`	`* Don't reveal user information to an unauthenticated client. We don't`
`65`	`65`	`* want an attacker to be able to probe whether a particular username is`
`66`	`66`	`* valid. In SCRAM, the server has to read the salt and iteration count`
`67`		`- * from the user'spassword verifier, and send it to the client. To avoid`
	`67`	`+ * from the user'sstored secret, and send it to the client. To avoid`
`68`	`68`	`* revealing whether a user exists, when the client tries to authenticate`
`69`	`69`	`* with a username that doesn't exist, or doesn't have a valid SCRAM`
`70`		`- *verifier in pg_authid, we create a fake salt and iteration count`
	`70`	`+ *secret in pg_authid, we create a fake salt and iteration count`
`71`	`71`	`* on-the-fly, and proceed with the authentication with that. In the end,`
`72`	`72`	`* we'll reject the attempt, as if an incorrect password was given. When`
`73`	`73`	`* we are performing a "mock" authentication, the 'doomed' flag in`
`@@ -161,7 +161,7 @@ static char build_server_first_message(scram_state state);`
`161`	`161`	`staticcharbuild_server_final_message(scram_statestate);`
`162`	`162`	`staticboolverify_client_proof(scram_state*state);`
`163`	`163`	`staticboolverify_final_nonce(scram_state*state);`
`164`		`-staticvoidmock_scram_verifier(constcharusername,intiterations,`
	`164`	`+staticvoidmock_scram_secret(constcharusername,intiterations,`
`165`	`165`	`char*salt,uint8stored_key,uint8*server_key);`
`166`	`166`	`staticboolis_scram_printable(char*p);`
`167`	`167`	`staticchar*sanitize_char(charc);`
`@@ -202,13 +202,13 @@ pg_be_scram_get_mechanisms(Port *port, StringInfo buf)`
`202`	`202`	`*`
`203`	`203`	`* Initialize a new SCRAM authentication exchange status tracker. This`
`204`	`204`	`* needs to be called before doing any exchange. It will be filled later`
`205`		`- * after the beginning of the exchange withverifier data.`
	`205`	`+ * after the beginning of the exchange withauthentication information.`
`206`	`206`	`*`
`207`	`207`	`* 'selected_mech' identifies the SASL mechanism that the client selected.`
`208`	`208`	`* It should be one of the mechanisms that we support, as returned by`
`209`	`209`	`* pg_be_scram_get_mechanisms().`
`210`	`210`	`*`
`211`		`- * 'shadow_pass' is the role'spassword verifier, from pg_authid.rolpassword.`
	`211`	`+ * 'shadow_pass' is the role'sstored secret, from pg_authid.rolpassword.`
`212`	`212`	`* The username was provided by the client in the startup message, and is`
`213`	`213`	`* available in port->user_name. If 'shadow_pass' is NULL, we still perform`
`214`	`214`	`* an authentication exchange, but it will fail, as if an incorrect password`
`@@ -220,7 +220,7 @@ pg_be_scram_init(Port *port,`
`220`	`220`	`constchar*shadow_pass)`
`221`	`221`	`{`
`222`	`222`	`scram_state*state;`
`223`		`-boolgot_verifier;`
	`223`	`+boolgot_secret;`
`224`	`224`
`225`	`225`	`state= (scram_state*)palloc0(sizeof(scram_state));`
`226`	`226`	`state->port=port;`
`@@ -248,38 +248,38 @@ pg_be_scram_init(Port *port,`
`248`	`248`	`errmsg("client selected an invalid SASL authentication mechanism")));`
`249`	`249`
`250`	`250`	`/*`
`251`		`- * Parse the storedpassword verifier.`
	`251`	`+ * Parse the storedsecret.`
`252`	`252`	`*/`
`253`	`253`	`if (shadow_pass)`
`254`	`254`	`{`
`255`	`255`	`intpassword_type=get_password_type(shadow_pass);`
`256`	`256`
`257`	`257`	`if (password_type==PASSWORD_TYPE_SCRAM_SHA_256)`
`258`	`258`	`{`
`259`		`-if (parse_scram_verifier(shadow_pass,&state->iterations,&state->salt,`
	`259`	`+if (parse_scram_secret(shadow_pass,&state->iterations,&state->salt,`
`260`	`260`	`state->StoredKey,state->ServerKey))`
`261`		`-got_verifier= true;`
	`261`	`+got_secret= true;`
`262`	`262`	`else`
`263`	`263`	`{`
`264`	`264`	`/*`
`265`		`- * The password looked like a SCRAMverifier, but could not be`
	`265`	`+ * The password looked like a SCRAMsecret, but could not be`
`266`	`266`	`* parsed.`
`267`	`267`	`*/`
`268`	`268`	`ereport(LOG,`
`269`		`-(errmsg("invalid SCRAMverifier for user \"%s\"",`
	`269`	`+(errmsg("invalid SCRAMsecret for user \"%s\"",`
`270`	`270`	`state->port->user_name)));`
`271`		`-got_verifier= false;`
	`271`	`+got_secret= false;`
`272`	`272`	`}`
`273`	`273`	`}`
`274`	`274`	`else`
`275`	`275`	`{`
`276`	`276`	`/*`
`277`		`- * The user doesn't have SCRAMverifier. (You cannot do SCRAM`
	`277`	`+ * The user doesn't have SCRAMsecret. (You cannot do SCRAM`
`278`	`278`	`* authentication with an MD5 hash.)`
`279`	`279`	`*/`
`280`		`-state->logdetail=psprintf(_("User \"%s\" does not have a valid SCRAMverifier."),`
	`280`	`+state->logdetail=psprintf(_("User \"%s\" does not have a valid SCRAMsecret."),`
`281`	`281`	`state->port->user_name);`
`282`		`-got_verifier= false;`
	`282`	`+got_secret= false;`
`283`	`283`	`}`
`284`	`284`	`}`
`285`	`285`	`else`
`@@ -289,18 +289,18 @@ pg_be_scram_init(Port *port,`
`289`	`289`	`* considered normal, since the caller requested it, so don't set log`
`290`	`290`	`* detail.`
`291`	`291`	`*/`
`292`		`-got_verifier= false;`
	`292`	`+got_secret= false;`
`293`	`293`	`}`
`294`	`294`
`295`	`295`	`/*`
`296`		`- * If the user did not have a valid SCRAMverifier, we still go through`
	`296`	`+ * If the user did not have a valid SCRAMsecret, we still go through`
`297`	`297`	`* the motions with a mock one, and fail as if the client supplied an`
`298`	`298`	`* incorrect password. This is to avoid revealing information to an`
`299`	`299`	`* attacker.`
`300`	`300`	`*/`
`301`		`-if (!got_verifier)`
	`301`	`+if (!got_secret)`
`302`	`302`	`{`
`303`		`-mock_scram_verifier(state->port->user_name,&state->iterations,`
	`303`	`+mock_scram_secret(state->port->user_name,&state->iterations,`
`304`	`304`	`&state->salt,state->StoredKey,state->ServerKey);`
`305`	`305`	`state->doomed= true;`
`306`	`306`	`}`
`@@ -443,12 +443,12 @@ pg_be_scram_exchange(void opaq, const char input, int inputlen,`
`443`	`443`	`}`
`444`	`444`
`445`	`445`	`/*`
`446`		`- * Construct averifier string forSCRAM, stored in pg_authid.rolpassword.`
	`446`	`+ * Construct aSCRAM secret, forstoring in pg_authid.rolpassword.`
`447`	`447`	`*`
`448`	`448`	`* The result is palloc'd, so caller is responsible for freeing it.`
`449`	`449`	`*/`
`450`	`450`	`char*`
`451`		`-pg_be_scram_build_verifier(constchar*password)`
	`451`	`+pg_be_scram_build_secret(constchar*password)`
`452`	`452`	`{`
`453`	`453`	`char*prep_password;`
`454`	`454`	`pg_saslprep_rcrc;`
`@@ -470,7 +470,7 @@ pg_be_scram_build_verifier(const char *password)`
`470`	`470`	`(errcode(ERRCODE_INTERNAL_ERROR),`
`471`	`471`	`errmsg("could not generate random salt")));`
`472`	`472`
`473`		`-result=scram_build_verifier(saltbuf,SCRAM_DEFAULT_SALT_LEN,`
	`473`	`+result=scram_build_secret(saltbuf,SCRAM_DEFAULT_SALT_LEN,`
`474`	`474`	`SCRAM_DEFAULT_ITERATIONS,password);`
`475`	`475`
`476`	`476`	`if (prep_password)`
`@@ -480,13 +480,13 @@ pg_be_scram_build_verifier(const char *password)`
`480`	`480`	`}`
`481`	`481`
`482`	`482`	`/*`
`483`		`- * Verify a plaintext password against a SCRAMverifier. This is used when`
	`483`	`+ * Verify a plaintext password against a SCRAMsecret. This is used when`
`484`	`484`	`* performing plaintext password authentication for a user that has a SCRAM`
`485`		`- *verifier stored in pg_authid.`
	`485`	`+ *secret stored in pg_authid.`
`486`	`486`	`*/`
`487`	`487`	`bool`
`488`	`488`	`scram_verify_plain_password(constcharusername,constcharpassword,`
`489`		`-constchar*verifier)`
	`489`	`+constchar*secret)`
`490`	`490`	`{`
`491`	`491`	`char*encoded_salt;`
`492`	`492`	`char*salt;`
`@@ -499,14 +499,14 @@ scram_verify_plain_password(const char username, const char password,`
`499`	`499`	`char*prep_password;`
`500`	`500`	`pg_saslprep_rcrc;`
`501`	`501`
`502`		`-if (!parse_scram_verifier(verifier,&iterations,&encoded_salt,`
	`502`	`+if (!parse_scram_secret(secret,&iterations,&encoded_salt,`
`503`	`503`	`stored_key,server_key))`
`504`	`504`	`{`
`505`	`505`	`/*`
`506`		`- * The password looked like a SCRAMverifier, but could not be parsed.`
	`506`	`+ * The password looked like a SCRAMsecret, but could not be parsed.`
`507`	`507`	`*/`
`508`	`508`	`ereport(LOG,`
`509`		`-(errmsg("invalid SCRAMverifier for user \"%s\"",username)));`
	`509`	`+(errmsg("invalid SCRAMsecret for user \"%s\"",username)));`
`510`	`510`	`return false;`
`511`	`511`	`}`
`512`	`512`
`@@ -517,7 +517,7 @@ scram_verify_plain_password(const char username, const char password,`
`517`	`517`	`if (saltlen<0)`
`518`	`518`	`{`
`519`	`519`	`ereport(LOG,`
`520`		`-(errmsg("invalid SCRAMverifier for user \"%s\"",username)));`
	`520`	`+(errmsg("invalid SCRAMsecret for user \"%s\"",username)));`
`521`	`521`	`return false;`
`522`	`522`	`}`
`523`	`523`
`@@ -534,26 +534,26 @@ scram_verify_plain_password(const char username, const char password,`
`534`	`534`	`pfree(prep_password);`
`535`	`535`
`536`	`536`	`/*`
`537`		`- * Compare theverifier's Server Key with the one computed from the`
	`537`	`+ * Compare thesecret's Server Key with the one computed from the`
`538`	`538`	`* user-supplied password.`
`539`	`539`	`*/`
`540`	`540`	`returnmemcmp(computed_key,server_key,SCRAM_KEY_LEN)==0;`
`541`	`541`	`}`
`542`	`542`
`543`	`543`
`544`	`544`	`/*`
`545`		`- * Parse and validate format of given SCRAMverifier.`
	`545`	`+ * Parse and validate format of given SCRAMsecret.`
`546`	`546`	`*`
`547`	`547`	`* On success, the iteration count, salt, stored key, and server key are`
`548`		`- * extracted from theverifier, and returned to the caller. For 'stored_key'`
	`548`	`+ * extracted from thesecret, and returned to the caller. For 'stored_key'`
`549`	`549`	`* and 'server_key', the caller must pass pre-allocated buffers of size`
`550`	`550`	`* SCRAM_KEY_LEN. Salt is returned as a base64-encoded, null-terminated`
`551`	`551`	`* string. The buffer for the salt is palloc'd by this function.`
`552`	`552`	`*`
`553`		`- * Returns true if the SCRAMverifier has been parsed, and false otherwise.`
	`553`	`+ * Returns true if the SCRAMsecret has been parsed, and false otherwise.`
`554`	`554`	`*/`
`555`	`555`	`bool`
`556`		`-parse_scram_verifier(constcharverifier,intiterations,char**salt,`
	`556`	`+parse_scram_secret(constcharsecret,intiterations,char**salt,`
`557`	`557`	`uint8stored_key,uint8server_key)`
`558`	`558`	`{`
`559`	`559`	`char*v;`
`@@ -569,30 +569,30 @@ parse_scram_verifier(const char verifier, int iterations, char **salt,`
`569`	`569`	`char*decoded_server_buf;`
`570`	`570`
`571`	`571`	`/*`
`572`		`- * Theverifier is of form:`
	`572`	`+ * Thesecret is of form:`
`573`	`573`	`*`
`574`	`574`	`* SCRAM-SHA-256$<iterations>:<salt>$<storedkey>:<serverkey>`
`575`	`575`	`*/`
`576`		`-v=pstrdup(verifier);`
	`576`	`+v=pstrdup(secret);`
`577`	`577`	`if ((scheme_str=strtok(v,"$"))==NULL)`
`578`		`-gotoinvalid_verifier;`
	`578`	`+gotoinvalid_secret;`
`579`	`579`	`if ((iterations_str=strtok(NULL,":"))==NULL)`
`580`		`-gotoinvalid_verifier;`
	`580`	`+gotoinvalid_secret;`
`581`	`581`	`if ((salt_str=strtok(NULL,"$"))==NULL)`
`582`		`-gotoinvalid_verifier;`
	`582`	`+gotoinvalid_secret;`
`583`	`583`	`if ((storedkey_str=strtok(NULL,":"))==NULL)`
`584`		`-gotoinvalid_verifier;`
	`584`	`+gotoinvalid_secret;`
`585`	`585`	`if ((serverkey_str=strtok(NULL,""))==NULL)`
`586`		`-gotoinvalid_verifier;`
	`586`	`+gotoinvalid_secret;`
`587`	`587`
`588`	`588`	`/* Parse the fields */`
`589`	`589`	`if (strcmp(scheme_str,"SCRAM-SHA-256")!=0)`
`590`		`-gotoinvalid_verifier;`
	`590`	`+gotoinvalid_secret;`
`591`	`591`
`592`	`592`	`errno=0;`
`593`	`593`	`*iterations=strtol(iterations_str,&p,10);`
`594`	`594`	`if (*p\|\|errno!=0)`
`595`		`-gotoinvalid_verifier;`
	`595`	`+gotoinvalid_secret;`
`596`	`596`
`597`	`597`	`/*`
`598`	`598`	`* Verify that the salt is in Base64-encoded format, by decoding it,`
`@@ -603,7 +603,7 @@ parse_scram_verifier(const char verifier, int iterations, char **salt,`
`603`	`603`	`decoded_len=pg_b64_decode(salt_str,strlen(salt_str),`
`604`	`604`	`decoded_salt_buf,decoded_len);`
`605`	`605`	`if (decoded_len<0)`
`606`		`-gotoinvalid_verifier;`
	`606`	`+gotoinvalid_secret;`
`607`	`607`	`*salt=pstrdup(salt_str);`
`608`	`608`
`609`	`609`	`/*`
`@@ -614,37 +614,37 @@ parse_scram_verifier(const char verifier, int iterations, char **salt,`
`614`	`614`	`decoded_len=pg_b64_decode(storedkey_str,strlen(storedkey_str),`
`615`	`615`	`decoded_stored_buf,decoded_len);`
`616`	`616`	`if (decoded_len!=SCRAM_KEY_LEN)`
`617`		`-gotoinvalid_verifier;`
	`617`	`+gotoinvalid_secret;`
`618`	`618`	`memcpy(stored_key,decoded_stored_buf,SCRAM_KEY_LEN);`
`619`	`619`
`620`	`620`	`decoded_len=pg_b64_dec_len(strlen(serverkey_str));`
`621`	`621`	`decoded_server_buf=palloc(decoded_len);`
`622`	`622`	`decoded_len=pg_b64_decode(serverkey_str,strlen(serverkey_str),`
`623`	`623`	`decoded_server_buf,decoded_len);`
`624`	`624`	`if (decoded_len!=SCRAM_KEY_LEN)`
`625`		`-gotoinvalid_verifier;`
	`625`	`+gotoinvalid_secret;`
`626`	`626`	`memcpy(server_key,decoded_server_buf,SCRAM_KEY_LEN);`
`627`	`627`
`628`	`628`	`return true;`
`629`	`629`
`630`		`-invalid_verifier:`
	`630`	`+invalid_secret:`
`631`	`631`	`*salt=NULL;`
`632`	`632`	`return false;`
`633`	`633`	`}`
`634`	`634`
`635`	`635`	`/*`
`636`		`- * Generate plausible SCRAMverifier parameters for mock authentication.`
	`636`	`+ * Generate plausible SCRAMsecret parameters for mock authentication.`
`637`	`637`	`*`
`638`		`- * In a normal authentication, these are extracted from theverifier`
	`638`	`+ * In a normal authentication, these are extracted from thesecret`
`639`	`639`	`* stored in the server. This function generates values that look`
`640`		`- * realistic, for when there is no storedverifier.`
	`640`	`+ * realistic, for when there is no storedsecret.`
`641`	`641`	`*`
`642`		`- * Like inparse_scram_verifier(), for 'stored_key' and 'server_key', the`
	`642`	`+ * Like inparse_scram_secret(), for 'stored_key' and 'server_key', the`
`643`	`643`	`* caller must pass pre-allocated buffers of size SCRAM_KEY_LEN, and`
`644`	`644`	`* the buffer for the salt is palloc'd by this function.`
`645`	`645`	`*/`
`646`	`646`	`staticvoid`
`647`		`-mock_scram_verifier(constcharusername,intiterations,char**salt,`
	`647`	`+mock_scram_secret(constcharusername,intiterations,char**salt,`
`648`	`648`	`uint8stored_key,uint8server_key)`
`649`	`649`	`{`
`650`	`650`	`char*raw_salt;`

`‎src/backend/libpq/auth.c`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -818,7 +818,7 @@ CheckPWChallengeAuth(Port port, char *logdetail)`
`818`	`818`	`* If 'md5' authentication is allowed, decide whether to perform 'md5' or`
`819`	`819`	`* 'scram-sha-256' authentication based on the type of password the user`
`820`	`820`	`* has. If it's an MD5 hash, we must do MD5 authentication, and if it's a`
`821`		`- * SCRAMverifier, we must do SCRAM authentication.`
	`821`	`+ * SCRAMsecret, we must do SCRAM authentication.`
`822`	`822`	`*`
`823`	`823`	`* If MD5 authentication is not allowed, always use SCRAM. If the user`
`824`	`824`	`* had an MD5 password, CheckSCRAMAuth() will fail.`

`‎src/backend/libpq/crypt.c`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -83,7 +83,7 @@ get_role_password(const char role, char *logdetail)`
`83`	`83`	`}`
`84`	`84`
`85`	`85`	`/*`
`86`		`- * What kind of a passwordverifier is 'shadow_pass'?`
	`86`	`+ * What kind of a passwordtype is 'shadow_pass'?`
`87`	`87`	`*/`
`88`	`88`	`PasswordType`
`89`	`89`	`get_password_type(constchar*shadow_pass)`
`@@ -97,14 +97,14 @@ get_password_type(const char *shadow_pass)`
`97`	`97`	`strlen(shadow_pass)==MD5_PASSWD_LEN&&`
`98`	`98`	`strspn(shadow_pass+3,MD5_PASSWD_CHARSET)==MD5_PASSWD_LEN-3)`
`99`	`99`	`returnPASSWORD_TYPE_MD5;`
`100`		`-if (parse_scram_verifier(shadow_pass,&iterations,&encoded_salt,`
	`100`	`+if (parse_scram_secret(shadow_pass,&iterations,&encoded_salt,`
`101`	`101`	`stored_key,server_key))`
`102`	`102`	`returnPASSWORD_TYPE_SCRAM_SHA_256;`
`103`	`103`	`returnPASSWORD_TYPE_PLAINTEXT;`
`104`	`104`	`}`
`105`	`105`
`106`	`106`	`/*`
`107`		`- * Given a user-supplied password, convert it into averifier of`
	`107`	`+ * Given a user-supplied password, convert it into asecret of`
`108`	`108`	`* 'target_type' kind.`
`109`	`109`	`*`
`110`	`110`	`* If the password is already in encrypted form, we cannot reverse the`
`@@ -137,7 +137,7 @@ encrypt_password(PasswordType target_type, const char *role,`
`137`	`137`	`returnencrypted_password;`
`138`	`138`
`139`	`139`	`casePASSWORD_TYPE_SCRAM_SHA_256:`
`140`		`-returnpg_be_scram_build_verifier(password);`
	`140`	`+returnpg_be_scram_build_secret(password);`
`141`	`141`
`142`	`142`	`casePASSWORD_TYPE_PLAINTEXT:`
`143`	`143`	`elog(ERROR,"cannot encrypt password with 'plaintext'");`

`‎src/common/scram-common.c`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -181,15 +181,15 @@ scram_ServerKey(const uint8 salted_password, uint8 result)`
`181`	`181`
`182`	`182`
`183`	`183`	`/*`
`184`		`- * Construct averifier string forSCRAM, stored in pg_authid.rolpassword.`
	`184`	`+ * Construct aSCRAM secret, forstoring in pg_authid.rolpassword.`
`185`	`185`	`*`
`186`	`186`	`* The password should already have been processed with SASLprep, if necessary!`
`187`	`187`	`*`
`188`	`188`	`* If iterations is 0, default number of iterations is used. The result is`
`189`	`189`	`* palloc'd or malloc'd, so caller is responsible for freeing it.`
`190`	`190`	`*/`
`191`	`191`	`char*`
`192`		`-scram_build_verifier(constchar*salt,intsaltlen,intiterations,`
	`192`	`+scram_build_secret(constchar*salt,intsaltlen,intiterations,`
`193`	`193`	`constchar*password)`
`194`	`194`	`{`
`195`	`195`	`uint8salted_password[SCRAM_KEY_LEN];`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitb4675a8

File tree

13 files changed

13 files changed

`‎src/backend/libpq/auth-scram.c`

`‎src/backend/libpq/auth.c`

`‎src/backend/libpq/crypt.c`

`‎src/common/scram-common.c`

0 commit comments