summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHeikki Linnakangas2017-03-07 17:00:22 +0000
committerHeikki Linnakangas2017-03-07 17:00:22 +0000
commit95c1dbcdfffcc3a77e693c3c2759e26a01f465c8 (patch)
treed671488f0ef3412fd108b73625fc41d1f7aac18a
parent3bc7dafa9bebbdaa1bbf0da0798d29a8bdaf6a8f (diff)
A collection of small fixes for the SCRAM patch.
* Add required #includes for htonl. Per buildfarm members pademelon/gaur. * Remove unnecessary "#include <utils/memutils>". * Fix checking for empty string in pg_SASL_init. (Reported by Peter Eisentraut and his compiler) * Move code in pg_SASL_init to match the recent changes (commit ba005f193d) to pg_fe_sendauth() function, where it's copied from. * Return value of malloc() was not checked for NULL in scram_SaltedPassword(). Fix by avoiding the malloc().
-rw-r--r--src/common/scram-common.c30
-rw-r--r--src/interfaces/libpq/fe-auth.c7
2 files changed, 14 insertions, 23 deletions
diff --git a/src/common/scram-common.c b/src/common/scram-common.c
index 0a36daec24..e44f38f652 100644
--- a/src/common/scram-common.c
+++ b/src/common/scram-common.c
@@ -15,11 +15,14 @@
*/
#ifndef FRONTEND
#include "postgres.h"
-#include "utils/memutils.h"
#else
#include "postgres_fe.h"
#endif
+/* for htonl */
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
#include "common/scram-common.h"
#define HMAC_IPAD 0x36
@@ -145,10 +148,13 @@ scram_H(const uint8 *input, int len, uint8 *result)
}
/*
- * Normalize a password for SCRAM authentication.
+ * Encrypt password for SCRAM authentication. This basically applies the
+ * normalization of the password and a hash calculation using the salt
+ * value given by caller.
*/
static void
-scram_Normalize(const char *password, char *result)
+scram_SaltedPassword(const char *password, const char *salt, int saltlen, int iterations,
+ uint8 *result)
{
/*
* XXX: Here SASLprep should be applied on password. However, per RFC5802,
@@ -158,24 +164,8 @@ scram_Normalize(const char *password, char *result)
* the frontend in order to be able to encode properly this string, and
* then apply SASLprep on it.
*/
- memcpy(result, password, strlen(password) + 1);
-}
-
-/*
- * Encrypt password for SCRAM authentication. This basically applies the
- * normalization of the password and a hash calculation using the salt
- * value given by caller.
- */
-static void
-scram_SaltedPassword(const char *password, const char *salt, int saltlen, int iterations,
- uint8 *result)
-{
- char *pwbuf;
- pwbuf = (char *) malloc(strlen(password) + 1);
- scram_Normalize(password, pwbuf);
- scram_Hi(pwbuf, salt, saltlen, iterations, result);
- free(pwbuf);
+ scram_Hi(password, salt, saltlen, iterations, result);
}
/*
diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
index c69260b522..5fe7e565a0 100644
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -445,12 +445,13 @@ pg_SASL_init(PGconn *conn, const char *auth_mechanism)
*/
if (strcmp(auth_mechanism, SCRAM_SHA256_NAME) == 0)
{
- char *password = conn->connhost[conn->whichhost].password;
+ char *password;
+ conn->password_needed = true;
+ password = conn->connhost[conn->whichhost].password;
if (password == NULL)
password = conn->pgpass;
- conn->password_needed = true;
- if (password == NULL || password == '\0')
+ if (password == NULL || password[0] == '\0')
{
printfPQExpBuffer(&conn->errorMessage,
PQnoPasswordSupplied);