summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHeikki Linnakangas2017-05-05 07:01:44 +0000
committerHeikki Linnakangas2017-05-05 07:01:44 +0000
commite6e9c4da3a55450b120ad7e3d0be426255850914 (patch)
treed50b9aa7040ca4076571a49f8de441c5189138ff
parent344a113079888c9b9a81ffa3c3a7d95666347119 (diff)
Misc cleanup of SCRAM code.
* Remove is_scram_verifier() function. It was unused. * Fix sanitize_char() function, used in error messages on protocol violations, to print bytes >= 0x7F correctly. * Change spelling of scram_MockSalt() function to be more consistent with the surroundings. * Change a few more references to "server proof" to "server signature" that I missed in commit d981074c24.
-rw-r--r--src/backend/libpq/auth-scram.c30
-rw-r--r--src/include/libpq/scram.h1
-rw-r--r--src/interfaces/libpq/fe-auth-scram.c4
3 files changed, 6 insertions, 29 deletions
diff --git a/src/backend/libpq/auth-scram.c b/src/backend/libpq/auth-scram.c
index 0610deece2..8b3da736b1 100644
--- a/src/backend/libpq/auth-scram.c
+++ b/src/backend/libpq/auth-scram.c
@@ -153,7 +153,7 @@ static void mock_scram_verifier(const char *username, int *iterations,
char **salt, uint8 *stored_key, uint8 *server_key);
static bool is_scram_printable(char *p);
static char *sanitize_char(char c);
-static char *scram_MockSalt(const char *username);
+static char *scram_mock_salt(const char *username);
/*
* pg_be_scram_init
@@ -480,28 +480,6 @@ scram_verify_plain_password(const char *username, const char *password,
return memcmp(computed_key, server_key, SCRAM_KEY_LEN) == 0;
}
-/*
- * Check if given verifier can be used for SCRAM authentication.
- *
- * Returns true if it is a SCRAM verifier, and false otherwise.
- */
-bool
-is_scram_verifier(const char *verifier)
-{
- int iterations;
- char *salt = NULL;
- uint8 stored_key[SCRAM_KEY_LEN];
- uint8 server_key[SCRAM_KEY_LEN];
- bool result;
-
- result = parse_scram_verifier(verifier, &iterations, &salt,
- stored_key, server_key);
- if (salt)
- pfree(salt);
-
- return result;
-}
-
/*
* Parse and validate format of given SCRAM verifier.
@@ -592,7 +570,7 @@ mock_scram_verifier(const char *username, int *iterations, char **salt,
int encoded_len;
/* Generate deterministic salt */
- raw_salt = scram_MockSalt(username);
+ raw_salt = scram_mock_salt(username);
encoded_salt = (char *) palloc(pg_b64_enc_len(SCRAM_DEFAULT_SALT_LEN) + 1);
encoded_len = pg_b64_encode(raw_salt, SCRAM_DEFAULT_SALT_LEN, encoded_salt);
@@ -679,7 +657,7 @@ sanitize_char(char c)
if (c >= 0x21 && c <= 0x7E)
snprintf(buf, sizeof(buf), "'%c'", c);
else
- snprintf(buf, sizeof(buf), "0x%02x", c);
+ snprintf(buf, sizeof(buf), "0x%02x", (unsigned char) c);
return buf;
}
@@ -1146,7 +1124,7 @@ build_server_final_message(scram_state *state)
* pointer to a static buffer of size SCRAM_DEFAULT_SALT_LEN.
*/
static char *
-scram_MockSalt(const char *username)
+scram_mock_salt(const char *username)
{
pg_sha256_ctx ctx;
static uint8 sha_digest[PG_SHA256_DIGEST_LENGTH];
diff --git a/src/include/libpq/scram.h b/src/include/libpq/scram.h
index 060b8af69e..14b48af12f 100644
--- a/src/include/libpq/scram.h
+++ b/src/include/libpq/scram.h
@@ -28,7 +28,6 @@ extern int pg_be_scram_exchange(void *opaq, char *input, int inputlen,
/* Routines to handle and check SCRAM-SHA-256 verifier */
extern char *pg_be_scram_build_verifier(const char *password);
-extern bool is_scram_verifier(const char *verifier);
extern bool scram_verify_plain_password(const char *username,
const char *password, const char *verifier);
diff --git a/src/interfaces/libpq/fe-auth-scram.c b/src/interfaces/libpq/fe-auth-scram.c
index 52dae49abf..4598774a96 100644
--- a/src/interfaces/libpq/fe-auth-scram.c
+++ b/src/interfaces/libpq/fe-auth-scram.c
@@ -212,7 +212,7 @@ pg_fe_scram_exchange(void *opaq, char *input, int inputlen,
break;
case FE_SCRAM_PROOF_SENT:
- /* Receive server proof */
+ /* Receive server signature */
if (!read_server_final_message(state, input, errorMessage))
goto error;
@@ -228,7 +228,7 @@ pg_fe_scram_exchange(void *opaq, char *input, int inputlen,
{
*success = false;
printfPQExpBuffer(errorMessage,
- libpq_gettext("invalid server proof\n"));
+ libpq_gettext("invalid server signature\n"));
}
*done = true;
state->state = FE_SCRAM_FINISHED;