diff options
| author | Heikki Linnakangas | 2017-05-05 07:01:44 +0000 |
|---|---|---|
| committer | Heikki Linnakangas | 2017-05-05 07:01:44 +0000 |
| commit | e6e9c4da3a55450b120ad7e3d0be426255850914 (patch) | |
| tree | d50b9aa7040ca4076571a49f8de441c5189138ff | |
| parent | 344a113079888c9b9a81ffa3c3a7d95666347119 (diff) | |
Misc cleanup of SCRAM code.
* Remove is_scram_verifier() function. It was unused.
* Fix sanitize_char() function, used in error messages on protocol
violations, to print bytes >= 0x7F correctly.
* Change spelling of scram_MockSalt() function to be more consistent with
the surroundings.
* Change a few more references to "server proof" to "server signature" that
I missed in commit d981074c24.
| -rw-r--r-- | src/backend/libpq/auth-scram.c | 30 | ||||
| -rw-r--r-- | src/include/libpq/scram.h | 1 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-auth-scram.c | 4 |
3 files changed, 6 insertions, 29 deletions
diff --git a/src/backend/libpq/auth-scram.c b/src/backend/libpq/auth-scram.c index 0610deece2..8b3da736b1 100644 --- a/src/backend/libpq/auth-scram.c +++ b/src/backend/libpq/auth-scram.c @@ -153,7 +153,7 @@ static void mock_scram_verifier(const char *username, int *iterations, char **salt, uint8 *stored_key, uint8 *server_key); static bool is_scram_printable(char *p); static char *sanitize_char(char c); -static char *scram_MockSalt(const char *username); +static char *scram_mock_salt(const char *username); /* * pg_be_scram_init @@ -480,28 +480,6 @@ scram_verify_plain_password(const char *username, const char *password, return memcmp(computed_key, server_key, SCRAM_KEY_LEN) == 0; } -/* - * Check if given verifier can be used for SCRAM authentication. - * - * Returns true if it is a SCRAM verifier, and false otherwise. - */ -bool -is_scram_verifier(const char *verifier) -{ - int iterations; - char *salt = NULL; - uint8 stored_key[SCRAM_KEY_LEN]; - uint8 server_key[SCRAM_KEY_LEN]; - bool result; - - result = parse_scram_verifier(verifier, &iterations, &salt, - stored_key, server_key); - if (salt) - pfree(salt); - - return result; -} - /* * Parse and validate format of given SCRAM verifier. @@ -592,7 +570,7 @@ mock_scram_verifier(const char *username, int *iterations, char **salt, int encoded_len; /* Generate deterministic salt */ - raw_salt = scram_MockSalt(username); + raw_salt = scram_mock_salt(username); encoded_salt = (char *) palloc(pg_b64_enc_len(SCRAM_DEFAULT_SALT_LEN) + 1); encoded_len = pg_b64_encode(raw_salt, SCRAM_DEFAULT_SALT_LEN, encoded_salt); @@ -679,7 +657,7 @@ sanitize_char(char c) if (c >= 0x21 && c <= 0x7E) snprintf(buf, sizeof(buf), "'%c'", c); else - snprintf(buf, sizeof(buf), "0x%02x", c); + snprintf(buf, sizeof(buf), "0x%02x", (unsigned char) c); return buf; } @@ -1146,7 +1124,7 @@ build_server_final_message(scram_state *state) * pointer to a static buffer of size SCRAM_DEFAULT_SALT_LEN. */ static char * -scram_MockSalt(const char *username) +scram_mock_salt(const char *username) { pg_sha256_ctx ctx; static uint8 sha_digest[PG_SHA256_DIGEST_LENGTH]; diff --git a/src/include/libpq/scram.h b/src/include/libpq/scram.h index 060b8af69e..14b48af12f 100644 --- a/src/include/libpq/scram.h +++ b/src/include/libpq/scram.h @@ -28,7 +28,6 @@ extern int pg_be_scram_exchange(void *opaq, char *input, int inputlen, /* Routines to handle and check SCRAM-SHA-256 verifier */ extern char *pg_be_scram_build_verifier(const char *password); -extern bool is_scram_verifier(const char *verifier); extern bool scram_verify_plain_password(const char *username, const char *password, const char *verifier); diff --git a/src/interfaces/libpq/fe-auth-scram.c b/src/interfaces/libpq/fe-auth-scram.c index 52dae49abf..4598774a96 100644 --- a/src/interfaces/libpq/fe-auth-scram.c +++ b/src/interfaces/libpq/fe-auth-scram.c @@ -212,7 +212,7 @@ pg_fe_scram_exchange(void *opaq, char *input, int inputlen, break; case FE_SCRAM_PROOF_SENT: - /* Receive server proof */ + /* Receive server signature */ if (!read_server_final_message(state, input, errorMessage)) goto error; @@ -228,7 +228,7 @@ pg_fe_scram_exchange(void *opaq, char *input, int inputlen, { *success = false; printfPQExpBuffer(errorMessage, - libpq_gettext("invalid server proof\n")); + libpq_gettext("invalid server signature\n")); } *done = true; state->state = FE_SCRAM_FINISHED; |