database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-06-30 21:42:05 +03:00
Code Activity

A collection of small fixes for the SCRAM patch.

Browse Source 
* Add required #includes for htonl. Per buildfarm members pademelon/gaur.

* Remove unnecessary "#include <utils/memutils>".

* Fix checking for empty string in pg_SASL_init. (Reported by Peter
  Eisentraut and his compiler)

* Move code in pg_SASL_init to match the recent changes (commit ba005f193d)
  to pg_fe_sendauth() function, where it's copied from.

* Return value of malloc() was not checked for NULL in
  scram_SaltedPassword(). Fix by avoiding the malloc().
This commit is contained in:
Heikki Linnakangas
2017-03-07 19:00:22 +02:00
parent 3bc7dafa9b
commit 95c1dbcdff
2 changed files with 14 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/common/scram-common.c
View File

@ -15,11 +15,14 @@
*/ */
#ifndef FRONTEND #ifndef FRONTEND
#include "postgres.h" #include "postgres.h"
#include "utils/memutils.h"
#else #else
#include "postgres_fe.h" #include "postgres_fe.h"
#endif #endif
/* for htonl */
#include <netinet/in.h>
#include <arpa/inet.h>
#include "common/scram-common.h" #include "common/scram-common.h"
#define HMAC_IPAD 0x36 #define HMAC_IPAD 0x36
@ -145,10 +148,13 @@ scram_H(const uint8 *input, int len, uint8 *result)
} }
/* /*
* Normalize a password for SCRAM authentication. * Encrypt password for SCRAM authentication. This basically applies the
* normalization of the password and a hash calculation using the salt
* value given by caller.
*/ */
static void static void
scram_Normalize(const char *password, char *result) scram_SaltedPassword(const char *password, const char *salt, int saltlen, int iterations,
uint8 *result)
{ {
/* /*
* XXX: Here SASLprep should be applied on password. However, per RFC5802, * XXX: Here SASLprep should be applied on password. However, per RFC5802,
@ -158,24 +164,8 @@ scram_Normalize(const char *password, char *result)
* the frontend in order to be able to encode properly this string, and * the frontend in order to be able to encode properly this string, and
* then apply SASLprep on it. * then apply SASLprep on it.
*/ */
memcpy(result, password, strlen(password) + 1);
}
/* scram_Hi(password, salt, saltlen, iterations, result);
* Encrypt password for SCRAM authentication. This basically applies the
* normalization of the password and a hash calculation using the salt
* value given by caller.
*/
static void
scram_SaltedPassword(const char *password, const char *salt, int saltlen, int iterations,
uint8 *result)
{
char *pwbuf;
pwbuf = (char *) malloc(strlen(password) + 1);
scram_Normalize(password, pwbuf);
scram_Hi(pwbuf, salt, saltlen, iterations, result);
free(pwbuf);
} }
/* /*

7
src/interfaces/libpq/fe-auth.c
View File

@ -445,12 +445,13 @@ pg_SASL_init(PGconn *conn, const char *auth_mechanism)
*/ */
if (strcmp(auth_mechanism, SCRAM_SHA256_NAME) == 0) if (strcmp(auth_mechanism, SCRAM_SHA256_NAME) == 0)
{ {
char *password = conn->connhost[conn->whichhost].password; char *password;
conn->password_needed = true;
password = conn->connhost[conn->whichhost].password;
if (password == NULL) if (password == NULL)
password = conn->pgpass; password = conn->pgpass;
conn->password_needed = true; if (password == NULL || password[0] == '\0')
if (password == NULL || password == '\0')
{ {
printfPQExpBuffer(&conn->errorMessage, printfPQExpBuffer(&conn->errorMessage,
PQnoPasswordSupplied); PQnoPasswordSupplied);