Fix use of term "verifier"

Within the context of SCRAM, "verifier" has a specific meaning in the protocol, per RFCs. The existing code used "verifier" differently, to mean whatever is or would be stored in pg_auth.rolpassword. Fix this by using the term "secret" for this, following RFC 5803. Reviewed-by: Michael Paquier <michael@paquier.xyz> Discussion: https://www.postgresql.org/message-id/flat/be397b06-6e4b-ba71-c7fb-54cae84a7e18%402ndquadrant.com
2025-07-23 03:21:12 +03:00 · 2019-10-12 21:17:34 +02:00
parent 5f3d271d03
commit b4675a8ae2
13 changed files with 85 additions and 85 deletions
--- a/src/backend/libpq/crypt.c
+++ b/src/backend/libpq/crypt.c
@ -83,7 +83,7 @@ get_role_password(const char *role, char **logdetail)
 }

 /*
- * What kind of a password verifier is 'shadow_pass'?
+ * What kind of a password type is 'shadow_pass'?
 */
 PasswordType
 get_password_type(const char *shadow_pass)
@ -97,14 +97,14 @@ get_password_type(const char *shadow_pass)
 		strlen(shadow_pass) == MD5_PASSWD_LEN &&
 		strspn(shadow_pass + 3, MD5_PASSWD_CHARSET) == MD5_PASSWD_LEN - 3)
 		return PASSWORD_TYPE_MD5;
-	if (parse_scram_verifier(shadow_pass, &iterations, &encoded_salt,
+	if (parse_scram_secret(shadow_pass, &iterations, &encoded_salt,
 							 stored_key, server_key))
 		return PASSWORD_TYPE_SCRAM_SHA_256;
 	return PASSWORD_TYPE_PLAINTEXT;
 }

 /*
- * Given a user-supplied password, convert it into a verifier of
+ * Given a user-supplied password, convert it into a secret of
 * 'target_type' kind.
 *
 * If the password is already in encrypted form, we cannot reverse the
@ -137,7 +137,7 @@ encrypt_password(PasswordType target_type, const char *role,
 			return encrypted_password;

 		case PASSWORD_TYPE_SCRAM_SHA_256:
-			return pg_be_scram_build_verifier(password);
+			return pg_be_scram_build_secret(password);

 		case PASSWORD_TYPE_PLAINTEXT:
 			elog(ERROR, "cannot encrypt password with 'plaintext'");