PostgreSQL Source Code
git master
|
#include "postgres.h"
#include <unistd.h>
#include "access/xlog.h"
#include "catalog/pg_control.h"
#include "common/base64.h"
#include "common/hmac.h"
#include "common/saslprep.h"
#include "common/scram-common.h"
#include "common/sha2.h"
#include "libpq/crypt.h"
#include "libpq/sasl.h"
#include "libpq/scram.h"
Go to the source code of this file.
Data Structures | |
struct | scram_state |
Enumerations | |
enum | scram_state_enum { SCRAM_AUTH_INIT , SCRAM_AUTH_SALT_SENT , SCRAM_AUTH_FINISHED } |
Functions | |
static void | scram_get_mechanisms (Port *port, StringInfo buf) |
static void * | scram_init (Port *port, const char *selected_mech, const char *shadow_pass) |
static int | scram_exchange (void *opaq, const char *input, int inputlen, char **output, int *outputlen, const char **logdetail) |
static void | read_client_first_message (scram_state *state, const char *input) |
static void | read_client_final_message (scram_state *state, const char *input) |
static char * | build_server_first_message (scram_state *state) |
static char * | build_server_final_message (scram_state *state) |
static bool | verify_client_proof (scram_state *state) |
static bool | verify_final_nonce (scram_state *state) |
static void | mock_scram_secret (const char *username, pg_cryptohash_type *hash_type, int *iterations, int *key_length, char **salt, uint8 *stored_key, uint8 *server_key) |
static bool | is_scram_printable (char *p) |
static char * | sanitize_char (char c) |
static char * | sanitize_str (const char *s) |
static char * | scram_mock_salt (const char *username, pg_cryptohash_type hash_type, int key_length) |
char * | pg_be_scram_build_secret (const char *password) |
bool | scram_verify_plain_password (const char *username, const char *password, const char *secret) |
bool | parse_scram_secret (const char *secret, int *iterations, pg_cryptohash_type *hash_type, int *key_length, char **salt, uint8 *stored_key, uint8 *server_key) |
static char * | read_attr_value (char **input, char attr) |
static char * | read_any_attr (char **input, char *attr_p) |
Variables | |
const pg_be_sasl_mech | pg_be_scram_mech |
int | scram_sha_256_iterations = SCRAM_SHA_256_DEFAULT_ITERATIONS |
enum scram_state_enum |
Enumerator | |
---|---|
SCRAM_AUTH_INIT | |
SCRAM_AUTH_SALT_SENT | |
SCRAM_AUTH_FINISHED |
Definition at line 125 of file auth-scram.c.
|
static |
Definition at line 1404 of file auth-scram.c.
References elog, ERROR, palloc(), pg_b64_enc_len(), pg_b64_encode(), pg_hmac_create(), pg_hmac_error(), pg_hmac_final(), pg_hmac_free(), pg_hmac_init(), pg_hmac_update(), psprintf(), and SCRAM_MAX_KEY_LEN.
Referenced by scram_exchange().
|
static |
Definition at line 1194 of file auth-scram.c.
References ereport, errcode(), errmsg(), ERROR, palloc(), pg_b64_enc_len(), pg_b64_encode(), pg_strong_random(), psprintf(), pstrdup(), and SCRAM_RAW_NONCE_LEN.
Referenced by scram_exchange().
|
static |
|
static |
Definition at line 688 of file auth-scram.c.
References elog, ERROR, iterations, palloc(), pg_b64_enc_len(), pg_b64_encode(), PG_SHA256, SCRAM_DEFAULT_SALT_LEN, SCRAM_MAX_KEY_LEN, scram_mock_salt(), SCRAM_SHA_256_DEFAULT_ITERATIONS, SCRAM_SHA_256_KEY_LEN, and username.
Referenced by scram_init().
bool parse_scram_secret | ( | const char * | secret, |
int * | iterations, | ||
pg_cryptohash_type * | hash_type, | ||
int * | key_length, | ||
char ** | salt, | ||
uint8 * | stored_key, | ||
uint8 * | server_key | ||
) |
Definition at line 591 of file auth-scram.c.
References iterations, palloc(), pg_b64_dec_len(), pg_b64_decode(), PG_SHA256, pstrdup(), SCRAM_SHA_256_KEY_LEN, and strsep().
Referenced by get_password_type(), scram_init(), and scram_verify_plain_password().
char* pg_be_scram_build_secret | ( | const char * | password | ) |
Definition at line 474 of file auth-scram.c.
References ereport, errcode(), errmsg(), ERROR, password, pfree(), pg_saslprep(), PG_SHA256, pg_strong_random(), SASLPREP_SUCCESS, scram_build_secret(), SCRAM_DEFAULT_SALT_LEN, scram_sha_256_iterations, and SCRAM_SHA_256_KEY_LEN.
Referenced by encrypt_password().
|
static |
Definition at line 846 of file auth-scram.c.
References ereport, errcode(), errdetail(), errmsg(), ERROR, input, and sanitize_char().
Referenced by read_client_final_message(), and read_client_first_message().
|
static |
Definition at line 734 of file auth-scram.c.
References ereport, errcode(), errdetail(), errmsg(), ERROR, input, and sanitize_char().
Referenced by read_client_final_message(), and read_client_first_message().
|
static |
Definition at line 1258 of file auth-scram.c.
References Assert, be_tls_get_certificate_hash(), elog, ereport, errcode(), errdetail(), errmsg(), ERROR, input, palloc(), pfree(), pg_b64_dec_len(), pg_b64_decode(), pg_b64_enc_len(), pg_b64_encode(), pstrdup(), read_any_attr(), read_attr_value(), snprintf, and value.
Referenced by scram_exchange().
|
static |
Definition at line 904 of file auth-scram.c.
References ereport, errcode(), errdetail(), errmsg(), ERROR, input, is_scram_printable(), pstrdup(), read_any_attr(), read_attr_value(), sanitize_char(), and sanitize_str().
Referenced by scram_exchange().
|
static |
Definition at line 798 of file auth-scram.c.
Referenced by read_any_attr(), read_attr_value(), and read_client_first_message().
|
static |
|
static |
Definition at line 350 of file auth-scram.c.
References Assert, build_server_final_message(), build_server_first_message(), elog, ereport, errcode(), errdetail(), errmsg(), ERROR, input, output, PG_SASL_EXCHANGE_CONTINUE, PG_SASL_EXCHANGE_FAILURE, PG_SASL_EXCHANGE_SUCCESS, pstrdup(), read_client_final_message(), read_client_first_message(), SCRAM_AUTH_FINISHED, SCRAM_AUTH_INIT, SCRAM_AUTH_SALT_SENT, verify_client_proof(), and verify_final_nonce().
|
static |
Definition at line 204 of file auth-scram.c.
References appendStringInfoChar(), appendStringInfoString(), buf, port, SCRAM_SHA_256_NAME, and SCRAM_SHA_256_PLUS_NAME.
|
static |
Definition at line 238 of file auth-scram.c.
References _, ereport, errcode(), errmsg(), ERROR, get_password_type(), if(), LOG, mock_scram_secret(), palloc0(), parse_scram_secret(), PASSWORD_TYPE_SCRAM_SHA_256, port, psprintf(), SCRAM_AUTH_INIT, SCRAM_SHA_256_NAME, and SCRAM_SHA_256_PLUS_NAME.
|
static |
Definition at line 1463 of file auth-scram.c.
References Assert, GetMockAuthenticationNonce(), MOCK_AUTH_NONCE_LEN, pg_cryptohash_create(), pg_cryptohash_final(), pg_cryptohash_free(), pg_cryptohash_init(), pg_cryptohash_update(), PG_SHA256, PG_SHA256_DIGEST_LENGTH, SCRAM_DEFAULT_SALT_LEN, SCRAM_MAX_KEY_LEN, StaticAssertDecl, and username.
Referenced by mock_scram_secret().
bool scram_verify_plain_password | ( | const char * | username, |
const char * | password, | ||
const char * | secret | ||
) |
Definition at line 514 of file auth-scram.c.
References elog, ereport, errmsg(), ERROR, iterations, LOG, palloc(), parse_scram_secret(), password, pfree(), pg_b64_dec_len(), pg_b64_decode(), pg_saslprep(), SASLPREP_SUCCESS, SCRAM_MAX_KEY_LEN, scram_SaltedPassword(), scram_ServerKey(), and username.
Referenced by plain_crypt_verify().
|
static |
Definition at line 1140 of file auth-scram.c.
References elog, ERROR, i, if(), pg_hmac_create(), pg_hmac_error(), pg_hmac_final(), pg_hmac_free(), pg_hmac_init(), pg_hmac_update(), scram_H(), and SCRAM_MAX_KEY_LEN.
Referenced by scram_exchange().
|
static |
Definition at line 1118 of file auth-scram.c.
Referenced by scram_exchange().
const pg_be_sasl_mech pg_be_scram_mech |
Definition at line 113 of file auth-scram.c.
Referenced by CheckPWChallengeAuth().
int scram_sha_256_iterations = SCRAM_SHA_256_DEFAULT_ITERATIONS |
Definition at line 194 of file auth-scram.c.
Referenced by pg_be_scram_build_secret().