PostgreSQL Source Code
git master
|
#include "postgres.h"
#include <unistd.h>
#include "access/xlog.h"
#include "catalog/pg_authid.h"
#include "catalog/pg_control.h"
#include "common/base64.h"
#include "common/saslprep.h"
#include "common/scram-common.h"
#include "common/sha2.h"
#include "libpq/auth.h"
#include "libpq/crypt.h"
#include "libpq/scram.h"
#include "miscadmin.h"
#include "utils/builtins.h"
#include "utils/timestamp.h"
Go to the source code of this file.
Data Structures | |
struct | scram_state |
Enumerations | |
enum | scram_state_enum { SCRAM_AUTH_INIT, SCRAM_AUTH_SALT_SENT, SCRAM_AUTH_FINISHED } |
Functions | |
static void | read_client_first_message (scram_state *state, const char *input) |
static void | read_client_final_message (scram_state *state, const char *input) |
static char * | build_server_first_message (scram_state *state) |
static char * | build_server_final_message (scram_state *state) |
static bool | verify_client_proof (scram_state *state) |
static bool | verify_final_nonce (scram_state *state) |
static void | mock_scram_secret (const char *username, int *iterations, char **salt, uint8 *stored_key, uint8 *server_key) |
static bool | is_scram_printable (char *p) |
static char * | sanitize_char (char c) |
static char * | sanitize_str (const char *s) |
static char * | scram_mock_salt (const char *username) |
void | pg_be_scram_get_mechanisms (Port *port, StringInfo buf) |
void * | pg_be_scram_init (Port *port, const char *selected_mech, const char *shadow_pass) |
int | pg_be_scram_exchange (void *opaq, const char *input, int inputlen, char **output, int *outputlen, char **logdetail) |
char * | pg_be_scram_build_secret (const char *password) |
bool | scram_verify_plain_password (const char *username, const char *password, const char *secret) |
bool | parse_scram_secret (const char *secret, int *iterations, char **salt, uint8 *stored_key, uint8 *server_key) |
static char * | read_attr_value (char **input, char attr) |
static char * | read_any_attr (char **input, char *attr_p) |
enum scram_state_enum |
Enumerator | |
---|---|
SCRAM_AUTH_INIT | |
SCRAM_AUTH_SALT_SENT | |
SCRAM_AUTH_FINISHED |
Definition at line 112 of file auth-scram.c.
|
static |
Definition at line 1357 of file auth-scram.c.
References scram_state::client_final_message_without_proof, scram_state::client_first_message_bare, elog, ERROR, palloc(), pg_b64_enc_len(), pg_b64_encode(), psprintf(), scram_HMAC_final(), scram_HMAC_init(), scram_HMAC_update(), SCRAM_KEY_LEN, scram_state::server_first_message, and scram_state::ServerKey.
Referenced by pg_be_scram_exchange().
|
static |
Definition at line 1147 of file auth-scram.c.
References scram_state::client_nonce, ereport, errcode(), errmsg(), ERROR, scram_state::iterations, palloc(), pg_b64_enc_len(), pg_b64_encode(), pg_strong_random(), psprintf(), pstrdup(), scram_state::salt, SCRAM_RAW_NONCE_LEN, scram_state::server_first_message, and scram_state::server_nonce.
Referenced by pg_be_scram_exchange().
|
static |
|
static |
Definition at line 651 of file auth-scram.c.
References elog, ERROR, palloc(), pg_b64_enc_len(), pg_b64_encode(), SCRAM_DEFAULT_ITERATIONS, SCRAM_DEFAULT_SALT_LEN, SCRAM_KEY_LEN, and scram_mock_salt().
Referenced by pg_be_scram_init().
bool parse_scram_secret | ( | const char * | secret, |
int * | iterations, | ||
char ** | salt, | ||
uint8 * | stored_key, | ||
uint8 * | server_key | ||
) |
Definition at line 560 of file auth-scram.c.
References palloc(), pg_b64_dec_len(), pg_b64_decode(), pstrdup(), and SCRAM_KEY_LEN.
Referenced by get_password_type(), pg_be_scram_init(), and scram_verify_plain_password().
char* pg_be_scram_build_secret | ( | const char * | password | ) |
Definition at line 451 of file auth-scram.c.
References ereport, errcode(), errmsg(), ERROR, pfree(), pg_saslprep(), pg_strong_random(), SASLPREP_SUCCESS, scram_build_secret(), SCRAM_DEFAULT_ITERATIONS, and SCRAM_DEFAULT_SALT_LEN.
Referenced by encrypt_password().
int pg_be_scram_exchange | ( | void * | opaq, |
const char * | input, | ||
int | inputlen, | ||
char ** | output, | ||
int * | outputlen, | ||
char ** | logdetail | ||
) |
Definition at line 328 of file auth-scram.c.
References Assert, build_server_final_message(), build_server_first_message(), scram_state::doomed, elog, ereport, errcode(), errdetail(), errmsg(), ERROR, scram_state::logdetail, pstrdup(), read_client_final_message(), read_client_first_message(), SASL_EXCHANGE_CONTINUE, SASL_EXCHANGE_FAILURE, SASL_EXCHANGE_SUCCESS, SCRAM_AUTH_FINISHED, SCRAM_AUTH_INIT, SCRAM_AUTH_SALT_SENT, scram_state::state, verify_client_proof(), and verify_final_nonce().
Referenced by CheckSCRAMAuth().
void pg_be_scram_get_mechanisms | ( | Port * | port, |
StringInfo | buf | ||
) |
Definition at line 181 of file auth-scram.c.
References appendStringInfoChar(), appendStringInfoString(), SCRAM_SHA_256_NAME, SCRAM_SHA_256_PLUS_NAME, and Port::ssl_in_use.
Referenced by CheckSCRAMAuth().
void* pg_be_scram_init | ( | Port * | port, |
const char * | selected_mech, | ||
const char * | shadow_pass | ||
) |
Definition at line 218 of file auth-scram.c.
References _, scram_state::channel_binding_in_use, scram_state::doomed, ereport, errcode(), errmsg(), ERROR, get_password_type(), scram_state::iterations, LOG, scram_state::logdetail, mock_scram_secret(), palloc0(), parse_scram_secret(), PASSWORD_TYPE_SCRAM_SHA_256, port, scram_state::port, psprintf(), scram_state::salt, SCRAM_AUTH_INIT, SCRAM_SHA_256_NAME, SCRAM_SHA_256_PLUS_NAME, scram_state::ServerKey, Port::ssl_in_use, scram_state::state, scram_state::StoredKey, and Port::user_name.
Referenced by CheckSCRAMAuth().
|
static |
Definition at line 804 of file auth-scram.c.
References ereport, errcode(), errdetail(), errmsg(), ERROR, and sanitize_char().
Referenced by read_client_final_message(), and read_client_first_message().
|
static |
Definition at line 692 of file auth-scram.c.
References ereport, errcode(), errdetail(), errmsg(), ERROR, and sanitize_char().
Referenced by read_client_final_message(), and read_client_first_message().
|
static |
Definition at line 1211 of file auth-scram.c.
References Assert, scram_state::cbind_flag, scram_state::channel_binding_in_use, scram_state::client_final_message_without_proof, scram_state::client_final_nonce, scram_state::ClientProof, elog, ereport, errcode(), errdetail(), errmsg(), ERROR, palloc(), pfree(), pg_b64_dec_len(), pg_b64_decode(), pg_b64_enc_len(), pg_b64_encode(), scram_state::port, pstrdup(), read_any_attr(), read_attr_value(), SCRAM_KEY_LEN, snprintf, and value.
Referenced by pg_be_scram_exchange().
|
static |
Definition at line 862 of file auth-scram.c.
References scram_state::cbind_flag, scram_state::channel_binding_in_use, scram_state::client_first_message_bare, scram_state::client_nonce, scram_state::client_username, ereport, errcode(), errdetail(), errmsg(), ERROR, is_scram_printable(), scram_state::port, pstrdup(), read_any_attr(), read_attr_value(), sanitize_char(), sanitize_str(), and Port::ssl_in_use.
Referenced by pg_be_scram_exchange().
|
static |
Definition at line 756 of file auth-scram.c.
Referenced by read_any_attr(), read_attr_value(), and read_client_first_message().
|
static |
|
static |
Definition at line 1413 of file auth-scram.c.
References GetMockAuthenticationNonce(), MOCK_AUTH_NONCE_LEN, pg_cryptohash_create(), pg_cryptohash_final(), pg_cryptohash_free(), pg_cryptohash_init(), pg_cryptohash_update(), PG_SHA256, PG_SHA256_DIGEST_LENGTH, SCRAM_DEFAULT_SALT_LEN, and StaticAssertStmt.
Referenced by mock_scram_secret().
bool scram_verify_plain_password | ( | const char * | username, |
const char * | password, | ||
const char * | secret | ||
) |
Definition at line 488 of file auth-scram.c.
References elog, ereport, errmsg(), ERROR, LOG, palloc(), parse_scram_secret(), pfree(), pg_b64_dec_len(), pg_b64_decode(), pg_saslprep(), SASLPREP_SUCCESS, SCRAM_KEY_LEN, scram_SaltedPassword(), and scram_ServerKey().
Referenced by plain_crypt_verify().
|
static |
Definition at line 1098 of file auth-scram.c.
References scram_state::client_final_message_without_proof, scram_state::client_first_message_bare, scram_state::ClientProof, elog, ERROR, i, scram_H(), scram_HMAC_final(), scram_HMAC_init(), scram_HMAC_update(), SCRAM_KEY_LEN, scram_state::server_first_message, and scram_state::StoredKey.
Referenced by pg_be_scram_exchange().
|
static |
Definition at line 1076 of file auth-scram.c.
References scram_state::client_final_nonce, scram_state::client_nonce, and scram_state::server_nonce.
Referenced by pg_be_scram_exchange().