diff options
Diffstat (limited to 'src/interfaces')
| -rw-r--r-- | src/interfaces/libpq/.gitignore | 2 | ||||
| -rw-r--r-- | src/interfaces/libpq/Makefile | 4 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-auth-scram.c | 27 |
3 files changed, 29 insertions, 4 deletions
diff --git a/src/interfaces/libpq/.gitignore b/src/interfaces/libpq/.gitignore index 2224ada7313..3829a4b008f 100644 --- a/src/interfaces/libpq/.gitignore +++ b/src/interfaces/libpq/.gitignore @@ -11,6 +11,7 @@ /pg_strong_random.c /pgstrcasecmp.c /pqsignal.c +/saslprep.c /scram-common.c /sha2.c /sha2_openssl.c @@ -19,6 +20,7 @@ /strlcpy.c /system.c /thread.c +/unicode_norm.c /win32error.c /win32setlocale.c /pgsleep.c diff --git a/src/interfaces/libpq/Makefile b/src/interfaces/libpq/Makefile index 36b57268a7a..6ffb90ff39c 100644 --- a/src/interfaces/libpq/Makefile +++ b/src/interfaces/libpq/Makefile @@ -49,7 +49,7 @@ endif # src/backend/utils/mb OBJS += encnames.o wchar.o # src/common -OBJS += base64.o ip.o md5.o scram-common.o +OBJS += base64.o ip.o md5.o scram-common.o saslprep.o unicode_norm.o ifeq ($(with_openssl),yes) OBJS += fe-secure-openssl.o sha2_openssl.o @@ -106,7 +106,7 @@ backend_src = $(top_srcdir)/src/backend chklocale.c crypt.c erand48.c getaddrinfo.c getpeereid.c inet_aton.c inet_net_ntop.c noblock.c open.c system.c pgsleep.c pg_strong_random.c pgstrcasecmp.c pqsignal.c snprintf.c strerror.c strlcpy.c thread.c win32error.c win32setlocale.c: % : $(top_srcdir)/src/port/% rm -f $@ && $(LN_S) $< . -ip.c md5.c base64.c scram-common.c sha2.c sha2_openssl.c: % : $(top_srcdir)/src/common/% +ip.c md5.c base64.c scram-common.c sha2.c sha2_openssl.c saslprep.c unicode_norm.c: % : $(top_srcdir)/src/common/% rm -f $@ && $(LN_S) $< . encnames.c wchar.c: % : $(backend_src)/utils/mb/% diff --git a/src/interfaces/libpq/fe-auth-scram.c b/src/interfaces/libpq/fe-auth-scram.c index 818ade4993a..c56e91e0e04 100644 --- a/src/interfaces/libpq/fe-auth-scram.c +++ b/src/interfaces/libpq/fe-auth-scram.c @@ -15,6 +15,7 @@ #include "postgres_fe.h" #include "common/base64.h" +#include "common/saslprep.h" #include "common/scram-common.h" #include "fe-auth.h" @@ -42,7 +43,7 @@ typedef struct /* These are supplied by the user */ const char *username; - const char *password; + char *password; /* We construct these */ char *client_nonce; @@ -82,6 +83,8 @@ void * pg_fe_scram_init(const char *username, const char *password) { fe_scram_state *state; + char *prep_password; + pg_saslprep_rc rc; state = (fe_scram_state *) malloc(sizeof(fe_scram_state)); if (!state) @@ -89,7 +92,24 @@ pg_fe_scram_init(const char *username, const char *password) memset(state, 0, sizeof(fe_scram_state)); state->state = FE_SCRAM_INIT; state->username = username; - state->password = password; + + /* Normalize the password with SASLprep, if possible */ + rc = pg_saslprep(password, &prep_password); + if (rc == SASLPREP_OOM) + { + free(state); + return NULL; + } + if (rc != SASLPREP_SUCCESS) + { + prep_password = strdup(password); + if (!prep_password) + { + free(state); + return NULL; + } + } + state->password = prep_password; return state; } @@ -102,6 +122,9 @@ pg_fe_scram_free(void *opaq) { fe_scram_state *state = (fe_scram_state *) opaq; + if (state->password) + free(state->password); + /* client messages */ if (state->client_nonce) free(state->client_nonce); |