64
64
* Don't reveal user information to an unauthenticated client. We don't
65
65
* want an attacker to be able to probe whether a particular username is
66
66
* valid. In SCRAM, the server has to read the salt and iteration count
67
- * from the user's password verifier , and send it to the client. To avoid
67
+ * from the user's stored secret , and send it to the client. To avoid
68
68
* revealing whether a user exists, when the client tries to authenticate
69
69
* with a username that doesn't exist, or doesn't have a valid SCRAM
70
- * verifier in pg_authid, we create a fake salt and iteration count
70
+ * secret in pg_authid, we create a fake salt and iteration count
71
71
* on-the-fly, and proceed with the authentication with that. In the end,
72
72
* we'll reject the attempt, as if an incorrect password was given. When
73
73
* we are performing a "mock" authentication, the 'doomed' flag in
@@ -161,7 +161,7 @@ static char *build_server_first_message(scram_state *state);
161
161
static char * build_server_final_message (scram_state * state );
162
162
static bool verify_client_proof (scram_state * state );
163
163
static bool verify_final_nonce (scram_state * state );
164
- static void mock_scram_verifier (const char * username , int * iterations ,
164
+ static void mock_scram_secret (const char * username , int * iterations ,
165
165
char * * salt , uint8 * stored_key , uint8 * server_key );
166
166
static bool is_scram_printable (char * p );
167
167
static char * sanitize_char (char c );
@@ -202,13 +202,13 @@ pg_be_scram_get_mechanisms(Port *port, StringInfo buf)
202
202
*
203
203
* Initialize a new SCRAM authentication exchange status tracker. This
204
204
* needs to be called before doing any exchange. It will be filled later
205
- * after the beginning of the exchange with verifier data .
205
+ * after the beginning of the exchange with authentication information .
206
206
*
207
207
* 'selected_mech' identifies the SASL mechanism that the client selected.
208
208
* It should be one of the mechanisms that we support, as returned by
209
209
* pg_be_scram_get_mechanisms().
210
210
*
211
- * 'shadow_pass' is the role's password verifier , from pg_authid.rolpassword.
211
+ * 'shadow_pass' is the role's stored secret , from pg_authid.rolpassword.
212
212
* The username was provided by the client in the startup message, and is
213
213
* available in port->user_name. If 'shadow_pass' is NULL, we still perform
214
214
* an authentication exchange, but it will fail, as if an incorrect password
@@ -220,7 +220,7 @@ pg_be_scram_init(Port *port,
220
220
const char * shadow_pass )
221
221
{
222
222
scram_state * state ;
223
- bool got_verifier ;
223
+ bool got_secret ;
224
224
225
225
state = (scram_state * ) palloc0 (sizeof (scram_state ));
226
226
state -> port = port ;
@@ -248,38 +248,38 @@ pg_be_scram_init(Port *port,
248
248
errmsg ("client selected an invalid SASL authentication mechanism" )));
249
249
250
250
/*
251
- * Parse the stored password verifier .
251
+ * Parse the stored secret .
252
252
*/
253
253
if (shadow_pass )
254
254
{
255
255
int password_type = get_password_type (shadow_pass );
256
256
257
257
if (password_type == PASSWORD_TYPE_SCRAM_SHA_256 )
258
258
{
259
- if (parse_scram_verifier (shadow_pass , & state -> iterations , & state -> salt ,
259
+ if (parse_scram_secret (shadow_pass , & state -> iterations , & state -> salt ,
260
260
state -> StoredKey , state -> ServerKey ))
261
- got_verifier = true;
261
+ got_secret = true;
262
262
else
263
263
{
264
264
/*
265
- * The password looked like a SCRAM verifier , but could not be
265
+ * The password looked like a SCRAM secret , but could not be
266
266
* parsed.
267
267
*/
268
268
ereport (LOG ,
269
- (errmsg ("invalid SCRAM verifier for user \"%s\"" ,
269
+ (errmsg ("invalid SCRAM secret for user \"%s\"" ,
270
270
state -> port -> user_name )));
271
- got_verifier = false;
271
+ got_secret = false;
272
272
}
273
273
}
274
274
else
275
275
{
276
276
/*
277
- * The user doesn't have SCRAM verifier . (You cannot do SCRAM
277
+ * The user doesn't have SCRAM secret . (You cannot do SCRAM
278
278
* authentication with an MD5 hash.)
279
279
*/
280
- state -> logdetail = psprintf (_ ("User \"%s\" does not have a valid SCRAM verifier ." ),
280
+ state -> logdetail = psprintf (_ ("User \"%s\" does not have a valid SCRAM secret ." ),
281
281
state -> port -> user_name );
282
- got_verifier = false;
282
+ got_secret = false;
283
283
}
284
284
}
285
285
else
@@ -289,18 +289,18 @@ pg_be_scram_init(Port *port,
289
289
* considered normal, since the caller requested it, so don't set log
290
290
* detail.
291
291
*/
292
- got_verifier = false;
292
+ got_secret = false;
293
293
}
294
294
295
295
/*
296
- * If the user did not have a valid SCRAM verifier , we still go through
296
+ * If the user did not have a valid SCRAM secret , we still go through
297
297
* the motions with a mock one, and fail as if the client supplied an
298
298
* incorrect password. This is to avoid revealing information to an
299
299
* attacker.
300
300
*/
301
- if (!got_verifier )
301
+ if (!got_secret )
302
302
{
303
- mock_scram_verifier (state -> port -> user_name , & state -> iterations ,
303
+ mock_scram_secret (state -> port -> user_name , & state -> iterations ,
304
304
& state -> salt , state -> StoredKey , state -> ServerKey );
305
305
state -> doomed = true;
306
306
}
@@ -443,12 +443,12 @@ pg_be_scram_exchange(void *opaq, const char *input, int inputlen,
443
443
}
444
444
445
445
/*
446
- * Construct a verifier string for SCRAM, stored in pg_authid.rolpassword.
446
+ * Construct a SCRAM secret, for storing in pg_authid.rolpassword.
447
447
*
448
448
* The result is palloc'd, so caller is responsible for freeing it.
449
449
*/
450
450
char *
451
- pg_be_scram_build_verifier (const char * password )
451
+ pg_be_scram_build_secret (const char * password )
452
452
{
453
453
char * prep_password ;
454
454
pg_saslprep_rc rc ;
@@ -470,7 +470,7 @@ pg_be_scram_build_verifier(const char *password)
470
470
(errcode (ERRCODE_INTERNAL_ERROR ),
471
471
errmsg ("could not generate random salt" )));
472
472
473
- result = scram_build_verifier (saltbuf , SCRAM_DEFAULT_SALT_LEN ,
473
+ result = scram_build_secret (saltbuf , SCRAM_DEFAULT_SALT_LEN ,
474
474
SCRAM_DEFAULT_ITERATIONS , password );
475
475
476
476
if (prep_password )
@@ -480,13 +480,13 @@ pg_be_scram_build_verifier(const char *password)
480
480
}
481
481
482
482
/*
483
- * Verify a plaintext password against a SCRAM verifier . This is used when
483
+ * Verify a plaintext password against a SCRAM secret . This is used when
484
484
* performing plaintext password authentication for a user that has a SCRAM
485
- * verifier stored in pg_authid.
485
+ * secret stored in pg_authid.
486
486
*/
487
487
bool
488
488
scram_verify_plain_password (const char * username , const char * password ,
489
- const char * verifier )
489
+ const char * secret )
490
490
{
491
491
char * encoded_salt ;
492
492
char * salt ;
@@ -499,14 +499,14 @@ scram_verify_plain_password(const char *username, const char *password,
499
499
char * prep_password ;
500
500
pg_saslprep_rc rc ;
501
501
502
- if (!parse_scram_verifier ( verifier , & iterations , & encoded_salt ,
502
+ if (!parse_scram_secret ( secret , & iterations , & encoded_salt ,
503
503
stored_key , server_key ))
504
504
{
505
505
/*
506
- * The password looked like a SCRAM verifier , but could not be parsed.
506
+ * The password looked like a SCRAM secret , but could not be parsed.
507
507
*/
508
508
ereport (LOG ,
509
- (errmsg ("invalid SCRAM verifier for user \"%s\"" , username )));
509
+ (errmsg ("invalid SCRAM secret for user \"%s\"" , username )));
510
510
return false;
511
511
}
512
512
@@ -517,7 +517,7 @@ scram_verify_plain_password(const char *username, const char *password,
517
517
if (saltlen < 0 )
518
518
{
519
519
ereport (LOG ,
520
- (errmsg ("invalid SCRAM verifier for user \"%s\"" , username )));
520
+ (errmsg ("invalid SCRAM secret for user \"%s\"" , username )));
521
521
return false;
522
522
}
523
523
@@ -534,26 +534,26 @@ scram_verify_plain_password(const char *username, const char *password,
534
534
pfree (prep_password );
535
535
536
536
/*
537
- * Compare the verifier 's Server Key with the one computed from the
537
+ * Compare the secret 's Server Key with the one computed from the
538
538
* user-supplied password.
539
539
*/
540
540
return memcmp (computed_key , server_key , SCRAM_KEY_LEN ) == 0 ;
541
541
}
542
542
543
543
544
544
/*
545
- * Parse and validate format of given SCRAM verifier .
545
+ * Parse and validate format of given SCRAM secret .
546
546
*
547
547
* On success, the iteration count, salt, stored key, and server key are
548
- * extracted from the verifier , and returned to the caller. For 'stored_key'
548
+ * extracted from the secret , and returned to the caller. For 'stored_key'
549
549
* and 'server_key', the caller must pass pre-allocated buffers of size
550
550
* SCRAM_KEY_LEN. Salt is returned as a base64-encoded, null-terminated
551
551
* string. The buffer for the salt is palloc'd by this function.
552
552
*
553
- * Returns true if the SCRAM verifier has been parsed, and false otherwise.
553
+ * Returns true if the SCRAM secret has been parsed, and false otherwise.
554
554
*/
555
555
bool
556
- parse_scram_verifier (const char * verifier , int * iterations , char * * salt ,
556
+ parse_scram_secret (const char * secret , int * iterations , char * * salt ,
557
557
uint8 * stored_key , uint8 * server_key )
558
558
{
559
559
char * v ;
@@ -569,30 +569,30 @@ parse_scram_verifier(const char *verifier, int *iterations, char **salt,
569
569
char * decoded_server_buf ;
570
570
571
571
/*
572
- * The verifier is of form:
572
+ * The secret is of form:
573
573
*
574
574
* SCRAM-SHA-256$<iterations>:<salt>$<storedkey>:<serverkey>
575
575
*/
576
- v = pstrdup (verifier );
576
+ v = pstrdup (secret );
577
577
if ((scheme_str = strtok (v , "$" )) == NULL )
578
- goto invalid_verifier ;
578
+ goto invalid_secret ;
579
579
if ((iterations_str = strtok (NULL , ":" )) == NULL )
580
- goto invalid_verifier ;
580
+ goto invalid_secret ;
581
581
if ((salt_str = strtok (NULL , "$" )) == NULL )
582
- goto invalid_verifier ;
582
+ goto invalid_secret ;
583
583
if ((storedkey_str = strtok (NULL , ":" )) == NULL )
584
- goto invalid_verifier ;
584
+ goto invalid_secret ;
585
585
if ((serverkey_str = strtok (NULL , "" )) == NULL )
586
- goto invalid_verifier ;
586
+ goto invalid_secret ;
587
587
588
588
/* Parse the fields */
589
589
if (strcmp (scheme_str , "SCRAM-SHA-256" ) != 0 )
590
- goto invalid_verifier ;
590
+ goto invalid_secret ;
591
591
592
592
errno = 0 ;
593
593
* iterations = strtol (iterations_str , & p , 10 );
594
594
if (* p || errno != 0 )
595
- goto invalid_verifier ;
595
+ goto invalid_secret ;
596
596
597
597
/*
598
598
* Verify that the salt is in Base64-encoded format, by decoding it,
@@ -603,7 +603,7 @@ parse_scram_verifier(const char *verifier, int *iterations, char **salt,
603
603
decoded_len = pg_b64_decode (salt_str , strlen (salt_str ),
604
604
decoded_salt_buf , decoded_len );
605
605
if (decoded_len < 0 )
606
- goto invalid_verifier ;
606
+ goto invalid_secret ;
607
607
* salt = pstrdup (salt_str );
608
608
609
609
/*
@@ -614,37 +614,37 @@ parse_scram_verifier(const char *verifier, int *iterations, char **salt,
614
614
decoded_len = pg_b64_decode (storedkey_str , strlen (storedkey_str ),
615
615
decoded_stored_buf , decoded_len );
616
616
if (decoded_len != SCRAM_KEY_LEN )
617
- goto invalid_verifier ;
617
+ goto invalid_secret ;
618
618
memcpy (stored_key , decoded_stored_buf , SCRAM_KEY_LEN );
619
619
620
620
decoded_len = pg_b64_dec_len (strlen (serverkey_str ));
621
621
decoded_server_buf = palloc (decoded_len );
622
622
decoded_len = pg_b64_decode (serverkey_str , strlen (serverkey_str ),
623
623
decoded_server_buf , decoded_len );
624
624
if (decoded_len != SCRAM_KEY_LEN )
625
- goto invalid_verifier ;
625
+ goto invalid_secret ;
626
626
memcpy (server_key , decoded_server_buf , SCRAM_KEY_LEN );
627
627
628
628
return true;
629
629
630
- invalid_verifier :
630
+ invalid_secret :
631
631
* salt = NULL ;
632
632
return false;
633
633
}
634
634
635
635
/*
636
- * Generate plausible SCRAM verifier parameters for mock authentication.
636
+ * Generate plausible SCRAM secret parameters for mock authentication.
637
637
*
638
- * In a normal authentication, these are extracted from the verifier
638
+ * In a normal authentication, these are extracted from the secret
639
639
* stored in the server. This function generates values that look
640
- * realistic, for when there is no stored verifier .
640
+ * realistic, for when there is no stored secret .
641
641
*
642
- * Like in parse_scram_verifier (), for 'stored_key' and 'server_key', the
642
+ * Like in parse_scram_secret (), for 'stored_key' and 'server_key', the
643
643
* caller must pass pre-allocated buffers of size SCRAM_KEY_LEN, and
644
644
* the buffer for the salt is palloc'd by this function.
645
645
*/
646
646
static void
647
- mock_scram_verifier (const char * username , int * iterations , char * * salt ,
647
+ mock_scram_secret (const char * username , int * iterations , char * * salt ,
648
648
uint8 * stored_key , uint8 * server_key )
649
649
{
650
650
char * raw_salt ;
0 commit comments