Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

Commit b4675a8

Browse files
committed
Fix use of term "verifier"
Within the context of SCRAM, "verifier" has a specific meaning in the protocol, per RFCs. The existing code used "verifier" differently, to mean whatever is or would be stored in pg_auth.rolpassword. Fix this by using the term "secret" for this, following RFC 5803. Reviewed-by: Michael Paquier <michael@paquier.xyz> Discussion: https://www.postgresql.org/message-id/flat/be397b06-6e4b-ba71-c7fb-54cae84a7e18%402ndquadrant.com
1 parent 5f3d271 commit b4675a8

File tree

13 files changed

+85
-85
lines changed

13 files changed

+85
-85
lines changed

src/backend/libpq/auth-scram.c

+52-52
Original file line numberDiff line numberDiff line change
@@ -64,10 +64,10 @@
6464
* Don't reveal user information to an unauthenticated client. We don't
6565
* want an attacker to be able to probe whether a particular username is
6666
* valid. In SCRAM, the server has to read the salt and iteration count
67-
* from the user's password verifier, and send it to the client. To avoid
67+
* from the user's stored secret, and send it to the client. To avoid
6868
* revealing whether a user exists, when the client tries to authenticate
6969
* with a username that doesn't exist, or doesn't have a valid SCRAM
70-
* verifier in pg_authid, we create a fake salt and iteration count
70+
* secret in pg_authid, we create a fake salt and iteration count
7171
* on-the-fly, and proceed with the authentication with that. In the end,
7272
* we'll reject the attempt, as if an incorrect password was given. When
7373
* we are performing a "mock" authentication, the 'doomed' flag in
@@ -161,7 +161,7 @@ static char *build_server_first_message(scram_state *state);
161161
static char *build_server_final_message(scram_state *state);
162162
static bool verify_client_proof(scram_state *state);
163163
static bool verify_final_nonce(scram_state *state);
164-
static void mock_scram_verifier(const char *username, int *iterations,
164+
static void mock_scram_secret(const char *username, int *iterations,
165165
char **salt, uint8 *stored_key, uint8 *server_key);
166166
static bool is_scram_printable(char *p);
167167
static char *sanitize_char(char c);
@@ -202,13 +202,13 @@ pg_be_scram_get_mechanisms(Port *port, StringInfo buf)
202202
*
203203
* Initialize a new SCRAM authentication exchange status tracker. This
204204
* needs to be called before doing any exchange. It will be filled later
205-
* after the beginning of the exchange with verifier data.
205+
* after the beginning of the exchange with authentication information.
206206
*
207207
* 'selected_mech' identifies the SASL mechanism that the client selected.
208208
* It should be one of the mechanisms that we support, as returned by
209209
* pg_be_scram_get_mechanisms().
210210
*
211-
* 'shadow_pass' is the role's password verifier, from pg_authid.rolpassword.
211+
* 'shadow_pass' is the role's stored secret, from pg_authid.rolpassword.
212212
* The username was provided by the client in the startup message, and is
213213
* available in port->user_name. If 'shadow_pass' is NULL, we still perform
214214
* an authentication exchange, but it will fail, as if an incorrect password
@@ -220,7 +220,7 @@ pg_be_scram_init(Port *port,
220220
const char *shadow_pass)
221221
{
222222
scram_state *state;
223-
bool got_verifier;
223+
bool got_secret;
224224

225225
state = (scram_state *) palloc0(sizeof(scram_state));
226226
state->port = port;
@@ -248,38 +248,38 @@ pg_be_scram_init(Port *port,
248248
errmsg("client selected an invalid SASL authentication mechanism")));
249249

250250
/*
251-
* Parse the stored password verifier.
251+
* Parse the stored secret.
252252
*/
253253
if (shadow_pass)
254254
{
255255
int password_type = get_password_type(shadow_pass);
256256

257257
if (password_type == PASSWORD_TYPE_SCRAM_SHA_256)
258258
{
259-
if (parse_scram_verifier(shadow_pass, &state->iterations, &state->salt,
259+
if (parse_scram_secret(shadow_pass, &state->iterations, &state->salt,
260260
state->StoredKey, state->ServerKey))
261-
got_verifier = true;
261+
got_secret = true;
262262
else
263263
{
264264
/*
265-
* The password looked like a SCRAM verifier, but could not be
265+
* The password looked like a SCRAM secret, but could not be
266266
* parsed.
267267
*/
268268
ereport(LOG,
269-
(errmsg("invalid SCRAM verifier for user \"%s\"",
269+
(errmsg("invalid SCRAM secret for user \"%s\"",
270270
state->port->user_name)));
271-
got_verifier = false;
271+
got_secret = false;
272272
}
273273
}
274274
else
275275
{
276276
/*
277-
* The user doesn't have SCRAM verifier. (You cannot do SCRAM
277+
* The user doesn't have SCRAM secret. (You cannot do SCRAM
278278
* authentication with an MD5 hash.)
279279
*/
280-
state->logdetail = psprintf(_("User \"%s\" does not have a valid SCRAM verifier."),
280+
state->logdetail = psprintf(_("User \"%s\" does not have a valid SCRAM secret."),
281281
state->port->user_name);
282-
got_verifier = false;
282+
got_secret = false;
283283
}
284284
}
285285
else
@@ -289,18 +289,18 @@ pg_be_scram_init(Port *port,
289289
* considered normal, since the caller requested it, so don't set log
290290
* detail.
291291
*/
292-
got_verifier = false;
292+
got_secret = false;
293293
}
294294

295295
/*
296-
* If the user did not have a valid SCRAM verifier, we still go through
296+
* If the user did not have a valid SCRAM secret, we still go through
297297
* the motions with a mock one, and fail as if the client supplied an
298298
* incorrect password. This is to avoid revealing information to an
299299
* attacker.
300300
*/
301-
if (!got_verifier)
301+
if (!got_secret)
302302
{
303-
mock_scram_verifier(state->port->user_name, &state->iterations,
303+
mock_scram_secret(state->port->user_name, &state->iterations,
304304
&state->salt, state->StoredKey, state->ServerKey);
305305
state->doomed = true;
306306
}
@@ -443,12 +443,12 @@ pg_be_scram_exchange(void *opaq, const char *input, int inputlen,
443443
}
444444

445445
/*
446-
* Construct a verifier string for SCRAM, stored in pg_authid.rolpassword.
446+
* Construct a SCRAM secret, for storing in pg_authid.rolpassword.
447447
*
448448
* The result is palloc'd, so caller is responsible for freeing it.
449449
*/
450450
char *
451-
pg_be_scram_build_verifier(const char *password)
451+
pg_be_scram_build_secret(const char *password)
452452
{
453453
char *prep_password;
454454
pg_saslprep_rc rc;
@@ -470,7 +470,7 @@ pg_be_scram_build_verifier(const char *password)
470470
(errcode(ERRCODE_INTERNAL_ERROR),
471471
errmsg("could not generate random salt")));
472472

473-
result = scram_build_verifier(saltbuf, SCRAM_DEFAULT_SALT_LEN,
473+
result = scram_build_secret(saltbuf, SCRAM_DEFAULT_SALT_LEN,
474474
SCRAM_DEFAULT_ITERATIONS, password);
475475

476476
if (prep_password)
@@ -480,13 +480,13 @@ pg_be_scram_build_verifier(const char *password)
480480
}
481481

482482
/*
483-
* Verify a plaintext password against a SCRAM verifier. This is used when
483+
* Verify a plaintext password against a SCRAM secret. This is used when
484484
* performing plaintext password authentication for a user that has a SCRAM
485-
* verifier stored in pg_authid.
485+
* secret stored in pg_authid.
486486
*/
487487
bool
488488
scram_verify_plain_password(const char *username, const char *password,
489-
const char *verifier)
489+
const char *secret)
490490
{
491491
char *encoded_salt;
492492
char *salt;
@@ -499,14 +499,14 @@ scram_verify_plain_password(const char *username, const char *password,
499499
char *prep_password;
500500
pg_saslprep_rc rc;
501501

502-
if (!parse_scram_verifier(verifier, &iterations, &encoded_salt,
502+
if (!parse_scram_secret(secret, &iterations, &encoded_salt,
503503
stored_key, server_key))
504504
{
505505
/*
506-
* The password looked like a SCRAM verifier, but could not be parsed.
506+
* The password looked like a SCRAM secret, but could not be parsed.
507507
*/
508508
ereport(LOG,
509-
(errmsg("invalid SCRAM verifier for user \"%s\"", username)));
509+
(errmsg("invalid SCRAM secret for user \"%s\"", username)));
510510
return false;
511511
}
512512

@@ -517,7 +517,7 @@ scram_verify_plain_password(const char *username, const char *password,
517517
if (saltlen < 0)
518518
{
519519
ereport(LOG,
520-
(errmsg("invalid SCRAM verifier for user \"%s\"", username)));
520+
(errmsg("invalid SCRAM secret for user \"%s\"", username)));
521521
return false;
522522
}
523523

@@ -534,26 +534,26 @@ scram_verify_plain_password(const char *username, const char *password,
534534
pfree(prep_password);
535535

536536
/*
537-
* Compare the verifier's Server Key with the one computed from the
537+
* Compare the secret's Server Key with the one computed from the
538538
* user-supplied password.
539539
*/
540540
return memcmp(computed_key, server_key, SCRAM_KEY_LEN) == 0;
541541
}
542542

543543

544544
/*
545-
* Parse and validate format of given SCRAM verifier.
545+
* Parse and validate format of given SCRAM secret.
546546
*
547547
* On success, the iteration count, salt, stored key, and server key are
548-
* extracted from the verifier, and returned to the caller. For 'stored_key'
548+
* extracted from the secret, and returned to the caller. For 'stored_key'
549549
* and 'server_key', the caller must pass pre-allocated buffers of size
550550
* SCRAM_KEY_LEN. Salt is returned as a base64-encoded, null-terminated
551551
* string. The buffer for the salt is palloc'd by this function.
552552
*
553-
* Returns true if the SCRAM verifier has been parsed, and false otherwise.
553+
* Returns true if the SCRAM secret has been parsed, and false otherwise.
554554
*/
555555
bool
556-
parse_scram_verifier(const char *verifier, int *iterations, char **salt,
556+
parse_scram_secret(const char *secret, int *iterations, char **salt,
557557
uint8 *stored_key, uint8 *server_key)
558558
{
559559
char *v;
@@ -569,30 +569,30 @@ parse_scram_verifier(const char *verifier, int *iterations, char **salt,
569569
char *decoded_server_buf;
570570

571571
/*
572-
* The verifier is of form:
572+
* The secret is of form:
573573
*
574574
* SCRAM-SHA-256$<iterations>:<salt>$<storedkey>:<serverkey>
575575
*/
576-
v = pstrdup(verifier);
576+
v = pstrdup(secret);
577577
if ((scheme_str = strtok(v, "$")) == NULL)
578-
goto invalid_verifier;
578+
goto invalid_secret;
579579
if ((iterations_str = strtok(NULL, ":")) == NULL)
580-
goto invalid_verifier;
580+
goto invalid_secret;
581581
if ((salt_str = strtok(NULL, "$")) == NULL)
582-
goto invalid_verifier;
582+
goto invalid_secret;
583583
if ((storedkey_str = strtok(NULL, ":")) == NULL)
584-
goto invalid_verifier;
584+
goto invalid_secret;
585585
if ((serverkey_str = strtok(NULL, "")) == NULL)
586-
goto invalid_verifier;
586+
goto invalid_secret;
587587

588588
/* Parse the fields */
589589
if (strcmp(scheme_str, "SCRAM-SHA-256") != 0)
590-
goto invalid_verifier;
590+
goto invalid_secret;
591591

592592
errno = 0;
593593
*iterations = strtol(iterations_str, &p, 10);
594594
if (*p || errno != 0)
595-
goto invalid_verifier;
595+
goto invalid_secret;
596596

597597
/*
598598
* Verify that the salt is in Base64-encoded format, by decoding it,
@@ -603,7 +603,7 @@ parse_scram_verifier(const char *verifier, int *iterations, char **salt,
603603
decoded_len = pg_b64_decode(salt_str, strlen(salt_str),
604604
decoded_salt_buf, decoded_len);
605605
if (decoded_len < 0)
606-
goto invalid_verifier;
606+
goto invalid_secret;
607607
*salt = pstrdup(salt_str);
608608

609609
/*
@@ -614,37 +614,37 @@ parse_scram_verifier(const char *verifier, int *iterations, char **salt,
614614
decoded_len = pg_b64_decode(storedkey_str, strlen(storedkey_str),
615615
decoded_stored_buf, decoded_len);
616616
if (decoded_len != SCRAM_KEY_LEN)
617-
goto invalid_verifier;
617+
goto invalid_secret;
618618
memcpy(stored_key, decoded_stored_buf, SCRAM_KEY_LEN);
619619

620620
decoded_len = pg_b64_dec_len(strlen(serverkey_str));
621621
decoded_server_buf = palloc(decoded_len);
622622
decoded_len = pg_b64_decode(serverkey_str, strlen(serverkey_str),
623623
decoded_server_buf, decoded_len);
624624
if (decoded_len != SCRAM_KEY_LEN)
625-
goto invalid_verifier;
625+
goto invalid_secret;
626626
memcpy(server_key, decoded_server_buf, SCRAM_KEY_LEN);
627627

628628
return true;
629629

630-
invalid_verifier:
630+
invalid_secret:
631631
*salt = NULL;
632632
return false;
633633
}
634634

635635
/*
636-
* Generate plausible SCRAM verifier parameters for mock authentication.
636+
* Generate plausible SCRAM secret parameters for mock authentication.
637637
*
638-
* In a normal authentication, these are extracted from the verifier
638+
* In a normal authentication, these are extracted from the secret
639639
* stored in the server. This function generates values that look
640-
* realistic, for when there is no stored verifier.
640+
* realistic, for when there is no stored secret.
641641
*
642-
* Like in parse_scram_verifier(), for 'stored_key' and 'server_key', the
642+
* Like in parse_scram_secret(), for 'stored_key' and 'server_key', the
643643
* caller must pass pre-allocated buffers of size SCRAM_KEY_LEN, and
644644
* the buffer for the salt is palloc'd by this function.
645645
*/
646646
static void
647-
mock_scram_verifier(const char *username, int *iterations, char **salt,
647+
mock_scram_secret(const char *username, int *iterations, char **salt,
648648
uint8 *stored_key, uint8 *server_key)
649649
{
650650
char *raw_salt;

src/backend/libpq/auth.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -818,7 +818,7 @@ CheckPWChallengeAuth(Port *port, char **logdetail)
818818
* If 'md5' authentication is allowed, decide whether to perform 'md5' or
819819
* 'scram-sha-256' authentication based on the type of password the user
820820
* has. If it's an MD5 hash, we must do MD5 authentication, and if it's a
821-
* SCRAM verifier, we must do SCRAM authentication.
821+
* SCRAM secret, we must do SCRAM authentication.
822822
*
823823
* If MD5 authentication is not allowed, always use SCRAM. If the user
824824
* had an MD5 password, CheckSCRAMAuth() will fail.

src/backend/libpq/crypt.c

+4-4
Original file line numberDiff line numberDiff line change
@@ -83,7 +83,7 @@ get_role_password(const char *role, char **logdetail)
8383
}
8484

8585
/*
86-
* What kind of a password verifier is 'shadow_pass'?
86+
* What kind of a password type is 'shadow_pass'?
8787
*/
8888
PasswordType
8989
get_password_type(const char *shadow_pass)
@@ -97,14 +97,14 @@ get_password_type(const char *shadow_pass)
9797
strlen(shadow_pass) == MD5_PASSWD_LEN &&
9898
strspn(shadow_pass + 3, MD5_PASSWD_CHARSET) == MD5_PASSWD_LEN - 3)
9999
return PASSWORD_TYPE_MD5;
100-
if (parse_scram_verifier(shadow_pass, &iterations, &encoded_salt,
100+
if (parse_scram_secret(shadow_pass, &iterations, &encoded_salt,
101101
stored_key, server_key))
102102
return PASSWORD_TYPE_SCRAM_SHA_256;
103103
return PASSWORD_TYPE_PLAINTEXT;
104104
}
105105

106106
/*
107-
* Given a user-supplied password, convert it into a verifier of
107+
* Given a user-supplied password, convert it into a secret of
108108
* 'target_type' kind.
109109
*
110110
* If the password is already in encrypted form, we cannot reverse the
@@ -137,7 +137,7 @@ encrypt_password(PasswordType target_type, const char *role,
137137
return encrypted_password;
138138

139139
case PASSWORD_TYPE_SCRAM_SHA_256:
140-
return pg_be_scram_build_verifier(password);
140+
return pg_be_scram_build_secret(password);
141141

142142
case PASSWORD_TYPE_PLAINTEXT:
143143
elog(ERROR, "cannot encrypt password with 'plaintext'");

src/common/scram-common.c

+2-2
Original file line numberDiff line numberDiff line change
@@ -181,15 +181,15 @@ scram_ServerKey(const uint8 *salted_password, uint8 *result)
181181

182182

183183
/*
184-
* Construct a verifier string for SCRAM, stored in pg_authid.rolpassword.
184+
* Construct a SCRAM secret, for storing in pg_authid.rolpassword.
185185
*
186186
* The password should already have been processed with SASLprep, if necessary!
187187
*
188188
* If iterations is 0, default number of iterations is used. The result is
189189
* palloc'd or malloc'd, so caller is responsible for freeing it.
190190
*/
191191
char *
192-
scram_build_verifier(const char *salt, int saltlen, int iterations,
192+
scram_build_secret(const char *salt, int saltlen, int iterations,
193193
const char *password)
194194
{
195195
uint8 salted_password[SCRAM_KEY_LEN];

0 commit comments

Comments
 (0)