Fix up references to scram-sha-256

petere · petere · commit 38d485fdaa57 · 2018-01-30T16:50:30.000-05:00
pg_hba_file_rules erroneously reported this as scram-sha256.  Fix that.

To avoid future errors and confusion, also adjust documentation links
and internal symbols to have a separator between "sha" and "256".

Reported-by: Christophe Courtois &lt;christophe.courtois@dalibo.com&gt;
Author: Michael Paquier &lt;michael.paquier@gmail.com&gt;
diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml
@@ -1540,7 +1540,7 @@ On error, the server can abort the authentication at any stage, and send an
 ErrorMessage.
 </para>
 
- <sect2 id="sasl-scram-sha256">
+ <sect2 id="sasl-scram-sha-256">
   <title>SCRAM-SHA-256 authentication</title>
 
   <para>
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
@@ -894,18 +894,18 @@ CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail)
 	 * channel-binding variants go first, if they are supported.  Channel
 	 * binding is only supported in SSL builds.
 	 */
-	sasl_mechs = palloc(strlen(SCRAM_SHA256_PLUS_NAME) +
-						strlen(SCRAM_SHA256_NAME) + 3);
+	sasl_mechs = palloc(strlen(SCRAM_SHA_256_PLUS_NAME) +
+						strlen(SCRAM_SHA_256_NAME) + 3);
 	p = sasl_mechs;
 
 	if (port->ssl_in_use)
 	{
-		strcpy(p, SCRAM_SHA256_PLUS_NAME);
-		p += strlen(SCRAM_SHA256_PLUS_NAME) + 1;
+		strcpy(p, SCRAM_SHA_256_PLUS_NAME);
+		p += strlen(SCRAM_SHA_256_PLUS_NAME) + 1;
 	}
 
-	strcpy(p, SCRAM_SHA256_NAME);
-	p += strlen(SCRAM_SHA256_NAME) + 1;
+	strcpy(p, SCRAM_SHA_256_NAME);
+	p += strlen(SCRAM_SHA_256_NAME) + 1;
 
 	/* Put another '\0' to mark that list is finished. */
 	p[0] = '\0';
@@ -973,8 +973,8 @@ CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail)
 			const char *selected_mech;
 
 			selected_mech = pq_getmsgrawstring(&buf);
-			if (strcmp(selected_mech, SCRAM_SHA256_NAME) != 0 &&
-				strcmp(selected_mech, SCRAM_SHA256_PLUS_NAME) != 0)
+			if (strcmp(selected_mech, SCRAM_SHA_256_NAME) != 0 &&
+				strcmp(selected_mech, SCRAM_SHA_256_PLUS_NAME) != 0)
 			{
 				ereport(ERROR,
 						(errcode(ERRCODE_PROTOCOL_VIOLATION),
diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c
@@ -126,7 +126,7 @@ static const char *const UserAuthName[] =
 	"ident",
 	"password",
 	"md5",
-	"scram-sha256",
+	"scram-sha-256",
 	"gss",
 	"sspi",
 	"pam",
diff --git a/src/include/common/scram-common.h b/src/include/common/scram-common.h
@@ -16,8 +16,8 @@
 #include "common/sha2.h"
 
 /* Name of SCRAM mechanisms per IANA */
-#define SCRAM_SHA256_NAME "SCRAM-SHA-256"
-#define SCRAM_SHA256_PLUS_NAME "SCRAM-SHA-256-PLUS" /* with channel binding */
+#define SCRAM_SHA_256_NAME "SCRAM-SHA-256"
+#define SCRAM_SHA_256_PLUS_NAME "SCRAM-SHA-256-PLUS" /* with channel binding */
 
 /* Channel binding types */
 #define SCRAM_CHANNEL_BINDING_TLS_UNIQUE    "tls-unique"
diff --git a/src/interfaces/libpq/fe-auth-scram.c b/src/interfaces/libpq/fe-auth-scram.c
@@ -349,7 +349,7 @@ build_client_first_message(fe_scram_state *state)
 	/*
 	 * First build the gs2-header with channel binding information.
 	 */
-	if (strcmp(state->sasl_mechanism, SCRAM_SHA256_PLUS_NAME) == 0)
+	if (strcmp(state->sasl_mechanism, SCRAM_SHA_256_PLUS_NAME) == 0)
 	{
 		Assert(conn->ssl_in_use);
 		appendPQExpBuffer(&buf, "p=%s", conn->scram_channel_binding);
@@ -430,7 +430,7 @@ build_client_final_message(fe_scram_state *state)
 	 * build_client_first_message(), because the server will check that it's
 	 * the same flag both times.
 	 */
-	if (strcmp(state->sasl_mechanism, SCRAM_SHA256_PLUS_NAME) == 0)
+	if (strcmp(state->sasl_mechanism, SCRAM_SHA_256_PLUS_NAME) == 0)
 	{
 		char	   *cbind_data = NULL;
 		size_t		cbind_data_len = 0;
diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
@@ -533,11 +533,11 @@ pg_SASL_init(PGconn *conn, int payloadlen)
 		if (conn->ssl_in_use &&
 			conn->scram_channel_binding &&
 			strlen(conn->scram_channel_binding) > 0 &&
-			strcmp(mechanism_buf.data, SCRAM_SHA256_PLUS_NAME) == 0)
-			selected_mechanism = SCRAM_SHA256_PLUS_NAME;
-		else if (strcmp(mechanism_buf.data, SCRAM_SHA256_NAME) == 0 &&
+			strcmp(mechanism_buf.data, SCRAM_SHA_256_PLUS_NAME) == 0)
+			selected_mechanism = SCRAM_SHA_256_PLUS_NAME;
+		else if (strcmp(mechanism_buf.data, SCRAM_SHA_256_NAME) == 0 &&
 				 !selected_mechanism)
-			selected_mechanism = SCRAM_SHA256_NAME;
+			selected_mechanism = SCRAM_SHA_256_NAME;
 	}
 
 	if (!selected_mechanism)
