Rename "scram" to "scram-sha-256" in pg_hba.conf and password_encryption.

Per discussion, plain "scram" is confusing because we actually implement SCRAM-SHA-256 rather than the original SCRAM that uses SHA-1 as the hash algorithm. If we add support for SCRAM-SHA-512 or some other mechanism in the SCRAM family in the future, that would become even more confusing. Most of the internal files and functions still use just "scram" as a shorthand for SCRMA-SHA-256, but I did change PASSWORD_TYPE_SCRAM to PASSWORD_TYPE_SCRAM_SHA_256, as that could potentially be used by 3rd party extensions that hook into the password-check hook. Michael Paquier did this in an earlier version of the SCRAM patch set already, but I didn't include that in the version that was committed. Discussion: https://www.postgresql.org/message-id/[email protected]
author: Heikki Linnakangas 2017-04-18 11:50:50 +0000
committer: Heikki Linnakangas 2017-04-18 11:50:50 +0000
commit: c727f120ff50f624a1ee3abe700d995c18314a0b (patch)
tree: a3fb2b94b43e51f386d31dca2b056d004b787ae3 /src/backend
parent: 123aaffb5b881f3dadaac676877a90b50233a847 (diff)
7 files changed, 25 insertions, 25 deletions
diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
index de264974ae8..c719682274d 100644
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -140,8 +140,8 @@ CreateRole(ParseState *pstate, CreateRoleStmt *stmt)
 			dpassword = defel;
 			if (strcmp(defel->defname, "encryptedPassword") == 0)
 			{
-				if (Password_encryption == PASSWORD_TYPE_SCRAM)
-					password_type = PASSWORD_TYPE_SCRAM;
+				if (Password_encryption == PASSWORD_TYPE_SCRAM_SHA_256)
+					password_type = PASSWORD_TYPE_SCRAM_SHA_256;
 				else
 					password_type = PASSWORD_TYPE_MD5;
 			}
@@ -548,8 +548,8 @@ AlterRole(AlterRoleStmt *stmt)
 			dpassword = defel;
 			if (strcmp(defel->defname, "encryptedPassword") == 0)
 			{
-				if (Password_encryption == PASSWORD_TYPE_SCRAM)
-					password_type = PASSWORD_TYPE_SCRAM;
+				if (Password_encryption == PASSWORD_TYPE_SCRAM_SHA_256)
+					password_type = PASSWORD_TYPE_SCRAM_SHA_256;
 				else
 					password_type = PASSWORD_TYPE_MD5;
 			}
diff --git a/src/backend/libpq/auth-scram.c b/src/backend/libpq/auth-scram.c
index 338afede9de..76c502d415d 100644
--- a/src/backend/libpq/auth-scram.c
+++ b/src/backend/libpq/auth-scram.c
@@ -183,7 +183,7 @@ pg_be_scram_init(const char *username, const char *shadow_pass)
 	{
 		int			password_type = get_password_type(shadow_pass);
 
-		if (password_type == PASSWORD_TYPE_SCRAM)
+		if (password_type == PASSWORD_TYPE_SCRAM_SHA_256)
 		{
 			if (parse_scram_verifier(shadow_pass, &state->salt, &state->iterations,
 									 state->StoredKey, state->ServerKey))
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 848561e188e..ab4be219431 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -50,7 +50,7 @@ static char *recv_password_packet(Port *port);
 
 
 /*----------------------------------------------------------------
- * Password-based authentication methods (password, md5, and scram)
+ * Password-based authentication methods (password, md5, and scram-sha-256)
  *----------------------------------------------------------------
  */
 static int	CheckPasswordAuth(Port *port, char **logdetail);
@@ -757,10 +757,10 @@ CheckPWChallengeAuth(Port *port, char **logdetail)
 	 * If the user does not exist, or has no password, we still go through the
 	 * motions of authentication, to avoid revealing to the client that the
 	 * user didn't exist.  If 'md5' is allowed, we choose whether to use 'md5'
-	 * or 'scram' authentication based on current password_encryption setting.
-	 * The idea is that most genuine users probably have a password of that
-	 * type, if we pretend that this user had a password of that type, too, it
-	 * "blends in" best.
+	 * or 'scram-sha-256' authentication based on current password_encryption
+	 * setting.  The idea is that most genuine users probably have a password
+	 * of that type, if we pretend that this user had a password of that type,
+	 * too, it "blends in" best.
 	 *
 	 * If the user had a password, but it was expired, we'll use the details
 	 * of the expired password for the authentication, but report it as
@@ -773,9 +773,9 @@ CheckPWChallengeAuth(Port *port, char **logdetail)
 
 	/*
 	 * If 'md5' authentication is allowed, decide whether to perform 'md5' or
-	 * 'scram' authentication based on the type of password the user has.  If
-	 * it's an MD5 hash, we must do MD5 authentication, and if it's a SCRAM
-	 * verifier, we must do SCRAM authentication.  If it's stored in
+	 * 'scram-sha-256' authentication based on the type of password the user
+	 * has.  If it's an MD5 hash, we must do MD5 authentication, and if it's
+	 * a SCRAM verifier, we must do SCRAM authentication.  If it's stored in
 	 * plaintext, we could do either one, so we opt for the more secure
 	 * mechanism, SCRAM.
 	 *
diff --git a/src/backend/libpq/crypt.c b/src/backend/libpq/crypt.c
index 34beab53342..03ef3cc6522 100644
--- a/src/backend/libpq/crypt.c
+++ b/src/backend/libpq/crypt.c
@@ -101,7 +101,7 @@ get_password_type(const char *shadow_pass)
 	if (strncmp(shadow_pass, "md5", 3) == 0 && strlen(shadow_pass) == MD5_PASSWD_LEN)
 		return PASSWORD_TYPE_MD5;
 	if (strncmp(shadow_pass, "scram-sha-256:", strlen("scram-sha-256:")) == 0)
-		return PASSWORD_TYPE_SCRAM;
+		return PASSWORD_TYPE_SCRAM_SHA_256;
 	return PASSWORD_TYPE_PLAINTEXT;
 }
 
@@ -141,7 +141,7 @@ encrypt_password(PasswordType target_type, const char *role,
 						elog(ERROR, "password encryption failed");
 					return encrypted_password;
 
-				case PASSWORD_TYPE_SCRAM:
+				case PASSWORD_TYPE_SCRAM_SHA_256:
 
 					/*
 					 * cannot convert a SCRAM verifier to an MD5 hash, so fall
@@ -152,7 +152,7 @@ encrypt_password(PasswordType target_type, const char *role,
 			}
 			break;
 
-		case PASSWORD_TYPE_SCRAM:
+		case PASSWORD_TYPE_SCRAM_SHA_256:
 			switch (guessed_type)
 			{
 				case PASSWORD_TYPE_PLAINTEXT:
@@ -164,7 +164,7 @@ encrypt_password(PasswordType target_type, const char *role,
 					 * cannot convert an MD5 hash to a SCRAM verifier, so fall
 					 * through to save the MD5 hash instead.
 					 */
-				case PASSWORD_TYPE_SCRAM:
+				case PASSWORD_TYPE_SCRAM_SHA_256:
 					return pstrdup(password);
 			}
 			break;
@@ -280,7 +280,7 @@ plain_crypt_verify(const char *role, const char *shadow_pass,
 	 */
 	switch (get_password_type(shadow_pass))
 	{
-		case PASSWORD_TYPE_SCRAM:
+		case PASSWORD_TYPE_SCRAM_SHA_256:
 			if (scram_verify_plain_password(role,
 											client_pass,
 											shadow_pass))
diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c
index af89fe898a6..5561c399da4 100644
--- a/src/backend/libpq/hba.c
+++ b/src/backend/libpq/hba.c
@@ -126,7 +126,7 @@ static const char *const UserAuthName[] =
 	"ident",
 	"password",
 	"md5",
-	"scram",
+	"scram-sha256",
 	"gss",
 	"sspi",
 	"pam",
@@ -1327,7 +1327,7 @@ parse_hba_line(TokenizedLine *tok_line, int elevel)
 		}
 		parsedline->auth_method = uaMD5;
 	}
-	else if (strcmp(token->string, "scram") == 0)
+	else if (strcmp(token->string, "scram-sha-256") == 0)
 		parsedline->auth_method = uaSCRAM;
 	else if (strcmp(token->string, "pam") == 0)
 #ifdef USE_PAM
diff --git a/src/backend/libpq/pg_hba.conf.sample b/src/backend/libpq/pg_hba.conf.sample
index 6b1778a7213..c853e362329 100644
--- a/src/backend/libpq/pg_hba.conf.sample
+++ b/src/backend/libpq/pg_hba.conf.sample
@@ -42,10 +42,10 @@
 # or "samenet" to match any address in any subnet that the server is
 # directly connected to.
 #
-# METHOD can be "trust", "reject", "md5", "password", "scram", "gss",
-# "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert".  Note that
-# "password" sends passwords in clear text; "md5" or "scram" are preferred
-# since they send encrypted passwords.
+# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256",
+# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert".
+# Note that "password" sends passwords in clear text; "md5" or
+# "scram-sha-256" are preferred since they send encrypted passwords.
 #
 # OPTIONS are a set of options for the authentication in the format
 # NAME=VALUE.  The available options depend on the different
diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
index 9ad8361a9bd..a414fb2c767 100644
--- a/src/backend/utils/misc/guc.c
+++ b/src/backend/utils/misc/guc.c
@@ -410,7 +410,7 @@ static const struct config_enum_entry force_parallel_mode_options[] = {
 static const struct config_enum_entry password_encryption_options[] = {
 	{"plain", PASSWORD_TYPE_PLAINTEXT, false},
 	{"md5", PASSWORD_TYPE_MD5, false},
-	{"scram", PASSWORD_TYPE_SCRAM, false},
+	{"scram-sha-256", PASSWORD_TYPE_SCRAM_SHA_256, false},
 	{"off", PASSWORD_TYPE_PLAINTEXT, false},
 	{"on", PASSWORD_TYPE_MD5, false},
 	{"true", PASSWORD_TYPE_MD5, true},
author	Heikki Linnakangas	2017-04-18 11:50:50 +0000
committer	Heikki Linnakangas	2017-04-18 11:50:50 +0000
commit	c727f120ff50f624a1ee3abe700d995c18314a0b (patch)
tree	a3fb2b94b43e51f386d31dca2b056d004b787ae3 /src/backend
parent	123aaffb5b881f3dadaac676877a90b50233a847 (diff)