pgsql: Make implementation of SASLprep compliant for ASCII characters
| От | Michael Paquier |
|---|---|
| Тема | pgsql: Make implementation of SASLprep compliant for ASCII characters |
| Дата | |
| Msg-id | E1w4ojJ-0019lP-2V@gemulon.postgresql.org обсуждение исходный текст |
| Список | pgsql-committers |
Make implementation of SASLprep compliant for ASCII characters This commit makes our implementation of SASLprep() compliant with RFC 3454 (Stringprep) and RFC 4013 (SASLprep). Originally, as introduced in 60f11b87a234, the operation considered a password made of only ASCII characters as valid, performing an optimization for this case to skip the internal NFKC transformation. However, the RFCs listed above use a different definition, with the following characters being prohibited: - 0x00~0x1F (0~31), control characters. - 0x7F (127, DEL). In its SCRAM protocol, Postgres has the idea to apply a password as-is if SASLprep() is not a success, so this change is safe on backward-compatibility grounds: - A libpq client with the compliant SASLprep can connect to a server with a non-compliant SASLprep. - A libpq client with the non-compliant SASLprep can connect to a server with a compliant SASLprep. This commit removes the all-ASCII optimization used in pg_saslprep() and applies SASLprep even if a password is made only of ASCII characters, making the operation compatible with the RFC. All the in-core callers of pg_saslprep() do that: - pg_be_scram_build_secret() in auth-scram.c, when generating a SCRAM verifier for rolpassword in the backend. - scram_init() in fe-auth-scram.c, when starting the SASL exchange. - pg_fe_scram_build_secret() in fe-auth-scram.c, when generating a SCRAM verifier for the frontend with libpq, to generate it for a ALTER/CREATE ROLE command for example. The test module test_saslprep shows the difference this change is leading to. Author: Michael Paquier <michael@paquier.xyz> Reviewed-by: John Naylor <johncnaylorls@gmail.com> Discussion: https://postgr.es/m/aaEJ-El2seZHeFcG@paquier.xyz Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/3d10ece612f535be15a9cb7ca31620c80db6f0e9 Modified Files -------------- src/common/saslprep.c | 12 ---- .../test_saslprep/expected/test_saslprep.out | 66 +++++++++++----------- .../modules/test_saslprep/t/001_saslprep_ranges.pl | 5 +- 3 files changed, 34 insertions(+), 49 deletions(-)
В списке pgsql-committers по дате отправления: