From b4675a8ae2d0aaafeb136c46c92bb56eaf018d32 Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Sat, 12 Oct 2019 21:17:34 +0200 Subject: Fix use of term "verifier" Within the context of SCRAM, "verifier" has a specific meaning in the protocol, per RFCs. The existing code used "verifier" differently, to mean whatever is or would be stored in pg_auth.rolpassword. Fix this by using the term "secret" for this, following RFC 5803. Reviewed-by: Michael Paquier Discussion: https://www.postgresql.org/message-id/flat/be397b06-6e4b-ba71-c7fb-54cae84a7e18%402ndquadrant.com --- src/backend/libpq/crypt.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src/backend/libpq/crypt.c') diff --git a/src/backend/libpq/crypt.c b/src/backend/libpq/crypt.c index 784fb227aa2..9add6a14b23 100644 --- a/src/backend/libpq/crypt.c +++ b/src/backend/libpq/crypt.c @@ -83,7 +83,7 @@ get_role_password(const char *role, char **logdetail) } /* - * What kind of a password verifier is 'shadow_pass'? + * What kind of a password type is 'shadow_pass'? */ PasswordType get_password_type(const char *shadow_pass) @@ -97,14 +97,14 @@ get_password_type(const char *shadow_pass) strlen(shadow_pass) == MD5_PASSWD_LEN && strspn(shadow_pass + 3, MD5_PASSWD_CHARSET) == MD5_PASSWD_LEN - 3) return PASSWORD_TYPE_MD5; - if (parse_scram_verifier(shadow_pass, &iterations, &encoded_salt, + if (parse_scram_secret(shadow_pass, &iterations, &encoded_salt, stored_key, server_key)) return PASSWORD_TYPE_SCRAM_SHA_256; return PASSWORD_TYPE_PLAINTEXT; } /* - * Given a user-supplied password, convert it into a verifier of + * Given a user-supplied password, convert it into a secret of * 'target_type' kind. * * If the password is already in encrypted form, we cannot reverse the @@ -137,7 +137,7 @@ encrypt_password(PasswordType target_type, const char *role, return encrypted_password; case PASSWORD_TYPE_SCRAM_SHA_256: - return pg_be_scram_build_verifier(password); + return pg_be_scram_build_secret(password); case PASSWORD_TYPE_PLAINTEXT: elog(ERROR, "cannot encrypt password with 'plaintext'"); -- cgit v1.2.3