Fix up references to scram-sha-256

pg_hba_file_rules erroneously reported this as scram-sha256.  Fix that.

To avoid future errors and confusion, also adjust documentation links
and internal symbols to have a separator between "sha" and "256".

Reported-by: Christophe Courtois 
Author: Michael Paquier 

diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml
index 4c5ed1e6d66fd38856b5ae89861d0b893ff38f3d..3cec9e0b0c7840efd7ecf14c0e824ea591a4b388 100644 (file)
--- a/doc/src/sgml/protocol.sgml
+++ b/doc/src/sgml/protocol.sgml
@@ -1540,7 +1540,7 @@ On error, the server can abort the authentication at any stage, and send an
 ErrorMessage.
 
 
- 
+ -256">
   SCRAM-SHA-256 authentication
 
   

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 746d7cbb8ad126fd76acbd0ffb2c799fe37f0681..3014b17a7c189ee98ccedd737867ac383b0a5d3a 100644 (file)
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -894,18 +894,18 @@ CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail)
     * channel-binding variants go first, if they are supported.  Channel
     * binding is only supported in SSL builds.
     */
-   sasl_mechs = palloc(strlen(SCRAM_SHA256_PLUS_NAME) +
-                       strlen(SCRAM_SHA256_NAME) + 3);
+   sasl_mechs = palloc(strlen(SCRAM_SHA_256_PLUS_NAME) +
+                       strlen(SCRAM_SHA_256_NAME) + 3);
    p = sasl_mechs;
 
    if (port->ssl_in_use)
    {
-       strcpy(p, SCRAM_SHA256_PLUS_NAME);
-       p += strlen(SCRAM_SHA256_PLUS_NAME) + 1;
+       strcpy(p, SCRAM_SHA_256_PLUS_NAME);
+       p += strlen(SCRAM_SHA_256_PLUS_NAME) + 1;
    }
 
-   strcpy(p, SCRAM_SHA256_NAME);
-   p += strlen(SCRAM_SHA256_NAME) + 1;
+   strcpy(p, SCRAM_SHA_256_NAME);
+   p += strlen(SCRAM_SHA_256_NAME) + 1;
 
    /* Put another '\0' to mark that list is finished. */
    p[0] = '\0';
@@ -973,8 +973,8 @@ CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail)
            const char *selected_mech;
 
            selected_mech = pq_getmsgrawstring(&buf);
-           if (strcmp(selected_mech, SCRAM_SHA256_NAME) != 0 &&
-               strcmp(selected_mech, SCRAM_SHA256_PLUS_NAME) != 0)
+           if (strcmp(selected_mech, SCRAM_SHA_256_NAME) != 0 &&
+               strcmp(selected_mech, SCRAM_SHA_256_PLUS_NAME) != 0)
            {
                ereport(ERROR,
                        (errcode(ERRCODE_PROTOCOL_VIOLATION),

diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c
index aa20f266b8d936555e29298e85fa4c775b97b6d2..acf625e4ec1725fa2ce476b2e9daac6518785798 100644 (file)
--- a/src/backend/libpq/hba.c
+++ b/src/backend/libpq/hba.c
@@ -126,7 +126,7 @@ static const char *const UserAuthName[] =
    "ident",
    "password",
    "md5",
-   "scram-sha256",
+   "scram-sha-256",
    "gss",
    "sspi",
    "pam",

diff --git a/src/include/common/scram-common.h b/src/include/common/scram-common.h
index e1d742ba89839e4efb070cff70246326179ec292..17373cce3aed867ca39641b9343f2ebe64dda376 100644 (file)
--- a/src/include/common/scram-common.h
+++ b/src/include/common/scram-common.h
@@ -16,8 +16,8 @@
 #include "common/sha2.h"
 
 /* Name of SCRAM mechanisms per IANA */
-#define SCRAM_SHA256_NAME "SCRAM-SHA-256"
-#define SCRAM_SHA256_PLUS_NAME "SCRAM-SHA-256-PLUS" /* with channel binding */
+#define SCRAM_SHA_256_NAME "SCRAM-SHA-256"
+#define SCRAM_SHA_256_PLUS_NAME "SCRAM-SHA-256-PLUS" /* with channel binding */
 
 /* Channel binding types */
 #define SCRAM_CHANNEL_BINDING_TLS_UNIQUE    "tls-unique"

diff --git a/src/interfaces/libpq/fe-auth-scram.c b/src/interfaces/libpq/fe-auth-scram.c
index 23bd5fb2b61c9a8d77cc3e62d0f8c2a39109f5d9..8415bbb5c619d2cfada120cb829af9968484b8d1 100644 (file)
--- a/src/interfaces/libpq/fe-auth-scram.c
+++ b/src/interfaces/libpq/fe-auth-scram.c
@@ -349,7 +349,7 @@ build_client_first_message(fe_scram_state *state)
    /*
     * First build the gs2-header with channel binding information.
     */
-   if (strcmp(state->sasl_mechanism, SCRAM_SHA256_PLUS_NAME) == 0)
+   if (strcmp(state->sasl_mechanism, SCRAM_SHA_256_PLUS_NAME) == 0)
    {
        Assert(conn->ssl_in_use);
        appendPQExpBuffer(&buf, "p=%s", conn->scram_channel_binding);
@@ -430,7 +430,7 @@ build_client_final_message(fe_scram_state *state)
     * build_client_first_message(), because the server will check that it's
     * the same flag both times.
     */
-   if (strcmp(state->sasl_mechanism, SCRAM_SHA256_PLUS_NAME) == 0)
+   if (strcmp(state->sasl_mechanism, SCRAM_SHA_256_PLUS_NAME) == 0)
    {
        char       *cbind_data = NULL;
        size_t      cbind_data_len = 0;

diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
index 7bcbca9df6115100ba7a95357841a07a83aef275..3b2073a47fe844fb45687c17d68450d99f3460d4 100644 (file)
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -533,11 +533,11 @@ pg_SASL_init(PGconn *conn, int payloadlen)
        if (conn->ssl_in_use &&
            conn->scram_channel_binding &&
            strlen(conn->scram_channel_binding) > 0 &&
-           strcmp(mechanism_buf.data, SCRAM_SHA256_PLUS_NAME) == 0)
-           selected_mechanism = SCRAM_SHA256_PLUS_NAME;
-       else if (strcmp(mechanism_buf.data, SCRAM_SHA256_NAME) == 0 &&
+           strcmp(mechanism_buf.data, SCRAM_SHA_256_PLUS_NAME) == 0)
+           selected_mechanism = SCRAM_SHA_256_PLUS_NAME;
+       else if (strcmp(mechanism_buf.data, SCRAM_SHA_256_NAME) == 0 &&
                 !selected_mechanism)
-           selected_mechanism = SCRAM_SHA256_NAME;
+           selected_mechanism = SCRAM_SHA_256_NAME;
    }
 
    if (!selected_mechanism)