len = pg_b64_enc_len(sizeof(MyProcPort->scram_ClientKey));
/* don't forget the zero-terminator */
client_key = palloc0(len + 1);
- encoded_len = pg_b64_encode((const char *) MyProcPort->scram_ClientKey,
+ encoded_len = pg_b64_encode(MyProcPort->scram_ClientKey,
sizeof(MyProcPort->scram_ClientKey),
client_key, len);
if (encoded_len < 0)
len = pg_b64_enc_len(sizeof(MyProcPort->scram_ServerKey));
/* don't forget the zero-terminator */
server_key = palloc0(len + 1);
- encoded_len = pg_b64_encode((const char *) MyProcPort->scram_ServerKey,
+ encoded_len = pg_b64_encode(MyProcPort->scram_ServerKey,
sizeof(MyProcPort->scram_ServerKey),
server_key, len);
if (encoded_len < 0)
len = pg_b64_enc_len(sizeof(MyProcPort->scram_ClientKey));
/* don't forget the zero-terminator */
values[n] = palloc0(len + 1);
- encoded_len = pg_b64_encode((const char *) MyProcPort->scram_ClientKey,
+ encoded_len = pg_b64_encode(MyProcPort->scram_ClientKey,
sizeof(MyProcPort->scram_ClientKey),
(char *) values[n], len);
if (encoded_len < 0)
len = pg_b64_enc_len(sizeof(MyProcPort->scram_ServerKey));
/* don't forget the zero-terminator */
values[n] = palloc0(len + 1);
- encoded_len = pg_b64_encode((const char *) MyProcPort->scram_ServerKey,
+ encoded_len = pg_b64_encode(MyProcPort->scram_ServerKey,
sizeof(MyProcPort->scram_ServerKey),
(char *) values[n], len);
if (encoded_len < 0)
/* Fields from the last message from client */
char *client_final_message_without_proof;
char *client_final_nonce;
- char ClientProof[SCRAM_MAX_KEY_LEN];
+ uint8 ClientProof[SCRAM_MAX_KEY_LEN];
/* Fields generated in the server */
char *server_first_message;
static bool is_scram_printable(char *p);
static char *sanitize_char(char c);
static char *sanitize_str(const char *s);
-static char *scram_mock_salt(const char *username,
- pg_cryptohash_type hash_type,
- int key_length);
+static uint8 *scram_mock_salt(const char *username,
+ pg_cryptohash_type hash_type,
+ int key_length);
/*
* The number of iterations to use when generating new secrets.
{
char *prep_password;
pg_saslprep_rc rc;
- char saltbuf[SCRAM_DEFAULT_SALT_LEN];
+ uint8 saltbuf[SCRAM_DEFAULT_SALT_LEN];
char *result;
const char *errstr = NULL;
const char *secret)
{
char *encoded_salt;
- char *salt;
+ uint8 *salt;
int saltlen;
int iterations;
int key_length = 0;
char *storedkey_str;
char *serverkey_str;
int decoded_len;
- char *decoded_salt_buf;
- char *decoded_stored_buf;
- char *decoded_server_buf;
+ uint8 *decoded_salt_buf;
+ uint8 *decoded_stored_buf;
+ uint8 *decoded_server_buf;
/*
* The secret is of form:
int *iterations, int *key_length, char **salt,
uint8 *stored_key, uint8 *server_key)
{
- char *raw_salt;
+ uint8 *raw_salt;
char *encoded_salt;
int encoded_len;
* For convenience, however, we don't use the whole range available,
* rather, we generate some random bytes, and base64 encode them.
*/
- char raw_nonce[SCRAM_RAW_NONCE_LEN];
+ uint8 raw_nonce[SCRAM_RAW_NONCE_LEN];
int encoded_len;
if (!pg_strong_random(raw_nonce, SCRAM_RAW_NONCE_LEN))
char *begin,
*proof;
char *p;
- char *client_proof;
+ uint8 *client_proof;
int client_proof_len;
begin = p = pstrdup(input);
b64_message_len = pg_b64_enc_len(cbind_input_len);
/* don't forget the zero-terminator */
b64_message = palloc(b64_message_len + 1);
- b64_message_len = pg_b64_encode(cbind_input, cbind_input_len,
+ b64_message_len = pg_b64_encode((uint8 *) cbind_input, cbind_input_len,
b64_message, b64_message_len);
if (b64_message_len < 0)
elog(ERROR, "could not encode channel binding data");
siglen = pg_b64_enc_len(state->key_length);
/* don't forget the zero-terminator */
server_signature_base64 = palloc(siglen + 1);
- siglen = pg_b64_encode((const char *) ServerSignature,
+ siglen = pg_b64_encode(ServerSignature,
state->key_length, server_signature_base64,
siglen);
if (siglen < 0)
* hash based on the username and a cluster-level secret key. Returns a
* pointer to a static buffer of size SCRAM_DEFAULT_SALT_LEN, or NULL.
*/
-static char *
+static uint8 *
scram_mock_salt(const char *username, pg_cryptohash_type hash_type,
int key_length)
{
}
pg_cryptohash_free(ctx);
- return (char *) sha_digest;
+ return sha_digest;
}
* Send an authentication request packet to the frontend.
*/
void
-sendAuthRequest(Port *port, AuthRequest areq, const char *extradata, int extralen)
+sendAuthRequest(Port *port, AuthRequest areq, const void *extradata, int extralen)
{
StringInfoData buf;
static int
CheckMD5Auth(Port *port, char *shadow_pass, const char **logdetail)
{
- char md5Salt[4]; /* Password salt */
+ uint8 md5Salt[4]; /* Password salt */
char *passwd;
int result;
case PASSWORD_TYPE_MD5:
encrypted_password = palloc(MD5_PASSWD_LEN + 1);
- if (!pg_md5_encrypt(password, role, strlen(role),
+ if (!pg_md5_encrypt(password, (uint8 *) role, strlen(role),
encrypted_password, &errstr))
elog(ERROR, "password encryption failed: %s", errstr);
break;
int
md5_crypt_verify(const char *role, const char *shadow_pass,
const char *client_pass,
- const char *md5_salt, int md5_salt_len,
+ const uint8 *md5_salt, int md5_salt_len,
const char **logdetail)
{
int retval;
case PASSWORD_TYPE_MD5:
if (!pg_md5_encrypt(client_pass,
- role,
+ (uint8 *) role,
strlen(role),
crypt_client_pass,
&errstr))
{
pg_atomic_uint32 pss_pid;
int pss_cancel_key_len; /* 0 means no cancellation is possible */
- char pss_cancel_key[MAX_CANCEL_KEY_LENGTH];
+ uint8 pss_cancel_key[MAX_CANCEL_KEY_LENGTH];
volatile sig_atomic_t pss_signalFlags[NUM_PROCSIGNALS];
slock_t pss_mutex; /* protects the above fields */
* Register the current process in the ProcSignal array
*/
void
-ProcSignalInit(char *cancel_key, int cancel_key_len)
+ProcSignalInit(const uint8 *cancel_key, int cancel_key_len)
{
ProcSignalSlot *slot;
uint64 barrier_generation;
* fields in the ProcSignal slots.
*/
void
-SendCancelRequest(int backendPID, char *cancel_key, int cancel_key_len)
+SendCancelRequest(int backendPID, const uint8 *cancel_key, int cancel_key_len)
{
Assert(backendPID != 0);
TimestampTz MyStartTimestamp;
struct ClientSocket *MyClientSocket;
struct Port *MyProcPort;
-char MyCancelKey[MAX_CANCEL_KEY_LENGTH];
+uint8 MyCancelKey[MAX_CANCEL_KEY_LENGTH];
int MyCancelKeyLength = 0;
int MyPMChildSlot;
/*
* pg_b64_encode
*
- * Encode into base64 the given string. Returns the length of the encoded
- * string, and -1 in the event of an error with the result buffer zeroed
- * for safety.
+ * Encode the 'src' byte array into base64. Returns the length of the encoded
+ * string, and -1 in the event of an error with the result buffer zeroed for
+ * safety.
*/
int
-pg_b64_encode(const char *src, int len, char *dst, int dstlen)
+pg_b64_encode(const uint8 *src, int len, char *dst, int dstlen)
{
char *p;
- const char *s,
+ const uint8 *s,
*end = src + len;
int pos = 2;
uint32 buf = 0;
while (s < end)
{
- buf |= (unsigned char) *s << (pos << 3);
+ buf |= *s << (pos << 3);
pos--;
s++;
* buffer zeroed for safety.
*/
int
-pg_b64_decode(const char *src, int len, char *dst, int dstlen)
+pg_b64_decode(const char *src, int len, uint8 *dst, int dstlen)
{
const char *srcend = src + len,
*s = src;
- char *p = dst;
+ uint8 *p = dst;
char c;
int b = 0;
uint32 buf = 0;
* (of size MD5_DIGEST_LENGTH) rather than being converted to ASCII hex.
*/
bool
-pg_md5_binary(const void *buff, size_t len, void *outbuf, const char **errstr)
+pg_md5_binary(const void *buff, size_t len, uint8 *outbuf, const char **errstr)
{
pg_cryptohash_ctx *ctx;
* error context.
*/
bool
-pg_md5_encrypt(const char *passwd, const char *salt, size_t salt_len,
+pg_md5_encrypt(const char *passwd, const uint8 *salt, size_t salt_len,
char *buf, const char **errstr)
{
size_t passwd_len = strlen(passwd);
int
scram_SaltedPassword(const char *password,
pg_cryptohash_type hash_type, int key_length,
- const char *salt, int saltlen, int iterations,
+ const uint8 *salt, int saltlen, int iterations,
uint8 *result, const char **errstr)
{
int password_len = strlen(password);
/* First iteration */
if (pg_hmac_init(hmac_ctx, (uint8 *) password, password_len) < 0 ||
- pg_hmac_update(hmac_ctx, (uint8 *) salt, saltlen) < 0 ||
+ pg_hmac_update(hmac_ctx, salt, saltlen) < 0 ||
pg_hmac_update(hmac_ctx, (uint8 *) &one, sizeof(uint32)) < 0 ||
pg_hmac_final(hmac_ctx, Ui_prev, key_length) < 0)
{
*/
char *
scram_build_secret(pg_cryptohash_type hash_type, int key_length,
- const char *salt, int saltlen, int iterations,
+ const uint8 *salt, int saltlen, int iterations,
const char *password, const char **errstr)
{
uint8 salted_password[SCRAM_MAX_KEY_LEN];
*(p++) = '$';
/* stored key */
- encoded_result = pg_b64_encode((char *) stored_key, key_length, p,
+ encoded_result = pg_b64_encode(stored_key, key_length, p,
encoded_stored_len);
if (encoded_result < 0)
{
*(p++) = ':';
/* server key */
- encoded_result = pg_b64_encode((char *) server_key, key_length, p,
+ encoded_result = pg_b64_encode(server_key, key_length, p,
encoded_server_len);
if (encoded_result < 0)
{
#define BASE64_H
/* base 64 */
-pg_nodiscard extern int pg_b64_encode(const char *src, int len, char *dst, int dstlen);
-pg_nodiscard extern int pg_b64_decode(const char *src, int len, char *dst, int dstlen);
+pg_nodiscard extern int pg_b64_encode(const uint8 *src, int len, char *dst, int dstlen);
+pg_nodiscard extern int pg_b64_decode(const char *src, int len, uint8 *dst, int dstlen);
extern int pg_b64_enc_len(int srclen);
extern int pg_b64_dec_len(int srclen);
/* Utilities common to all the MD5 implementations, as of md5_common.c */
extern bool pg_md5_hash(const void *buff, size_t len, char *hexsum,
const char **errstr);
-extern bool pg_md5_binary(const void *buff, size_t len, void *outbuf,
+extern bool pg_md5_binary(const void *buff, size_t len, uint8 *outbuf,
const char **errstr);
-extern bool pg_md5_encrypt(const char *passwd, const char *salt,
+extern bool pg_md5_encrypt(const char *passwd, const uint8 *salt,
size_t salt_len, char *buf,
const char **errstr);
extern int scram_SaltedPassword(const char *password,
pg_cryptohash_type hash_type, int key_length,
- const char *salt, int saltlen, int iterations,
+ const uint8 *salt, int saltlen, int iterations,
uint8 *result, const char **errstr);
extern int scram_H(const uint8 *input, pg_cryptohash_type hash_type,
int key_length, uint8 *result,
uint8 *result, const char **errstr);
extern char *scram_build_secret(pg_cryptohash_type hash_type, int key_length,
- const char *salt, int saltlen, int iterations,
+ const uint8 *salt, int saltlen, int iterations,
const char *password, const char **errstr);
#endif /* SCRAM_COMMON_H */
extern PGDLLIMPORT bool pg_gss_accept_delegation;
extern void ClientAuthentication(Port *port);
-extern void sendAuthRequest(Port *port, AuthRequest areq, const char *extradata,
+extern void sendAuthRequest(Port *port, AuthRequest areq, const void *extradata,
int extralen);
extern void set_authn_id(Port *port, const char *id);
extern char *get_role_password(const char *role, const char **logdetail);
extern int md5_crypt_verify(const char *role, const char *shadow_pass,
- const char *client_pass, const char *md5_salt,
+ const char *client_pass, const uint8 *md5_salt,
int md5_salt_len, const char **logdetail);
extern int plain_crypt_verify(const char *role, const char *shadow_pass,
const char *client_pass,
/* Note that each field is stored in network byte order! */
MsgType cancelRequestCode; /* code to identify a cancel request */
uint32 backendPID; /* PID of client's backend */
- char cancelAuthCode[FLEXIBLE_ARRAY_MEMBER]; /* secret key to
+ uint8 cancelAuthCode[FLEXIBLE_ARRAY_MEMBER]; /* secret key to
* authorize cancel */
} CancelRequestPacket;
extern PGDLLIMPORT TimestampTz MyStartTimestamp;
extern PGDLLIMPORT struct Port *MyProcPort;
extern PGDLLIMPORT struct Latch *MyLatch;
-extern PGDLLIMPORT char MyCancelKey[];
+extern PGDLLIMPORT uint8 MyCancelKey[];
extern PGDLLIMPORT int MyCancelKeyLength;
extern PGDLLIMPORT int MyPMChildSlot;
extern Size ProcSignalShmemSize(void);
extern void ProcSignalShmemInit(void);
-extern void ProcSignalInit(char *cancel_key, int cancel_key_len);
+extern void ProcSignalInit(const uint8 *cancel_key, int cancel_key_len);
extern int SendProcSignal(pid_t pid, ProcSignalReason reason,
ProcNumber procNumber);
-extern void SendCancelRequest(int backendPID, char *cancel_key, int cancel_key_len);
+extern void SendCancelRequest(int backendPID, const uint8 *cancel_key, int cancel_key_len);
extern uint64 EmitProcSignalBarrier(ProcSignalBarrierType type);
extern void WaitForProcSignalBarrier(uint64 generation);
/* These come from the server-first message */
char *server_first_message;
- char *salt;
+ uint8 *salt;
int saltlen;
int iterations;
char *nonce;
/* These come from the server-final message */
char *server_final_message;
- char ServerSignature[SCRAM_MAX_KEY_LEN];
+ uint8 ServerSignature[SCRAM_MAX_KEY_LEN];
} fe_scram_state;
static bool read_server_first_message(fe_scram_state *state, char *input);
build_client_first_message(fe_scram_state *state)
{
PGconn *conn = state->conn;
- char raw_nonce[SCRAM_RAW_NONCE_LEN + 1];
+ uint8 raw_nonce[SCRAM_RAW_NONCE_LEN + 1];
char *result;
int channel_info_len;
int encoded_len;
free(cbind_input);
goto oom_error;
}
- encoded_cbind_len = pg_b64_encode(cbind_input, cbind_input_len,
+ encoded_cbind_len = pg_b64_encode((uint8 *) cbind_input, cbind_input_len,
buf.data + buf.len,
encoded_cbind_len);
if (encoded_cbind_len < 0)
encoded_len = pg_b64_enc_len(state->key_length);
if (!enlargePQExpBuffer(&buf, encoded_len))
goto oom_error;
- encoded_len = pg_b64_encode((char *) client_proof,
+ encoded_len = pg_b64_encode(client_proof,
state->key_length,
buf.data + buf.len,
encoded_len);
{
PGconn *conn = state->conn;
char *encoded_server_signature;
- char *decoded_server_signature;
+ uint8 *decoded_server_signature;
int server_signature_len;
state->server_final_message = strdup(input);
{
char *prep_password;
pg_saslprep_rc rc;
- char saltbuf[SCRAM_DEFAULT_SALT_LEN];
+ uint8 saltbuf[SCRAM_DEFAULT_SALT_LEN];
char *result;
/*
int ret;
char *crypt_pwd = NULL;
const char *pwd_to_send;
- char md5Salt[4];
+ uint8 md5Salt[4];
/* Read the salt from the AuthenticationMD5Password message. */
if (areq == AUTH_REQ_MD5)
}
crypt_pwd2 = crypt_pwd + MD5_PASSWD_LEN + 1;
- if (!pg_md5_encrypt(password, conn->pguser,
+ if (!pg_md5_encrypt(password, (uint8 *) conn->pguser,
strlen(conn->pguser), crypt_pwd2,
&errstr))
{
if (!crypt_pwd)
return NULL;
- if (!pg_md5_encrypt(passwd, user, strlen(user), crypt_pwd, &errstr))
+ if (!pg_md5_encrypt(passwd, (uint8 *) user, strlen(user), crypt_pwd, &errstr))
{
free(crypt_pwd);
return NULL;
{
const char *errstr = NULL;
- if (!pg_md5_encrypt(passwd, user, strlen(user), crypt_pwd, &errstr))
+ if (!pg_md5_encrypt(passwd, (uint8 *) user, strlen(user), crypt_pwd, &errstr))
{
libpq_append_conn_error(conn, "could not encrypt password: %s", errstr);
free(crypt_pwd);
memset(&req, 0, offsetof(CancelRequestPacket, cancelAuthCode));
req.cancelRequestCode = (MsgType) pg_hton32(CANCEL_REQUEST_CODE);
req.backendPID = pg_hton32(cancelConn->be_pid);
- if (pqPutnchar((char *) &req, offsetof(CancelRequestPacket, cancelAuthCode), cancelConn))
+ if (pqPutnchar(&req, offsetof(CancelRequestPacket, cancelAuthCode), cancelConn))
return STATUS_ERROR;
if (pqPutnchar(cancelConn->be_cancel_key, cancelConn->be_cancel_key_len, cancelConn))
return STATUS_ERROR;
/*
- * pqGetc: get 1 character from the connection
+ * pqGetc: read 1 character from the connection
*
* All these routines return 0 on success, EOF on error.
* Note that for the Get routines, EOF only means there is not enough
/*
* pqGets[_append]:
- * get a null-terminated string from the connection,
+ * read a null-terminated string from the connection,
* and store it in an expansible PQExpBuffer.
* If we run out of memory, all of the string is still read,
* but the excess characters are silently discarded.
/*
* pqGetnchar:
- * get a string of exactly len bytes in buffer s, no null termination
+ * read exactly len bytes in buffer s, no null termination
*/
int
-pqGetnchar(char *s, size_t len, PGconn *conn)
+pqGetnchar(void *s, size_t len, PGconn *conn)
{
if (len > (size_t) (conn->inEnd - conn->inCursor))
return EOF;
* write exactly len bytes to the current message
*/
int
-pqPutnchar(const char *s, size_t len, PGconn *conn)
+pqPutnchar(const void *s, size_t len, PGconn *conn)
{
if (pqPutMsgBytes(s, len, conn))
return EOF;
}
else
{
- if (pqPutnchar((char *) args[i].u.ptr, args[i].len, conn))
+ if (pqPutnchar(args[i].u.ptr, args[i].len, conn))
return NULL;
}
}
}
else
{
- if (pqGetnchar((char *) result_buf,
+ if (pqGetnchar(result_buf,
*actual_result_len,
conn))
continue;
* tried host */
bool send_appname; /* okay to send application_name? */
size_t scram_client_key_len;
- void *scram_client_key_binary; /* binary SCRAM client key */
+ uint8 *scram_client_key_binary; /* binary SCRAM client key */
size_t scram_server_key_len;
- void *scram_server_key_binary; /* binary SCRAM server key */
+ uint8 *scram_server_key_binary; /* binary SCRAM server key */
ProtocolVersion min_pversion; /* protocol version to request */
ProtocolVersion max_pversion; /* protocol version to request */
/* Miscellaneous stuff */
int be_pid; /* PID of backend --- needed for cancels */
int be_cancel_key_len;
- char *be_cancel_key; /* query cancellation key and its length */
+ uint8 *be_cancel_key; /* query cancellation key */
pgParameterStatus *pstatus; /* ParameterStatus data */
int client_encoding; /* encoding id */
bool std_strings; /* standard_conforming_strings */
extern int pqGets(PQExpBuffer buf, PGconn *conn);
extern int pqGets_append(PQExpBuffer buf, PGconn *conn);
extern int pqPuts(const char *s, PGconn *conn);
-extern int pqGetnchar(char *s, size_t len, PGconn *conn);
+extern int pqGetnchar(void *s, size_t len, PGconn *conn);
extern int pqSkipnchar(size_t len, PGconn *conn);
-extern int pqPutnchar(const char *s, size_t len, PGconn *conn);
+extern int pqPutnchar(const void *s, size_t len, PGconn *conn);
extern int pqGetInt(int *result, size_t bytes, PGconn *conn);
extern int pqPutInt(int value, size_t bytes, PGconn *conn);
extern int pqPutMsgStart(char msg_type, PGconn *conn);
projects / postgresql.git / commitdiff