Rename "scram" to "scram-sha-256" in pg_hba.conf and password_encryption.

Per discussion, plain "scram" is confusing because we actually implement SCRAM-SHA-256 rather than the original SCRAM that uses SHA-1 as the hash algorithm. If we add support for SCRAM-SHA-512 or some other mechanism in the SCRAM family in the future, that would become even more confusing. Most of the internal files and functions still use just "scram" as a shorthand for SCRMA-SHA-256, but I did change PASSWORD_TYPE_SCRAM to PASSWORD_TYPE_SCRAM_SHA_256, as that could potentially be used by 3rd party extensions that hook into the password-check hook. Michael Paquier did this in an earlier version of the SCRAM patch set already, but I didn't include that in the version that was committed. Discussion: https://www.postgresql.org/message-id/fde71ff1-5858-90c8-99a9-1c2427e7bafb@iki.fi
author: Heikki Linnakangas <heikki.linnakangas@iki.fi> 2017-04-18 14:50:50 +0300
committer: Heikki Linnakangas <heikki.linnakangas@iki.fi> 2017-04-18 14:50:50 +0300
commit: c727f120ff50f624a1ee3abe700d995c18314a0b (patch)
tree: a3fb2b94b43e51f386d31dca2b056d004b787ae3 /src/backend/libpq/crypt.c
parent: 123aaffb5b881f3dadaac676877a90b50233a847 (diff)
download: postgresql-c727f120ff50f624a1ee3abe700d995c18314a0b.tar.gz
postgresql-c727f120ff50f624a1ee3abe700d995c18314a0b.zip
1 files changed, 5 insertions, 5 deletions
diff --git a/src/backend/libpq/crypt.c b/src/backend/libpq/crypt.c
index 34beab53342..03ef3cc6522 100644
--- a/src/backend/libpq/crypt.c
+++ b/src/backend/libpq/crypt.c
@@ -101,7 +101,7 @@ get_password_type(const char *shadow_pass)
 	if (strncmp(shadow_pass, "md5", 3) == 0 && strlen(shadow_pass) == MD5_PASSWD_LEN)
 		return PASSWORD_TYPE_MD5;
 	if (strncmp(shadow_pass, "scram-sha-256:", strlen("scram-sha-256:")) == 0)
-		return PASSWORD_TYPE_SCRAM;
+		return PASSWORD_TYPE_SCRAM_SHA_256;
 	return PASSWORD_TYPE_PLAINTEXT;
 }
 
@@ -141,7 +141,7 @@ encrypt_password(PasswordType target_type, const char *role,
 						elog(ERROR, "password encryption failed");
 					return encrypted_password;
 
-				case PASSWORD_TYPE_SCRAM:
+				case PASSWORD_TYPE_SCRAM_SHA_256:
 
 					/*
 					 * cannot convert a SCRAM verifier to an MD5 hash, so fall
@@ -152,7 +152,7 @@ encrypt_password(PasswordType target_type, const char *role,
 			}
 			break;
 
-		case PASSWORD_TYPE_SCRAM:
+		case PASSWORD_TYPE_SCRAM_SHA_256:
 			switch (guessed_type)
 			{
 				case PASSWORD_TYPE_PLAINTEXT:
@@ -164,7 +164,7 @@ encrypt_password(PasswordType target_type, const char *role,
 					 * cannot convert an MD5 hash to a SCRAM verifier, so fall
 					 * through to save the MD5 hash instead.
 					 */
-				case PASSWORD_TYPE_SCRAM:
+				case PASSWORD_TYPE_SCRAM_SHA_256:
 					return pstrdup(password);
 			}
 			break;
@@ -280,7 +280,7 @@ plain_crypt_verify(const char *role, const char *shadow_pass,
 	 */
 	switch (get_password_type(shadow_pass))
 	{
-		case PASSWORD_TYPE_SCRAM:
+		case PASSWORD_TYPE_SCRAM_SHA_256:
 			if (scram_verify_plain_password(role,
 											client_pass,
 											shadow_pass))
author	Heikki Linnakangas <heikki.linnakangas@iki.fi>	2017-04-18 14:50:50 +0300
committer	Heikki Linnakangas <heikki.linnakangas@iki.fi>	2017-04-18 14:50:50 +0300
commit	c727f120ff50f624a1ee3abe700d995c18314a0b (patch)
tree	a3fb2b94b43e51f386d31dca2b056d004b787ae3 /src/backend/libpq/crypt.c
parent	123aaffb5b881f3dadaac676877a90b50233a847 (diff)
download	postgresql-c727f120ff50f624a1ee3abe700d995c18314a0b.tar.gz postgresql-c727f120ff50f624a1ee3abe700d995c18314a0b.zip