-
Notifications
You must be signed in to change notification settings - Fork 978
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Initial commit with PostgreSQL support
- Loading branch information
1 parent
2726c27
commit 04abd43
Showing
140 changed files
with
62,386 additions
and
14,177 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
CC ?= gcc | ||
CFLAGS_common = -Wall -Iinclude | ||
CFLAGS_DEBUG = -g -O0 | ||
CFLAGS_RELEASE = -O3 | ||
SRC_DIR = src | ||
OBJ_DIR_DEBUG = obj/debug | ||
OBJ_DIR_RELEASE = obj/release | ||
LIB_DIR = lib | ||
TARGET_DEBUG = $(LIB_DIR)/libscram.a | ||
TARGET_RELEASE = $(LIB_DIR)/libscram.a | ||
|
||
# Library directory passed as a parameter | ||
LIBUSUAL_DIR ?= /path/to/libusual | ||
|
||
# OpenSSL dir | ||
LIBOPENSSL_DIR ?= /path/to/openssl | ||
|
||
# PostgreSQL dir | ||
POSTGRESQL_DIR ?= /path/to/postgresql | ||
POSTGRESQL_INCLUDE_DIR = $(POSTGRESQL_DIR)/src/include/ | ||
|
||
# List all source files | ||
SRC_FILES := $(wildcard $(SRC_DIR)/*.c) | ||
|
||
# Generate object file names | ||
OBJ_FILES_DEBUG := $(patsubst $(SRC_DIR)/%.c,$(OBJ_DIR_DEBUG)/%.o,$(SRC_FILES)) | ||
OBJ_FILES_RELEASE := $(patsubst $(SRC_DIR)/%.c,$(OBJ_DIR_RELEASE)/%.o,$(SRC_FILES)) | ||
|
||
# Check if ASAN is enabled | ||
ifdef ASAN | ||
CFLAGS_DEBUG += -fsanitize=address | ||
endif | ||
|
||
# Define default target | ||
all: $(TARGET_RELEASE) | ||
|
||
DEBUG: $(TARGET_DEBUG) | ||
|
||
RELEASE: $(TARGET_RELEASE) | ||
|
||
$(OBJ_DIR_DEBUG)/%.o: $(SRC_DIR)/%.c | ||
@mkdir -p $(@D) | ||
$(CC) $(CFLAGS_common) $(CFLAGS_DEBUG) -I$(LIBUSUAL_DIR) -I$(LIBOPENSSL_DIR) -I$(POSTGRESQL_INCLUDE_DIR) -c $< -o $@ | ||
|
||
$(OBJ_DIR_RELEASE)/%.o: $(SRC_DIR)/%.c | ||
@mkdir -p $(@D) | ||
$(CC) $(CFLAGS_common) $(CFLAGS_RELEASE) -I$(LIBUSUAL_DIR) -I$(LIBOPENSSL_DIR) -I$(POSTGRESQL_INCLUDE_DIR) -c $< -o $@ | ||
|
||
$(TARGET_DEBUG): $(OBJ_FILES_DEBUG) | ||
@mkdir -p $(@D) | ||
ar rcs $@ $^ | ||
|
||
$(TARGET_RELEASE): $(OBJ_FILES_RELEASE) | ||
@mkdir -p $(@D) | ||
ar rcs $@ $^ | ||
|
||
clean: | ||
rm -rf $(OBJ_DIR_DEBUG)/* $(OBJ_DIR_RELEASE)/* $(LIB_DIR)/* | ||
|
||
.PHONY: all DEBUG RELEASE clean |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
|
||
/* | ||
* Required system headers | ||
*/ | ||
#include <stdint.h> | ||
#include <limits.h> | ||
#include <stdbool.h> | ||
#include <errno.h> | ||
#include <assert.h> | ||
#include <string.h> | ||
|
||
#define int8 int8_t | ||
#define uint8 uint8_t | ||
#define uint16 uint16_t | ||
#define uint32 uint32_t | ||
#define uint64 uint64_t | ||
|
||
#define SCRAM_KEY_LEN SCRAM_SHA_256_KEY_LEN | ||
#define SCRAM_DEFAULT_ITERATIONS SCRAM_SHA_256_DEFAULT_ITERATIONS |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,129 @@ | ||
/* | ||
* PgBouncer - Lightweight connection pooler for PostgreSQL. | ||
* | ||
* Copyright (c) 2007-2009 Marko Kreen, Skype Technologies OÜ | ||
* | ||
* Permission to use, copy, modify, and/or distribute this software for any | ||
* purpose with or without fee is hereby granted, provided that the above | ||
* copyright notice and this permission notice appear in all copies. | ||
* | ||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
*/ | ||
|
||
/* | ||
* Ought to match NAMEDATALEN. Some cloud services use longer user | ||
* names, so give it some extra room. | ||
*/ | ||
#define MAX_USERNAME 128 | ||
|
||
/* | ||
* Some cloud services use very long generated passwords, so give it | ||
* plenty of room. | ||
*/ | ||
#define MAX_PASSWORD 2048 | ||
|
||
struct ScramState { | ||
char* client_nonce; | ||
char* client_first_message_bare; | ||
char* client_final_message_without_proof; | ||
char* server_nonce; | ||
char* server_first_message; | ||
uint8_t* SaltedPassword; | ||
char cbind_flag; | ||
bool adhoc; /* SCRAM data made up from plain-text password */ | ||
int iterations; | ||
char* salt; /* base64-encoded */ | ||
uint8_t ClientKey[32]; /* SHA256_DIGEST_LENGTH */ | ||
uint8_t StoredKey[32]; | ||
uint8_t ServerKey[32]; | ||
}; | ||
|
||
struct PgCredentials { | ||
char name[MAX_USERNAME]; | ||
char passwd[MAX_PASSWORD]; | ||
uint8_t scram_ClientKey[32]; | ||
uint8_t scram_ServerKey[32]; | ||
bool has_scram_keys; /* true if the above two are valid */ | ||
bool mock_auth; | ||
}; | ||
|
||
typedef struct ScramState ScramState; | ||
typedef struct PgCredentials PgCredentials; | ||
|
||
typedef enum PasswordType { | ||
PASSWORD_TYPE_PLAINTEXT = 0, | ||
PASSWORD_TYPE_MD5, | ||
PASSWORD_TYPE_SCRAM_SHA_256 | ||
} PasswordType; | ||
|
||
#ifdef __cplusplus | ||
extern "C" { | ||
#endif | ||
|
||
PasswordType get_password_type(const char* shadow_pass); | ||
|
||
// Returns the last error message | ||
const char* scram_error(); | ||
|
||
// Resets the error message | ||
void scram_reset_error(); | ||
|
||
// Initializes a new ScramState object | ||
ScramState* scram_state_init(); | ||
|
||
// Frees the memory allocated for a ScramState object | ||
void free_scram_state(ScramState* scram_state); | ||
|
||
/* | ||
* Functions for communicating as a client with the server | ||
*/ | ||
char *build_client_first_message(ScramState *scram_state); | ||
|
||
char *build_client_final_message(ScramState *scram_state, | ||
const PgCredentials *credentials, | ||
const char *server_nonce, | ||
const char *salt, | ||
int saltlen, | ||
int iterations); | ||
|
||
bool read_server_first_message(ScramState* scram_state, char *input, | ||
char **server_nonce_p, char **salt_p, int *saltlen_p, int *iterations_p); | ||
|
||
bool read_server_final_message(char *input, char *ServerSignature); | ||
|
||
bool verify_server_signature(ScramState *scram_state, const PgCredentials *credentials, const char *ServerSignature); | ||
|
||
|
||
/* | ||
* Functions for communicating as a server to the client | ||
*/ | ||
|
||
bool read_client_first_message(char *input, | ||
char *cbind_flag_p, | ||
char **client_first_message_bare_p, | ||
char **client_nonce_p); | ||
|
||
bool read_client_final_message(ScramState* scram_state, const uint8_t *raw_input, char *input, | ||
const char **client_final_nonce_p, | ||
char **proof_p); | ||
|
||
char *build_server_first_message(ScramState *scram_state, | ||
const char *username, const char *stored_secret); | ||
|
||
char *build_server_final_message(ScramState *scram_state); | ||
|
||
bool verify_final_nonce(const ScramState *scram_state, const char *client_final_nonce); | ||
|
||
bool verify_client_proof(ScramState *state, const char *ClientProof); | ||
|
||
bool scram_verify_plain_password(const char *username, const char *password, const char *secret); | ||
|
||
#ifdef __cplusplus | ||
} | ||
#endif |
Oops, something went wrong.