pike.git/lib/modules/Sql.pmod/pgsql.pike:103:
private int warningsdropcount; // Number of uncollected warnings
private int warningscollected;
private int invalidatecache;
private Thread.Queue qportals;
final mixed _delayederror;
private function (:void) readyforquery_cb;
final string _host;
final int _port;
private string database, user, pass;
- private string cnonce, ServerSignature;
+ private string cnonce;
private Thread.Condition waitforauthready;
final Thread.Mutex _shortmux;
final int _readyforquerycount;
protected string _sprintf(int type) {
string res=UNDEFINED;
switch(type) {
case 'O':
res=sprintf(DRIVERNAME"(%s@%s:%d/%s,%d,%d)",
user,_host,_port,database,c?->socket&&c->socket->query_fd(),backendpid);
pike.git/lib/modules/Sql.pmod/pgsql.pike:827: Inside #if defined(PG_DEBUG)
#ifdef PG_DEBUG
if (sizeof(tb))
errtype = PROTOCOLERROR;
msglen = 0;
#endif
}
if (!has_prefix(r, cnonce) || iters <= 0)
errtype = PROTOCOLERROR;
else {
string SaltedPassword;
+ string biws = sprintf("c=biws,r=%s", r);
+ r = sprintf("n=,r=%s,r=%s,s=%s,i=%d,%s",
+ cnonce, r, salt, iters, biws);
if (!(SaltedPassword
= .pgsql_util.get_salted_password(pass, salt, iters))) {
- SaltedPassword = ServerSignature =
+ SaltedPassword = cnonce =
HMAC256(pass, MIME.decode_base64(salt) + "\0\0\0\1");
int i = iters;
while (--i)
- SaltedPassword ^= ServerSignature
- = HMAC256(pass, ServerSignature);
+ SaltedPassword ^= cnonce = HMAC256(pass, cnonce);
.pgsql_util.set_salted_password(pass, salt, iters,
SaltedPassword);
}
- salt = sprintf("n=,r=%s,r=%s,s=%s,i=%d,c=biws,r=%s",
- cnonce, r, salt, iters, r);
- ServerSignature = HMAC256(SaltedPassword, "Client Key");
+ salt = HMAC256(SaltedPassword, "Client Key");
authresponse(({
- sprintf("c=biws,r=%s,p=%s",
- r, MIME.encode_base64(
- ServerSignature
- ^ HMAC256(HASH256(ServerSignature), salt)
- ))
+ sprintf("%s,p=%s", biws,
+ MIME.encode_base64(salt ^ HMAC256(HASH256(salt), r)))
}));
- ServerSignature = HMAC256(HMAC256(SaltedPassword, "Server Key"),
- salt);
+ cnonce = HMAC256(HMAC256(SaltedPassword, "Server Key"), r);
}
break;
}
case 12: {
string v;
PD("AuthenticationSASLFinal\n");
Stdio.Buffer tb = cr->read_buffer(msglen);
[v] = tb->sscanf("v=%s");
- v = MIME.decode_base64(v);
- if (v != ServerSignature)
+ if (MIME.decode_base64(v) != cnonce)
errtype = PROTOCOLERROR;
else
cnonce = 0; // Clears cnonce and approves server
#ifdef PG_DEBUG
if (sizeof(tb))
errtype=PROTOCOLERROR;
msglen=0;
#endif
break;
}