bool
pg_backend_random(char *dst, int len)
{
/* should not be called in postmaster */
Assert(IsUnderPostmaster || !IsPostmasterEnvironment);
return pg_strong_random(dst, len);
}
static int
mp_px_rand(uint32 bits, mpz_t *res)
{
unsigned bytes = (bits + 7) / 8;
int last_bits = bits & 7;
uint8 *buf;
buf = px_alloc(bytes);
if (!pg_strong_random(buf, bytes))
{
px_free(buf);
return PXE_NO_RANDOM;
}
/* clear unnecessary bits and set last bit to one */
if (last_bits)
{
buf[0] >>= 8 - last_bits;
buf[0] |= 1 << (last_bits - 1);
}
else
Datum
pg_random_bytes(PG_FUNCTION_ARGS)
{
#ifdef HAVE_STRONG_RANDOM
int len = PG_GETARG_INT32(0);
bytea *res;
if (len < 1 || len > 1024)
ereport(ERROR,
(errcode(ERRCODE_EXTERNAL_ROUTINE_INVOCATION_EXCEPTION),
errmsg("Length not in range")));
res = palloc(VARHDRSZ + len);
SET_VARSIZE(res, VARHDRSZ + len);
/* generate result */
if (!pg_strong_random(VARDATA(res), len))
px_THROW_ERROR(PXE_NO_RANDOM);
PG_RETURN_BYTEA_P(res);
#else
px_THROW_ERROR(PXE_NO_RANDOM);
#endif
}
/*
* scram_utils_verifier
*
* Generate a verifier for SCRAM-SHA-256 authentication and update the
* related user's pg_authid entry as per RFC 7677.
*/
Datum
scram_utils_verifier(PG_FUNCTION_ARGS)
{
pg_saslprep_rc rc;
char *username = text_to_cstring(PG_GETARG_TEXT_PP(0));
const char *password = text_to_cstring(PG_GETARG_TEXT_PP(1));
int iterations = PG_GETARG_INT32(2);
int saltlen = PG_GETARG_INT32(3);
char *prep_password = NULL;
char *saltbuf;
char *verifier;
HeapTuple oldtuple, newtuple;
TupleDesc dsc;
Relation rel;
Datum repl_val[Natts_pg_authid];
bool repl_null[Natts_pg_authid];
bool repl_repl[Natts_pg_authid];
if (!superuser())
ereport(ERROR,
(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),
(errmsg("must be superuser to update one's SCRAM verifier"))));
/* Control iteration number and salt length */
if (iterations <= 0)
{
ereport(WARNING,
(errmsg("Incorrect iteration number, defaulting to %d",
SCRAM_DEFAULT_ITERATIONS)));
iterations = SCRAM_DEFAULT_ITERATIONS;
}
if (saltlen <= 0)
{
ereport(WARNING,
(errmsg("Incorrect salt length number, defaulting to %d",
SCRAM_DEFAULT_SALT_LEN)));
saltlen = SCRAM_DEFAULT_SALT_LEN;
}
/*
* Normalize the password with SASLprep. If that doesn't work, because
* the password isn't valid UTF-8 or contains prohibited characters, just
* proceed with the original password. (See comments at top of file.)
*/
rc = pg_saslprep(password, &prep_password);
if (rc == SASLPREP_OOM)
elog(ERROR, "out of memory");
if (rc == SASLPREP_SUCCESS)
password = (const char *) prep_password;
/* Generate a random salt */
saltbuf = palloc(sizeof(char) * saltlen);
if (!pg_strong_random(saltbuf, saltlen))
elog(ERROR, "Failed to generate random salt");
/* Build verifier */
verifier = scram_build_verifier(saltbuf, saltlen, iterations, password);
if (prep_password)
pfree(prep_password);
/* Verifier is built, so update pg_authid with it */
rel = heap_open(AuthIdRelationId, RowExclusiveLock);
oldtuple = SearchSysCache1(AUTHNAME, CStringGetDatum(username));
if (!HeapTupleIsValid(oldtuple))
ereport(ERROR,
(errcode(ERRCODE_UNDEFINED_OBJECT),
errmsg("role \"%s\" does not exist", username)));
/* OK, construct the modified tuple with new password */
memset(repl_repl, false, sizeof(repl_repl));
memset(repl_null, false, sizeof(repl_null));
repl_repl[Anum_pg_authid_rolpassword - 1] = true;
repl_val[Anum_pg_authid_rolpassword - 1] = CStringGetTextDatum(verifier);
repl_null[Anum_pg_authid_rolpassword - 1] = false;
dsc = RelationGetDescr(rel);
newtuple = heap_modify_tuple(oldtuple, dsc, repl_val, repl_null, repl_repl);
CatalogTupleUpdate(rel, &oldtuple->t_self, newtuple);
ReleaseSysCache(oldtuple);
/*
* Close pg_authid, but keep lock till commit.
*/
heap_close(rel, NoLock);
PG_RETURN_NULL();
}
