Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support UTF8 passwords #51

Open
jesperpedersen opened this issue Feb 26, 2020 · 4 comments
Open

Support UTF8 passwords #51

jesperpedersen opened this issue Feb 26, 2020 · 4 comments
Labels
community Issue that can be picked up by the community enhancement Improvement to an existing feature

Comments

@jesperpedersen
Copy link
Collaborator

Requires updates to SASL prep
@jesperpedersen jesperpedersen added the enhancement Improvement to an existing feature label Feb 26, 2020
@jesperpedersen jesperpedersen added the community Issue that can be picked up by the community label Apr 24, 2020
@fluca1978
Copy link
Collaborator

As far as I can tell, strlen seems to support multibytes strings (I thought wcslen and friends).
Apparently the following code snippet works finr on my machine, but I'm sure I'm missing something:

#include <stdio.h>
#include <string.h>
#include <stdlib.h>


static int
sasl_prep(char* password, char** password_prep)
{
    int length = strlen( password );
    *password_prep = (char*) malloc( length );
    strncpy( *password_prep, password, length);

    return 0;
}

#define SIZE 64
#define PWD1 "I ❤ pgagroal, the 🐘 PostgreSQL connection pooler! 🎉"
#define PWD2 "LÙCA FERRÀRÌ"

void
main()
{
    char *src_password, *dst_password;

    src_password = (char*) malloc( SIZE );
    dst_password = (char*) malloc( SIZE );
    memset( src_password, 0, SIZE );
    memset( dst_password, 0, SIZE );

    memcpy( src_password, PWD1 , sizeof( PWD1 ) );
    printf( "\nOriginal : [%s]\n", src_password );
    sasl_prep( src_password, &dst_password );
    printf( "\nSASL : [%s]\n", dst_password );

    memcpy( src_password, PWD2 , sizeof( PWD2 ) );
    printf( "\nOriginal : [%s]\n", src_password );
    sasl_prep( src_password, &dst_password );
    printf( "\nSASL : [%s]\n", dst_password );

}

If that is right, the only need is to change strdup to strncpy. Probably there shold be something else to check for longer strings (overflows?).
This is surely not my area of experise, so forgive me in case the above is totally wrong.

@jesperpedersen
Copy link
Collaborator Author

Unfortunately it isn't as simple.

See section 2.2 in https://datatracker.ietf.org/doc/html/rfc5802 for the overall requirements (Normalize(str)). It requires an implementation of

These checks needs to be implemented in admin.c as well.

@fluca1978
Copy link
Collaborator

Definitely something out of my expertise.
Any chance we can reuse PostgreSQL code here? https://github.com/postgres/postgres/blob/master/src/common/saslprep.c#L1044

@jesperpedersen
Copy link
Collaborator Author

It ihas to be a clean-room implementation - although you can look at it if you give credit.

We can't have a dependency on postgresql-devel.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
community Issue that can be picked up by the community enhancement Improvement to an existing feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jesperpedersen @fluca1978