Skip to content

Commit 97dc173

Browse files
vonzshikvonzshik
committed
Tighten SCRAM-SHA-256 SASL check (#6023)
(cherry picked from commit 01155b6)
1 parent 94d0a14 commit 97dc173

File tree

2 files changed

+7
-7
lines changed

2 files changed

+7
-7
lines changed

src/Npgsql/Internal/NpgsqlConnector.Auth.cs

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -71,10 +71,10 @@ async Task AuthenticateSASL(List<string> mechanisms, string username, bool async
7171
{
7272
// At the time of writing PostgreSQL only supports SCRAM-SHA-256 and SCRAM-SHA-256-PLUS
7373
var serverSupportsSha256 = mechanisms.Contains("SCRAM-SHA-256");
74-
var clientSupportsSha256 = serverSupportsSha256 && Settings.ChannelBinding != ChannelBinding.Require;
74+
var allowSha256 = serverSupportsSha256 && Settings.ChannelBinding != ChannelBinding.Require;
7575
var serverSupportsSha256Plus = mechanisms.Contains("SCRAM-SHA-256-PLUS");
76-
var clientSupportsSha256Plus = serverSupportsSha256Plus && Settings.ChannelBinding != ChannelBinding.Disable;
77-
if (!clientSupportsSha256 && !clientSupportsSha256Plus)
76+
var allowSha256Plus = serverSupportsSha256Plus && Settings.ChannelBinding != ChannelBinding.Disable;
77+
if (!allowSha256 && !allowSha256Plus)
7878
{
7979
if (serverSupportsSha256 && Settings.ChannelBinding == ChannelBinding.Require)
8080
throw new NpgsqlException($"Couldn't connect because {nameof(ChannelBinding)} is set to {nameof(ChannelBinding.Require)} " +
@@ -92,10 +92,10 @@ async Task AuthenticateSASL(List<string> mechanisms, string username, bool async
9292
var cbind = string.Empty;
9393
var successfulBind = false;
9494

95-
if (clientSupportsSha256Plus)
95+
if (allowSha256Plus)
9696
DataSource.TransportSecurityHandler.AuthenticateSASLSha256Plus(this, ref mechanism, ref cbindFlag, ref cbind, ref successfulBind);
9797

98-
if (!successfulBind && serverSupportsSha256)
98+
if (!successfulBind && allowSha256)
9999
{
100100
mechanism = "SCRAM-SHA-256";
101101
// We can get here if PostgreSQL supports only SCRAM-SHA-256 or there was an error while binding to SCRAM-SHA-256-PLUS

src/Npgsql/Internal/NpgsqlConnector.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1676,12 +1676,12 @@ internal void ClearTransaction(Exception? disposeReason = null)
16761676
internal bool IsSecure { get; private set; }
16771677

16781678
/// <summary>
1679-
/// Returns whether SCRAM-SHA256 is being user for the connection
1679+
/// Returns whether SCRAM-SHA256 is being used for the connection
16801680
/// </summary>
16811681
internal bool IsScram { get; private set; }
16821682

16831683
/// <summary>
1684-
/// Returns whether SCRAM-SHA256-PLUS is being user for the connection
1684+
/// Returns whether SCRAM-SHA256-PLUS is being used for the connection
16851685
/// </summary>
16861686
internal bool IsScramPlus { get; private set; }
16871687

0 commit comments

Comments
 (0)