Use SASLprep to normalize passwords for SCRAM authentication.
An important step of SASLprep normalization, is to convert the string to
Unicode normalization form NFKC. Unicode normalization requires a fairly
large table of character decompositions, which is generated from data
published by the Unicode consortium. The script to generate the table is
put in src/common/unicode, as well test code for the normalization.
A pre-generated version of the tables is included in src/include/common,
so you don't need the code in src/common/unicode to build PostgreSQL, only
if you wish to modify the normalization tables.
The SASLprep implementation depends on the UTF-8 functions from
src/backend/utils/mb/wchar.c. So to use it, you must also compile and link
that. That doesn't change anything for the current users of these
functions, the backend and libpq, as they both already link with wchar.o.
It would be good to move those functions into a separate file in
src/commmon, but I'll leave that for another day.
No documentation changes included, because there is no details on the
SCRAM mechanism in the docs anyway. An overview on that in the protocol
specification would probably be good, even though SCRAM is documented in
detail in RFC5802. I'll write that as a separate patch. An important thing
to mention there is that we apply SASLprep even on invalid UTF-8 strings,
to support other encodings.
Patch by Michael Paquier and me.
Discussion: https://www.postgresql.org/message-id/CAB7nPqSByyEmAVLtEf1KxTRh=PWNKiWKEKQR=e1yGehz=wbymQ@mail.gmail.com
2017-04-07 13:56:05 +02:00
|
|
|
#-------------------------------------------------------------------------
|
|
|
|
#
|
|
|
|
# Makefile
|
|
|
|
# Makefile for src/common/unicode
|
|
|
|
#
|
|
|
|
# IDENTIFICATION
|
|
|
|
# src/common/unicode/Makefile
|
|
|
|
#
|
|
|
|
#-------------------------------------------------------------------------
|
|
|
|
|
|
|
|
subdir = src/common/unicode
|
|
|
|
top_builddir = ../../..
|
|
|
|
include $(top_builddir)/src/Makefile.global
|
|
|
|
|
|
|
|
override CPPFLAGS := -DFRONTEND $(CPPFLAGS)
|
|
|
|
LIBS += $(PTHREAD_LIBS)
|
|
|
|
|
|
|
|
# By default, do nothing.
|
|
|
|
all:
|
|
|
|
|
2020-03-26 08:14:00 +01:00
|
|
|
update-unicode: unicode_norm_table.h unicode_combining_table.h unicode_normprops_table.h
|
2020-01-09 09:54:47 +01:00
|
|
|
$(MAKE) normalization-check
|
2020-03-26 08:14:00 +01:00
|
|
|
mv $^ ../../../src/include/common/
|
Use SASLprep to normalize passwords for SCRAM authentication.
An important step of SASLprep normalization, is to convert the string to
Unicode normalization form NFKC. Unicode normalization requires a fairly
large table of character decompositions, which is generated from data
published by the Unicode consortium. The script to generate the table is
put in src/common/unicode, as well test code for the normalization.
A pre-generated version of the tables is included in src/include/common,
so you don't need the code in src/common/unicode to build PostgreSQL, only
if you wish to modify the normalization tables.
The SASLprep implementation depends on the UTF-8 functions from
src/backend/utils/mb/wchar.c. So to use it, you must also compile and link
that. That doesn't change anything for the current users of these
functions, the backend and libpq, as they both already link with wchar.o.
It would be good to move those functions into a separate file in
src/commmon, but I'll leave that for another day.
No documentation changes included, because there is no details on the
SCRAM mechanism in the docs anyway. An overview on that in the protocol
specification would probably be good, even though SCRAM is documented in
detail in RFC5802. I'll write that as a separate patch. An important thing
to mention there is that we apply SASLprep even on invalid UTF-8 strings,
to support other encodings.
Patch by Michael Paquier and me.
Discussion: https://www.postgresql.org/message-id/CAB7nPqSByyEmAVLtEf1KxTRh=PWNKiWKEKQR=e1yGehz=wbymQ@mail.gmail.com
2017-04-07 13:56:05 +02:00
|
|
|
|
|
|
|
# These files are part of the Unicode Character Database. Download
|
2020-01-09 09:54:47 +01:00
|
|
|
# them on demand. The dependency on Makefile.global is for
|
|
|
|
# UNICODE_VERSION.
|
2020-03-26 08:14:00 +01:00
|
|
|
UnicodeData.txt DerivedNormalizationProps.txt CompositionExclusions.txt NormalizationTest.txt: $(top_builddir)/src/Makefile.global
|
2020-01-09 09:54:47 +01:00
|
|
|
$(DOWNLOAD) https://www.unicode.org/Public/$(UNICODE_VERSION)/ucd/$(@F)
|
Use SASLprep to normalize passwords for SCRAM authentication.
An important step of SASLprep normalization, is to convert the string to
Unicode normalization form NFKC. Unicode normalization requires a fairly
large table of character decompositions, which is generated from data
published by the Unicode consortium. The script to generate the table is
put in src/common/unicode, as well test code for the normalization.
A pre-generated version of the tables is included in src/include/common,
so you don't need the code in src/common/unicode to build PostgreSQL, only
if you wish to modify the normalization tables.
The SASLprep implementation depends on the UTF-8 functions from
src/backend/utils/mb/wchar.c. So to use it, you must also compile and link
that. That doesn't change anything for the current users of these
functions, the backend and libpq, as they both already link with wchar.o.
It would be good to move those functions into a separate file in
src/commmon, but I'll leave that for another day.
No documentation changes included, because there is no details on the
SCRAM mechanism in the docs anyway. An overview on that in the protocol
specification would probably be good, even though SCRAM is documented in
detail in RFC5802. I'll write that as a separate patch. An important thing
to mention there is that we apply SASLprep even on invalid UTF-8 strings,
to support other encodings.
Patch by Michael Paquier and me.
Discussion: https://www.postgresql.org/message-id/CAB7nPqSByyEmAVLtEf1KxTRh=PWNKiWKEKQR=e1yGehz=wbymQ@mail.gmail.com
2017-04-07 13:56:05 +02:00
|
|
|
|
|
|
|
# Generation of conversion tables used for string normalization with
|
|
|
|
# UTF-8 strings.
|
|
|
|
unicode_norm_table.h: generate-unicode_norm_table.pl UnicodeData.txt CompositionExclusions.txt
|
|
|
|
$(PERL) generate-unicode_norm_table.pl
|
|
|
|
|
2020-01-09 09:54:47 +01:00
|
|
|
unicode_combining_table.h: generate-unicode_combining_table.pl UnicodeData.txt
|
|
|
|
$(PERL) $^ >$@
|
|
|
|
|
2020-03-26 08:14:00 +01:00
|
|
|
unicode_normprops_table.h: generate-unicode_normprops_table.pl DerivedNormalizationProps.txt
|
|
|
|
$(PERL) $^ >$@
|
|
|
|
|
Use SASLprep to normalize passwords for SCRAM authentication.
An important step of SASLprep normalization, is to convert the string to
Unicode normalization form NFKC. Unicode normalization requires a fairly
large table of character decompositions, which is generated from data
published by the Unicode consortium. The script to generate the table is
put in src/common/unicode, as well test code for the normalization.
A pre-generated version of the tables is included in src/include/common,
so you don't need the code in src/common/unicode to build PostgreSQL, only
if you wish to modify the normalization tables.
The SASLprep implementation depends on the UTF-8 functions from
src/backend/utils/mb/wchar.c. So to use it, you must also compile and link
that. That doesn't change anything for the current users of these
functions, the backend and libpq, as they both already link with wchar.o.
It would be good to move those functions into a separate file in
src/commmon, but I'll leave that for another day.
No documentation changes included, because there is no details on the
SCRAM mechanism in the docs anyway. An overview on that in the protocol
specification would probably be good, even though SCRAM is documented in
detail in RFC5802. I'll write that as a separate patch. An important thing
to mention there is that we apply SASLprep even on invalid UTF-8 strings,
to support other encodings.
Patch by Michael Paquier and me.
Discussion: https://www.postgresql.org/message-id/CAB7nPqSByyEmAVLtEf1KxTRh=PWNKiWKEKQR=e1yGehz=wbymQ@mail.gmail.com
2017-04-07 13:56:05 +02:00
|
|
|
# Test suite
|
|
|
|
normalization-check: norm_test
|
|
|
|
./norm_test
|
|
|
|
|
|
|
|
norm_test: norm_test.o ../unicode_norm.o
|
|
|
|
|
|
|
|
norm_test.o: norm_test_table.h
|
|
|
|
|
|
|
|
norm_test_table.h: generate-norm_test_table.pl NormalizationTest.txt
|
|
|
|
perl generate-norm_test_table.pl NormalizationTest.txt $@
|
|
|
|
|
|
|
|
.PHONY: normalization-check
|
|
|
|
|
|
|
|
|
|
|
|
clean:
|
|
|
|
rm -f $(OBJS) norm_test norm_test.o
|
|
|
|
|
|
|
|
distclean: clean
|
|
|
|
rm -f UnicodeData.txt CompositionExclusions.txt NormalizationTest.txt norm_test_table.h unicode_norm_table.h
|
|
|
|
|
|
|
|
maintainer-clean: distclean
|