Skip to content

Commit 01155b6

Browse files
vonzshikvonzshik
authored
Tighten SCRAM-SHA-256 SASL check (#6023)
1 parent a46eab9 commit 01155b6

2 files changed

Lines changed: 7 additions & 7 deletions

File tree

src/Npgsql/Internal/NpgsqlConnector.Auth.cs

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -71,10 +71,10 @@ async Task AuthenticateSASL(List<string> mechanisms, string username, bool async
7171
{
7272
// At the time of writing PostgreSQL only supports SCRAM-SHA-256 and SCRAM-SHA-256-PLUS
7373
var serverSupportsSha256 = mechanisms.Contains("SCRAM-SHA-256");
74-
var clientSupportsSha256 = serverSupportsSha256 && Settings.ChannelBinding != ChannelBinding.Require;
74+
var allowSha256 = serverSupportsSha256 && Settings.ChannelBinding != ChannelBinding.Require;
7575
var serverSupportsSha256Plus = mechanisms.Contains("SCRAM-SHA-256-PLUS");
76-
var clientSupportsSha256Plus = serverSupportsSha256Plus && Settings.ChannelBinding != ChannelBinding.Disable;
77-
if (!clientSupportsSha256 && !clientSupportsSha256Plus)
76+
var allowSha256Plus = serverSupportsSha256Plus && Settings.ChannelBinding != ChannelBinding.Disable;
77+
if (!allowSha256 && !allowSha256Plus)
7878
{
7979
if (serverSupportsSha256 && Settings.ChannelBinding == ChannelBinding.Require)
8080
throw new NpgsqlException($"Couldn't connect because {nameof(ChannelBinding)} is set to {nameof(ChannelBinding.Require)} " +
@@ -92,10 +92,10 @@ async Task AuthenticateSASL(List<string> mechanisms, string username, bool async
9292
var cbind = string.Empty;
9393
var successfulBind = false;
9494

95-
if (clientSupportsSha256Plus)
95+
if (allowSha256Plus)
9696
DataSource.TransportSecurityHandler.AuthenticateSASLSha256Plus(this, ref mechanism, ref cbindFlag, ref cbind, ref successfulBind);
9797

98-
if (!successfulBind && serverSupportsSha256)
98+
if (!successfulBind && allowSha256)
9999
{
100100
mechanism = "SCRAM-SHA-256";
101101
// We can get here if PostgreSQL supports only SCRAM-SHA-256 or there was an error while binding to SCRAM-SHA-256-PLUS

src/Npgsql/Internal/NpgsqlConnector.cs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1658,12 +1658,12 @@ internal void ClearTransaction(Exception? disposeReason = null)
16581658
internal bool IsSecure { get; private set; }
16591659

16601660
/// <summary>
1661-
/// Returns whether SCRAM-SHA256 is being user for the connection
1661+
/// Returns whether SCRAM-SHA256 is being used for the connection
16621662
/// </summary>
16631663
internal bool IsScram { get; private set; }
16641664

16651665
/// <summary>
1666-
/// Returns whether SCRAM-SHA256-PLUS is being user for the connection
1666+
/// Returns whether SCRAM-SHA256-PLUS is being used for the connection
16671667
/// </summary>
16681668
internal bool IsScramPlus { get; private set; }
16691669

0 commit comments

Comments
 (0)