forked from npgsql/npgsql
-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathNpgsqlConnector.Auth.cs
More file actions
402 lines (340 loc) · 18.4 KB
/
NpgsqlConnector.Auth.cs
File metadata and controls
402 lines (340 loc) · 18.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Net.Security;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.Logging;
using Npgsql.BackendMessages;
using Npgsql.Util;
using static Npgsql.Util.Statics;
namespace Npgsql.Internal;
partial class NpgsqlConnector
{
async Task Authenticate(string username, NpgsqlTimeout timeout, bool async, CancellationToken cancellationToken)
{
while (true)
{
timeout.CheckAndApply(this);
var msg = ExpectAny<AuthenticationRequestMessage>(await ReadMessage(async).ConfigureAwait(false), this);
switch (msg.AuthRequestType)
{
case AuthenticationRequestType.AuthenticationOk:
return;
case AuthenticationRequestType.AuthenticationCleartextPassword:
await AuthenticateCleartext(username, async, cancellationToken).ConfigureAwait(false);
break;
case AuthenticationRequestType.AuthenticationMD5Password:
await AuthenticateMD5(username, ((AuthenticationMD5PasswordMessage)msg).Salt, async, cancellationToken).ConfigureAwait(false);
break;
case AuthenticationRequestType.AuthenticationSASL:
await AuthenticateSASL(((AuthenticationSASLMessage)msg).Mechanisms, username, async,
cancellationToken).ConfigureAwait(false);
break;
case AuthenticationRequestType.AuthenticationGSS:
case AuthenticationRequestType.AuthenticationSSPI:
await DataSource.IntegratedSecurityHandler.NegotiateAuthentication(async, this).ConfigureAwait(false);
return;
case AuthenticationRequestType.AuthenticationGSSContinue:
throw new NpgsqlException("Can't start auth cycle with AuthenticationGSSContinue");
default:
throw new NotSupportedException($"Authentication method not supported (Received: {msg.AuthRequestType})");
}
}
}
async Task AuthenticateCleartext(string username, bool async, CancellationToken cancellationToken = default)
{
var passwd = await GetPassword(username, async, cancellationToken).ConfigureAwait(false);
if (passwd == null)
throw new NpgsqlException("No password has been provided but the backend requires one (in cleartext)");
var encoded = new byte[Encoding.UTF8.GetByteCount(passwd) + 1];
Encoding.UTF8.GetBytes(passwd, 0, passwd.Length, encoded, 0);
await WritePassword(encoded, async, cancellationToken).ConfigureAwait(false);
await Flush(async, cancellationToken).ConfigureAwait(false);
}
async Task AuthenticateSASL(List<string> mechanisms, string username, bool async, CancellationToken cancellationToken)
{
// At the time of writing PostgreSQL only supports SCRAM-SHA-256 and SCRAM-SHA-256-PLUS
var serverSupportsSha256 = mechanisms.Contains("SCRAM-SHA-256");
var clientSupportsSha256 = serverSupportsSha256 && Settings.ChannelBinding != ChannelBinding.Require;
var serverSupportsSha256Plus = mechanisms.Contains("SCRAM-SHA-256-PLUS");
var clientSupportsSha256Plus = serverSupportsSha256Plus && Settings.ChannelBinding != ChannelBinding.Disable;
if (!clientSupportsSha256 && !clientSupportsSha256Plus)
{
if (serverSupportsSha256 && Settings.ChannelBinding == ChannelBinding.Require)
throw new NpgsqlException($"Couldn't connect because {nameof(ChannelBinding)} is set to {nameof(ChannelBinding.Require)} " +
"but the server doesn't support SCRAM-SHA-256-PLUS");
if (serverSupportsSha256Plus && Settings.ChannelBinding == ChannelBinding.Disable)
throw new NpgsqlException($"Couldn't connect because {nameof(ChannelBinding)} is set to {nameof(ChannelBinding.Disable)} " +
"but the server doesn't support SCRAM-SHA-256");
throw new NpgsqlException("No supported SASL mechanism found (only SCRAM-SHA-256 and SCRAM-SHA-256-PLUS are supported for now). " +
"Mechanisms received from server: " + string.Join(", ", mechanisms));
}
var mechanism = string.Empty;
var cbindFlag = string.Empty;
var cbind = string.Empty;
var successfulBind = false;
if (clientSupportsSha256Plus)
DataSource.TransportSecurityHandler.AuthenticateSASLSha256Plus(this, ref mechanism, ref cbindFlag, ref cbind, ref successfulBind);
if (!successfulBind && serverSupportsSha256)
{
mechanism = "SCRAM-SHA-256";
// We can get here if PostgreSQL supports only SCRAM-SHA-256 or there was an error while binding to SCRAM-SHA-256-PLUS
// Or the user specifically requested to not use bindings
// So, we set 'n' (client does not support binding) if there was an error while binding
// or 'y' (client supports but server doesn't) in other case
cbindFlag = serverSupportsSha256Plus ? "n" : "y";
cbind = serverSupportsSha256Plus ? "biws" : "eSws";
successfulBind = true;
IsScram = true;
}
if (!successfulBind)
{
// We can get here if PostgreSQL supports only SCRAM-SHA-256-PLUS but there was an error while binding to it
throw new NpgsqlException("Unable to bind to SCRAM-SHA-256-PLUS, check logs for more information");
}
var passwd = await GetPassword(username, async, cancellationToken).ConfigureAwait(false) ??
throw new NpgsqlException($"No password has been provided but the backend requires one (in SASL/{mechanism})");
// Assumption: the write buffer is big enough to contain all our outgoing messages
var clientNonce = GetNonce();
await WriteSASLInitialResponse(mechanism, NpgsqlWriteBuffer.UTF8Encoding.GetBytes($"{cbindFlag},,n=*,r={clientNonce}"), async, cancellationToken).ConfigureAwait(false);
await Flush(async, cancellationToken).ConfigureAwait(false);
var saslContinueMsg = Expect<AuthenticationSASLContinueMessage>(await ReadMessage(async).ConfigureAwait(false), this);
if (saslContinueMsg.AuthRequestType != AuthenticationRequestType.AuthenticationSASLContinue)
throw new NpgsqlException("[SASL] AuthenticationSASLContinue message expected");
var firstServerMsg = AuthenticationSCRAMServerFirstMessage.Load(saslContinueMsg.Payload, ConnectionLogger);
if (!firstServerMsg.Nonce.StartsWith(clientNonce, StringComparison.Ordinal))
throw new NpgsqlException("[SCRAM] Malformed SCRAMServerFirst message: server nonce doesn't start with client nonce");
var saltBytes = Convert.FromBase64String(firstServerMsg.Salt);
var saltedPassword = Hi(passwd.Normalize(NormalizationForm.FormKC), saltBytes, firstServerMsg.Iteration);
var clientKey = HMAC(saltedPassword, "Client Key");
byte[] storedKey;
#if NET7_0_OR_GREATER
storedKey = SHA256.HashData(clientKey);
#else
using (var sha256 = SHA256.Create())
storedKey = sha256.ComputeHash(clientKey);
#endif
var clientFirstMessageBare = $"n=*,r={clientNonce}";
var serverFirstMessage = $"r={firstServerMsg.Nonce},s={firstServerMsg.Salt},i={firstServerMsg.Iteration}";
var clientFinalMessageWithoutProof = $"c={cbind},r={firstServerMsg.Nonce}";
var authMessage = $"{clientFirstMessageBare},{serverFirstMessage},{clientFinalMessageWithoutProof}";
var clientSignature = HMAC(storedKey, authMessage);
var clientProofBytes = Xor(clientKey, clientSignature);
var clientProof = Convert.ToBase64String(clientProofBytes);
var serverKey = HMAC(saltedPassword, "Server Key");
var serverSignature = HMAC(serverKey, authMessage);
var messageStr = $"{clientFinalMessageWithoutProof},p={clientProof}";
await WriteSASLResponse(Encoding.UTF8.GetBytes(messageStr), async, cancellationToken).ConfigureAwait(false);
await Flush(async, cancellationToken).ConfigureAwait(false);
var saslFinalServerMsg = Expect<AuthenticationSASLFinalMessage>(await ReadMessage(async).ConfigureAwait(false), this);
if (saslFinalServerMsg.AuthRequestType != AuthenticationRequestType.AuthenticationSASLFinal)
throw new NpgsqlException("[SASL] AuthenticationSASLFinal message expected");
var scramFinalServerMsg = AuthenticationSCRAMServerFinalMessage.Load(saslFinalServerMsg.Payload, ConnectionLogger);
if (scramFinalServerMsg.ServerSignature != Convert.ToBase64String(serverSignature))
throw new NpgsqlException("[SCRAM] Unable to verify server signature");
static string GetNonce()
{
using var rncProvider = RandomNumberGenerator.Create();
var nonceBytes = new byte[18];
rncProvider.GetBytes(nonceBytes);
return Convert.ToBase64String(nonceBytes);
}
}
internal void AuthenticateSASLSha256Plus(ref string mechanism, ref string cbindFlag, ref string cbind,
ref bool successfulBind)
{
// The check below is copied from libpq (with commentary)
// https://github.com/postgres/postgres/blob/98640f960eb9ed80cf90de3ef5d2e829b785b3eb/src/interfaces/libpq/fe-auth.c#L507-L517
// The server offered SCRAM-SHA-256-PLUS, but the connection
// is not SSL-encrypted. That's not sane. Perhaps SSL was
// stripped by a proxy? There's no point in continuing,
// because the server will reject the connection anyway if we
// try authenticate without channel binding even though both
// the client and server supported it. The SCRAM exchange
// checks for that, to prevent downgrade attacks.
if (!IsSecure)
throw new NpgsqlException("Server offered SCRAM-SHA-256-PLUS authentication over a non-SSL connection");
var sslStream = (SslStream)_stream;
if (sslStream.RemoteCertificate is null)
{
ConnectionLogger.LogWarning("Remote certificate null, falling back to SCRAM-SHA-256");
return;
}
using var remoteCertificate = new X509Certificate2(sslStream.RemoteCertificate);
// Checking for hashing algorithms
HashAlgorithm? hashAlgorithm = null;
var algorithmName = remoteCertificate.SignatureAlgorithm.FriendlyName;
if (algorithmName is null)
{
ConnectionLogger.LogWarning("Signature algorithm was null, falling back to SCRAM-SHA-256");
}
else if (algorithmName.StartsWith("sha1", StringComparison.OrdinalIgnoreCase) ||
algorithmName.StartsWith("md5", StringComparison.OrdinalIgnoreCase) ||
algorithmName.StartsWith("sha256", StringComparison.OrdinalIgnoreCase))
{
hashAlgorithm = SHA256.Create();
}
else if (algorithmName.StartsWith("sha384", StringComparison.OrdinalIgnoreCase))
{
hashAlgorithm = SHA384.Create();
}
else if (algorithmName.StartsWith("sha512", StringComparison.OrdinalIgnoreCase))
{
hashAlgorithm = SHA512.Create();
}
else
{
ConnectionLogger.LogWarning(
$"Support for signature algorithm {algorithmName} is not yet implemented, falling back to SCRAM-SHA-256");
}
if (hashAlgorithm != null)
{
using var _ = hashAlgorithm;
// RFC 5929
mechanism = "SCRAM-SHA-256-PLUS";
// PostgreSQL only supports tls-server-end-point binding
cbindFlag = "p=tls-server-end-point";
// SCRAM-SHA-256-PLUS depends on using ssl stream, so it's fine
var cbindFlagBytes = Encoding.UTF8.GetBytes($"{cbindFlag},,");
var certificateHash = hashAlgorithm.ComputeHash(remoteCertificate.GetRawCertData());
var cbindBytes = new byte[cbindFlagBytes.Length + certificateHash.Length];
cbindFlagBytes.CopyTo(cbindBytes, 0);
certificateHash.CopyTo(cbindBytes, cbindFlagBytes.Length);
cbind = Convert.ToBase64String(cbindBytes);
successfulBind = true;
IsScramPlus = true;
}
}
#if NET6_0_OR_GREATER
static byte[] Hi(string str, byte[] salt, int count)
=> Rfc2898DeriveBytes.Pbkdf2(str, salt, count, HashAlgorithmName.SHA256, 256 / 8);
#endif
static byte[] Xor(byte[] buffer1, byte[] buffer2)
{
for (var i = 0; i < buffer1.Length; i++)
buffer1[i] ^= buffer2[i];
return buffer1;
}
static byte[] HMAC(byte[] key, string data)
{
var dataBytes = Encoding.UTF8.GetBytes(data);
#if NET7_0_OR_GREATER
return HMACSHA256.HashData(key, dataBytes);
#else
using var ih = IncrementalHash.CreateHMAC(HashAlgorithmName.SHA256, key);
ih.AppendData(dataBytes);
return ih.GetHashAndReset();
#endif
}
async Task AuthenticateMD5(string username, byte[] salt, bool async, CancellationToken cancellationToken = default)
{
var passwd = await GetPassword(username, async, cancellationToken).ConfigureAwait(false);
if (passwd == null)
throw new NpgsqlException("No password has been provided but the backend requires one (in MD5)");
byte[] result;
#if !NET7_0_OR_GREATER
using (var md5 = MD5.Create())
#endif
{
// First phase
var passwordBytes = NpgsqlWriteBuffer.UTF8Encoding.GetBytes(passwd);
var usernameBytes = NpgsqlWriteBuffer.UTF8Encoding.GetBytes(username);
var cryptBuf = new byte[passwordBytes.Length + usernameBytes.Length];
passwordBytes.CopyTo(cryptBuf, 0);
usernameBytes.CopyTo(cryptBuf, passwordBytes.Length);
var sb = new StringBuilder();
#if NET7_0_OR_GREATER
var hashResult = MD5.HashData(cryptBuf);
#else
var hashResult = md5.ComputeHash(cryptBuf);
#endif
foreach (var b in hashResult)
sb.Append(b.ToString("x2"));
var prehash = sb.ToString();
var prehashbytes = NpgsqlWriteBuffer.UTF8Encoding.GetBytes(prehash);
cryptBuf = new byte[prehashbytes.Length + 4];
Array.Copy(salt, 0, cryptBuf, prehashbytes.Length, 4);
// 2.
prehashbytes.CopyTo(cryptBuf, 0);
sb = new StringBuilder("md5");
#if NET7_0_OR_GREATER
hashResult = MD5.HashData(cryptBuf);
#else
hashResult = md5.ComputeHash(cryptBuf);
#endif
foreach (var b in hashResult)
sb.Append(b.ToString("x2"));
var resultString = sb.ToString();
result = new byte[Encoding.UTF8.GetByteCount(resultString) + 1];
Encoding.UTF8.GetBytes(resultString, 0, resultString.Length, result, 0);
result[result.Length - 1] = 0;
}
await WritePassword(result, async, cancellationToken).ConfigureAwait(false);
await Flush(async, cancellationToken).ConfigureAwait(false);
}
#if NET7_0_OR_GREATER
internal async Task AuthenticateGSS(bool async)
{
var targetName = $"{KerberosServiceName}/{Host}";
using var authContext = new NegotiateAuthentication(new NegotiateAuthenticationClientOptions{ TargetName = targetName});
var data = authContext.GetOutgoingBlob(ReadOnlySpan<byte>.Empty, out var statusCode)!;
Debug.Assert(statusCode == NegotiateAuthenticationStatusCode.ContinueNeeded);
await WritePassword(data, 0, data.Length, async, UserCancellationToken).ConfigureAwait(false);
await Flush(async, UserCancellationToken).ConfigureAwait(false);
while (true)
{
var response = ExpectAny<AuthenticationRequestMessage>(await ReadMessage(async).ConfigureAwait(false), this);
if (response.AuthRequestType == AuthenticationRequestType.AuthenticationOk)
break;
if (response is not AuthenticationGSSContinueMessage gssMsg)
throw new NpgsqlException($"Received unexpected authentication request message {response.AuthRequestType}");
data = authContext.GetOutgoingBlob(gssMsg.AuthenticationData.AsSpan(), out statusCode)!;
if (statusCode is not NegotiateAuthenticationStatusCode.Completed and not NegotiateAuthenticationStatusCode.ContinueNeeded)
throw new NpgsqlException($"Error while authenticating GSS/SSPI: {statusCode}");
// We might get NegotiateAuthenticationStatusCode.Completed but the data will not be null
// This can happen if it's the first cycle, in which case we have to send that data to complete handshake (#4888)
if (data is null)
continue;
await WritePassword(data, 0, data.Length, async, UserCancellationToken).ConfigureAwait(false);
await Flush(async, UserCancellationToken).ConfigureAwait(false);
}
}
#endif
async ValueTask<string?> GetPassword(string username, bool async, CancellationToken cancellationToken = default)
{
var password = await DataSource.GetPassword(async, cancellationToken).ConfigureAwait(false);
if (password is not null)
return password;
if (ProvidePasswordCallback is { } passwordCallback)
{
try
{
ConnectionLogger.LogTrace($"Taking password from {nameof(ProvidePasswordCallback)} delegate");
password = passwordCallback(Host, Port, Settings.Database!, username);
}
catch (Exception e)
{
throw new NpgsqlException($"Obtaining password using {nameof(NpgsqlConnection)}.{nameof(ProvidePasswordCallback)} delegate failed", e);
}
}
password ??= PostgresEnvironment.Password;
if (password != null)
return password;
var passFile = Settings.Passfile ?? PostgresEnvironment.PassFile ?? PostgresEnvironment.PassFileDefault;
if (passFile != null)
{
var matchingEntry = new PgPassFile(passFile!)
.GetFirstMatchingEntry(Host, Port, Settings.Database!, username);
if (matchingEntry != null)
{
ConnectionLogger.LogTrace("Taking password from pgpass file");
password = matchingEntry.Password;
}
}
return password;
}
}