Merge pull request #3 from WeihanLi/sha256-auth

SHA256 auth support

Author: JusterZhu

.github/workflows/build.yml

@@ -19,3 +19,4 @@ artifacts/
 *.ide/
 .vs/
 TestResult.xml
+.env

.gitignore

@@ -43,5 +43,8 @@
 
     <!-- NativeAOT -->
     <PackageVersion Include="Mono.Cecil" Version="0.11.5" />
+
+    <!-- Examples -->
+    <PackageVersion Include="dotenv.net" Version="3.2.1" />
   </ItemGroup>
 </Project>

Directory.Packages.props

@@ -7,6 +7,9 @@
     <File Path="NuGet.config" />
     <File Path="README.md" />
   </Folder>
+  <Folder Name="/example/">
+    <Project Path="example/GetStarted/GetStarted.csproj" />
+  </Folder>
   <Folder Name="/Github/">
     <File Path=".github/dependabot.yml" />
     <File Path=".github/workflows/build.yml" />

Npgsql.slnx

@@ -0,0 +1 @@
+GaussDBConnString=

example/GetStarted/.env-example

@@ -0,0 +1,25 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+    <PropertyGroup>
+        <OutputType>Exe</OutputType>
+        <TargetFramework>net8.0</TargetFramework>
+        <ImplicitUsings>enable</ImplicitUsings>
+        <Nullable>enable</Nullable>
+        <NoWarn>$(NoWarn);CS8002</NoWarn>
+    </PropertyGroup>
+
+    <ItemGroup>
+      <ProjectReference Include="..\..\src\Npgsql\Npgsql.csproj" />
+    </ItemGroup>
+
+    <ItemGroup>
+      <PackageReference Include="dotenv.net" />
+    </ItemGroup>
+
+    <ItemGroup>
+      <None Condition="Exists('$(MSBuildProjectDirectory)\.env')" Update=".env">
+        <CopyToOutputDirectory>Always</CopyToOutputDirectory>
+      </None>
+    </ItemGroup>
+
+</Project>

example/GetStarted/GetStarted.csproj

@@ -0,0 +1,23 @@
+using System.Data;
+using Npgsql;
+
+dotenv.net.DotEnv.Load();
+
+var connString = Environment.GetEnvironmentVariable("GaussdbConnString");
+ArgumentNullException.ThrowIfNull(connString);
+
+await using var conn = new NpgsqlConnection(connString);
+if (conn.State is ConnectionState.Closed)
+{
+    await conn.OpenAsync();
+}
+
+Console.WriteLine($@"Connection state: {conn.State}");
+
+{
+    await using var cmd = new NpgsqlCommand("SELECT 1", conn);
+    var result = await cmd.ExecuteScalarAsync();
+    Console.WriteLine(result);
+}
+
+Console.WriteLine(@"Completed!");

example/GetStarted/Program.cs

@@ -1,6 +1,4 @@
 using System;
-using System.Collections.Generic;
-using Microsoft.Extensions.Logging;
 using Npgsql.Internal;
 
 namespace Npgsql.BackendMessages;
@@ -44,23 +42,48 @@ internal static AuthenticationMD5PasswordMessage Load(NpgsqlReadBuffer buf)
         => Salt = salt;
 }
 
+#region SHA256Password
+
 sealed class AuthenticationSHA256PasswordMessage : AuthenticationRequestMessage
 {
     internal override AuthenticationRequestType AuthRequestType => AuthenticationRequestType.SHA256Password;
+    internal PasswordStoreType PasswordStoreType { get; }
+    internal string RandomCode { get; }
+    internal string Token { get; set; }
+    internal int Iteration { get; }
 
-    internal byte[] Salt { get; }
-
-    internal static AuthenticationSHA256PasswordMessage Load(NpgsqlReadBuffer buf)
+    public AuthenticationSHA256PasswordMessage
+    (
+        PasswordStoreType passwordStoreType,
+        NpgsqlReadBuffer buf
+    )
     {
-        var salt = new byte[32]; // SHA-256盐值通常为32字节
-        buf.ReadBytes(salt, 0, 32);
-        return new AuthenticationSHA256PasswordMessage(salt);
+        PasswordStoreType = passwordStoreType;
+        RandomCode = buf.ReadString(64);
+        Token = buf.ReadString(8);
+        Iteration = buf.ReadInt32();
     }
 
-    AuthenticationSHA256PasswordMessage(byte[] salt)
-        => Salt = salt;
+    internal static AuthenticationRequestMessage Load(NpgsqlReadBuffer buf)
+    {
+        var passwordStoreTypeValue = buf.ReadInt32();
+        var passwordStoreType = (PasswordStoreType)passwordStoreTypeValue;
+
+        return passwordStoreType switch
+        {
+            PasswordStoreType.PlainText => AuthenticationCleartextPasswordMessage.Instance,
+            PasswordStoreType.MD5 => AuthenticationMD5PasswordMessage.Load(buf),
+            PasswordStoreType.SHA256 => new AuthenticationSHA256PasswordMessage(
+                passwordStoreType, buf
+            ),
+            _ => throw new InvalidOperationException($"Not supported password store type({passwordStoreTypeValue})")
+        };
+    }
 }
 
+#endregion SHA256Password
+
+
 sealed class AuthenticationGSSMessage : AuthenticationRequestMessage
 {
     internal override AuthenticationRequestType AuthRequestType => AuthenticationRequestType.GSS;
@@ -95,118 +118,6 @@ sealed class AuthenticationSSPIMessage : AuthenticationRequestMessage
     AuthenticationSSPIMessage() { }
 }
 
-#region SASL
-
-sealed class AuthenticationSASLMessage : AuthenticationRequestMessage
-{
-    internal override AuthenticationRequestType AuthRequestType => AuthenticationRequestType.SASL;
-    internal List<string> Mechanisms { get; } = [];
-
-    internal AuthenticationSASLMessage(NpgsqlReadBuffer buf)
-    {
-        while (buf.Buffer[buf.ReadPosition] != 0)
-            Mechanisms.Add(buf.ReadNullTerminatedString());
-        buf.ReadByte();
-        if (Mechanisms.Count == 0)
-            throw new NpgsqlException("Received AuthenticationSASL message with 0 mechanisms!");
-    }
-}
-
-sealed class AuthenticationSASLContinueMessage : AuthenticationRequestMessage
-{
-    internal override AuthenticationRequestType AuthRequestType => AuthenticationRequestType.SASLContinue;
-    internal byte[] Payload { get; }
-
-    internal AuthenticationSASLContinueMessage(NpgsqlReadBuffer buf, int len)
-    {
-        Payload = new byte[len];
-        buf.ReadBytes(Payload, 0, len);
-    }
-}
-
-sealed class AuthenticationSCRAMServerFirstMessage
-{
-    internal string Nonce { get; }
-    internal string Salt { get; }
-    internal int Iteration { get; }
-
-    internal static AuthenticationSCRAMServerFirstMessage Load(byte[] bytes, ILogger connectionLogger)
-    {
-        var data = NpgsqlWriteBuffer.UTF8Encoding.GetString(bytes);
-        string? nonce = null, salt = null;
-        var iteration = -1;
-
-        foreach (var part in data.Split(','))
-        {
-            if (part.StartsWith("r=", StringComparison.Ordinal))
-                nonce = part.Substring(2);
-            else if (part.StartsWith("s=", StringComparison.Ordinal))
-                salt = part.Substring(2);
-            else if (part.StartsWith("i=", StringComparison.Ordinal))
-                iteration = int.Parse(part.Substring(2));
-            else
-                connectionLogger.LogDebug("Unknown part in SCRAM server-first message:" + part);
-        }
-
-        if (nonce == null)
-            throw new NpgsqlException("Server nonce not received in SCRAM server-first message");
-        if (salt == null)
-            throw new NpgsqlException("Server salt not received in SCRAM server-first message");
-        if (iteration == -1)
-            throw new NpgsqlException("Server iterations not received in SCRAM server-first message");
-
-        return new AuthenticationSCRAMServerFirstMessage(nonce, salt, iteration);
-    }
-
-    AuthenticationSCRAMServerFirstMessage(string nonce, string salt, int iteration)
-    {
-        Nonce = nonce;
-        Salt = salt;
-        Iteration = iteration;
-    }
-}
-
-sealed class AuthenticationSASLFinalMessage : AuthenticationRequestMessage
-{
-    internal override AuthenticationRequestType AuthRequestType => AuthenticationRequestType.SASLFinal;
-    internal byte[] Payload { get; }
-
-    internal AuthenticationSASLFinalMessage(NpgsqlReadBuffer buf, int len)
-    {
-        Payload = new byte[len];
-        buf.ReadBytes(Payload, 0, len);
-    }
-}
-
-sealed class AuthenticationSCRAMServerFinalMessage
-{
-    internal string ServerSignature { get; }
-
-    internal static AuthenticationSCRAMServerFinalMessage Load(byte[] bytes, ILogger connectionLogger)
-    {
-        var data = NpgsqlWriteBuffer.UTF8Encoding.GetString(bytes);
-        string? serverSignature = null;
-
-        foreach (var part in data.Split(','))
-        {
-            if (part.StartsWith("v=", StringComparison.Ordinal))
-                serverSignature = part.Substring(2);
-            else
-                connectionLogger.LogDebug("Unknown part in SCRAM server-first message:" + part);
-        }
-
-        if (serverSignature == null)
-            throw new NpgsqlException("Server signature not received in SCRAM server-final message");
-
-        return new AuthenticationSCRAMServerFinalMessage(serverSignature);
-    }
-
-    internal AuthenticationSCRAMServerFinalMessage(string serverSignature)
-        => ServerSignature = serverSignature;
-}
-
-#endregion SASL
-
 enum AuthenticationRequestType
 {
     Ok = 0,
@@ -215,8 +126,12 @@ enum AuthenticationRequestType
     GSS = 7,
     GSSContinue = 8,
     SSPI = 9,
-    SASL = 10,
-    SASLContinue = 11,
-    SASLFinal = 12,
-    SHA256Password = 13
+    SHA256Password = 10
+}
+
+enum PasswordStoreType
+{
+    PlainText = 0,
+    MD5 = 1,
+    SHA256 = 2
 }