Re: Password identifiers, protocol aging and SCRAM protocol

Heikki Linnakangas <hlinnaka@iki.fi>

From: Heikki Linnakangas <hlinnaka@iki.fi>
To: Michael Paquier <michael.paquier@gmail.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, David Steele <david@pgmasters.net>, Robert Haas <robertmhaas@gmail.com>, David Fetter <david@fetter.org>, Alvaro Herrera <alvherre@2ndquadrant.com>, Magnus Hagander <magnus@hagander.net>, Peter Eisentraut <peter.eisentraut@2ndquadrant.com>, Julian Markwort <julian.markwort@uni-muenster.de>, Stephen Frost <sfrost@snowman.net>, PostgreSQL mailing lists <pgsql-hackers@postgresql.org>, Valery Popov <v.popov@postgrespro.ru>
Date: 2016-08-18T16:51:49Z
Lists: pgsql-hackers
On 08/18/2016 03:45 PM, Michael Paquier wrote:
> On Thu, Aug 18, 2016 at 9:28 PM, Heikki Linnakangas <hlinnaka@iki.fi> wrote:
>> Let's take the opportunity and also move src/backend/libpq/ip.c and md5.c
>> into src/common. It would be weird to have sha.c in src/common, but md5.c in
>> src/backend/libpq. Looking at ip.c, it could be split into two: some of the
>> functions in ip.c are clearly not needed in the client, like enumerating all
>> interfaces.
>
> It would be definitely better to do all that before even moving sha.c.

Agreed.

> For the current ip.c, I don't have a better idea than putting in
> src/common/ip.c the set of routines used by both the frontend and
> backend, and have fe_ip.c the new file that has the frontend-only
> things. Need a patch?

Yes, please. I don't think there's anything there that's needed by only 
the frontend, but some of the functions are needed by only the backend. 
So I think we'll end up with src/common/ip.c, and 
src/backend/libpq/be-ip.c. (Not sure about those names, pick something 
that makes sense, given what's left in the files.)

- Heikki



Commits

  1. Support SCRAM-SHA-256 authentication (RFC 5802 and 7677).

  2. Refactor SHA2 functions and move them to src/common/.

  3. Replace isMD5() with a more future-proof way to check if pw is encrypted.

  4. Remove bogus notice that older clients might not work with MD5 passwords.

  5. Refactor the code for verifying user's password.

  6. Replace PostmasterRandom() with a stronger source, second attempt.

  7. Remove support for (insecure) crypt authentication.