Re: Password identifiers, protocol aging and SCRAM protocol

Michael Paquier <michael.paquier@gmail.com>

From: Michael Paquier <michael.paquier@gmail.com>
To: Heikki Linnakangas <hlinnaka@iki.fi>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, David Steele <david@pgmasters.net>, Robert Haas <robertmhaas@gmail.com>, David Fetter <david@fetter.org>, Alvaro Herrera <alvherre@2ndquadrant.com>, Magnus Hagander <magnus@hagander.net>, Peter Eisentraut <peter.eisentraut@2ndquadrant.com>, Julian Markwort <julian.markwort@uni-muenster.de>, Stephen Frost <sfrost@snowman.net>, PostgreSQL mailing lists <pgsql-hackers@postgresql.org>, Valery Popov <v.popov@postgrespro.ru>
Date: 2016-09-02T13:23:46Z
Lists: pgsql-hackers
On Fri, Sep 2, 2016 at 7:57 PM, Heikki Linnakangas <hlinnaka@iki.fi> wrote:
> I decided to split ip.c anyway. I'd like to keep the files in
> src/common/ip.c as small as possible, so I think it makes sense to be quite
> surgical when moving things there. I kept the pg_foreach_ifaddr() function
> in src/backend/libpq/ifaddr.c (I renamed the file to avoid confusion with
> the ip.c that got moved), even though it means that test_ifaddr will have to
> continue to copy the file directly from src/backend/libpq. I'm OK with that,
> because test_ifaddrs is just a little test program that mimics the backend's
> behaviour of enumerating interfaces. I don't consider it to be a "real"
> frontend application.
>
> Pushed, after splitting. Thanks! Now let's move on to the more substantial
> patches.

Before I send a new series of patches... There is one thing that I am
still troubled with: the compilation of pgcrypto. First from
contrib/pgcrypto/Makefile I am noticing the following issue with this
block:
CF_SRCS = $(if $(subst no,,$(with_openssl)), $(OSSL_SRCS), $(INT_SRCS))
CF_TESTS = $(if $(subst no,,$(with_openssl)), $(OSSL_TESTS), $(INT_TESTS))
CF_PGP_TESTS = $(if $(subst no,,$(with_zlib)), $(ZLIB_TST), $(ZLIB_OFF_TST))
How is that correct if src/Makefile.global is not loaded first?
Variables like with_openssl are still not loaded at that point.

Then, as per patch 0001 there are two files holding the SHA routines:
sha.c with the interface taken from OpenBSD, and sha_openssl.c that
uses the interface of OpenSSL. And when compiling pgcrypto, the choice
of file is made depending on the value of $(with_openssl).

As far as I know, the list of OBJS needs to be completely defined
before loading contrib-global.mk, but I fail to see how we can do that
with USE_PGXS=1... Or would it be fine to error if pgcrypto is
compiled with USE_PGXS?
-- 
Michael


Commits

  1. Support SCRAM-SHA-256 authentication (RFC 5802 and 7677).

  2. Refactor SHA2 functions and move them to src/common/.

  3. Replace isMD5() with a more future-proof way to check if pw is encrypted.

  4. Remove bogus notice that older clients might not work with MD5 passwords.

  5. Refactor the code for verifying user's password.

  6. Replace PostmasterRandom() with a stronger source, second attempt.

  7. Remove support for (insecure) crypt authentication.