dblink: Add SCRAM pass-through authentication
Matheus Alcantara <matheusssilv97@gmail.com>
From: Matheus Alcantara <matheusssilv97@gmail.com>
To: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2025-01-22T14:10:38Z
Lists: pgsql-hackers
Attachments
- v1-0002-dblink-Add-SCRAM-pass-through-authentication.patch (application/octet-stream) patch v1-0002
- v1-0001-dblink-refactor-get-connection-routines.patch (application/octet-stream) patch v1-0001
Hi, The attached patch enables SCRAM authentication for dblink connections when using dblink_fdw without requiring a plain-text password on user mapping properties. The implementation is very similar to what was implemented on postgres_fdw [0]. To make it more closer to what was implemented on postgres_fdw a refactor was needed on get connection routines. A connect_pg_server function was created to centralize all the logic to actually open the connection with the foreign server and then replace the duplicated code on dblink_get_conn and dblink_connect to just call this new function. The main reason for this refactor was to centralize the SCRAM logic in a single function, instead of checking if SCRAM is enabled on both functions. A new is_valid_dblink_fdw_option function was also created to check for valid dblink fdw options when creating a server with CREATE SERVER command. The is_valid_dblink_option function only checks for valid libpq options, and the use_scram_passthrough option is only valid on CREATE SERVER options. The documentation was also changed to include a new Foreign Data Wrapper section to describe the SCRAM pass-through feature. Thoughts? [0] https://www.postgresql.org/message-id/27b29a35-9b96-46a9-bc1a-914140869dac@gmail.com -- Matheus Alcantara
Commits
-
dblink: SCRAM authentication pass-through
- 3642df265d09 18.0 landed
-
postgres_fdw: improve security checks
- 76563f88cfbd 18.0 landed