Re: SCRAM pass-through authentication for postgres_fdw

Alexander Pyhalov <a.pyhalov@postgrespro.ru>

From: Alexander Pyhalov <a.pyhalov@postgrespro.ru>
To: Matheus Alcantara <matheusssilv97@gmail.com>
Cc: Peter Eisentraut <peter@eisentraut.org>, PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>, Jacob Champion <jacob.champion@enterprisedb.com>
Date: 2025-06-25T18:07:22Z
Lists: pgsql-hackers

Attachments

Matheus Alcantara писал(а) 2025-06-25 14:36:
> Hi, thanks for testing and reporting the issue!
> 
> On 25/06/25 11:37, Alexander Pyhalov wrote:
>> Hi.
>> I've started to look at this feature and found an issue - MyProcPort
>> can be not set if connection is initiated
>> by some bgworker. (Internally we use one for statistics collection.)
>> In other places (for example, in be_gssapi_get_delegation())
>> there are checks that port is not NULL. Likely postgres_fdw and dblink
>> should do something similar.
>> 
> 
> In this case the bgworker is used to collect statistics for the fdw
> tables? If that's the case, since we don't have the MyProcPort and the
> scram keys, will it use the user and password configured on user 
> mapping
> properties? If that's also the case I think that we may have a problem
> because the goal of this feature is to avoid storing the password on
> user mapping.
> 
> Do you have steps to reproduce the issue?

Hi. I've created a simple extension to reproduce an issue. Just put 
attached files to contrib and run make check.
You'll see bgworker crash.

-- 
Best regards,
Alexander Pyhalov,
Postgres Professional