Re: [PoC] Let libpq reject unexpected authentication requests

Jacob Champion <jchampion@timescale.com>

From: Jacob Champion <jchampion@timescale.com>
To: Aleksander Alekseev <aleksander@timescale.com>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Cc: Peter Eisentraut <peter.eisentraut@enterprisedb.com>, Michael Paquier <michael@paquier.xyz>, "David G. Johnston" <david.g.johnston@gmail.com>
Date: 2022-11-12T00:11:07Z
Lists: pgsql-hackers

Attachments

On 11/11/22 05:52, Aleksander Alekseev wrote:
> I noticed that this patchset stuck a bit so I decided to take a look.

Thanks!

> Assigning a negative number to uint32 doesn't necessarily work on all
> platforms. I suggest using PG_UINT32_MAX.

Hmm -- on which platforms is "-1 converted to unsigned" not equivalent
to the maximum value? Are they C-compliant?

> The commit message IMO has a better description of "require". I
> suggest adding the part about "This doesn't add any additional
> security ..." to the documentation.

Sounds good; see what you think of v12.

> ```
> + * hard-coded certificate via sslcert, so we don't actually set any
> certificates
> + * here; we just it to record whether or not the server has actually asked for
> ```
> 
> Something is off with the wording here in the "we just it to ..." part.

Fixed.

> The patchset seems to be in very good shape except for these few
> nitpicks. I'm inclined to change its status to "Ready for Committer"
> as soon as the new version will pass cfbot unless there are going to
> be any objections from the community.

Thank you! I expect a maintainer will need to weigh in on the
cost/benefit of 0003 either way.

--Jacob

Commits

  1. libpq: Add sslcertmode option to control client certificates

  2. Rewrite error message related to sslmode in libpq

  3. libpq: Add support for require_auth to control authorized auth methods

  4. Run pgindent on libpq's fe-auth.c, fe-auth-scram.c and fe-connect.c