Re: dblink: Add SCRAM pass-through authentication
Peter Eisentraut <peter@eisentraut.org>
From: Peter Eisentraut <peter@eisentraut.org>
To: Jacob Champion <jacob.champion@enterprisedb.com>,
Matheus Alcantara <matheusssilv97@gmail.com>
Cc: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Date: 2025-03-18T16:35:46Z
Lists: pgsql-hackers
On 17.03.25 17:49, Jacob Champion wrote: >>> If we implement this, it needs to check that the keys were actually >>> sent during scram_exchange(). Having them set on the PGconn doesn't >>> mean that we used them for authentication. >>> >> We use the client key and server key on calculate_client_proof and >> verify_server_signature respective during memcpy, it would be too hack >> to add new fields on pg_conn like scram_client_key_in_use and >> scram_server_key_in_use, set them to true on these functions and then >> validate that both are true on PQconnectionUsedScramKeys? > I think that's probably a question for Peter: whether or not that > additional API is something we want to support. So the way I understand this is that the options are: (1) We add a libpq function like PQconnectionUsedScramKeys() in the style of PQconnectionUsedPassword() and call that function during the checks. (2) We make use_scram_passthrough=true imply require_auth=scram-sha-256. This is essentially a way to get the info from (1) out of libpq using existing facilities. But it would preempt certain setups that might otherwise work. (Which ones? Are they important?) Why can't we use PQconnectionUsedPassword()? What problems would that leave? The example test case that Jacob showed earlier involved the remote server using "trust". We don't want that, of course. But what we want to make sure is that some kind of authentication happened between postgres_fdw and the remote server. PQconnectionUsedPassword() does indicate that. (Or could we just stick in require_auth=!none to solve this problem once and for all?)
Commits
-
dblink: SCRAM authentication pass-through
- 3642df265d09 18.0 landed
-
postgres_fdw: improve security checks
- 76563f88cfbd 18.0 landed