Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1qFKwk-0007Kk-Ig for pgsql-hackers@arkaria.postgresql.org; Fri, 30 Jun 2023 20:42:26 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1qFKwi-0008As-4N for pgsql-hackers@arkaria.postgresql.org; Fri, 30 Jun 2023 20:42:24 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1qFKwh-0008Aj-D9 for pgsql-hackers@lists.postgresql.org; Fri, 30 Jun 2023 20:42:23 +0000 Received: from mail-pl1-x62a.google.com ([2607:f8b0:4864:20::62a]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1qFKwa-001L4D-0n for pgsql-hackers@postgresql.org; Fri, 30 Jun 2023 20:42:21 +0000 Received: by mail-pl1-x62a.google.com with SMTP id d9443c01a7336-1b80ba9326bso16949625ad.1 for ; Fri, 30 Jun 2023 13:42:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1688157734; x=1690749734; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=I6wGREMwH6Xq3gZBXN6JcokPtbx3IQpMue7eAYiyQMg=; b=ItUb4JLoz2a1hW3YOJorY+gl8qUZDKZ6SV6Vo2GG+YU4ZvKQ1wgfI4pfEmDSuIo2BG 8KOzCG4FB0Lrcvfxfmw9rz6WonIo01ce3ytu3m1CraUAUBc1pQBEyv26MkN4P8RukbAY 7j6q0KIMl/w4rvqKjXkUgpBItlxs9RSZn1b55nFMb3Izato/WdkkUHUqSF1jKjQHeRUu 6DoJcN72zHJZoE24P3JQAfXu9FsS4UYAXSGJwoRjzir6ZlVX/dtvASYbPaqrzqoJtZTi p4yXv/2Gr+iqfE0NGXqD3N9waKPK8+qm8Cwj3V+hJmkVZAhmhrufeV40Yt/DsrXfDjvM ZvHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688157734; x=1690749734; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=I6wGREMwH6Xq3gZBXN6JcokPtbx3IQpMue7eAYiyQMg=; b=bQ+6QEcMUVR272FDsikKEHm85LChso5gKWPWTyq6KMaKSk++HUpamD1qaWwWcANi93 rm1YpzmxHdOyevLDJyWTfOJtYY46YB+QpCJsnFOP1sjasjW3h3EmpUBe5vmomYxKAyUc 21wPBrfbHeBuObF/zCuxPkI+DPKHTzL9lPy9t24kLwbvAWQUD8WggbfaYzdoVw9DCihF q7LuRrj+e55E9uf347kC7EQ2hyFNmNJFEVSpuULU1Z8rebHRsigJH+Y9PcgUaV6vduWM MVp+XoLs/VHwEM6g2vHcHm0CEpoAzFuj2X6yU7gtpigJjWNU384dPO1lL3PmRmAOVh7E XMBw== X-Gm-Message-State: ABy/qLaVzZEQz1MBILU16f+CHS0GU1wft/443sEWgbICCu4X0KKJs3WB 4wod9mQUoCa1TtrjeY2xQ8lvhWyzrJM= X-Google-Smtp-Source: APBJJlH3mBqy4Pw5hreMaiNvNJSC/TYdmkLV/seqFnSdzWBYJF760JkhkqRD0yj3XQR+qXn2xzEqEA== X-Received: by 2002:a17:903:2606:b0:1b8:15bf:d2ed with SMTP id jd6-20020a170903260600b001b815bfd2edmr3091785plb.65.1688157734540; Fri, 30 Jun 2023 13:42:14 -0700 (PDT) Received: from nathanxps13 ([50.216.92.214]) by smtp.gmail.com with ESMTPSA id v1-20020a1709028d8100b001ac2c3e54adsm11187441plo.118.2023.06.30.13.42.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 30 Jun 2023 13:42:13 -0700 (PDT) Date: Fri, 30 Jun 2023 13:42:11 -0700 From: Nathan Bossart To: pgsql-hackers@postgresql.org Subject: Re: Should we remove db_user_namespace? Message-ID: <20230630204211.GA2840453@nathanxps13> References: <20230630200509.GA2830328@nathanxps13> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="X1bOJ3K7DJ5YkBrT" Content-Disposition: inline In-Reply-To: <20230630200509.GA2830328@nathanxps13> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --X1bOJ3K7DJ5YkBrT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Fri, Jun 30, 2023 at 01:05:09PM -0700, Nathan Bossart wrote: > The attached patch simply removes the GUC. And here's a new version of the patch with docs that actually build. -- Nathan Bossart Amazon Web Services: https://aws.amazon.com --X1bOJ3K7DJ5YkBrT Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="v2-0001-remove-db_user_namespace.patch" From 3b7fdd41eb429bc9bb03dcecf38126fbc63dafa3 Mon Sep 17 00:00:00 2001 From: Nathan Bossart Date: Fri, 30 Jun 2023 12:46:08 -0700 Subject: [PATCH v2 1/1] remove db_user_namespace --- doc/src/sgml/client-auth.sgml | 5 -- doc/src/sgml/config.sgml | 52 ------------------- src/backend/libpq/auth.c | 5 -- src/backend/libpq/hba.c | 12 ----- src/backend/postmaster/postmaster.c | 19 ------- src/backend/utils/misc/guc_tables.c | 9 ---- src/backend/utils/misc/postgresql.conf.sample | 1 - src/include/libpq/pqcomm.h | 2 - 8 files changed, 105 deletions(-) diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml index 204d09df67..6c95f0df1e 100644 --- a/doc/src/sgml/client-auth.sgml +++ b/doc/src/sgml/client-auth.sgml @@ -1253,11 +1253,6 @@ omicron bryanh guest1 attacks. - - The md5 method cannot be used with - the feature. - - To ease transition from the md5 method to the newer SCRAM method, if md5 is specified as a method diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index 6262cb7bb2..e6cea8ddfc 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -1188,58 +1188,6 @@ include_dir 'conf.d' - - - db_user_namespace (boolean) - - db_user_namespace configuration parameter - - - - - This parameter enables per-database user names. It is off by default. - This parameter can only be set in the postgresql.conf - file or on the server command line. - - - - If this is on, you should create users as username@dbname. - When username is passed by a connecting client, - @ and the database name are appended to the user - name and that database-specific user name is looked up by the - server. Note that when you create users with names containing - @ within the SQL environment, you will need to - quote the user name. - - - - With this parameter enabled, you can still create ordinary global - users. Simply append @ when specifying the user - name in the client, e.g., joe@. The @ - will be stripped off before the user name is looked up by the - server. - - - - db_user_namespace causes the client's and - server's user name representation to differ. - Authentication checks are always done with the server's user name - so authentication methods must be configured for the - server's user name, not the client's. Because - md5 uses the user name as salt on both the - client and server, md5 cannot be used with - db_user_namespace. - - - - - This feature is intended as a temporary measure until a - complete solution is found. At that time, this option will - be removed. - - - - diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index a98b934a8e..65d452f099 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -873,11 +873,6 @@ CheckMD5Auth(Port *port, char *shadow_pass, const char **logdetail) char *passwd; int result; - if (Db_user_namespace) - ereport(FATAL, - (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), - errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled"))); - /* include the salt to use for computing the response */ if (!pg_strong_random(md5Salt, 4)) { diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c index f89f138f3c..5d4ddbb04d 100644 --- a/src/backend/libpq/hba.c +++ b/src/backend/libpq/hba.c @@ -1741,19 +1741,7 @@ parse_hba_line(TokenizedAuthLine *tok_line, int elevel) else if (strcmp(token->string, "reject") == 0) parsedline->auth_method = uaReject; else if (strcmp(token->string, "md5") == 0) - { - if (Db_user_namespace) - { - ereport(elevel, - (errcode(ERRCODE_CONFIG_FILE_ERROR), - errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled"), - errcontext("line %d of configuration file \"%s\"", - line_num, file_name))); - *err_msg = "MD5 authentication is not supported when \"db_user_namespace\" is enabled"; - return NULL; - } parsedline->auth_method = uaMD5; - } else if (strcmp(token->string, "scram-sha-256") == 0) parsedline->auth_method = uaSCRAM; else if (strcmp(token->string, "pam") == 0) diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c index 4c49393fc5..33a13fdf32 100644 --- a/src/backend/postmaster/postmaster.c +++ b/src/backend/postmaster/postmaster.c @@ -236,7 +236,6 @@ int AuthenticationTimeout = 60; bool log_hostname; /* for ps display and logging */ bool Log_connections = false; -bool Db_user_namespace = false; bool enable_bonjour = false; char *bonjour_name; @@ -2272,24 +2271,6 @@ retry1: if (port->database_name == NULL || port->database_name[0] == '\0') port->database_name = pstrdup(port->user_name); - if (Db_user_namespace) - { - /* - * If user@, it is a global user, remove '@'. We only want to do this - * if there is an '@' at the end and no earlier in the user string or - * they may fake as a local user of another database attaching to this - * database. - */ - if (strchr(port->user_name, '@') == - port->user_name + strlen(port->user_name) - 1) - *strchr(port->user_name, '@') = '\0'; - else - { - /* Append '@' and dbname */ - port->user_name = psprintf("%s@%s", port->user_name, port->database_name); - } - } - /* * Truncate given database and user names to length of a Postgres name. * This avoids lookup failures when overlength names are given. diff --git a/src/backend/utils/misc/guc_tables.c b/src/backend/utils/misc/guc_tables.c index 71e27f8eb0..25d9008bb6 100644 --- a/src/backend/utils/misc/guc_tables.c +++ b/src/backend/utils/misc/guc_tables.c @@ -1534,15 +1534,6 @@ struct config_bool ConfigureNamesBool[] = false, NULL, NULL, NULL }, - { - {"db_user_namespace", PGC_SIGHUP, CONN_AUTH_AUTH, - gettext_noop("Enables per-database user names."), - NULL - }, - &Db_user_namespace, - false, - NULL, NULL, NULL - }, { {"default_transaction_read_only", PGC_USERSET, CLIENT_CONN_STATEMENT, gettext_noop("Sets the default read-only status of new transactions."), diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample index e4c0269fa3..c768af9a73 100644 --- a/src/backend/utils/misc/postgresql.conf.sample +++ b/src/backend/utils/misc/postgresql.conf.sample @@ -96,7 +96,6 @@ #authentication_timeout = 1min # 1s-600s #password_encryption = scram-sha-256 # scram-sha-256 or md5 #scram_iterations = 4096 -#db_user_namespace = off # GSSAPI using Kerberos #krb_server_keyfile = 'FILE:${sysconfdir}/krb5.keytab' diff --git a/src/include/libpq/pqcomm.h b/src/include/libpq/pqcomm.h index c85090259d..3da00f7983 100644 --- a/src/include/libpq/pqcomm.h +++ b/src/include/libpq/pqcomm.h @@ -103,8 +103,6 @@ typedef ProtocolVersion MsgType; typedef uint32 PacketLen; -extern PGDLLIMPORT bool Db_user_namespace; - /* * In protocol 3.0 and later, the startup packet length is not fixed, but * we set an arbitrary limit on it anyway. This is just to prevent simple -- 2.25.1 --X1bOJ3K7DJ5YkBrT--