public inbox for [email protected]  
help / color / mirror / Atom feed
From: vignesh C <[email protected]>
To: Gurjeet Singh <[email protected]>
Cc: Jeff Davis <[email protected]>
Cc: Nathan Bossart <[email protected]>
Cc: PostgreSQL Hackers <[email protected]>
Cc: Stephen Frost <[email protected]>
Cc: Brindle, Joshua <[email protected]>
Subject: Re: [PoC/RFC] Multiple passwords, interval expirations
Date: Sat, 27 Jan 2024 07:18:59 +0530
Message-ID: <CALDaNm2=4afz6Tqgi6c+FL1h5Fofh34c4bHEEAUap84KSu3hJQ@mail.gmail.com> (raw)
In-Reply-To: <CABwTF4V+veezGtNRiun1T_0u9kitS2Wk0VovKpUnZXdTCHvJ4w@mail.gmail.com>
References: <CAGB+Vh5Ed65gCmjJxCYguVoBoiDLePYDAeHMkb6-7PR-DFU-yQ@mail.gmail.com>
	<[email protected]>
	<CAOuzzgpyFRFbskZW0uYwP4_r5NkFJywTurn0SQ+pkbcuuQchjw@mail.gmail.com>
	<CABwTF4Uih+xKc8o7W-Qmzo2Oc3BbvnY+JHzcZ-HG2vDzBQpf8w@mail.gmail.com>
	<[email protected]>
	<[email protected]>
	<CAOuzzgq2j43X6vwF8LCPcPuKZ2gw0ZbF=CrsB6CmtEt1h2ci0g@mail.gmail.com>
	<CABwTF4XZO_429=QzZHt-1Q=KSCR2XjYG+xVy2p-PdPtun9tVdg@mail.gmail.com>
	<[email protected]>
	<CABwTF4Xf5qJgeapUvT3fbU+Er9sVKBEihcj7pb9_A4c5u1NaZA@mail.gmail.com>
	<20231005190453.GB151257@nathanxps13>
	<[email protected]>
	<CABwTF4Xm97B3d2OkVWWpS1GBrRY_zJY8bkmQzmzYnXM0NU3w5Q@mail.gmail.com>
	<[email protected]>
	<CABwTF4VLNXvMLYHvySmGJOBRuO1h6L7Wq4JWnKd7F2etJU5eXA@mail.gmail.com>
	<CABwTF4VvnkRUEKBT+j9fj9EyfGSFG3Ss3QejqfLy33DzKuc3DQ@mail.gmail.com>
	<CABwTF4VVYPja=f-jR8tRuNUo0Sr8eHSYQQWSBC3g7j3K2aYSbQ@mail.gmail.com>
	<CABwTF4V+veezGtNRiun1T_0u9kitS2Wk0VovKpUnZXdTCHvJ4w@mail.gmail.com>

On Tue, 10 Oct 2023 at 16:37, Gurjeet Singh <[email protected]> wrote:
>
> > On Mon, Oct 9, 2023 at 2:31 AM Gurjeet Singh <[email protected]> wrote:
> > >
> > > Next steps:
> > > - Break the patch into a series of smaller patches.
> > > - Add TAP tests (test the ability to actually login with these passwords)
> > > - Add/update documentation
> > > - Add more regression tests
>
> Please see attached the v4 of the patchset that introduces the notion
> of named passwords slots, namely 'first' and 'second' passwords, and
> allows users to address each of these passwords separately for the
> purposes of adding, dropping, or assigning expiration times.
>
> Apart from the changes described by each patch's commit title, one
> significant change since v3 is that now (included in v4-0002...patch)
> it is not allowed for a role to have a mix of a types of passwords.
> When adding a password, the patch ensures that the password being
> added uses the same hashing algorithm (md5 or scram-sha-256) as the
> existing password, if any.  Having all passwords of the same type
> helps the server pick the corresponding authentication method during
> connection attempt.
>
> The v3 patch also had a few bugs that were exposed by cfbot's
> automatic run. All those bugs have now been fixed, and the latest run
> on the v4 branch [1] on my private Git repo shows a clean run [1].
>
> The list of patches, and their commit titles are as follows:
>
> > v4-0001-...patch Add new columns to pg_authid
> > v4-0002-...patch Update password verification infrastructure to handle two passwords
> > v4-0003-...patch Added SQL support for ALTER ROLE to manage two passwords
> > v4-0004-...patch Updated pg_dumpall to support exporting a role's second password
> > v4-0005-...patch Update system views pg_roles and pg_shadow
> > v4-0006-...patch Updated pg_authid catalog documentation
> > v4-0007-...patch Updated psql's describe-roles meta-command
> > v4-0008-...patch Added documentation for ALTER ROLE command
> > v4-0009-...patch Added TAP tests to prove that a role can use two passwords to login
> > v4-0010-...patch pgindent run
> > v4-0011-...patch Run pgperltidy on files changed by this patchset
>
> Running pgperltidy updated many perl files unrelated to this patch, so
> in the last patch I chose to include only the one perl file that is
> affected by this patchset.

CFBot shows that the patch does not apply anymore as in [1]:
=== Applying patches on top of PostgreSQL commit ID
4d969b2f85e1fd00e860366f101fd3e3160aab41 ===
=== applying patch
./v4-0002-Update-password-verification-infrastructure-to-ha.patch
...
patching file src/backend/libpq/auth.c
Hunk #4 FAILED at 828.
Hunk #5 succeeded at 886 (offset -2 lines).
Hunk #6 succeeded at 907 (offset -2 lines).
1 out of 6 hunks FAILED -- saving rejects to file src/backend/libpq/auth.c.rej

Please post an updated version for the same.

[1] - http://cfbot.cputube.org/patch_46_4432.log

Regards,
Vignesh





view thread (31+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
  Subject: Re: [PoC/RFC] Multiple passwords, interval expirations
  In-Reply-To: <CALDaNm2=4afz6Tqgi6c+FL1h5Fofh34c4bHEEAUap84KSu3hJQ@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox