Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tIxb4-0007zq-5s for pgsql-hackers@arkaria.postgresql.org; Wed, 04 Dec 2024 22:11:50 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tIxb1-002q08-8y for pgsql-hackers@arkaria.postgresql.org; Wed, 04 Dec 2024 22:11:48 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tIxb0-002q00-Ug for pgsql-hackers@lists.postgresql.org; Wed, 04 Dec 2024 22:11:48 +0000 Received: from mail-oo1-xc34.google.com ([2607:f8b0:4864:20::c34]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1tIxax-001544-W2 for pgsql-hackers@lists.postgresql.org; Wed, 04 Dec 2024 22:11:46 +0000 Received: by mail-oo1-xc34.google.com with SMTP id 006d021491bc7-5f1e364cc22so95523eaf.2 for ; Wed, 04 Dec 2024 14:11:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=enterprisedb.com; s=google; t=1733350302; x=1733955102; darn=lists.postgresql.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=khzrTyOrGescnXTRLWlQ1NcBHZ6pkB3ZuvA+8GR3QgA=; b=RZ886hMEygGb6lyWdiVrrpr/koyNexpTQ1o23+ygldfGb4Vw7LxDryww1qKj8tO8ms 0ahptZ8pgeLZxLZsEopuvGU85cCgO6gjMZl/aTQRhYIdVCeRE7LUu42vxv6V9X4yOOGz 16Bu9e0E8D0vOIwsvkkYficDR2UGYEuM1xY53sljjU8cdxc7wrcMKiN5Y1fDsboNLaFr WO9/FnaraJczrJs3kK7YOGXoNLYKswdUj+QF9u7wUIeyqIDpwhQFEEdJpWS6dBknbVdW VhciPlLibYzGFut+Q2pcWk65wXSdByCR0XKLeMKbFMdmFsmvMMoAWkUdxQTjyoepPHmB m0Gg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733350302; x=1733955102; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=khzrTyOrGescnXTRLWlQ1NcBHZ6pkB3ZuvA+8GR3QgA=; b=Ea+pRZqdmWUfkmyiEtp9W0tpKGupf3aUYfduekZC9BeOGlNWB0qXSIxsM8NzHSvYFX xdG77iRPQ+/SRd/wi1tFplHmBKb5B41H/sC9Xlsjeq3fO5YBilqHSWSlxex6VpDXWOp8 GKzOtlnjIlcYSMqm9SQP3UXm4pHOFd6cf4JmC0IPHn3oBj0SAptcmIp7LyOlIoAlYFCh sQx8TVTPiRASabfBEKL4ZY3wn5n2k20PNAjQLYHxkBHwkasCXwMO6igI8GefaVtprBC2 YRPbSI2bs1+3dNozzEWLeA8W16LR52qiB8WWJ7pqlYMKrnStrGYWlJZK4Tq/dd4p3atU Yb0g== X-Gm-Message-State: AOJu0YyEYVXoqtdpN6FBauTVWwBvhroGOF0isIjG1fzgMpfKnVR7VQl4 eEp0AFY8ZBvHkp02v6Xa9XZFkY6oBKoPJp/kXbfiuAzeEml8vFZH/V0yCGjJYUvDXU783cITAwr PkRGNof3H3Yid6p4qpOiI/ENLB8PlWqIB9KkK X-Gm-Gg: ASbGncv/yZesbDgM3YCrgnnQyLKqwkVFFjOtUOFcx6heMU00HBq9u/1Nk89XGO3M2HY 4YQLo97+5bYBY+RWED2Ccx+zFjhjFng== X-Google-Smtp-Source: AGHT+IE50s3yxGf0fyP0CFiT+rCHJcRo3OtcvtAmd0PGchATGmlFK6z5HZYwYzJ5bN+0OO7rWtEOjZgpo5iR1egx6m0= X-Received: by 2002:a4a:edc3:0:b0:5e5:941c:ca5a with SMTP id 006d021491bc7-5f25ad2f79emr4854011eaf.1.1733350302193; Wed, 04 Dec 2024 14:11:42 -0800 (PST) MIME-Version: 1.0 References: <27b29a35-9b96-46a9-bc1a-914140869dac@gmail.com> In-Reply-To: <27b29a35-9b96-46a9-bc1a-914140869dac@gmail.com> From: Jacob Champion Date: Wed, 4 Dec 2024 14:11:31 -0800 Message-ID: Subject: Re: SCRAM pass-through authentication for postgres_fdw To: Matheus Alcantara Cc: PostgreSQL Hackers Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Wed, Dec 4, 2024 at 10:45=E2=80=AFAM Matheus Alcantara wrote: > This is achieved by storing the SCRAM ClientKey and ServerKey obtained > during client authentication with the backend. These keys are then > used to complete the SCRAM exchange between the backend and the fdw > server, eliminating the need to derive them from a stored plain-text > password. What are the assumptions that have to be made for pass-through SCRAM to succeed? Is it just "the two servers have identical verifiers for the user," or are there others? It looks like the patch is using the following property [1]: If an attacker obtains the authentication information from the authentication repository and either eavesdrops on one authentication exchange or impersonates a server, the attacker gains the ability to impersonate that user to all servers providing SCRAM access using the same hash function, password, iteration count, and salt. For this reason, it is important to use randomly generated salt values. It makes me a little uneasy to give users a reason to copy identical salts/verifiers around... But for e.g. a loopback connection, it seems like there'd be no additional risk. Is that the target use case? I haven't looked at the code very closely yet, but the following hunk jumped out at me: > - pg_hmac_ctx *ctx =3D pg_hmac_create(state->hash_type); > + pg_hmac_ctx *ctx =3D pg_hmac_create(PG_SHA256); Why was that change made? Thanks, --Jacob [1] https://datatracker.ietf.org/doc/html/rfc5802#section-9