Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tLmJ0-00Gwtz-3W for pgsql-hackers@arkaria.postgresql.org; Thu, 12 Dec 2024 16:44:50 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tLmIx-00DQAB-FM for pgsql-hackers@arkaria.postgresql.org; Thu, 12 Dec 2024 16:44:48 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tLmIx-00DQ9v-4Y for pgsql-hackers@lists.postgresql.org; Thu, 12 Dec 2024 16:44:48 +0000 Received: from mail-oa1-x36.google.com ([2001:4860:4864:20::36]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1tLmIv-002TaD-Qn for pgsql-hackers@lists.postgresql.org; Thu, 12 Dec 2024 16:44:47 +0000 Received: by mail-oa1-x36.google.com with SMTP id 586e51a60fabf-29ff5c75c21so1023078fac.0 for ; Thu, 12 Dec 2024 08:44:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=enterprisedb.com; s=google; t=1734021884; x=1734626684; darn=lists.postgresql.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=hBe/iXYsC7stmAS8HwuTL01dKzEGrqC+g9F+rfiK818=; b=MI4ExwqV58iVVZ1A41wc4KF/G0WXHPp0TVsDenoQpToTySm79GnC8O26TckZ83vpnr AWE12Avlm7w8C9zoFkG6zPF0Zzp5xF9jOyXoue7EKK0yrrziR/WSAlzekXv/O4y50Wlx e8nlOfBZHFpJCL87/T1/ZUoIwGGrEKOSkw/9/VmnUOFfGE9cM0Ox0fV4B8Wd4HnVEz86 /Kb1o8gqI5dN3v4f366TL1q+LL3kKtChE0P1f5/oUvxoo3XE1Rn+X5EXpY1w2xTJXnXp sDrbkUq6TXhfil6mtzF916ca/tLclBZze1zKer/w6/72K0sZ8kymk8taJVob9knCbtz1 kFtQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1734021884; x=1734626684; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hBe/iXYsC7stmAS8HwuTL01dKzEGrqC+g9F+rfiK818=; b=K6MF8cYJ175spe557OzmEkOtpN7eCHJ35zplEbn0XCc/jSZKAAmJ1TWj/WrSRh0btj RgFDHL/bPQfmPfigptNwL5cGuUmR2Fq/NvYHHKCoYV30ADd3eDhA8s4itEYu6n74dJU3 HTyPDOlxKF2gaCAKKlyUZzZx6uSmuR9irCZM1fTbWBQ1RuPq4jHLDXf81MPWKmuo7LhM QN1UppeCSA1xVDmbHRnEeC1fP26cjsdSZGe+8MZ2Acpa/kUNTnZ5SEH1iQzpl/LtiTW+ 2OqdJM/NsRzUVlnVWhdJwPA0/tNlu4bexa9A5oFSk3UzFRT/FC58qnGJt6AY3xoYUBJW U/HQ== X-Forwarded-Encrypted: i=1; AJvYcCWCOPlDA6i9VKua9tRtH3YDWU6Wa77BO2/oOd+zTMn1IHhZRsQ+k7jxLcF7B8ugF5VOe1YX5FmxpcYvg6ME@lists.postgresql.org X-Gm-Message-State: AOJu0Yy1ALktlglip9BiZCjQByTQmVmu2mVVT31i1qWw4uRSxvIcnJYd yfGiPvCUEXJkPj72Z0Bj7fl/QsKGYEw8hkhupBAUuKutzkh5fwHGe6yBxaEKI/Ta4jGDrBDbk12 gC6qxdqHSjWAQJ0poI2nfXUYnvc2jX7++9YNr X-Gm-Gg: ASbGncvDfXU0Si/lO2cMFj24war9nyrjiJPOw9p9WEib+Lvr0I8NAgQMGSv/XbDl4po 8C0GPUM7TqQSvTlKo8r6aDwwB6bKMvnqdunfJ X-Google-Smtp-Source: AGHT+IH4fC0q/2SJKX9VhMK5Pzm0wVIFjtBkCQGT6hai45B9Cn3gJNHasHCBy2e4HPZ3cHpYPsjwuUGI4oKBpMQCyfk= X-Received: by 2002:a05:6870:b4a8:b0:29e:3d2a:a4a9 with SMTP id 586e51a60fabf-2a385333194mr2117509fac.5.1734021884616; Thu, 12 Dec 2024 08:44:44 -0800 (PST) MIME-Version: 1.0 References: <27b29a35-9b96-46a9-bc1a-914140869dac@gmail.com> In-Reply-To: From: Jacob Champion Date: Thu, 12 Dec 2024 08:44:33 -0800 Message-ID: Subject: Re: SCRAM pass-through authentication for postgres_fdw To: Matheus Alcantara Cc: Jelte Fennema-Nio , PostgreSQL Hackers Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Wed, Dec 11, 2024 at 11:04=E2=80=AFAM Matheus Alcantara wrote: > Em qua., 4 de dez. de 2024 =C3=A0s 20:39, Jacob Champion > escreveu: > > Sure, I'm not saying it's worse than plaintext. But a third > > alternative might be actual pass-through SCRAM [1], where either you > > expect the two servers to share a certificate fingerprint, or > > explicitly disable channel bindings on the second authentication pass > > in order to allow the MITM. (Or, throwing spaghetti, maybe even have > > the primary server communicate the backend cert so you can verify it > > and use it in the binding?) > > I'm not understanding how these options would work for this scenario. > I understand your concern about making the users copying the SCRAM > verifiers around but I don't understand how this third alternative fix > this issue. Would it be something similar to what you've implemented on > [1]? Yeah, I was speaking in reference to my LDAP/SCRAM patchset from a while back. (I'm just going to call that approach "proxied SCRAM" for now.) > The approach on this patch is that when the backend open the > connection with the foreign server, it will use the ClientKey stored > from the first client connection with the backend to build the final > client message that will be sent to the foreign server, which was > created/validated based on verifiers of the first backend. I can't see > how the foreign server can validate the client proof without having > the identical verifiers with the first backend. Correct. The only way this strategy will work is if the verifiers are the same. (Proxied SCRAM allows for different verifiers -- with different salts and/or iterations -- with the same password.) I do like that the action "copy the verifier" is a pretty clear signal that you want the servers to be able to MITM each other. It's less attack surface than having the two servers share a certificate, for sure, and less work than communicating a new binding. Only users that have opted into that are "vulnerable". > I tested a scenario where the client open a connection with the > backend using channel binding and the backend open a connection with > the foreign server also using channel binding and everything seems to > works fine. I don't know if I missing something here, but here is how > I've tested this: All that looks good. Sorry, I hadn't intended to derail your particular proposal with that -- the channel binding problem only shows up with my proxied SCRAM, because the client has to decide which tls-server-end-point to trust and put into the binding. (It's important that your patchset works with channel bindings too, of course, but I don't expect that to be a problem. It shouldn't matter to this approach.) --Jacob