| From: | Heikki Linnakangas <heikki(dot)linnakangas(at)iki(dot)fi> |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Change the on-disk format of SCRAM verifiers to conform to RFC 5 |
| Date: | 2017-04-21 19:54:42 |
| Message-ID: | E1d1ede-0003vn-49@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Change the on-disk format of SCRAM verifiers to conform to RFC 5803.
It doesn't make any immediate difference to PostgreSQL, but might as well
follow the standard, since one exists. (I looked at RFC 5803 earlier, but
didn't fully understand it back then.)
The new format uses Base64 instead of hex to encode StoredKey and
ServerKey, which makes the verifiers slightly smaller. Using the same
encoding for the salt and the keys also means that you only need one
encoder/decoder instead of two. Although we have code in the backend to
do both, we are talking about teaching libpq how to create SCRAM verifiers
for PQencodePassword(), and libpq doesn't currently have any code for hex
encoding.
Bump catversion, because this renders any existing SCRAM verifiers in
pg_authid invalid.
Discussion: https://www.postgresql.org/message-id/351ba574-85ea-d9b8-9689-8c928dd0955d@iki.fi
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/68e61ee72eb6914f493f08be98363c2f980ee242
Modified Files
--------------
doc/src/sgml/catalogs.sgml | 24 ++++--
src/backend/libpq/auth-scram.c | 142 +++++++++++++++++++++------------
src/backend/libpq/crypt.c | 2 +-
src/include/catalog/catversion.h | 2 +-
src/test/regress/expected/password.out | 14 ++--
src/test/regress/sql/password.sql | 8 +-
6 files changed, 119 insertions(+), 73 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2017-04-21 19:56:26 | pgsql: Avoid depending on non-POSIX behavior of fcntl(2). |
| Previous Message | Peter Eisentraut | 2017-04-21 19:33:38 | pgsql: doc: Fix typo |