Re: SCRAM authentication, take three

From: Heikki Linnakangas <hlinnaka(at)iki(dot)fi>
To: Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Aleksander Alekseev <a(dot)alekseev(at)postgrespro(dot)ru>
Cc: Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: SCRAM authentication, take three
Date: 2017-02-15 11:28:38
Message-ID: b8639ea0-ec52-f612-ecbd-4b75c201b3e1@iki.fi
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On 02/07/2017 04:20 AM, Michael Paquier wrote:
> On Tue, Feb 7, 2017 at 3:12 AM, Aleksander Alekseev
> <a(dot)alekseev(at)postgrespro(dot)ru> wrote:
>> No, I'm afraid `make distclean` doesn't help. I've re-checked twice.
>
> Hm. I can see the failure on macos and python2 builds as well with the
> set of patches applied. And the master branch is working properly.
> This needs some investigation.

Ah, found it. It was because of this change:

> --- a/src/backend/utils/errcodes.txt
> +++ b/src/backend/utils/errcodes.txt
> @@ -247,6 +247,7 @@ Section: Class 28 - Invalid Authorization Specification
>
> 28000 E ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION invalid_authorization_specification
> 28P01 E ERRCODE_INVALID_PASSWORD invalid_password
> +28P01 E ERRCODE_INVALID_NONCE invalid_nonce
>

Having two error codes with the same SQLSTATE is not cool, and tripped
the assertion in PL/python. I removed the new error code, it was only
used in one place, and ERRCODE_PROTOCOL_VIOLATIOn was more appropriate
there anyway.

Attached is a new set of patches, with that fixed. Thanks for the report
Aleksander!

- Heikki

Attachment Content-Type Size
0001-Refactor-SHA2-functions-and-move-them-to-src-common.patch.gz application/gzip 7.6 KB
0002-Add-encoding-routines-for-base64-without-whitespace-.patch.gz application/gzip 2.5 KB
0003-Add-clause-PASSWORD-val-USING-protocol-to-CREATE-ALT.patch.gz application/gzip 2.5 KB
0004-Support-for-SCRAM-SHA-256-authentication-RFC-5802-an.patch.gz application/gzip 28.4 KB
0005-Add-regression-tests-for-passwords.patch.gz application/gzip 2.2 KB
0006-Add-TAP-tests-for-authentication-methods.patch.gz application/gzip 1.3 KB
0007-Introduce-WIP-for-UTF-8-normalization.patch.gz application/gzip 2.5 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Amit Kapila 2017-02-15 12:11:18 Re: Parallel Index Scans
Previous Message Alvaro Herrera 2017-02-15 10:59:06 Re: Proposal: GetOldestXminExtend for ignoring arbitrary vacuum flags