Re: [HACKERS] Letting the client choose the protocol to use during aSASL exchange - Mailing list pgsql-hackers
| From | Simon Riggs |
|---|---|
| Subject | Re: [HACKERS] Letting the client choose the protocol to use during aSASL exchange |
| Date | |
| Msg-id | CANP8+j+Joha0AVXLqaCpkOtRkWSNHD9FdtA1CuYkg6r_oAf-4Q@mail.gmail.com Whole thread Raw |
| Responses |
Re: [HACKERS] Letting the client choose the protocol to use during a SASL exchange
(Tom Lane <tgl@sss.pgh.pa.us>)
|
| List | pgsql-hackers |
On 4 April 2017 at 02:02, Michael Paquier <michael.paquier@gmail.com> wrote: > Hi all, > > There is still one open item pending for SCRAM that has not been > treated which is mentioned here: > https://www.postgresql.org/message-id/b081887e-1712-3aa4-7dbe-e012333d50e4@iki.fi > > When doing an authentication with SASL, the server decides what is the > mechanism that the client has to use. As SCRAM-SHA-256 is only one of > such mechanisms, it would be nice to have something more generic and > have the server return to the client a list of protocols that the > client can choose from. And also the server achnowledge which protocol > is going to be used. > > Note that RFC4422 has some content on the matter > https://tools.ietf.org/html/rfc4422#section-3.1: > Mechanism negotiation is protocol specific. > > Commonly, a protocol will specify that the server advertises > supported and available mechanisms to the client via some facility > provided by the protocol, and the client will then select the "best" > mechanism from this list that it supports and finds suitable. > > So once the server sends back the list of mechanisms that are > supported, the client is free to use what it wants. > > On HEAD, a 'R' message with AUTH_REQ_SASL followed by > SCRAM_SHA256_NAME is sent to let the client know what is the mechanism > to use for the SASL exchange. In the future, this should be extended > so as a list of names is sent, for example a comma-separated list, but > we are free to choose the format we want here. With this list at hand, > the client can then choose the protocol it thinks is the best. Still, > there is a gap with our current implementation because the server > expects the first message from the client to have a SCRAM format, but > that's true only if SCRAM-SHA-256 is used as mechanism. How would we provide the list of protocols? Surely the protocol is defined by pg_hba.conf, which makes it dependent upon username, database and ip range. If the list were accurate, it would allow an attacker to discover how best to attack. If the list were inaccurate it would just be an annoyance. At minimum, providing the list of protocols means an extra round trip to the server. So while RFC4422 might say what "commonly" happens, I don't think it applies sensibly to PostgreSQL, especially when we only have one method. ISTM that if you have a valid role to connect to then you'll also know what authentication mechanism to use so you should be able to specify the mechanism in your connection message and save the extra trip. > In order to cover this gap, it seems to me that we need to have an > intermediate state before the server is switched to FE_SCRAM_INIT so > as the mechanism used is negotiated between the two parties. Once the > protocol negotiation is done, the server can then move on with the > mechanism to use. This would be important in the future to allow more > SASL mechanisms to work. I am adding an open item for that. So I don't see a gap or an open item on that point. I see a potential future feature. > For extensibility, we may also want to revisit the choice of defining > 'scram' in pg_hba.conf instead of 'sasl'... I'd like to see us replace "scram" with "sasl=scram-sha-256". So when we extend it in future, we already have the syntax in place to support "sasl=newmethod", rather than introduce syntax that we already know will become outdated in future. -- Simon Riggs http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
pgsql-hackers by date: