postgres_fdw: SCRAM authentication pass-through This enables SCRAM authentication for postgres_fdw when connecting to a foreign server without having to store a plain-text password on user mapping options.
This is done by saving the SCRAM ClientKey and ServeryKey from the client authentication and using those instead of the plain-text password for the server-side SCRAM exchange. The new foreign-server or user-mapping option "use_scram_passthrough" enables this. Co-authored-by: Matheus Alcantara <mths....@pm.me> Co-authored-by: Peter Eisentraut <pe...@eisentraut.org> Discussion: https://www.postgresql.org/message-id/flat/27b29a35-9b96-46a9-bc1a-914140869...@gmail.com Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/761c79508e7fbc33c1b11754bdde4bd03ce9cbb3 Modified Files -------------- contrib/postgres_fdw/Makefile | 1 + contrib/postgres_fdw/connection.c | 69 ++++++++++- contrib/postgres_fdw/expected/postgres_fdw.out | 4 +- contrib/postgres_fdw/meson.build | 5 + contrib/postgres_fdw/option.c | 3 + contrib/postgres_fdw/t/001_auth_scram.pl | 151 +++++++++++++++++++++++++ doc/src/sgml/libpq.sgml | 28 +++++ doc/src/sgml/postgres-fdw.sgml | 72 ++++++++++++ src/backend/libpq/auth-scram.c | 14 ++- src/include/libpq/libpq-be.h | 9 ++ src/interfaces/libpq/fe-auth-scram.c | 83 +++++++++----- src/interfaces/libpq/fe-auth.c | 2 +- src/interfaces/libpq/fe-connect.c | 47 ++++++++ src/interfaces/libpq/libpq-int.h | 6 + 14 files changed, 451 insertions(+), 43 deletions(-)
