Re: [HACKERS] On-disk format of SCRAM verifiers

2017-04-21 Thread Heikki Linnakangas 

On 04/21/2017 05:33 PM, Simon Riggs wrote:

On 21 April 2017 at 14:42, Heikki Linnakangas  wrote:


SCRAM-SHA-256$:$:


Could you explain where you are looking? I don't see that in RFC5803



>From 1.  Overview:

Yeah, it's not easy to see, I missed it earlier too. You have to look at RFC 5803 and RFC 3112 together. RFC 3112 says that the overall format is 
"$$", and RFC5803 says that for SCRAM, scheme is "SCRAM-SHA-256" (for our variant), authInfo 
is ":" and authValue is ":"

They really should've included examples in those RFCs.


Thanks

+1 for change


Committed, thanks.

- Heikki



--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] On-disk format of SCRAM verifiers

2017-04-21 Thread Simon Riggs 
On 21 April 2017 at 14:42, Heikki Linnakangas  wrote:

 SCRAM-SHA-256$:$:
>>>
>>> Could you explain where you are looking? I don't see that in RFC5803
>>
> >From 1.  Overview:
>
> Yeah, it's not easy to see, I missed it earlier too. You have to look at RFC 
> 5803 and RFC 3112 together. RFC 3112 says that the overall format is 
> "$$", and RFC5803 says that for SCRAM, scheme is 
> "SCRAM-SHA-256" (for our variant), authInfo is ":" and 
> authValue is ":"
>
> They really should've included examples in those RFCs.

Thanks

+1 for change

-- 
Simon Riggshttp://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] On-disk format of SCRAM verifiers

2017-04-21 Thread Dagfinn Ilmari Mannsåker 
Michael Paquier  writes:

> On Fri, Apr 21, 2017 at 10:02 PM, Simon Riggs  wrote:
>> On 21 April 2017 at 10:20, Heikki Linnakangas  wrote:
>>> But looking more closely, I think I misunderstood RFC 5803. It *does* in
>>> fact specify a single string format to store the verifier in. And the format
>>> looks like:
>>>
>>> SCRAM-SHA-256$:$:
>>
>> Could you explain where you are looking? I don't see that in RFC5803
>
> From 1.  Overview:
>
>Syntax of the attribute can be expressed using ABNF [RFC5234].  Non-
>terminal references in the following ABNF are defined in either
>[AUTHPASS], [RFC4422], or [RFC5234].
>
>scram-mech = "SCRAM-SHA-1" / scram-mech-ext
>   ; Complies with ABNF for 
>   ; defined in [AUTHPASS].
>
>scram-authInfo = iter-count ":" salt
>   ; Complies with ABNF for 
>   ; defined in [AUTHPASS].
>
>scram-authValue = stored-key ":" server-key
>   ; Complies with ABNF for 
>   ; defined in [AUTHPASS].

And scram-mech, scram-authInfo and scram-authValue are used as the
"scheme", "authInfo" and "authValue" parts as specified in [AUTHPASS]
(RFC3112):

authPasswordValue   = w scheme s authInfo s authValue w
scheme  = %x30-39 / %x41-5A / %x2D-2F / %x5F
; 0-9, A-Z, "-", ".", "/", or "_"
authInfo= schemeSpecificValue
authValue   = schemeSpecificValue
schemeSpecificValue = *( %x21-23 / %x25-7E )
; printable ASCII less "$" and " "
s   = w SEP w
w   = *SP
SEP = %x24 ; "$"
SP  = %x20 ; " " (space)

> Thanks,
> -- 
> Michael


- ilmari
-- 
"A disappointingly low fraction of the human race is,
 at any given time, on fire." - Stig Sandbeck Mathisen


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] On-disk format of SCRAM verifiers

2017-04-21 Thread Heikki Linnakangas 


On 21 April 2017 16:20:56 EEST, Michael Paquier  
wrote:
>On Fri, Apr 21, 2017 at 10:02 PM, Simon Riggs 
>wrote:
>> On 21 April 2017 at 10:20, Heikki Linnakangas 
>wrote:
>>> But looking more closely, I think I misunderstood RFC 5803. It
>*does* in
>>> fact specify a single string format to store the verifier in. And
>the format
>>> looks like:
>>>
>>> SCRAM-SHA-256$:$:
>>
>> Could you explain where you are looking? I don't see that in RFC5803
>
>From 1.  Overview:

Yeah, it's not easy to see, I missed it earlier too. You have to look at RFC 
5803 and RFC 3112 together. RFC 3112 says that the overall format is 
"$$", and RFC5803 says that for SCRAM, scheme is 
"SCRAM-SHA-256" (for our variant), authInfo is ":" and 
authValue is ":"

They really should've included examples in those RFCs.

- Heikki


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] On-disk format of SCRAM verifiers

2017-04-21 Thread Simon Riggs 
On 21 April 2017 at 14:20, Michael Paquier  wrote:
> On Fri, Apr 21, 2017 at 10:02 PM, Simon Riggs  wrote:
>> On 21 April 2017 at 10:20, Heikki Linnakangas  wrote:
>>> But looking more closely, I think I misunderstood RFC 5803. It *does* in
>>> fact specify a single string format to store the verifier in. And the format
>>> looks like:
>>>
>>> SCRAM-SHA-256$:$:
>>
>> Could you explain where you are looking? I don't see that in RFC5803
>
> From 1.  Overview:
>
>Syntax of the attribute can be expressed using ABNF [RFC5234].  Non-
>terminal references in the following ABNF are defined in either
>[AUTHPASS], [RFC4422], or [RFC5234].
>
>scram-mech = "SCRAM-SHA-1" / scram-mech-ext
>   ; Complies with ABNF for 
>   ; defined in [AUTHPASS].
>
>scram-authInfo = iter-count ":" salt
>   ; Complies with ABNF for 
>   ; defined in [AUTHPASS].
>
>scram-authValue = stored-key ":" server-key
>   ; Complies with ABNF for 
>   ; defined in [AUTHPASS].
>
> Thanks,

The above text, which I've already read, does not explain the
suggested change from : to $.

Could you explain?

-- 
Simon Riggshttp://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] On-disk format of SCRAM verifiers

2017-04-21 Thread Michael Paquier 
On Fri, Apr 21, 2017 at 9:25 PM, Stephen Frost  wrote:
> * Heikki Linnakangas (hlinn...@iki.fi) wrote:
>> I think we should adopt that exact format, so that our verifiers are
>> compatible with RFC 5803. It doesn't make any immediate difference,
>> but since there is a standard out there, might as well follow it.
>
> +1
>
>> And just in case we get support for looking up SCRAM verifiers from
>> an LDAP server in the future, it will come handy as we won't need to
>> parse two different formats.
>
> Agreed.

+1 to all that. Consistency is a good thing.
-- 
Michael


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] On-disk format of SCRAM verifiers

2017-04-21 Thread Michael Paquier 
On Fri, Apr 21, 2017 at 10:02 PM, Simon Riggs  wrote:
> On 21 April 2017 at 10:20, Heikki Linnakangas  wrote:
>> But looking more closely, I think I misunderstood RFC 5803. It *does* in
>> fact specify a single string format to store the verifier in. And the format
>> looks like:
>>
>> SCRAM-SHA-256$:$:
>
> Could you explain where you are looking? I don't see that in RFC5803

>From 1.  Overview:

   Syntax of the attribute can be expressed using ABNF [RFC5234].  Non-
   terminal references in the following ABNF are defined in either
   [AUTHPASS], [RFC4422], or [RFC5234].

   scram-mech = "SCRAM-SHA-1" / scram-mech-ext
  ; Complies with ABNF for 
  ; defined in [AUTHPASS].

   scram-authInfo = iter-count ":" salt
  ; Complies with ABNF for 
  ; defined in [AUTHPASS].

   scram-authValue = stored-key ":" server-key
  ; Complies with ABNF for 
  ; defined in [AUTHPASS].

Thanks,
-- 
Michael


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] On-disk format of SCRAM verifiers

2017-04-21 Thread Simon Riggs 
On 21 April 2017 at 10:20, Heikki Linnakangas  wrote:

> But looking more closely, I think I misunderstood RFC 5803. It *does* in
> fact specify a single string format to store the verifier in. And the format
> looks like:
>
> SCRAM-SHA-256$:$:

Could you explain where you are looking? I don't see that in RFC5803

-- 
Simon Riggshttp://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] On-disk format of SCRAM verifiers

2017-04-21 Thread Stephen Frost 
Heikki,

* Heikki Linnakangas (hlinn...@iki.fi) wrote:
> I think we should adopt that exact format, so that our verifiers are
> compatible with RFC 5803. It doesn't make any immediate difference,
> but since there is a standard out there, might as well follow it.

+1

> And just in case we get support for looking up SCRAM verifiers from
> an LDAP server in the future, it will come handy as we won't need to
> parse two different formats.

Agreed.

Thanks!

Stephen


signature.asc
Description: Digital signature