Re: [HACKERS] WIP: AuthenticationMD5 protocol documentation clarification
Heikki Linnakangas wrote: On 06.06.2011 16:58, Robert Haas wrote: On Sun, Jun 5, 2011 at 11:26 AM, Cyan Ogilviecyan.ogil...@gmail.com wrote: This is my first patch, so I hope I've got the process right for submitting patches. You're doing great. I suspect we do want to either (1) reword what you've done in English, rather than writing it as code, or at least (2) add some SGML markup to the code. Our next CommitFest starts in just over a week, so you should receive some more specific feedback pretty soon. That is quite complicated to explain in plain English, so some sort of pseudo-code is probably a good idea. I would recommend not to formulate it as a SQL expression, though. It makes you think you could execute it from psql or something. Even if you know that's not how to do it, it feels confusing. Maybe something like: literalmd5/literal hex_encode(md5(hex_encode(md5(password username) salt) with some extra markup to make it look pretty. I have applied the attached doc patch to document this. Thanks for the report --- it was something we certainly needed to document. -- Bruce Momjian br...@momjian.ushttp://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml new file mode 100644 index 19c9686..4fda518 *** a/doc/src/sgml/protocol.sgml --- b/doc/src/sgml/protocol.sgml *** *** 293,302 listitem para The frontend must now send a PasswordMessage containing the ! password encrypted via MD5, using the 4-character salt ! specified in the AuthenticationMD5Password message. If ! this is the correct password, the server responds with an ! AuthenticationOk, otherwise it responds with an ErrorResponse. /para /listitem /varlistentry --- 293,307 listitem para The frontend must now send a PasswordMessage containing the ! password (with username) encrypted via MD5, then encrypted ! again using the 4-byte random salt specified in the ! AuthenticationMD5Password message. If this is the correct ! password, the server responds with an AuthenticationOk, ! otherwise it responds with an ErrorResponse. The actual ! PasswordMessage can be computed in SQL as literalconcat('md5', ! md5(concat(md5(concat(password, username)), random-salt)))/. ! (Keep in mind the functionmd5()/ function returns its ! result as a hex string.) /para /listitem /varlistentry -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
[HACKERS] WIP: AuthenticationMD5 protocol documentation clarification
This is my first patch, so I hope I've got the process right for submitting patches. I'm building a driver to talk version 3.0 of the protocol, and generally I've found the documentation to be excellent. One are I had trouble with was responding to the AuthenticationMD5Password challenge. After receiving help on IRC, I've attached a patch to the protocol documentation attempting to clarify what is expected by the backend, basically: concat( 'md5', hex_encode( md5( concat( hex_encode( md5( concat(password, username) ) ), salt ) ) ) ) My technical writing skills were not up to wording that in plain english, and it seems like the rest of the documentation for the protocol steers clear of anything that looks like code. Is this policy in this area or is the code-esque description ok? No code is changed, only documentation, so I've left out the code-relevant patch info fields Patch info: Project name: postgresql Branch: master Cyan diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml new file mode 100644 index d3de330..ba95241 *** a/doc/src/sgml/protocol.sgml --- b/doc/src/sgml/protocol.sgml *** *** 294,303 listitem para The frontend must now send a PasswordMessage containing the ! password encrypted via MD5, using the 4-character salt ! specified in the AuthenticationMD5Password message. If ! this is the correct password, the server responds with an ! AuthenticationOk, otherwise it responds with an ErrorResponse. /para /listitem /varlistentry --- 294,306 listitem para The frontend must now send a PasswordMessage containing the ! result of concat('md5', ! hex_encode(md5(concat(hex_encode(md5(concat(password, username))), ! salt, where salt is the 4-character salt specified in ! the AuthenticationMD5Password message. Username and password do not ! include the trailing null byte. If this is the correct password, the ! server responds with an AuthenticationOk, otherwise it responds with ! an ErrorResponse. /para /listitem /varlistentry -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] WIP: AuthenticationMD5 protocol documentation clarification
On Sun, Jun 5, 2011 at 11:26 AM, Cyan Ogilvie cyan.ogil...@gmail.com wrote: This is my first patch, so I hope I've got the process right for submitting patches. You're doing great. I suspect we do want to either (1) reword what you've done in English, rather than writing it as code, or at least (2) add some SGML markup to the code. Our next CommitFest starts in just over a week, so you should receive some more specific feedback pretty soon. Also, if you'd like to help review someone else's patch, that would be great. http://archives.postgresql.org/pgsql-rrreviewers/2011-06/msg0.php -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] WIP: AuthenticationMD5 protocol documentation clarification
On 06.06.2011 16:58, Robert Haas wrote: On Sun, Jun 5, 2011 at 11:26 AM, Cyan Ogilviecyan.ogil...@gmail.com wrote: This is my first patch, so I hope I've got the process right for submitting patches. You're doing great. I suspect we do want to either (1) reword what you've done in English, rather than writing it as code, or at least (2) add some SGML markup to the code. Our next CommitFest starts in just over a week, so you should receive some more specific feedback pretty soon. That is quite complicated to explain in plain English, so some sort of pseudo-code is probably a good idea. I would recommend not to formulate it as a SQL expression, though. It makes you think you could execute it from psql or something. Even if you know that's not how to do it, it feels confusing. Maybe something like: literalmd5/literal hex_encode(md5(hex_encode(md5(password username) salt) with some extra markup to make it look pretty. -- Heikki Linnakangas EnterpriseDB http://www.enterprisedb.com -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers