Re: Implementation of SASLprep for SCRAM-SHA-256

From: Heikki Linnakangas <hlinnaka(at)iki(dot)fi>
To: Michael Paquier <michael(dot)paquier(at)gmail(dot)com>
Cc: Robert Haas <robertmhaas(at)gmail(dot)com>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Implementation of SASLprep for SCRAM-SHA-256
Date: 2017-04-06 16:59:16
Message-ID: 082a1661-c6ae-1ac2-42e4-29734a46c17a@iki.fi
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Another version attached.

I think this is now in committable state, but there's been a lot of
small changes here and there, so please have one more look over it if
you have a chance. I'm planning to push this tomorrow, after sleeping on it.

The code-organization issue with the utf8 functions, pg_utf_mblen,
pg_utf8_islegal, unicode_to_utf8, and utf8_to_unicode, is still kind of
unresolved. The way I have it in this version is that the functions are
in wchar.c, like they've always been, and saslprep.c uses them from
there. This is ugly from a code organization point of view. as we now
have functions in src/common depending on functions in
src/backend/utils/mb/wchar.c. I think wchar.c deserves some
re-organization, as most of the functions there are also used in
frontend code. Perhaps it should be moved to src/common as whole.

Libpq already compiles with wchar.c, so all those functions that
src/common/saslprep.c requires are already available in libpq. So I
don't think that's urgent, but something we nevertheless ought to clean
up at some point.

Another thing I'd like some more eyes on, is how this will work with
encodings other than UTF-8. We will now try to normalize the password as
if it was in UTF-8, even if it isn't. That's OK as long as we're
consistent about it, but there is one worrisome scenario: what if the
user's password consists mostly of characters, that when interpreted as
UTF-8, are in the list of ignored characters. IOW, is it realistic that
a user might have a password in a non-UTF-8 encoding, that gets silently
mangled into something much shorter? I think that's highly unlikely, but
can anyone come up with a plausible example of that?

- Heikki

Attachment Content-Type Size
implement-SASLprep-4.patch.gz application/gzip 71.5 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Heikki Linnakangas 2017-04-06 17:05:11 Re: Letting the client choose the protocol to use during a SASL exchange
Previous Message Alvaro Herrera 2017-04-06 16:57:01 Re: Postgresql10 Bug report. (pg_catalog.pg_statistic_ext does not exist)