Re: dblink: Add SCRAM pass-through authentication

On Wed, Jan 22, 2025 at 6:10 AM Matheus Alcantara
<matheusssilv97(at)gmail(dot)com> wrote:
> The attached patch enables SCRAM authentication for dblink connections when
> using dblink_fdw without requiring a plain-text password on user mapping
> properties. The implementation is very similar to what was implemented on
> postgres_fdw [0].

Not a full review, but I wanted to highlight one aspect of the patch:

> - dblink_connstr_check(connstr);
> + /*
> + * Verify the set of connection parameters only if scram pass-through is
> + * not being used because the password is not necessary.
> + */
> + if (!useScramPassthrough)
> + dblink_connstr_check(connstr);

and

> - dblink_security_check(conn, rconn, connstr);
> + /*
> + * Perform post-connection security checks only if scram pass-through is
> + * not being used because the password is not necessary.
> + */
> + if (!useScramPassthrough)
> + dblink_security_check(conn, rconn, connstr);

These don't seem right to me. SCRAM passthrough should be considered
as _part_ of the connstr/security checks, but I think it should not
_bypass_ those checks. We have to enforce the use of the SCRAM
credentials on the remote for safety, similarly to GSS delegation.
(This might be a good place for `require_auth=scram-sha-256`?)

I've attached a failing test to better illustrate what I mean.

It looks like the postgres_fdw patch that landed also performs a
bypass -- I think that may need an open item to fix? CC'd Peter.

Thanks!
--Jacob