Re: SCRAM pass-through authentication for postgres_fdw

This patch is surprisingly compact and straightforward for providing
such complex functionality.

I have one major code comment that needs addressing:

In src/interfaces/libpq/fe-auth-scram.c, there is:

+ memcpy(ClientKey, state->conn->scram_client_key_binary,
SCRAM_MAX_KEY_LEN);

Here you are assuming that scram_client_key_binary has a fixed length,
but the allocation is

+ len = pg_b64_dec_len(strlen(conn->scram_client_key));
+ conn->scram_client_key_len = len;
+ conn->scram_client_key_binary = malloc(len);

And scram_client_key is passed by the client. There needs to be some
verification that what is passed in is of the right length.

At the moment, we only support one variant of SCRAM, so all the keys
etc. are of a fixed length. But we should make sure that this wouldn't
break in confusing ways in the future if that is no longer the case.

Attached are a few minor fix-up patches for your patches. I have marked
a couple of places where more documentation could be added.

In the future, you can squash all of this (code plus documentation) into
one patch.

postgres_fdw has this error message:

ereport(ERROR,
(errcode(ERRCODE_S_R_E_PROHIBITED_SQL_STATEMENT_ATTEMPTED),
errmsg("password or GSSAPI delegated credentials required"),
errdetail("Non-superusers must delegate GSSAPI credentials
or provide a password in the user mapping.")));

Maybe the option of having SCRAM pass-through should be mentioned here?
It seems sort of analogous to the delegate GSSAPI credentials case.

Finally, if you have time, maybe look into whether this could also be
implemented in dblink.