Revert "Disable the master password requirement when using alternative authentication sources. Fixes #7012"

This reverts commit 0c823455a0.
This commit is contained in:
Akshay Joshi 2022-04-22 15:58:06 +05:30
parent ab8e9a8ea5
commit faff8d1fb3
7 changed files with 9 additions and 77 deletions

View File

@ -1,33 +0,0 @@
.. _alternate_encryption_key:
**********************************
`Alternate Encryption Key`:index:
**********************************
pgAdmin would use the alternate encryption key to secure and later unlock the saved server
passwords if the master password is disabled AND there is NO suitable key/password available
from the authentication module for the user in server mode.
When pgAdmin stores a connection password,
it encrypts it using a key that is formed either from the master password, or
from the pgAdmin login password for the user. In the case of authentication methods
such as OAuth, Kerberos or Webserver, pgAdmin doesn't have access to anything long-lived to
form the encryption key from, hence it uses the master password and if master password
is disabled pgAdmin would use the alternate encryption key, if it is set.
.. note:: You can set the alternate encryption key by setting the configuration
parameter *ALTERNATE_ENCRYPTION_KEY=<Key>*.
See :ref:`config_py` for more information on configuration parameters and how
they can be changed or enforced across an organisation.
.. note:: If the master password and the alternate encryption key is disabled,
then all the saved passwords will be removed.
.. warning:: By setting this option, you should be fully aware of the potential security
risk of using the same encryption key for multiple users, that may be accessible to
sysadmins who would not normally be able to use pgAdmin.
It is **not recommended** that you use the alternate encryption key instead of master password
if you use the *Save Password* option.

View File

@ -38,13 +38,6 @@ It is set by the user and can be disabled using config.
master_password
The Alternate Encryption Key is used to secure and later unlock saved server passwords.
It is **not recommended** to use the alternate encryption key.
.. toctree::
alternate_encryption_key
After defining a server connection, right-click on the server name, and select
*Connect to server* to authenticate with the server, and start using pgAdmin to
manage objects that reside on the server.

View File

@ -5,9 +5,7 @@
************************
A master password is required to secure and later unlock the saved server
passwords. This is applicable for desktop mode users and for the auth methods
such as OAuth, Kerberos or Webserver where pgAdmin doesn't have access to anything
long-lived to form the encryption key.
passwords. This is applicable only for desktop mode users.
* You are prompted to enter the master password when you open the window for
the first time after starting the application.
@ -25,15 +23,15 @@ long-lived to form the encryption key.
See :ref:`config_py` for more information on configuration parameters and how
they can be changed or enforced across an organisation.
.. note:: If the master password and :ref:`alternate_encryption_key` is disabled,
then all the saved passwords will be removed.
.. note:: If the master password is disabled, then all the saved passwords will
be removed.
.. warning:: If the master password is disabled, then the saved passwords will
be encrypted using the :ref:`alternate_encryption_key` or a key which is derived
from information within the configuration database. Use of a master password
ensures that the encryption key does not need to be stored anywhere, and thus
prevents possible access to server credentials if the configuration database
becomes available to an attacker.
be encrypted using a key which is derived from information within the
configuration database. Use of a master password ensures that the encryption
key does not need to be stored anywhere, and thus prevents possible access
to server credentials if the configuration database becomes available to an
attacker.
It is **strongly** recommended that you use the master password if you use
the *Save Password* option.

View File

@ -12,7 +12,6 @@ New features
| `Issue #3253 <https://redmine.postgresql.org/issues/3253>`_ - Added status bar to the Query Tool.
| `Issue #3989 <https://redmine.postgresql.org/issues/3989>`_ - Ensure that row numbers should be visible in view when scrolling horizontally.
| `Issue #6830 <https://redmine.postgresql.org/issues/6830>`_ - Relocate GIS Viewer Button to the Left Side of the Results Table.
| `Issue #7012 <https://redmine.postgresql.org/issues/7012>`_ - Disable the master password requirement when using alternative authentication sources.
| `Issue #7282 <https://redmine.postgresql.org/issues/7282>`_ - Added options 'Ignore owner' and 'Ignore whitespace' to the schema diff panel.
| `Issue #7325 <https://redmine.postgresql.org/issues/7325>`_ - Added support for Azure AD OAUTH2 authentication.

View File

@ -553,27 +553,6 @@ ALLOW_SAVE_TUNNEL_PASSWORD = False
##########################################################################
MASTER_PASSWORD_REQUIRED = True
##########################################################################
# When pgAdmin stores a connection password,
# it encrypts it using a key that is formed either from the master password, or
# from the pgAdmin login password for the user.
#
# In the case of auth methods such as OAuth or Kerberos, pgAdmin
# doesn't have access to anything long-lived to form the encryption key from,
# hence it uses the master password.
# So, pgAdmin would use this alternate encryption key if
# a) the master password is disabled
# AND
# b) there is NO suitable key/pass available from the auth module for the user.
# By setting this option, you should fully aware of the potential security
# risk of using the same encryption key for multiple users,
# that may be accessible to sysadmins who would not normally
# be able to use pgAdmin.
##########################################################################
ALTERNATE_ENCRYPTION_KEY = None
##########################################################################
# Allows pgAdmin4 to create session cookies based on IP address, so even
# if a cookie is stolen, the attacker will not be able to connect to the

View File

@ -706,8 +706,7 @@ def index():
auth_source = session['auth_source_manager'][
'source_friendly_name']
if not config.MASTER_PASSWORD_REQUIRED and 'pass_enc_key' in session\
and not config.ALTERNATE_ENCRYPTION_KEY:
if not config.MASTER_PASSWORD_REQUIRED and 'pass_enc_key' in session:
session['allow_save_password'] = False
response = Response(render_template(

View File

@ -33,9 +33,6 @@ def get_crypt_key():
elif config.MASTER_PASSWORD_REQUIRED \
and enc_key is None:
return False, None
elif not config.MASTER_PASSWORD_REQUIRED and config.SERVER_MODE and \
config.ALTERNATE_ENCRYPTION_KEY:
return True, config.ALTERNATE_ENCRYPTION_KEY
elif not config.MASTER_PASSWORD_REQUIRED and config.SERVER_MODE and \
'pass_enc_key' in session:
return True, session['pass_enc_key']