| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Kris Jurka <books(at)ejurka(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: GSSAPI and V2 protocol |
| Date: | 2008-02-06 11:32:29 |
| Message-ID: | 20080206113229.GE4714@svr2.hagander.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Feb 06, 2008 at 02:57:39AM -0500, Kris Jurka wrote:
>
>
> On Tue, 5 Feb 2008, Tom Lane wrote:
>
> >The problem seems to be that AuthenticationGSSContinue messages carry
> >a variable-length payload, and the V2 protocol doesn't really cope with
> >that because it doesn't have a message length word.
> >
> >1. If the GSSContinue payload is self-identifying about its length,
> >qwe could teach fe-connect.c how to determine that.
>
> The GSS data is supposed to be opaque to the caller, so this doesn't
> seem likely or a good idea.
Yeah, agreed, that seems like a very fragile idea.
> >2. We could retroactively redefine the contents of
> >AuthenticationGSSContinue as carrying a length word after the
> >authentication type code, but only in V2 protocol (so as not to break
> >existing working cases). This is pretty ugly but certainly possible.
>
> I see no harm in doing this. What's there now can't work and the change
> is self contained. Is there any problem with the password message taking
> a "String" datatype instead of Byte[n] with a null byte?
I agree that this is probabliy the best way, if we can do it. But you do
raise a good point - the message that goes the other way can certainly contain
embedded NULLs.
//Magnus
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2008-02-06 12:01:23 | Re: PostgreSQL 8.4 development plan |
| Previous Message | Dave Page | 2008-02-06 08:56:51 | PostgreSQL 8.4 development plan |