Re: Letting the client choose the protocol to use during a SASL exchange

From: Heikki Linnakangas <hlinnaka(at)iki(dot)fi>
To: Álvaro Hernández Tortosa <aht(at)8kdata(dot)com>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Simon Riggs <simon(at)2ndquadrant(dot)com>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Letting the client choose the protocol to use during a SASL exchange
Date: 2017-04-12 17:34:38
Message-ID: 6490b975-5ee1-6280-ac1d-af975b19fb9a@iki.fi
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On 04/11/2017 02:32 PM, Álvaro Hernández Tortosa wrote:
> So I still see your proposal more awkward and less clear, mixing
> things that are separate. But again, your choice :)

So, here's my more full-fledged proposal.

The first patch refactors libpq code, by moving the responsibility of
reading the GSS/SSPI/SASL/MD5 specific data from the authentication
request packet, from the enormous switch-case construct in
PQConnectPoll(), into pg_fe_sendauth(). This isn't strictly necessary,
but I think it's useful cleanup anyway, and now that there's a bit more
structure in the AuthenticationSASL message, the old way was getting
awkward.

The second patch contains the protocol changes, and adds the
documentation for it.

- Heikki

Attachment Content-Type Size
0001-Refactor-libpq-authentication-request-processing.patch text/x-patch 23.6 KB
0002-Improve-the-SASL-authentication-protocol.patch text/x-patch 28.2 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Álvaro Hernández Tortosa 2017-04-12 17:38:22 Re: Some thoughts about SCRAM implementation
Previous Message Andres Freund 2017-04-12 17:34:37 Re: Cutting initdb's runtime (Perl question embedded)