Skip site navigation (1) Skip section navigation (2)

Re: Letting the client choose the protocol to use during a SASL exchange

From: Heikki Linnakangas <hlinnaka(at)iki(dot)fi>
To: Álvaro Hernández Tortosa <aht(at)8kdata(dot)com>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Simon Riggs <simon(at)2ndquadrant(dot)com>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Letting the client choose the protocol to use during a SASL exchange
Date: 2017-04-12 17:34:38
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
On 04/11/2017 02:32 PM, Álvaro Hernández Tortosa wrote:
>      So I still see your proposal more awkward and less clear, mixing
> things that are separate. But again, your choice  :)

So, here's my more full-fledged proposal.

The first patch refactors libpq code, by moving the responsibility of 
reading the GSS/SSPI/SASL/MD5 specific data from the authentication 
request packet, from the enormous switch-case construct in 
PQConnectPoll(), into pg_fe_sendauth(). This isn't strictly necessary, 
but I think it's useful cleanup anyway, and now that there's a bit more 
structure in the AuthenticationSASL message, the old way was getting 

The second patch contains the protocol changes, and adds the 
documentation for it.

- Heikki

Attachment: 0001-Refactor-libpq-authentication-request-processing.patch
Description: text/x-patch (23.6 KB)
Attachment: 0002-Improve-the-SASL-authentication-protocol.patch
Description: text/x-patch (28.2 KB)

In response to


pgsql-hackers by date

Next:From: Álvaro Hernández TortosaDate: 2017-04-12 17:38:22
Subject: Re: Some thoughts about SCRAM implementation
Previous:From: Andres FreundDate: 2017-04-12 17:34:37
Subject: Re: Cutting initdb's runtime (Perl question embedded)

Privacy Policy | About PostgreSQL
Copyright © 1996-2018 The PostgreSQL Global Development Group