| From: | Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
|---|---|
| To: | Álvaro Hernández Tortosa <aht(at)8kdata(dot)com>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Simon Riggs <simon(at)2ndquadrant(dot)com>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Letting the client choose the protocol to use during a SASL exchange |
| Date: | 2017-04-12 17:34:38 |
| Message-ID: | 6490b975-5ee1-6280-ac1d-af975b19fb9a@iki.fi |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 04/11/2017 02:32 PM, Álvaro Hernández Tortosa wrote:
> So I still see your proposal more awkward and less clear, mixing
> things that are separate. But again, your choice :)
So, here's my more full-fledged proposal.
The first patch refactors libpq code, by moving the responsibility of
reading the GSS/SSPI/SASL/MD5 specific data from the authentication
request packet, from the enormous switch-case construct in
PQConnectPoll(), into pg_fe_sendauth(). This isn't strictly necessary,
but I think it's useful cleanup anyway, and now that there's a bit more
structure in the AuthenticationSASL message, the old way was getting
awkward.
The second patch contains the protocol changes, and adds the
documentation for it.
- Heikki
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Refactor-libpq-authentication-request-processing.patch | text/x-patch | 23.6 KB |
| 0002-Improve-the-SASL-authentication-protocol.patch | text/x-patch | 28.2 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Álvaro Hernández Tortosa | 2017-04-12 17:38:22 | Re: Some thoughts about SCRAM implementation |
| Previous Message | Andres Freund | 2017-04-12 17:34:37 | Re: Cutting initdb's runtime (Perl question embedded) |