[PATCH v7] GSSAPI encryption support

From: Robbie Harwood <rharwood(at)redhat(dot)com>
To: pgsql-hackers(at)postgresql(dot)org
Subject: [PATCH v7] GSSAPI encryption support
Date: 2016-03-14 23:11:42
Message-ID: jlgbn6gpscx.fsf@thriss.redhat.com
Views: Raw Message | Whole Thread | Download mbox
Lists: pgsql-hackers

Hello friends,

New week, new version. GitHub link:

Changes in this version:

- Removed extra whitespace in auth code movement.

- Fixed connection desync issue. A diff of this and v6 will reveal
three issues:

- First, that pg_GSS_read() didn't properly handle having a full
buffer when called because pqsecure_raw_read() doesn't handle reads of
size 0. I've elected to change my own code here only, but it may be
desirable to change pqsecure_raw_read() as well depending on whether
other people are likely to hit that.

- Second, that I was shunting data into the wrong buffer (don't know
how this was overlooked; it has "write" right there in the name).

- Third, that I'm now immediately decrypting that data into
conn->inBuffer rather than deferring that step until later. This
removes the hang because now the connection will not erroneously get
stuck polling while data is buffered.


Attachment Content-Type Size
v7-0001-Move-common-GSSAPI-code-into-its-own-files.patch text/x-diff 13.4 KB
v7-0002-Connection-encryption-support-for-GSSAPI.patch text/x-diff 37.1 KB
v7-0003-GSSAPI-authentication-cleanup.patch text/x-diff 4.8 KB

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Peter Geoghegan 2016-03-14 23:11:48 Re: Fix for OpenSSL error queue bug
Previous Message Alvaro Herrera 2016-03-14 23:10:58 Re: Timeline following for logical slots