[PATCH v6] GSSAPI encryption support

From: Robbie Harwood <rharwood(at)redhat(dot)com>
To: pgsql-hackers(at)postgresql(dot)org
Cc: David Steele <david(at)pgmasters(dot)net>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>
Subject: [PATCH v6] GSSAPI encryption support
Date: 2016-03-08 22:44:38
Message-ID: jlgegbkmvxl.fsf@thriss.redhat.com
Views: Raw Message | Whole Thread | Download mbox
Thread:
Lists: pgsql-hackers

Hello friends,

Here's yet another version of GSSAPI encryption support. It's also
available for viewing on my github:

https://github.com/frozencemetery/postgres/tree/feature/gssencrypt6

Let me hit the highlights of this time around:

- Fallback code is back! It's almost unchanged from early versions of
this patchset. Corresponding doc changes for this and the next item
are of course included.

- Minor protocol change. I did not realize that connection parameters
were not read until after auth was complete, which means that in this
version I go back to sending the AUTH_REQ_OK in the clear. Though I
found this initially irritating since it required re-working the
should_crypto conditions, it ends up being a net positive since I can
trade a library call for a couple variables.

- Client buffer flush on completion of authentication. This should
prevent the issue with the client getting unexpected message type of
NUL due to encrypted data not getting decrypted. I continue to be
unable to replicate this issue, but since the codepath triggers in the
"no data buffered case" all the math is sound. (Famous last words I'm
sure.)

- Code motion is its own patch. This was requested and hopefully
clarifies what's going on.

- Some GSSAPI authentication fixes have been applied. I've been staring
at this code too long now and writing this made me feel better. If it
should be a separate change that's fine and easy to do.

Thanks!

Attachment Content-Type Size
v6-0001-Move-common-GSSAPI-code-into-its-own-files.patch text/x-diff 13.4 KB
v6-0002-Connection-encryption-support-for-GSSAPI.patch text/x-diff 36.6 KB
v6-0003-GSSAPI-authentication-cleanup.patch text/x-diff 4.8 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2016-03-08 22:45:58 fun with "Ready for Committer" patches
Previous Message Oleg Bartunov 2016-03-08 22:30:10 Re: SP-GiST support for inet datatypes