Re: [PATCH] Pull general SASL framework out of SCRAM

Jacob Champion <pchampion@vmware.com>

From: Jacob Champion <pchampion@vmware.com>
To: "michael@paquier.xyz" <michael@paquier.xyz>
Cc: "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2021-07-09T23:31:48Z
Lists: pgsql-hackers
On Thu, 2021-07-08 at 16:27 +0900, Michael Paquier wrote:
> I agree that this looks like an improvement in terms of the
> expectations behind a SASL mechanism, so I have done the attached to
> strengthen a bit all those checks.  However, I don't really see a
> point in back-patching any of that, as SCRAM satisfies with its
> implementation already all those conditions AFAIK.

Agreed.

> Thoughts?

LGTM, thanks!

> +	 *	outputlen: The length (0 or higher) of the client response buffer,
> +	 *			   invalid if output is NULL.

nitpick: maybe "ignored" instead of "invalid"?

--Jacob

Commits

  1. Install properly fe-auth-sasl.h

  2. Add more sanity checks in SASL exchanges

  3. Refactor SASL code with a generic interface for its mechanisms