Re: Letting the client choose the protocol to use during a SASL exchange
Heikki Linnakangas <hlinnaka@iki.fi>
From: Heikki Linnakangas <hlinnaka@iki.fi>
To: Álvaro Hernández Tortosa <aht@8kdata.com>, Michael Paquier <michael.paquier@gmail.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Simon Riggs <simon@2ndquadrant.com>,
PostgreSQL mailing lists <pgsql-hackers@postgresql.org>
Date: 2017-04-12T17:34:38Z
Lists: pgsql-hackers
Attachments
- 0001-Refactor-libpq-authentication-request-processing.patch (text/x-patch)
On 04/11/2017 02:32 PM, Álvaro Hernández Tortosa wrote: > So I still see your proposal more awkward and less clear, mixing > things that are separate. But again, your choice :) So, here's my more full-fledged proposal. The first patch refactors libpq code, by moving the responsibility of reading the GSS/SSPI/SASL/MD5 specific data from the authentication request packet, from the enormous switch-case construct in PQConnectPoll(), into pg_fe_sendauth(). This isn't strictly necessary, but I think it's useful cleanup anyway, and now that there's a bit more structure in the AuthenticationSASL message, the old way was getting awkward. The second patch contains the protocol changes, and adds the documentation for it. - Heikki
Commits
-
Improve the SASL authentication protocol.
- 4f3b87ab780b 10.0 landed
-
Refactor libpq authentication request processing.
- 61bf96cab063 10.0 landed
-
Minor cleanup of backend SCRAM code.
- 00707fa58275 10.0 landed