Re: [PATCH] Pull general SASL framework out of SCRAM

Jacob Champion <pchampion@vmware.com>

From: Jacob Champion <pchampion@vmware.com>
To: "michael@paquier.xyz" <michael@paquier.xyz>
Cc: "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2021-07-13T00:01:46Z
Lists: pgsql-hackers
On Sun, 2021-07-11 at 13:16 +0900, Michael Paquier wrote:
> On Fri, Jul 09, 2021 at 11:31:48PM +0000, Jacob Champion wrote:
> > On Thu, 2021-07-08 at 16:27 +0900, Michael Paquier wrote:
> > > +	 *	outputlen: The length (0 or higher) of the client response buffer,
> > > +	 *			   invalid if output is NULL.
> > 
> > nitpick: maybe "ignored" instead of "invalid"?
> 
> Thanks, applied as 44bd012 after using your suggestion.

Thanks!

> Another thing I noticed after more review is that the check in
> fe-auth.c to make sure that a message needs to be generated if the
> exchange is not completed yet has no need to depend on "success", only
> "done".

Ah, right. I think the (!done && !success) case is probably indicative
of an API smell, but that's probably something to clean up in a future
pass.

--Jacob

Commits

  1. Install properly fe-auth-sasl.h

  2. Add more sanity checks in SASL exchanges

  3. Refactor SASL code with a generic interface for its mechanisms