[PATCH v6] GSSAPI encryption support
Robbie Harwood <rharwood@redhat.com>
From: Robbie Harwood <rharwood@redhat.com>
To: pgsql-hackers@postgresql.org
Cc: David Steele <david@pgmasters.net>,
Michael Paquier <michael.paquier@gmail.com>
Date: 2016-03-08T22:44:38Z
Lists: pgsql-hackers
Attachments
- v6-0001-Move-common-GSSAPI-code-into-its-own-files.patch (text/x-diff) patch v6-0001
- v6-0002-Connection-encryption-support-for-GSSAPI.patch (text/x-diff) patch v6-0002
- v6-0003-GSSAPI-authentication-cleanup.patch (text/x-diff) patch v6-0003
Hello friends, Here's yet another version of GSSAPI encryption support. It's also available for viewing on my github: https://github.com/frozencemetery/postgres/tree/feature/gssencrypt6 Let me hit the highlights of this time around: - Fallback code is back! It's almost unchanged from early versions of this patchset. Corresponding doc changes for this and the next item are of course included. - Minor protocol change. I did not realize that connection parameters were not read until after auth was complete, which means that in this version I go back to sending the AUTH_REQ_OK in the clear. Though I found this initially irritating since it required re-working the should_crypto conditions, it ends up being a net positive since I can trade a library call for a couple variables. - Client buffer flush on completion of authentication. This should prevent the issue with the client getting unexpected message type of NUL due to encrypted data not getting decrypted. I continue to be unable to replicate this issue, but since the codepath triggers in the "no data buffered case" all the math is sound. (Famous last words I'm sure.) - Code motion is its own patch. This was requested and hopefully clarifies what's going on. - Some GSSAPI authentication fixes have been applied. I've been staring at this code too long now and writing this made me feel better. If it should be a separate change that's fine and easy to do. Thanks!
Commits
-
GSSAPI encryption support
- b0b39f72b990 12.0 landed
-
Fix typo
- 57c932475504 9.6.0 cited