NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit6d16f9d

committed

Make SASL max message length configurable

The proposed OAUTHBEARER SASL mechanism will need to allow largermessages in the exchange, since tokens are sent directly by theclient. Move this limit into the pg_be_sasl_mech struct so thatit can be changed per-mechanism.Author: Jacob Champion <jacob.champion@enterprisedb.com>Reviewed-by: Daniel Gustafsson <daniel@yesql.se>Discussion:https://postgr.es/m/CAOYmi+nqX_5=Se0W0Ynrr55Fha3CMzwv_R9P3rkpHb=1kG7ZTQ@mail.gmail.com

1 parent17b4aa7 commit6d16f9dCopy full SHA for 6d16f9d

File tree

3 files changed

+16

-11

lines changed

src
- backend/libpq
  - auth-sasl.c
  - auth-scram.c
- include/libpq
  - sasl.h

3 files changed

+16

-11

lines changed

`‎src/backend/libpq/auth-sasl.c‎`

Lines changed: 1 addition & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -20,14 +20,6 @@`
`20`	`20`	`#include"libpq/pqformat.h"`
`21`	`21`	`#include"libpq/sasl.h"`
`22`	`22`
`23`		`-/*`
`24`		`- * Maximum accepted size of SASL messages.`
`25`		`- *`
`26`		`- * The messages that the server or libpq generate are much smaller than this,`
`27`		`- * but have some headroom.`
`28`		`- */`
`29`		`-#definePG_MAX_SASL_MESSAGE_LENGTH1024`
`30`		`-`
`31`	`23`	`/*`
`32`	`24`	`* Perform a SASL exchange with a libpq client, using a specific mechanism`
`33`	`25`	`* implementation.`
`@@ -103,7 +95,7 @@ CheckSASLAuth(const pg_be_sasl_mech mech, Port port, char *shadow_pass,`
`103`	`95`
`104`	`96`	`/* Get the actual SASL message */`
`105`	`97`	`initStringInfo(&buf);`
`106`		`-if (pq_getmessage(&buf,PG_MAX_SASL_MESSAGE_LENGTH))`
	`98`	`+if (pq_getmessage(&buf,mech->max_message_length))`
`107`	`99`	`{`
`108`	`100`	`/* EOF - pq_getmessage already logged error */`
`109`	`101`	`pfree(buf.data);`

`‎src/backend/libpq/auth-scram.c‎`

Lines changed: 3 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -113,7 +113,9 @@ static intscram_exchange(void opaq, const char input, int inputlen,`
`113`	`113`	`constpg_be_sasl_mechpg_be_scram_mech= {`
`114`	`114`	`scram_get_mechanisms,`
`115`	`115`	`scram_init,`
`116`		`-scram_exchange`
	`116`	`+scram_exchange,`
	`117`	`+`
	`118`	`+PG_MAX_SASL_MESSAGE_LENGTH`
`117`	`119`	`};`
`118`	`120`
`119`	`121`	`/*`

`‎src/include/libpq/sasl.h‎`

Lines changed: 12 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,15 @@`
`27`	`27`	`#definePG_SASL_EXCHANGE_FAILURE2`
`28`	`28`
`29`	`29`	`/*`
`30`		`- * Backend SASL mechanism callbacks.`
	`30`	`+ * Maximum accepted size of SASL messages.`
	`31`	`+ *`
	`32`	`+ * The messages that the server or libpq generate are much smaller than this,`
	`33`	`+ * but have some headroom.`
	`34`	`+ */`
	`35`	`+#definePG_MAX_SASL_MESSAGE_LENGTH1024`
	`36`	`+`
	`37`	`+/*`
	`38`	`+ * Backend SASL mechanism callbacks and metadata.`
`31`	`39`	`*`
`32`	`40`	`* To implement a backend mechanism, declare a pg_be_sasl_mech struct with`
`33`	`41`	`* appropriate callback implementations. Then pass the mechanism to`
`@@ -127,6 +135,9 @@ typedef struct pg_be_sasl_mech`
`127`	`135`	`constchar*input,intinputlen,`
`128`	`136`	`char*output,intoutputlen,`
`129`	`137`	`constchar**logdetail);`
	`138`	`+`
	`139`	`+/* The maximum size allowed for client SASLResponses. */`
	`140`	`+intmax_message_length;`
`130`	`141`	`}pg_be_sasl_mech;`
`131`	`142`
`132`	`143`	`/* Common implementation for auth.c */`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit6d16f9d

File tree

3 files changed

3 files changed

`‎src/backend/libpq/auth-sasl.c‎`

`‎src/backend/libpq/auth-scram.c‎`

`‎src/include/libpq/sasl.h‎`

0 commit comments