Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commite21d6f2

Browse files
Move PG_MAX_AUTH_TOKEN_LENGTH to libpq/auth.h
Future SASL mechanism, like OAUTHBEARER, will use this as a limit ontoken messages coming from the client, so promote it to the headerfile to make it available.This patch is extracted from a larger body of work aimed at addingsupport for OAUTHBEARER in libpq.Author: Jacob Champion <jacob.champion@enterprisedb.com>Reviewed-by: Daniel Gustafsson <daniel@yesql.se>Reviewed-by: Peter Eisentraut <peter@eisentraut.org>Discussion:https://postgr.es/m/CAOYmi+kJqzo6XsR9TEhvVfeVNQ-TyFM5LATypm9yoQVYk=4Wrw@mail.gmail.com
1 parent59d6c03 commite21d6f2

File tree

2 files changed

+16
-16
lines changed

2 files changed

+16
-16
lines changed

‎src/backend/libpq/auth.c

Lines changed: 0 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -201,22 +201,6 @@ static intCheckRADIUSAuth(Port *port);
201201
staticintPerformRadiusTransaction(constchar*server,constchar*secret,constchar*portstr,constchar*identifier,constchar*user_name,constchar*passwd);
202202

203203

204-
/*
205-
* Maximum accepted size of GSS and SSPI authentication tokens.
206-
* We also use this as a limit on ordinary password packet lengths.
207-
*
208-
* Kerberos tickets are usually quite small, but the TGTs issued by Windows
209-
* domain controllers include an authorization field known as the Privilege
210-
* Attribute Certificate (PAC), which contains the user's Windows permissions
211-
* (group memberships etc.). The PAC is copied into all tickets obtained on
212-
* the basis of this TGT (even those issued by Unix realms which the Windows
213-
* realm trusts), and can be several kB in size. The maximum token size
214-
* accepted by Windows systems is determined by the MaxAuthToken Windows
215-
* registry setting. Microsoft recommends that it is not set higher than
216-
* 65535 bytes, so that seems like a reasonable limit for us as well.
217-
*/
218-
#definePG_MAX_AUTH_TOKEN_LENGTH65535
219-
220204
/*----------------------------------------------------------------
221205
* Global authentication functions
222206
*----------------------------------------------------------------

‎src/include/libpq/auth.h

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,22 @@
1616

1717
#include"libpq/libpq-be.h"
1818

19+
/*
20+
* Maximum accepted size of GSS and SSPI authentication tokens.
21+
* We also use this as a limit on ordinary password packet lengths.
22+
*
23+
* Kerberos tickets are usually quite small, but the TGTs issued by Windows
24+
* domain controllers include an authorization field known as the Privilege
25+
* Attribute Certificate (PAC), which contains the user's Windows permissions
26+
* (group memberships etc.). The PAC is copied into all tickets obtained on
27+
* the basis of this TGT (even those issued by Unix realms which the Windows
28+
* realm trusts), and can be several kB in size. The maximum token size
29+
* accepted by Windows systems is determined by the MaxAuthToken Windows
30+
* registry setting. Microsoft recommends that it is not set higher than
31+
* 65535 bytes, so that seems like a reasonable limit for us as well.
32+
*/
33+
#definePG_MAX_AUTH_TOKEN_LENGTH65535
34+
1935
externPGDLLIMPORTchar*pg_krb_server_keyfile;
2036
externPGDLLIMPORTboolpg_krb_caseins_users;
2137
externPGDLLIMPORTboolpg_gss_accept_delegation;

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp