First phase of FE/BE protocol modifications: new StartupPacket layout

with variable-width fields.  No more truncation of long user names.
Also, libpq can now send its environment-variable-driven SET commands
as part of the startup packet, saving round trips to server.

5 files changed, 50 insertions, 51 deletions

diff --git a/src/include/libpq/auth.h b/src/include/libpq/auth.h
index 4418adb5c9..f99e6d0373 100644
--- a/src/include/libpq/auth.h
+++ b/src/include/libpq/auth.h
@@ -7,7 +7,7 @@
  * Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: auth.h,v 1.21 2002/06/20 20:29:49 momjian Exp $
+ * $Id: auth.h,v 1.22 2003/04/17 22:26:01 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -21,7 +21,7 @@
  *----------------------------------------------------------------
  */
 
-void		ClientAuthentication(Port *port);
+extern void ClientAuthentication(Port *port);
 
 #define PG_KRB4_VERSION "PGVER4.1"		/* at most KRB_SENDAUTH_VLEN chars */
 #define PG_KRB5_VERSION "PGVER5.1"
diff --git a/src/include/libpq/hba.h b/src/include/libpq/hba.h
index b9daf985f5..9a7e355ff3 100644
--- a/src/include/libpq/hba.h
+++ b/src/include/libpq/hba.h
@@ -4,7 +4,7 @@
  *	  Interface to hba.c
  *
  *
- * $Id: hba.h,v 1.32 2002/04/04 04:25:54 momjian Exp $
+ * $Id: hba.h,v 1.33 2003/04/17 22:26:01 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -26,8 +26,6 @@
 #define IDENT_PORT 113
  /* Standard TCP port number for Ident service.  Assigned by IANA */
 
-#define MAX_AUTH_ARG	80		/* Max size of an authentication arg */
-
 typedef enum UserAuth
 {
 	uaReject,
diff --git a/src/include/libpq/libpq-be.h b/src/include/libpq/libpq-be.h
index e9d906d06a..19ac0402d3 100644
--- a/src/include/libpq/libpq-be.h
+++ b/src/include/libpq/libpq-be.h
@@ -11,15 +11,13 @@
  * Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: libpq-be.h,v 1.34 2002/08/29 03:22:01 tgl Exp $
+ * $Id: libpq-be.h,v 1.35 2003/04/17 22:26:01 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
 #ifndef LIBPQ_BE_H
 #define LIBPQ_BE_H
 
-#include <sys/types.h>
-
 #include "libpq/hba.h"
 #include "libpq/pqcomm.h"
 
@@ -32,29 +30,36 @@
 /*
  * This is used by the postmaster in its communication with frontends.	It
  * contains all state information needed during this communication before the
- * backend is run.
+ * backend is run.  The Port structure is kept in malloc'd memory and is
+ * still available when a backend is running (see MyProcPort).  The data
+ * it points to must also be malloc'd, or else palloc'd in TopMemoryContext,
+ * so that it survives into PostgresMain execution!
  */
 
 typedef struct Port
 {
 	int			sock;			/* File descriptor */
+	ProtocolVersion proto;		/* FE/BE protocol version */
 	SockAddr	laddr;			/* local addr (postmaster) */
 	SockAddr	raddr;			/* remote addr (client) */
-	char		md5Salt[4];		/* Password salt */
-	char		cryptSalt[2];	/* Password salt */
 
 	/*
-	 * Information that needs to be held during the fe/be authentication
-	 * handshake.
+	 * Information that needs to be saved from the startup packet and passed
+	 * into backend execution.  "char *" fields are NULL if not set.
+	 * guc_options points to a List of alternating option names and values.
 	 */
+	char	   *database_name;
+	char	   *user_name;
+	char	   *cmdline_options;
+	List	   *guc_options;
 
-	ProtocolVersion proto;
-	char		database[SM_DATABASE + 1];
-	char		user[SM_DATABASE_USER + 1];
-	char		options[SM_OPTIONS + 1];
-	char		tty[SM_TTY + 1];
-	char		auth_arg[MAX_AUTH_ARG];
+	/*
+	 * Information that needs to be held during the authentication cycle.
+	 */
 	UserAuth	auth_method;
+	char	   *auth_arg;
+	char		md5Salt[4];		/* Password salt */
+	char		cryptSalt[2];	/* Password salt */
 
 	/*
 	 * SSL structures
diff --git a/src/include/libpq/password.h b/src/include/libpq/password.h
deleted file mode 100644
index c704edeb34..0000000000
--- a/src/include/libpq/password.h
+++ /dev/null
@@ -1,6 +0,0 @@
-#ifndef PASSWORD_H
-#define PASSWORD_H
-
-int			verify_password(const Port *port, const char *user, const char *password);
-
-#endif
diff --git a/src/include/libpq/pqcomm.h b/src/include/libpq/pqcomm.h
index 7c476699f0..fabfb0cb25 100644
--- a/src/include/libpq/pqcomm.h
+++ b/src/include/libpq/pqcomm.h
@@ -9,14 +9,13 @@
  * Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Id: pqcomm.h,v 1.75 2003/01/06 09:58:36 petere Exp $
+ * $Id: pqcomm.h,v 1.76 2003/04/17 22:26:01 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
 #ifndef PQCOMM_H
 #define PQCOMM_H
 
-#include <sys/types.h>
 #ifdef WIN32
 #include <winsock.h>
 /* workaround for clashing defines of "ERROR" */
@@ -93,7 +92,7 @@ typedef union SockAddr
  * functionality).
  *
  * If a backend supports version m.n of the protocol it must actually support
- * versions m.0..n].  Backend support for version m-1 can be dropped after a
+ * versions m.[0..n].  Backend support for version m-1 can be dropped after a
  * `reasonable' length of time.
  *
  * A frontend isn't required to support anything other than the current
@@ -107,27 +106,26 @@ typedef union SockAddr
 /* The earliest and latest frontend/backend protocol version supported. */
 
 #define PG_PROTOCOL_EARLIEST	PG_PROTOCOL(1,0)
-#define PG_PROTOCOL_LATEST	PG_PROTOCOL(2,0)
+#define PG_PROTOCOL_LATEST		PG_PROTOCOL(3,100) /* XXX temporary value */
 
-/*
- * All packets sent to the postmaster start with the length.  This is omitted
- * from the different packet definitions specified below.
- */
+typedef uint32 ProtocolVersion; /* FE/BE protocol version number */
 
-typedef uint32 PacketLen;
+typedef ProtocolVersion MsgType;
 
 
 /*
- * Startup message parameters sizes.  These must not be changed without changing
- * the protocol version.  These are all strings that are '\0' terminated only if
- * there is room.
+ * Packet lengths are 4 bytes in network byte order.
+ *
+ * The initial length is omitted from the packet layouts appearing below.
  */
 
+typedef uint32 PacketLen;
+
+
 /*
- * FIXME: remove the fixed size limitations on the database name, user
- * name, and options fields and use a variable length field instead. The
- * actual limits on database & user name will then be NAMEDATALEN, which
- * can be changed without changing the FE/BE protocol. -neilc,2002/08/27
+ * Old-style startup packet layout with fixed-width fields.  This is used in
+ * protocol 1.0 and 2.0, but not in later versions.  Note that the fields
+ * in this layout are '\0' terminated only if there is room.
  */
 
 #define SM_DATABASE		64
@@ -138,11 +136,6 @@ typedef uint32 PacketLen;
 #define SM_UNUSED		64
 #define SM_TTY			64
 
-typedef uint32 ProtocolVersion; /* Fe/Be protocol version number */
-
-typedef ProtocolVersion MsgType;
-
-
 typedef struct StartupPacket
 {
 	ProtocolVersion protoVersion;		/* Protocol version */
@@ -156,7 +149,16 @@ typedef struct StartupPacket
 
 extern bool Db_user_namespace;
 
-/* These are the authentication requests sent by the backend. */
+/*
+ * In protocol 3.0 and later, the startup packet length is not fixed, but
+ * we set an arbitrary limit on it anyway.  This is just to prevent simple
+ * denial-of-service attacks via sending enough data to run the server
+ * out of memory.
+ */
+#define MAX_STARTUP_PACKET_LENGTH 10000
+
+
+/* These are the authentication request codes sent by the backend. */
 
 #define AUTH_REQ_OK			0	/* User is authenticated  */
 #define AUTH_REQ_KRB4		1	/* Kerberos V4 */
@@ -169,12 +171,12 @@ extern bool Db_user_namespace;
 typedef uint32 AuthRequest;
 
 
-/* A client can also send a cancel-current-operation request to the postmaster.
+/*
+ * A client can also send a cancel-current-operation request to the postmaster.
  * This is uglier than sending it directly to the client's backend, but it
  * avoids depending on out-of-band communication facilities.
- */
-
-/* The cancel request code must not match any protocol version number
+ *
+ * The cancel request code must not match any protocol version number
  * we're ever likely to use.  This random choice should do.
  */
 #define CANCEL_REQUEST_CODE PG_PROTOCOL(1234,5678)