diff options
author | Peter Eisentraut <peter_e@gmx.net> | 2018-01-04 13:53:09 -0500 |
---|---|---|
committer | Peter Eisentraut <peter_e@gmx.net> | 2018-01-04 13:55:12 -0500 |
commit | f3049a603a7950f313b33ab214f11563c66dc069 (patch) | |
tree | f870af0cee87ab890b6925a202c43de7624972fd /src/interfaces/libpq/fe-auth.h | |
parent | 3ad2afc2e98fc85d5cf9529d84265b70acc0b13d (diff) | |
download | postgresql-f3049a603a7950f313b33ab214f11563c66dc069.tar.gz |
Refactor channel binding code to fetch cbind_data only when necessary
As things stand now, channel binding data is fetched from OpenSSL and
saved into the SCRAM exchange context for any SSL connection attempted
for a SCRAM authentication, resulting in data fetched but not used if no
channel binding is used or if a different channel binding type is used
than what the data is here for.
Refactor the code in such a way that binding data is fetched from the
SSL stack only when a specific channel binding is used for both the
frontend and the backend. In order to achieve that, save the libpq
connection context directly in the SCRAM exchange state, and add a
dependency to SSL in the low-level SCRAM routines.
This makes the interface in charge of initializing the SCRAM context
cleaner as all its data comes from either PGconn* (for frontend) or
Port* (for the backend).
Author: Michael Paquier <michael.paquier@gmail.com>
Diffstat (limited to 'src/interfaces/libpq/fe-auth.h')
-rw-r--r-- | src/interfaces/libpq/fe-auth.h | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/src/interfaces/libpq/fe-auth.h b/src/interfaces/libpq/fe-auth.h index 91bc21ee8d..a8a27c24a6 100644 --- a/src/interfaces/libpq/fe-auth.h +++ b/src/interfaces/libpq/fe-auth.h @@ -23,17 +23,13 @@ extern int pg_fe_sendauth(AuthRequest areq, int payloadlen, PGconn *conn); extern char *pg_fe_getauthname(PQExpBuffer errorMessage); /* Prototypes for functions in fe-auth-scram.c */ -extern void *pg_fe_scram_init(const char *username, +extern void *pg_fe_scram_init(PGconn *conn, const char *password, - bool ssl_in_use, - const char *sasl_mechanism, - const char *channel_binding_type, - char *tls_finished_message, - size_t tls_finished_len); + const char *sasl_mechanism); extern void pg_fe_scram_free(void *opaq); extern void pg_fe_scram_exchange(void *opaq, char *input, int inputlen, char **output, int *outputlen, - bool *done, bool *success, PQExpBuffer errorMessage); + bool *done, bool *success); extern char *pg_fe_scram_build_verifier(const char *password); #endif /* FE_AUTH_H */ |