database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-04-21 12:05:57 +03:00
Code

Make SASL max message length configurable

Browse Source 
The proposed OAUTHBEARER SASL mechanism will need to allow larger
messages in the exchange, since tokens are sent directly by the
client.  Move this limit into the pg_be_sasl_mech struct so that
it can be changed per-mechanism.

Author: Jacob Champion <jacob.champion@enterprisedb.com>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Discussion: https://postgr.es/m/CAOYmi+nqX_5=Se0W0Ynrr55Fha3CMzwv_R9P3rkpHb=1kG7ZTQ@mail.gmail.com
This commit is contained in:
Daniel Gustafsson 2024-10-23 16:10:27 +02:00
parent 17b4aa77c3
commit 6d16f9deba
3 changed files with 16 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/backend/libpq/auth-sasl.c
View File

@ -20,14 +20,6 @@
#include "libpq/pqformat.h" #include "libpq/pqformat.h"
#include "libpq/sasl.h" #include "libpq/sasl.h"
/*
* Maximum accepted size of SASL messages.
*
* The messages that the server or libpq generate are much smaller than this,
* but have some headroom.
*/
#define PG_MAX_SASL_MESSAGE_LENGTH 1024
/* /*
* Perform a SASL exchange with a libpq client, using a specific mechanism * Perform a SASL exchange with a libpq client, using a specific mechanism
* implementation. * implementation.
@ -103,7 +95,7 @@ CheckSASLAuth(const pg_be_sasl_mech *mech, Port *port, char *shadow_pass,
/* Get the actual SASL message */ /* Get the actual SASL message */
initStringInfo(&buf); initStringInfo(&buf);
if (pq_getmessage(&buf, PG_MAX_SASL_MESSAGE_LENGTH)) if (pq_getmessage(&buf, mech->max_message_length))
{ {
/* EOF - pq_getmessage already logged error */ /* EOF - pq_getmessage already logged error */
pfree(buf.data); pfree(buf.data);

4
src/backend/libpq/auth-scram.c
View File

@ -113,7 +113,9 @@ static int scram_exchange(void *opaq, const char *input, int inputlen,
const pg_be_sasl_mech pg_be_scram_mech = { const pg_be_sasl_mech pg_be_scram_mech = {
scram_get_mechanisms, scram_get_mechanisms,
scram_init, scram_init,
scram_exchange scram_exchange,
PG_MAX_SASL_MESSAGE_LENGTH
}; };
/* /*

13
src/include/libpq/sasl.h
View File

@ -27,7 +27,15 @@
#define PG_SASL_EXCHANGE_FAILURE 2 #define PG_SASL_EXCHANGE_FAILURE 2
/* /*
* Backend SASL mechanism callbacks. * Maximum accepted size of SASL messages.
*
* The messages that the server or libpq generate are much smaller than this,
* but have some headroom.
*/
#define PG_MAX_SASL_MESSAGE_LENGTH 1024
/*
* Backend SASL mechanism callbacks and metadata.
* *
* To implement a backend mechanism, declare a pg_be_sasl_mech struct with * To implement a backend mechanism, declare a pg_be_sasl_mech struct with
* appropriate callback implementations. Then pass the mechanism to * appropriate callback implementations. Then pass the mechanism to
@ -127,6 +135,9 @@ typedef struct pg_be_sasl_mech
const char *input, int inputlen, const char *input, int inputlen,
char **output, int *outputlen, char **output, int *outputlen,
const char **logdetail); const char **logdetail);
/* The maximum size allowed for client SASLResponses. */
int max_message_length;
} pg_be_sasl_mech; } pg_be_sasl_mech;
/* Common implementation for auth.c */ /* Common implementation for auth.c */