pgsql: Refactor channel binding code to fetch cbind_data only whennece
| От | Peter Eisentraut |
|---|---|
| Тема | pgsql: Refactor channel binding code to fetch cbind_data only whennece |
| Дата | |
| Msg-id | E1eXAgu-0006ce-FN@gemulon.postgresql.org обсуждение исходный текст |
| Список | pgsql-committers |
Refactor channel binding code to fetch cbind_data only when necessary As things stand now, channel binding data is fetched from OpenSSL and saved into the SCRAM exchange context for any SSL connection attempted for a SCRAM authentication, resulting in data fetched but not used if no channel binding is used or if a different channel binding type is used than what the data is here for. Refactor the code in such a way that binding data is fetched from the SSL stack only when a specific channel binding is used for both the frontend and the backend. In order to achieve that, save the libpq connection context directly in the SCRAM exchange state, and add a dependency to SSL in the low-level SCRAM routines. This makes the interface in charge of initializing the SCRAM context cleaner as all its data comes from either PGconn* (for frontend) or Port* (for the backend). Author: Michael Paquier <michael.paquier@gmail.com> Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/f3049a603a7950f313b33ab214f11563c66dc069 Modified Files -------------- src/backend/libpq/auth-scram.c | 33 +++----- src/backend/libpq/auth.c | 19 +---- src/include/libpq/scram.h | 6 +- src/interfaces/libpq/fe-auth-scram.c | 159 +++++++++++++++++------------------ src/interfaces/libpq/fe-auth.c | 27 +----- src/interfaces/libpq/fe-auth.h | 10 +-- 6 files changed, 102 insertions(+), 152 deletions(-)
В списке pgsql-committers по дате отправления: