Make SASL max message length configurable

The proposed OAUTHBEARER SASL mechanism will need to allow larger
messages in the exchange, since tokens are sent directly by the
client.  Move this limit into the pg_be_sasl_mech struct so that
it can be changed per-mechanism.

Author: Jacob Champion <[email protected]>
Reviewed-by: Daniel Gustafsson <[email protected]>
Discussion: https://postgr.es/m/CAOYmi+nqX_5=Se0W0Ynrr55Fha3CMzwv_R9P3rkpHb=1kG7ZTQ@mail.gmail.com

diff --git a/src/backend/libpq/auth-sasl.c b/src/backend/libpq/auth-sasl.c
index 08b24d90b4bf61180ffe6acd84b26dd05d6ccee2..4039e7fa3e9d3cb88870ecb050ce790cb06abfa2 100644 (file)
--- a/src/backend/libpq/auth-sasl.c
+++ b/src/backend/libpq/auth-sasl.c
@@ -20,14 +20,6 @@
 #include "libpq/pqformat.h"
 #include "libpq/sasl.h"
 
-/*
- * Maximum accepted size of SASL messages.
- *
- * The messages that the server or libpq generate are much smaller than this,
- * but have some headroom.
- */
-#define PG_MAX_SASL_MESSAGE_LENGTH 1024
-
 /*
  * Perform a SASL exchange with a libpq client, using a specific mechanism
  * implementation.
@@ -103,7 +95,7 @@ CheckSASLAuth(const pg_be_sasl_mech *mech, Port *port, char *shadow_pass,
 
        /* Get the actual SASL message */
        initStringInfo(&buf);
-       if (pq_getmessage(&buf, PG_MAX_SASL_MESSAGE_LENGTH))
+       if (pq_getmessage(&buf, mech->max_message_length))
        {
            /* EOF - pq_getmessage already logged error */
            pfree(buf.data);

diff --git a/src/backend/libpq/auth-scram.c b/src/backend/libpq/auth-scram.c
index 56df870e9ef2e9a59fa8a436b026a34e0363b437..8c5b6d9c67e9fb969a9fa780bd55e2aee6722768 100644 (file)
--- a/src/backend/libpq/auth-scram.c
+++ b/src/backend/libpq/auth-scram.c
@@ -113,7 +113,9 @@ static int  scram_exchange(void *opaq, const char *input, int inputlen,
 const pg_be_sasl_mech pg_be_scram_mech = {
    scram_get_mechanisms,
    scram_init,
-   scram_exchange
+   scram_exchange,
+
+   PG_MAX_SASL_MESSAGE_LENGTH
 };
 
 /*

diff --git a/src/include/libpq/sasl.h b/src/include/libpq/sasl.h
index 7a1f970ccae65bf54c68af72790c51ef472b79ab..0e8fa84830413df836ee07f14c8142a2ce7d44ea 100644 (file)
--- a/src/include/libpq/sasl.h
+++ b/src/include/libpq/sasl.h
@@ -27,7 +27,15 @@
 #define PG_SASL_EXCHANGE_FAILURE       2
 
 /*
- * Backend SASL mechanism callbacks.
+ * Maximum accepted size of SASL messages.
+ *
+ * The messages that the server or libpq generate are much smaller than this,
+ * but have some headroom.
+ */
+#define PG_MAX_SASL_MESSAGE_LENGTH 1024
+
+/*
+ * Backend SASL mechanism callbacks and metadata.
  *
  * To implement a backend mechanism, declare a pg_be_sasl_mech struct with
  * appropriate callback implementations.  Then pass the mechanism to
@@ -127,6 +135,9 @@ typedef struct pg_be_sasl_mech
                             const char *input, int inputlen,
                             char **output, int *outputlen,
                             const char **logdetail);
+
+   /* The maximum size allowed for client SASLResponses. */
+   int         max_message_length;
 } pg_be_sasl_mech;
 
 /* Common implementation for auth.c */