Move PG_MAX_AUTH_TOKEN_LENGTH to libpq/auth.h
Future SASL mechanism, like OAUTHBEARER, will use this as a limit on token messages coming from the client, so promote it to the header file to make it available. This patch is extracted from a larger body of work aimed at adding support for OAUTHBEARER in libpq. Author: Jacob Champion <jacob.champion@enterprisedb.com> Reviewed-by: Daniel Gustafsson <daniel@yesql.se> Reviewed-by: Peter Eisentraut <peter@eisentraut.org> Discussion: https://postgr.es/m/CAOYmi+kJqzo6XsR9TEhvVfeVNQ-TyFM5LATypm9yoQVYk=4Wrw@mail.gmail.com
This commit is contained in:
parent
59d6c03956
commit
e21d6f2971
@ -201,22 +201,6 @@ static int CheckRADIUSAuth(Port *port);
|
||||
static int PerformRadiusTransaction(const char *server, const char *secret, const char *portstr, const char *identifier, const char *user_name, const char *passwd);
|
||||
|
||||
|
||||
/*
|
||||
* Maximum accepted size of GSS and SSPI authentication tokens.
|
||||
* We also use this as a limit on ordinary password packet lengths.
|
||||
*
|
||||
* Kerberos tickets are usually quite small, but the TGTs issued by Windows
|
||||
* domain controllers include an authorization field known as the Privilege
|
||||
* Attribute Certificate (PAC), which contains the user's Windows permissions
|
||||
* (group memberships etc.). The PAC is copied into all tickets obtained on
|
||||
* the basis of this TGT (even those issued by Unix realms which the Windows
|
||||
* realm trusts), and can be several kB in size. The maximum token size
|
||||
* accepted by Windows systems is determined by the MaxAuthToken Windows
|
||||
* registry setting. Microsoft recommends that it is not set higher than
|
||||
* 65535 bytes, so that seems like a reasonable limit for us as well.
|
||||
*/
|
||||
#define PG_MAX_AUTH_TOKEN_LENGTH 65535
|
||||
|
||||
/*----------------------------------------------------------------
|
||||
* Global authentication functions
|
||||
*----------------------------------------------------------------
|
||||
|
@ -16,6 +16,22 @@
|
||||
|
||||
#include "libpq/libpq-be.h"
|
||||
|
||||
/*
|
||||
* Maximum accepted size of GSS and SSPI authentication tokens.
|
||||
* We also use this as a limit on ordinary password packet lengths.
|
||||
*
|
||||
* Kerberos tickets are usually quite small, but the TGTs issued by Windows
|
||||
* domain controllers include an authorization field known as the Privilege
|
||||
* Attribute Certificate (PAC), which contains the user's Windows permissions
|
||||
* (group memberships etc.). The PAC is copied into all tickets obtained on
|
||||
* the basis of this TGT (even those issued by Unix realms which the Windows
|
||||
* realm trusts), and can be several kB in size. The maximum token size
|
||||
* accepted by Windows systems is determined by the MaxAuthToken Windows
|
||||
* registry setting. Microsoft recommends that it is not set higher than
|
||||
* 65535 bytes, so that seems like a reasonable limit for us as well.
|
||||
*/
|
||||
#define PG_MAX_AUTH_TOKEN_LENGTH 65535
|
||||
|
||||
extern PGDLLIMPORT char *pg_krb_server_keyfile;
|
||||
extern PGDLLIMPORT bool pg_krb_caseins_users;
|
||||
extern PGDLLIMPORT bool pg_gss_accept_delegation;
|
||||
|
Loading…
x
Reference in New Issue
Block a user