From: | Robbie Harwood <rharwood(at)redhat(dot)com> |
---|---|
To: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>, Andres Freund <andres(at)anarazel(dot)de>, Craig Ringer <craig(at)2ndquadrant(dot)com> |
Subject: | Re: [PATCH v3] GSSAPI encryption support |
Date: | 2015-10-21 16:39:27 |
Message-ID: | jlg7fmgkwg0.fsf@thriss.redhat.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Michael Paquier <michael(dot)paquier(at)gmail(dot)com> writes:
> On Tue, Oct 20, 2015 at 3:01 AM, Robbie Harwood wrote:
>> Stephen Frost <sfrost(at)snowman(dot)net> writes:
>>> psql: lost synchronization with server: got message type "S", length 22
>>
>> which unfortunately could be a great many things. I've said this a
>> couple times now, but I really do need more information - a traffic
>> dump, a list of commands that were run, etc.; unfortunately, the surface
>> here is pretty large, and while I totally am willing to believe there
>> are bugs in the code I've written, I do not yet see them.
>
> --- a/src/interfaces/libpq/fe-protocol3.c
> +++ b/src/interfaces/libpq/fe-protocol3.c
> @@ -129,6 +129,58 @@ pqParseInput3(PGconn *conn)
> return;
> }
>
> +#ifdef ENABLE_GSS
> + /* We want to be ready in both IDLE and BUSY states
> for encryption */
> + if (id == 'g' && !conn->gss_disable_enc && conn->gctx)
> + {
> + ssize_t encEnd, next;
> [...]
> + }
> + else if (!conn->gss_disable_enc && conn->gss_auth_done &&
> + !conn->gss_decrypted_cur && id != 'E')
> + /* This could be a sync error, so let's handle
> it as such. */
> + handleSyncLoss(conn, id, msgLength);
> +#endif
>
> Hm. The out-of-sync error I am seeing in my environment is caused by
> this block when parsing 'g' messages coming from the backend that are
> considered as being GSSAPI-encrypted messages. I am still looking at
> that...
If you're hitting the else-block, that suggests a GSSAPI context is not
present at the time a GSSAPI message was received, I think.
From | Date | Subject | |
---|---|---|---|
Next Message | justin.catterson | 2015-10-21 16:42:33 | BUG #13694: Row Level Security by-passed with CREATEUSER permission |
Previous Message | Wesley Massuda | 2015-10-21 16:31:05 | Suporting multiple recursive table reads |