• Tom Lane's avatar
    Fix assorted issues in backend's GSSAPI encryption support. · 622ae462
    Tom Lane authored
    Unrecoverable errors detected by GSSAPI encryption can't just be
    reported with elog(ERROR) or elog(FATAL), because attempting to
    send the error report to the client is likely to lead to infinite
    recursion or loss of protocol sync.  Instead make this code do what
    the SSL encryption code has long done, which is to just report any
    such failure to the server log (with elevel COMMERROR), then pretend
    we've lost the connection by returning errno = ECONNRESET.
    
    Along the way, fix confusion about whether message translation is done
    by pg_GSS_error() or its callers (the latter should do it), and make
    the backend version of that function work more like the frontend
    version.
    
    Avoid allocating the port->gss struct until it's needed; we surely
    don't need to allocate it in the postmaster.
    
    Improve logging of "connection authorized" messages with GSS enabled.
    (As part of this, I back-patched the code changes from dc11f31a.)
    
    Make BackendStatusShmemSize() account for the GSS-related space that
    will be allocated by CreateSharedBackendStatus().  This omission
    could possibly cause out-of-shared-memory problems with very high
    max_connections settings.
    
    Remove arbitrary, pointless restriction that only GSS authentication
    can be used on a GSS-encrypted connection.
    
    Improve documentation; notably, document the fact that libpq now
    prefers GSS encryption over SSL encryption if both are possible.
    
    Per report from Mikael Gustavsson.  Back-patch to v12 where
    this code was introduced.
    
    Discussion: https://postgr.es/m/e5b0b6ed05764324a2f3fe7acfc766d5@smhi.se
    622ae462
hba.c 84.3 KB