rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/src/backend/libpq
History
Tom Lane 76c09dbe8d Rewrite pam_passwd_conv_proc to be more robust: avoid assuming that the 
pam_message array contains exactly one PAM_PROMPT_ECHO_OFF message.
Instead, deal with however many messages there are, and don't throw error
for PAM_ERROR_MSG and PAM_TEXT_INFO messages.  This logic is borrowed from
openssh 5.2p1, which hopefully has seen more real-world PAM usage than we
have.  Per bug #5121 from Ryan Douglas, which turned out to be caused by
the conv_proc being called with zero messages.  Apparently that is normal
behavior given the combination of Linux pam_krb5 with MS Active Directory
as the domain controller.

Patch all the way back, since this code has been essentially untouched
since 7.4.  (Surprising we've not heard complaints before.)
 		2009-10-16 22:08:36 +00:00
..
Makefile Refactor backend makefiles to remove lots of duplicate code 2008-02-19 10:30:09 +00:00
README.SSL Remove large parts of the old SSL readme, that consisted of a couple 2008-10-24 11:48:29 +00:00
auth.c Rewrite pam_passwd_conv_proc to be more robust: avoid assuming that the 2009-10-16 22:08:36 +00:00
be-fsstubs.c 8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list 2009-06-11 14:49:15 +00:00
be-secure.c 8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list 2009-06-11 14:49:15 +00:00
crypt.c Remove the use of the pg_auth flat file for client authentication. 2009-08-29 19:26:52 +00:00
hba.c Fix assorted memory leaks in pg_hba.conf parsing. Over a sufficiently 2009-10-03 20:04:39 +00:00
ip.c Support "samehost" and "samenet" specifications in pg_hba.conf, 2009-10-01 01:58:58 +00:00
md5.c Fix possible buffer overrun and/or unportable behavior in pg_md5_encrypt() 2009-09-15 02:31:15 +00:00
pg_hba.conf.sample Support "samehost" and "samenet" specifications in pg_hba.conf, 2009-10-01 01:58:58 +00:00
pg_ident.conf.sample Improve comments in pg_ident.conf.sample. 2009-05-16 20:43:46 +00:00
pqcomm.c Update copyright for 2009. 2009-01-01 17:24:05 +00:00
pqformat.c 8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list 2009-06-11 14:49:15 +00:00
pqsignal.c Remove the use of the pg_auth flat file for client authentication. 2009-08-29 19:26:52 +00:00

README.SSL 

$PostgreSQL: pgsql/src/backend/libpq/README.SSL,v 1.7 2008/10/24 11:48:29 mha Exp $

SSL
===

>From the servers perspective:


  Receives StartupPacket
           |
           |
 (Is SSL_NEGOTIATE_CODE?) -----------  Normal startup
           |                  No
           |
           | Yes
           |
           |
 (Server compiled with USE_SSL?) ------- Send 'N'
           |                       No        |
           |                                 |
           | Yes                         Normal startup
           |
           |
        Send 'S'
           |
           |
      Establish SSL
           |
           |
      Normal startup
     




>From the clients perspective (v6.6 client _with_ SSL):


      Connect
         |
         |
  Send packet with SSL_NEGOTIATE_CODE
         |
         |
  Receive single char  ------- 'S' -------- Establish SSL
         |                                       |
         | '<else>'                              |
         |                                  Normal startup
         |
         |
   Is it 'E' for error  ------------------- Retry connection
         |                  Yes             without SSL
         | No
         |
   Is it 'N' for normal ------------------- Normal startup
         |                  Yes
         |
   Fail with unknown

---------------------------------------------------------------------------