diff options
| author | Daniel Gustafsson <dgustafsson@postgresql.org> | 2024-03-21 14:45:46 +0100 |
|---|---|---|
| committer | Daniel Gustafsson <dgustafsson@postgresql.org> | 2024-03-21 14:45:46 +0100 |
| commit | 24178e235ea56aca9233e640dd7ff9b17e858b07 (patch) | |
| tree | ad742fd421ec645cb510af69bc04f04975dac3c2 /src/interfaces/libpq/fe-auth.c | |
| parent | 1db689715d44276407dc4d6fadbc11da8d391bd9 (diff) | |
Refactor SASL exchange to return tri-state status
The SASL exchange callback returned state in to output variables:
done and success. This refactors that logic by introducing a new
return variable of type SASLStatus which makes the code easier to
read and understand, and prepares for future SASL exchanges which
operate asynchronously.
This was extracted from a larger patchset to introduce OAuthBearer
authentication and authorization.
Author: Jacob Champion <jacob.champion@enterprisedb.com>
Discussion: https://postgr.es/m/d1b467a78e0e36ed85a09adf979d04cf124a9d4b.camel@vmware.com
Diffstat (limited to 'src/interfaces/libpq/fe-auth.c')
| -rw-r--r-- | src/interfaces/libpq/fe-auth.c | 28 |
1 files changed, 12 insertions, 16 deletions
diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c index 1a8e4f6fbfa..cf8af4c62e5 100644 --- a/src/interfaces/libpq/fe-auth.c +++ b/src/interfaces/libpq/fe-auth.c @@ -423,11 +423,10 @@ pg_SASL_init(PGconn *conn, int payloadlen) { char *initialresponse = NULL; int initialresponselen; - bool done; - bool success; const char *selected_mechanism; PQExpBufferData mechanism_buf; char *password; + SASLStatus status; initPQExpBuffer(&mechanism_buf); @@ -575,12 +574,11 @@ pg_SASL_init(PGconn *conn, int payloadlen) goto oom_error; /* Get the mechanism-specific Initial Client Response, if any */ - conn->sasl->exchange(conn->sasl_state, - NULL, -1, - &initialresponse, &initialresponselen, - &done, &success); + status = conn->sasl->exchange(conn->sasl_state, + NULL, -1, + &initialresponse, &initialresponselen); - if (done && !success) + if (status == SASL_FAILED) goto error; /* @@ -629,10 +627,9 @@ pg_SASL_continue(PGconn *conn, int payloadlen, bool final) { char *output; int outputlen; - bool done; - bool success; int res; char *challenge; + SASLStatus status; /* Read the SASL challenge from the AuthenticationSASLContinue message. */ challenge = malloc(payloadlen + 1); @@ -651,13 +648,12 @@ pg_SASL_continue(PGconn *conn, int payloadlen, bool final) /* For safety and convenience, ensure the buffer is NULL-terminated. */ challenge[payloadlen] = '\0'; - conn->sasl->exchange(conn->sasl_state, - challenge, payloadlen, - &output, &outputlen, - &done, &success); + status = conn->sasl->exchange(conn->sasl_state, + challenge, payloadlen, + &output, &outputlen); free(challenge); /* don't need the input anymore */ - if (final && !done) + if (final && status == SASL_CONTINUE) { if (outputlen != 0) free(output); @@ -670,7 +666,7 @@ pg_SASL_continue(PGconn *conn, int payloadlen, bool final) * If the exchange is not completed yet, we need to make sure that the * SASL mechanism has generated a message to send back. */ - if (output == NULL && !done) + if (output == NULL && status == SASL_CONTINUE) { libpq_append_conn_error(conn, "no client response found after SASL exchange success"); return STATUS_ERROR; @@ -692,7 +688,7 @@ pg_SASL_continue(PGconn *conn, int payloadlen, bool final) return STATUS_ERROR; } - if (done && !success) + if (status == SASL_FAILED) return STATUS_ERROR; return STATUS_OK; |