Decline GSS API request

2019-12-27 16:08:26 +05:00 · 2019-12-27 16:08:26 +05:00 · 887e4aa2d8
parent d0be26bf75
commit 887e4aa2d8
2 changed files with 48 additions and 15 deletions
--- a/sources/frontend.c
+++ b/sources/frontend.c
@ -105,22 +105,39 @@ static int
 od_frontend_startup(od_client_t *client)
 {
 	od_instance_t *instance = client->global->instance;
-
 	machine_msg_t *msg;
-	msg = od_read_startup(&client->io, client->config_listen->client_login_timeout);
-	if (msg == NULL)
-		goto error;

-	int rc;
-	rc = kiwi_be_read_startup(machine_msg_data(msg),
-	                          machine_msg_size(msg),
-	                          &client->startup, &client->vars);
-	machine_msg_free(msg);
-	if (rc == -1)
-		goto error;
+	while (true) {
+		msg = od_read_startup(&client->io, client->config_listen->client_login_timeout);
+		if (msg == NULL)
+			goto error;
+
+		int rc = kiwi_be_read_startup(machine_msg_data(msg),
+		                          machine_msg_size(msg),
+		                          &client->startup, &client->vars);
+		machine_msg_free(msg);
+		if (rc == -1)
+			goto error;
+
+		if (!client->startup.unsupported_request)
+			break;
+		/* not supported 'N' */
+		msg = machine_msg_create(sizeof(uint8_t));
+		if (msg == NULL)
+			return -1;
+		uint8_t *type = machine_msg_data(msg);
+		*type = 'N';
+		rc = od_write(&client->io, msg);
+		if (rc == -1) {
+			od_error(&instance->logger, "unsupported protocol (gssapi)", client, NULL, "write error: %s",
+			         od_io_error(&client->io));
+			return -1;
+		}
+		od_debug(&instance->logger, "unsupported protocol (gssapi)", client, NULL, "ignoring");
+	}

 	/* client ssl request */
-	rc = od_tls_frontend_accept(client, &instance->logger,
+	int rc = od_tls_frontend_accept(client, &instance->logger,
 	                            client->config_listen,
 	                            client->tls);
 	if (rc == -1)
--- a/third_party/kiwi/kiwi/be_read.h
+++ b/third_party/kiwi/kiwi/be_read.h
@ -12,6 +12,7 @@ typedef struct kiwi_be_startup kiwi_be_startup_t;
 struct kiwi_be_startup
 {
 	int        is_ssl_request;
+	int        unsupported_request;
 	int        is_cancel;
 	kiwi_key_t key;
 	kiwi_var_t user;
@ -24,6 +25,7 @@ kiwi_be_startup_init(kiwi_be_startup_t *su)
 {
 	su->is_cancel      = 0;
 	su->is_ssl_request = 0;
+	su->unsupported_request = 0;
 	kiwi_key_init(&su->key);
 	kiwi_var_init(&su->user, NULL, 0);
 	kiwi_var_init(&su->database, NULL, 0);
@ -79,6 +81,13 @@ kiwi_be_read_options(kiwi_be_startup_t *su, char *pos, uint32_t pos_size,
 	return 0;
 }

+#define PG_PROTOCOL(m,n)        (((m) << 16) | (n))
+#define NEGOTIATE_SSL_CODE      PG_PROTOCOL(1234,5679)
+#define NEGOTIATE_GSS_CODE      PG_PROTOCOL(1234,5680)
+#define CANCEL_REQUEST_CODE     PG_PROTOCOL(1234,5678)
+#define PG_PROTOCOL_LATEST		PG_PROTOCOL(3,0)
+#define PG_PROTOCOL_EARLIEST	PG_PROTOCOL(2,0)
+
 KIWI_API static inline int
 kiwi_be_read_startup(char *data, uint32_t size, kiwi_be_startup_t *su, kiwi_vars_t *vars)
 {
@ -93,16 +102,17 @@ kiwi_be_read_startup(char *data, uint32_t size, kiwi_be_startup_t *su, kiwi_vars
 	rc = kiwi_read32(&version, &pos, &pos_size);
 	if (kiwi_unlikely(rc == -1))
 		return -1;
+	su->unsupported_request = 0;
 	switch (version) {
 	/* StartupMessage */
-	case 196608:
+	case PG_PROTOCOL_LATEST:
 		su->is_cancel = 0;
 		rc = kiwi_be_read_options(su, pos, pos_size, vars);
 		if (kiwi_unlikely(rc == -1))
 			return -1;
 		break;
 	/* CancelRequest */
-	case 80877102:
+	case CANCEL_REQUEST_CODE:
 		su->is_cancel = 1;
 		rc = kiwi_read32(&su->key.key_pid, &pos, &pos_size);
 		if (kiwi_unlikely(rc == -1))
@ -112,9 +122,15 @@ kiwi_be_read_startup(char *data, uint32_t size, kiwi_be_startup_t *su, kiwi_vars
 			return -1;
 		break;
 	/* SSLRequest */
-	case  80877103:
+	case  NEGOTIATE_SSL_CODE:
 		su->is_ssl_request = 1;
 		break;
+	/* GSSRequest */
+	case NEGOTIATE_GSS_CODE:
+	/* V2 protocol startup */
+	case PG_PROTOCOL_EARLIEST:
+		su->unsupported_request = 1;
+		break;
 	default:
 		return -1;
 	}