From 887e4aa2d8d23eae41f11362a65adddf2950ec85 Mon Sep 17 00:00:00 2001 From: Andrey Borodin Date: Fri, 27 Dec 2019 16:08:26 +0500 Subject: [PATCH] Decline GSS API request --- sources/frontend.c | 41 +++++++++++++++++++++++---------- third_party/kiwi/kiwi/be_read.h | 22 +++++++++++++++--- 2 files changed, 48 insertions(+), 15 deletions(-) diff --git a/sources/frontend.c b/sources/frontend.c index 361dd4d3..bf0a1851 100644 --- a/sources/frontend.c +++ b/sources/frontend.c @@ -105,22 +105,39 @@ static int od_frontend_startup(od_client_t *client) { od_instance_t *instance = client->global->instance; - machine_msg_t *msg; - msg = od_read_startup(&client->io, client->config_listen->client_login_timeout); - if (msg == NULL) - goto error; - int rc; - rc = kiwi_be_read_startup(machine_msg_data(msg), - machine_msg_size(msg), - &client->startup, &client->vars); - machine_msg_free(msg); - if (rc == -1) - goto error; + while (true) { + msg = od_read_startup(&client->io, client->config_listen->client_login_timeout); + if (msg == NULL) + goto error; + + int rc = kiwi_be_read_startup(machine_msg_data(msg), + machine_msg_size(msg), + &client->startup, &client->vars); + machine_msg_free(msg); + if (rc == -1) + goto error; + + if (!client->startup.unsupported_request) + break; + /* not supported 'N' */ + msg = machine_msg_create(sizeof(uint8_t)); + if (msg == NULL) + return -1; + uint8_t *type = machine_msg_data(msg); + *type = 'N'; + rc = od_write(&client->io, msg); + if (rc == -1) { + od_error(&instance->logger, "unsupported protocol (gssapi)", client, NULL, "write error: %s", + od_io_error(&client->io)); + return -1; + } + od_debug(&instance->logger, "unsupported protocol (gssapi)", client, NULL, "ignoring"); + } /* client ssl request */ - rc = od_tls_frontend_accept(client, &instance->logger, + int rc = od_tls_frontend_accept(client, &instance->logger, client->config_listen, client->tls); if (rc == -1) diff --git a/third_party/kiwi/kiwi/be_read.h b/third_party/kiwi/kiwi/be_read.h index e0d71d04..2f905278 100644 --- a/third_party/kiwi/kiwi/be_read.h +++ b/third_party/kiwi/kiwi/be_read.h @@ -12,6 +12,7 @@ typedef struct kiwi_be_startup kiwi_be_startup_t; struct kiwi_be_startup { int is_ssl_request; + int unsupported_request; int is_cancel; kiwi_key_t key; kiwi_var_t user; @@ -24,6 +25,7 @@ kiwi_be_startup_init(kiwi_be_startup_t *su) { su->is_cancel = 0; su->is_ssl_request = 0; + su->unsupported_request = 0; kiwi_key_init(&su->key); kiwi_var_init(&su->user, NULL, 0); kiwi_var_init(&su->database, NULL, 0); @@ -79,6 +81,13 @@ kiwi_be_read_options(kiwi_be_startup_t *su, char *pos, uint32_t pos_size, return 0; } +#define PG_PROTOCOL(m,n) (((m) << 16) | (n)) +#define NEGOTIATE_SSL_CODE PG_PROTOCOL(1234,5679) +#define NEGOTIATE_GSS_CODE PG_PROTOCOL(1234,5680) +#define CANCEL_REQUEST_CODE PG_PROTOCOL(1234,5678) +#define PG_PROTOCOL_LATEST PG_PROTOCOL(3,0) +#define PG_PROTOCOL_EARLIEST PG_PROTOCOL(2,0) + KIWI_API static inline int kiwi_be_read_startup(char *data, uint32_t size, kiwi_be_startup_t *su, kiwi_vars_t *vars) { @@ -93,16 +102,17 @@ kiwi_be_read_startup(char *data, uint32_t size, kiwi_be_startup_t *su, kiwi_vars rc = kiwi_read32(&version, &pos, &pos_size); if (kiwi_unlikely(rc == -1)) return -1; + su->unsupported_request = 0; switch (version) { /* StartupMessage */ - case 196608: + case PG_PROTOCOL_LATEST: su->is_cancel = 0; rc = kiwi_be_read_options(su, pos, pos_size, vars); if (kiwi_unlikely(rc == -1)) return -1; break; /* CancelRequest */ - case 80877102: + case CANCEL_REQUEST_CODE: su->is_cancel = 1; rc = kiwi_read32(&su->key.key_pid, &pos, &pos_size); if (kiwi_unlikely(rc == -1)) @@ -112,9 +122,15 @@ kiwi_be_read_startup(char *data, uint32_t size, kiwi_be_startup_t *su, kiwi_vars return -1; break; /* SSLRequest */ - case 80877103: + case NEGOTIATE_SSL_CODE: su->is_ssl_request = 1; break; + /* GSSRequest */ + case NEGOTIATE_GSS_CODE: + /* V2 protocol startup */ + case PG_PROTOCOL_EARLIEST: + su->unsupported_request = 1; + break; default: return -1; }