This is a new startup packet type introduced in PostgreSQL 12. In
PgBouncer, we'll for now reject GSS encryption attempts.
Without this, PgBouncer would reject such connections with "bad packet
header" errors, requiring the client to reconnect before being able to
do the normal startup.
#define PKT_STARTUP 0x30000
#define PKT_CANCEL 80877102
#define PKT_SSLREQ 80877103
+#define PKT_GSSENCREQ 80877104
#define POOL_SESSION 0
#define POOL_TX 1
return false;
}
break;
+ case PKT_GSSENCREQ:
+ /* reject GSS encryption attempt */
+ slog_noise(client, "C: req GCC enc");
+ if (!sbuf_answer(&client->sbuf, "N", 1)) {
+ disconnect_client(client, false, "failed to nak GSS enc");
+ return false;
+ }
+ break;
case PKT_STARTUP_V2:
disconnect_client(client, true, "old V2 protocol not supported");
return false;
type = PKT_CANCEL;
} else if (code == PKT_SSLREQ) {
type = PKT_SSLREQ;
+ } else if (code == PKT_GSSENCREQ) {
+ type = PKT_GSSENCREQ;
} else if ((code >> 16) == 3 && (code & 0xFFFF) < 2) {
type = PKT_STARTUP;
} else if (code == PKT_STARTUP_V2) {
projects / pgbouncer / commitdiff