minor;
gss_buffer_desc input,
output;
- int conf = 0;
+ int conf_state = 0;
uint32 netlen;
pg_gssinfo *gss = port->gss;
/* Create the next encrypted packet */
major = gss_wrap(&minor, gss->ctx, 1, GSS_C_QOP_DEFAULT,
- &input, &conf, &output);
+ &input, &conf_state, &output);
if (major != GSS_S_COMPLETE)
pg_GSS_error(FATAL, gettext_noop("GSSAPI wrap error"), major, minor);
- if (conf == 0)
+ if (conf_state == 0)
ereport(FATAL,
- (errmsg("GSSAPI did not provide confidentiality")));
+ (errmsg("outgoing GSSAPI message would not use confidentiality")));
if (output.length > PQ_GSS_SEND_BUFFER_SIZE - sizeof(uint32))
ereport(FATAL,
- (errmsg("server tried to send oversize GSSAPI packet: %zu bytes",
- (size_t) output.length)));
+ (errmsg("server tried to send oversize GSSAPI packet (%zu > %zu)",
+ (size_t) output.length,
+ PQ_GSS_SEND_BUFFER_SIZE - sizeof(uint32))));
bytes_encrypted += input.length;
bytes_to_encrypt -= input.length;
ssize_t ret;
size_t bytes_to_return = len;
size_t bytes_returned = 0;
- int conf = 0;
+ int conf_state = 0;
pg_gssinfo *gss = port->gss;
/*
/* Check for over-length packet */
if (input.length > PQ_GSS_RECV_BUFFER_SIZE - sizeof(uint32))
ereport(FATAL,
- (errmsg("oversize GSSAPI packet sent by the client: %zu bytes",
- (size_t) input.length)));
+ (errmsg("oversize GSSAPI packet sent by the client (%zu > %zu)",
+ (size_t) input.length,
+ PQ_GSS_RECV_BUFFER_SIZE - sizeof(uint32))));
/*
* Read as much of the packet as we are able to on this call into
output.length = 0;
input.value = PqGSSRecvBuffer + sizeof(uint32);
- major = gss_unwrap(&minor, gss->ctx, &input, &output, &conf, NULL);
+ major = gss_unwrap(&minor, gss->ctx, &input, &output, &conf_state, NULL);
if (major != GSS_S_COMPLETE)
pg_GSS_error(FATAL, gettext_noop("GSSAPI unwrap error"),
major, minor);
- if (conf == 0)
+ if (conf_state == 0)
ereport(FATAL,
- (errmsg("GSSAPI did not provide confidentiality")));
+ (errmsg("incoming GSSAPI message did not use confidentiality")));
memcpy(PqGSSResultBuffer, output.value, output.length);
*/
if (input.length > PQ_GSS_RECV_BUFFER_SIZE)
ereport(FATAL,
- (errmsg("oversize GSSAPI packet sent by the client: %zu bytes",
- (size_t) input.length)));
+ (errmsg("oversize GSSAPI packet sent by the client (%zu > %d)",
+ (size_t) input.length,
+ PQ_GSS_RECV_BUFFER_SIZE)));
/*
* Get the rest of the packet so we can pass it to GSSAPI to accept
NULL, NULL);
if (GSS_ERROR(major))
{
- pg_GSS_error(ERROR, gettext_noop("GSSAPI context error"),
+ pg_GSS_error(ERROR, gettext_noop("could not accept GSSAPI security context"),
major, minor);
gss_release_buffer(&minor, &output);
return -1;
if (output.length > PQ_GSS_SEND_BUFFER_SIZE - sizeof(uint32))
ereport(FATAL,
- (errmsg("server tried to send oversize GSSAPI packet: %zu bytes",
- (size_t) output.length)));
+ (errmsg("server tried to send oversize GSSAPI packet (%zu > %zu)",
+ (size_t) output.length,
+ PQ_GSS_SEND_BUFFER_SIZE - sizeof(uint32))));
memcpy(PqGSSSendBuffer, (char *) &netlen, sizeof(uint32));
PqGSSSendPointer += sizeof(uint32);
*/
while (bytes_to_encrypt || PqGSSSendPointer)
{
- int conf = 0;
+ int conf_state = 0;
uint32 netlen;
/*
/* Create the next encrypted packet */
major = gss_wrap(&minor, conn->gctx, 1, GSS_C_QOP_DEFAULT,
- &input, &conf, &output);
+ &input, &conf_state, &output);
if (major != GSS_S_COMPLETE)
{
pg_GSS_error(libpq_gettext("GSSAPI wrap error"), conn, major, minor);
goto cleanup;
}
- else if (conf == 0)
+ else if (conf_state == 0)
{
printfPQExpBuffer(&conn->errorMessage,
- libpq_gettext("GSSAPI did not provide confidentiality\n"));
+ libpq_gettext("outgoing GSSAPI message would not use confidentiality\n"));
goto cleanup;
}
if (output.length > PQ_GSS_SEND_BUFFER_SIZE - sizeof(uint32))
{
printfPQExpBuffer(&conn->errorMessage,
- libpq_gettext("client tried to send oversize GSSAPI packet: %zu bytes\n"),
- (size_t) output.length);
+ libpq_gettext("client tried to send oversize GSSAPI packet (%zu > %zu)\n"),
+ (size_t) output.length,
+ PQ_GSS_SEND_BUFFER_SIZE - sizeof(uint32));
goto cleanup;
}
*/
while (bytes_to_return)
{
- int conf = 0;
+ int conf_state = 0;
/* Check if we have data in our buffer that we can return immediately */
if (PqGSSResultPointer < PqGSSResultLength)
if (input.length > PQ_GSS_RECV_BUFFER_SIZE - sizeof(uint32))
{
printfPQExpBuffer(&conn->errorMessage,
- libpq_gettext("GSSAPI did not provide confidentiality\n"));
+ libpq_gettext("oversize GSSAPI packet sent by the server (%zu > %zu)\n"),
+ (size_t) input.length,
+ PQ_GSS_RECV_BUFFER_SIZE - sizeof(uint32));
ret = -1;
goto cleanup;
}
output.length = 0;
input.value = PqGSSRecvBuffer + sizeof(uint32);
- major = gss_unwrap(&minor, conn->gctx, &input, &output, &conf, NULL);
+ major = gss_unwrap(&minor, conn->gctx, &input, &output, &conf_state, NULL);
if (major != GSS_S_COMPLETE)
{
pg_GSS_error(libpq_gettext("GSSAPI unwrap error"), conn,
ret = -1;
goto cleanup;
}
- else if (conf == 0)
+ else if (conf_state == 0)
{
printfPQExpBuffer(&conn->errorMessage,
- libpq_gettext("GSSAPI did not provide confidentiality\n"));
+ libpq_gettext("incoming GSSAPI message did not use confidentiality\n"));
ret = -1;
goto cleanup;
}
if (input.length > PQ_GSS_RECV_BUFFER_SIZE - sizeof(uint32))
{
printfPQExpBuffer(&conn->errorMessage,
- libpq_gettext("oversize GSSAPI packet sent by the server: %zu bytes\n"),
- (size_t) input.length);
+ libpq_gettext("oversize GSSAPI packet sent by the server (%zu > %zu)\n"),
+ (size_t) input.length,
+ PQ_GSS_RECV_BUFFER_SIZE - sizeof(uint32));
return PGRES_POLLING_FAILED;
}
if (GSS_ERROR(major))
{
- pg_GSS_error(libpq_gettext("GSSAPI context establishment error"),
+ pg_GSS_error(libpq_gettext("could not initiate GSSAPI security context"),
conn, major, minor);
return PGRES_POLLING_FAILED;
}
projects / postgresql / commitdiff