From: Peter Eisentraut <peter@eisentraut.org>
Date: Fri, 16 Aug 2019 10:56:50 +0000 (+0200)
Subject: Recognize GSSENCRequest packet
X-Git-Tag: pgbouncer_1_11_0~3
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a934992d791799a4ab6a2e1ac20611e9701fa1cd;p=pgbouncer

Recognize GSSENCRequest packet

This is a new startup packet type introduced in PostgreSQL 12.  In
PgBouncer, we'll for now reject GSS encryption attempts.

Without this, PgBouncer would reject such connections with "bad packet
header" errors, requiring the client to reconnect before being able to
do the normal startup.
---

diff --git a/include/bouncer.h b/include/bouncer.h
index d52d397..6485fef 100644
--- a/include/bouncer.h
+++ b/include/bouncer.h
@@ -149,6 +149,7 @@ extern int cf_sbuf_len;
 #define PKT_STARTUP     0x30000
 #define PKT_CANCEL      80877102
 #define PKT_SSLREQ      80877103
+#define PKT_GSSENCREQ   80877104
 
 #define POOL_SESSION	0
 #define POOL_TX		1
diff --git a/src/client.c b/src/client.c
index 80cbcb6..fe1ef63 100644
--- a/src/client.c
+++ b/src/client.c
@@ -558,6 +558,14 @@ static bool handle_client_startup(PgSocket *client, PktHdr *pkt)
 			return false;
 		}
 		break;
+	case PKT_GSSENCREQ:
+		/* reject GSS encryption attempt */
+		slog_noise(client, "C: req GCC enc");
+		if (!sbuf_answer(&client->sbuf, "N", 1)) {
+			disconnect_client(client, false, "failed to nak GSS enc");
+			return false;
+		}
+		break;
 	case PKT_STARTUP_V2:
 		disconnect_client(client, true, "old V2 protocol not supported");
 		return false;
diff --git a/src/proto.c b/src/proto.c
index 2f4eba3..17ffdc8 100644
--- a/src/proto.c
+++ b/src/proto.c
@@ -75,6 +75,8 @@ bool get_header(struct MBuf *data, PktHdr *pkt)
 			type = PKT_CANCEL;
 		} else if (code == PKT_SSLREQ) {
 			type = PKT_SSLREQ;
+		} else if (code == PKT_GSSENCREQ) {
+			type = PKT_GSSENCREQ;
 		} else if ((code >> 16) == 3 && (code & 0xFFFF) < 2) {
 			type = PKT_STARTUP;
 		} else if (code == PKT_STARTUP_V2) {