@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $ PostgreSQL : pgsql / src / backend / libpq / auth . c , v 1.183 2009 / 06 / 25 11 : 30 : 08 mha Exp $
* $ PostgreSQL : pgsql / src / backend / libpq / auth . c , v 1.183 .2 .1 2009 / 10 / 14 07 : 27 : 27 heikki Exp $
*
* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*/
@ -181,6 +181,21 @@ static int pg_SSPI_recvauth(Port *port);
# endif
/*
* Maximum size of GSS and SSPI authentication tokens .
*
* Kerberos tickets are usually quite small , but the TGTs issued by Windows
* domain controllers include an authorization field known as the Privilege
* Attribute Certificate ( PAC ) , which contains the user ' s Windows permissions
* ( group memberships etc . ) . The PAC is copied into all tickets obtained on
* the basis of this TGT ( even those issued by Unix realms which the Windows
* realm trusts ) , and can be several kB in size . The maximum token size
* accepted by Windows systems is determined by the MaxAuthToken Windows
* registry setting . Microsoft recommends that it is not set higher than
* 65535 bytes , so that seems like a reasonable limit for us as well .
*/
# define MAX_AUTH_TOKEN_LENGTH 65535
/*----------------------------------------------------------------
* Global authentication functions
@ -937,7 +952,7 @@ pg_GSS_recvauth(Port *port)
/* Get the actual GSS token */
initStringInfo ( & buf ) ;
if ( pq_getmessage ( & buf , 2000 ) )
if ( pq_getmessage ( & buf , MAX_AUTH_TOKEN_LENGTH ) )
{
/* EOF - pq_getmessage already logged error */
pfree ( buf . data ) ;
@ -1175,7 +1190,7 @@ pg_SSPI_recvauth(Port *port)
/* Get the actual SSPI token */
initStringInfo ( & buf ) ;
if ( pq_getmessage ( & buf , 2000 ) )
if ( pq_getmessage ( & buf , MAX_AUTH_TOKEN_LENGTH ) )
{
/* EOF - pq_getmessage already logged error */
pfree ( buf . data ) ;
Heikki Linnakangas
16 years ago