Refactor channel binding code to fetch cbind_data only when necessary

As things stand now, channel binding data is fetched from OpenSSL and
saved into the SCRAM exchange context for any SSL connection attempted
for a SCRAM authentication, resulting in data fetched but not used if no
channel binding is used or if a different channel binding type is used
than what the data is here for.

Refactor the code in such a way that binding data is fetched from the
SSL stack only when a specific channel binding is used for both the
frontend and the backend.  In order to achieve that, save the libpq
connection context directly in the SCRAM exchange state, and add a
dependency to SSL in the low-level SCRAM routines.

This makes the interface in charge of initializing the SCRAM context
cleaner as all its data comes from either PGconn* (for frontend) or
Port* (for the backend).

Author: Michael Paquier <michael.paquier@gmail.com>

1 files changed, 3 insertions, 3 deletions

diff --git a/src/include/libpq/scram.h b/src/include/libpq/scram.h
index f43ce992c17..91872fcd088 100644
--- a/src/include/libpq/scram.h
+++ b/src/include/libpq/scram.h
@@ -13,15 +13,15 @@
 #ifndef PG_SCRAM_H
 #define PG_SCRAM_H
 
+#include "libpq/libpq-be.h"
+
 /* Status codes for message exchange */
 #define SASL_EXCHANGE_CONTINUE		0
 #define SASL_EXCHANGE_SUCCESS		1
 #define SASL_EXCHANGE_FAILURE		2
 
 /* Routines dedicated to authentication */
-extern void *pg_be_scram_init(const char *username, const char *shadow_pass,
-				 bool ssl_in_use, const char *tls_finished_message,
-				 size_t tls_finished_len);
+extern void *pg_be_scram_init(Port *port, const char *shadow_pass);
 extern int pg_be_scram_exchange(void *opaq, char *input, int inputlen,
 					 char **output, int *outputlen, char **logdetail);