Message Formats and Authentication Protocols

<para> A null-terminated string (C-style string). There is no specific length limitation on strings. If <replaceable>s</replaceable> is specified it is the exact value that will appear, otherwise the value is variable. Eg. String, String("user"). </para> <note> <para> <emphasis>There is no predefined limit</emphasis> on the length of a string that can be returned by the backend. Good coding strategy for a frontend is to use an expandable buffer so that anything that fits in memory can be accepted. If that's not feasible, read the full string and discard trailing characters that don't fit into your fixed-size buffer. </para> </note> </listitem> </varlistentry> <varlistentry> <term>Byte<replaceable>n</replaceable>(<replaceable>c</replaceable>)</term> <listitem> <para> Exactly <replaceable>n</replaceable> bytes. If the field width <replaceable>n</replaceable> is not a constant, it is always determinable from an earlier field in the message. If <replaceable>c</replaceable> is specified it is the exact value. Eg. Byte2, Byte1('\n'). </para> </listitem> </varlistentry> </variablelist> </sect1> <sect1 id="protocol-message-formats"> <title>Message Formats</title> <para> This section describes the detailed format of each message. Each is marked to indicate that it can be sent by a frontend (F), a backend (B), or both (F & B). Notice that although each message includes a byte count at the beginning, most messages are defined so that the message end can be found without reference to the byte count. This is for historical reasons, as the original, now-obsolete protocol version 2 did not have an explicit length field. It also aids validity checking though. </para> <variablelist> <varlistentry id="protocol-message-formats-AuthenticationOk"> <term>AuthenticationOk (B)</term> <listitem> <variablelist> <varlistentry> <term>Byte1('R')</term> <listitem> <para> Identifies the message as an authentication request. </para> </listitem> </varlistentry> <varlistentry> <term>Int32(8)</term> <listitem> <para> Length of message contents in bytes, including self. </para> </listitem> </varlistentry> <varlistentry> <term>Int32(0)</term> <listitem> <para> Specifies that the authentication was successful. </para> </listitem> </varlistentry> </variablelist> </listitem> </varlistentry> <varlistentry id="protocol-message-formats-AuthenticationKerberosV5"> <term>AuthenticationKerberosV5 (B)</term> <listitem> <variablelist> <varlistentry> <term>Byte1('R')</term> <listitem> <para> Identifies the message as an authentication request. </para> </listitem> </varlistentry> <varlistentry> <term>Int32(8)</term> <listitem> <para> Length of message contents in bytes, including self. </para> </listitem> </varlistentry> <varlistentry> <term>Int32(2)</term> <listitem> <para> Specifies that Kerberos V5 authentication is required. </para> </listitem> </varlistentry> </variablelist> </listitem> </varlistentry> <varlistentry id="protocol-message-formats-AuthenticationCleartextPassword"> <term>AuthenticationCleartextPassword (B)</term> <listitem> <variablelist> <varlistentry> <term>Byte1('R')</term> <listitem> <para> Identifies the message as an authentication request. </para> </listitem> </varlistentry> <varlistentry> <term>Int32(8)</term> <listitem> <para> Length

This section describes the detailed format of each message in the protocol, including authentication messages such as AuthenticationOk, AuthenticationKerberosV5, and AuthenticationCleartextPassword, which are sent by the backend to the frontend, and specify the structure and content of these messages, including byte counts, authentication codes, and password authentication methods.