Address PR feedback

Author: cgranleese-r7

lib/metasploit/framework/login_scanner/postgres.rb

@@ -1,6 +1,4 @@
 require 'metasploit/framework/login_scanner/base'
-require 'metasploit/framework/login_scanner/rex_socket'
-require 'metasploit/framework/tcp/client'
 require 'postgres_msf'
 
 module Metasploit
@@ -12,8 +10,25 @@ module LoginScanner
       # and attempting them. It then saves the results.
       class Postgres
         include Metasploit::Framework::LoginScanner::Base
-        include Metasploit::Framework::LoginScanner::RexSocket
-        include Metasploit::Framework::Tcp::Client
+
+        # @!attribute ssl
+        #   @return [Boolean] Whether the connection should use SSL
+        attr_accessor :ssl
+        # @!attribute ssl_version
+        #   @return [String] The version of SSL to implement
+        attr_accessor :ssl_version
+        # @!attribute ssl_verify_mode
+        #   @return [String] the SSL certification verification mechanism
+        attr_accessor :ssl_verify_mode
+        # @!attribute ssl_cipher
+        #   @return [String] The SSL cipher to use for the context
+        attr_accessor :ssl_cipher
+        # @!attribute max_send_size
+        #   @return [Integer] The max size of the data to encapsulate in a single packet
+        attr_accessor :max_send_size
+        # @!attribute send_delay
+        #   @return [Integer] The delay between sending packets
+        attr_accessor :send_delay
 
         # @returns [Boolean] If a login is successful and this attribute is true - a Msf::Db::PostgresPR::Connection instance is used as proof,
         #   and the socket is not immediately closed

lib/metasploit/framework/tcp/client.rb

@@ -80,11 +80,6 @@ def connect(global = true, opts={})
             dossl = ssl
           end
 
-        # For Postgres, always connect with SSL disabled; SSL is enabled after the initial connection is made
-        if defined?(self) && self.class.name =~ /Postgres/
-          dossl = false
-        end
-
           nsock = Rex::Socket::Tcp.create(
               'PeerHost'      =>  opts['RHOST'] || rhost,
               'PeerHostname'  =>  opts['SSLServerNameIndication'] || opts['RHOSTNAME'],
@@ -211,3 +206,4 @@ def proxies
     end
   end
 end
+

lib/postgres/postgres-pr/connection.rb

@@ -358,13 +358,14 @@ def establish_connection(uri, proxies, ssl = nil)
         'Proxies' => proxies
       )
       if ssl
-        # Send SSLRequest packet
-        ssl_request = [8, 80877103].pack('N2')
-        @conn.write(ssl_request)
+        ssl_request_message = SSLRequest.new(80877103)
+        @conn.write(ssl_request_message.dump)
         response = @conn.read(1)
         if response == 'S'
           ssl_context = OpenSSL::SSL::SSLContext.new
           ssl_socket = OpenSSL::SSL::SSLSocket.new(@conn, ssl_context)
+          # Ensure the underlying TCP socket is closed when the SSL socket is closed
+          # This prevents resource leaks and ensures proper cleanup of the connection
           ssl_socket.sync_close = true
           ssl_socket.connect
           @conn = ssl_socket