Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tzOGE-001PyO-LV for pgsql-hackers@arkaria.postgresql.org; Mon, 31 Mar 2025 23:09:42 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tzOGC-00DmSe-BL for pgsql-hackers@arkaria.postgresql.org; Mon, 31 Mar 2025 23:09:40 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tzOGC-00DmSW-0Q for pgsql-hackers@lists.postgresql.org; Mon, 31 Mar 2025 23:09:40 +0000 Received: from mail-qv1-xf33.google.com ([2607:f8b0:4864:20::f33]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1tzOG6-002E5L-1N for pgsql-hackers@lists.postgresql.org; Mon, 31 Mar 2025 23:09:38 +0000 Received: by mail-qv1-xf33.google.com with SMTP id 6a1803df08f44-6e41e17645dso48401736d6.2 for ; Mon, 31 Mar 2025 16:09:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=enterprisedb.com; s=google; t=1743462573; x=1744067373; darn=lists.postgresql.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=5jZksdtBucYERFprpnQmS8I8Bj4irjRsHmP4oOdPML4=; b=mMNfjx6DQXpsfo/AKGRPLKyLkUbsc1TLwGli7Qc5uWCUjAwwANV0TWOp0yLt3keNLy aROww34lBVTeo3oOE/1mje4hsMdn7nwu6PVPE5U6Q7mnsng5uXsfYzYzKh2+UnRkVMGP PlzRddTNAg+rwWLmVnSDog+I7lq2B8avrMHUw3dq0TOMLhagkZDLEyq3dTgwyZk2o3U0 RNJYxuSXDuMF1f8XH3a2zp4rTaVHXFXIv9eYuNr65VeLvn2fHz18VIOzX1+6IOtZgDdN 6ximEgmhCFnUJ6faKBeSi6Ukug8gIIyhb1HuHwo/1wzqainUi7tLrrg+H9BNI4Ek7RUN GJQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743462573; x=1744067373; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=5jZksdtBucYERFprpnQmS8I8Bj4irjRsHmP4oOdPML4=; b=kXhdLd7wI8Uj5xYURkKva4TfrMlNmQ+hD99FAcEYv+ldlYfn22Jybw98wQAYOBLj31 HcTWlthMuOtzG8MvbtUZ9o7KgLeZQkzLrKjRk65L352YDxs5hRDctJPIB8sqrv6WrF00 TyKrESceMiR5ROiQm6lGZ4jfmC24caS8lR3h1dETvNXCpwdvGiVteNJTRUaagVarn7jA DSt8P46wljl5FuXjkDzQ2A5N5FoIUQit/0yDzn94MIFvluKm9HH3qNc1MKF0+88CST2k KqZMbfNx5ZQKvRTtaUv2Nh5G5sqpj5jrInETBgloNOtE+ZrmqZA9QKQUtANCxp4C4dIX Qaig== X-Forwarded-Encrypted: i=1; AJvYcCXXEAYpl9aMc/gcX1VSZWrDQ3FjXq+5zZ4EpG24fJkUK/b+XCQpV4Cvsyb8TNXWdziAgbese8XDREiTA9Xr@lists.postgresql.org X-Gm-Message-State: AOJu0YwFVpsSk203DW67sdATjFUQhk8h2Itwwp0QlWMI84y5i84vQ9bn KPOUA1Ur8UFJyCL2+QZcmOducmkINxxMnGTde1dlBdi3cigkCq/WUT4KJTk32Re/yqJUVU+PTEx 8j74PNwxCpea5f9tYb6wABpjXulRZ9elOY099 X-Gm-Gg: ASbGnct4oFzhs0rP76DVRBlgJnHJwqzVzMx2i7DUsHquuN8ENkoIQuHfJzcHYBHP5Mr ZUtGxDSZ9ov8HJpTerGUO9pwnSxageTn+aipM9uFKynZJZ6mV51ISgi+px08w4xiL2xUexSkwJb dwkdXri1NPjUpa71npd7BtpqVh X-Google-Smtp-Source: AGHT+IE0snMycMD83poBA0IttjgR4UYtYyRwQq0muRiJfw63h7XmgNmv9XdUErb1RnB1aaRPioTz8di+bs723bg8+gc= X-Received: by 2002:a05:6214:19ca:b0:6eb:2fd4:30b0 with SMTP id 6a1803df08f44-6eed61d9379mr164916076d6.13.1743462573211; Mon, 31 Mar 2025 16:09:33 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Jacob Champion Date: Mon, 31 Mar 2025 16:09:22 -0700 X-Gm-Features: AQ5f1JoEE7DI7aA5OKYV2Y8E_Of4VdPpq84qHXvn7I7ZSlphLPwClN1q4xxEkFI Message-ID: Subject: Re: pgsql: Add support for OAUTHBEARER SASL mechanism To: Christoph Berg Cc: Daniel Gustafsson , Thomas Munro , pgsql-hackers@lists.postgresql.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Mon, Mar 31, 2025 at 2:54=E2=80=AFPM Christoph Berg wr= ote: > > > Add support for OAUTHBEARER SASL mechanism > > Debian still has this experimental port with a GNU userland and a > FreeBSD kernel called kfreebsd. I don't expect anyone to particularly > care about it, but it found an actual bug: > > /build/reproducible-path/postgresql-18-18~~devel.20250331/build/../src/in= terfaces/libpq/fe-auth-oauth-curl.c: In function =E2=80=98register_socket= =E2=80=99: > /build/reproducible-path/postgresql-18-18~~devel.20250331/build/../src/in= terfaces/libpq/fe-auth-oauth-curl.c:1317:20: error: =E2=80=98actx=E2=80=99 = undeclared (first use in this function); did you mean =E2=80=98ctx=E2=80=99= ? > 1317 | actx_error(actx, "libpq does not support multiplexer sock= ets on this platform"); > | ^~~~ > > This should not be a compile-time error; actx is not defined outside > the #ifdef blocks there: Ah, sorry about that. Thank you for reporting it! (That means that Windows builds --with-libcurl are similarly broken, I think. Not that Windows packagers will want to use --with-libcurl -- it doesn't do anything -- but it should build.) I don't have hurd-amd64 to test, but I'm working on a patch that will build and pass tests if I manually munge pg_config.h. We were skipping the useless tests via a $windows_os check; I think I should use check_pg_config() instead. We could change how this works a bit for the proposed libpq-oauth.so plugin, and only build it if we have a workable implementation. I do like having these other platforms compile the Curl code, though, since we'd prefer to keep the build clean for a future Windows implementation... --Jacob