Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w050X-001bBw-2o for pgsql-hackers@arkaria.postgresql.org; Tue, 10 Mar 2026 21:52:54 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1w050W-006CIQ-0v for pgsql-hackers@arkaria.postgresql.org; Tue, 10 Mar 2026 21:52:52 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1w050V-006CIG-2o for pgsql-hackers@lists.postgresql.org; Tue, 10 Mar 2026 21:52:52 +0000 Received: from mail-qt1-x829.google.com ([2607:f8b0:4864:20::829]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1w050U-00000001Vqb-1Pyx for pgsql-hackers@postgresql.org; Tue, 10 Mar 2026 21:52:51 +0000 Received: by mail-qt1-x829.google.com with SMTP id d75a77b69052e-509149ab7d7so27312251cf.2 for ; Tue, 10 Mar 2026 14:52:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1773179569; cv=none; d=google.com; s=arc-20240605; b=M6/2kQE0fiBCSObaLSS6qVzWHXXxFuIgQYtb/Sq2Dp3lvTy5iMnatiVUa/D2FOyoZb WaHcsrpJZDjqpNgEMDihcUsvgRSrcfTw6+IKeSYmPgELqXbV6q+QktAJOGv+DLnVugGa rD5W3hWSmoD5+3bki7e7fQBal1LDoq6XNVP1vp08RKfJmuvRmxDgUIPrlNxMw7ng5HgU uF2t1ssw3EX6bZyLRS2n8FEbscY3/Xl66T3NlU+dlzwSOxmahZun4/C3CEqNnatwovT2 5H4cS9wVP315xEoXuUZKRfKg29sO5yTRzoAejUlw/3+xvnqOt6txjyNh1MQ6oM9szXg1 NLaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=nNgbucVHgWvbsChmsI46kPZkkTF6xQAaxa8qMEBDST8=; fh=947TUinT24CtLrjBOwWnV4F6raCcG3Op0RTQ1XdEw7U=; b=jG94AtEk6Eqmhax9yJmUVlWqPlwOSQvlJeh95rjIA2/B0DmiXBEg74agBPHvWF6L9E Ec0P71dQw21zXCpIRMZRU3I2EjOkup74L/BOqnYm//jzH3IGOEIt9WludlPswklUUbPw dWLKCd7w+Zzxg3J0B7I4wU2L6rS5MtT8Xqf5QNkRiws2G9+zE9in4AFqFiIiKjUUogPv v9u2iTvRVyuGBsw4ux3vtQ6AWL4T6bfuOPbegYYYm4t9fzhEZDLORsqYla5nVzwrd1MA 85joN3YxzRU/r5/UiW0Z4VyeRdFITL+/RgJgKgpC4/+3vicZGnh24hS/5euEfeCWacQi yRag==; darn=postgresql.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=enterprisedb.com; s=google; t=1773179569; x=1773784369; darn=postgresql.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=nNgbucVHgWvbsChmsI46kPZkkTF6xQAaxa8qMEBDST8=; b=Qx3ITSzzTEc7drxLNYqMQZXhf1cyz10Vih7EjxEG64ymZm5EM4PnYE9RMmB0wabv59 ASD+Sxl8TuoyYsGq7MykC1Fz82cdgUCaCRi5pbmFkMoK3h3iYrx7k2wHrj/2lxr92Ds6 zLKtkvt4Mygs3faiGKD7ctwS7eaAOM/65tcFR6C3HZrNfer+FnyRtpZdScSQbsRRT0kX 0EsxN3IMYBIR7yVaop4oz5hoSfCETdkzgESMkhk2PiJ/g2uUAKzrugUdhpIYPBvHsBjj rRPyGkZ9Mb8bkcK0XUjBBDcwEU0OOgGrxbwq82T/s4rFaoy4DWidjeQrqHTfmTTPpTPU Unmw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1773179569; x=1773784369; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=nNgbucVHgWvbsChmsI46kPZkkTF6xQAaxa8qMEBDST8=; b=szYIaPzORoeoJ5ZQfKfglOkIdaymVbMnGm+ju0nGTmNcQDN/2yuRj7BPLguUsh/GsN aCeNPDEJjWGPcZU+B/7S75Y+wn5tjsD4M2/5hQo9EU7e6hzDhIOzqENLSE6mvz6dzQVu SBOtbKA4DIZj6NQRXAFzVYwdsiM3lGA9JvIA9HfSEaCOdFCIyBk8QNyO5A4PAHUoVEe0 8+pi3PfSGJpNE/+GqWxxe+v5B1TlGQA863pfLBLm0jNo13VEW2Htu46XdUj5txIzwNbp 8MQhhKzAN4Fu/mXzXY1CVSAgRrzsmQVnXJ4ipr3XIMX1/4ZrnkiMVHqDl5V9PxTUgEKh /o8g== X-Forwarded-Encrypted: i=1; AJvYcCWugN6n7TLBPrd28X3MCJZDDYy+dUMwJw2E0FSLE5lT/QNrvvaYRLCvsQnA1+Wiu3nwWkB0eEb2c3LWR3Wa@postgresql.org X-Gm-Message-State: AOJu0YxDTOQqiP70ese/c2bM6zbdITn7SRN6xuBNC9LVNL7gxZQZ8ZMH SGRBpm4uMnwWIOR0u1kM8q8rvh4rYJKpKTwRmOsybEFFyyUszgYnXzR4a/DIJc4RZL7hdcLPi9l irKSzgszu49DcvXgxnZiNG1m/uWU3Lv8vPI2xE7nK X-Gm-Gg: ATEYQzzYPD20ikdUCkCw/LWIhzYmn9n770mQxeLsTe/EDosyBjaLARFc3nydtp+TSPm hO5S4FAzBYhlGndP6NX66iwKbTCjl/CXDuy5MLhn/Zxevc29qgeHvFcFfaeI1ZiHzI7QiMKDTsF c6tix0HK9S+DFPmcQENvWgSfjmozk8g1m+mWFBxS9nbEbTOBNTtmStf5Y9S3Xc6wo8mdzcfiTDr /WdTcSNKc77DhI8jFubqbkxhPc7pPd0LD1kKi8E6nywnfJSe7tPJSGRTnqbfBpRuEcFfAlAAYJD /xN50lvp7A== X-Received: by 2002:a05:622a:1ba4:b0:509:1e54:a501 with SMTP id d75a77b69052e-50939f5584cmr3871441cf.9.1773179569518; Tue, 10 Mar 2026 14:52:49 -0700 (PDT) MIME-Version: 1.0 References: <7DB528BA-C7A0-4B23-890C-5332FB35A16E@yesql.se> <7094F798-8DD1-4974-9A04-10E147B29581@gmail.com> <15434512-B3FB-4AB3-B6B3-5D85ED0B4BBE@yandex-team.ru> In-Reply-To: From: Jacob Champion Date: Tue, 10 Mar 2026 14:52:38 -0700 X-Gm-Features: AaiRm50SSGY88thrj2meA4NO5QMfxsdvjxshQleNH9wv4plS6DRDNmBQV5RP_X8 Message-ID: Subject: Re: Improve OAuth discovery logging To: Zsolt Parragi Cc: Andrey Borodin , Chao Li , Daniel Gustafsson , PostgreSQL Hackers , Michael Paquier , Tom Lane Content-Type: multipart/mixed; boundary="0000000000005d6a0a064cb28a5d" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --0000000000005d6a0a064cb28a5d Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, Mar 5, 2026 at 12:11=E2=80=AFPM Zsolt Parragi wrote: > Attached v6 with the problematic log expectation removed. Okay, I was doing some final pre-commit review today and... unfortunately, using STATUS_EOF like my "TODO" suggested breaks our de facto SASL profile. The server hasn't completed its side of the exchange until it sends either [AuthenticationSASLFinal+]AuthenticationOk or ErrorResponse. Since STATUS_EOF suppresses not only the log message but the entire ereport(FATAL), we'll never send that last packet, so a more polite client can't tell whether the server finished the exchange or just crashed. v6 doesn't fail any tests because of a shortcut I took in PQconnectPoll() in libpq, which skips reading the final message from a known-doomed OAuth discovery connection. But you can see it if you apply the attached patch. (It's not a correct patch; it just shows the problem.) I'm experimenting with an ereport(FATAL_CLIENT_ONLY) option, in the same vein as WARNING_CLIENT_ONLY, to try to cover this. --Jacob P.S. I would eventually like to record our undocumented SASL profile in a test suite (he said, staring at pg-pytest)... --0000000000005d6a0a064cb28a5d Content-Type: application/octet-stream; name="nocfbot.polite.diff" Content-Disposition: attachment; filename="nocfbot.polite.diff" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_mml53dnp0 Y29tbWl0IGYyMWMxYjhhZWNjMmE3ZThiYWExYjFiMDA0MDU1ZWFiYjA1NzQwM2IKQXV0aG9yOiBK YWNvYiBDaGFtcGlvbiA8amFjb2IuY2hhbXBpb25AZW50ZXJwcmlzZWRiLmNvbT4KRGF0ZTogICBU dWUgTWFyIDEwIDEyOjU4OjA1IDIwMjYKCiAgICBYWFggcG9saXRlIGxpYnBxCgpkaWZmIC0tZ2l0 IGEvc3JjL2ludGVyZmFjZXMvbGlicHEvZmUtYXV0aC1vYXV0aC5jIGIvc3JjL2ludGVyZmFjZXMv bGlicHEvZmUtYXV0aC1vYXV0aC5jCmluZGV4IDJhZWYzMjdjNjhiLi41NjJjODU5NWMzMiAxMDA2 NDQKLS0tIGEvc3JjL2ludGVyZmFjZXMvbGlicHEvZmUtYXV0aC1vYXV0aC5jCisrKyBiL3NyYy9p bnRlcmZhY2VzL2xpYnBxL2ZlLWF1dGgtb2F1dGguYwpAQCAtMTQwMCw3ICsxNDAwLDcgQEAgcmVj b25uZWN0OgogCSAqLwogCWxpYnBxX2FwcGVuZF9jb25uX2Vycm9yKGNvbm4sICJyZXRyeWluZyBj b25uZWN0aW9uIHdpdGggbmV3IGJlYXJlciB0b2tlbiIpOwogCWNvbm4tPm9hdXRoX3dhbnRfcmV0 cnkgPSB0cnVlOwotCXJldHVybiBTQVNMX0ZBSUxFRDsKKwlyZXR1cm4gU0FTTF9DT01QTEVURTsK IH0KIAogc3RhdGljIGJvb2wKZGlmZiAtLWdpdCBhL3NyYy9pbnRlcmZhY2VzL2xpYnBxL2ZlLWNv bm5lY3QuYyBiL3NyYy9pbnRlcmZhY2VzL2xpYnBxL2ZlLWNvbm5lY3QuYwppbmRleCBkYjliNGM4 ZWRiZi4uMTUxZDQwOTZmMzIgMTAwNjQ0Ci0tLSBhL3NyYy9pbnRlcmZhY2VzL2xpYnBxL2ZlLWNv bm5lY3QuYworKysgYi9zcmMvaW50ZXJmYWNlcy9saWJwcS9mZS1jb25uZWN0LmMKQEAgLTQxMzAs NiArNDEzMCwxNyBAQCBrZWVwX2dvaW5nOgkJCQkJCS8qIFdlIHdpbGwgY29tZSBiYWNrIHRvIGhl cmUgdW50aWwgdGhlcmUgaXMKIAkJCQkvKiBIYW5kbGUgZXJyb3JzLiAqLwogCQkJCWlmIChiZXJl c3AgPT0gUHFNc2dfRXJyb3JSZXNwb25zZSkKIAkJCQl7CisJCQkJCS8qCisJCQkJCSAqIE9BdXRo IGNvbm5lY3Rpb25zIG1heSBwZXJmb3JtIHR3by1zdGVwIGRpc2NvdmVyeSwgd2hlcmUKKwkJCQkJ ICogdGhlIGZpcnN0IGNvbm5lY3Rpb24gaXMgYSBkdW1teS4gV2UgZXhwZWN0IGEgZmFpbHVyZQor CQkJCQkgKiBtZXNzYWdlIHRvIGVuZCB0aGUgU0FTTCBleGNoYW5nZSBmcm9tIHRoZSBzZXJ2ZXIg c2lkZS4KKwkJCQkJICovCisJCQkJCWlmIChjb25uLT5zYXNsID09ICZwZ19vYXV0aF9tZWNoICYm IGNvbm4tPm9hdXRoX3dhbnRfcmV0cnkpCisJCQkJCXsKKwkJCQkJCW5lZWRfbmV3X2Nvbm5lY3Rp b24gPSB0cnVlOworCQkJCQkJZ290byBrZWVwX2dvaW5nOworCQkJCQl9CisKIAkJCQkJaWYgKHBx R2V0RXJyb3JOb3RpY2UzKGNvbm4sIHRydWUpKQogCQkJCQl7CiAJCQkJCQlsaWJwcV9hcHBlbmRf Y29ubl9lcnJvcihjb25uLCAicmVjZWl2ZWQgaW52YWxpZCBlcnJvciBtZXNzYWdlIik7CkBAIC00 MjQzLDE5ICs0MjU0LDcgQEAga2VlcF9nb2luZzoJCQkJCQkvKiBXZSB3aWxsIGNvbWUgYmFjayB0 byBoZXJlIHVudGlsIHRoZXJlIGlzCiAJCQkJY29ubi0+aW5TdGFydCA9IGNvbm4tPmluQ3Vyc29y OwogCiAJCQkJaWYgKHJlcyAhPSBTVEFUVVNfT0spCi0JCQkJewotCQkJCQkvKgotCQkJCQkgKiBP QXV0aCBjb25uZWN0aW9ucyBtYXkgcGVyZm9ybSB0d28tc3RlcCBkaXNjb3ZlcnksIHdoZXJlCi0J CQkJCSAqIHRoZSBmaXJzdCBjb25uZWN0aW9uIGlzIGEgZHVtbXkuCi0JCQkJCSAqLwotCQkJCQlp ZiAoY29ubi0+c2FzbCA9PSAmcGdfb2F1dGhfbWVjaCAmJiBjb25uLT5vYXV0aF93YW50X3JldHJ5 KQotCQkJCQl7Ci0JCQkJCQluZWVkX25ld19jb25uZWN0aW9uID0gdHJ1ZTsKLQkJCQkJCWdvdG8g a2VlcF9nb2luZzsKLQkJCQkJfQotCiAJCQkJCWdvdG8gZXJyb3JfcmV0dXJuOwotCQkJCX0KIAog CQkJCS8qCiAJCQkJICogSnVzdCBtYWtlIHN1cmUgdGhhdCBhbnkgZGF0YSBzZW50IGJ5IHBnX2Zl X3NlbmRhdXRoIGlzCg== --0000000000005d6a0a064cb28a5d--