Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1vgmr3-003oIQ-0l
	for pgsql-hackers@arkaria.postgresql.org;
	Fri, 16 Jan 2026 16:39:21 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1vgmr1-004EP4-2h
	for pgsql-hackers@arkaria.postgresql.org;
	Fri, 16 Jan 2026 16:39:20 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <jacob.champion@enterprisedb.com>)
	id 1vgmr1-004EOn-1b
	for pgsql-hackers@lists.postgresql.org;
	Fri, 16 Jan 2026 16:39:19 +0000
Received: from mail-qv1-xf2d.google.com ([2607:f8b0:4864:20::f2d])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <jacob.champion@enterprisedb.com>)
	id 1vgmqy-000mqj-0G
	for pgsql-hackers@lists.postgresql.org;
	Fri, 16 Jan 2026 16:39:18 +0000
Received: by mail-qv1-xf2d.google.com with SMTP id 6a1803df08f44-8887f43b224so41115266d6.1
        for <pgsql-hackers@lists.postgresql.org>; Fri, 16 Jan 2026 08:39:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=enterprisedb.com; s=google; t=1768581556; x=1769186356; darn=lists.postgresql.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=mtD44P+0GzwbpZcO3xj4nZBtr9mnuRK+MZ8NcsbgqkU=;
        b=jsLt9UXhnGszHNXXpfmJJnsidwskH0J6iPINJOrwzWOcdfx7d1ze3vHAqEzsOxtehb
         Emh7EGJD5LA30ojVh5PtIg7FadfbAt0QpSfxUyxH0cog1giByEuoZnen6/0GZ+2aDUWo
         Da+7Y0eFJ5oFusHsTY1BVgjn2z+sVeQ1NrZP3Rz5+3cjfBxRDgA2Dhxw3SyJfoheG2IJ
         sS7JlrKbwiu8L0zMLB6yUgqD9HRraon9ygezMPkUZ6KaS+3vDETwEzDZfNytz5DsvbUD
         PdmE1ZIiLm31JaAsrFhR2V5KOtBEb9H5BwviLrnu6LX+UzrBdw/XTa21377+yI/Cvitj
         jgZg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1768581556; x=1769186356;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-gg:x-gm-message-state:from
         :to:cc:subject:date:message-id:reply-to;
        bh=mtD44P+0GzwbpZcO3xj4nZBtr9mnuRK+MZ8NcsbgqkU=;
        b=q8bF84hOloYcIYboA8WzAkZi2qpE2r5QFRnwnh+5MsTt9qeQGDbfDEiQzETDv33Hub
         bvZJCiPfSWvknkwq4+CxsYjLwDmpQVdgzSJhZP1sdvLRihQR3wq6VRfsr1ED44z7Nl4K
         RW69VtWhrXR76cvMZo83KUx3qWCjXc8eMZXgK9jBiTNA1ZRFqN8rR7BnVbIeLMZPOFjf
         sU4v33hJWGhs/uQfb67ITrZp3zE2BMw5EDROdTA5oDQPz4vDbJ3wnhrM4sjhSV2K0TAW
         3tV/nxwasWsLDX2WADNkfRaPQMJQHCyzwJqefg3by8gLPoc1Dvu2NHzncIMXvHrjziUi
         jH1g==
X-Forwarded-Encrypted: i=1; AJvYcCWDbRb8BsNJUsEyswgONv9gXnkWtNSpPcNxfntR7eJRc54t3TYwVxIS9kPLIF9PqhSz/MgiuHCv+TKrRRk+@lists.postgresql.org
X-Gm-Message-State: AOJu0YxIgsCAU83VF59Oe8ttHMweCMKgKUMha/RXJWyV9DJvgXFw7l9r
	H80WI0n2qYpBgECfrV8DezAtYd+hOHV9IC61vvEezF5tlUPYGsCRx7jgc+xxrAPzWlKrNVf7sIo
	AkdGpWX9C8MmZR25yO3U48ctruWvSeYB1FNL8gEqn
X-Gm-Gg: AY/fxX5cGYLGJw271icE1vmL3i2pNk2gnPOHiiwt/ToWM/vhQ9MMxjCVoylsUfv9SV5
	fd0ebNB7UFbC6bnvEpR1RZyuoV3oaEo5+nwQMrul0yAumngVY0ZMvbc08lXGAlwPPY9TnLPi1rr
	hFMWNKeZyajO6/XTRxiBypFivqpz9JdIuj/jPsyru2BxEckev212u1n+GVfKsn5hqpYcNXjmmeo
	A8lJHUPDkagkIbgAeIrz4Xm2sDyAQYrorrjCrEqDT9j00lwnbHoFsnRPUS/cF56h49gwmvZzQ==
X-Received: by 2002:a05:6214:29e2:b0:894:2c2b:876b with SMTP id
 6a1803df08f44-8942e2cb2c1mr45512726d6.22.1768581555767; Fri, 16 Jan 2026
 08:39:15 -0800 (PST)
MIME-Version: 1.0
References: <CAN4CZFM3b8u5uNNNsY6XCya257u+Dofms3su9f11iMCxvCacag@mail.gmail.com>
 <CAE2r8H55geNFtECuFunpgn0LJK2+rntGuTeqNr6mP7gGhWFRbA@mail.gmail.com>
 <CAN4CZFP_2fe2-18wUoXDZodV8suVe9o++pv=hP8KxxvWkmCx7A@mail.gmail.com>
 <CAOYmi+kMuA7t9ao6rWZ=5kn_Zmd7qtwOay_ocEBXwkzKWbefhQ@mail.gmail.com>
 <CAE2r8H439jg+e5gXJpNNMoroe4CfWauDRfUBZC_9NUNTOhqzBQ@mail.gmail.com>
 <CAN4CZFN9RMF_79kx75SkQZezd91DocUzz89bJeBJrMO=uNuG2w@mail.gmail.com>
 <CAOYmi+krPZDC8K+9z64M2EY9fELTKzLbqw8fD_wK=87YV+TBgw@mail.gmail.com>
 <CAN4CZFPvjAt+eZJd=Rxp=yXRjva8CpJ_BbnF=vQW6uXCqfrjEg@mail.gmail.com>
 <CAOYmi+nbCrvcE9wLQdNCgMwDbbi_UzGYrzfC54txmMBJ9KxO=Q@mail.gmail.com>
 <CAN4CZFNywvG59B+nBgD1_1fHE2uODBH3EcF_gwLmC7Y5U6Ru4Q@mail.gmail.com>
 <CAOYmi+=-OdzHMzqg9i8TwYvgKwE-vroj0d-9SqnRnwbz02SgTg@mail.gmail.com>
 <CAN4CZFPo1POb9fWMihTACFxE=xSxKEANHRkxN4YbMMN-0SML=w@mail.gmail.com>
 <CAOYmi+kVAiKf=WrnyzGxCmx-uu=arPE0=+Mf_AOhuTzkvCNC2w@mail.gmail.com> <CAN4CZFMeTuH4uANV1bOox0d-1mycCnyghY49cL+E8PYZ4Y=0Kw@mail.gmail.com>
In-Reply-To: <CAN4CZFMeTuH4uANV1bOox0d-1mycCnyghY49cL+E8PYZ4Y=0Kw@mail.gmail.com>
From: Jacob Champion <jacob.champion@enterprisedb.com>
Date: Fri, 16 Jan 2026 08:39:04 -0800
X-Gm-Features: AZwV_Qhq6YklyTjIC6-TTW1MTiAjYNi3yh3nYmBgE_hp06sjqK06Dfb-Jkx7kjo
Message-ID: <CAOYmi+nKQ_7+pWSzw=rP2_T9UL=URHBsKq005BDeMmmC_=PV8g@mail.gmail.com>
Subject: Re: Custom oauth validator options
To: Zsolt Parragi <zsolt.parragi@percona.com>
Cc: VASUKI M <vasukianand0119@gmail.com>, 
	PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>, david.g.johnston@gmail.com, 
	Robert Haas <robertmhaas@gmail.com>, myon@debian.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: <https://www.postgresql.org/message-id/CAOYmi%2BnKQ_7%2BpWSzw%3DrP2_T9UL%3DURHBsKq005BDeMmmC_%3DPV8g%40mail.gmail.com>
Precedence: bulk

On Fri, Jan 16, 2026 at 12:31=E2=80=AFAM Zsolt Parragi
<zsolt.parragi@percona.com> wrote:
> Yes, I see that concern, but that's a bit trickier. To do that
> properly we have to validate the variables, including their values,
> not just their names. If we only validate the names, that doesn't
> guarantee anything.

Right. This goes back to your question upthread as to why I brought
session_preload_libraries into all this -- I thought
session_preload_libraries already had handling for this, but it
doesn't.

> Would it be a good idea for it to dlopen/dlclose libraries?

No, unfortunately.

> The
> requirements of dlclose are not that strict, I'm not sure if it could
> cause any issues.

Last I knew (which was a while back), unloading a shared library tree
is fraught with peril, especially when you add dependency diamonds and
static initializers. I seem to remember that Windows, C++, and OpenSSL
all have particular areas of pain. My guess is that people are going
to make mistakes, leave dangling references around, and then either
crash the postmaster or (worse) copy a crashable address space into
every new backend.

And that's before you get into hooks and GUCs and etc. We used to have
a _PG_fini() callback for modules. It was disabled a long time ago
[1], then recently entirely removed from the codebase.

> > I might be misunderstanding, but wouldn't that imply that DBAs could
> > now put every existing SIGHUP setting into HBA? That doesn't seem
> > good.
>
> Yes, that would mean that. I'm not saying that would be
> better/semantically correct, but technically it could also work,
> that's why I mentioned it.

Okay, but that wouldn't be a committable change.

> The main use of PGC_HBA in this patch is to
> add additional error reporting / separate what can be placed into
> pg_hba. I could argue both for this approach and the opposite where we
> allow other variables in pg_hba.

Not sure what you mean by this (maybe once I can really test the
patch, I'll see?), but the reason I suggested placing PGC_HBA right
after PGC_SIGHUP is this: any SU_BACKEND or below variable seems
logically appropriate to set per HBA line, if the DBA wants (they're
all per-session), and anything SIGHUP or above is inappropriate/unsafe
(they're per-cluster). Does your patch disable the former?

[checks] Ah, it does prohibit those. Why?

--Jacob

[1] https://postgr.es/c/602a9ef5a7c60151e10293ae3c4bb3fbb0132d03