Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tZzyy-00F5vF-QZ for pgsql-hackers@arkaria.postgresql.org; Mon, 20 Jan 2025 22:10:57 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tZzyx-007KMd-1Z for pgsql-hackers@arkaria.postgresql.org; Mon, 20 Jan 2025 22:10:55 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tZzyw-007KFj-JU for pgsql-hackers@lists.postgresql.org; Mon, 20 Jan 2025 22:10:54 +0000 Received: from smtp.outgoing.loopia.se ([93.188.3.37]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1tZzyt-000boN-2I for pgsql-hackers@postgresql.org; Mon, 20 Jan 2025 22:10:54 +0000 Received: from s807.loopia.se (localhost [127.0.0.1]) by s807.loopia.se (Postfix) with ESMTP id 6480C21247A for ; Mon, 20 Jan 2025 23:10:50 +0100 (CET) Received: from s980.loopia.se (unknown [172.22.191.6]) by s807.loopia.se (Postfix) with ESMTP id 5516C213B00; Mon, 20 Jan 2025 23:10:50 +0100 (CET) Received: from s473.loopia.se (unknown [172.22.191.5]) by s980.loopia.se (Postfix) with ESMTP id 52C302201585; Mon, 20 Jan 2025 23:10:50 +0100 (CET) X-Virus-Scanned: amavisd-new at amavis.loopia.se X-Spam-Flag: NO X-Spam-Score: -1.2 X-Spam-Level: X-Spam-Status: No, score=-1.2 tagged_above=-999 required=6.2 tests=[ALL_TRUSTED=-1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1] autolearn=disabled Authentication-Results: s473.loopia.se (amavisd-new); dkim=pass (2048-bit key) header.d=yesql.se Received: from s979.loopia.se ([172.22.191.6]) by s473.loopia.se (s473.loopia.se [172.22.190.13]) (amavisd-new, port 10024) with LMTP id ewxDFwBnyEFn; Mon, 20 Jan 2025 23:10:49 +0100 (CET) X-Loopia-Auth: user X-Loopia-User: daniel@yesql.se X-Loopia-Originating-IP: 89.255.232.193 Received: from smtpclient.apple (customer-89-255-232-193.stosn.net [89.255.232.193]) (Authenticated sender: daniel@yesql.se) by s979.loopia.se (Postfix) with ESMTPSA id BBAF910BC450; Mon, 20 Jan 2025 23:10:49 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yesql.se; s=loopiadkim1707475645; t=1737411049; bh=codsbx7Cp0nXQsxKFwhbzqa2LNDepVGJAxltwHAIP+8=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=S7YlHVjgu0DJVSYWqUYMvgdHBYDkrlaNmrZ5kfeR2S+OPhbHzJ5cstuUKetA18SI/ 7SkfZehFu/eDRSvERn9MxSSQbTjzr/l1+KtM7q+tWJAIGG7wVHMav46B/ozqi8m16+ QLx6NVMVc4asIvjI0jSGtDj2XZ9XjGrp0c2MffslLkJmbnf/AaIfyBJtoomANUeMuS cPXv2YHWAdlvvFvaMGhj/J898qvDlYJNzkhsu6zpqBQ/Ya9GkG2G7PKFCOrDa/K/cp gYVBqxx2jmw9ZyA2JP3PJ+SQdCc+JqYf6jUjIn/bgFoU38kBEzlxe4aU7KJv/NsJ6z rDDrVL9wYs8Bg== Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3776.700.51.11.1\)) Subject: Re: [PoC] Federated Authn/z with OAUTHBEARER From: Daniel Gustafsson In-Reply-To: Date: Mon, 20 Jan 2025 23:10:39 +0100 Cc: Peter Eisentraut , Antonin Houska , PostgreSQL Hackers Content-Transfer-Encoding: quoted-printable Message-Id: References: <6bde5f56-9e7a-4148-b81c-eb6532cb3651@eisentraut.org> <9B417838-B872-453D-BBFB-99FA957EB723@yesql.se> <54c008ad-1c23-47d8-ba6c-bed98a39c31c@eisentraut.org> <06102deb-00ef-431d-a3ea-65afb246700a@eisentraut.org> To: Jacob Champion X-Mailer: Apple Mail (2.3776.700.51.11.1) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk > On 14 Jan 2025, at 00:21, Jacob Champion = wrote: > - 0001 moves PG_MAX_AUTH_TOKEN_LENGTH, as discussed upthread > - 0002 handles the non-OAuth-specific changes to require_auth (0005 > now highlights the OAuth-specific pieces) > - 0003 adds SASL_ASYNC and its handling code I was reading these diffs with the aim of trying to get them in sooner = rather than later to get us closer to the full patchset committed. Two small = things came to mind: + /* + * The mechanism should have set up the necessary callbacks; all we + * need to do is signal the caller. + */ + *async =3D true; + return STATUS_OK; Is it worth adding assertions here to ensure that everything has been = set up properly to help when adding a new mechanism in the future? + /* Done. Tear down the async implementation. */ + conn->cleanup_async_auth(conn); + conn->cleanup_async_auth =3D NULL; + Assert(conn->altsock =3D=3D PGINVALID_SOCKET); In pqDropConnection() we set ->altsock to NULL just to be sure rather = than assert that cleanup has done so. Shouldn't we be consistent in the expectation and set to NULL here as well? -- Daniel Gustafsson