Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tTIAm-004Ycz-HC for pgsql-hackers@arkaria.postgresql.org; Thu, 02 Jan 2025 10:11:25 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tTIAl-00DpJF-EC for pgsql-hackers@arkaria.postgresql.org; Thu, 02 Jan 2025 10:11:23 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tTIAk-00DpFM-4X for pgsql-hackers@lists.postgresql.org; Thu, 02 Jan 2025 10:11:22 +0000 Received: from fhigh-b7-smtp.messagingengine.com ([202.12.124.158]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tTIAb-002o96-HB for pgsql-hackers@postgresql.org; Thu, 02 Jan 2025 10:11:21 +0000 Received: from phl-compute-11.internal (phl-compute-11.phl.internal [10.202.2.51]) by mailfhigh.stl.internal (Postfix) with ESMTP id DE90025400AB; Thu, 2 Jan 2025 05:11:10 -0500 (EST) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-11.internal (MEProxy); Thu, 02 Jan 2025 05:11:11 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=eisentraut.org; h=cc:cc:content-transfer-encoding:content-type:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:subject:subject:to:to; s=fm1; t=1735812670; x=1735899070; bh=/rr8i7MH181inWucgr77jIlfp4MKq8NU Vj83xpwWjaM=; b=MEpag8QgTVR7WqddMS2IMStaaZiDSSHrdRU+BqEGjA9HsaCc dGh38bB8A+PCuWDvmoW/HidnRQE87NbyC2ExUUaiEwQvF+LDTO0NeZH40YfICUjm Q7n2PVyLYXJamessTjnRSfq++27iZjIENJgCcnjRT6W/dr8IWQF3407pnxFPOVg2 xt5WJKvEZVtGPC+UP3aF0110xRtciUW/GHoosHNPYZs7veVXVDAYQ/35krUhDhGH +JpIWyLGze1oQ/pObX3mB5nvz5oS6nsHdf+VFTXe2KlIzofLEyNnjb/jAkxhiTlV AXvLMeeZRpst8j6gMt8wgQuZlS3Dku0a8N2h6g== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1735812670; x= 1735899070; bh=/rr8i7MH181inWucgr77jIlfp4MKq8NUVj83xpwWjaM=; b=C ApCh/uRcCODdJGGN34mZCVgD9En86FU1ayvKy8f4MHhoHEdnwp6o5atiwIFFCQql Mp0yQxXLd1if/BrnbhgSXsi7/mjO+eBBFiHverb0eh5C8iggvOOBmBDha7w7asay fIwDMHXcDp94xQqmIaslOACqqxREax5WLdBT5qdDoSgr5Y5XjbY9FSnUdqR5pJyA HY5QIOxbCTm7/KkjfrKtGGWkYYrTIUZHeE2QxL5k5yNKBfI81qz+AH9h59JlwBNv Rieqo89op/fhQMGPhBkk+SACtKBatbnME5olKjq+dH8WYBbd1R10yt2M+x6MSjsJ /8h47ES7FvsiqhqKwanAg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddrudefvddguddvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh htshculddquddttddmnecujfgurhepkfffgggfuffvvehfhfgjtgfgsehtjeertddtvdej necuhfhrohhmpefrvghtvghrucfgihhsvghnthhrrghuthcuoehpvghtvghrsegvihhsvg hnthhrrghuthdrohhrgheqnecuggftrfgrthhtvghrnhepgfejtdfhkeeftdeugfeileeh teeljeeghfeuledthfeutedvffdukeefjefhgeehnecuvehluhhsthgvrhfuihiivgeptd enucfrrghrrghmpehmrghilhhfrhhomhepphgvthgvrhesvghishgvnhhtrhgruhhtrdho rhhgpdhnsggprhgtphhtthhopeegpdhmohguvgepshhmthhpohhuthdprhgtphhtthhope hjrggtohgsrdgthhgrmhhpihhonhesvghnthgvrhhprhhishgvuggsrdgtohhmpdhrtghp thhtohepuggrnhhivghlseihvghsqhhlrdhsvgdprhgtphhtthhopegrhhestgihsggvrh htvggtrdgrthdprhgtphhtthhopehpghhsqhhlqdhhrggtkhgvrhhssehpohhsthhgrhgv shhqlhdrohhrgh X-ME-Proxy: Feedback-ID: ie0a040ee:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 2 Jan 2025 05:11:09 -0500 (EST) Message-ID: Date: Thu, 2 Jan 2025 11:11:07 +0100 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PoC] Federated Authn/z with OAUTHBEARER To: Jacob Champion , Daniel Gustafsson Cc: Antonin Houska , PostgreSQL Hackers References: <4503.1727703521@antos> <63648.1728384409@antos> <2453.1729230681@antos> <6bde5f56-9e7a-4148-b81c-eb6532cb3651@eisentraut.org> <9B417838-B872-453D-BBFB-99FA957EB723@yesql.se> Content-Language: en-US From: Peter Eisentraut In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 20.12.24 02:00, Jacob Champion wrote: > v40 also contains: > - explicit testing for connect_timeout compatibility > - support for require_auth=oauth, including compatibility with > require_auth=!scram-sha-256 > - the ability for a validator to set authn_id even if the token is not > authorized, for auditability in the logs > - the use of pq_block_sigpipe() for additional safety in the face of > CURLOPT_NOSIGNAL > > I have split out the require_auth changes temporarily (0002) for ease > of review, and I plan to ping the last thread where SASL support in > require_auth was discussed [1]. Some review of v40: General: There is a mix of using "URL" and "URI" throughout the patch. I tried to look up in the source material (RFCs) what the correct use would be, but even they are mixing it in nonobvious ways. Maybe this is just hopelessly confused, or maybe there is a system that I don't recognize. * .cirrus.tasks.yml Since libcurl is an "auto" meson option, it doesn't need to be enabled explicitly. At least that's how most of the other feature options are handled. So probably better to stick to that pattern. * config/programs.m4 Useless whitespace change. * configure.ac +AC_MSG_CHECKING([whether to build with libcurl support for OAuth client flows]) etc. Let's just write something like 'whether to build with libcurl support' here. So we don't have to keep updating it if the scope of the option changes. * meson_options.txt +option('libcurl', type : 'feature', value: 'auto', + description: 'libcurl support for OAuth client flows') Similarly, let's just write something like 'libcurl support' here. * src/backend/libpq/auth-oauth.c +typedef enum +{ + OAUTH_STATE_INIT = 0, + OAUTH_STATE_ERROR, + OAUTH_STATE_FINISHED, +} oauth_state; + +/* Mechanism callback state. */ +struct oauth_ctx +{ + oauth_state state; This is the only use of that type definition. I think you can skip the typedef and use the enum tag directly. * src/interfaces/libpq/libpq-fe.h +#ifdef WIN32 +#include /* for SOCKET */ +#endif Including a system header like that seems a bit unpleasant. AFAICT, you only need it for this: + PostgresPollingStatusType (*async) (PGconn *conn, + struct _PGoauthBearerRequest *request, + SOCKTYPE * altsock); But that function could already get the altsock handle via conn->altsock. So maybe that is a way to avoid the whole socket type dance in this header. * src/test/authentication/t/001_password.pl I suppose this file could be a separate commit? It just separates the SASL/SCRAM terminology for existing functionality. * src/test/modules/oauth_validator/fail_validator.c +{ + elog(FATAL, "fail_validator: sentinel error"); + pg_unreachable(); +} This pg_unreachable() is probably not necessary after elog(FATAL). * .../modules/oauth_validator/oauth_hook_client.c +#include +#include These are generally not necessary, as they come in via c.h. +#ifdef WIN32 +#include +#else +#include +#endif I don't think this special Windows handling is necessary, since there is src/include/port/win32/sys/socket.h. +static void +usage(char *argv[]) +{ + fprintf(stderr, "usage: %s [flags] CONNINFO\n\n", argv[0]); Help output should go to stdout. With the above changes, I think this patch set is structurally okay now. Now it just needs to do the right things. ;-)