commit 69cacd5e0869b18d64ff4233ef6a73123c513496 Author: Jacob Champion Date: Thu Aug 11 15:16:15 2022 -0700 squash! Allow parallel workers to read authn_id Add a copy of hba->auth_method to ClientConnectionInfo when set_authn_id() is called. diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index 313a6ea701..9113f04189 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -333,9 +333,9 @@ auth_failed(Port *port, int status, const char *logdetail) /* - * Sets the authenticated identity for the current user. The provided string - * will be copied into the TopMemoryContext. The ID will be logged if - * log_connections is enabled. + * Sets the authenticated identity for the current user. The provided string + * will be stored into MyClientConnectionInfo, alongside the current HBA method + * in use. The ID will be logged if log_connections is enabled. * * Auth methods should call this routine exactly once, as soon as the user is * successfully authenticated, even if they have reasons to know that @@ -365,6 +365,7 @@ set_authn_id(Port *port, const char *id) } MyClientConnectionInfo.authn_id = MemoryContextStrdup(TopMemoryContext, id); + MyClientConnectionInfo.auth_method = port->hba->auth_method; if (Log_connections) { @@ -372,8 +373,8 @@ set_authn_id(Port *port, const char *id) errmsg("connection authenticated: identity=\"%s\" method=%s " "(%s:%d)", MyClientConnectionInfo.authn_id, - hba_authname(port->hba->auth_method), HbaFileName, - port->hba->linenumber)); + hba_authname(MyClientConnectionInfo.auth_method), + HbaFileName, port->hba->linenumber)); } } diff --git a/src/backend/utils/init/miscinit.c b/src/backend/utils/init/miscinit.c index 973103374b..155ba92c67 100644 --- a/src/backend/utils/init/miscinit.c +++ b/src/backend/utils/init/miscinit.c @@ -954,6 +954,8 @@ EstimateClientConnectionInfoSpace(void) if (MyClientConnectionInfo.authn_id) size = add_size(size, strlen(MyClientConnectionInfo.authn_id) + 1); + size = add_size(size, sizeof(UserAuth)); + return size; } @@ -981,6 +983,15 @@ SerializeClientConnectionInfo(Size maxsize, char *start_address) maxsize -= len; start_address += len; } + + { + UserAuth *auth_method = (UserAuth*) start_address; + + Assert(sizeof(*auth_method) <= maxsize); + *auth_method = MyClientConnectionInfo.auth_method; + maxsize -= sizeof(*auth_method); + start_address += sizeof(*auth_method); + } } /* @@ -1001,6 +1012,13 @@ RestoreClientConnectionInfo(char *conninfo) conninfo); conninfo += strlen(conninfo) + 1; } + + { + UserAuth *auth_method = (UserAuth*) conninfo; + + MyClientConnectionInfo.auth_method = *auth_method; + conninfo += sizeof(*auth_method); + } } diff --git a/src/include/libpq/libpq-be.h b/src/include/libpq/libpq-be.h index c900411fdd..0643733765 100644 --- a/src/include/libpq/libpq-be.h +++ b/src/include/libpq/libpq-be.h @@ -111,7 +111,7 @@ typedef struct { /* * Authenticated identity. The meaning of this identifier is dependent on - * hba->auth_method; it is the identity (if any) that the user presented + * auth_method; it is the identity (if any) that the user presented * during the authentication cycle, before they were assigned a database * role. (It is effectively the "SYSTEM-USERNAME" of a pg_ident usermap * -- though the exact string in use may be different, depending on pg_hba @@ -121,6 +121,12 @@ typedef struct * example if the "trust" auth method is in use. */ const char *authn_id; + + /* + * The HBA method that determined the above authn_id. This only has meaning + * if authn_id is not NULL; otherwise it's undefined. + */ + UserAuth auth_method; } ClientConnectionInfo; /*