1: e7f87668ab ! 1: b6e8358f44 common/jsonapi: support FRONTEND clients @@ Commit message We can now partially revert b44669b2ca, now that json_errdetail() works correctly. - ## src/bin/pg_verifybackup/parse_manifest.c ## -@@ src/bin/pg_verifybackup/parse_manifest.c: json_parse_manifest(JsonManifestParseContext *context, char *buffer, - /* Run the actual JSON parser. */ - json_error = pg_parse_json(lex, &sem); - if (json_error != JSON_SUCCESS) -- json_manifest_parse_failure(context, "parsing failed"); -+ json_manifest_parse_failure(context, json_errdetail(json_error, lex)); - if (parse.state != JM_EXPECT_EOF) - json_manifest_parse_failure(context, "manifest ended unexpectedly"); - - ## src/bin/pg_verifybackup/t/005_bad_manifest.pl ## @@ src/bin/pg_verifybackup/t/005_bad_manifest.pl: use Test::More; my $tempdir = PostgreSQL::Test::Utils::tempdir; @@ src/common/Makefile: override CPPFLAGS += -DVAL_LDFLAGS_EX="\"$(LDFLAGS_EX)\"" +override CPPFLAGS := -DFRONTEND -I. -I$(top_srcdir)/src/common -I$(libpq_srcdir) $(CPPFLAGS) LIBS += $(PTHREAD_LIBS) - # If you add objects here, see also src/tools/msvc/Mkvcbuild.pm + OBJS_COMMON = \ ## src/common/jsonapi.c ## @@ @@ src/common/meson.build: foreach name, opts : pgcommon_variants 'dependencies': opts['dependencies'] + [ssl], } + ## src/common/parse_manifest.c ## +@@ src/common/parse_manifest.c: json_parse_manifest(JsonManifestParseContext *context, char *buffer, + /* Run the actual JSON parser. */ + json_error = pg_parse_json(lex, &sem); + if (json_error != JSON_SUCCESS) +- json_manifest_parse_failure(context, "parsing failed"); ++ json_manifest_parse_failure(context, json_errdetail(json_error, lex)); + if (parse.state != JM_EXPECT_EOF) + json_manifest_parse_failure(context, "manifest ended unexpectedly"); + + ## src/include/common/jsonapi.h ## @@ #ifndef JSONAPI_H 2: 0ab79a168f ! 2: 5fa08a8033 libpq: add OAUTHBEARER SASL mechanism @@ Commit message - fix libcurl initialization thread-safety - harden the libcurl flow implementation - figure out pgsocket/int difference on Windows + - fix intermittent failure in the cleanup callback tests (race + condition?) - ...and more. ## configure ## @@ src/interfaces/libpq/Makefile: endif endif ## src/interfaces/libpq/exports.txt ## -@@ src/interfaces/libpq/exports.txt: PQclosePrepared 188 - PQclosePortal 189 - PQsendClosePrepared 190 +@@ src/interfaces/libpq/exports.txt: PQsendClosePrepared 190 PQsendClosePortal 191 -+PQsetAuthDataHook 192 -+PQgetAuthDataHook 193 -+PQdefaultAuthDataHook 194 + PQchangePassword 192 + PQsendPipelineSync 193 ++PQsetAuthDataHook 194 ++PQgetAuthDataHook 195 ++PQdefaultAuthDataHook 196 ## src/interfaces/libpq/fe-auth-oauth-curl.c (new) ## @@ @@ src/interfaces/libpq/fe-auth-oauth-curl.c (new) + */ + cnt = sscanf(interval_str, "%f", &parsed); + -+ Assert(cnt == 1); /* otherwise the lexer screwed up */ ++ if (cnt != 1) ++ { ++ /* ++ * Either the lexer screwed up or our assumption above isn't true, and ++ * either way a developer needs to take a look. ++ */ ++ Assert(cnt == 1); ++ return 1; /* don't fall through in release builds */ ++ } ++ + parsed = ceilf(parsed); + + if (parsed < 1) @@ src/interfaces/libpq/fe-auth.c: pg_fe_sendauth(AuthRequest areq, int payloadlen, { /* Use this message if pg_SASL_continue didn't supply one */ if (conn->errorMessage.len == oldmsglen) -@@ src/interfaces/libpq/fe-auth.c: PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user, - - return crypt_pwd; +@@ src/interfaces/libpq/fe-auth.c: PQchangePassword(PGconn *conn, const char *user, const char *passwd) + } + } } + +PQauthDataHook_type PQauthDataHook = PQdefaultAuthDataHook; @@ src/interfaces/libpq/fe-connect.c: keep_going: /* We will come back to here case CONNECTION_AUTH_OK: { /* -@@ src/interfaces/libpq/fe-connect.c: makeEmptyPGconn(void) +@@ src/interfaces/libpq/fe-connect.c: pqMakeEmptyPGconn(void) conn->verbosity = PQERRORS_DEFAULT; conn->show_context = PQSHOW_CONTEXT_ERRORS; conn->sock = PGINVALID_SOCKET; @@ src/interfaces/libpq/libpq-fe.h: extern int PQenv2encoding(void); + extern char *PQencryptPassword(const char *passwd, const char *user); extern char *PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user, const char *algorithm); + extern PGresult *PQchangePassword(PGconn *conn, const char *user, const char *passwd); +typedef int (*PQauthDataHook_type) (PGAuthData type, PGconn *conn, void *data); +extern void PQsetAuthDataHook(PQauthDataHook_type hook); 3: fb0cc3f87e ! 3: 13cf3f80b8 backend: add OAUTHBEARER SASL mechanism @@ src/backend/libpq/hba.c: parse_hba_auth_opt(char *name, char *val, HbaLine *hbal ## src/backend/libpq/meson.build ## @@ - # Copyright (c) 2022-2023, PostgreSQL Global Development Group + # Copyright (c) 2022-2024, PostgreSQL Global Development Group backend_sources += files( + 'auth-oauth.c', 4: 153347752c = 4: 83a55ba4eb Add pytest suite for OAuth 5: 8b85e542a7 ! 5: 49a3b2dfd1 squash! Add pytest suite for OAuth @@ .cirrus.tasks.yml: task: # NB: Intentionally build without -Dllvm. The freebsd image size is already # large enough to make VM startup slow, and even without llvm freebsd @@ .cirrus.tasks.yml: task: - --buildtype=debug \ - -Dcassert=true -Duuid=bsd -Dtcl_version=tcl86 -Ddtrace=auto \ + -Dcassert=true -Dinjection_points=true \ + -Duuid=bsd -Dtcl_version=tcl86 -Ddtrace=auto \ -DPG_TEST_EXTRA="$PG_TEST_EXTRA" \ + -Doauth=curl \ -Dextra_lib_dirs=/usr/local/lib -Dextra_include_dirs=/usr/local/include/ \ -: ---------- > 6: a68494323f XXX temporary patches to build and test