| Lists: | pgsql-hackers |
|---|
| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Cc: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
| Subject: | Refactor SASL exchange in preparation for OAuth Bearer |
| Date: | 2024-02-23 10:30:19 |
| Message-ID: | [email protected] |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Lists: | pgsql-hackers |
The attached two patches are smaller refactorings to the SASL exchange and init
codepaths which are required for the OAuthbearer work [0]. Regardless of the
future of that patchset, these refactorings are nice cleanups and can be
considered in isolation. Another goal is of course to reduce scope of the
OAuth patchset to make it easier to review.
The first patch change state return from the exchange call to use a tri-state
return value instead of the current output parameters. This makes it possible
to introduce async flows, but it also makes the code a lot more readable due to
using descriptve names IMHO.
The second patch sets password_needed during SASL init on the SCRAM exchanges.
This was implicit in the code but since not all future exchanges may require
password, do it explicitly per mechanism instead.
--
Daniel Gustafsson
[0] d1b467a78e0e36ed85a09adf979d04cf124a9d4b(dot)camel(at)vmware(dot)com
| Attachment | Content-Type | Size |
|---|---|---|
| v1-0002-Explicitly-require-password-for-SCRAM-exchange.patch | application/octet-stream | 2.9 KB |
| v1-0001-Refactor-SASL-exchange-to-return-tri-state-status.patch | application/octet-stream | 9.9 KB |
| From: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Refactor SASL exchange in preparation for OAuth Bearer |
| Date: | 2024-02-26 18:56:39 |
| Message-ID: | CAOYmi+=DE-Uu8jN9gYaiEjV8g0jHOZZphS8xj1zM7nQNP0tq8g@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Lists: | pgsql-hackers |
On Fri, Feb 23, 2024 at 2:30 AM Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
>
> The attached two patches are smaller refactorings to the SASL exchange and init
> codepaths which are required for the OAuthbearer work [0]. Regardless of the
> future of that patchset, these refactorings are nice cleanups and can be
> considered in isolation. Another goal is of course to reduce scope of the
> OAuth patchset to make it easier to review.
Thanks for pulling these out! They look good overall, just a few notes below.
In 0001:
> + * SASL_FAILED: The exchance has failed and the connection should be
s/exchance/exchange/
> - if (final && !done)
> + if (final && !(status == SASL_FAILED || status == SASL_COMPLETE))
Since there's not yet a SASL_ASYNC, I wonder if this would be more
readable if it were changed to
if (final && status == SASL_CONTINUE)
to match the if condition shortly after it.
In 0002, at the beginning of pg_SASL_init, the `password` variable now
has an uninitialized code path. The OAuth patchset initializes it to
NULL:
> +++ b/src/interfaces/libpq/fe-auth.c
> @@ -425,7 +425,7 @@ pg_SASL_init(PGconn *conn, int payloadlen)
> int initialresponselen;
> const char *selected_mechanism;
> PQExpBufferData mechanism_buf;
> - char *password;
> + char *password = NULL;
> SASLStatus status;
>
> initPQExpBuffer(&mechanism_buf);
I'll base the next version of the OAuth patchset on top of these.
Thanks!
--Jacob
| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Refactor SASL exchange in preparation for OAuth Bearer |
| Date: | 2024-02-28 22:54:03 |
| Message-ID: | [email protected] |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Lists: | pgsql-hackers |
> On 26 Feb 2024, at 19:56, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> wrote:
>> + * SASL_FAILED: The exchance has failed and the connection should be
>
> s/exchance/exchange/
I rank that as one of my better typos actually. Fixed though.
>> - if (final && !done)
>> + if (final && !(status == SASL_FAILED || status == SASL_COMPLETE))
>
> Since there's not yet a SASL_ASYNC, I wonder if this would be more
> readable if it were changed to
> if (final && status == SASL_CONTINUE)
> to match the if condition shortly after it.
Fair point, that's more readable in this commit.
> In 0002, at the beginning of pg_SASL_init, the `password` variable now
> has an uninitialized code path. The OAuth patchset initializes it to
> NULL:
Nice catch, fixed.
--
Daniel Gustafsson
| Attachment | Content-Type | Size |
|---|---|---|
| v2-0001-Refactor-SASL-exchange-to-return-tri-state-status.patch | application/octet-stream | 9.9 KB |
| v2-0002-Explicitly-require-password-for-SCRAM-exchange.patch | application/octet-stream | 3.2 KB |
| From: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
|---|---|
| To: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Refactor SASL exchange in preparation for OAuth Bearer |
| Date: | 2024-02-29 19:58:46 |
| Message-ID: | CAOYmi+k8OQp4irJxEAvwExOxGdK_13mmiqdevLHHrUVFNKZyBA@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Lists: | pgsql-hackers |
On Wed, Feb 28, 2024 at 2:54 PM Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
> I rank that as one of my better typos actually. Fixed though.
LGTM!
Thanks,
--Jacob
| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Subject: | Re: Refactor SASL exchange in preparation for OAuth Bearer |
| Date: | 2024-03-20 14:28:10 |
| Message-ID: | [email protected] |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Lists: | pgsql-hackers |
> On 29 Feb 2024, at 20:58, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> wrote:
>
> On Wed, Feb 28, 2024 at 2:54 PM Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
>> I rank that as one of my better typos actually. Fixed though.
>
> LGTM!
Thanks for review, and since Heikki marked it ready for committer I assume that
counting as a +1 as well. Attached is a rebase on top of HEAD to get a fresh
run from the CFBot before applying this.
--
Daniel Gustafsson
| Attachment | Content-Type | Size |
|---|---|---|
| v3-0002-Explicitly-require-password-for-SCRAM-exchange.patch | application/octet-stream | 3.2 KB |
| v3-0001-Refactor-SASL-exchange-to-return-tri-state-status.patch | application/octet-stream | 9.9 KB |
| From: | Daniel Gustafsson <daniel(at)yesql(dot)se> |
|---|---|
| To: | Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Heikki Linnakangas <hlinnaka(at)iki(dot)fi> |
| Subject: | Re: Refactor SASL exchange in preparation for OAuth Bearer |
| Date: | 2024-03-21 18:57:46 |
| Message-ID: | [email protected] |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Lists: | pgsql-hackers |
> On 20 Mar 2024, at 15:28, Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
>
>> On 29 Feb 2024, at 20:58, Jacob Champion <jacob(dot)champion(at)enterprisedb(dot)com> wrote:
>>
>> On Wed, Feb 28, 2024 at 2:54 PM Daniel Gustafsson <daniel(at)yesql(dot)se> wrote:
>>> I rank that as one of my better typos actually. Fixed though.
>>
>> LGTM!
>
> Thanks for review, and since Heikki marked it ready for committer I assume that
> counting as a +1 as well. Attached is a rebase on top of HEAD to get a fresh
> run from the CFBot before applying this.
And after another pass over it I ended up pushing it today.
--
Daniel Gustafsson