PostgreSQL Source Code git master
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
Data Structures | Enumerations | Functions | Variables
fe-auth-oauth.h File Reference
#include "libpq-fe.h"
#include "libpq-int.h"
Include dependency graph for fe-auth-oauth.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  fe_oauth_state
 

Enumerations

enum  fe_oauth_step { FE_OAUTH_INIT , FE_OAUTH_BEARER_SENT , FE_OAUTH_REQUESTING_TOKEN , FE_OAUTH_SERVER_ERROR }
 

Functions

PostgresPollingStatusType pg_fe_run_oauth_flow (PGconn *conn)
 
void pg_fe_cleanup_oauth_flow (PGconn *conn)
 
void pqClearOAuthToken (PGconn *conn)
 
bool oauth_unsafe_debugging_enabled (void)
 

Variables

const pg_fe_sasl_mech pg_oauth_mech
 

Enumeration Type Documentation

◆ fe_oauth_step

enum fe_oauth_step
Enumerator
FE_OAUTH_INIT 
FE_OAUTH_BEARER_SENT 
FE_OAUTH_REQUESTING_TOKEN 
FE_OAUTH_SERVER_ERROR 

Definition at line 22 of file fe-auth-oauth.h.

23{
24 FE_OAUTH_INIT,
25 FE_OAUTH_BEARER_SENT,
26 FE_OAUTH_REQUESTING_TOKEN,
27 FE_OAUTH_SERVER_ERROR,
28};
FE_OAUTH_REQUESTING_TOKEN
@ FE_OAUTH_REQUESTING_TOKEN
Definition: fe-auth-oauth.h:26
FE_OAUTH_SERVER_ERROR
@ FE_OAUTH_SERVER_ERROR
Definition: fe-auth-oauth.h:27
FE_OAUTH_INIT
@ FE_OAUTH_INIT
Definition: fe-auth-oauth.h:24
FE_OAUTH_BEARER_SENT
@ FE_OAUTH_BEARER_SENT
Definition: fe-auth-oauth.h:25

Function Documentation

◆ oauth_unsafe_debugging_enabled()

bool oauth_unsafe_debugging_enabled ( void  )

Definition at line 1158 of file fe-auth-oauth.c.

1159{
1160 const char *env = getenv("PGOAUTHDEBUG");
1161
1162 return (env && strcmp(env, "UNSAFE") == 0);
1163}

Referenced by issuer_from_well_known_uri(), and pg_fe_run_oauth_flow_impl().

◆ pg_fe_cleanup_oauth_flow()

void pg_fe_cleanup_oauth_flow ( PGconn conn)

Definition at line 304 of file fe-auth-oauth-curl.c.

305{
306 fe_oauth_state *state = conn->sasl_state;
307
308 if (state->async_ctx)
309 {
310 free_async_ctx(conn, state->async_ctx);
311 state->async_ctx = NULL;
312 }
313
314 conn->altsock = PGINVALID_SOCKET;
315}
free_async_ctx
static void free_async_ctx(PGconn *conn, struct async_ctx *actx)
Definition: fe-auth-oauth-curl.c:237
PGINVALID_SOCKET
#define PGINVALID_SOCKET
Definition: port.h:31
conn
PGconn * conn
Definition: streamutil.c:52
fe_oauth_state
Definition: fe-auth-oauth.h:31
pg_conn::altsock
pgsocket altsock
Definition: libpq-int.h:530
pg_conn::sasl_state
void * sasl_state
Definition: libpq-int.h:600
state
Definition: regguts.h:323

References pg_conn::altsock, conn, free_async_ctx(), PGINVALID_SOCKET, and pg_conn::sasl_state.

Referenced by setup_token_request().

◆ pg_fe_run_oauth_flow()

PostgresPollingStatusType pg_fe_run_oauth_flow ( PGconn conn)

Definition at line 2850 of file fe-auth-oauth-curl.c.

2851{
2852 PostgresPollingStatusType result;
2853#ifndef WIN32
2854 sigset_t osigset;
2855 bool sigpipe_pending;
2856 bool masked;
2857
2858 /*---
2859 * Ignore SIGPIPE on this thread during all Curl processing.
2860 *
2861 * Because we support multiple threads, we have to set up libcurl with
2862 * CURLOPT_NOSIGNAL, which disables its default global handling of
2863 * SIGPIPE. From the Curl docs:
2864 *
2865 * libcurl makes an effort to never cause such SIGPIPE signals to
2866 * trigger, but some operating systems have no way to avoid them and
2867 * even on those that have there are some corner cases when they may
2868 * still happen, contrary to our desire.
2869 *
2870 * Note that libcurl is also at the mercy of its DNS resolution and SSL
2871 * libraries; if any of them forget a MSG_NOSIGNAL then we're in trouble.
2872 * Modern platforms and libraries seem to get it right, so this is a
2873 * difficult corner case to exercise in practice, and unfortunately it's
2874 * not really clear whether it's necessary in all cases.
2875 */
2876 masked = (pq_block_sigpipe(&osigset, &sigpipe_pending) == 0);
2877#endif
2878
2879 result = pg_fe_run_oauth_flow_impl(conn);
2880
2881#ifndef WIN32
2882 if (masked)
2883 {
2884 /*
2885 * Undo the SIGPIPE mask. Assume we may have gotten EPIPE (we have no
2886 * way of knowing at this level).
2887 */
2888 pq_reset_sigpipe(&osigset, sigpipe_pending, true /* EPIPE, maybe */ );
2889 }
2890#endif
2891
2892 return result;
2893}
pg_fe_run_oauth_flow_impl
static PostgresPollingStatusType pg_fe_run_oauth_flow_impl(PGconn *conn)
Definition: fe-auth-oauth-curl.c:2612
pq_reset_sigpipe
void pq_reset_sigpipe(sigset_t *osigset, bool sigpipe_pending, bool got_epipe)
Definition: fe-secure.c:554
pq_block_sigpipe
int pq_block_sigpipe(sigset_t *osigset, bool *sigpipe_pending)
Definition: fe-secure.c:504
PostgresPollingStatusType
PostgresPollingStatusType
Definition: libpq-fe.h:113

References conn, pg_fe_run_oauth_flow_impl(), pq_block_sigpipe(), and pq_reset_sigpipe().

Referenced by setup_token_request().

◆ pqClearOAuthToken()

void pqClearOAuthToken ( PGconn conn)

Definition at line 1144 of file fe-auth-oauth.c.

1145{
1146 if (!conn->oauth_token)
1147 return;
1148
1149 explicit_bzero(conn->oauth_token, strlen(conn->oauth_token));
1150 free(conn->oauth_token);
1151 conn->oauth_token = NULL;
1152}
free
#define free(a)
Definition: header.h:65
explicit_bzero
void explicit_bzero(void *buf, size_t len)
Definition: explicit_bzero.c:50
pg_conn::oauth_token
char * oauth_token
Definition: libpq-int.h:448

References conn, explicit_bzero(), free, and pg_conn::oauth_token.

Referenced by pqClosePGconn(), and PQconnectPoll().

Variable Documentation

◆ pg_oauth_mech

const pg_fe_sasl_mech pg_oauth_mech
extern

Definition at line 35 of file fe-auth-oauth.c.

Referenced by pg_SASL_init(), pqConnectOptions2(), and PQconnectPoll().