#include "postgres_fe.h"
#include <curl/curl.h>
#include <math.h>
#include <unistd.h>
#include "common/jsonapi.h"
#include "mb/pg_wchar.h"
#include "oauth-curl.h"
#include "fe-auth-oauth.h"
#include "libpq-int.h"
#include "oauth-debug.h"

Include dependency graph for oauth-curl.c:

This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures
struct	provider

struct	device_authz

struct	token_error

struct	token

struct	async_ctx

struct	json_field

struct	oauth_parse

Macros
#define	MAX_OAUTH_RESPONSE_SIZE (256 * 1024)

#define	MAX_OAUTH_NESTING_LEVEL 16

#define	actx_error(ACTX, FMT, ...) appendPQExpBuffer(&(ACTX)->errbuf, libpq_gettext(FMT), ##__VA_ARGS__)

#define	actx_error_internal(ACTX, FMT, ...) appendPQExpBuffer(&(ACTX)->errbuf, FMT, ##__VA_ARGS__)

#define	actx_error_str(ACTX, S) appendPQExpBufferStr(&(ACTX)->errbuf, S)

#define	CHECK_MSETOPT(ACTX, OPT, VAL, FAILACTION)

#define	CHECK_SETOPT(ACTX, OPT, VAL, FAILACTION)

#define	CHECK_GETINFO(ACTX, INFO, OUT, FAILACTION)

#define	PG_OAUTH_REQUIRED true

#define	PG_OAUTH_OPTIONAL false

#define	oauth_parse_set_error(ctx, fmt, ...) appendPQExpBuffer((ctx)->errbuf, libpq_gettext(fmt), ##__VA_ARGS__)

#define	oauth_parse_set_error_internal(ctx, fmt, ...) appendPQExpBuffer((ctx)->errbuf, fmt, ##__VA_ARGS__)

#define	CURL_IGNORE_DEPRECATION(x) x

#define	PG_CURL_IGNORE_DEPRECATION(x) CURL_IGNORE_DEPRECATION(x;)

#define	HTTPS_SCHEME "https://"

#define	OAUTH_GRANT_TYPE_DEVICE_CODE "urn:ietf:params:oauth:grant-type:device_code"

Enumerations
enum	OAuthStep { OAUTH_STEP_INIT = 0 , OAUTH_STEP_DISCOVERY , OAUTH_STEP_DEVICE_AUTHORIZATION , OAUTH_STEP_TOKEN_REQUEST , OAUTH_STEP_WAIT_INTERVAL }

Functions
static void	free_provider (struct provider *provider)

static void	free_device_authz (struct device_authz *authz)

static void	free_token_error (struct token_error *err)

static void	free_token (struct token *tok)

static void	free_async_ctx (struct async_ctx *actx)

static void	pg_fe_cleanup_oauth_flow (PGconn conn, PGoauthBearerRequest request)

static void	append_actx_error (PGoauthBearerRequestV2 req, struct async_ctx actx)

static void	report_type_mismatch (struct oauth_parse *ctx)

static JsonParseErrorType	oauth_json_object_start (void *state)

static JsonParseErrorType	oauth_json_object_field_start (void state, char name, bool isnull)

static JsonParseErrorType	oauth_json_object_end (void *state)

static JsonParseErrorType	oauth_json_array_start (void *state)

static JsonParseErrorType	oauth_json_array_end (void *state)

static JsonParseErrorType	oauth_json_scalar (void state, char token, JsonTokenType type)

static bool	check_content_type (struct async_ctx actx, const char type)

static bool	parse_oauth_json (struct async_ctx actx, const struct json_field fields)

static bool	parse_provider (struct async_ctx actx, struct provider provider)

static double	parse_json_number (const char *s)

static int	parse_interval (struct async_ctx actx, const char interval_str)

static int	parse_expires_in (struct async_ctx actx, const char expires_in_str)

static bool	parse_device_authz (struct async_ctx actx, struct device_authz authz)

static bool	parse_token_error (struct async_ctx actx, struct token_error err)

static void	record_token_error (struct async_ctx actx, const struct token_error err)

static bool	parse_access_token (struct async_ctx actx, struct token tok)

static bool	setup_multiplexer (struct async_ctx *actx)

static int	register_socket (CURL curl, curl_socket_t socket, int what, void ctx, void *socketp)

static bool	comb_multiplexer (struct async_ctx *actx)

static bool	set_timer (struct async_ctx *actx, long timeout)

static int	timer_expired (struct async_ctx *actx)

static int	register_timer (CURLM curlm, long timeout, void ctx)

static bool	drain_timer_events (struct async_ctx actx, bool was_expired)

static int	debug_callback (CURL handle, curl_infotype type, char data, size_t size, void *clientp)

static bool	setup_curl_handles (struct async_ctx *actx)

static size_t	append_data (char buf, size_t size, size_t nmemb, void userdata)

static bool	start_request (struct async_ctx *actx)

static PostgresPollingStatusType	drive_request (struct async_ctx *actx)

static void	append_urlencoded (PQExpBuffer buf, const char *s)

static char *	urlencode (const char *s)

static void	build_urlencoded (PQExpBuffer buf, const char key, const char value)

static bool	start_discovery (struct async_ctx actx, const char discovery_uri)

static bool	finish_discovery (struct async_ctx *actx)

static bool	check_issuer (struct async_ctx actx, PGconn conn)

static bool	check_for_device_flow (struct async_ctx *actx)

static bool	add_client_identification (struct async_ctx actx, PQExpBuffer reqbody, PGconn conn)

static bool	start_device_authz (struct async_ctx actx, PGconn conn)

static bool	finish_device_authz (struct async_ctx *actx)

static bool	start_token_request (struct async_ctx actx, PGconn conn)

static bool	finish_token_request (struct async_ctx actx, struct token tok)

static bool	handle_token_response (struct async_ctx actx, char *token)

static bool	prompt_user (struct async_ctx actx, PGconn conn)

static bool	initialize_curl (PGoauthBearerRequestV2 *req)

static PostgresPollingStatusType	pg_fe_run_oauth_flow_impl (PGconn conn, PGoauthBearerRequestV2 request, int *altsock)

static PostgresPollingStatusType	pg_fe_run_oauth_flow (PGconn conn, struct PGoauthBearerRequest request, int *altsock)

int	pg_start_oauthbearer (PGconn conn, PGoauthBearerRequestV2 request)

Macro Definition Documentation

◆ actx_error

#define actx_error	(	ACTX,
		FMT,
		...
	)	appendPQExpBuffer(&(ACTX)->errbuf, libpq_gettext(FMT), ##__VA_ARGS__)

Definition at line 419 of file oauth-curl.c.

◆ actx_error_internal

#define actx_error_internal	(	ACTX,
		FMT,
		...
	)	appendPQExpBuffer(&(ACTX)->errbuf, FMT, ##__VA_ARGS__)

Definition at line 422 of file oauth-curl.c.

◆ actx_error_str

#define actx_error_str	(	ACTX,
		S
	)	appendPQExpBufferStr(&(ACTX)->errbuf, S)

Definition at line 425 of file oauth-curl.c.

◆ CHECK_GETINFO

#define CHECK_GETINFO	(	ACTX,
		INFO,
		OUT,
		FAILACTION
	)

Value:

    do { \
        struct async_ctx *_actx = (ACTX); \
        CURLcode    _getinfoerr = curl_easy_getinfo(_actx->curl, INFO, OUT); \
		if (_getinfoerr) { \
			actx_error(_actx, "failed to get %s from OAuth response: %s",\
                       #INFO, curl_easy_strerror(_getinfoerr)); \
            FAILACTION; \
        } \
    } while (0)

Definition at line 455 of file oauth-curl.c.

       { \
        struct async_ctx *_actx = (ACTX); \
        CURLcode    _getinfoerr = curl_easy_getinfo(_actx->curl, INFO, OUT); \
		if (_getinfoerr) { \
			actx_error(_actx, "failed to get %s from OAuth response: %s",\
                       #INFO, curl_easy_strerror(_getinfoerr)); \
            FAILACTION; \
        } \
    } while (0)

◆ CHECK_MSETOPT

#define CHECK_MSETOPT	(	ACTX,
		OPT,
		VAL,
		FAILACTION
	)

Value:

    do { \
        struct async_ctx *_actx = (ACTX); \
        CURLMcode   _setopterr = curl_multi_setopt(_actx->curlm, OPT, VAL); \
		if (_setopterr) { \
			actx_error(_actx, "failed to set %s on OAuth connection: %s",\
                       #OPT, curl_multi_strerror(_setopterr)); \
            FAILACTION; \
        } \
    } while (0)

Definition at line 433 of file oauth-curl.c.

       { \
        struct async_ctx *_actx = (ACTX); \
        CURLMcode   _setopterr = curl_multi_setopt(_actx->curlm, OPT, VAL); \
		if (_setopterr) { \
			actx_error(_actx, "failed to set %s on OAuth connection: %s",\
                       #OPT, curl_multi_strerror(_setopterr)); \
            FAILACTION; \
        } \
    } while (0)

◆ CHECK_SETOPT

#define CHECK_SETOPT	(	ACTX,
		OPT,
		VAL,
		FAILACTION
	)

Value:

    do { \
        struct async_ctx *_actx = (ACTX); \
        CURLcode    _setopterr = curl_easy_setopt(_actx->curl, OPT, VAL); \
		if (_setopterr) { \
			actx_error(_actx, "failed to set %s on OAuth connection: %s",\
                       #OPT, curl_easy_strerror(_setopterr)); \
            FAILACTION; \
        } \
    } while (0)

Definition at line 444 of file oauth-curl.c.

       { \
        struct async_ctx *_actx = (ACTX); \
        CURLcode    _setopterr = curl_easy_setopt(_actx->curl, OPT, VAL); \
		if (_setopterr) { \
			actx_error(_actx, "failed to set %s on OAuth connection: %s",\
                       #OPT, curl_easy_strerror(_setopterr)); \
            FAILACTION; \
        } \
    } while (0)

◆ CURL_IGNORE_DEPRECATION

#define CURL_IGNORE_DEPRECATION ( x ) x

Definition at line 1957 of file oauth-curl.c.

◆ HTTPS_SCHEME

#define HTTPS_SCHEME "https://"

Definition at line 2267 of file oauth-curl.c.

◆ MAX_OAUTH_NESTING_LEVEL

#define MAX_OAUTH_NESTING_LEVEL 16

Definition at line 89 of file oauth-curl.c.

◆ MAX_OAUTH_RESPONSE_SIZE

#define MAX_OAUTH_RESPONSE_SIZE (256 * 1024)

Definition at line 75 of file oauth-curl.c.

◆ OAUTH_GRANT_TYPE_DEVICE_CODE

#define OAUTH_GRANT_TYPE_DEVICE_CODE "urn:ietf:params:oauth:grant-type:device_code"

Definition at line 2268 of file oauth-curl.c.

◆ oauth_parse_set_error

#define oauth_parse_set_error	(	ctx,
		fmt,
		...
	)	appendPQExpBuffer((ctx)->errbuf, libpq_gettext(fmt), ##__VA_ARGS__)

Definition at line 509 of file oauth-curl.c.

◆ oauth_parse_set_error_internal

#define oauth_parse_set_error_internal	(	ctx,
		fmt,
		...
	)	appendPQExpBuffer((ctx)->errbuf, fmt, ##__VA_ARGS__)

Definition at line 512 of file oauth-curl.c.

◆ PG_CURL_IGNORE_DEPRECATION

#define PG_CURL_IGNORE_DEPRECATION ( x ) CURL_IGNORE_DEPRECATION(x;)

Definition at line 1964 of file oauth-curl.c.

◆ PG_OAUTH_OPTIONAL

#define PG_OAUTH_OPTIONAL false

Definition at line 497 of file oauth-curl.c.

◆ PG_OAUTH_REQUIRED

#define PG_OAUTH_REQUIRED true

Definition at line 496 of file oauth-curl.c.

Enumeration Type Documentation

◆ OAuthStep

enum OAuthStep

Enumerator
OAUTH_STEP_INIT
OAUTH_STEP_DISCOVERY
OAUTH_STEP_DEVICE_AUTHORIZATION
OAUTH_STEP_TOKEN_REQUEST
OAUTH_STEP_WAIT_INTERVAL

Definition at line 206 of file oauth-curl.c.

{
    OAUTH_STEP_INIT = 0,
    OAUTH_STEP_DISCOVERY,
    OAUTH_STEP_DEVICE_AUTHORIZATION,
    OAUTH_STEP_TOKEN_REQUEST,
    OAUTH_STEP_WAIT_INTERVAL,
};

Function Documentation

◆ add_client_identification()

static bool add_client_identification	(	struct async_ctx *	actx,
		PQExpBuffer	reqbody,
		PGconn *	conn
	)

static

Definition at line 2335 of file oauth-curl.c.

{
    const char *oauth_client_id = actx->client_id;
    const char *oauth_client_secret = actx->client_secret;
 
    bool        success = false;
    char       *username = NULL;
    char       *password = NULL;
 
    if (oauth_client_secret)    /* Zero-length secrets are permitted! */
    {
        /*----
         * Use HTTP Basic auth to send the client_id and secret. Per RFC 6749,
         * Sec. 2.3.1,
         *
         *   Including the client credentials in the request-body using the
         *   two parameters is NOT RECOMMENDED and SHOULD be limited to
         *   clients unable to directly utilize the HTTP Basic authentication
         *   scheme (or other password-based HTTP authentication schemes).
         *
         * Additionally:
         *
         *   The client identifier is encoded using the
         *   "application/x-www-form-urlencoded" encoding algorithm per Appendix
         *   B, and the encoded value is used as the username; the client
         *   password is encoded using the same algorithm and used as the
         *   password.
         *
         * (Appendix B modifies application/x-www-form-urlencoded by requiring
         * an initial UTF-8 encoding step. Since the client ID and secret must
         * both be 7-bit ASCII -- RFC 6749 Appendix A -- we don't worry about
         * that in this function.)
         *
         * client_id is not added to the request body in this case. Not only
         * would it be redundant, but some providers in the wild (e.g. Okta)
         * refuse to accept it.
         */
        username = urlencode(oauth_client_id);
        password = urlencode(oauth_client_secret);
 
        if (!username || !password)
        {
            actx_error(actx, "out of memory");
            goto cleanup;
        }
 
        CHECK_SETOPT(actx, CURLOPT_HTTPAUTH, CURLAUTH_BASIC, goto cleanup);
        CHECK_SETOPT(actx, CURLOPT_USERNAME, username, goto cleanup);
        CHECK_SETOPT(actx, CURLOPT_PASSWORD, password, goto cleanup);
 
        actx->used_basic_auth = true;
    }
    else
    {
        /*
         * If we're not otherwise authenticating, client_id is REQUIRED in the
         * request body.
         */
        build_urlencoded(reqbody, "client_id", oauth_client_id);
 
        CHECK_SETOPT(actx, CURLOPT_HTTPAUTH, CURLAUTH_NONE, goto cleanup);
        actx->used_basic_auth = false;
    }
 
    success = true;
 
cleanup:
    free(username);
    free(password);
 
    return success;
}

References actx_error, build_urlencoded(), CHECK_SETOPT, cleanup(), fb(), free, password, success, urlencode(), and username.

Referenced by start_device_authz(), and start_token_request().

◆ append_actx_error()

static void append_actx_error	(	PGoauthBearerRequestV2 *	req,
		struct async_ctx *	actx
	)

static

Definition at line 379 of file oauth-curl.c.

{
    PQExpBuffer errbuf = &actx->work_data;
 
    resetPQExpBuffer(errbuf);
 
    /*
     * Assemble the three parts of our error: context, body, and detail. See
     * also the documentation for struct async_ctx.
     */
    if (actx->errctx)
        appendPQExpBuffer(errbuf, "%s: ", actx->errctx);
 
    if (PQExpBufferDataBroken(actx->errbuf))
        appendPQExpBufferStr(errbuf, libpq_gettext("out of memory"));
    else
        appendPQExpBufferStr(errbuf, actx->errbuf.data);
 
    if (actx->curl_err[0])
    {
        appendPQExpBuffer(errbuf, " (libcurl: %s)", actx->curl_err);
 
        /* Sometimes libcurl adds a newline to the error buffer. :( */
        if (errbuf->len >= 2 && errbuf->data[errbuf->len - 2] == '\n')
        {
            errbuf->data[errbuf->len - 2] = ')';
            errbuf->data[errbuf->len - 1] = '\0';
            errbuf->len--;
        }
    }
 
    req->error = errbuf->data;
}

References appendPQExpBuffer(), appendPQExpBufferStr(), PQExpBufferData::data, async_ctx::errbuf, fb(), PQExpBufferData::len, libpq_gettext, PQExpBufferDataBroken, and resetPQExpBuffer().

Referenced by pg_fe_run_oauth_flow_impl(), and pg_start_oauthbearer().

◆ append_data()

static size_t append_data	(	char *	buf,
		size_t	size,
		size_t	nmemb,
		void *	userdata
	)

static

Definition at line 1876 of file oauth-curl.c.

{
    struct async_ctx *actx = userdata;
    PQExpBuffer resp = &actx->work_data;
    size_t      len = size * nmemb;
 
    /* In case we receive data over the threshold, abort the transfer */
    if ((resp->len + len) > MAX_OAUTH_RESPONSE_SIZE)
    {
        actx_error(actx, "response is too large");
        return 0;
    }
 
    /* The data passed from libcurl is not null-terminated */
    appendBinaryPQExpBuffer(resp, buf, len);
 
    /*
     * Signal an error in order to abort the transfer in case we ran out of
     * memory in accepting the data.
     */
    if (PQExpBufferBroken(resp))
    {
        actx_error(actx, "out of memory");
        return 0;
    }
 
    return len;
}

References actx_error, appendBinaryPQExpBuffer(), buf, fb(), len, MAX_OAUTH_RESPONSE_SIZE, and PQExpBufferBroken.

Referenced by restore_one_database(), RestoreArchive(), SetOutput(), and start_request().

◆ append_urlencoded()

static void append_urlencoded	(	PQExpBuffer	buf,
		const char *	s
	)

static

Definition at line 2070 of file oauth-curl.c.

{
    char       *escaped;
    char       *haystack;
    char       *match;
 
    /* The first parameter to curl_easy_escape is deprecated by Curl */
    escaped = curl_easy_escape(NULL, s, 0);
    if (!escaped)
    {
        termPQExpBuffer(buf);   /* mark the buffer broken */
        return;
    }
 
    /*
     * curl_easy_escape() almost does what we want, but we need the
     * query-specific flavor which uses '+' instead of '%20' for spaces. The
     * Curl command-line tool does this with a simple search-and-replace, so
     * follow its lead.
     */
    haystack = escaped;
 
    while ((match = strstr(haystack, "%20")) != NULL)
    {
        /* Append the unmatched portion, followed by the plus sign. */
        appendBinaryPQExpBuffer(buf, haystack, match - haystack);
        appendPQExpBufferChar(buf, '+');
 
        /* Keep searching after the match. */
        haystack = match + 3 /* strlen("%20") */ ;
    }
 
    /* Push the remainder of the string onto the buffer. */
    appendPQExpBufferStr(buf, haystack);
 
    curl_free(escaped);
}

References appendBinaryPQExpBuffer(), appendPQExpBufferChar(), appendPQExpBufferStr(), buf, fb(), and termPQExpBuffer().

Referenced by build_urlencoded(), and urlencode().

◆ build_urlencoded()

static void build_urlencoded	(	PQExpBuffer	buf,
		const char *	key,
		const char *	value
	)

static

Definition at line 2128 of file oauth-curl.c.

{
    if (buf->len)
        appendPQExpBufferChar(buf, '&');
 
    append_urlencoded(buf, key);
    appendPQExpBufferChar(buf, '=');
    append_urlencoded(buf, value);
}

References append_urlencoded(), appendPQExpBufferChar(), buf, and value.

Referenced by add_client_identification(), start_device_authz(), and start_token_request().

◆ check_content_type()

static bool check_content_type	(	struct async_ctx *	actx,
		const char *	type
	)

static

Definition at line 812 of file oauth-curl.c.

{
    const size_t type_len = strlen(type);
    char       *content_type;
 
    CHECK_GETINFO(actx, CURLINFO_CONTENT_TYPE, &content_type, return false);
 
    if (!content_type)
    {
        actx_error(actx, "no content type was provided");
        return false;
    }
 
    /*
     * We need to perform a length limited comparison and not compare the
     * whole string.
     */
    if (pg_strncasecmp(content_type, type, type_len) != 0)
        goto fail;
 
    /* On an exact match, we're done. */
    Assert(strlen(content_type) >= type_len);
    if (content_type[type_len] == '\0')
        return true;
 
    /*
     * Only a semicolon (optionally preceded by HTTP optional whitespace) is
     * acceptable after the prefix we checked. This marks the start of media
     * type parameters, which we currently have no use for.
     */
    for (size_t i = type_len; content_type[i]; ++i)
    {
        switch (content_type[i])
        {
            case ';':
                return true;    /* success! */
 
            case ' ':
            case '\t':
                /* HTTP optional whitespace allows only spaces and htabs. */
                break;
 
            default:
                goto fail;
        }
    }
 
fail:
    actx_error(actx, "unexpected content type: \"%s\"", content_type);
    return false;
}

References actx_error, Assert, CHECK_GETINFO, fb(), i, pg_strncasecmp(), and type.

Referenced by parse_oauth_json().

◆ check_for_device_flow()

static bool check_for_device_flow ( struct async_ctx * actx )

static

Definition at line 2276 of file oauth-curl.c.

{
    const struct provider *provider = &actx->provider;
 
    Assert(provider->issuer);   /* ensured by parse_provider() */
    Assert(provider->token_endpoint);   /* ensured by parse_provider() */
 
    if (!provider->device_authorization_endpoint)
    {
        actx_error(actx,
                   "issuer \"%s\" does not provide a device authorization endpoint",
                   provider->issuer);
        return false;
    }
 
    /*
     * The original implementation checked that OAUTH_GRANT_TYPE_DEVICE_CODE
     * was present in the discovery document's grant_types_supported list. MS
     * Entra does not advertise this grant type, though, and since it doesn't
     * make sense to stand up a device_authorization_endpoint without also
     * accepting device codes at the token_endpoint, that's the only thing we
     * currently require.
     */
 
    /*
     * Although libcurl will fail later if the URL contains an unsupported
     * scheme, that error message is going to be a bit opaque. This is a
     * decent time to bail out if we're not using HTTPS for the endpoints
     * we'll use for the flow.
     */
    if ((actx->debug_flags & OAUTHDEBUG_UNSAFE_HTTP) == 0)
    {
        if (pg_strncasecmp(provider->device_authorization_endpoint,
                           HTTPS_SCHEME, strlen(HTTPS_SCHEME)) != 0)
        {
            actx_error(actx,
                       "device authorization endpoint \"%s\" must use HTTPS",
                       provider->device_authorization_endpoint);
            return false;
        }
 
        if (pg_strncasecmp(provider->token_endpoint,
                           HTTPS_SCHEME, strlen(HTTPS_SCHEME)) != 0)
        {
            actx_error(actx,
                       "token endpoint \"%s\" must use HTTPS",
                       provider->token_endpoint);
            return false;
        }
    }
 
    return true;
}

References actx_error, Assert, provider::device_authorization_endpoint, fb(), HTTPS_SCHEME, provider::issuer, OAUTHDEBUG_UNSAFE_HTTP, pg_strncasecmp(), and provider::token_endpoint.

Referenced by pg_fe_run_oauth_flow_impl().

◆ check_issuer()

static bool check_issuer	(	struct async_ctx *	actx,
		PGconn *	conn
	)

static

Definition at line 2231 of file oauth-curl.c.

{
    const struct provider *provider = &actx->provider;
    const char *oauth_issuer_id = actx->issuer_id;
 
    Assert(oauth_issuer_id);    /* ensured by setup_oauth_parameters() */
    Assert(provider->issuer);   /* ensured by parse_provider() */
 
    /*---
     * We require strict equality for issuer identifiers -- no path or case
     * normalization, no substitution of default ports and schemes, etc. This
     * is done to match the rules in OIDC Discovery Sec. 4.3 for config
     * validation:
     *
     *    The issuer value returned MUST be identical to the Issuer URL that
     *    was used as the prefix to /.well-known/openid-configuration to
     *    retrieve the configuration information.
     *
     * as well as the rules set out in RFC 9207 for avoiding mix-up attacks:
     *
     *    Clients MUST then [...] compare the result to the issuer identifier
     *    of the authorization server where the authorization request was
     *    sent to. This comparison MUST use simple string comparison as defined
     *    in Section 6.2.1 of [RFC3986].
     */
    if (strcmp(oauth_issuer_id, provider->issuer) != 0)
    {
        actx_error(actx,
                   "the issuer identifier (%s) does not match oauth_issuer (%s)",
                   provider->issuer, oauth_issuer_id);
        return false;
    }
 
    return true;
}

References actx_error, Assert, fb(), and provider::issuer.

Referenced by pg_fe_run_oauth_flow_impl().

◆ comb_multiplexer()

static bool comb_multiplexer ( struct async_ctx * actx )

static

Definition at line 1449 of file oauth-curl.c.

{
#if defined(HAVE_SYS_EPOLL_H)
    /* The epoll implementation doesn't hold onto stale events. */
    return true;
#elif defined(HAVE_SYS_EVENT_H)
    struct timespec timeout = {0};
    struct kevent ev;
 
    /*
     * Try to read a single pending event. We can actually ignore the result:
     * either we found an event to process, in which case the multiplexer is
     * correctly readable for that event at minimum, and it doesn't matter if
     * there are any stale events; or we didn't find any, in which case the
     * kernel will have discarded any stale events as it traveled to the end
     * of the queue.
     *
     * Note that this depends on our registrations being level-triggered --
     * even the timer, so we use a chained kqueue for that instead of an
     * EVFILT_TIMER on the top-level mux. If we used edge-triggered events,
     * this call would improperly discard them.
     */
    if (kevent(actx->mux, NULL, 0, &ev, 1, &timeout) < 0)
    {
        actx_error_internal(actx, "could not comb kqueue: %m");
        return false;
    }
 
    return true;
#else
#error comb_multiplexer is not implemented on this platform
#endif
}

References actx_error_internal, and fb().

Referenced by pg_fe_run_oauth_flow_impl().

◆ debug_callback()

static int debug_callback	(	CURL *	handle,
		curl_infotype	type,
		char *	data,
		size_t	size,
		void *	clientp
	)

static

Definition at line 1672 of file oauth-curl.c.

{
    const char *prefix;
    bool        printed_prefix = false;
    PQExpBufferData buf;
 
    /* Prefixes are modeled off of the default libcurl debug output. */
    switch (type)
    {
        case CURLINFO_TEXT:
            prefix = "*";
            break;
 
        case CURLINFO_HEADER_IN:    /* fall through */
        case CURLINFO_DATA_IN:
            prefix = "<";
            break;
 
        case CURLINFO_HEADER_OUT:   /* fall through */
        case CURLINFO_DATA_OUT:
            prefix = ">";
            break;
 
        default:
            return 0;
    }
 
    initPQExpBuffer(&buf);
 
    /*
     * Split the output into lines for readability; sometimes multiple headers
     * are included in a single call. We also don't allow unprintable ASCII
     * through without a basic <XX> escape.
     */
    for (int i = 0; i < size; i++)
    {
        char        c = data[i];
 
        if (!printed_prefix)
        {
            appendPQExpBuffer(&buf, "[libcurl] %s ", prefix);
            printed_prefix = true;
        }
 
        if (c >= 0x20 && c <= 0x7E)
            appendPQExpBufferChar(&buf, c);
        else if ((type == CURLINFO_HEADER_IN
                  || type == CURLINFO_HEADER_OUT
                  || type == CURLINFO_TEXT)
                 && (c == '\r' || c == '\n'))
        {
            /*
             * Don't bother emitting <0D><0A> for headers and text; it's not
             * helpful noise.
             */
        }
        else
            appendPQExpBuffer(&buf, "<%02X>", c);
 
        if (c == '\n')
        {
            appendPQExpBufferChar(&buf, c);
            printed_prefix = false;
        }
    }
 
    if (printed_prefix)
        appendPQExpBufferChar(&buf, '\n');  /* finish the line */
 
    fprintf(stderr, "%s", buf.data);
    termPQExpBuffer(&buf);
    return 0;
}

References appendPQExpBuffer(), appendPQExpBufferChar(), buf, data, fb(), fprintf, i, initPQExpBuffer(), termPQExpBuffer(), and type.

Referenced by setup_curl_handles().

◆ drain_timer_events()

static bool drain_timer_events	(	struct async_ctx *	actx,
		bool *	was_expired
	)

static

Definition at line 1640 of file oauth-curl.c.

{
    int         res;
 
    res = timer_expired(actx);
    if (res < 0)
        return false;
 
    if (res > 0)
    {
        /*
         * Timer is expired. We could drain the event manually from the
         * timerfd, but it's easier to simply disable it; that keeps the
         * platform-specific code in set_timer().
         */
        if (!set_timer(actx, -1))
            return false;
    }
 
    if (was_expired)
        *was_expired = (res > 0);
 
    return true;
}

References fb(), set_timer(), and timer_expired().

Referenced by pg_fe_run_oauth_flow_impl().

◆ drive_request()

static PostgresPollingStatusType drive_request ( struct async_ctx * actx )

static

Definition at line 1971 of file oauth-curl.c.

{
    CURLMcode   err;
    CURLMsg    *msg;
    int         msgs_left;
    bool        done;
 
    if (actx->running)
    {
        /*---
         * There's an async request in progress. Pump the multi handle.
         *
         * curl_multi_socket_all() is officially deprecated, because it's
         * inefficient and pointless if your event loop has already handed you
         * the exact sockets that are ready. But that's not our use case --
         * our client has no way to tell us which sockets are ready. (They
         * don't even know there are sockets to begin with.)
         *
         * We can grab the list of triggered events from the multiplexer
         * ourselves, but that's effectively what curl_multi_socket_all() is
         * going to do. And there are currently no plans for the Curl project
         * to remove or break this API, so ignore the deprecation. See
         *
         *    https://curl.se/mail/lib-2024-11/0028.html
         */
        PG_CURL_IGNORE_DEPRECATION(err =
                                   curl_multi_socket_all(actx->curlm,
                                                         &actx->running));
 
        if (err)
        {
            actx_error(actx, "asynchronous HTTP request failed: %s",
                       curl_multi_strerror(err));
            return PGRES_POLLING_FAILED;
        }
 
        if (actx->running)
        {
            /* We'll come back again. */
            return PGRES_POLLING_READING;
        }
    }
 
    done = false;
    while ((msg = curl_multi_info_read(actx->curlm, &msgs_left)) != NULL)
    {
        if (msg->msg != CURLMSG_DONE)
        {
            /*
             * Future libcurl versions may define new message types; we don't
             * know how to handle them, so we'll ignore them.
             */
            continue;
        }
 
        /* First check the status of the request itself. */
        if (msg->data.result != CURLE_OK)
        {
            /*
             * If a more specific error hasn't already been reported, use
             * libcurl's description.
             */
            if (actx->errbuf.len == 0)
                actx_error_str(actx, curl_easy_strerror(msg->data.result));
 
            return PGRES_POLLING_FAILED;
        }
 
        /* Now remove the finished handle; we'll add it back later if needed. */
        err = curl_multi_remove_handle(actx->curlm, msg->easy_handle);
        if (err)
        {
            actx_error(actx, "libcurl easy handle removal failed: %s",
                       curl_multi_strerror(err));
            return PGRES_POLLING_FAILED;
        }
 
        done = true;
    }
 
    /* Sanity check. */
    if (!done)
    {
        actx_error(actx, "no result was retrieved for the finished handle");
        return PGRES_POLLING_FAILED;
    }
 
    return PGRES_POLLING_OK;
}

References actx_error, actx_error_str, err(), fb(), PG_CURL_IGNORE_DEPRECATION, PGRES_POLLING_FAILED, PGRES_POLLING_OK, and PGRES_POLLING_READING.

Referenced by pg_fe_run_oauth_flow_impl().

◆ finish_device_authz()

static bool finish_device_authz ( struct async_ctx * actx )

static

Definition at line 2449 of file oauth-curl.c.

{
    long        response_code;
 
    CHECK_GETINFO(actx, CURLINFO_RESPONSE_CODE, &response_code, return false);
 
    /*
     * Per RFC 8628, Section 3, a successful device authorization response
     * uses 200 OK.
     */
    if (response_code == 200)
    {
        actx->errctx = libpq_gettext("failed to parse device authorization");
        if (!parse_device_authz(actx, &actx->authz))
            return false;       /* error message already set */
 
        return true;
    }
 
    /*
     * The device authorization endpoint uses the same error response as the
     * token endpoint, so the error handling roughly follows
     * finish_token_request(). The key difference is that an error here is
     * immediately fatal.
     */
    if (response_code == 400 || response_code == 401)
    {
        struct token_error err = {0};
 
        if (!parse_token_error(actx, &err))
        {
            free_token_error(&err);
            return false;
        }
 
        /* Copy the token error into the context error buffer */
        record_token_error(actx, &err);
 
        free_token_error(&err);
        return false;
    }
 
    /* Any other response codes are considered invalid */
    actx_error(actx, "unexpected response code %ld", response_code);
    return false;
}

References actx_error, CHECK_GETINFO, err(), fb(), free_token_error(), libpq_gettext, parse_device_authz(), parse_token_error(), and record_token_error().

Referenced by pg_fe_run_oauth_flow_impl().

◆ finish_discovery()

static bool finish_discovery ( struct async_ctx * actx )

static

Definition at line 2166 of file oauth-curl.c.

{
    long        response_code;
 
    /*----
     * Now check the response. OIDC Discovery 1.0 is pretty strict:
     *
     *     A successful response MUST use the 200 OK HTTP status code and
     *     return a JSON object using the application/json content type that
     *     contains a set of Claims as its members that are a subset of the
     *     Metadata values defined in Section 3.
     *
     * Compared to standard HTTP semantics, this makes life easy -- we don't
     * need to worry about redirections (which would call the Issuer host
     * validation into question), or non-authoritative responses, or any other
     * complications.
     */
    CHECK_GETINFO(actx, CURLINFO_RESPONSE_CODE, &response_code, return false);
 
    if (response_code != 200)
    {
        actx_error(actx, "unexpected response code %ld", response_code);
        return false;
    }
 
    /*
     * Pull the fields we care about from the document.
     */
    actx->errctx = libpq_gettext("failed to parse OpenID discovery document");
    if (!parse_provider(actx, &actx->provider))
        return false;           /* error message already set */
 
    /*
     * Fill in any defaults for OPTIONAL/RECOMMENDED fields we care about.
     */
    if (!actx->provider.grant_types_supported)
    {
        /*
         * Per Section 3, the default is ["authorization_code", "implicit"].
         */
        struct curl_slist *temp = actx->provider.grant_types_supported;
 
        temp = curl_slist_append(temp, "authorization_code");
        if (temp)
        {
            temp = curl_slist_append(temp, "implicit");
        }
 
        if (!temp)
        {
            actx_error(actx, "out of memory");
            return false;
        }
 
        actx->provider.grant_types_supported = temp;
    }
 
    return true;
}

References actx_error, CHECK_GETINFO, fb(), libpq_gettext, and parse_provider().

Referenced by pg_fe_run_oauth_flow_impl().

◆ finish_token_request()

static bool finish_token_request	(	struct async_ctx *	actx,
		struct token *	tok
	)

static

Definition at line 2537 of file oauth-curl.c.

{
    long        response_code;
 
    CHECK_GETINFO(actx, CURLINFO_RESPONSE_CODE, &response_code, return false);
 
    /*
     * Per RFC 6749, Section 5, a successful response uses 200 OK.
     */
    if (response_code == 200)
    {
        actx->errctx = libpq_gettext("failed to parse access token response");
        if (!parse_access_token(actx, tok))
            return false;       /* error message already set */
 
        return true;
    }
 
    /*
     * An error response uses either 400 Bad Request or 401 Unauthorized.
     * There are references online to implementations using 403 for error
     * return which would violate the specification. For now we stick to the
     * specification but we might have to revisit this.
     */
    if (response_code == 400 || response_code == 401)
    {
        if (!parse_token_error(actx, &tok->err))
            return false;
 
        return true;
    }
 
    /* Any other response codes are considered invalid */
    actx_error(actx, "unexpected response code %ld", response_code);
    return false;
}

References actx_error, CHECK_GETINFO, fb(), libpq_gettext, parse_access_token(), and parse_token_error().

Referenced by handle_token_response().

◆ free_async_ctx()

static void free_async_ctx ( struct async_ctx * actx )

static

Definition at line 291 of file oauth-curl.c.

{
    /*
     * In general, none of the error cases below should ever happen if we have
     * no bugs above. But if we do hit them, surfacing those errors somehow
     * might be the only way to have a chance to debug them.
     *
     * Print them as warnings to stderr, following the example of similar
     * situations in fe-secure-openssl.c and fe-connect.c.
     */
 
    if (actx->curlm && actx->curl)
    {
        CURLMcode   err = curl_multi_remove_handle(actx->curlm, actx->curl);
 
        if (err)
            fprintf(stderr,
                    libpq_gettext("WARNING: libcurl easy handle removal failed: %s\n"),
                    curl_multi_strerror(err));
    }
 
    if (actx->curl)
    {
        /*
         * curl_multi_cleanup() doesn't free any associated easy handles; we
         * need to do that separately. We only ever have one easy handle per
         * multi handle.
         */
        curl_easy_cleanup(actx->curl);
    }
 
    if (actx->curlm)
    {
        CURLMcode   err = curl_multi_cleanup(actx->curlm);
 
        if (err)
            fprintf(stderr,
                    libpq_gettext("WARNING: libcurl multi handle cleanup failed: %s\n"),
                    curl_multi_strerror(err));
    }
 
    free_provider(&actx->provider);
    free_device_authz(&actx->authz);
 
    curl_slist_free_all(actx->headers);
    termPQExpBuffer(&actx->work_data);
    termPQExpBuffer(&actx->errbuf);
 
    if (actx->mux != PGINVALID_SOCKET)
        close(actx->mux);
    if (actx->timerfd >= 0)
        close(actx->timerfd);
 
    free(actx->client_id);
    free(actx->client_secret);
    free(actx->ca_file);
 
    free(actx);
}

References close, err(), fb(), fprintf, free, free_device_authz(), free_provider(), libpq_gettext, PGINVALID_SOCKET, and termPQExpBuffer().

Referenced by pg_fe_cleanup_oauth_flow().

◆ free_device_authz()

static void free_device_authz ( struct device_authz * authz )

static

Definition at line 143 of file oauth-curl.c.

{
    free(authz->device_code);
    free(authz->user_code);
    free(authz->verification_uri);
    free(authz->verification_uri_complete);
    free(authz->expires_in_str);
    free(authz->interval_str);
}

References device_authz::device_code, device_authz::expires_in_str, free, device_authz::interval_str, device_authz::user_code, device_authz::verification_uri, and device_authz::verification_uri_complete.

Referenced by free_async_ctx().

◆ free_provider()

static void free_provider ( struct provider * provider )

static

Definition at line 115 of file oauth-curl.c.

{
    free(provider->issuer);
    free(provider->token_endpoint);
    free(provider->device_authorization_endpoint);
    curl_slist_free_all(provider->grant_types_supported);
}

References provider::device_authorization_endpoint, fb(), free, provider::grant_types_supported, provider::issuer, and provider::token_endpoint.

Referenced by free_async_ctx().

◆ free_token()

static void free_token ( struct token * tok )

static

Definition at line 194 of file oauth-curl.c.

{
    free(tok->access_token);
    free(tok->token_type);
    free_token_error(&tok->err);
}

References fb(), free, and free_token_error().

Referenced by handle_token_response().

◆ free_token_error()

static void free_token_error ( struct token_error * err )

static

Definition at line 168 of file oauth-curl.c.

{
    free(err->error);
    free(err->error_description);
}

References err(), and free.

Referenced by finish_device_authz(), and free_token().

◆ handle_token_response()

static bool handle_token_response	(	struct async_ctx *	actx,
		char **	token
	)

static

Definition at line 2584 of file oauth-curl.c.

{
    bool        success = false;
    struct token tok = {0};
    const struct token_error *err;
 
    if (!finish_token_request(actx, &tok))
        goto token_cleanup;
 
    /* A successful token request gives either a token or an in-band error. */
    Assert(tok.access_token || tok.err.error);
 
    if (tok.access_token)
    {
        *token = tok.access_token;
        tok.access_token = NULL;
 
        success = true;
        goto token_cleanup;
    }
 
    /*
     * authorization_pending and slow_down are the only acceptable errors;
     * anything else and we bail. These are defined in RFC 8628, Sec. 3.5.
     */
    err = &tok.err;
    if (strcmp(err->error, "authorization_pending") != 0 &&
        strcmp(err->error, "slow_down") != 0)
    {
        record_token_error(actx, err);
        goto token_cleanup;
    }
 
    /*
     * A slow_down error requires us to permanently increase our retry
     * interval by five seconds.
     */
    if (strcmp(err->error, "slow_down") == 0)
    {
        int         prev_interval = actx->authz.interval;
 
        actx->authz.interval += 5;
        if (actx->authz.interval < prev_interval)
        {
            actx_error(actx, "slow_down interval overflow");
            goto token_cleanup;
        }
    }
 
    success = true;
 
token_cleanup:
    free_token(&tok);
    return success;
}

References token::access_token, actx_error, Assert, err(), fb(), finish_token_request(), free_token(), record_token_error(), and success.

Referenced by pg_fe_run_oauth_flow_impl().

◆ initialize_curl()

static bool initialize_curl ( PGoauthBearerRequestV2 * req )

static

Definition at line 2690 of file oauth-curl.c.

{
    /*
     * Don't let the compiler play tricks with this variable. In the
     * HAVE_THREADSAFE_CURL_GLOBAL_INIT case, we don't care if two threads
     * enter simultaneously, but we do care if this gets set transiently to
     * PG_BOOL_YES/NO in cases where that's not the final answer.
     */
    static volatile PGTernaryBool init_successful = PG_BOOL_UNKNOWN;
#if HAVE_THREADSAFE_CURL_GLOBAL_INIT
    curl_version_info_data *info;
#endif
 
#if !HAVE_THREADSAFE_CURL_GLOBAL_INIT
 
    /*
     * Lock around the whole function. If a libpq client performs its own work
     * with libcurl, it must either ensure that Curl is initialized safely
     * before calling us (in which case our call will be a no-op), or else it
     * must guard its own calls to curl_global_init() with a registered
     * threadlock handler. See PQregisterThreadLock().
     */
    pglock_thread();
#endif
 
    /*
     * Skip initialization if we've already done it. (Curl tracks the number
     * of calls; there's no point in incrementing the counter every time we
     * connect.)
     */
    if (init_successful == PG_BOOL_YES)
        goto done;
    else if (init_successful == PG_BOOL_NO)
    {
        req->error = libpq_gettext("curl_global_init previously failed during OAuth setup");
        goto done;
    }
 
    /*
     * We know we've already initialized Winsock by this point (see
     * pqMakeEmptyPGconn()), so we should be able to safely skip that bit. But
     * we have to tell libcurl to initialize everything else, because other
     * pieces of our client executable may already be using libcurl for their
     * own purposes. If we initialize libcurl with only a subset of its
     * features, we could break those other clients nondeterministically, and
     * that would probably be a nightmare to debug.
     *
     * If some other part of the program has already called this, it's a
     * no-op.
     */
    if (curl_global_init(CURL_GLOBAL_ALL & ~CURL_GLOBAL_WIN32) != CURLE_OK)
    {
        req->error = libpq_gettext("curl_global_init failed during OAuth setup");
        init_successful = PG_BOOL_NO;
        goto done;
    }
 
#if HAVE_THREADSAFE_CURL_GLOBAL_INIT
 
    /*
     * If we determined at configure time that the Curl installation is
     * thread-safe, our job here is much easier. We simply initialize above
     * without any locking (concurrent or duplicated calls are fine in that
     * situation), then double-check to make sure the runtime setting agrees,
     * to try to catch silent downgrades.
     */
    info = curl_version_info(CURLVERSION_NOW);
    if (!(info->features & CURL_VERSION_THREADSAFE))
    {
        /*
         * In a downgrade situation, the damage is already done. Curl global
         * state may be corrupted. Be noisy.
         */
        req->error = libpq_gettext("libcurl is no longer thread-safe\n"
                                   "\tCurl initialization was reported thread-safe when libpq\n"
                                   "\twas compiled, but the currently installed version of\n"
                                   "\tlibcurl reports that it is not. Recompile libpq against\n"
                                   "\tthe installed version of libcurl.");
        init_successful = PG_BOOL_NO;
        goto done;
    }
#endif
 
    init_successful = PG_BOOL_YES;
 
done:
#if !HAVE_THREADSAFE_CURL_GLOBAL_INIT
    pgunlock_thread();
#endif
    return (init_successful == PG_BOOL_YES);
}

References fb(), libpq_gettext, PG_BOOL_NO, PG_BOOL_UNKNOWN, PG_BOOL_YES, pglock_thread, and pgunlock_thread.

Referenced by pg_start_oauthbearer().

◆ oauth_json_array_end()

static JsonParseErrorType oauth_json_array_end ( void * state )

static

Definition at line 684 of file oauth-curl.c.

{
    struct oauth_parse *ctx = state;
 
    if (ctx->active)
    {
        /*
         * Clear the target (which should be an array inside the top-level
         * object). For this to be safe, no target arrays can contain other
         * arrays; we check for that in the array_start callback.
         */
        if (ctx->nested != 2 || ctx->active->type != JSON_TOKEN_ARRAY_START)
        {
            Assert(false);
            oauth_parse_set_error_internal(ctx,
                                           "internal error: found unexpected array end while parsing field \"%s\"",
                                           ctx->active->name);
            return JSON_SEM_ACTION_FAILED;
        }
 
        ctx->active = NULL;
    }
 
    --ctx->nested;
    return JSON_SUCCESS;
}

References oauth_parse::active, Assert, fb(), JSON_SEM_ACTION_FAILED, JSON_SUCCESS, JSON_TOKEN_ARRAY_START, json_field::name, oauth_parse::nested, oauth_parse_set_error_internal, and json_field::type.

Referenced by parse_oauth_json().

◆ oauth_json_array_start()

static JsonParseErrorType oauth_json_array_start ( void * state )

static

Definition at line 652 of file oauth-curl.c.

{
    struct oauth_parse *ctx = state;
 
    if (!ctx->nested)
    {
        oauth_parse_set_error(ctx, "top-level element must be an object");
        return JSON_SEM_ACTION_FAILED;
    }
 
    if (ctx->active)
    {
        if (ctx->active->type != JSON_TOKEN_ARRAY_START
        /* The arrays we care about must not have arrays as values. */
            || ctx->nested > 1)
        {
            report_type_mismatch(ctx);
            return JSON_SEM_ACTION_FAILED;
        }
    }
 
    ++ctx->nested;
    if (ctx->nested > MAX_OAUTH_NESTING_LEVEL)
    {
        oauth_parse_set_error(ctx, "JSON is too deeply nested");
        return JSON_SEM_ACTION_FAILED;
    }
 
    return JSON_SUCCESS;
}

References oauth_parse::active, JSON_SEM_ACTION_FAILED, JSON_SUCCESS, JSON_TOKEN_ARRAY_START, MAX_OAUTH_NESTING_LEVEL, oauth_parse::nested, oauth_parse_set_error, report_type_mismatch(), and json_field::type.

Referenced by parse_oauth_json().

◆ oauth_json_object_end()

static JsonParseErrorType oauth_json_object_end ( void * state )

static

Definition at line 629 of file oauth-curl.c.

{
    struct oauth_parse *ctx = state;
 
    --ctx->nested;
 
    /*
     * All fields should be fully processed by the end of the top-level
     * object.
     */
    if (!ctx->nested && ctx->active)
    {
        Assert(false);
        oauth_parse_set_error_internal(ctx,
                                       "internal error: field \"%s\" still active at end of object",
                                       ctx->active->name);
        return JSON_SEM_ACTION_FAILED;
    }
 
    return JSON_SUCCESS;
}

References oauth_parse::active, Assert, JSON_SEM_ACTION_FAILED, JSON_SUCCESS, json_field::name, oauth_parse::nested, and oauth_parse_set_error_internal.

Referenced by parse_oauth_json().

◆ oauth_json_object_field_start()

static JsonParseErrorType oauth_json_object_field_start	(	void *	state,
		char *	name,
		bool	isnull
	)

static

Definition at line 574 of file oauth-curl.c.

{
    struct oauth_parse *ctx = state;
 
    /* We care only about the top-level fields. */
    if (ctx->nested == 1)
    {
        const struct json_field *field = ctx->fields;
 
        /*
         * We should never start parsing a new field while a previous one is
         * still active.
         */
        if (ctx->active)
        {
            Assert(false);
            oauth_parse_set_error_internal(ctx,
                                           "internal error: started field \"%s\" before field \"%s\" was finished",
                                           name, ctx->active->name);
            return JSON_SEM_ACTION_FAILED;
        }
 
        while (field->name)
        {
            if (strcmp(name, field->name) == 0)
            {
                ctx->active = field;
                break;
            }
 
            ++field;
        }
 
        /*
         * We don't allow duplicate field names; error out if the target has
         * already been set.
         */
        if (ctx->active)
        {
            field = ctx->active;
 
            if ((field->type == JSON_TOKEN_ARRAY_START && *field->array)
                || (field->type != JSON_TOKEN_ARRAY_START && *field->scalar))
            {
                oauth_parse_set_error(ctx, "field \"%s\" is duplicated",
                                      field->name);
                return JSON_SEM_ACTION_FAILED;
            }
        }
    }
 
    return JSON_SUCCESS;
}

References oauth_parse::active, json_field::array, Assert, fb(), oauth_parse::fields, JSON_SEM_ACTION_FAILED, JSON_SUCCESS, JSON_TOKEN_ARRAY_START, name, json_field::name, oauth_parse::nested, oauth_parse_set_error, oauth_parse_set_error_internal, json_field::scalar, and json_field::type.

Referenced by parse_oauth_json().

◆ oauth_json_object_start()

static JsonParseErrorType oauth_json_object_start ( void * state )

static

Definition at line 549 of file oauth-curl.c.

{
    struct oauth_parse *ctx = state;
 
    if (ctx->active)
    {
        /*
         * Currently, none of the fields we're interested in can be or contain
         * objects, so we can reject this case outright.
         */
        report_type_mismatch(ctx);
        return JSON_SEM_ACTION_FAILED;
    }
 
    ++ctx->nested;
    if (ctx->nested > MAX_OAUTH_NESTING_LEVEL)
    {
        oauth_parse_set_error(ctx, "JSON is too deeply nested");
        return JSON_SEM_ACTION_FAILED;
    }
 
    return JSON_SUCCESS;
}

References oauth_parse::active, JSON_SEM_ACTION_FAILED, JSON_SUCCESS, MAX_OAUTH_NESTING_LEVEL, oauth_parse::nested, oauth_parse_set_error, and report_type_mismatch().

Referenced by parse_oauth_json().

◆ oauth_json_scalar()

static JsonParseErrorType oauth_json_scalar	(	void *	state,
		char *	token,
		JsonTokenType	type
	)

static

Definition at line 712 of file oauth-curl.c.

{
    struct oauth_parse *ctx = state;
 
    if (!ctx->nested)
    {
        oauth_parse_set_error(ctx, "top-level element must be an object");
        return JSON_SEM_ACTION_FAILED;
    }
 
    if (ctx->active)
    {
        const struct json_field *field = ctx->active;
        JsonTokenType expected = field->type;
 
        /* Make sure this matches what the active field expects. */
        if (expected == JSON_TOKEN_ARRAY_START)
        {
            /* Are we actually inside an array? */
            if (ctx->nested < 2)
            {
                report_type_mismatch(ctx);
                return JSON_SEM_ACTION_FAILED;
            }
 
            /* Currently, arrays can only contain strings. */
            expected = JSON_TOKEN_STRING;
        }
 
        if (type != expected)
        {
            report_type_mismatch(ctx);
            return JSON_SEM_ACTION_FAILED;
        }
 
        if (field->type != JSON_TOKEN_ARRAY_START)
        {
            /* Ensure that we're parsing the top-level keys... */
            if (ctx->nested != 1)
            {
                Assert(false);
                oauth_parse_set_error_internal(ctx,
                                               "internal error: scalar target found at nesting level %d",
                                               ctx->nested);
                return JSON_SEM_ACTION_FAILED;
            }
 
            /* ...and that a result has not already been set. */
            if (*field->scalar)
            {
                Assert(false);
                oauth_parse_set_error_internal(ctx,
                                               "internal error: scalar field \"%s\" would be assigned twice",
                                               ctx->active->name);
                return JSON_SEM_ACTION_FAILED;
            }
 
            *field->scalar = strdup(token);
            if (!*field->scalar)
                return JSON_OUT_OF_MEMORY;
 
            ctx->active = NULL;
 
            return JSON_SUCCESS;
        }
        else
        {
            struct curl_slist *temp;
 
            /* The target array should be inside the top-level object. */
            if (ctx->nested != 2)
            {
                Assert(false);
                oauth_parse_set_error_internal(ctx,
                                               "internal error: array member found at nesting level %d",
                                               ctx->nested);
                return JSON_SEM_ACTION_FAILED;
            }
 
            /* Note that curl_slist_append() makes a copy of the token. */
            temp = curl_slist_append(*field->array, token);
            if (!temp)
                return JSON_OUT_OF_MEMORY;
 
            *field->array = temp;
        }
    }
    else
    {
        /* otherwise we just ignore it */
    }
 
    return JSON_SUCCESS;
}

References oauth_parse::active, json_field::array, Assert, fb(), JSON_OUT_OF_MEMORY, JSON_SEM_ACTION_FAILED, JSON_SUCCESS, JSON_TOKEN_ARRAY_START, JSON_TOKEN_STRING, json_field::name, oauth_parse::nested, oauth_parse_set_error, oauth_parse_set_error_internal, report_type_mismatch(), json_field::scalar, type, and json_field::type.

Referenced by parse_oauth_json().

◆ parse_access_token()

static bool parse_access_token	(	struct async_ctx *	actx,
		struct token *	tok
	)

static

Definition at line 1183 of file oauth-curl.c.

{
    struct json_field fields[] = {
        {"access_token", JSON_TOKEN_STRING, {&tok->access_token}, PG_OAUTH_REQUIRED},
        {"token_type", JSON_TOKEN_STRING, {&tok->token_type}, PG_OAUTH_REQUIRED},
 
        /*---
         * We currently have no use for the following OPTIONAL fields:
         *
         * - expires_in: This will be important for maintaining a token cache,
         *               but we do not yet implement one.
         *
         * - refresh_token: Ditto.
         *
         * - scope: This is only sent when the authorization server sees fit to
         *          change our scope request. It's not clear what we should do
         *          about this; either it's been done as a matter of policy, or
         *          the user has explicitly denied part of the authorization,
         *          and either way the server-side validator is in a better
         *          place to complain if the change isn't acceptable.
         */
 
        {0},
    };
 
    return parse_oauth_json(actx, fields);
}

References fb(), JSON_TOKEN_STRING, parse_oauth_json(), and PG_OAUTH_REQUIRED.

Referenced by finish_token_request().

◆ parse_device_authz()

static bool parse_device_authz	(	struct async_ctx *	actx,
		struct device_authz *	authz
	)

static

Definition at line 1069 of file oauth-curl.c.

{
    struct json_field fields[] = {
        {"device_code", JSON_TOKEN_STRING, {&authz->device_code}, PG_OAUTH_REQUIRED},
        {"user_code", JSON_TOKEN_STRING, {&authz->user_code}, PG_OAUTH_REQUIRED},
        {"verification_uri", JSON_TOKEN_STRING, {&authz->verification_uri}, PG_OAUTH_REQUIRED},
        {"expires_in", JSON_TOKEN_NUMBER, {&authz->expires_in_str}, PG_OAUTH_REQUIRED},
 
        /*
         * Some services (Google, Azure) spell verification_uri differently.
         * We accept either.
         */
        {"verification_url", JSON_TOKEN_STRING, {&authz->verification_uri}, PG_OAUTH_REQUIRED},
 
        /*
         * There is no evidence of verification_uri_complete being spelled
         * with "url" instead with any service provider, so only support
         * "uri".
         */
        {"verification_uri_complete", JSON_TOKEN_STRING, {&authz->verification_uri_complete}, PG_OAUTH_OPTIONAL},
        {"interval", JSON_TOKEN_NUMBER, {&authz->interval_str}, PG_OAUTH_OPTIONAL},
 
        {0},
    };
 
    if (!parse_oauth_json(actx, fields))
        return false;
 
    /*
     * Parse our numeric fields. Lexing has already completed by this time, so
     * we at least know they're valid JSON numbers.
     */
    if (authz->interval_str)
        authz->interval = parse_interval(actx, authz->interval_str);
    else
    {
        /*
         * RFC 8628 specifies 5 seconds as the default value if the server
         * doesn't provide an interval.
         */
        authz->interval = 5;
    }
 
    Assert(authz->expires_in_str);  /* ensured by parse_oauth_json() */
    authz->expires_in = parse_expires_in(actx, authz->expires_in_str);
 
    return true;
}

References Assert, device_authz::device_code, device_authz::expires_in, device_authz::expires_in_str, fb(), device_authz::interval, device_authz::interval_str, JSON_TOKEN_NUMBER, JSON_TOKEN_STRING, parse_expires_in(), parse_interval(), parse_oauth_json(), PG_OAUTH_OPTIONAL, PG_OAUTH_REQUIRED, device_authz::user_code, device_authz::verification_uri, and device_authz::verification_uri_complete.

Referenced by finish_device_authz().

◆ parse_expires_in()

static int parse_expires_in	(	struct async_ctx *	actx,
		const char *	expires_in_str
	)

static

Definition at line 1050 of file oauth-curl.c.

{
    double      parsed;
 
    parsed = parse_json_number(expires_in_str);
    parsed = floor(parsed);
 
    if (parsed >= INT_MAX)
        return INT_MAX;
    else if (parsed <= INT_MIN)
        return INT_MIN;
 
    return parsed;
}

References fb(), and parse_json_number().

Referenced by parse_device_authz().

◆ parse_interval()

static int parse_interval	(	struct async_ctx *	actx,
		const char *	interval_str
	)

static

Definition at line 1024 of file oauth-curl.c.

{
    double      parsed;
 
    parsed = parse_json_number(interval_str);
    parsed = ceil(parsed);
 
    if (parsed < 1)
        return (actx->debug_flags & OAUTHDEBUG_UNSAFE_DOS_ENDPOINT) ? 0 : 1;
 
    else if (parsed >= INT_MAX)
        return INT_MAX;
 
    return parsed;
}

References fb(), OAUTHDEBUG_UNSAFE_DOS_ENDPOINT, and parse_json_number().

Referenced by parse_device_authz().

◆ parse_json_number()

static double parse_json_number ( const char * s )

static

Definition at line 989 of file oauth-curl.c.

{
    double      parsed;
    int         cnt;
 
    /*
     * The JSON lexer has already validated the number, which is stricter than
     * the %f format, so we should be good to use sscanf().
     */
    cnt = sscanf(s, "%lf", &parsed);
 
    if (cnt != 1)
    {
        /*
         * Either the lexer screwed up or our assumption above isn't true, and
         * either way a developer needs to take a look.
         */
        Assert(false);
        return 0;
    }
 
    return parsed;
}

References Assert, and fb().

Referenced by parse_expires_in(), and parse_interval().

◆ parse_oauth_json()

static bool parse_oauth_json	(	struct async_ctx *	actx,
		const struct json_field *	fields
	)

static

Definition at line 871 of file oauth-curl.c.

{
    PQExpBuffer resp = &actx->work_data;
    JsonLexContext lex = {0};
    JsonSemAction sem = {0};
    JsonParseErrorType err;
    struct oauth_parse ctx = {0};
    bool        success = false;
 
    if (!check_content_type(actx, "application/json"))
        return false;
 
    if (strlen(resp->data) != resp->len)
    {
        actx_error(actx, "response contains embedded NULLs");
        return false;
    }
 
    /*
     * pg_parse_json doesn't validate the incoming UTF-8, so we have to check
     * that up front.
     */
    if (pg_encoding_verifymbstr(PG_UTF8, resp->data, resp->len) != resp->len)
    {
        actx_error(actx, "response is not valid UTF-8");
        return false;
    }
 
    makeJsonLexContextCstringLen(&lex, resp->data, resp->len, PG_UTF8, true);
    setJsonLexContextOwnsTokens(&lex, true);    /* must not leak on error */
 
    ctx.errbuf = &actx->errbuf;
    ctx.fields = fields;
    sem.semstate = &ctx;
 
    sem.object_start = oauth_json_object_start;
    sem.object_field_start = oauth_json_object_field_start;
    sem.object_end = oauth_json_object_end;
    sem.array_start = oauth_json_array_start;
    sem.array_end = oauth_json_array_end;
    sem.scalar = oauth_json_scalar;
 
    err = pg_parse_json(&lex, &sem);
 
    if (err != JSON_SUCCESS)
    {
        /*
         * For JSON_SEM_ACTION_FAILED, we've already written the error
         * message. Other errors come directly from pg_parse_json(), already
         * translated.
         */
        if (err != JSON_SEM_ACTION_FAILED)
            actx_error_str(actx, json_errdetail(err, &lex));
 
        goto cleanup;
    }
 
    /* Check all required fields. */
    while (fields->name)
    {
        if (fields->required
            && !*fields->scalar
            && !*fields->array)
        {
            actx_error(actx, "field \"%s\" is missing", fields->name);
            goto cleanup;
        }
 
        fields++;
    }
 
    success = true;
 
cleanup:
    freeJsonLexContext(&lex);
    return success;
}

References actx_error, actx_error_str, json_field::array, JsonSemAction::array_end, JsonSemAction::array_start, check_content_type(), cleanup(), err(), oauth_parse::errbuf, fb(), oauth_parse::fields, freeJsonLexContext(), json_errdetail(), JSON_SEM_ACTION_FAILED, JSON_SUCCESS, makeJsonLexContextCstringLen(), json_field::name, oauth_json_array_end(), oauth_json_array_start(), oauth_json_object_end(), oauth_json_object_field_start(), oauth_json_object_start(), oauth_json_scalar(), JsonSemAction::object_end, JsonSemAction::object_field_start, JsonSemAction::object_start, pg_encoding_verifymbstr(), pg_parse_json(), PG_UTF8, json_field::required, JsonSemAction::scalar, json_field::scalar, sem, JsonSemAction::semstate, setJsonLexContextOwnsTokens(), and success.

Referenced by parse_access_token(), parse_device_authz(), parse_provider(), and parse_token_error().

◆ parse_provider()

static bool parse_provider	(	struct async_ctx *	actx,
		struct provider *	provider
	)

static

Definition at line 958 of file oauth-curl.c.

{
    struct json_field fields[] = {
        {"issuer", JSON_TOKEN_STRING, {&provider->issuer}, PG_OAUTH_REQUIRED},
        {"token_endpoint", JSON_TOKEN_STRING, {&provider->token_endpoint}, PG_OAUTH_REQUIRED},
 
        /*----
         * The following fields are technically REQUIRED, but we don't use
         * them anywhere yet:
         *
         * - jwks_uri
         * - response_types_supported
         * - subject_types_supported
         * - id_token_signing_alg_values_supported
         */
 
        {"device_authorization_endpoint", JSON_TOKEN_STRING, {&provider->device_authorization_endpoint}, PG_OAUTH_OPTIONAL},
        {"grant_types_supported", JSON_TOKEN_ARRAY_START, {.array = &provider->grant_types_supported}, PG_OAUTH_OPTIONAL},
 
        {0},
    };
 
    return parse_oauth_json(actx, fields);
}

References provider::device_authorization_endpoint, fb(), provider::grant_types_supported, provider::issuer, JSON_TOKEN_ARRAY_START, JSON_TOKEN_STRING, parse_oauth_json(), PG_OAUTH_OPTIONAL, PG_OAUTH_REQUIRED, and provider::token_endpoint.

Referenced by finish_discovery().

◆ parse_token_error()

static bool parse_token_error	(	struct async_ctx *	actx,
		struct token_error *	err
	)

static

Definition at line 1123 of file oauth-curl.c.

{
    bool        result;
    struct json_field fields[] = {
        {"error", JSON_TOKEN_STRING, {&err->error}, PG_OAUTH_REQUIRED},
 
        {"error_description", JSON_TOKEN_STRING, {&err->error_description}, PG_OAUTH_OPTIONAL},
 
        {0},
    };
 
    result = parse_oauth_json(actx, fields);
 
    /*
     * Since token errors are parsed during other active error paths, only
     * override the errctx if parsing explicitly fails.
     */
    if (!result)
        actx->errctx = libpq_gettext("failed to parse token error response");
 
    return result;
}

References err(), fb(), JSON_TOKEN_STRING, libpq_gettext, parse_oauth_json(), PG_OAUTH_OPTIONAL, PG_OAUTH_REQUIRED, and result.

Referenced by finish_device_authz(), and finish_token_request().

◆ pg_fe_cleanup_oauth_flow()

static void pg_fe_cleanup_oauth_flow	(	PGconn *	conn,
		PGoauthBearerRequest *	request
	)

static

Definition at line 355 of file oauth-curl.c.

{
    struct async_ctx *actx = request->user;
 
    /* request->cleanup is only set after actx has been allocated. */
    Assert(actx);
 
    free_async_ctx(actx);
    request->user = NULL;
 
    /* libpq has made its own copy of the token; clear ours now. */
    if (request->token)
    {
        explicit_bzero(request->token, strlen(request->token));
        free(request->token);
        request->token = NULL;
    }
}

References Assert, explicit_bzero(), fb(), free, and free_async_ctx().

Referenced by pg_start_oauthbearer().

◆ pg_fe_run_oauth_flow()

static PostgresPollingStatusType pg_fe_run_oauth_flow	(	PGconn *	conn,
		struct PGoauthBearerRequest *	request,
		int *	altsock
	)

static

Definition at line 2996 of file oauth-curl.c.

{
    PostgresPollingStatusType result;
    struct async_ctx *actx = request->user;
#ifndef WIN32
    sigset_t    osigset;
    bool        sigpipe_pending;
    bool        masked;
 
    /*---
     * Ignore SIGPIPE on this thread during all Curl processing.
     *
     * Because we support multiple threads, we have to set up libcurl with
     * CURLOPT_NOSIGNAL, which disables its default global handling of
     * SIGPIPE. From the Curl docs:
     *
     *     libcurl makes an effort to never cause such SIGPIPE signals to
     *     trigger, but some operating systems have no way to avoid them and
     *     even on those that have there are some corner cases when they may
     *     still happen, contrary to our desire.
     *
     * Note that libcurl is also at the mercy of its DNS resolution and SSL
     * libraries; if any of them forget a MSG_NOSIGNAL then we're in trouble.
     * Modern platforms and libraries seem to get it right, so this is a
     * difficult corner case to exercise in practice, and unfortunately it's
     * not really clear whether it's necessary in all cases.
     */
    masked = (pq_block_sigpipe(&osigset, &sigpipe_pending) == 0);
#endif
 
    result = pg_fe_run_oauth_flow_impl(conn,
                                       (PGoauthBearerRequestV2 *) request,
                                       altsock);
 
    /*
     * To assist with finding bugs in comb_multiplexer() and
     * drain_timer_events(), when we're in debug mode, track the total number
     * of calls to this function and print that at the end of the flow.
     */
    if (actx->debug_flags & OAUTHDEBUG_CALL_COUNT)
    {
        actx->dbg_num_calls++;
        if (result == PGRES_POLLING_OK || result == PGRES_POLLING_FAILED)
            fprintf(stderr, "[libpq] total number of polls: %d\n",
                    actx->dbg_num_calls);
    }
 
#ifndef WIN32
    if (masked)
    {
        /*
         * Undo the SIGPIPE mask. Assume we may have gotten EPIPE (we have no
         * way of knowing at this level).
         */
        pq_reset_sigpipe(&osigset, sigpipe_pending, true /* EPIPE, maybe */ );
    }
#endif
 
    return result;
}

References conn, fb(), fprintf, OAUTHDEBUG_CALL_COUNT, pg_fe_run_oauth_flow_impl(), PGRES_POLLING_FAILED, PGRES_POLLING_OK, pq_block_sigpipe(), pq_reset_sigpipe(), and result.

Referenced by pg_start_oauthbearer().

◆ pg_fe_run_oauth_flow_impl()

static PostgresPollingStatusType pg_fe_run_oauth_flow_impl	(	PGconn *	conn,
		PGoauthBearerRequestV2 *	request,
		int *	altsock
	)

static

Definition at line 2797 of file oauth-curl.c.

{
    struct async_ctx *actx = request->v1.user;
    char       *oauth_token = NULL;
 
    do
    {
        /* By default, the multiplexer is the altsock. Reassign as desired. */
        *altsock = actx->mux;
 
        switch (actx->step)
        {
            case OAUTH_STEP_INIT:
                break;
 
            case OAUTH_STEP_DISCOVERY:
            case OAUTH_STEP_DEVICE_AUTHORIZATION:
            case OAUTH_STEP_TOKEN_REQUEST:
                {
                    PostgresPollingStatusType status;
 
                    /*
                     * Clear any expired timeout before calling back into
                     * Curl. Curl is not guaranteed to do this for us, because
                     * its API expects us to use single-shot (i.e.
                     * edge-triggered) timeouts, and ours are level-triggered
                     * via the mux.
                     *
                     * This can't be combined with the comb_multiplexer() call
                     * below: we might accidentally clear a short timeout that
                     * was both set and expired during the call to
                     * drive_request().
                     */
                    if (!drain_timer_events(actx, NULL))
                        goto error_return;
 
                    /* Move the request forward. */
                    status = drive_request(actx);
 
                    if (status == PGRES_POLLING_FAILED)
                        goto error_return;
                    else if (status == PGRES_POLLING_OK)
                        break;  /* done! */
 
                    /*
                     * This request is still running.
                     *
                     * Make sure that stale events don't cause us to come back
                     * early. (Currently, this can occur only with kqueue.) If
                     * this is forgotten, the multiplexer can get stuck in a
                     * signaled state and we'll burn CPU cycles pointlessly.
                     */
                    if (!comb_multiplexer(actx))
                        goto error_return;
 
                    return status;
                }
 
            case OAUTH_STEP_WAIT_INTERVAL:
                {
                    bool        expired;
 
                    /*
                     * The client application is supposed to wait until our
                     * timer expires before calling PQconnectPoll() again, but
                     * that might not happen. To avoid sending a token request
                     * early, check the timer before continuing.
                     */
                    if (!drain_timer_events(actx, &expired))
                        goto error_return;
 
                    if (!expired)
                    {
                        *altsock = actx->timerfd;
                        return PGRES_POLLING_READING;
                    }
 
                    break;
                }
        }
 
        /*
         * Each case here must ensure that actx->running is set while we're
         * waiting on some asynchronous work. Most cases rely on
         * start_request() to do that for them.
         */
        switch (actx->step)
        {
            case OAUTH_STEP_INIT:
                actx->errctx = libpq_gettext("failed to fetch OpenID discovery document");
                if (!start_discovery(actx, actx->discovery_uri))
                    goto error_return;
 
                actx->step = OAUTH_STEP_DISCOVERY;
                break;
 
            case OAUTH_STEP_DISCOVERY:
                if (!finish_discovery(actx))
                    goto error_return;
 
                if (!check_issuer(actx, conn))
                    goto error_return;
 
                actx->errctx = libpq_gettext("cannot run OAuth device authorization");
                if (!check_for_device_flow(actx))
                    goto error_return;
 
                actx->errctx = libpq_gettext("failed to obtain device authorization");
                if (!start_device_authz(actx, conn))
                    goto error_return;
 
                actx->step = OAUTH_STEP_DEVICE_AUTHORIZATION;
                break;
 
            case OAUTH_STEP_DEVICE_AUTHORIZATION:
                if (!finish_device_authz(actx))
                    goto error_return;
 
                actx->errctx = libpq_gettext("failed to obtain access token");
                if (!start_token_request(actx, conn))
                    goto error_return;
 
                actx->step = OAUTH_STEP_TOKEN_REQUEST;
                break;
 
            case OAUTH_STEP_TOKEN_REQUEST:
                if (!handle_token_response(actx, &oauth_token))
                    goto error_return;
 
                /*
                 * Hook any oauth_token into the request struct immediately so
                 * that the allocation isn't lost in case of an error.
                 */
                request->v1.token = oauth_token;
 
                if (!actx->user_prompted)
                {
                    /*
                     * Now that we know the token endpoint isn't broken, give
                     * the user the login instructions.
                     */
                    if (!prompt_user(actx, conn))
                        goto error_return;
 
                    actx->user_prompted = true;
                }
 
                if (oauth_token)
                    break;      /* done! */
 
                /*
                 * Wait for the required interval before issuing the next
                 * request.
                 */
                if (!set_timer(actx, actx->authz.interval * 1000))
                    goto error_return;
 
                /*
                 * No Curl requests are running, so we can simplify by having
                 * the client wait directly on the timerfd rather than the
                 * multiplexer.
                 */
                *altsock = actx->timerfd;
 
                actx->step = OAUTH_STEP_WAIT_INTERVAL;
                actx->running = 1;
                break;
 
            case OAUTH_STEP_WAIT_INTERVAL:
                actx->errctx = libpq_gettext("failed to obtain access token");
                if (!start_token_request(actx, conn))
                    goto error_return;
 
                actx->step = OAUTH_STEP_TOKEN_REQUEST;
                break;
        }
 
        /*
         * The vast majority of the time, if we don't have a token at this
         * point, actx->running will be set. But there are some corner cases
         * where we can immediately loop back around; see start_request().
         */
    } while (!oauth_token && !actx->running);
 
    /* If we've stored a token, we're done. Otherwise come back later. */
    return oauth_token ? PGRES_POLLING_OK : PGRES_POLLING_READING;
 
error_return:
    append_actx_error(request, actx);
 
    return PGRES_POLLING_FAILED;
}

References append_actx_error(), check_for_device_flow(), check_issuer(), comb_multiplexer(), conn, drain_timer_events(), drive_request(), fb(), finish_device_authz(), finish_discovery(), handle_token_response(), libpq_gettext, async_ctx::mux, OAUTH_STEP_DEVICE_AUTHORIZATION, OAUTH_STEP_DISCOVERY, OAUTH_STEP_INIT, OAUTH_STEP_TOKEN_REQUEST, OAUTH_STEP_WAIT_INTERVAL, PGRES_POLLING_FAILED, PGRES_POLLING_OK, PGRES_POLLING_READING, prompt_user(), set_timer(), start_device_authz(), start_discovery(), and start_token_request().

Referenced by pg_fe_run_oauth_flow().

◆ pg_start_oauthbearer()

int pg_start_oauthbearer	(	PGconn *	conn,
		PGoauthBearerRequestV2 *	request
	)

Definition at line 3063 of file oauth-curl.c.

{
    struct async_ctx *actx;
    PQconninfoOption *conninfo = NULL;
 
    if (!initialize_curl(request))
        return -1;
 
    /*
     * Create our asynchronous state, and hook it into the upper-level OAuth
     * state immediately, so any failures below won't leak the context
     * allocation.
     */
    actx = calloc(1, sizeof(*actx));
    if (!actx)
        goto oom;
 
    actx->mux = PGINVALID_SOCKET;
    actx->timerfd = -1;
 
    /*
     * Now we have a valid (but still useless) actx, so we can fill in the
     * request object. From this point onward, failures will result in a call
     * to pg_fe_cleanup_oauth_flow(). Further cleanup logic belongs there.
     */
    request->v1.async = pg_fe_run_oauth_flow;
    request->v1.cleanup = pg_fe_cleanup_oauth_flow;
    request->v1.user = actx;
 
    /*
     * Now finish filling in the actx.
     */
 
    /* Parse debug flags from the environment. */
    actx->debug_flags = oauth_parse_debug_flags();
 
    initPQExpBuffer(&actx->work_data);
    initPQExpBuffer(&actx->errbuf);
 
    /* Pull relevant connection options. */
    conninfo = PQconninfo(conn);
    if (!conninfo)
        goto oom;
 
    for (PQconninfoOption *opt = conninfo; opt->keyword; opt++)
    {
        if (!opt->val)
            continue;           /* simplifies the strdup logic below */
 
        if (strcmp(opt->keyword, "oauth_client_id") == 0)
        {
            actx->client_id = strdup(opt->val);
            if (!actx->client_id)
                goto oom;
        }
        else if (strcmp(opt->keyword, "oauth_client_secret") == 0)
        {
            actx->client_secret = strdup(opt->val);
            if (!actx->client_secret)
                goto oom;
        }
        else if (strcmp(opt->keyword, "oauth_ca_file") == 0)
        {
            actx->ca_file = strdup(opt->val);
            if (!actx->ca_file)
                goto oom;
        }
    }
 
    PQconninfoFree(conninfo);
    conninfo = NULL;            /* keeps `goto oom` safe */
 
    actx->discovery_uri = request->v1.openid_configuration;
    actx->issuer_id = request->issuer;
    actx->scope = request->v1.scope;
 
    Assert(actx->client_id);    /* ensured by setup_oauth_parameters() */
    Assert(actx->issuer_id);    /* ensured by setup_oauth_parameters() */
    Assert(actx->discovery_uri);    /* ensured by oauth_exchange() */
 
    if (!setup_multiplexer(actx))
    {
        append_actx_error(request, actx);
        return -1;
    }
 
    if (!setup_curl_handles(actx))
    {
        append_actx_error(request, actx);
        return -1;
    }
 
    return 0;
 
oom:
    if (conninfo)
        PQconninfoFree(conninfo);
 
    request->error = libpq_gettext("out of memory");
    return -1;
}

References append_actx_error(), Assert, calloc, conn, fb(), initialize_curl(), initPQExpBuffer(), _PQconninfoOption::keyword, libpq_gettext, oauth_parse_debug_flags(), pg_fe_cleanup_oauth_flow(), pg_fe_run_oauth_flow(), PGINVALID_SOCKET, PQconninfo(), PQconninfoFree(), setup_curl_handles(), and setup_multiplexer().

◆ prompt_user()

static bool prompt_user	(	struct async_ctx *	actx,
		PGconn *	conn
	)

static

Definition at line 2645 of file oauth-curl.c.

{
    int         res;
    PGpromptOAuthDevice prompt = {
        .verification_uri = actx->authz.verification_uri,
        .user_code = actx->authz.user_code,
        .verification_uri_complete = actx->authz.verification_uri_complete,
        .expires_in = actx->authz.expires_in,
    };
    PQauthDataHook_type hook = PQgetAuthDataHook();
 
    res = hook(PQAUTHDATA_PROMPT_OAUTH_DEVICE, conn, &prompt);
 
    if (!res)
    {
        /*
         * translator: The first %s is a URL for the user to visit in a
         * browser, and the second %s is a code to be copy-pasted there.
         */
        fprintf(stderr, libpq_gettext("Visit %s and enter the code: %s\n"),
                prompt.verification_uri, prompt.user_code);
    }
    else if (res < 0)
    {
        actx_error(actx, "device prompt failed");
        return false;
    }
 
    return true;
}

References actx_error, conn, fb(), fprintf, libpq_gettext, PQAUTHDATA_PROMPT_OAUTH_DEVICE, PQgetAuthDataHook(), and _PGpromptOAuthDevice::verification_uri.

Referenced by pg_fe_run_oauth_flow_impl().

◆ record_token_error()

static void record_token_error	(	struct async_ctx *	actx,
		const struct token_error *	err
	)

static

Definition at line 1151 of file oauth-curl.c.

{
    if (err->error_description)
        appendPQExpBuffer(&actx->errbuf, "%s ", err->error_description);
    else
    {
        /*
         * Try to get some more helpful detail into the error string. A 401
         * status in particular implies that the oauth_client_secret is
         * missing or wrong.
         */
        long        response_code;
 
        CHECK_GETINFO(actx, CURLINFO_RESPONSE_CODE, &response_code, response_code = 0);
 
        if (response_code == 401)
        {
            actx_error(actx, actx->used_basic_auth
                       ? gettext_noop("provider rejected the oauth_client_secret")
                       : gettext_noop("provider requires client authentication, and no oauth_client_secret is set"));
            actx_error_str(actx, " ");
        }
    }
 
    appendPQExpBuffer(&actx->errbuf, "(%s)", err->error);
}

References actx_error, actx_error_str, appendPQExpBuffer(), CHECK_GETINFO, err(), fb(), and gettext_noop.

Referenced by finish_device_authz(), and handle_token_response().

◆ register_socket()

static int register_socket	(	CURL *	curl,
		curl_socket_t	socket,
		int	what,
		void *	ctx,
		void *	socketp
	)

static

Definition at line 1283 of file oauth-curl.c.

{
    struct async_ctx *actx = ctx;
 
#if defined(HAVE_SYS_EPOLL_H)
    struct epoll_event ev = {0};
    int         res;
    int         op = EPOLL_CTL_ADD;
 
    switch (what)
    {
        case CURL_POLL_IN:
            ev.events = EPOLLIN;
            break;
 
        case CURL_POLL_OUT:
            ev.events = EPOLLOUT;
            break;
 
        case CURL_POLL_INOUT:
            ev.events = EPOLLIN | EPOLLOUT;
            break;
 
        case CURL_POLL_REMOVE:
            op = EPOLL_CTL_DEL;
            break;
 
        default:
            actx_error_internal(actx, "unknown libcurl socket operation: %d", what);
            return -1;
    }
 
    res = epoll_ctl(actx->mux, op, socket, &ev);
    if (res < 0 && errno == EEXIST)
    {
        /* We already had this socket in the poll set. */
        op = EPOLL_CTL_MOD;
        res = epoll_ctl(actx->mux, op, socket, &ev);
    }
 
    if (res < 0)
    {
        switch (op)
        {
            case EPOLL_CTL_ADD:
                actx_error_internal(actx, "could not add to epoll set: %m");
                break;
 
            case EPOLL_CTL_DEL:
                actx_error_internal(actx, "could not delete from epoll set: %m");
                break;
 
            default:
                actx_error_internal(actx, "could not update epoll set: %m");
        }
 
        return -1;
    }
 
    return 0;
#elif defined(HAVE_SYS_EVENT_H)
    struct kevent ev[2];
    struct kevent ev_out[2];
    struct timespec timeout = {0};
    int         nev = 0;
    int         res;
 
    /*
     * We don't know which of the events is currently registered, perhaps
     * both, so we always try to remove unneeded events. This means we need to
     * tolerate ENOENT below.
     */
    switch (what)
    {
        case CURL_POLL_IN:
            EV_SET(&ev[nev], socket, EVFILT_READ, EV_ADD | EV_RECEIPT, 0, 0, 0);
            nev++;
            EV_SET(&ev[nev], socket, EVFILT_WRITE, EV_DELETE | EV_RECEIPT, 0, 0, 0);
            nev++;
            break;
 
        case CURL_POLL_OUT:
            EV_SET(&ev[nev], socket, EVFILT_WRITE, EV_ADD | EV_RECEIPT, 0, 0, 0);
            nev++;
            EV_SET(&ev[nev], socket, EVFILT_READ, EV_DELETE | EV_RECEIPT, 0, 0, 0);
            nev++;
            break;
 
        case CURL_POLL_INOUT:
            EV_SET(&ev[nev], socket, EVFILT_READ, EV_ADD | EV_RECEIPT, 0, 0, 0);
            nev++;
            EV_SET(&ev[nev], socket, EVFILT_WRITE, EV_ADD | EV_RECEIPT, 0, 0, 0);
            nev++;
            break;
 
        case CURL_POLL_REMOVE:
            EV_SET(&ev[nev], socket, EVFILT_READ, EV_DELETE | EV_RECEIPT, 0, 0, 0);
            nev++;
            EV_SET(&ev[nev], socket, EVFILT_WRITE, EV_DELETE | EV_RECEIPT, 0, 0, 0);
            nev++;
            break;
 
        default:
            actx_error_internal(actx, "unknown libcurl socket operation: %d", what);
            return -1;
    }
 
    Assert(nev <= lengthof(ev));
    Assert(nev <= lengthof(ev_out));
 
    res = kevent(actx->mux, ev, nev, ev_out, nev, &timeout);
    if (res < 0)
    {
        actx_error_internal(actx, "could not modify kqueue: %m");
        return -1;
    }
 
    /*
     * We can't use the simple errno version of kevent, because we need to
     * skip over ENOENT while still allowing a second change to be processed.
     * So we need a longer-form error checking loop.
     */
    for (int i = 0; i < res; ++i)
    {
        /*
         * EV_RECEIPT should guarantee one EV_ERROR result for every change,
         * whether successful or not. Failed entries contain a non-zero errno
         * in the data field.
         */
        Assert(ev_out[i].flags & EV_ERROR);
 
        errno = ev_out[i].data;
        if (errno && errno != ENOENT)
        {
            switch (what)
            {
                case CURL_POLL_REMOVE:
                    actx_error_internal(actx, "could not delete from kqueue: %m");
                    break;
                default:
                    actx_error_internal(actx, "could not add to kqueue: %m");
            }
            return -1;
        }
    }
 
    return 0;
#else
#error register_socket is not implemented on this platform
#endif
}

References actx_error_internal, Assert, fb(), i, lengthof, and socket.

Referenced by setup_curl_handles().

◆ register_timer()

static int register_timer	(	CURLM *	curlm,
		long	timeout,
		void *	ctx
	)

static

Definition at line 1618 of file oauth-curl.c.

{
    struct async_ctx *actx = ctx;
 
    /*
     * There might be an optimization opportunity here: if timeout == 0, we
     * could signal drive_request to immediately call
     * curl_multi_socket_action, rather than returning all the way up the
     * stack only to come right back. But it's not clear that the additional
     * code complexity is worth it.
     */
    if (!set_timer(actx, timeout))
        return -1;              /* actx_error already called */
 
    return 0;
}

References fb(), and set_timer().

Referenced by setup_curl_handles().

◆ report_type_mismatch()

static void report_type_mismatch ( struct oauth_parse * ctx )

static

Definition at line 516 of file oauth-curl.c.

{
    char       *msgfmt;
 
    Assert(ctx->active);
 
    /*
     * At the moment, the only fields we're interested in are strings,
     * numbers, and arrays of strings.
     */
    switch (ctx->active->type)
    {
        case JSON_TOKEN_STRING:
            msgfmt = gettext_noop("field \"%s\" must be a string");
            break;
 
        case JSON_TOKEN_NUMBER:
            msgfmt = gettext_noop("field \"%s\" must be a number");
            break;
 
        case JSON_TOKEN_ARRAY_START:
            msgfmt = gettext_noop("field \"%s\" must be an array of strings");
            break;
 
        default:
            Assert(false);
            msgfmt = gettext_noop("field \"%s\" has unexpected type");
    }
 
    oauth_parse_set_error(ctx, msgfmt, ctx->active->name);
}

References oauth_parse::active, Assert, fb(), gettext_noop, JSON_TOKEN_ARRAY_START, JSON_TOKEN_NUMBER, JSON_TOKEN_STRING, json_field::name, oauth_parse_set_error, and json_field::type.

Referenced by oauth_json_array_start(), oauth_json_object_start(), and oauth_json_scalar().

◆ set_timer()

static bool set_timer	(	struct async_ctx *	actx,
		long	timeout
	)

static

Definition at line 1497 of file oauth-curl.c.

{
#if defined(HAVE_SYS_EPOLL_H)
    struct itimerspec spec = {0};
 
    if (timeout < 0)
    {
        /* the zero itimerspec will disarm the timer below */
    }
    else if (timeout == 0)
    {
        /*
         * A zero timeout means libcurl wants us to call back immediately.
         * That's not technically an option for timerfd, but we can make the
         * timeout ridiculously short.
         */
        spec.it_value.tv_nsec = 1;
    }
    else
    {
        spec.it_value.tv_sec = timeout / 1000;
        spec.it_value.tv_nsec = (timeout % 1000) * 1000000;
    }
 
    if (timerfd_settime(actx->timerfd, 0 /* no flags */ , &spec, NULL) < 0)
    {
        actx_error_internal(actx, "setting timerfd to %ld: %m", timeout);
        return false;
    }
 
    return true;
#elif defined(HAVE_SYS_EVENT_H)
    struct kevent ev;
 
#ifdef __NetBSD__
 
    /*
     * Work around NetBSD's rejection of zero timeouts (EINVAL), a bit like
     * timerfd above.
     */
    if (timeout == 0)
        timeout = 1;
#endif
 
    /*
     * Always disable the timer, and remove it from the multiplexer, to clear
     * out any already-queued events. (On some BSDs, adding an EVFILT_TIMER to
     * a kqueue that already has one will clear stale events, but not on
     * macOS.)
     *
     * If there was no previous timer set, the kevent calls will result in
     * ENOENT, which is fine.
     */
    EV_SET(&ev, 1, EVFILT_TIMER, EV_DELETE, 0, 0, 0);
    if (kevent(actx->timerfd, &ev, 1, NULL, 0, NULL) < 0 && errno != ENOENT)
    {
        actx_error_internal(actx, "deleting kqueue timer: %m");
        return false;
    }
 
    EV_SET(&ev, actx->timerfd, EVFILT_READ, EV_DELETE, 0, 0, 0);
    if (kevent(actx->mux, &ev, 1, NULL, 0, NULL) < 0 && errno != ENOENT)
    {
        actx_error_internal(actx, "removing kqueue timer from multiplexer: %m");
        return false;
    }
 
    /* If we're not adding a timer, we're done. */
    if (timeout < 0)
        return true;
 
    EV_SET(&ev, 1, EVFILT_TIMER, (EV_ADD | EV_ONESHOT), 0, timeout, 0);
    if (kevent(actx->timerfd, &ev, 1, NULL, 0, NULL) < 0)
    {
        actx_error_internal(actx, "setting kqueue timer to %ld: %m", timeout);
        return false;
    }
 
    EV_SET(&ev, actx->timerfd, EVFILT_READ, EV_ADD, 0, 0, 0);
    if (kevent(actx->mux, &ev, 1, NULL, 0, NULL) < 0)
    {
        actx_error_internal(actx, "adding kqueue timer to multiplexer: %m");
        return false;
    }
 
    return true;
#else
#error set_timer is not implemented on this platform
#endif
}

References actx_error_internal, and fb().

Referenced by drain_timer_events(), pg_fe_run_oauth_flow_impl(), and register_timer().

◆ setup_curl_handles()

static bool setup_curl_handles ( struct async_ctx * actx )

static

Definition at line 1755 of file oauth-curl.c.

{
    /*
     * Create our multi handle. This encapsulates the entire conversation with
     * libcurl for this connection.
     */
    actx->curlm = curl_multi_init();
    if (!actx->curlm)
    {
        /* We don't get a lot of feedback on the failure reason. */
        actx_error(actx, "failed to create libcurl multi handle");
        return false;
    }
 
    /*
     * The multi handle tells us what to wait on using two callbacks. These
     * will manipulate actx->mux as needed.
     */
    CHECK_MSETOPT(actx, CURLMOPT_SOCKETFUNCTION, register_socket, return false);
    CHECK_MSETOPT(actx, CURLMOPT_SOCKETDATA, actx, return false);
    CHECK_MSETOPT(actx, CURLMOPT_TIMERFUNCTION, register_timer, return false);
    CHECK_MSETOPT(actx, CURLMOPT_TIMERDATA, actx, return false);
 
    /*
     * Set up an easy handle. All of our requests are made serially, so we
     * only ever need to keep track of one.
     */
    actx->curl = curl_easy_init();
    if (!actx->curl)
    {
        actx_error(actx, "failed to create libcurl handle");
        return false;
    }
 
    /*
     * Multi-threaded applications must set CURLOPT_NOSIGNAL. This requires us
     * to handle the possibility of SIGPIPE ourselves using pq_block_sigpipe;
     * see pg_fe_run_oauth_flow().
     *
     * NB: If libcurl is not built against a friendly DNS resolver (c-ares or
     * threaded), setting this option prevents DNS lookups from timing out
     * correctly. We warn about this situation at configure time.
     *
     * TODO: Perhaps there's a clever way to warn the user about synchronous
     * DNS at runtime too? It's not immediately clear how to do that in a
     * helpful way: for many standard single-threaded use cases, the user
     * might not care at all, so spraying warnings to stderr would probably do
     * more harm than good.
     */
    CHECK_SETOPT(actx, CURLOPT_NOSIGNAL, 1L, return false);
 
    if (actx->debug_flags & OAUTHDEBUG_UNSAFE_TRACE)
    {
        /*
         * Set a callback for retrieving error information from libcurl, the
         * function only takes effect when CURLOPT_VERBOSE has been set so
         * make sure the order is kept.
         */
        CHECK_SETOPT(actx, CURLOPT_DEBUGFUNCTION, debug_callback, return false);
        CHECK_SETOPT(actx, CURLOPT_VERBOSE, 1L, return false);
    }
 
    CHECK_SETOPT(actx, CURLOPT_ERRORBUFFER, actx->curl_err, return false);
 
    /*
     * Only HTTPS is allowed. (Debug mode additionally allows HTTP; this is
     * intended for testing only.)
     *
     * There's a bit of unfortunate complexity around the choice of
     * CURLoption. CURLOPT_PROTOCOLS is deprecated in modern Curls, but its
     * replacement didn't show up until relatively recently.
     */
    {
#if CURL_AT_LEAST_VERSION(7, 85, 0)
        const CURLoption popt = CURLOPT_PROTOCOLS_STR;
        const char *protos = "https";
        const char *const unsafe = "https,http";
#else
        const CURLoption popt = CURLOPT_PROTOCOLS;
        long        protos = CURLPROTO_HTTPS;
        const long  unsafe = CURLPROTO_HTTPS | CURLPROTO_HTTP;
#endif
 
        if (actx->debug_flags & OAUTHDEBUG_UNSAFE_HTTP)
            protos = unsafe;
 
        CHECK_SETOPT(actx, popt, protos, return false);
    }
 
    /* Allow the user to change the trusted CA list. */
    if (actx->ca_file != NULL)
        CHECK_SETOPT(actx, CURLOPT_CAINFO, actx->ca_file, return false);
 
    /*
     * Suppress the Accept header to make our request as minimal as possible.
     * (Ideally we would set it to "application/json" instead, but OpenID is
     * pretty strict when it comes to provider behavior, so we have to check
     * what comes back anyway.)
     */
    actx->headers = curl_slist_append(actx->headers, "Accept:");
    if (actx->headers == NULL)
    {
        actx_error(actx, "out of memory");
        return false;
    }
    CHECK_SETOPT(actx, CURLOPT_HTTPHEADER, actx->headers, return false);
 
    return true;
}

References actx_error, CHECK_MSETOPT, CHECK_SETOPT, debug_callback(), fb(), OAUTHDEBUG_UNSAFE_HTTP, OAUTHDEBUG_UNSAFE_TRACE, register_socket(), and register_timer().

Referenced by pg_start_oauthbearer().

◆ setup_multiplexer()

static bool setup_multiplexer ( struct async_ctx * actx )

static

Definition at line 1225 of file oauth-curl.c.

{
#if defined(HAVE_SYS_EPOLL_H)
    struct epoll_event ev = {.events = EPOLLIN};
 
    actx->mux = epoll_create1(EPOLL_CLOEXEC);
    if (actx->mux < 0)
    {
        actx_error_internal(actx, "failed to create epoll set: %m");
        return false;
    }
 
    actx->timerfd = timerfd_create(CLOCK_MONOTONIC, TFD_CLOEXEC);
    if (actx->timerfd < 0)
    {
        actx_error_internal(actx, "failed to create timerfd: %m");
        return false;
    }
 
    if (epoll_ctl(actx->mux, EPOLL_CTL_ADD, actx->timerfd, &ev) < 0)
    {
        actx_error_internal(actx, "failed to add timerfd to epoll set: %m");
        return false;
    }
 
    return true;
#elif defined(HAVE_SYS_EVENT_H)
    actx->mux = kqueue();
    if (actx->mux < 0)
    {
        actx_error_internal(actx, "failed to create kqueue: %m");
        return false;
    }
 
    /*
     * Originally, we set EVFILT_TIMER directly on the top-level multiplexer.
     * This makes it difficult to implement timer_expired(), though, so now we
     * set EVFILT_TIMER on a separate actx->timerfd, which is chained to
     * actx->mux while the timer is active.
     */
    actx->timerfd = kqueue();
    if (actx->timerfd < 0)
    {
        actx_error_internal(actx, "failed to create timer kqueue: %m");
        return false;
    }
 
    return true;
#else
#error setup_multiplexer is not implemented on this platform
#endif
}

References actx_error_internal, and fb().

Referenced by pg_start_oauthbearer().

◆ start_device_authz()

static bool start_device_authz	(	struct async_ctx *	actx,
		PGconn *	conn
	)

static

Definition at line 2419 of file oauth-curl.c.

{
    const char *oauth_scope = actx->scope;
    const char *device_authz_uri = actx->provider.device_authorization_endpoint;
    PQExpBuffer work_buffer = &actx->work_data;
 
    Assert(device_authz_uri);   /* ensured by check_for_device_flow() */
 
    /* Construct our request body. */
    resetPQExpBuffer(work_buffer);
    if (oauth_scope && oauth_scope[0])
        build_urlencoded(work_buffer, "scope", oauth_scope);
 
    if (!add_client_identification(actx, work_buffer, conn))
        return false;
 
    if (PQExpBufferBroken(work_buffer))
    {
        actx_error(actx, "out of memory");
        return false;
    }
 
    /* Make our request. */
    CHECK_SETOPT(actx, CURLOPT_URL, device_authz_uri, return false);
    CHECK_SETOPT(actx, CURLOPT_COPYPOSTFIELDS, work_buffer->data, return false);
 
    return start_request(actx);
}

References actx_error, add_client_identification(), Assert, build_urlencoded(), CHECK_SETOPT, conn, fb(), PQExpBufferBroken, resetPQExpBuffer(), and start_request().

Referenced by pg_fe_run_oauth_flow_impl().

◆ start_discovery()

static bool start_discovery	(	struct async_ctx *	actx,
		const char *	discovery_uri
	)

static

Definition at line 2157 of file oauth-curl.c.

{
    CHECK_SETOPT(actx, CURLOPT_HTTPGET, 1L, return false);
    CHECK_SETOPT(actx, CURLOPT_URL, discovery_uri, return false);
 
    return start_request(actx);
}

References CHECK_SETOPT, async_ctx::discovery_uri, fb(), and start_request().

Referenced by pg_fe_run_oauth_flow_impl().

◆ start_request()

static bool start_request ( struct async_ctx * actx )

static

Definition at line 1916 of file oauth-curl.c.

{
    CURLMcode   err;
 
    resetPQExpBuffer(&actx->work_data);
    CHECK_SETOPT(actx, CURLOPT_WRITEFUNCTION, append_data, return false);
    CHECK_SETOPT(actx, CURLOPT_WRITEDATA, actx, return false);
 
    err = curl_multi_add_handle(actx->curlm, actx->curl);
    if (err)
    {
        actx_error(actx, "failed to queue HTTP request: %s",
                   curl_multi_strerror(err));
        return false;
    }
 
    /*
     * actx->running tracks the number of running handles, so we can
     * immediately call back if no waiting is needed.
     *
     * Even though this is nominally an asynchronous process, there are some
     * operations that can synchronously fail by this point (e.g. connections
     * to closed local ports) or even synchronously succeed if the stars align
     * (all the libcurl connection caches hit and the server is fast).
     */
    err = curl_multi_socket_action(actx->curlm, CURL_SOCKET_TIMEOUT, 0, &actx->running);
    if (err)
    {
        actx_error(actx, "asynchronous HTTP request failed: %s",
                   curl_multi_strerror(err));
        return false;
    }
 
    return true;
}

References actx_error, append_data(), CHECK_SETOPT, err(), fb(), and resetPQExpBuffer().

Referenced by start_device_authz(), start_discovery(), and start_token_request().

◆ start_token_request()

static bool start_token_request	(	struct async_ctx *	actx,
		PGconn *	conn
	)

static

Definition at line 2506 of file oauth-curl.c.

{
    const char *token_uri = actx->provider.token_endpoint;
    const char *device_code = actx->authz.device_code;
    PQExpBuffer work_buffer = &actx->work_data;
 
    Assert(token_uri);          /* ensured by parse_provider() */
    Assert(device_code);        /* ensured by parse_device_authz() */
 
    /* Construct our request body. */
    resetPQExpBuffer(work_buffer);
    build_urlencoded(work_buffer, "device_code", device_code);
    build_urlencoded(work_buffer, "grant_type", OAUTH_GRANT_TYPE_DEVICE_CODE);
 
    if (!add_client_identification(actx, work_buffer, conn))
        return false;
 
    if (PQExpBufferBroken(work_buffer))
    {
        actx_error(actx, "out of memory");
        return false;
    }
 
    /* Make our request. */
    CHECK_SETOPT(actx, CURLOPT_URL, token_uri, return false);
    CHECK_SETOPT(actx, CURLOPT_COPYPOSTFIELDS, work_buffer->data, return false);
 
    return start_request(actx);
}

References actx_error, add_client_identification(), Assert, build_urlencoded(), CHECK_SETOPT, conn, fb(), OAUTH_GRANT_TYPE_DEVICE_CODE, PQExpBufferBroken, resetPQExpBuffer(), and start_request().

Referenced by pg_fe_run_oauth_flow_impl().

◆ timer_expired()

static int timer_expired ( struct async_ctx * actx )

static

Definition at line 1594 of file oauth-curl.c.

{
#if defined(HAVE_SYS_EPOLL_H) || defined(HAVE_SYS_EVENT_H)
    int         res;
 
    /* Is the timer ready? */
    res = PQsocketPoll(actx->timerfd, 1 /* forRead */ , 0, 0);
    if (res < 0)
    {
        actx_error(actx, "checking timer expiration: %m");
        return -1;
    }
 
    return (res > 0);
#else
#error timer_expired is not implemented on this platform
#endif
}

References actx_error, fb(), and PQsocketPoll().

Referenced by drain_timer_events().

◆ urlencode()

static char * urlencode ( const char * s )

static

Definition at line 2113 of file oauth-curl.c.

{
    PQExpBufferData buf;
 
    initPQExpBuffer(&buf);
    append_urlencoded(&buf, s);
 
    return PQExpBufferDataBroken(buf) ? NULL : buf.data;
}

References append_urlencoded(), buf, fb(), initPQExpBuffer(), and PQExpBufferDataBroken.

Referenced by add_client_identification().

Data Structures

Macros

Enumerations

Functions

Macro Definition Documentation

◆ actx_error

◆ actx_error_internal

◆ actx_error_str

◆ CHECK_GETINFO

◆ CHECK_MSETOPT

◆ CHECK_SETOPT

◆ CURL_IGNORE_DEPRECATION

◆ HTTPS_SCHEME

◆ MAX_OAUTH_NESTING_LEVEL

◆ MAX_OAUTH_RESPONSE_SIZE

◆ OAUTH_GRANT_TYPE_DEVICE_CODE

◆ oauth_parse_set_error

◆ oauth_parse_set_error_internal

◆ PG_CURL_IGNORE_DEPRECATION

◆ PG_OAUTH_OPTIONAL

◆ PG_OAUTH_REQUIRED

Enumeration Type Documentation

◆ OAuthStep

Function Documentation

◆ add_client_identification()

◆ append_actx_error()

◆ append_data()

◆ append_urlencoded()

◆ build_urlencoded()

◆ check_content_type()

◆ check_for_device_flow()

◆ check_issuer()

◆ comb_multiplexer()

◆ debug_callback()

◆ drain_timer_events()

◆ drive_request()

◆ finish_device_authz()

◆ finish_discovery()

◆ finish_token_request()

◆ free_async_ctx()

◆ free_device_authz()

◆ free_provider()

◆ free_token()

◆ free_token_error()

◆ handle_token_response()

◆ initialize_curl()

◆ oauth_json_array_end()

◆ oauth_json_array_start()

◆ oauth_json_object_end()

◆ oauth_json_object_field_start()

◆ oauth_json_object_start()

◆ oauth_json_scalar()

◆ parse_access_token()

◆ parse_device_authz()

◆ parse_expires_in()

◆ parse_interval()

◆ parse_json_number()

◆ parse_oauth_json()

◆ parse_provider()

◆ parse_token_error()

◆ pg_fe_cleanup_oauth_flow()

◆ pg_fe_run_oauth_flow()

◆ pg_fe_run_oauth_flow_impl()

◆ pg_start_oauthbearer()

◆ prompt_user()

◆ record_token_error()

◆ register_socket()

◆ register_timer()

◆ report_type_mismatch()

◆ set_timer()

◆ setup_curl_handles()

◆ setup_multiplexer()

◆ start_device_authz()

◆ start_discovery()

◆ start_request()

◆ start_token_request()

◆ timer_expired()

◆ urlencode()