PostgreSQL Source Code git master
Loading...
Searching...
No Matches
Macros | Functions | Variables
validator.c File Reference
#include "postgres.h"
#include "fmgr.h"
#include "libpq/oauth.h"
#include "miscadmin.h"
#include "utils/guc.h"
#include "utils/memutils.h"
Include dependency graph for validator.c:

Go to the source code of this file.

Macros

#define PRIVATE_COOKIE   ((void *) 13579)
 

Functions

static void validator_startup (ValidatorModuleState *state)
 
static void validator_shutdown (ValidatorModuleState *state)
 
static bool validate_token (const ValidatorModuleState *state, const char *token, const char *role, ValidatorModuleResult *res)
 
void _PG_init (void)
 
const OAuthValidatorCallbacks_PG_oauth_validator_module_init (void)
 

Variables

 PG_MODULE_MAGIC
 
static const OAuthValidatorCallbacks validator_callbacks
 
static charauthn_id = NULL
 
static bool authorize_tokens = true
 
static charerror_detail = NULL
 
static bool internal_error = false
 
static bool invalid_hba = false
 
static const charhba_opts []
 

Macro Definition Documentation

◆ PRIVATE_COOKIE

#define PRIVATE_COOKIE   ((void *) 13579)

Definition at line 128 of file validator.c.

Function Documentation

◆ _PG_init()

void _PG_init ( void  )

Definition at line 73 of file validator.c.

74{
75 DefineCustomStringVariable("oauth_validator.authn_id",
76 "Authenticated identity to use for future connections",
77 NULL,
78 &authn_id,
79 NULL,
80 PGC_SIGHUP,
81 0,
82 NULL, NULL, NULL);
83 DefineCustomBoolVariable("oauth_validator.authorize_tokens",
84 "Should tokens be marked valid?",
85 NULL,
86 &authorize_tokens,
87 true,
88 PGC_SIGHUP,
89 0,
90 NULL, NULL, NULL);
91 DefineCustomStringVariable("oauth_validator.error_detail",
92 "Error message to print during failures",
93 NULL,
94 &error_detail,
95 NULL,
96 PGC_SIGHUP,
97 0,
98 NULL, NULL, NULL);
99 DefineCustomBoolVariable("oauth_validator.internal_error",
100 "Should the validator report an internal error?",
101 NULL,
102 &internal_error,
103 false,
104 PGC_SIGHUP,
105 0,
106 NULL, NULL, NULL);
107 DefineCustomBoolVariable("oauth_validator.invalid_hba",
108 "Should the validator register an invalid option?",
109 NULL,
110 &invalid_hba,
111 false,
112 PGC_SIGHUP,
113 0,
114 NULL, NULL, NULL);
115
116 MarkGUCPrefixReserved("oauth_validator");
117}
DefineCustomStringVariable
void DefineCustomStringVariable(const char *name, const char *short_desc, const char *long_desc, char **valueAddr, const char *bootValue, GucContext context, int flags, GucStringCheckHook check_hook, GucStringAssignHook assign_hook, GucShowHook show_hook)
Definition guc.c:5129
DefineCustomBoolVariable
void DefineCustomBoolVariable(const char *name, const char *short_desc, const char *long_desc, bool *valueAddr, bool bootValue, GucContext context, int flags, GucBoolCheckHook check_hook, GucBoolAssignHook assign_hook, GucShowHook show_hook)
Definition guc.c:5049
MarkGUCPrefixReserved
void MarkGUCPrefixReserved(const char *className)
Definition guc.c:5186
PGC_SIGHUP
@ PGC_SIGHUP
Definition guc.h:75
fb
static int fb(int x)
Definition preproc-init.c:92
internal_error
static bool internal_error
Definition validator.c:44
error_detail
static char * error_detail
Definition validator.c:43
invalid_hba
static bool invalid_hba
Definition validator.c:45
authorize_tokens
static bool authorize_tokens
Definition validator.c:42
authn_id
static char * authn_id
Definition validator.c:41

References authn_id, authorize_tokens, DefineCustomBoolVariable(), DefineCustomStringVariable(), error_detail, fb(), internal_error, invalid_hba, MarkGUCPrefixReserved(), and PGC_SIGHUP.

◆ _PG_oauth_validator_module_init()

const OAuthValidatorCallbacks * _PG_oauth_validator_module_init ( void  )

Definition at line 123 of file validator.c.

124{
125 return &validator_callbacks;
126}
validator_callbacks
static const OAuthValidatorCallbacks validator_callbacks
Definition validator.c:32

References validator_callbacks, and validator_callbacks.

◆ validate_token()

static bool validate_token ( const ValidatorModuleState state,
const char token,
const char role,
ValidatorModuleResult res 
)
static

Definition at line 186 of file validator.c.

189{
190 /* Check to make sure our private state still exists. */
191 if (state->private_data != PRIVATE_COOKIE)
192 elog(ERROR, "oauth_validator: private state cookie changed to %p in validate",
193 state->private_data);
194
195 if (GetOAuthHBAOption(state, "log"))
196 elog(LOG, "%s", GetOAuthHBAOption(state, "log"));
197
198 elog(LOG, "oauth_validator: token=\"%s\", role=\"%s\"", token, role);
199 elog(LOG, "oauth_validator: issuer=\"%s\", scope=\"%s\"",
200 MyProcPort->hba->oauth_issuer,
201 MyProcPort->hba->oauth_scope);
202
203 res->error_detail = error_detail; /* only relevant for failures */
204 if (internal_error)
205 return false;
206
207 res->authorized = authorize_tokens;
208 if (authn_id)
209 res->authn_id = pstrdup(authn_id);
210 else if (GetOAuthHBAOption(state, "authn_id"))
211 res->authn_id = pstrdup(GetOAuthHBAOption(state, "authn_id"));
212 else
213 res->authn_id = pstrdup(role);
214
215 return true;
216}
GetOAuthHBAOption
const char * GetOAuthHBAOption(const ValidatorModuleState *state, const char *optname)
Definition auth-oauth.c:1090
LOG
#define LOG
Definition elog.h:32
ERROR
#define ERROR
Definition elog.h:40
elog
#define elog(elevel,...)
Definition elog.h:228
MyProcPort
struct Port * MyProcPort
Definition globals.c:53
pstrdup
char * pstrdup(const char *in)
Definition mcxt.c:1781
HbaLine::oauth_issuer
char * oauth_issuer
Definition hba.h:130
HbaLine::oauth_scope
char * oauth_scope
Definition hba.h:131
Port::hba
HbaLine * hba
Definition libpq-be.h:165
ValidatorModuleResult::error_detail
char * error_detail
Definition oauth.h:65
PRIVATE_COOKIE
#define PRIVATE_COOKIE
Definition validator.c:128

References ValidatorModuleResult::authn_id, authn_id, authorize_tokens, ValidatorModuleResult::authorized, elog, ERROR, ValidatorModuleResult::error_detail, error_detail, GetOAuthHBAOption(), Port::hba, internal_error, LOG, MyProcPort, HbaLine::oauth_issuer, HbaLine::oauth_scope, PRIVATE_COOKIE, and pstrdup().

◆ validator_shutdown()

static void validator_shutdown ( ValidatorModuleState state)
static

Definition at line 173 of file validator.c.

174{
175 /* Check to make sure our private state still exists. */
176 if (state->private_data != PRIVATE_COOKIE)
177 elog(PANIC, "oauth_validator: private state cookie changed to %p in shutdown",
178 state->private_data);
179}
PANIC
#define PANIC
Definition elog.h:44

References elog, PANIC, and PRIVATE_COOKIE.

◆ validator_startup()

static void validator_startup ( ValidatorModuleState state)
static

Definition at line 134 of file validator.c.

135{
136 /*
137 * Make sure the server is correctly setting sversion. (Real modules
138 * should not do this; it would defeat upgrade compatibility.)
139 */
140 if (state->sversion != PG_VERSION_NUM)
141 elog(ERROR, "oauth_validator: sversion set to %d", state->sversion);
142
143 /*
144 * Test the behavior of custom HBA options. Registered options should not
145 * be retrievable during startup (we want to discourage modules from
146 * relying on the relative order of client connections and the
147 * startup_cb).
148 */
149 RegisterOAuthHBAOptions(state, lengthof(hba_opts), hba_opts);
150 for (int i = 0; i < lengthof(hba_opts); i++)
151 {
152 if (GetOAuthHBAOption(state, hba_opts[i]))
153 elog(ERROR,
154 "oauth_validator: GetOAuthValidatorOption(\"%s\") was non-NULL during startup_cb",
155 hba_opts[i]);
156 }
157
158 if (invalid_hba)
159 {
160 /* Register a bad option, which should print a WARNING to the logs. */
161 const char *invalid = "bad option name";
162
163 RegisterOAuthHBAOptions(state, 1, &invalid);
164 }
165
166 state->private_data = PRIVATE_COOKIE;
167}
RegisterOAuthHBAOptions
void RegisterOAuthHBAOptions(ValidatorModuleState *state, int num, const char *opts[])
Definition auth-oauth.c:949
lengthof
#define lengthof(array)
Definition c.h:873
invalid
invalidindex index d is invalid
Definition isn.c:138
i
int i
Definition isn.c:77
hba_opts
static const char * hba_opts[]
Definition validator.c:48

References elog, ERROR, fb(), GetOAuthHBAOption(), hba_opts, i, invalid, invalid_hba, lengthof, PRIVATE_COOKIE, and RegisterOAuthHBAOptions().

Variable Documentation

◆ authn_id

char* authn_id = NULL
static

Definition at line 41 of file validator.c.

Referenced by _PG_init(), InitializeSystemUser(), RestoreClientConnectionInfo(), and validate_token().

◆ authorize_tokens

bool authorize_tokens = true
static

Definition at line 42 of file validator.c.

Referenced by _PG_init(), and validate_token().

◆ error_detail

char* error_detail = NULL
static

Definition at line 43 of file validator.c.

Referenced by _PG_init(), main(), parse_basebackup_options(), and validate_token().

◆ hba_opts

const char* hba_opts[]
static
Initial value:
= {
"authn_id",
"log",
}

Definition at line 48 of file validator.c.

48 {
49 "authn_id", /* overrides the default authn_id */
50 "log", /* logs an arbitrary string */
51};

Referenced by validator_startup().

◆ internal_error

bool internal_error = false
static

Definition at line 44 of file validator.c.

Referenced by _PG_init(), and validate_token().

◆ invalid_hba

bool invalid_hba = false
static

Definition at line 45 of file validator.c.

Referenced by _PG_init(), and validator_startup().

◆ PG_MODULE_MAGIC

PG_MODULE_MAGIC

Definition at line 22 of file validator.c.

◆ validator_callbacks

const OAuthValidatorCallbacks validator_callbacks
static
Initial value:
= {
PG_OAUTH_VALIDATOR_MAGIC,
.startup_cb = validator_startup,
.shutdown_cb = validator_shutdown,
.validate_cb = validate_token
}
PG_OAUTH_VALIDATOR_MAGIC
#define PG_OAUTH_VALIDATOR_MAGIC
Definition oauth.h:88
validator_startup
static void validator_startup(ValidatorModuleState *state)
Definition validator.c:134
validator_shutdown
static void validator_shutdown(ValidatorModuleState *state)
Definition validator.c:173
validate_token
static bool validate_token(const ValidatorModuleState *state, const char *token, const char *role, ValidatorModuleResult *res)
Definition validator.c:186

Definition at line 32 of file validator.c.

32 {
33 PG_OAUTH_VALIDATOR_MAGIC,
34
35 .startup_cb = validator_startup,
36 .shutdown_cb = validator_shutdown,
37 .validate_cb = validate_token
38};

Referenced by _PG_oauth_validator_module_init().