validator_8c_source.html

/*-------------------------------------------------------------------------

 *

 * validator.c

 *    Test module for serverside OAuth token validation callbacks

 *

 * Portions Copyright (c) 1996-2025, PostgreSQL Global Development Group

 * Portions Copyright (c) 1994, Regents of the University of California

 *

 * src/test/modules/oauth_validator/validator.c

 *

 *-------------------------------------------------------------------------

 */


#include "postgres.h"


#include "fmgr.h"

#include "libpq/oauth.h"

#include "miscadmin.h"

#include "utils/guc.h"

#include "utils/memutils.h"


PG_MODULE_MAGIC;


static void validator_startup(ValidatorModuleState *state);

static void validator_shutdown(ValidatorModuleState *state);

static bool validate_token(const ValidatorModuleState *state,

                           const char *token,

                           const char *role,

                           ValidatorModuleResult *result);


/* Callback implementations (exercise all three) */

static const OAuthValidatorCallbacks validator_callbacks = {

    PG_OAUTH_VALIDATOR_MAGIC,


    .startup_cb = validator_startup,

    .shutdown_cb = validator_shutdown,

    .validate_cb = validate_token

};


/* GUCs */

static char *authn_id = NULL;

static bool authorize_tokens = true;


/*---

 * Extension entry point. Sets up GUCs for use by tests:

 *

 * - oauth_validator.authn_id   Sets the user identifier to return during token

 *                              validation. Defaults to the username in the

 *                              startup packet.

 *

 * - oauth_validator.authorize_tokens

 *                              Sets whether to successfully validate incoming

 *                              tokens. Defaults to true.

 */

void

_PG_init(void)

{

    DefineCustomStringVariable("oauth_validator.authn_id",

                               "Authenticated identity to use for future connections",

                               NULL,

                               &authn_id,

                               NULL,

                               PGC_SIGHUP,

                               0,

                               NULL, NULL, NULL);

    DefineCustomBoolVariable("oauth_validator.authorize_tokens",

                             "Should tokens be marked valid?",

                             NULL,

                             &authorize_tokens,

                             true,

                             PGC_SIGHUP,

                             0,

                             NULL, NULL, NULL);


    MarkGUCPrefixReserved("oauth_validator");

}


/*

 * Validator module entry point.

 */

const OAuthValidatorCallbacks *

_PG_oauth_validator_module_init(void)

{

    return &validator_callbacks;

}


#define PRIVATE_COOKIE ((void *) 13579)


/*

 * Startup callback, to set up private data for the validator.

 */

static void

validator_startup(ValidatorModuleState *state)

{

    /*

     * Make sure the server is correctly setting sversion. (Real modules

     * should not do this; it would defeat upgrade compatibility.)

     */

    if (state->sversion != PG_VERSION_NUM)

        elog(ERROR, "oauth_validator: sversion set to %d", state->sversion);


    state->private_data = PRIVATE_COOKIE;

}


/*

 * Shutdown callback, to tear down the validator.

 */

static void

validator_shutdown(ValidatorModuleState *state)

{

    /* Check to make sure our private state still exists. */

    if (state->private_data != PRIVATE_COOKIE)

        elog(PANIC, "oauth_validator: private state cookie changed to %p in shutdown",

             state->private_data);

}


/*

 * Validator implementation. Logs the incoming data and authorizes the token by

 * default; the behavior can be modified via the module's GUC settings.

 */

static bool

validate_token(const ValidatorModuleState *state,

               const char *token, const char *role,

               ValidatorModuleResult *res)

{

    /* Check to make sure our private state still exists. */

    if (state->private_data != PRIVATE_COOKIE)

        elog(ERROR, "oauth_validator: private state cookie changed to %p in validate",

             state->private_data);


    elog(LOG, "oauth_validator: token=\"%s\", role=\"%s\"", token, role);

    elog(LOG, "oauth_validator: issuer=\"%s\", scope=\"%s\"",

         MyProcPort->hba->oauth_issuer,

         MyProcPort->hba->oauth_scope);


    res->authorized = authorize_tokens;

    if (authn_id)

        res->authn_id = pstrdup(authn_id);

    else

        res->authn_id = pstrdup(role);


    return true;

}

LOG
#define LOG
Definition: elog.h:31

PANIC
#define PANIC
Definition: elog.h:42

ERROR
#define ERROR
Definition: elog.h:39

elog
#define elog(elevel,...)
Definition: elog.h:225

fmgr.h

MyProcPort
struct Port * MyProcPort
Definition: globals.c:50

DefineCustomStringVariable
void DefineCustomStringVariable(const char *name, const char *short_desc, const char *long_desc, char **valueAddr, const char *bootValue, GucContext context, int flags, GucStringCheckHook check_hook, GucStringAssignHook assign_hook, GucShowHook show_hook)
Definition: guc.c:5218

DefineCustomBoolVariable
void DefineCustomBoolVariable(const char *name, const char *short_desc, const char *long_desc, bool *valueAddr, bool bootValue, GucContext context, int flags, GucBoolCheckHook check_hook, GucBoolAssignHook assign_hook, GucShowHook show_hook)
Definition: guc.c:5132

MarkGUCPrefixReserved
void MarkGUCPrefixReserved(const char *className)
Definition: guc.c:5279

guc.h

PGC_SIGHUP
@ PGC_SIGHUP
Definition: guc.h:75

pstrdup
char * pstrdup(const char *in)
Definition: mcxt.c:1699

memutils.h

miscadmin.h

oauth.h

PG_OAUTH_VALIDATOR_MAGIC
#define PG_OAUTH_VALIDATOR_MAGIC
Definition: oauth.h:74

postgres.h

HbaLine::oauth_issuer
char * oauth_issuer
Definition: hba.h:139

HbaLine::oauth_scope
char * oauth_scope
Definition: hba.h:140

OAuthValidatorCallbacks
Definition: oauth.h:77

Port::hba
HbaLine * hba
Definition: libpq-be.h:168

ValidatorModuleResult
Definition: oauth.h:35

ValidatorModuleResult::authorized
bool authorized
Definition: oauth.h:40

ValidatorModuleResult::authn_id
char * authn_id
Definition: oauth.h:51

ValidatorModuleState
Definition: oauth.h:22

state
Definition: regguts.h:323

token
Definition: fe-auth-oauth-curl.c:142

_PG_init
void _PG_init(void)
Definition: validator.c:56

_PG_oauth_validator_module_init
const OAuthValidatorCallbacks * _PG_oauth_validator_module_init(void)
Definition: validator.c:82

PRIVATE_COOKIE
#define PRIVATE_COOKIE
Definition: validator.c:87

PG_MODULE_MAGIC
PG_MODULE_MAGIC
Definition: validator.c:22

authorize_tokens
static bool authorize_tokens
Definition: validator.c:42

validator_startup
static void validator_startup(ValidatorModuleState *state)
Definition: validator.c:93

validator_shutdown
static void validator_shutdown(ValidatorModuleState *state)
Definition: validator.c:109

validate_token
static bool validate_token(const ValidatorModuleState *state, const char *token, const char *role, ValidatorModuleResult *result)
Definition: validator.c:122

authn_id
static char * authn_id
Definition: validator.c:41

validator_callbacks
static const OAuthValidatorCallbacks validator_callbacks
Definition: validator.c:32