PostgreSQL Source Code git master
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Pages
validator.c
Go to the documentation of this file.
1/*-------------------------------------------------------------------------
2 *
3 * validator.c
4 * Test module for serverside OAuth token validation callbacks
5 *
6 * Portions Copyright (c) 1996-2025, PostgreSQL Global Development Group
7 * Portions Copyright (c) 1994, Regents of the University of California
8 *
9 * src/test/modules/oauth_validator/validator.c
10 *
11 *-------------------------------------------------------------------------
12 */
13
14#include "postgres.h"
15
16#include "fmgr.h"
17#include "libpq/oauth.h"
18#include "miscadmin.h"
19#include "utils/guc.h"
20#include "utils/memutils.h"
21
23
27 const char *token,
28 const char *role,
29 ValidatorModuleResult *result);
30
31/* Callback implementations (exercise all three) */
34
35 .startup_cb = validator_startup,
36 .shutdown_cb = validator_shutdown,
37 .validate_cb = validate_token
38};
39
40/* GUCs */
41static char *authn_id = NULL;
42static bool authorize_tokens = true;
43
44/*---
45 * Extension entry point. Sets up GUCs for use by tests:
46 *
47 * - oauth_validator.authn_id Sets the user identifier to return during token
48 * validation. Defaults to the username in the
49 * startup packet.
50 *
51 * - oauth_validator.authorize_tokens
52 * Sets whether to successfully validate incoming
53 * tokens. Defaults to true.
54 */
55void
57{
58 DefineCustomStringVariable("oauth_validator.authn_id",
59 "Authenticated identity to use for future connections",
60 NULL,
61 &authn_id,
62 NULL,
64 0,
65 NULL, NULL, NULL);
66 DefineCustomBoolVariable("oauth_validator.authorize_tokens",
67 "Should tokens be marked valid?",
68 NULL,
70 true,
72 0,
73 NULL, NULL, NULL);
74
75 MarkGUCPrefixReserved("oauth_validator");
76}
77
78/*
79 * Validator module entry point.
80 */
83{
84 return &validator_callbacks;
85}
86
87#define PRIVATE_COOKIE ((void *) 13579)
88
89/*
90 * Startup callback, to set up private data for the validator.
91 */
92static void
94{
95 /*
96 * Make sure the server is correctly setting sversion. (Real modules
97 * should not do this; it would defeat upgrade compatibility.)
98 */
99 if (state->sversion != PG_VERSION_NUM)
100 elog(ERROR, "oauth_validator: sversion set to %d", state->sversion);
101
102 state->private_data = PRIVATE_COOKIE;
103}
104
105/*
106 * Shutdown callback, to tear down the validator.
107 */
108static void
110{
111 /* Check to make sure our private state still exists. */
112 if (state->private_data != PRIVATE_COOKIE)
113 elog(PANIC, "oauth_validator: private state cookie changed to %p in shutdown",
114 state->private_data);
115}
116
117/*
118 * Validator implementation. Logs the incoming data and authorizes the token by
119 * default; the behavior can be modified via the module's GUC settings.
120 */
121static bool
123 const char *token, const char *role,
125{
126 /* Check to make sure our private state still exists. */
127 if (state->private_data != PRIVATE_COOKIE)
128 elog(ERROR, "oauth_validator: private state cookie changed to %p in validate",
129 state->private_data);
130
131 elog(LOG, "oauth_validator: token=\"%s\", role=\"%s\"", token, role);
132 elog(LOG, "oauth_validator: issuer=\"%s\", scope=\"%s\"",
135
137 if (authn_id)
138 res->authn_id = pstrdup(authn_id);
139 else
140 res->authn_id = pstrdup(role);
141
142 return true;
143}
#define LOG
Definition: elog.h:31
#define PANIC
Definition: elog.h:42
#define ERROR
Definition: elog.h:39
#define elog(elevel,...)
Definition: elog.h:225
struct Port * MyProcPort
Definition: globals.c:50
void DefineCustomStringVariable(const char *name, const char *short_desc, const char *long_desc, char **valueAddr, const char *bootValue, GucContext context, int flags, GucStringCheckHook check_hook, GucStringAssignHook assign_hook, GucShowHook show_hook)
Definition: guc.c:5218
void DefineCustomBoolVariable(const char *name, const char *short_desc, const char *long_desc, bool *valueAddr, bool bootValue, GucContext context, int flags, GucBoolCheckHook check_hook, GucBoolAssignHook assign_hook, GucShowHook show_hook)
Definition: guc.c:5132
void MarkGUCPrefixReserved(const char *className)
Definition: guc.c:5279
@ PGC_SIGHUP
Definition: guc.h:75
char * pstrdup(const char *in)
Definition: mcxt.c:1699
#define PG_OAUTH_VALIDATOR_MAGIC
Definition: oauth.h:74
char * oauth_issuer
Definition: hba.h:139
char * oauth_scope
Definition: hba.h:140
HbaLine * hba
Definition: libpq-be.h:168
Definition: regguts.h:323
void _PG_init(void)
Definition: validator.c:56
const OAuthValidatorCallbacks * _PG_oauth_validator_module_init(void)
Definition: validator.c:82
#define PRIVATE_COOKIE
Definition: validator.c:87
PG_MODULE_MAGIC
Definition: validator.c:22
static bool authorize_tokens
Definition: validator.c:42
static void validator_startup(ValidatorModuleState *state)
Definition: validator.c:93
static void validator_shutdown(ValidatorModuleState *state)
Definition: validator.c:109
static bool validate_token(const ValidatorModuleState *state, const char *token, const char *role, ValidatorModuleResult *result)
Definition: validator.c:122
static char * authn_id
Definition: validator.c:41
static const OAuthValidatorCallbacks validator_callbacks
Definition: validator.c:32