diff options
| -rw-r--r-- | doc/src/sgml/libpq.sgml | 10 | ||||
| -rw-r--r-- | src/interfaces/libpq-oauth/meson.build | 2 | ||||
| -rw-r--r-- | src/interfaces/libpq/libpq-fe.h | 17 | ||||
| -rw-r--r-- | src/test/modules/oauth_validator/t/002_client.pl | 24 | ||||
| -rw-r--r-- | src/test/postmaster/t/002_connection_limits.pl | 5 | ||||
| -rw-r--r-- | src/test/postmaster/t/003_start_stop.pl | 7 |
6 files changed, 49 insertions, 16 deletions
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml index cbb29b6ed40..03d1e6abbce 100644 --- a/doc/src/sgml/libpq.sgml +++ b/doc/src/sgml/libpq.sgml @@ -10412,10 +10412,14 @@ typedef struct PGoauthBearerRequest /* Hook outputs */ - /* Callback implementing a custom asynchronous OAuth flow. */ + /* + * Callback implementing a custom asynchronous OAuth flow. The signature is + * platform-dependent: PQ_SOCKTYPE is SOCKET on Windows, and int everywhere + * else. + */ PostgresPollingStatusType (*async) (PGconn *conn, struct PGoauthBearerRequest *request, - SOCKTYPE *altsock); + PQ_SOCKTYPE *altsock); /* Callback to clean up custom allocations. */ void (*cleanup) (PGconn *conn, struct PGoauthBearerRequest *request); @@ -10472,7 +10476,7 @@ typedef struct PGoauthBearerRequest hook. When the callback cannot make further progress without blocking, it should return either <symbol>PGRES_POLLING_READING</symbol> or <symbol>PGRES_POLLING_WRITING</symbol> after setting - <literal>*pgsocket</literal> to the file descriptor that will be marked + <literal>*altsock</literal> to the file descriptor that will be marked ready to read/write when progress can be made again. (This descriptor is then provided to the top-level polling loop via <function>PQsocket()</function>.) Return <symbol>PGRES_POLLING_OK</symbol> diff --git a/src/interfaces/libpq-oauth/meson.build b/src/interfaces/libpq-oauth/meson.build index df064c59a40..4f006e2c381 100644 --- a/src/interfaces/libpq-oauth/meson.build +++ b/src/interfaces/libpq-oauth/meson.build @@ -40,7 +40,7 @@ libpq_oauth_name = 'libpq-oauth-@0@'.format(pg_version_major) libpq_oauth_so = shared_module(libpq_oauth_name, libpq_oauth_sources + libpq_oauth_so_sources, include_directories: [libpq_oauth_inc, postgres_inc], - c_args: libpq_so_c_args, + c_args: libpq_oauth_so_c_args, c_pch: pch_postgres_fe_h, dependencies: [frontend_shlib_code, libpq, libpq_oauth_deps], link_depends: export_file, diff --git a/src/interfaces/libpq/libpq-fe.h b/src/interfaces/libpq/libpq-fe.h index 0852584edae..877a6483b34 100644 --- a/src/interfaces/libpq/libpq-fe.h +++ b/src/interfaces/libpq/libpq-fe.h @@ -738,11 +738,15 @@ typedef struct _PGpromptOAuthDevice int expires_in; /* seconds until user code expires */ } PGpromptOAuthDevice; -/* for PGoauthBearerRequest.async() */ +/* + * For PGoauthBearerRequest.async(). This macro just allows clients to avoid + * depending on libpq-int.h or Winsock for the "socket" type; it's undefined + * immediately below. + */ #ifdef _WIN32 -#define SOCKTYPE uintptr_t /* avoids depending on winsock2.h for SOCKET */ +#define PQ_SOCKTYPE uintptr_t /* avoids depending on winsock2.h for SOCKET */ #else -#define SOCKTYPE int +#define PQ_SOCKTYPE int #endif typedef struct PGoauthBearerRequest @@ -768,10 +772,13 @@ typedef struct PGoauthBearerRequest * blocking during the original call to the PQAUTHDATA_OAUTH_BEARER_TOKEN * hook, it may be returned directly, but one of request->async or * request->token must be set by the hook. + * + * The (PQ_SOCKTYPE *) in the signature is a placeholder for the platform's + * native socket type: (SOCKET *) on Windows, and (int *) everywhere else. */ PostgresPollingStatusType (*async) (PGconn *conn, struct PGoauthBearerRequest *request, - SOCKTYPE * altsock); + PQ_SOCKTYPE * altsock); /* * Callback to clean up custom allocations. A hook implementation may use @@ -798,7 +805,7 @@ typedef struct PGoauthBearerRequest void *user; } PGoauthBearerRequest; -#undef SOCKTYPE +#undef PQ_SOCKTYPE extern char *PQencryptPassword(const char *passwd, const char *user); extern char *PQencryptPasswordConn(PGconn *conn, const char *passwd, const char *user, const char *algorithm); diff --git a/src/test/modules/oauth_validator/t/002_client.pl b/src/test/modules/oauth_validator/t/002_client.pl index aac0220d215..e6c91fc911c 100644 --- a/src/test/modules/oauth_validator/t/002_client.pl +++ b/src/test/modules/oauth_validator/t/002_client.pl @@ -29,6 +29,8 @@ $node->init; $node->append_conf('postgresql.conf', "log_connections = all\n"); $node->append_conf('postgresql.conf', "oauth_validator_libraries = 'validator'\n"); +# Needed to inspect postmaster log after connection failure: +$node->append_conf('postgresql.conf', "log_min_messages = debug2"); $node->start; $node->safe_psql('postgres', 'CREATE USER test;'); @@ -47,7 +49,7 @@ local all test oauth issuer="$issuer" scope="$scope" }); $node->reload; -my $log_start = $node->wait_for_log(qr/reloading configuration files/); +$node->wait_for_log(qr/reloading configuration files/); $ENV{PGOAUTHDEBUG} = "UNSAFE"; @@ -73,6 +75,7 @@ sub test my @cmd = ("oauth_hook_client", @{$flags}, $common_connstr); note "running '" . join("' '", @cmd) . "'"; + my $log_start = -s $node->logfile; my ($stdout, $stderr) = run_command(\@cmd); if (defined($params{expected_stdout})) @@ -88,6 +91,18 @@ sub test { is($stderr, "", "$test_name: no stderr"); } + + if (defined($params{log_like})) + { + # See Cluster::connect_fails(). To avoid races, we have to wait for the + # postmaster to flush the log for the finished connection. + $node->wait_for_log( + qr/DEBUG: (?:00000: )?forked new client backend, pid=(\d+) socket.*DEBUG: (?:00000: )?client backend \(PID \1\) exited with exit code \d/s, + $log_start); + + $node->log_check("$test_name: log matches", + $log_start, log_like => $params{log_like}); + } } test( @@ -97,11 +112,8 @@ test( "--expected-uri", "$issuer/.well-known/openid-configuration", "--expected-scope", $scope, ], - expected_stdout => qr/connection succeeded/); - -$node->log_check("validator receives correct token", - $log_start, - log_like => [ qr/oauth_validator: token="my-token", role="$user"/, ]); + expected_stdout => qr/connection succeeded/, + log_like => [qr/oauth_validator: token="my-token", role="$user"/]); if ($ENV{with_libcurl} ne 'yes') { diff --git a/src/test/postmaster/t/002_connection_limits.pl b/src/test/postmaster/t/002_connection_limits.pl index 4a7fb16261f..2fc821ad0b4 100644 --- a/src/test/postmaster/t/002_connection_limits.pl +++ b/src/test/postmaster/t/002_connection_limits.pl @@ -74,6 +74,11 @@ sub connect_fails_wait ok(1, "$test_name: client backend process exited"); } +# Restart the server to ensure that any backends launched for the +# initialization steps are gone. Otherwise they could still be using +# up connection slots and mess with our expectations. +$node->restart; + my @sessions = (); my @raw_connections = (); diff --git a/src/test/postmaster/t/003_start_stop.pl b/src/test/postmaster/t/003_start_stop.pl index 58e7ba6cc42..25d6f667217 100644 --- a/src/test/postmaster/t/003_start_stop.pl +++ b/src/test/postmaster/t/003_start_stop.pl @@ -46,6 +46,11 @@ if (!$node->raw_connect_works()) plan skip_all => "this test requires working raw_connect()"; } +# Restart the server to ensure that the backend launched for +# raw_connect_works() is gone. Otherwise, it might free up the +# connection slot later, when we expect all the slots to be in use. +$node->restart; + my @raw_connections = (); # Open a lot of TCP (or Unix domain socket) connections to use up all @@ -81,7 +86,7 @@ for (my $i = 0; $i <= 20; $i++) # clients already" instead of "role does not exist" error. Test that # to ensure that we have used up all the slots. $node->connect_fails("dbname=postgres user=invalid_user", - "connect ", + "connection is rejected when all slots are in use", expected_stderr => qr/FATAL: sorry, too many clients already/); # Open one more connection, to really ensure that we have at least one |