require_auth: prepare for multiple SASL mechanisms Prior to this patch, the require_auth implementation assumed that the AuthenticationSASL protocol message was using SCRAM-SHA-256. In preparation for future SASL mechanisms, like OAUTHBEARER, split the implementation into two tiers: the first checks the acceptable AUTH_REQ_* codes, and the second checks acceptable mechanisms if AUTH_REQ_SASL et.al are permitted.
conn->allowed_sasl_mechs contains a list of pointers to acceptable mechanisms, and pg_SASL_init() will bail if the selected mechanism isn't contained in this array. Since there's only one mechansism supported right now, one branch of the second tier cannot be exercised yet and is protected by an Assert(false) call. This assertion will need to be removed when the next mechanism is added. This patch is extracted from a larger body of work aimed at adding support for OAUTHBEARER in libpq. Author: Jacob Champion <jacob.champ...@enterprisedb.com> Reviewed-by: Daniel Gustafsson <dan...@yesql.se> Reviewed-by: Peter Eisentraut <pe...@eisentraut.org> Discussion: https://postgr.es/m/CAOYmi+kJqzo6XsR9TEhvVfeVNQ-TyFM5LATypm9yoQVYk=4...@mail.gmail.com Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/f8d8581ed882b79b512daaa7f71ca19c8eafcaef Modified Files -------------- src/interfaces/libpq/fe-auth.c | 29 +++++ src/interfaces/libpq/fe-connect.c | 184 +++++++++++++++++++++++++++--- src/interfaces/libpq/libpq-int.h | 2 + src/test/authentication/t/001_password.pl | 10 ++ 4 files changed, 208 insertions(+), 17 deletions(-)
