Add a hook to allow modification of the ldapbindpasswd
This patch, mostly the work of John Naylor, provides a hook whereby a
module can modify the ldapbindpasswd before it is handed to the ldap
server. This is similar in concept to the ssl_passphrase_callback
feature, and allows the user not to have to put the cleartext password
in the pg_hba.conf file. A trivial test is added which provides an
example of such a module.
cheers
andrew
--
Andrew Dunstan
EDB: https://www.enterprisedb.com
Attachments:
0001-Add-a-password-handling-hook-for-ldapbindpasswd.patchtext/x-patch; charset=UTF-8; name=0001-Add-a-password-handling-hook-for-ldapbindpasswd.patchDownload+407-2
On 2022-12-19 Mo 11:29, Andrew Dunstan wrote:
This patch, mostly the work of John Naylor, provides a hook whereby a
module can modify the ldapbindpasswd before it is handed to the ldap
server. This is similar in concept to the ssl_passphrase_callback
feature, and allows the user not to have to put the cleartext password
in the pg_hba.conf file. A trivial test is added which provides an
example of such a module.
Updated to take advantage of refactoring of ldap tests.
cheers
andrew
--
Andrew Dunstan
EDB: https://www.enterprisedb.com
Attachments:
0001-Add-a-password-handling-hook-for-ldapbindpasswd-v2.patchtext/x-patch; charset=UTF-8; name=0001-Add-a-password-handling-hook-for-ldapbindpasswd-v2.patchDownload+256-2
The CFBot says this patch is failing but I find it hard to believe
this is related to this patch...
2023-03-05 20:56:58.705 UTC [33902][client backend]
[pg_regress/btree_index][18/750:0] STATEMENT: ALTER INDEX
btree_part_idx ALTER COLUMN id SET (n_distinct=100);
2023-03-05 20:56:58.709 UTC [33902][client backend]
[pg_regress/btree_index][:0] LOG: disconnection: session time:
0:00:02.287 user=postgres database=regression host=[local]
2023-03-05 20:56:58.710 UTC [33889][client backend]
[pg_regress/join][:0] LOG: disconnection: session time: 0:00:02.289
user=postgres database=regression host=[local]
2023-03-05 20:56:58.749 UTC [33045][postmaster] LOG: server process
(PID 33898) was terminated by signal 6: Abort trap
2023-03-05 20:56:58.749 UTC [33045][postmaster] DETAIL: Failed
process was running: SELECT * FROM writetest;
2023-03-05 20:56:58.749 UTC [33045][postmaster] LOG: terminating any
other active server processes
--
Gregory Stark
As Commitfest Manager
On 2023-03-06 Mo 15:16, Gregory Stark (as CFM) wrote:
The CFBot says this patch is failing but I find it hard to believe
this is related to this patch...2023-03-05 20:56:58.705 UTC [33902][client backend]
[pg_regress/btree_index][18/750:0] STATEMENT: ALTER INDEX
btree_part_idx ALTER COLUMN id SET (n_distinct=100);
2023-03-05 20:56:58.709 UTC [33902][client backend]
[pg_regress/btree_index][:0] LOG: disconnection: session time:
0:00:02.287 user=postgres database=regression host=[local]
2023-03-05 20:56:58.710 UTC [33889][client backend]
[pg_regress/join][:0] LOG: disconnection: session time: 0:00:02.289
user=postgres database=regression host=[local]
2023-03-05 20:56:58.749 UTC [33045][postmaster] LOG: server process
(PID 33898) was terminated by signal 6: Abort trap
2023-03-05 20:56:58.749 UTC [33045][postmaster] DETAIL: Failed
process was running: SELECT * FROM writetest;
2023-03-05 20:56:58.749 UTC [33045][postmaster] LOG: terminating any
other active server processes
Yeah. It says it's fine now. Neither of the two recent failures look
like they have anything to do with this.
cheers
andrew
--
Andrew Dunstan
EDB:https://www.enterprisedb.com
On 2023-01-23 Mo 14:11, Andrew Dunstan wrote:
On 2022-12-19 Mo 11:29, Andrew Dunstan wrote:
This patch, mostly the work of John Naylor, provides a hook whereby a
module can modify the ldapbindpasswd before it is handed to the ldap
server. This is similar in concept to the ssl_passphrase_callback
feature, and allows the user not to have to put the cleartext password
in the pg_hba.conf file. A trivial test is added which provides an
example of such a module.Updated to take advantage of refactoring of ldap tests.
pushed.
cheers
andrew
--
Andrew Dunstan
EDB:https://www.enterprisedb.com
Andrew Dunstan <andrew@dunslane.net> writes:
pushed.
drongo is not happy with this, but I'm kind of baffled as to why:
"c:\\prog\\bf\\root\\HEAD\\pgsql.build\\pgsql.sln" (default target) (1) ->
"c:\\prog\\bf\\root\\HEAD\\pgsql.build\\ldap_password_func.vcxproj" (default target) (60) ->
(Link target) ->
ldap_password_func.obj : error LNK2001: unresolved external symbol __imp_ldap_password_hook [c:\\prog\\bf\\root\\HEAD\\pgsql.build\\ldap_password_func.vcxproj]
.\\Release\\ldap_password_func\\ldap_password_func.dll : fatal error LNK1120: 1 unresolved externals [c:\\prog\\bf\\root\\HEAD\\pgsql.build\\ldap_password_func.vcxproj]
The only obvious explanation for a link problem would be if the
variable's declaration were missing PGDLLIMPORT; but it's not.
regards, tom lane
On 2023-03-15 We 17:50, Tom Lane wrote:
Andrew Dunstan<andrew@dunslane.net> writes:
pushed.
drongo is not happy with this, but I'm kind of baffled as to why:
"c:\\prog\\bf\\root\\HEAD\\pgsql.build\\pgsql.sln" (default target) (1) ->
"c:\\prog\\bf\\root\\HEAD\\pgsql.build\\ldap_password_func.vcxproj" (default target) (60) ->
(Link target) ->
ldap_password_func.obj : error LNK2001: unresolved external symbol __imp_ldap_password_hook [c:\\prog\\bf\\root\\HEAD\\pgsql.build\\ldap_password_func.vcxproj]
.\\Release\\ldap_password_func\\ldap_password_func.dll : fatal error LNK1120: 1 unresolved externals [c:\\prog\\bf\\root\\HEAD\\pgsql.build\\ldap_password_func.vcxproj]The only obvious explanation for a link problem would be if the
variable's declaration were missing PGDLLIMPORT; but it's not.
Ugh. Not batting 1000 today. Will investigate.
cheers
andrew
--
Andrew Dunstan
EDB:https://www.enterprisedb.com
On Wed, Mar 15, 2023 at 06:18:28PM -0400, Andrew Dunstan wrote:
Ugh. Not batting 1000 today. Will investigate.
I have noticed that you forgot a .gitignore in this new path, as well,
so I have taken the liberty to add one ;)
FWIW, I use git-sh-prompt prompt to detect such things quickly.
--
Michael
On 2023-03-15 We 20:39, Michael Paquier wrote:
On Wed, Mar 15, 2023 at 06:18:28PM -0400, Andrew Dunstan wrote:
Ugh. Not batting 1000 today. Will investigate.
I have noticed that you forgot a .gitignore in this new path, as well,
so I have taken the liberty to add one ;)
Thanks. One benefit of moving to meson is that it would make this sort
of thing obsolete, since it doesn't pollute the source directory.
FWIW, I use git-sh-prompt prompt to detect such things quickly.
I used to use a similar gadget, but I found it occasionally adding a
second or two to return the prompt, so I turned it off. In any case, I
normally use vpath builds, so it probably wouldn't have caught this for
me anyway.
cheers
andrew
--
Andrew Dunstan
EDB:https://www.enterprisedb.com
On 2023-03-15 We 18:18, Andrew Dunstan wrote:
On 2023-03-15 We 17:50, Tom Lane wrote:
Andrew Dunstan<andrew@dunslane.net> writes:
pushed.
drongo is not happy with this, but I'm kind of baffled as to why:
"c:\\prog\\bf\\root\\HEAD\\pgsql.build\\pgsql.sln" (default target) (1) ->
"c:\\prog\\bf\\root\\HEAD\\pgsql.build\\ldap_password_func.vcxproj" (default target) (60) ->
(Link target) ->
ldap_password_func.obj : error LNK2001: unresolved external symbol __imp_ldap_password_hook [c:\\prog\\bf\\root\\HEAD\\pgsql.build\\ldap_password_func.vcxproj]
.\\Release\\ldap_password_func\\ldap_password_func.dll : fatal error LNK1120: 1 unresolved externals [c:\\prog\\bf\\root\\HEAD\\pgsql.build\\ldap_password_func.vcxproj]The only obvious explanation for a link problem would be if the
variable's declaration were missing PGDLLIMPORT; but it's not.Ugh. Not batting 1000 today. Will investigate.
The issue was apparently that I had neglected to suppress building the
test module on MSVC if not configured to build with LDAP, since the hook
is only defined in that case. I have pushed a fix for that and drongo is
happy once more.
cheers
andrew
--
Andrew Dunstan
EDB:https://www.enterprisedb.com