Thread: Add a hook to allow modification of the ldapbindpasswd
This patch, mostly the work of John Naylor, provides a hook whereby a module can modify the ldapbindpasswd before it is handed to the ldap server. This is similar in concept to the ssl_passphrase_callback feature, and allows the user not to have to put the cleartext password in the pg_hba.conf file. A trivial test is added which provides an example of such a module. cheers andrew -- Andrew Dunstan EDB: https://www.enterprisedb.com
Attachment
On 2022-12-19 Mo 11:29, Andrew Dunstan wrote: > This patch, mostly the work of John Naylor, provides a hook whereby a > module can modify the ldapbindpasswd before it is handed to the ldap > server. This is similar in concept to the ssl_passphrase_callback > feature, and allows the user not to have to put the cleartext password > in the pg_hba.conf file. A trivial test is added which provides an > example of such a module. Updated to take advantage of refactoring of ldap tests. cheers andrew -- Andrew Dunstan EDB: https://www.enterprisedb.com
Attachment
The CFBot says this patch is failing but I find it hard to believe this is related to this patch... 2023-03-05 20:56:58.705 UTC [33902][client backend] [pg_regress/btree_index][18/750:0] STATEMENT: ALTER INDEX btree_part_idx ALTER COLUMN id SET (n_distinct=100); 2023-03-05 20:56:58.709 UTC [33902][client backend] [pg_regress/btree_index][:0] LOG: disconnection: session time: 0:00:02.287 user=postgres database=regression host=[local] 2023-03-05 20:56:58.710 UTC [33889][client backend] [pg_regress/join][:0] LOG: disconnection: session time: 0:00:02.289 user=postgres database=regression host=[local] 2023-03-05 20:56:58.749 UTC [33045][postmaster] LOG: server process (PID 33898) was terminated by signal 6: Abort trap 2023-03-05 20:56:58.749 UTC [33045][postmaster] DETAIL: Failed process was running: SELECT * FROM writetest; 2023-03-05 20:56:58.749 UTC [33045][postmaster] LOG: terminating any other active server processes -- Gregory Stark As Commitfest Manager
On 2023-03-06 Mo 15:16, Gregory Stark (as CFM) wrote:
The CFBot says this patch is failing but I find it hard to believe this is related to this patch... 2023-03-05 20:56:58.705 UTC [33902][client backend] [pg_regress/btree_index][18/750:0] STATEMENT: ALTER INDEX btree_part_idx ALTER COLUMN id SET (n_distinct=100); 2023-03-05 20:56:58.709 UTC [33902][client backend] [pg_regress/btree_index][:0] LOG: disconnection: session time: 0:00:02.287 user=postgres database=regression host=[local] 2023-03-05 20:56:58.710 UTC [33889][client backend] [pg_regress/join][:0] LOG: disconnection: session time: 0:00:02.289 user=postgres database=regression host=[local] 2023-03-05 20:56:58.749 UTC [33045][postmaster] LOG: server process (PID 33898) was terminated by signal 6: Abort trap 2023-03-05 20:56:58.749 UTC [33045][postmaster] DETAIL: Failed process was running: SELECT * FROM writetest; 2023-03-05 20:56:58.749 UTC [33045][postmaster] LOG: terminating any other active server processes
Yeah. It says it's fine now. Neither of the two recent failures look like they have anything to do with this.
cheers
andrew
-- Andrew Dunstan EDB: https://www.enterprisedb.com
On 2023-01-23 Mo 14:11, Andrew Dunstan wrote:
On 2022-12-19 Mo 11:29, Andrew Dunstan wrote:This patch, mostly the work of John Naylor, provides a hook whereby a module can modify the ldapbindpasswd before it is handed to the ldap server. This is similar in concept to the ssl_passphrase_callback feature, and allows the user not to have to put the cleartext password in the pg_hba.conf file. A trivial test is added which provides an example of such a module.Updated to take advantage of refactoring of ldap tests.
pushed.
cheers
andrew
-- Andrew Dunstan EDB: https://www.enterprisedb.com
Andrew Dunstan <andrew@dunslane.net> writes:
> pushed.
drongo is not happy with this, but I'm kind of baffled as to why:
"c:\\prog\\bf\\root\\HEAD\\pgsql.build\\pgsql.sln" (default target) (1) ->
"c:\\prog\\bf\\root\\HEAD\\pgsql.build\\ldap_password_func.vcxproj" (default target) (60) ->
(Link target) ->
ldap_password_func.obj : error LNK2001: unresolved external symbol __imp_ldap_password_hook
[c:\\prog\\bf\\root\\HEAD\\pgsql.build\\ldap_password_func.vcxproj]
.\\Release\\ldap_password_func\\ldap_password_func.dll : fatal error LNK1120: 1 unresolved externals
[c:\\prog\\bf\\root\\HEAD\\pgsql.build\\ldap_password_func.vcxproj]
The only obvious explanation for a link problem would be if the
variable's declaration were missing PGDLLIMPORT; but it's not.
regards, tom lane
On 2023-03-15 We 17:50, Tom Lane wrote:
Andrew Dunstan <andrew@dunslane.net> writes:pushed.drongo is not happy with this, but I'm kind of baffled as to why: "c:\\prog\\bf\\root\\HEAD\\pgsql.build\\pgsql.sln" (default target) (1) -> "c:\\prog\\bf\\root\\HEAD\\pgsql.build\\ldap_password_func.vcxproj" (default target) (60) -> (Link target) -> ldap_password_func.obj : error LNK2001: unresolved external symbol __imp_ldap_password_hook [c:\\prog\\bf\\root\\HEAD\\pgsql.build\\ldap_password_func.vcxproj] .\\Release\\ldap_password_func\\ldap_password_func.dll : fatal error LNK1120: 1 unresolved externals [c:\\prog\\bf\\root\\HEAD\\pgsql.build\\ldap_password_func.vcxproj] The only obvious explanation for a link problem would be if the variable's declaration were missing PGDLLIMPORT; but it's not.
Ugh. Not batting 1000 today. Will investigate.
cheers
andrew
-- Andrew Dunstan EDB: https://www.enterprisedb.com
On Wed, Mar 15, 2023 at 06:18:28PM -0400, Andrew Dunstan wrote: > Ugh. Not batting 1000 today. Will investigate. I have noticed that you forgot a .gitignore in this new path, as well, so I have taken the liberty to add one ;) FWIW, I use git-sh-prompt prompt to detect such things quickly. -- Michael
Attachment
On 2023-03-15 We 20:39, Michael Paquier wrote:
On Wed, Mar 15, 2023 at 06:18:28PM -0400, Andrew Dunstan wrote:Ugh. Not batting 1000 today. Will investigate.I have noticed that you forgot a .gitignore in this new path, as well, so I have taken the liberty to add one ;)
Thanks. One benefit of moving to meson is that it would make this sort of thing obsolete, since it doesn't pollute the source directory.
FWIW, I use git-sh-prompt prompt to detect such things quickly.
I used to use a similar gadget, but I found it occasionally adding a second or two to return the prompt, so I turned it off. In any case, I normally use vpath builds, so it probably wouldn't have caught this for me anyway.
cheers
andrew
-- Andrew Dunstan EDB: https://www.enterprisedb.com
On 2023-03-15 We 18:18, Andrew Dunstan wrote:
On 2023-03-15 We 17:50, Tom Lane wrote:Andrew Dunstan <andrew@dunslane.net> writes:pushed.drongo is not happy with this, but I'm kind of baffled as to why: "c:\\prog\\bf\\root\\HEAD\\pgsql.build\\pgsql.sln" (default target) (1) -> "c:\\prog\\bf\\root\\HEAD\\pgsql.build\\ldap_password_func.vcxproj" (default target) (60) -> (Link target) -> ldap_password_func.obj : error LNK2001: unresolved external symbol __imp_ldap_password_hook [c:\\prog\\bf\\root\\HEAD\\pgsql.build\\ldap_password_func.vcxproj] .\\Release\\ldap_password_func\\ldap_password_func.dll : fatal error LNK1120: 1 unresolved externals [c:\\prog\\bf\\root\\HEAD\\pgsql.build\\ldap_password_func.vcxproj] The only obvious explanation for a link problem would be if the variable's declaration were missing PGDLLIMPORT; but it's not.
Ugh. Not batting 1000 today. Will investigate.
The issue was apparently that I had neglected to suppress building the test module on MSVC if not configured to build with LDAP, since the hook is only defined in that case. I have pushed a fix for that and drongo is happy once more.
cheers
andrew
-- Andrew Dunstan EDB: https://www.enterprisedb.com