git.ipfire.org Git - thirdparty/postgresql.git/commit

author	Jacob Champion <jchampion@postgresql.org>
	Tue, 31 Mar 2026 18:47:31 +0000 (11:47 -0700)
committer	Jacob Champion <jchampion@postgresql.org>
	Tue, 31 Mar 2026 18:47:31 +0000 (11:47 -0700)
commit	c4ff16339f07d1e253bdf18e5da5fa25f62a750d
tree	0ccc6ac65a631f38a4210c9f9967ceb3ab4bf497	tree \| snapshot
parent	c2bca7cc9621f45e27dc332e3f58c7544386de88	commit \| diff

sasl: Allow backend mechanisms to "abandon" exchanges

Introduce PG_SASL_EXCHANGE_ABANDONED, which allows CheckSASLAuth to
suppress the failing log entry for any SASL exchange that isn't actually
an authentication attempt. This is desirable for OAUTHBEARER's discovery
exchanges (and a subsequent commit will make use of it there).

This might have some overlap in the future with in-band aborts for SASL
exchanges, but it's intentionally not named _ABORTED to avoid confusion.
(We don't currently support clientside aborts in our SASL profile.)

Adapted from a patch by Zsolt Parragi.

Author: Zsolt Parragi <zsolt.parragi@percona.com>
Co-authored-by: Jacob Champion <jacob.champion@enterprisedb.com>
Reviewed-by: Chao Li <li.evan.chao@gmail.com>
Discussion: https://postgr.es/m/CAN4CZFPim7hUiyb7daNKQPSZ8CvQRBGkVhbvED7yZi8VktSn4Q%40mail.gmail.com

src/backend/libpq/auth-sasl.c		diff \| blob \| blame \| history
src/backend/libpq/auth.c		diff \| blob \| blame \| history
src/include/libpq/sasl.h		diff \| blob \| blame \| history