mirror of
https://github.com/postgres/postgres.git
synced 2025-05-28 05:21:27 +03:00
b3f0be788a
This commit implements OAUTHBEARER, RFC 7628, and OAuth 2.0 Device Authorization Grants, RFC 8628. In order to use this there is a new pg_hba auth method called oauth. When speaking to a OAuth- enabled server, it looks a bit like this: $ psql 'host=example.org oauth_issuer=... oauth_client_id=...' Visit https://oauth.example.org/login and enter the code: FPQ2-M4BG Device authorization is currently the only supported flow so the OAuth issuer must support that in order for users to authenticate. Third-party clients may however extend this and provide their own flows. The built-in device authorization flow is currently not supported on Windows. In order for validation to happen server side a new framework for plugging in OAuth validation modules is added. As validation is implementation specific, with no default specified in the standard, PostgreSQL does not ship with one built-in. Each pg_hba entry can specify a specific validator or be left blank for the validator installed as default. This adds a requirement on libcurl for the client side support, which is optional to build, but the server side has no additional build requirements. In order to run the tests, Python is required as this adds a https server written in Python. Tests are gated behind PG_TEST_EXTRA as they open ports. This patch has been a multi-year project with many contributors involved with reviews and in-depth discussions: Michael Paquier, Heikki Linnakangas, Zhihong Yu, Mahendrakar Srinivasarao, Andrey Chudnovsky and Stephen Frost to name a few. While Jacob Champion is the main author there have been some levels of hacking by others. Daniel Gustafsson contributed the validation module and various bits and pieces; Thomas Munro wrote the client side support for kqueue. Author: Jacob Champion <jacob.champion@enterprisedb.com> Co-authored-by: Daniel Gustafsson <daniel@yesql.se> Co-authored-by: Thomas Munro <thomas.munro@gmail.com> Reviewed-by: Daniel Gustafsson <daniel@yesql.se> Reviewed-by: Peter Eisentraut <peter@eisentraut.org> Reviewed-by: Antonin Houska <ah@cybertec.at> Reviewed-by: Kashif Zeeshan <kashi.zeeshan@gmail.com> Discussion: https://postgr.es/m/d1b467a78e0e36ed85a09adf979d04cf124a9d4b.camel@vmware.com
215 lines
6.3 KiB
Meson
215 lines
6.3 KiB
Meson
# Copyright (c) 2022-2025, PostgreSQL Global Development Group
|
|
|
|
# Data layout influencing options
|
|
|
|
option('blocksize', type: 'combo',
|
|
choices: ['1', '2', '4', '8', '16', '32'],
|
|
value: '8',
|
|
description: 'Relation block size, in kilobytes')
|
|
|
|
option('wal_blocksize', type: 'combo',
|
|
choices: ['1', '2', '4', '8', '16', '32', '64'],
|
|
value: '8',
|
|
description: 'WAL block size, in kilobytes')
|
|
|
|
option('segsize', type: 'integer', value: 1,
|
|
description: 'Segment size, in gigabytes')
|
|
|
|
option('segsize_blocks', type: 'integer', value: 0,
|
|
description: 'Segment size, in blocks')
|
|
|
|
|
|
# Miscellaneous options
|
|
|
|
option('krb_srvnam', type: 'string', value: 'postgres',
|
|
description: 'Default Kerberos service principal for GSSAPI')
|
|
|
|
option('system_tzdata', type: 'string', value: '',
|
|
description: 'Use system time zone data in specified directory')
|
|
|
|
|
|
# Defaults
|
|
|
|
option('pgport', type: 'integer', value: 5432,
|
|
min: 1, max: 65535,
|
|
description: 'Default port number for server and clients')
|
|
|
|
|
|
# Developer options
|
|
|
|
option('cassert', type: 'boolean', value: false,
|
|
description: 'Enable assertion checks (for debugging)')
|
|
|
|
option('tap_tests', type: 'feature', value: 'auto',
|
|
description: 'Enable TAP tests')
|
|
|
|
option('injection_points', type: 'boolean', value: false,
|
|
description: 'Enable injection points')
|
|
|
|
option('PG_TEST_EXTRA', type: 'string', value: '',
|
|
description: 'Enable selected extra tests. Overridden by PG_TEST_EXTRA environment variable.')
|
|
|
|
option('PG_GIT_REVISION', type: 'string', value: 'HEAD',
|
|
description: 'git revision to be packaged by pgdist target')
|
|
|
|
|
|
# Compilation options
|
|
|
|
option('extra_include_dirs', type: 'array', value: [],
|
|
description: 'Non-default directories to be searched for headers')
|
|
|
|
option('extra_lib_dirs', type: 'array', value: [],
|
|
description: 'Non-default directories to be searched for libs')
|
|
|
|
option('extra_version', type: 'string', value: '',
|
|
description: 'Append STRING to the PostgreSQL version number')
|
|
|
|
option('darwin_sysroot', type: 'string', value: '',
|
|
description: 'Select a non-default sysroot path')
|
|
|
|
option('rpath', type: 'boolean', value: true,
|
|
description: 'Embed shared library search path in executables')
|
|
|
|
|
|
# External dependencies
|
|
|
|
option('bonjour', type: 'feature', value: 'auto',
|
|
description: 'Bonjour support')
|
|
|
|
option('bsd_auth', type: 'feature', value: 'auto',
|
|
description: 'BSD Authentication support')
|
|
|
|
option('docs', type: 'feature', value: 'auto',
|
|
description: 'Documentation in HTML and man page format')
|
|
|
|
option('docs_pdf', type: 'feature', value: 'auto',
|
|
description: 'Documentation in PDF format')
|
|
|
|
option('docs_html_style', type: 'combo', choices: ['simple', 'website'],
|
|
description: 'CSS stylesheet for HTML documentation')
|
|
|
|
option('dtrace', type: 'feature', value: 'disabled',
|
|
description: 'DTrace support')
|
|
|
|
option('gssapi', type: 'feature', value: 'auto',
|
|
description: 'GSSAPI support')
|
|
|
|
option('icu', type: 'feature', value: 'auto',
|
|
description: 'ICU support')
|
|
|
|
option('ldap', type: 'feature', value: 'auto',
|
|
description: 'LDAP support')
|
|
|
|
option('libcurl', type : 'feature', value: 'auto',
|
|
description: 'libcurl support')
|
|
|
|
option('libedit_preferred', type: 'boolean', value: false,
|
|
description: 'Prefer BSD Libedit over GNU Readline')
|
|
|
|
option('libxml', type: 'feature', value: 'auto',
|
|
description: 'XML support')
|
|
|
|
option('libxslt', type: 'feature', value: 'auto',
|
|
description: 'XSLT support in contrib/xml2')
|
|
|
|
option('llvm', type: 'feature', value: 'disabled',
|
|
description: 'LLVM support')
|
|
|
|
option('lz4', type: 'feature', value: 'auto',
|
|
description: 'LZ4 support')
|
|
|
|
option('nls', type: 'feature', value: 'auto',
|
|
description: 'Native language support')
|
|
|
|
option('pam', type: 'feature', value: 'auto',
|
|
description: 'PAM support')
|
|
|
|
option('plperl', type: 'feature', value: 'auto',
|
|
description: 'Build Perl modules (PL/Perl)')
|
|
|
|
option('plpython', type: 'feature', value: 'auto',
|
|
description: 'Build Python modules (PL/Python)')
|
|
|
|
option('pltcl', type: 'feature', value: 'auto',
|
|
description: 'Build with Tcl support (PL/Tcl)')
|
|
|
|
option('tcl_version', type: 'string', value: 'tcl',
|
|
description: 'Tcl version')
|
|
|
|
option('readline', type: 'feature', value: 'auto',
|
|
description: 'Use GNU Readline or BSD Libedit for editing')
|
|
|
|
option('selinux', type: 'feature', value: 'auto',
|
|
description: 'SELinux support')
|
|
|
|
option('ssl', type: 'combo', choices: ['auto', 'none', 'openssl'],
|
|
value: 'auto',
|
|
description: 'Use LIB for SSL/TLS support (openssl)')
|
|
|
|
option('systemd', type: 'feature', value: 'auto',
|
|
description: 'systemd support')
|
|
|
|
option('uuid', type: 'combo', choices: ['none', 'bsd', 'e2fs', 'ossp'],
|
|
value: 'none',
|
|
description: 'Use LIB for contrib/uuid-ossp support')
|
|
|
|
option('zlib', type: 'feature', value: 'auto',
|
|
description: 'Enable zlib')
|
|
|
|
option('zstd', type: 'feature', value: 'auto',
|
|
description: 'Enable zstd')
|
|
|
|
|
|
# Programs
|
|
|
|
option('BISON', type: 'array', value: ['bison', 'win_bison'],
|
|
description: 'Path to bison binary')
|
|
|
|
option('DTRACE', type: 'string', value: 'dtrace',
|
|
description: 'Path to dtrace binary')
|
|
|
|
option('FLEX', type: 'array', value: ['flex', 'win_flex'],
|
|
description: 'Path to flex binary')
|
|
|
|
option('FOP', type: 'string', value: 'fop',
|
|
description: 'Path to fop binary')
|
|
|
|
option('GZIP', type: 'string', value: 'gzip',
|
|
description: 'Path to gzip binary')
|
|
|
|
option('LZ4', type: 'string', value: 'lz4',
|
|
description: 'Path to lz4 binary')
|
|
|
|
option('OPENSSL', type: 'string', value: 'openssl',
|
|
description: 'Path to openssl binary')
|
|
|
|
option('PERL', type: 'string', value: 'perl',
|
|
description: 'Path to perl binary')
|
|
|
|
option('PROVE', type: 'string', value: 'prove',
|
|
description: 'Path to prove binary')
|
|
|
|
option('PYTHON', type: 'array', value: ['python3', 'python'],
|
|
description: 'Path to python binary')
|
|
|
|
option('SED', type: 'string', value: 'gsed',
|
|
description: 'Path to sed binary')
|
|
|
|
option('STRIP', type: 'string', value: 'strip',
|
|
description: 'Path to strip binary, used for PGXS emulation')
|
|
|
|
option('TAR', type: 'string', value: 'tar',
|
|
description: 'Path to tar binary')
|
|
|
|
option('XMLLINT', type: 'string', value: 'xmllint',
|
|
description: 'Path to xmllint binary')
|
|
|
|
option('XSLTPROC', type: 'string', value: 'xsltproc',
|
|
description: 'Path to xsltproc binary')
|
|
|
|
option('ZSTD', type: 'string', value: 'zstd',
|
|
description: 'Path to zstd binary')
|
|
|
|
option('ZIC', type: 'string', value: 'zic',
|
|
description: 'Path to zic binary, when cross-compiling')
|