New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add plugin manager to allow dynamically supplying passwords #2369
Changes from all commits
3ddb55a
af72706
5e69015
b95ef95
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,80 @@ | ||
/* | ||
* Copyright (c) 2021, PostgreSQL Global Development Group | ||
* See the LICENSE file in the project root for more information. | ||
*/ | ||
|
||
package org.postgresql.core; | ||
|
||
import org.postgresql.PGProperty; | ||
import org.postgresql.plugin.AuthenticationPlugin; | ||
import org.postgresql.plugin.AuthenticationRequestType; | ||
import org.postgresql.util.GT; | ||
import org.postgresql.util.ObjectFactory; | ||
import org.postgresql.util.PSQLException; | ||
import org.postgresql.util.PSQLState; | ||
|
||
import org.checkerframework.checker.nullness.qual.Nullable; | ||
|
||
import java.nio.charset.StandardCharsets; | ||
import java.util.Properties; | ||
import java.util.logging.Level; | ||
import java.util.logging.Logger; | ||
|
||
public class AuthenticationPluginManager { | ||
private static final Logger LOGGER = Logger.getLogger(AuthenticationPluginManager.class.getName()); | ||
|
||
private AuthenticationPluginManager() { | ||
} | ||
|
||
/** | ||
* If a password is requested by the server during connection initiation, this | ||
* method will be invoked to supply the password. This method will only be | ||
* invoked if the server actually requests a password, e.g. trust authentication | ||
* will skip it entirely. | ||
* | ||
* @param type The authentication type that is being requested | ||
* @param info The connection properties for the connection | ||
* @return The password to use for authentication or null if none is available | ||
* @throws PSQLException Throws a PSQLException if the plugin class cannot be instantiated | ||
*/ | ||
public static @Nullable String getPassword(AuthenticationRequestType type, Properties info) throws PSQLException { | ||
String authPluginClassName = PGProperty.AUTHENTICATION_PLUGIN_CLASS_NAME.get(info); | ||
|
||
if (authPluginClassName == null || authPluginClassName.equals("")) { | ||
// Default auth plugin simply pulls password directly from connection properties | ||
return PGProperty.PASSWORD.get(info); | ||
} | ||
|
||
AuthenticationPlugin authPlugin; | ||
try { | ||
authPlugin = (AuthenticationPlugin) ObjectFactory.instantiate(authPluginClassName, info, | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Does it make sense to cache the instance ? Is it possible that different connections would use different authentication plugins ? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. No it should not be cached as connections should be isolated from each other. If a user needs to maintain state across multiple runtime instantiations then it would need to be done in the user's implementation through either static fields or some kind of proxying. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Thinking about that a bit more, perhaps we need a new opaque "arg" property that users can use to customize their implementation. The plugin constructor takes the connection properties but there's no specific property that user's could use for their own purposes. Something like There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Fairly good chance that the user will only use one auth plugin. I wonder what the cost of instantiating a class really is (in other words is it worth worrying about) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yes I doubt it's an issue in practice and connections tend to be long lived anyway. The time spent opening the underlying socket and TLS handshake is going to be significantly more than any object creation. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Fair enough. |
||
false, null); | ||
} catch (Exception ex) { | ||
LOGGER.log(Level.FINE, "Unable to load Authentication Plugin " + ex.toString()); | ||
throw new PSQLException(ex.getMessage(), PSQLState.UNEXPECTED_ERROR); | ||
} | ||
return authPlugin.getPassword(type); | ||
} | ||
|
||
/** | ||
* Helper that wraps getPassword(...), checks that it is not-null, and encodes | ||
* it as a byte array. Used by internal code paths that require an encoded password that may be an | ||
* empty string, but not null. | ||
* | ||
* @param type The authentication type that is being requested | ||
* @param info The connection properties for the connection | ||
* @return The password to use for authentication encoded as a byte array | ||
* @throws PSQLException Throws a PSQLException if the plugin class cannot be instantiated or if the retrieved password is null. | ||
*/ | ||
public static byte[] getEncodedPassword(AuthenticationRequestType type, Properties info) throws PSQLException { | ||
String password = getPassword(type, info); | ||
|
||
if (password == null) { | ||
throw new PSQLException( | ||
GT.tr("The server requested password-based authentication, but no password was provided."), | ||
PSQLState.CONNECTION_REJECTED); | ||
} | ||
|
||
return password.getBytes(StandardCharsets.UTF_8); | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Frankly speaking, I believe the naming is misleading. What the thing does it supplies passwords, so it is not clear why do we call it authenticationPlugin rather than passwordCallback or something like that.
There's a similar interface in Java:
javax.security.auth.callback.PasswordCallback