v2-0003-dblink-Reject-use_scram_passthrough-option-on-for.patch

text/plain

Filename: v2-0003-dblink-Reject-use_scram_passthrough-option-on-for.patch
Type: text/plain
Part: 2
Message: Re: postgres_fdw: use_scram_passthrough on user mapping is ignored when also set on server
From b49398cf84fe4f4c6e013aa4bd8786acb285f41e Mon Sep 17 00:00:00 2001
From: Matheus Alcantara <mths.dev@pm.me>
Date: Fri, 15 May 2026 12:38:48 -0300
Subject: [PATCH v2 3/3] dblink: Reject use_scram_passthrough option on foreign
 data wrapper

The use_scram_passthrough option only makes sense for foreign server
and user mapping contexts, as it controls authentication behavior for
specific connections. Previously, this option was incorrectly accepted
when set via ALTER FOREIGN DATA WRAPPER OPTIONS, even though it had
no effect at that level.

Restrict the option validation to only accept use_scram_passthrough
when the context is ForeignServerRelationId or UserMappingRelationId.

Discussion: https://www.postgresql.org/message-id/CAHGQGwEJ8rZjmbOvCicyr4vbuLio082bNTde0WNoSWaWr9wVcg%40mail.gmail.com
---
 contrib/dblink/dblink.c            |  8 ++++++--
 contrib/dblink/t/001_auth_scram.pl | 16 ++++++++++++++++
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/contrib/dblink/dblink.c b/contrib/dblink/dblink.c
index bb6fcae4974..451c3208afe 100644
--- a/contrib/dblink/dblink.c
+++ b/contrib/dblink/dblink.c
@@ -3115,8 +3115,12 @@ static bool
 is_valid_dblink_fdw_option(const PQconninfoOption *options, const char *option,
 						   Oid context)
 {
-	if (strcmp(option, "use_scram_passthrough") == 0)
-		return true;
+	/* These options are only valid for foreign server or user mapping contexts */
+	if (context == ForeignServerRelationId || context == UserMappingRelationId)
+	{
+		if (strcmp(option, "use_scram_passthrough") == 0)
+			return true;
+	}
 
 	return is_valid_dblink_option(options, option, context);
 }
diff --git a/contrib/dblink/t/001_auth_scram.pl b/contrib/dblink/t/001_auth_scram.pl
index b087b38e5a5..c4ecdac19f2 100644
--- a/contrib/dblink/t/001_auth_scram.pl
+++ b/contrib/dblink/t/001_auth_scram.pl
@@ -18,6 +18,7 @@ if (!$use_unix_sockets)
 }
 
 my $user = "user01";
+my $admin = "admin";
 
 my $db0 = "db0";                               # For node1
 my $db1 = "db1";                               # For node1
@@ -41,6 +42,7 @@ $node2->start;
 # Test setup
 
 $node1->safe_psql('postgres', qq'CREATE USER $user WITH password \'pass\'');
+$node1->safe_psql('postgres', qq'CREATE USER $admin WITH password \'pass\' SUPERUSER');
 $node2->safe_psql('postgres', qq'CREATE USER $user WITH password \'pass\'');
 $ENV{PGPASSWORD} = "pass";
 
@@ -89,6 +91,20 @@ $node2->restart;
 
 # End of test setup
 
+# Test that adding use_scram_passthrough option on an foreign data wrapper is invalid
+{
+	my $connstr = $node1->connstr($db0) . qq' user=$admin';
+
+	my ($ret, $stdout, $stderr ) = $node1->psql($db0,
+		'ALTER FOREIGN DATA WRAPPER dblink_fdw OPTIONS (add use_scram_passthrough \'true\')',
+		connstr => $connstr);
+	is($ret, 3, 'ALTER FOREIGN DATA WRAPPER should not be allowed');
+	like(
+		$stderr,
+		qr\invalid option "use_scram_passthrough"\i,
+		'expected ALTER FOREIGN DATA WRAPPER to fail');
+}
+
 test_scram_keys_is_not_overwritten($node1, $db0, $fdw_invalid_server2);
 
 test_fdw_auth($node1, $db0, "t", $fdw_server,
-- 
2.53.0