v4-0010-pgindent-run.patch

application/octet-stream

Filename: v4-0010-pgindent-run.patch
Type: application/octet-stream
Part: 9
Message: Re: [PoC/RFC] Multiple passwords, interval expirations

Patch

Same data as JSON: GET /api/v1/attachments/:id/patch the parsed metadata as JSON — format, series position, per-file stats; never the diff bytes. API reference →
Format: format-patch
Series: patch v4-0010
Subject: pgindent run
File+
src/backend/commands/user.c 90 80
src/backend/libpq/auth.c 18 15
src/backend/libpq/auth-scram.c 42 33
src/backend/libpq/crypt.c 10 10
src/include/catalog/pg_authid.h 2 1
src/include/utils/wait_event.h 1 1
src/tools/pgindent/typedefs.list 3 4
From ad73fb17dcb1d183f646aaa3d50665484ce573fd Mon Sep 17 00:00:00 2001
From: Gurjeet Singh <gurjeet@singh.im>
Date: Tue, 10 Oct 2023 02:46:48 -0700
Subject: [PATCH v4 10/11] pgindent run

---
 src/backend/commands/user.c      | 170 ++++++++++++++++---------------
 src/backend/libpq/auth-scram.c   |  75 ++++++++------
 src/backend/libpq/auth.c         |  33 +++---
 src/backend/libpq/crypt.c        |  20 ++--
 src/include/catalog/pg_authid.h  |   3 +-
 src/include/utils/wait_event.h   |   2 +-
 src/tools/pgindent/typedefs.list |   7 +-
 7 files changed, 166 insertions(+), 144 deletions(-)

diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
index 01bcb7e7f2..829a74205b 100644
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -139,25 +139,29 @@ static bool
 get_salt(char *rolename, char **salt, const char **logdetail)
 {
 	char	  **current_secrets;
-	int			i, num_secrets;
-	char	   *salt1, *salt2 = NULL;
+	int			i,
+				num_secrets;
+	char	   *salt1,
+			   *salt2 = NULL;
 	PasswordType passtype;
 
 	if (Password_encryption == PASSWORD_TYPE_MD5)
 	{
-		*salt = rolename; /* md5 always uses role name, no need to look through the passwords */
+		*salt = rolename;		/* md5 always uses role name, no need to look
+								 * through the passwords */
 		return true;
 	}
 	else if (Password_encryption == PASSWORD_TYPE_PLAINTEXT)
 	{
-		*salt = NULL; /* Plaintext does not have a salt */
+		*salt = NULL;			/* Plaintext does not have a salt */
 		return true;
 	}
 
 	current_secrets = get_role_passwords(rolename, logdetail, &num_secrets);
 	if (num_secrets == 0)
 	{
-		*salt = NULL; /* No existing passwords, allow salt to be generated */
+		*salt = NULL;			/* No existing passwords, allow salt to be
+								 * generated */
 		return true;
 	}
 
@@ -166,34 +170,36 @@ get_salt(char *rolename, char **salt, const char **logdetail)
 		passtype = get_password_type(current_secrets[i]);
 
 		if (passtype == PASSWORD_TYPE_MD5 || passtype == PASSWORD_TYPE_PLAINTEXT)
-			continue; /* md5 uses rolename as salt so it is always the same, and plaintext has no salt */
+			continue;			/* md5 uses rolename as salt so it is always
+								 * the same, and plaintext has no salt */
 		else if (passtype == PASSWORD_TYPE_SCRAM_SHA_256)
 		{
-				int			iterations;
-				int			key_length = 0;
-				pg_cryptohash_type hash_type;
-				uint8		stored_key[SCRAM_MAX_KEY_LEN];
-				uint8		server_key[SCRAM_MAX_KEY_LEN];
+			int			iterations;
+			int			key_length = 0;
+			pg_cryptohash_type hash_type;
+			uint8		stored_key[SCRAM_MAX_KEY_LEN];
+			uint8		server_key[SCRAM_MAX_KEY_LEN];
 
-				if (!parse_scram_secret(current_secrets[i], &iterations, &hash_type, &key_length,
-										&salt1, stored_key, server_key))
-				{
-						*logdetail = psprintf(_("could not parse SCRAM secret"));
-						*salt = NULL;
-						return false;
-				}
+			if (!parse_scram_secret(current_secrets[i], &iterations, &hash_type, &key_length,
+									&salt1, stored_key, server_key))
+			{
+				*logdetail = psprintf(_("could not parse SCRAM secret"));
+				*salt = NULL;
+				return false;
+			}
 
-				if (salt2 != NULL)
+			if (salt2 != NULL)
+			{
+				if (strcmp(salt1, salt2))
 				{
-					if (strcmp(salt1, salt2))
-					{
-						*logdetail = psprintf(_("inconsistent salts, clearing password")); // TODO: Better message
-						*salt = NULL;
-						return false;
-					}
+					*logdetail = psprintf(_("inconsistent salts, clearing password"));
+			//TODO: Better message
+						* salt = NULL;
+					return false;
 				}
-				else
-					salt2 = salt1;
+			}
+			else
+				salt2 = salt1;
 		}
 	}
 
@@ -524,12 +530,12 @@ CreateRole(ParseState *pstate, CreateRoleStmt *stmt)
 		}
 		else
 		{
-			char *salt;
+			char	   *salt;
 
 			if (!get_salt(stmt->role, &salt, &logdetail))
 				ereport(ERROR,
 						(errmsg("could not get a valid salt for password"),
-						errdetail("%s", logdetail)));
+						 errdetail("%s", logdetail)));
 
 			/* Encrypt the password to the requested format. */
 			shadow_pass = encrypt_password(Password_encryption, salt, password);
@@ -721,13 +727,15 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
 	ListCell   *option;
 	char	   *rolename;
 	char	   *password = NULL;	/* user password */
-	char	   *second_password = NULL;	/* user's second password */
+	char	   *second_password = NULL; /* user's second password */
 	int			connlimit = -1; /* maximum connections allowed */
 	char	   *validUntil = NULL;	/* time the password is valid until */
 	Datum		validUntil_datum;	/* validUntil, as timestamptz Datum */
 	bool		validUntil_null;
-	char	   *secondValidUntil = NULL;/* time the second password is valid until */
-	Datum		secondValidUntil_datum;	/* secondValidUntil, as timestamptz Datum */
+	char	   *secondValidUntil = NULL;	/* time the second password is
+											 * valid until */
+	Datum		secondValidUntil_datum; /* secondValidUntil, as timestamptz
+										 * Datum */
 	bool		secondValidUntil_null;
 	DefElem    *dpassword = NULL;
 	DefElem    *dsecondpassword = NULL;
@@ -816,6 +824,7 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
 				errorConflictingDefElem(defel, pstate);
 			dsecondpassword = defel;
 			addSecondPassword = true;
+
 			/*
 			 * Adding and dropping passwords in the same command is not
 			 * supported.
@@ -825,7 +834,7 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
 		}
 		else if (strcmp(defel->defname, "drop-password") == 0)
 		{
-			char *which = strVal(defel->arg);
+			char	   *which = strVal(defel->arg);
 
 			if (strcmp(which, "first") == 0)
 			{
@@ -948,15 +957,15 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
 	 * Disallow mixing VALID UNTIL with ADD FIRST/SECOND PASSWORD.
 	 *
 	 * VALID UNTIL and FIRST PASSWORD VALID UNTIL are functionally identical,
-	 * but we track them separately to prevent the confusing invocation like the
-	 * following.
+	 * but we track them separately to prevent the confusing invocation like
+	 * the following.
 	 *
 	 * ALTER ROLE x ADD SECOND PASSWORD 'y' VALID UNTIL '2020/01/01';
 	 *
 	 * In the above command the user may expect the expiration of the _second_
-	 * password to be set to '2020/01/01', but it will lead to second password's
-	 * expiration set to NULL and first password's expiration set to
-	 * '2020/01/01', because a plain VALIF UNTIL applies to the _first_
+	 * password to be set to '2020/01/01', but it will lead to second
+	 * password's expiration set to NULL and first password's expiration set
+	 * to '2020/01/01', because a plain VALIF UNTIL applies to the _first_
 	 * password.
 	 */
 	if (dvalidUntil && (addFirstPassword || addSecondPassword))
@@ -1073,17 +1082,17 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
 	if (dsecondValidUntil)
 	{
 		secondValidUntil_datum = DirectFunctionCall3(timestamptz_in,
-											   CStringGetDatum(secondValidUntil),
-											   ObjectIdGetDatum(InvalidOid),
-											   Int32GetDatum(-1));
+													 CStringGetDatum(secondValidUntil),
+													 ObjectIdGetDatum(InvalidOid),
+													 Int32GetDatum(-1));
 		secondValidUntil_null = false;
 	}
 	else
 	{
 		/* fetch existing setting in case hook needs it */
 		secondValidUntil_datum = SysCacheGetAttr(AUTHNAME, tuple,
-										   Anum_pg_authid_rolsecondvaliduntil,
-										   &secondValidUntil_null);
+												 Anum_pg_authid_rolsecondvaliduntil,
+												 &secondValidUntil_null);
 	}
 
 	/*
@@ -1172,7 +1181,7 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
 
 		if (addFirstPassword)
 		{
-			bool	firstPassword_null;
+			bool		firstPassword_null;
 
 			SysCacheGetAttr(AUTHNAME, tuple,
 							Anum_pg_authid_rolpassword,
@@ -1181,7 +1190,7 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
 			if (!firstPassword_null)
 				ereport(ERROR,
 						(errmsg("first password is already in use"),
-						errdetail("Use ALTER ROLE DROP FIRST PASSWORD.")));
+						 errdetail("Use ALTER ROLE DROP FIRST PASSWORD.")));
 		}
 
 		/* Like in CREATE USER, don't allow an empty password. */
@@ -1199,8 +1208,8 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
 			if (!get_salt(rolename, &salt, &logdetail))
 				ereport(ERROR,
 						(errcode(ERRCODE_INTERNAL_ERROR),
-						errmsg("could not get a valid salt for password"),
-						errdetail("%s", logdetail)));
+						 errmsg("could not get a valid salt for password"),
+						 errdetail("%s", logdetail)));
 
 			/* Encrypt the password to the requested format. */
 			shadow_pass = encrypt_password(Password_encryption, salt, password);
@@ -1224,7 +1233,7 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
 		if (!secondPassword_null)
 			ereport(ERROR,
 					(errmsg("second password is already in use"),
-					errdetail("Use ALTER ROLE DROP SECOND PASSWORD")));
+					 errdetail("Use ALTER ROLE DROP SECOND PASSWORD")));
 
 		/* Like in CREATE USER, don't allow an empty password. */
 		if (second_password[0] == '\0' ||
@@ -1241,8 +1250,8 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
 			if (!get_salt(rolename, &salt, &logdetail))
 				ereport(ERROR,
 						(errcode(ERRCODE_INTERNAL_ERROR),
-						errmsg("could not get a valid salt for password"),
-						errdetail("%s", logdetail)));
+						 errmsg("could not get a valid salt for password"),
+						 errdetail("%s", logdetail)));
 
 			/* Encrypt the password to the requested format. */
 			shadow_pass = encrypt_password(Password_encryption, salt, second_password);
@@ -1253,28 +1262,29 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
 	}
 
 	/*
-	 * Disallow more than one type of passwords for a role. If a role has an md5
-	 * password, then allow only md5 passwords; similarly for scram-sha-256
-	 * passwords. Having all passwords of the same type helps the server pick
-	 * the correponding authentication method during connection attempt.
+	 * Disallow more than one type of passwords for a role. If a role has an
+	 * md5 password, then allow only md5 passwords; similarly for
+	 * scram-sha-256 passwords. Having all passwords of the same type helps
+	 * the server pick the correponding authentication method during
+	 * connection attempt.
 	 */
 	if (overwriteFirstPassword || addFirstPassword || addSecondPassword)
 	{
-		bool	firstPassword_null;
-		bool	secondPassword_null;
-		Datum	firstPassword_datum;
-		Datum	secondPassword_datum;
-		char   *roleFirstPassword = NULL;
-		char   *roleSecondPassword = NULL;
-		PasswordType roleFirstPasswordType = -1; /* silence the compiler */
-		PasswordType roleSecondPasswordType = -1; /* silence the compiler */
+		bool		firstPassword_null;
+		bool		secondPassword_null;
+		Datum		firstPassword_datum;
+		Datum		secondPassword_datum;
+		char	   *roleFirstPassword = NULL;
+		char	   *roleSecondPassword = NULL;
+		PasswordType roleFirstPasswordType = -1;	/* silence the compiler */
+		PasswordType roleSecondPasswordType = -1;	/* silence the compiler */
 
 		firstPassword_datum = SysCacheGetAttr(AUTHNAME, tuple,
-												Anum_pg_authid_rolpassword,
-												&firstPassword_null);
+											  Anum_pg_authid_rolpassword,
+											  &firstPassword_null);
 		secondPassword_datum = SysCacheGetAttr(AUTHNAME, tuple,
-												Anum_pg_authid_rolsecondpassword,
-												&secondPassword_null);
+											   Anum_pg_authid_rolsecondpassword,
+											   &secondPassword_null);
 		if (!firstPassword_null)
 		{
 			roleFirstPassword = TextDatumGetCString(firstPassword_datum);
@@ -1287,52 +1297,52 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
 			roleSecondPasswordType = get_password_type(roleSecondPassword);
 		}
 
-			/* if the user requested setting the first password ... */
+		/* if the user requested setting the first password ... */
 		if ((overwriteFirstPassword || addFirstPassword) &&
-			/* and we have decided to honor their request */
+		/* and we have decided to honor their request */
 			new_record_repl[Anum_pg_authid_rolpassword - 1] == true &&
-			/* and the resulting password hash about to be stored is not null */
+		/* and the resulting password hash about to be stored is not null */
 			new_record_nulls[Anum_pg_authid_rolpassword - 1] == false &&
-			/* and the algorithm used doesn't match existing password's algorithm */
+		/* and the algorithm used doesn't match existing password's algorithm */
 			roleSecondPassword != NULL &&
 			roleSecondPasswordType != Password_encryption)
 		{
 			if (roleSecondPasswordType == PASSWORD_TYPE_MD5)
 				ereport(ERROR,
 						(errmsg("role has an md5 password"),
-						errdetail("The new password must also use md5.")));
+						 errdetail("The new password must also use md5.")));
 			else if (roleSecondPasswordType == PASSWORD_TYPE_SCRAM_SHA_256)
 				ereport(ERROR,
 						(errmsg("role has a scram-sha-256 password"),
-						errdetail("The new password must also use scram-sha-256.")));
+						 errdetail("The new password must also use scram-sha-256.")));
 			else
 				ereport(ERROR,
 						(errmsg("role has a plaintext password"),
-						errdetail("The new password must also use plaintext.")));
+						 errdetail("The new password must also use plaintext.")));
 		}
 
-			/* if the user requested setting the second password ... */
+		/* if the user requested setting the second password ... */
 		if (addSecondPassword &&
-			/* and we have decided to honor their request */
+		/* and we have decided to honor their request */
 			new_record_repl[Anum_pg_authid_rolsecondpassword - 1] == true &&
-			/* and the resulting password hash about to be stored is not null */
+		/* and the resulting password hash about to be stored is not null */
 			new_record_nulls[Anum_pg_authid_rolsecondpassword - 1] == false &&
-			/* and the algorithm used doesn't match existing password's algorithm */
+		/* and the algorithm used doesn't match existing password's algorithm */
 			roleFirstPassword != NULL &&
 			roleFirstPasswordType != Password_encryption)
 		{
 			if (roleFirstPasswordType == PASSWORD_TYPE_MD5)
 				ereport(ERROR,
 						(errmsg("role has an md5 password"),
-						errdetail("The new password must also use md5.")));
+						 errdetail("The new password must also use md5.")));
 			else if (roleFirstPasswordType == PASSWORD_TYPE_SCRAM_SHA_256)
 				ereport(ERROR,
 						(errmsg("role has a scram-sha-256 password"),
-						errdetail("The new password must also use scram-sha-256.")));
+						 errdetail("The new password must also use scram-sha-256.")));
 			else
 				ereport(ERROR,
 						(errmsg("role has a plaintext password"),
-						errdetail("The new password must also use plaintext.")));
+						 errdetail("The new password must also use plaintext.")));
 		}
 	}
 
diff --git a/src/backend/libpq/auth-scram.c b/src/backend/libpq/auth-scram.c
index cd52e962ec..e7a2c773ce 100644
--- a/src/backend/libpq/auth-scram.c
+++ b/src/backend/libpq/auth-scram.c
@@ -136,7 +136,7 @@ typedef struct
 {
 	uint8		StoredKey[SCRAM_MAX_KEY_LEN];
 	uint8		ServerKey[SCRAM_MAX_KEY_LEN];
-} scram_secret;
+}			scram_secret;
 
 typedef struct
 {
@@ -152,15 +152,15 @@ typedef struct
 	int			key_length;
 
 	/*
-	 * The salt and iterations must be the same for all
-	 * secrets since they are sent as part of the initial message
+	 * The salt and iterations must be the same for all secrets since they are
+	 * sent as part of the initial message
 	 */
 	int			iterations;
 	char	   *salt;			/* base64-encoded */
 	/* Array of possible secrets */
 	scram_secret *secrets;
 	int			num_secrets;
-	int			chosen_secret; /* secret chosen during final client message */
+	int			chosen_secret;	/* secret chosen during final client message */
 
 	/* Fields of the first message from client */
 	char		cbind_flag;
@@ -255,8 +255,8 @@ scram_init(Port *port, const char *selected_mech, const char **secrets, const in
 	scram_state *state;
 	bool		got_secret = false;
 	int			i;
-	int	iterations;
-	char *salt = NULL;			/* base64-encoded */
+	int			iterations;
+	char	   *salt = NULL;	/* base64-encoded */
 
 	state = (scram_state *) palloc0(sizeof(scram_state));
 	state->port = port;
@@ -303,12 +303,16 @@ scram_init(Port *port, const char *selected_mech, const char **secrets, const in
 				{
 					if (salt)
 					{
-						/* The stored iterations and salt must match or we cannot proceed, allow failure via mock */
+						/*
+						 * The stored iterations and salt must match or we
+						 * cannot proceed, allow failure via mock
+						 */
 						if (strcmp(salt, state->salt) || iterations != state->iterations)
 						{
 							ereport(WARNING, (errmsg("inconsistent salt or iterations for user \"%s\"",
-														state->port->user_name)));
-							got_secret = false; /* fail and allow mock creditials to be created */
+													 state->port->user_name)));
+							got_secret = false; /* fail and allow mock
+												 * creditials to be created */
 							pfree(state->secrets);
 							state->num_secrets = 0;
 							break;
@@ -318,15 +322,16 @@ scram_init(Port *port, const char *selected_mech, const char **secrets, const in
 					{
 						salt = state->salt;
 						iterations = state->iterations;
-						got_secret = true; /* We got at least one good SCRAM secret */
+						got_secret = true;	/* We got at least one good SCRAM
+											 * secret */
 					}
 				}
 				else
 				{
 					/*
-					* The password looked like a SCRAM secret, but could not be
-					* parsed.
-					*/
+					 * The password looked like a SCRAM secret, but could not
+					 * be parsed.
+					 */
 					ereport(LOG,
 							(errmsg("invalid SCRAM secret for user \"%s\"",
 									state->port->user_name)));
@@ -527,7 +532,7 @@ pg_be_scram_build_secret(const char *password, const char *salt)
 		if (pg_b64_decode(salt, strlen(salt), saltbuf, SCRAM_DEFAULT_SALT_LEN) == -1)
 			ereport(ERROR,
 					(errcode(ERRCODE_INTERNAL_ERROR),
-					errmsg("could not decode SCRAM salt")));
+					 errmsg("could not decode SCRAM salt")));
 	}
 
 	result = scram_build_secret(PG_SHA256, SCRAM_SHA_256_KEY_LEN,
@@ -1176,8 +1181,10 @@ verify_client_proof(scram_state *state)
 	uint8		ClientKey[SCRAM_MAX_KEY_LEN];
 	uint8		client_StoredKey[SCRAM_MAX_KEY_LEN];
 	pg_hmac_ctx *ctx;
-	int			i, j;
+	int			i,
+				j;
 	const char *errstr = NULL;
+
 	/*
 	 * Calculate ClientSignature.  Note that we don't log directly a failure
 	 * here even when processing the calculations as this could involve a mock
@@ -1186,29 +1193,30 @@ verify_client_proof(scram_state *state)
 	for (j = 0; j < state->num_secrets; j++)
 	{
 		ctx = pg_hmac_create(state->hash_type);
-		elog(LOG, "Trying to verify password %d", j); // TODO: Convert to DEBUG2
+		elog(LOG, "Trying to verify password %d", j);
+//TODO: Convert to DEBUG2
 
-		if (pg_hmac_init(ctx, state->secrets[j].StoredKey, state->key_length) < 0 ||
-			pg_hmac_update(ctx,
-						(uint8 *) state->client_first_message_bare,
-						strlen(state->client_first_message_bare)) < 0 ||
-			pg_hmac_update(ctx, (uint8 *) ",", 1) < 0 ||
-			pg_hmac_update(ctx,
-						(uint8 *) state->server_first_message,
-						strlen(state->server_first_message)) < 0 ||
-			pg_hmac_update(ctx, (uint8 *) ",", 1) < 0 ||
-			pg_hmac_update(ctx,
-						(uint8 *) state->client_final_message_without_proof,
-						strlen(state->client_final_message_without_proof)) < 0 ||
-			pg_hmac_final(ctx, ClientSignature, state->key_length) < 0)
+			if (pg_hmac_init(ctx, state->secrets[j].StoredKey, state->key_length) < 0 ||
+				pg_hmac_update(ctx,
+							   (uint8 *) state->client_first_message_bare,
+							   strlen(state->client_first_message_bare)) < 0 ||
+				pg_hmac_update(ctx, (uint8 *) ",", 1) < 0 ||
+				pg_hmac_update(ctx,
+							   (uint8 *) state->server_first_message,
+							   strlen(state->server_first_message)) < 0 ||
+				pg_hmac_update(ctx, (uint8 *) ",", 1) < 0 ||
+				pg_hmac_update(ctx,
+							   (uint8 *) state->client_final_message_without_proof,
+							   strlen(state->client_final_message_without_proof)) < 0 ||
+				pg_hmac_final(ctx, ClientSignature, state->key_length) < 0)
 		{
-			// TODO: Convert to DEBUG2
+			/* TODO: Convert to DEBUG2 */
 			elog(LOG, "could not calculate client signature for secret %d", j);
 			pg_hmac_free(ctx);
 			continue;
 		}
 
-		// TODO: Convert to DEBUG2
+		/* TODO: Convert to DEBUG2 */
 		elog(LOG, "succeeded on %d password", j);
 
 		pg_hmac_free(ctx);
@@ -1222,8 +1230,9 @@ verify_client_proof(scram_state *state)
 					client_StoredKey, &errstr) < 0)
 			elog(ERROR, "could not hash stored key: %s", errstr);
 
-		if (memcmp(client_StoredKey, state->secrets[j].StoredKey, state->key_length) == 0) {
-			// TODO: Convert to DEBUG2
+		if (memcmp(client_StoredKey, state->secrets[j].StoredKey, state->key_length) == 0)
+		{
+			/* TODO: Convert to DEBUG2 */
 			elog(LOG, "Moving forward with Password %d", j);
 			state->chosen_secret = j;
 			return true;
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 7cc9b13645..04022eb288 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -789,8 +789,9 @@ CheckPasswordAuth(Port *port, const char **logdetail)
 {
 	char	   *passwd;
 	int			result = STATUS_ERROR;
-	int			i, num_passwords;
-	char	   **passwords;
+	int			i,
+				num_passwords;
+	char	  **passwords;
 
 	sendAuthRequest(port, AUTH_REQ_PASSWORD, NULL, 0);
 
@@ -806,7 +807,8 @@ CheckPasswordAuth(Port *port, const char **logdetail)
 			result = plain_crypt_verify(port->user_name, passwords[i], passwd,
 										logdetail);
 			if (result == STATUS_OK)
-				break; /* Found a matching password, no need to try any others */
+				break;			/* Found a matching password, no need to try
+								 * any others */
 		}
 		for (i = 0; i < num_passwords; i++)
 			pfree(passwords[i]);
@@ -830,9 +832,10 @@ CheckPWChallengeAuth(Port *port, const char **logdetail)
 {
 	bool		scram_pw_avail = false;
 	int			auth_result = STATUS_ERROR;
-	int			i, num_passwords;
+	int			i,
+				num_passwords;
 	char	  **passwords;
-	PasswordType	pwtype;
+	PasswordType pwtype;
 
 	Assert(port->hba->auth_method == uaSCRAM ||
 		   port->hba->auth_method == uaMD5);
@@ -842,12 +845,12 @@ CheckPWChallengeAuth(Port *port, const char **logdetail)
 
 	/*
 	 * If the user does not exist, or has no passwords or they're all expired,
-	 * we still go through the motions of authentication, to avoid revealing to
-	 * the client that the user didn't exist.  If 'md5' is allowed, we choose
-	 * whether to use 'md5' or 'scram-sha-256' authentication based on current
-	 * password_encryption setting.  The idea is that most genuine users
-	 * probably have a password of that type, and if we pretend that this user
-	 * had a password of that type, too, it "blends in" best.
+	 * we still go through the motions of authentication, to avoid revealing
+	 * to the client that the user didn't exist.  If 'md5' is allowed, we
+	 * choose whether to use 'md5' or 'scram-sha-256' authentication based on
+	 * current password_encryption setting.  The idea is that most genuine
+	 * users probably have a password of that type, and if we pretend that
+	 * this user had a password of that type, too, it "blends in" best.
 	 */
 	if (!passwords)
 		pwtype = Password_encryption;
@@ -855,8 +858,8 @@ CheckPWChallengeAuth(Port *port, const char **logdetail)
 	/*
 	 * If 'md5' authentication is allowed, decide whether to perform 'md5' or
 	 * 'scram-sha-256' authentication based on the type of password the user
-	 * has.  If there's a SCRAM password available then we'll do SCRAM, otherwise we
-	 * will fall back to trying to use MD5.
+	 * has.  If there's a SCRAM password available then we'll do SCRAM,
+	 * otherwise we will fall back to trying to use MD5.
 	 *
 	 * If MD5 authentication is not allowed, always use SCRAM.  If the user
 	 * had an MD5 password, CheckSASLAuth() with the SCRAM mechanism will
@@ -885,7 +888,7 @@ CheckPWChallengeAuth(Port *port, const char **logdetail)
 			auth_result = CheckMD5Auth(port, (const char **) passwords, num_passwords, logdetail);
 		else
 			auth_result = CheckSASLAuth(&pg_be_scram_mech, port, (const char **) passwords, num_passwords,
-											logdetail);
+										logdetail);
 
 		for (i = 0; i < num_passwords; i++)
 		{
@@ -893,7 +896,7 @@ CheckPWChallengeAuth(Port *port, const char **logdetail)
 				pfree(passwords[i]);
 			else
 				ereport(DEBUG2,
-					(errmsg("Password %d was null", i)));
+						(errmsg("Password %d was null", i)));
 		}
 		pfree(passwords);
 	}
diff --git a/src/backend/libpq/crypt.c b/src/backend/libpq/crypt.c
index eaea00e535..d56f3bc399 100644
--- a/src/backend/libpq/crypt.c
+++ b/src/backend/libpq/crypt.c
@@ -33,7 +33,7 @@
  * for the postmaster log, in *logdetail.  The error reason should *not* be
  * sent to the client, to avoid giving away user information!
  */
-char **
+char	  **
 get_role_passwords(const char *role, const char **logdetail, int *num_passwords)
 {
 	TimestampTz vuntil = 0;
@@ -64,8 +64,8 @@ get_role_passwords(const char *role, const char **logdetail, int *num_passwords)
 							Anum_pg_authid_rolpassword,
 							&password_isnull);
 	second_datum = SysCacheGetAttr(AUTHNAME, roleTup,
-									Anum_pg_authid_rolsecondpassword,
-									&second_password_isnull);
+								   Anum_pg_authid_rolsecondpassword,
+								   &second_password_isnull);
 	if (password_isnull && second_password_isnull)
 	{
 		ReleaseSysCache(roleTup);
@@ -82,8 +82,8 @@ get_role_passwords(const char *role, const char **logdetail, int *num_passwords)
 	datum = SysCacheGetAttr(AUTHNAME, roleTup,
 							Anum_pg_authid_rolvaliduntil, &vuntil_isnull);
 	second_datum = SysCacheGetAttr(AUTHNAME, roleTup,
-							Anum_pg_authid_rolsecondvaliduntil,
-							&second_vuntil_isnull);
+								   Anum_pg_authid_rolsecondvaliduntil,
+								   &second_vuntil_isnull);
 	if (!vuntil_isnull)
 		vuntil = DatumGetTimestampTz(datum);
 	if (!second_vuntil_isnull)
@@ -96,14 +96,14 @@ get_role_passwords(const char *role, const char **logdetail, int *num_passwords)
 	 */
 	current_ts = GetCurrentTimestamp();
 	*num_passwords = (!password_isnull &&
-						(vuntil_isnull || vuntil >= current_ts))
-					+ (!second_password_isnull &&
-						(second_vuntil_isnull || second_vuntil >= current_ts));
+					  (vuntil_isnull || vuntil >= current_ts))
+		+ (!second_password_isnull &&
+		   (second_vuntil_isnull || second_vuntil >= current_ts));
 
 	if (*num_passwords >= 1)
 	{
-		int i = 0;
-		char **passwords = palloc(sizeof(char *) * (*num_passwords));
+		int			i = 0;
+		char	  **passwords = palloc(sizeof(char *) * (*num_passwords));
 
 		if (!password_isnull && (vuntil_isnull || vuntil >= current_ts))
 		{
diff --git a/src/include/catalog/pg_authid.h b/src/include/catalog/pg_authid.h
index 2a27ae3e10..b5107950c5 100644
--- a/src/include/catalog/pg_authid.h
+++ b/src/include/catalog/pg_authid.h
@@ -46,7 +46,8 @@ CATALOG(pg_authid,1260,AuthIdRelationId) BKI_SHARED_RELATION BKI_ROWTYPE_OID(284
 	text		rolpassword;	/* password, if any */
 	timestamptz rolvaliduntil;	/* password expiration time, if any */
 	text		rolsecondpassword;	/* second password, if any */
-	timestamptz rolsecondvaliduntil;	/* second password expiration time, if any */
+	timestamptz rolsecondvaliduntil;	/* second password expiration time, if
+										 * any */
 #endif
 } FormData_pg_authid;
 
diff --git a/src/include/utils/wait_event.h b/src/include/utils/wait_event.h
index 009b03a520..5a7817cb32 100644
--- a/src/include/utils/wait_event.h
+++ b/src/include/utils/wait_event.h
@@ -57,7 +57,7 @@ typedef enum
 {
 	WAIT_EVENT_EXTENSION = PG_WAIT_EXTENSION,
 	WAIT_EVENT_EXTENSION_FIRST_USER_DEFINED
-} WaitEventExtension;
+}			WaitEventExtension;
 
 extern void WaitEventExtensionShmemInit(void);
 extern Size WaitEventExtensionShmemSize(void);
diff --git a/src/tools/pgindent/typedefs.list b/src/tools/pgindent/typedefs.list
index 8de90c4958..be8e472473 100644
--- a/src/tools/pgindent/typedefs.list
+++ b/src/tools/pgindent/typedefs.list
@@ -1275,9 +1275,9 @@ JsonManifestWALRangeField
 JsonObjectAgg
 JsonObjectConstructor
 JsonOutput
-JsonParseExpr
 JsonParseContext
 JsonParseErrorType
+JsonParseExpr
 JsonPath
 JsonPathBool
 JsonPathExecContext
@@ -1340,6 +1340,7 @@ LINE
 LLVMAttributeRef
 LLVMBasicBlockRef
 LLVMBuilderRef
+LLVMContextRef
 LLVMErrorRef
 LLVMIntPredicate
 LLVMJITEventListenerRef
@@ -1913,7 +1914,6 @@ ParallelHashJoinBatch
 ParallelHashJoinBatchAccessor
 ParallelHashJoinState
 ParallelIndexScanDesc
-ParallelReadyList
 ParallelSlot
 ParallelSlotArray
 ParallelSlotResultHandler
@@ -2992,7 +2992,6 @@ WaitEvent
 WaitEventActivity
 WaitEventBufferPin
 WaitEventClient
-WaitEventExtension
 WaitEventExtensionCounterData
 WaitEventExtensionEntryById
 WaitEventExtensionEntryByName
@@ -3401,6 +3400,7 @@ indexed_tlist
 inet
 inetKEY
 inet_struct
+initRowMethod
 init_function
 inline_cte_walker_context
 inline_error_callback_arg
@@ -3868,7 +3868,6 @@ wchar2mb_with_len_converter
 wchar_t
 win32_deadchild_waitinfo
 wint_t
-worker_spi_state
 worker_state
 worktable
 wrap
-- 
2.41.0