-
Notifications
You must be signed in to change notification settings - Fork 403
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement SSPI authentication #1128
Conversation
c0219f1
to
72a5fda
Compare
@@ -45,6 +46,13 @@ | |||
CLIENT_SSL_KEY_FILE = os.path.join(CERTS, 'client.key.pem') | |||
CLIENT_SSL_PROTECTED_KEY_FILE = os.path.join(CERTS, 'client.key.protected.pem') | |||
|
|||
if _system == 'Windows': | |||
DEFAULT_GSSLIB = 'sspi' | |||
OTHER_GSSLIB = 'gssapi' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since this makes it possible to use gssapi
on Windows also, should the gssapi
dependency be made unconditional of platform_system
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good question. My idea here was to only install the default library which is the most likely to work. Using gssapi
on Windows requires installing Kerberos for Windows, so it probably needs manual steps anyway. We can install gssapi
and let the user deal with the error for missing KfW, or we can document this better somewhere. Happy to do either way.
Technically, sspilib can be used on non-Windows as well, so we can install both unconditionally, but this is even more experimental and exotic.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In any case, we should update the installation page: https://magicstack.github.io/asyncpg/current/installation.html
SSPI is a Windows technology for secure authentication. SSPI and GSSAPI interoperate as clients and servers. Postgres documentation recommends using SSPI on Windows clients and servers and GSSAPI on non-Windows platforms[1]. Changes in this PR: * Support AUTH_REQUIRED_SSPI server request. This is the same as AUTH_REQUIRED_GSS, except it allows negotiation with SSPI clients. * Allow using SSPI on the client. Which library to use can be specified using the `gsslib` connection parameter. * Use SSPI instead of GSSAPI on Windows by default. The latter requires installing Kerberos for Windows and is unlikely to work out of the box. Closes MagicStack#142 [1] https://www.postgresql.org/docs/current/sspi-auth.html
72a5fda
to
69375b1
Compare
@elprans I updated documentation and renamed the extra to hopefully make it more clear. Please take another look. |
ae9023b
to
3ced615
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thanks for contributing!
@elprans when are you planning to make the next release? |
@elprans friendly ping |
Support Python 3.13 and PostgreSQL 17. Improvements ============ * Implement GSSAPI authentication (by @eltoder in 1d4e568 for #1122) * Implement SSPI authentication (by @eltoder in 1aab209 for #1128) * Add initial typings (by @bryanforbes in d42432b for #1127) * Allow building with Cython 3 (by @musicinmybrain in 258d8a9 for #1101) * docs: fix connection pool close call (#1125) (by @paulovitorweb in e848814 for #1125) * Add support for the `sslnegotiation` parameter (by @elprans in afdb05c for #1187) * Test and build on Python 3.13 (by @elprans in 3aa9894 for #1188) * Support PostgreSQL 17 (by @elprans in cee97e1 for #1189) (by @MeggyCal in aa2d0e6 for #1185) * Add `fetchmany` to execute many *and* return rows (by @rossmacarthur in 73f2209 for #1175) * Add `connect` kwarg to Pool to better support GCP's CloudSQL (by @d1manson in 3ee19ba for #1170) * Allow customizing connection state reset (#1191) (by @elprans in f6ec755 for #1191) Fixes ===== * s/quote/quote_plus/ in the note about DSN part quoting (by @elprans in 1194a8a for #1151) * Use asyncio.run() instead of run_until_complete() (by @eltoder in 9fcddfc for #1140) * Require async_timeout for python < 3.11 (#1177) (by @Pliner in 327f2a7 for #1177) * Allow testing with uvloop on Python 3.12 (#1182) (by @musicinmybrain in 597fe54 for #1182) * Mark pool-wrapped connection coroutine methods as coroutines (by @elprans in 636420b for #1134) * handle `None` parameters in `copy_from_query`, returning `NULL` (by @fobispotc in 259d16e for #1180) * fix: return the pool from _async_init__ if it's already initialized (#1104) (by @guacs in 7dc5872 for #1104) * Replace obsolete, unsafe `Py_TRASHCAN_SAFE_BEGIN/END` (#1150) (by @musicinmybrain in 11101c6 for #1150)
Support Python 3.13 and PostgreSQL 17. Improvements ============ * Implement GSSAPI authentication (by @eltoder in 1d4e568 for #1122) * Implement SSPI authentication (by @eltoder in 1aab209 for #1128) * Add initial typings (by @bryanforbes in d42432b for #1127) * Allow building with Cython 3 (by @musicinmybrain in 258d8a9 for #1101) * docs: fix connection pool close call (#1125) (by @paulovitorweb in e848814 for #1125) * Add support for the `sslnegotiation` parameter (by @elprans in afdb05c for #1187) * Test and build on Python 3.13 (by @elprans in 3aa9894 for #1188) * Support PostgreSQL 17 (by @elprans in cee97e1 for #1189) (by @MeggyCal in aa2d0e6 for #1185) * Add `fetchmany` to execute many *and* return rows (by @rossmacarthur in 73f2209 for #1175) * Add `connect` kwarg to Pool to better support GCP's CloudSQL (by @d1manson in 3ee19ba for #1170) * Allow customizing connection state reset (#1191) (by @elprans in f6ec755 for #1191) Fixes ===== * s/quote/quote_plus/ in the note about DSN part quoting (by @elprans in 1194a8a for #1151) * Use asyncio.run() instead of run_until_complete() (by @eltoder in 9fcddfc for #1140) * Require async_timeout for python < 3.11 (#1177) (by @Pliner in 327f2a7 for #1177) * Allow testing with uvloop on Python 3.12 (#1182) (by @musicinmybrain in 597fe54 for #1182) * Mark pool-wrapped connection coroutine methods as coroutines (by @elprans in 636420b for #1134) * handle `None` parameters in `copy_from_query`, returning `NULL` (by @fobispotc in 259d16e for #1180) * fix: return the pool from _async_init__ if it's already initialized (#1104) (by @guacs in 7dc5872 for #1104) * Replace obsolete, unsafe `Py_TRASHCAN_SAFE_BEGIN/END` (#1150) (by @musicinmybrain in 11101c6 for #1150)
Support Python 3.13 and PostgreSQL 17. Improvements ============ * Implement GSSAPI authentication (by @eltoder in 1d4e568 for #1122) * Implement SSPI authentication (by @eltoder in 1aab209 for #1128) * Add initial typings (by @bryanforbes in d42432b for #1127) * Allow building with Cython 3 (by @musicinmybrain in 258d8a9 for #1101) * docs: fix connection pool close call (#1125) (by @paulovitorweb in e848814 for #1125) * Add support for the `sslnegotiation` parameter (by @elprans in afdb05c for #1187) * Test and build on Python 3.13 (by @elprans in 3aa9894 for #1188) * Support PostgreSQL 17 (by @elprans in cee97e1 for #1189) (by @MeggyCal in aa2d0e6 for #1185) * Add `fetchmany` to execute many *and* return rows (by @rossmacarthur in 73f2209 for #1175) * Add `connect` kwarg to Pool to better support GCP's CloudSQL (by @d1manson in 3ee19ba for #1170) * Allow customizing connection state reset (#1191) (by @elprans in f6ec755 for #1191) Fixes ===== * s/quote/quote_plus/ in the note about DSN part quoting (by @elprans in 1194a8a for #1151) * Use asyncio.run() instead of run_until_complete() (by @eltoder in 9fcddfc for #1140) * Require async_timeout for python < 3.11 (#1177) (by @Pliner in 327f2a7 for #1177) * Allow testing with uvloop on Python 3.12 (#1182) (by @musicinmybrain in 597fe54 for #1182) * Mark pool-wrapped connection coroutine methods as coroutines (by @elprans in 636420b for #1134) * handle `None` parameters in `copy_from_query`, returning `NULL` (by @fobispotc in 259d16e for #1180) * fix: return the pool from _async_init__ if it's already initialized (#1104) (by @guacs in 7dc5872 for #1104) * Replace obsolete, unsafe `Py_TRASHCAN_SAFE_BEGIN/END` (#1150) (by @musicinmybrain in 11101c6 for #1150)
Support Python 3.13 and PostgreSQL 17. Improvements ============ * Implement GSSAPI authentication (by @eltoder in 1d4e568 for #1122) * Implement SSPI authentication (by @eltoder in 1aab209 for #1128) * Add initial typings (by @bryanforbes in d42432b for #1127) * Allow building with Cython 3 (by @musicinmybrain in 258d8a9 for #1101) * docs: fix connection pool close call (#1125) (by @paulovitorweb in e848814 for #1125) * Add support for the `sslnegotiation` parameter (by @elprans in afdb05c for #1187) * Test and build on Python 3.13 (by @elprans in 3aa9894 for #1188) * Support PostgreSQL 17 (by @elprans in cee97e1 for #1189) (by @MeggyCal in aa2d0e6 for #1185) * Add `fetchmany` to execute many *and* return rows (by @rossmacarthur in 73f2209 for #1175) * Add `connect` kwarg to Pool to better support GCP's CloudSQL (by @d1manson in 3ee19ba for #1170) * Allow customizing connection state reset (#1191) (by @elprans in f6ec755 for #1191) Fixes ===== * s/quote/quote_plus/ in the note about DSN part quoting (by @elprans in 1194a8a for #1151) * Use asyncio.run() instead of run_until_complete() (by @eltoder in 9fcddfc for #1140) * Require async_timeout for python < 3.11 (#1177) (by @Pliner in 327f2a7 for #1177) * Allow testing with uvloop on Python 3.12 (#1182) (by @musicinmybrain in 597fe54 for #1182) * Mark pool-wrapped connection coroutine methods as coroutines (by @elprans in 636420b for #1134) * handle `None` parameters in `copy_from_query`, returning `NULL` (by @fobispotc in 259d16e for #1180) * fix: return the pool from _async_init__ if it's already initialized (#1104) (by @guacs in 7dc5872 for #1104) * Replace obsolete, unsafe `Py_TRASHCAN_SAFE_BEGIN/END` (#1150) (by @musicinmybrain in 11101c6 for #1150)
Support Python 3.13 and PostgreSQL 17. Improvements ============ * Implement GSSAPI authentication (by @eltoder in 1d4e568 for #1122) * Implement SSPI authentication (by @eltoder in 1aab209 for #1128) * Add initial typings (by @bryanforbes in d42432b for #1127) * Allow building with Cython 3 (by @musicinmybrain in 258d8a9 for #1101) * docs: fix connection pool close call (#1125) (by @paulovitorweb in e848814 for #1125) * Add support for the `sslnegotiation` parameter (by @elprans in afdb05c for #1187) * Test and build on Python 3.13 (by @elprans in 3aa9894 for #1188) * Support PostgreSQL 17 (by @elprans in cee97e1 for #1189) (by @MeggyCal in aa2d0e6 for #1185) * Add `fetchmany` to execute many *and* return rows (by @rossmacarthur in 73f2209 for #1175) * Add `connect` kwarg to Pool to better support GCP's CloudSQL (by @d1manson in 3ee19ba for #1170) * Allow customizing connection state reset (#1191) (by @elprans in f6ec755 for #1191) Fixes ===== * s/quote/quote_plus/ in the note about DSN part quoting (by @elprans in 1194a8a for #1151) * Use asyncio.run() instead of run_until_complete() (by @eltoder in 9fcddfc for #1140) * Require async_timeout for python < 3.11 (#1177) (by @Pliner in 327f2a7 for #1177) * Allow testing with uvloop on Python 3.12 (#1182) (by @musicinmybrain in 597fe54 for #1182) * Mark pool-wrapped connection coroutine methods as coroutines (by @elprans in 636420b for #1134) * handle `None` parameters in `copy_from_query`, returning `NULL` (by @fobispotc in 259d16e for #1180) * fix: return the pool from _async_init__ if it's already initialized (#1104) (by @guacs in 7dc5872 for #1104) * Replace obsolete, unsafe `Py_TRASHCAN_SAFE_BEGIN/END` (#1150) (by @musicinmybrain in 11101c6 for #1150)
Support Python 3.13 and PostgreSQL 17. Improvements ============ * Implement GSSAPI authentication (by @eltoder in 1d4e568 for #1122) * Implement SSPI authentication (by @eltoder in 1aab209 for #1128) * Add initial typings (by @bryanforbes in d42432b for #1127) * Allow building with Cython 3 (by @musicinmybrain in 258d8a9 for #1101) * docs: fix connection pool close call (#1125) (by @paulovitorweb in e848814 for #1125) * Add support for the `sslnegotiation` parameter (by @elprans in afdb05c for #1187) * Test and build on Python 3.13 (by @elprans in 3aa9894 for #1188) * Support PostgreSQL 17 (by @elprans in cee97e1 for #1189) (by @MeggyCal in aa2d0e6 for #1185) * Add `fetchmany` to execute many *and* return rows (by @rossmacarthur in 73f2209 for #1175) * Add `connect` kwarg to Pool to better support GCP's CloudSQL (by @d1manson in 3ee19ba for #1170) * Allow customizing connection state reset (#1191) (by @elprans in f6ec755 for #1191) Fixes ===== * s/quote/quote_plus/ in the note about DSN part quoting (by @elprans in 1194a8a for #1151) * Use asyncio.run() instead of run_until_complete() (by @eltoder in 9fcddfc for #1140) * Require async_timeout for python < 3.11 (#1177) (by @Pliner in 327f2a7 for #1177) * Allow testing with uvloop on Python 3.12 (#1182) (by @musicinmybrain in 597fe54 for #1182) * Mark pool-wrapped connection coroutine methods as coroutines (by @elprans in 636420b for #1134) * handle `None` parameters in `copy_from_query`, returning `NULL` (by @fobispotc in 259d16e for #1180) * fix: return the pool from _async_init__ if it's already initialized (#1104) (by @guacs in 7dc5872 for #1104) * Replace obsolete, unsafe `Py_TRASHCAN_SAFE_BEGIN/END` (#1150) (by @musicinmybrain in 11101c6 for #1150)
Support Python 3.13 and PostgreSQL 17. Improvements ============ * Implement GSSAPI authentication (by @eltoder in 1d4e568 for #1122) * Implement SSPI authentication (by @eltoder in 1aab209 for #1128) * Add initial typings (by @bryanforbes in d42432b for #1127) * Allow building with Cython 3 (by @musicinmybrain in 258d8a9 for #1101) * docs: fix connection pool close call (#1125) (by @paulovitorweb in e848814 for #1125) * Add support for the `sslnegotiation` parameter (by @elprans in afdb05c for #1187) * Test and build on Python 3.13 (by @elprans in 3aa9894 for #1188) * Support PostgreSQL 17 (by @elprans in cee97e1 for #1189) (by @MeggyCal in aa2d0e6 for #1185) * Add `fetchmany` to execute many *and* return rows (by @rossmacarthur in 73f2209 for #1175) * Add `connect` kwarg to Pool to better support GCP's CloudSQL (by @d1manson in 3ee19ba for #1170) * Allow customizing connection state reset (#1191) (by @elprans in f6ec755 for #1191) Fixes ===== * s/quote/quote_plus/ in the note about DSN part quoting (by @elprans in 1194a8a for #1151) * Use asyncio.run() instead of run_until_complete() (by @eltoder in 9fcddfc for #1140) * Require async_timeout for python < 3.11 (#1177) (by @Pliner in 327f2a7 for #1177) * Allow testing with uvloop on Python 3.12 (#1182) (by @musicinmybrain in 597fe54 for #1182) * Mark pool-wrapped connection coroutine methods as coroutines (by @elprans in 636420b for #1134) * handle `None` parameters in `copy_from_query`, returning `NULL` (by @fobispotc in 259d16e for #1180) * fix: return the pool from _async_init__ if it's already initialized (#1104) (by @guacs in 7dc5872 for #1104) * Replace obsolete, unsafe `Py_TRASHCAN_SAFE_BEGIN/END` (#1150) (by @musicinmybrain in 11101c6 for #1150)
Support Python 3.13 and PostgreSQL 17. Improvements ============ * Implement GSSAPI authentication (by @eltoder in 1d4e568 for #1122) * Implement SSPI authentication (by @eltoder in 1aab209 for #1128) * Add initial typings (by @bryanforbes in d42432b for #1127) * Allow building with Cython 3 (by @musicinmybrain in 258d8a9 for #1101) * docs: fix connection pool close call (#1125) (by @paulovitorweb in e848814 for #1125) * Add support for the `sslnegotiation` parameter (by @elprans in afdb05c for #1187) * Test and build on Python 3.13 (by @elprans in 3aa9894 for #1188) * Support PostgreSQL 17 (by @elprans in cee97e1 for #1189) (by @MeggyCal in aa2d0e6 for #1185) * Add `fetchmany` to execute many *and* return rows (by @rossmacarthur in 73f2209 for #1175) * Add `connect` kwarg to Pool to better support GCP's CloudSQL (by @d1manson in 3ee19ba for #1170) * Allow customizing connection state reset (#1191) (by @elprans in f6ec755 for #1191) Fixes ===== * s/quote/quote_plus/ in the note about DSN part quoting (by @elprans in 1194a8a for #1151) * Use asyncio.run() instead of run_until_complete() (by @eltoder in 9fcddfc for #1140) * Require async_timeout for python < 3.11 (#1177) (by @Pliner in 327f2a7 for #1177) * Allow testing with uvloop on Python 3.12 (#1182) (by @musicinmybrain in 597fe54 for #1182) * Mark pool-wrapped connection coroutine methods as coroutines (by @elprans in 636420b for #1134) * handle `None` parameters in `copy_from_query`, returning `NULL` (by @fobispotc in 259d16e for #1180) * fix: return the pool from _async_init__ if it's already initialized (#1104) (by @guacs in 7dc5872 for #1104) * Replace obsolete, unsafe `Py_TRASHCAN_SAFE_BEGIN/END` (#1150) (by @musicinmybrain in 11101c6 for #1150)
Support Python 3.13 and PostgreSQL 17. Improvements ============ * Implement GSSAPI authentication (by @eltoder in 1d4e568 for #1122) * Implement SSPI authentication (by @eltoder in 1aab209 for #1128) * Add initial typings (by @bryanforbes in d42432b for #1127) * Allow building with Cython 3 (by @musicinmybrain in 258d8a9 for #1101) * docs: fix connection pool close call (#1125) (by @paulovitorweb in e848814 for #1125) * Add support for the `sslnegotiation` parameter (by @elprans in afdb05c for #1187) * Test and build on Python 3.13 (by @elprans in 3aa9894 for #1188) * Support PostgreSQL 17 (by @elprans in cee97e1 for #1189) (by @MeggyCal in aa2d0e6 for #1185) * Add `fetchmany` to execute many *and* return rows (by @rossmacarthur in 73f2209 for #1175) * Add `connect` kwarg to Pool to better support GCP's CloudSQL (by @d1manson in 3ee19ba for #1170) * Allow customizing connection state reset (#1191) (by @elprans in f6ec755 for #1191) Fixes ===== * s/quote/quote_plus/ in the note about DSN part quoting (by @elprans in 1194a8a for #1151) * Use asyncio.run() instead of run_until_complete() (by @eltoder in 9fcddfc for #1140) * Require async_timeout for python < 3.11 (#1177) (by @Pliner in 327f2a7 for #1177) * Allow testing with uvloop on Python 3.12 (#1182) (by @musicinmybrain in 597fe54 for #1182) * Mark pool-wrapped connection coroutine methods as coroutines (by @elprans in 636420b for #1134) * handle `None` parameters in `copy_from_query`, returning `NULL` (by @fobispotc in 259d16e for #1180) * fix: return the pool from _async_init__ if it's already initialized (#1104) (by @guacs in 7dc5872 for #1104) * Replace obsolete, unsafe `Py_TRASHCAN_SAFE_BEGIN/END` (#1150) (by @musicinmybrain in 11101c6 for #1150)
Support Python 3.13 and PostgreSQL 17. Improvements ============ * Implement GSSAPI authentication (by @eltoder in 1d4e568 for #1122) * Implement SSPI authentication (by @eltoder in 1aab209 for #1128) * Add initial typings (by @bryanforbes in d42432b for #1127) * Allow building with Cython 3 (by @musicinmybrain in 258d8a9 for #1101) * docs: fix connection pool close call (#1125) (by @paulovitorweb in e848814 for #1125) * Add support for the `sslnegotiation` parameter (by @elprans in afdb05c for #1187) * Test and build on Python 3.13 (by @elprans in 3aa9894 for #1188) * Support PostgreSQL 17 (by @elprans in cee97e1 for #1189) (by @MeggyCal in aa2d0e6 for #1185) * Add `fetchmany` to execute many *and* return rows (by @rossmacarthur in 73f2209 for #1175) * Add `connect` kwarg to Pool to better support GCP's CloudSQL (by @d1manson in 3ee19ba for #1170) * Allow customizing connection state reset (#1191) (by @elprans in f6ec755 for #1191) Fixes ===== * s/quote/quote_plus/ in the note about DSN part quoting (by @elprans in 1194a8a for #1151) * Use asyncio.run() instead of run_until_complete() (by @eltoder in 9fcddfc for #1140) * Require async_timeout for python < 3.11 (#1177) (by @Pliner in 327f2a7 for #1177) * Allow testing with uvloop on Python 3.12 (#1182) (by @musicinmybrain in 597fe54 for #1182) * Mark pool-wrapped connection coroutine methods as coroutines (by @elprans in 636420b for #1134) * handle `None` parameters in `copy_from_query`, returning `NULL` (by @fobispotc in 259d16e for #1180) * fix: return the pool from _async_init__ if it's already initialized (#1104) (by @guacs in 7dc5872 for #1104) * Replace obsolete, unsafe `Py_TRASHCAN_SAFE_BEGIN/END` (#1150) (by @musicinmybrain in 11101c6 for #1150)
Support Python 3.13 and PostgreSQL 17. Improvements ============ * Implement GSSAPI authentication (by @eltoder in 1d4e568 for #1122) * Implement SSPI authentication (by @eltoder in 1aab209 for #1128) * Add initial typings (by @bryanforbes in d42432b for #1127) * Allow building with Cython 3 (by @musicinmybrain in 258d8a9 for #1101) * docs: fix connection pool close call (#1125) (by @paulovitorweb in e848814 for #1125) * Add support for the `sslnegotiation` parameter (by @elprans in afdb05c for #1187) * Test and build on Python 3.13 (by @elprans in 3aa9894 for #1188) * Support PostgreSQL 17 (by @elprans in cee97e1 for #1189) (by @MeggyCal in aa2d0e6 for #1185) * Add `fetchmany` to execute many *and* return rows (by @rossmacarthur in 73f2209 for #1175) * Add `connect` kwarg to Pool to better support GCP's CloudSQL (by @d1manson in 3ee19ba for #1170) * Allow customizing connection state reset (#1191) (by @elprans in f6ec755 for #1191) Fixes ===== * s/quote/quote_plus/ in the note about DSN part quoting (by @elprans in 1194a8a for #1151) * Use asyncio.run() instead of run_until_complete() (by @eltoder in 9fcddfc for #1140) * Require async_timeout for python < 3.11 (#1177) (by @Pliner in 327f2a7 for #1177) * Allow testing with uvloop on Python 3.12 (#1182) (by @musicinmybrain in 597fe54 for #1182) * Mark pool-wrapped connection coroutine methods as coroutines (by @elprans in 636420b for #1134) * handle `None` parameters in `copy_from_query`, returning `NULL` (by @fobispotc in 259d16e for #1180) * fix: return the pool from _async_init__ if it's already initialized (#1104) (by @guacs in 7dc5872 for #1104) * Replace obsolete, unsafe `Py_TRASHCAN_SAFE_BEGIN/END` (#1150) (by @musicinmybrain in 11101c6 for #1150)
Support Python 3.13 and PostgreSQL 17. Improvements ============ * Implement GSSAPI authentication (by @eltoder in 1d4e568 for #1122) * Implement SSPI authentication (by @eltoder in 1aab209 for #1128) * Add initial typings (by @bryanforbes in d42432b for #1127) * Allow building with Cython 3 (by @musicinmybrain in 258d8a9 for #1101) * docs: fix connection pool close call (#1125) (by @paulovitorweb in e848814 for #1125) * Add support for the `sslnegotiation` parameter (by @elprans in afdb05c for #1187) * Test and build on Python 3.13 (by @elprans in 3aa9894 for #1188) * Support PostgreSQL 17 (by @elprans in cee97e1 for #1189) (by @MeggyCal in aa2d0e6 for #1185) * Add `fetchmany` to execute many *and* return rows (by @rossmacarthur in 73f2209 for #1175) * Add `connect` kwarg to Pool to better support GCP's CloudSQL (by @d1manson in 3ee19ba for #1170) * Allow customizing connection state reset (#1191) (by @elprans in f6ec755 for #1191) Fixes ===== * s/quote/quote_plus/ in the note about DSN part quoting (by @elprans in 1194a8a for #1151) * Use asyncio.run() instead of run_until_complete() (by @eltoder in 9fcddfc for #1140) * Require async_timeout for python < 3.11 (#1177) (by @Pliner in 327f2a7 for #1177) * Allow testing with uvloop on Python 3.12 (#1182) (by @musicinmybrain in 597fe54 for #1182) * Mark pool-wrapped connection coroutine methods as coroutines (by @elprans in 636420b for #1134) * handle `None` parameters in `copy_from_query`, returning `NULL` (by @fobispotc in 259d16e for #1180) * fix: return the pool from _async_init__ if it's already initialized (#1104) (by @guacs in 7dc5872 for #1104) * Replace obsolete, unsafe `Py_TRASHCAN_SAFE_BEGIN/END` (#1150) (by @musicinmybrain in 11101c6 for #1150)
Support Python 3.13 and PostgreSQL 17. Improvements ============ * Implement GSSAPI authentication (by @eltoder in 1d4e568 for #1122) * Implement SSPI authentication (by @eltoder in 1aab209 for #1128) * Add initial typings (by @bryanforbes in d42432b for #1127) * Allow building with Cython 3 (by @musicinmybrain in 258d8a9 for #1101) * docs: fix connection pool close call (#1125) (by @paulovitorweb in e848814 for #1125) * Add support for the `sslnegotiation` parameter (by @elprans in afdb05c for #1187) * Test and build on Python 3.13 (by @elprans in 3aa9894 for #1188) * Support PostgreSQL 17 (by @elprans in cee97e1 for #1189) (by @MeggyCal in aa2d0e6 for #1185) * Add `fetchmany` to execute many *and* return rows (by @rossmacarthur in 73f2209 for #1175) * Add `connect` kwarg to Pool to better support GCP's CloudSQL (by @d1manson in 3ee19ba for #1170) * Allow customizing connection state reset (#1191) (by @elprans in f6ec755 for #1191) Fixes ===== * s/quote/quote_plus/ in the note about DSN part quoting (by @elprans in 1194a8a for #1151) * Use asyncio.run() instead of run_until_complete() (by @eltoder in 9fcddfc for #1140) * Require async_timeout for python < 3.11 (#1177) (by @Pliner in 327f2a7 for #1177) * Allow testing with uvloop on Python 3.12 (#1182) (by @musicinmybrain in 597fe54 for #1182) * Mark pool-wrapped connection coroutine methods as coroutines (by @elprans in 636420b for #1134) * handle `None` parameters in `copy_from_query`, returning `NULL` (by @fobispotc in 259d16e for #1180) * fix: return the pool from _async_init__ if it's already initialized (#1104) (by @guacs in 7dc5872 for #1104) * Replace obsolete, unsafe `Py_TRASHCAN_SAFE_BEGIN/END` (#1150) (by @musicinmybrain in 11101c6 for #1150)
Support Python 3.13 and PostgreSQL 17. Improvements ============ * Implement GSSAPI authentication (by @eltoder in 1d4e568 for #1122) * Implement SSPI authentication (by @eltoder in 1aab209 for #1128) * Add initial typings (by @bryanforbes in d42432b for #1127) * Allow building with Cython 3 (by @musicinmybrain in 258d8a9 for #1101) * docs: fix connection pool close call (#1125) (by @paulovitorweb in e848814 for #1125) * Add support for the `sslnegotiation` parameter (by @elprans in afdb05c for #1187) * Test and build on Python 3.13 (by @elprans in 3aa9894 for #1188) * Support PostgreSQL 17 (by @elprans in cee97e1 for #1189) (by @MeggyCal in aa2d0e6 for #1185) * Add `fetchmany` to execute many *and* return rows (by @rossmacarthur in 73f2209 for #1175) * Add `connect` kwarg to Pool to better support GCP's CloudSQL (by @d1manson in 3ee19ba for #1170) * Allow customizing connection state reset (#1191) (by @elprans in f6ec755 for #1191) Fixes ===== * s/quote/quote_plus/ in the note about DSN part quoting (by @elprans in 1194a8a for #1151) * Use asyncio.run() instead of run_until_complete() (by @eltoder in 9fcddfc for #1140) * Require async_timeout for python < 3.11 (#1177) (by @Pliner in 327f2a7 for #1177) * Allow testing with uvloop on Python 3.12 (#1182) (by @musicinmybrain in 597fe54 for #1182) * Mark pool-wrapped connection coroutine methods as coroutines (by @elprans in 636420b for #1134) * handle `None` parameters in `copy_from_query`, returning `NULL` (by @fobispotc in 259d16e for #1180) * fix: return the pool from _async_init__ if it's already initialized (#1104) (by @guacs in 7dc5872 for #1104) * Replace obsolete, unsafe `Py_TRASHCAN_SAFE_BEGIN/END` (#1150) (by @musicinmybrain in 11101c6 for #1150)
Support Python 3.13 and PostgreSQL 17. Improvements ============ * Implement GSSAPI authentication (by @eltoder in 1d4e568 for #1122) * Implement SSPI authentication (by @eltoder in 1aab209 for #1128) * Add initial typings (by @bryanforbes in d42432b for #1127) * Allow building with Cython 3 (by @musicinmybrain in 258d8a9 for #1101) * docs: fix connection pool close call (#1125) (by @paulovitorweb in e848814 for #1125) * Add support for the `sslnegotiation` parameter (by @elprans in afdb05c for #1187) * Test and build on Python 3.13 (by @elprans in 3aa9894 for #1188) * Support PostgreSQL 17 (by @elprans in cee97e1 for #1189) (by @MeggyCal in aa2d0e6 for #1185) * Add `fetchmany` to execute many *and* return rows (by @rossmacarthur in 73f2209 for #1175) * Add `connect` kwarg to Pool to better support GCP's CloudSQL (by @d1manson in 3ee19ba for #1170) * Allow customizing connection state reset (#1191) (by @elprans in f6ec755 for #1191) Fixes ===== * s/quote/quote_plus/ in the note about DSN part quoting (by @elprans in 1194a8a for #1151) * Use asyncio.run() instead of run_until_complete() (by @eltoder in 9fcddfc for #1140) * Require async_timeout for python < 3.11 (#1177) (by @Pliner in 327f2a7 for #1177) * Allow testing with uvloop on Python 3.12 (#1182) (by @musicinmybrain in 597fe54 for #1182) * Mark pool-wrapped connection coroutine methods as coroutines (by @elprans in 636420b for #1134) * handle `None` parameters in `copy_from_query`, returning `NULL` (by @fobispotc in 259d16e for #1180) * fix: return the pool from _async_init__ if it's already initialized (#1104) (by @guacs in 7dc5872 for #1104) * Replace obsolete, unsafe `Py_TRASHCAN_SAFE_BEGIN/END` (#1150) (by @musicinmybrain in 11101c6 for #1150)
Support Python 3.13 and PostgreSQL 17. Improvements ============ * Implement GSSAPI authentication (by @eltoder in 1d4e568 for #1122) * Implement SSPI authentication (by @eltoder in 1aab209 for #1128) * Add initial typings (by @bryanforbes in d42432b for #1127) * Allow building with Cython 3 (by @musicinmybrain in 258d8a9 for #1101) * docs: fix connection pool close call (#1125) (by @paulovitorweb in e848814 for #1125) * Add support for the `sslnegotiation` parameter (by @elprans in afdb05c for #1187) * Test and build on Python 3.13 (by @elprans in 3aa9894 for #1188) * Support PostgreSQL 17 (by @elprans in cee97e1 for #1189) (by @MeggyCal in aa2d0e6 for #1185) * Add `fetchmany` to execute many *and* return rows (by @rossmacarthur in 73f2209 for #1175) * Add `connect` kwarg to Pool to better support GCP's CloudSQL (by @d1manson in 3ee19ba for #1170) * Allow customizing connection state reset (#1191) (by @elprans in f6ec755 for #1191) Fixes ===== * s/quote/quote_plus/ in the note about DSN part quoting (by @elprans in 1194a8a for #1151) * Use asyncio.run() instead of run_until_complete() (by @eltoder in 9fcddfc for #1140) * Require async_timeout for python < 3.11 (#1177) (by @Pliner in 327f2a7 for #1177) * Allow testing with uvloop on Python 3.12 (#1182) (by @musicinmybrain in 597fe54 for #1182) * Mark pool-wrapped connection coroutine methods as coroutines (by @elprans in 636420b for #1134) * handle `None` parameters in `copy_from_query`, returning `NULL` (by @fobispotc in 259d16e for #1180) * fix: return the pool from _async_init__ if it's already initialized (#1104) (by @guacs in 7dc5872 for #1104) * Replace obsolete, unsafe `Py_TRASHCAN_SAFE_BEGIN/END` (#1150) (by @musicinmybrain in 11101c6 for #1150)
Support Python 3.13 and PostgreSQL 17. Improvements ============ * Implement GSSAPI authentication (by @eltoder in 1d4e568 for #1122) * Implement SSPI authentication (by @eltoder in 1aab209 for #1128) * Add initial typings (by @bryanforbes in d42432b for #1127) * Allow building with Cython 3 (by @musicinmybrain in 258d8a9 for #1101) * docs: fix connection pool close call (#1125) (by @paulovitorweb in e848814 for #1125) * Add support for the `sslnegotiation` parameter (by @elprans in afdb05c for #1187) * Test and build on Python 3.13 (by @elprans in 3aa9894 for #1188) * Support PostgreSQL 17 (by @elprans in cee97e1 for #1189) (by @MeggyCal in aa2d0e6 for #1185) * Add `fetchmany` to execute many *and* return rows (by @rossmacarthur in 73f2209 for #1175) * Add `connect` kwarg to Pool to better support GCP's CloudSQL (by @d1manson in 3ee19ba for #1170) * Allow customizing connection state reset (#1191) (by @elprans in f6ec755 for #1191) Fixes ===== * s/quote/quote_plus/ in the note about DSN part quoting (by @elprans in 1194a8a for #1151) * Use asyncio.run() instead of run_until_complete() (by @eltoder in 9fcddfc for #1140) * Require async_timeout for python < 3.11 (#1177) (by @Pliner in 327f2a7 for #1177) * Allow testing with uvloop on Python 3.12 (#1182) (by @musicinmybrain in 597fe54 for #1182) * Mark pool-wrapped connection coroutine methods as coroutines (by @elprans in 636420b for #1134) * handle `None` parameters in `copy_from_query`, returning `NULL` (by @fobispotc in 259d16e for #1180) * fix: return the pool from _async_init__ if it's already initialized (#1104) (by @guacs in 7dc5872 for #1104) * Replace obsolete, unsafe `Py_TRASHCAN_SAFE_BEGIN/END` (#1150) (by @musicinmybrain in 11101c6 for #1150)
Support Python 3.13 and PostgreSQL 17. Improvements ============ * Implement GSSAPI authentication (by @eltoder in 1d4e568 for #1122) * Implement SSPI authentication (by @eltoder in 1aab209 for #1128) * Add initial typings (by @bryanforbes in d42432b for #1127) * Allow building with Cython 3 (by @musicinmybrain in 258d8a9 for #1101) * docs: fix connection pool close call (#1125) (by @paulovitorweb in e848814 for #1125) * Add support for the `sslnegotiation` parameter (by @elprans in afdb05c for #1187) * Test and build on Python 3.13 (by @elprans in 3aa9894 for #1188) * Support PostgreSQL 17 (by @elprans in cee97e1 for #1189) (by @MeggyCal in aa2d0e6 for #1185) * Add `fetchmany` to execute many *and* return rows (by @rossmacarthur in 73f2209 for #1175) * Add `connect` kwarg to Pool to better support GCP's CloudSQL (by @d1manson in 3ee19ba for #1170) * Allow customizing connection state reset (#1191) (by @elprans in f6ec755 for #1191) Fixes ===== * s/quote/quote_plus/ in the note about DSN part quoting (by @elprans in 1194a8a for #1151) * Use asyncio.run() instead of run_until_complete() (by @eltoder in 9fcddfc for #1140) * Require async_timeout for python < 3.11 (#1177) (by @Pliner in 327f2a7 for #1177) * Allow testing with uvloop on Python 3.12 (#1182) (by @musicinmybrain in 597fe54 for #1182) * Mark pool-wrapped connection coroutine methods as coroutines (by @elprans in 636420b for #1134) * handle `None` parameters in `copy_from_query`, returning `NULL` (by @fobispotc in 259d16e for #1180) * fix: return the pool from _async_init__ if it's already initialized (#1104) (by @guacs in 7dc5872 for #1104) * Replace obsolete, unsafe `Py_TRASHCAN_SAFE_BEGIN/END` (#1150) (by @musicinmybrain in 11101c6 for #1150)
Support Python 3.13 and PostgreSQL 17. Improvements ============ * Implement GSSAPI authentication (by @eltoder in 1d4e568 for #1122) * Implement SSPI authentication (by @eltoder in 1aab209 for #1128) * Add initial typings (by @bryanforbes in d42432b for #1127) * Allow building with Cython 3 (by @musicinmybrain in 258d8a9 for #1101) * docs: fix connection pool close call (#1125) (by @paulovitorweb in e848814 for #1125) * Add support for the `sslnegotiation` parameter (by @elprans in afdb05c for #1187) * Test and build on Python 3.13 (by @elprans in 3aa9894 for #1188) * Support PostgreSQL 17 (by @elprans in cee97e1 for #1189) (by @MeggyCal in aa2d0e6 for #1185) * Add `fetchmany` to execute many *and* return rows (by @rossmacarthur in 73f2209 for #1175) * Add `connect` kwarg to Pool to better support GCP's CloudSQL (by @d1manson in 3ee19ba for #1170) * Allow customizing connection state reset (#1191) (by @elprans in f6ec755 for #1191) Fixes ===== * s/quote/quote_plus/ in the note about DSN part quoting (by @elprans in 1194a8a for #1151) * Use asyncio.run() instead of run_until_complete() (by @eltoder in 9fcddfc for #1140) * Require async_timeout for python < 3.11 (#1177) (by @Pliner in 327f2a7 for #1177) * Allow testing with uvloop on Python 3.12 (#1182) (by @musicinmybrain in 597fe54 for #1182) * Mark pool-wrapped connection coroutine methods as coroutines (by @elprans in 636420b for #1134) * handle `None` parameters in `copy_from_query`, returning `NULL` (by @fobispotc in 259d16e for #1180) * fix: return the pool from _async_init__ if it's already initialized (#1104) (by @guacs in 7dc5872 for #1104) * Replace obsolete, unsafe `Py_TRASHCAN_SAFE_BEGIN/END` (#1150) (by @musicinmybrain in 11101c6 for #1150)
Support Python 3.13 and PostgreSQL 17. Improvements ============ * Implement GSSAPI authentication (by @eltoder in 1d4e568 for #1122) * Implement SSPI authentication (by @eltoder in 1aab209 for #1128) * Add initial typings (by @bryanforbes in d42432b for #1127) * Allow building with Cython 3 (by @musicinmybrain in 258d8a9 for #1101) * docs: fix connection pool close call (#1125) (by @paulovitorweb in e848814 for #1125) * Add support for the `sslnegotiation` parameter (by @elprans in afdb05c for #1187) * Test and build on Python 3.13 (by @elprans in 3aa9894 for #1188) * Support PostgreSQL 17 (by @elprans in cee97e1 for #1189) (by @MeggyCal in aa2d0e6 for #1185) * Add `fetchmany` to execute many *and* return rows (by @rossmacarthur in 73f2209 for #1175) * Add `connect` kwarg to Pool to better support GCP's CloudSQL (by @d1manson in 3ee19ba for #1170) * Allow customizing connection state reset (#1191) (by @elprans in f6ec755 for #1191) Fixes ===== * s/quote/quote_plus/ in the note about DSN part quoting (by @elprans in 1194a8a for #1151) * Use asyncio.run() instead of run_until_complete() (by @eltoder in 9fcddfc for #1140) * Require async_timeout for python < 3.11 (#1177) (by @Pliner in 327f2a7 for #1177) * Allow testing with uvloop on Python 3.12 (#1182) (by @musicinmybrain in 597fe54 for #1182) * Mark pool-wrapped connection coroutine methods as coroutines (by @elprans in 636420b for #1134) * handle `None` parameters in `copy_from_query`, returning `NULL` (by @fobispotc in 259d16e for #1180) * fix: return the pool from _async_init__ if it's already initialized (#1104) (by @guacs in 7dc5872 for #1104) * Replace obsolete, unsafe `Py_TRASHCAN_SAFE_BEGIN/END` (#1150) (by @musicinmybrain in 11101c6 for #1150)
Support Python 3.13 and PostgreSQL 17. Improvements ============ * Implement GSSAPI authentication (by @eltoder in 1d4e568 for #1122) * Implement SSPI authentication (by @eltoder in 1aab209 for #1128) * Add initial typings (by @bryanforbes in d42432b for #1127) * Allow building with Cython 3 (by @musicinmybrain in 258d8a9 for #1101) * docs: fix connection pool close call (#1125) (by @paulovitorweb in e848814 for #1125) * Add support for the `sslnegotiation` parameter (by @elprans in afdb05c for #1187) * Test and build on Python 3.13 (by @elprans in 3aa9894 for #1188) * Support PostgreSQL 17 (by @elprans in cee97e1 for #1189) (by @MeggyCal in aa2d0e6 for #1185) * Add `fetchmany` to execute many *and* return rows (by @rossmacarthur in 73f2209 for #1175) * Add `connect` kwarg to Pool to better support GCP's CloudSQL (by @d1manson in 3ee19ba for #1170) * Allow customizing connection state reset (#1191) (by @elprans in f6ec755 for #1191) Fixes ===== * s/quote/quote_plus/ in the note about DSN part quoting (by @elprans in 1194a8a for #1151) * Use asyncio.run() instead of run_until_complete() (by @eltoder in 9fcddfc for #1140) * Require async_timeout for python < 3.11 (#1177) (by @Pliner in 327f2a7 for #1177) * Allow testing with uvloop on Python 3.12 (#1182) (by @musicinmybrain in 597fe54 for #1182) * Mark pool-wrapped connection coroutine methods as coroutines (by @elprans in 636420b for #1134) * handle `None` parameters in `copy_from_query`, returning `NULL` (by @fobispotc in 259d16e for #1180) * fix: return the pool from _async_init__ if it's already initialized (#1104) (by @guacs in 7dc5872 for #1104) * Replace obsolete, unsafe `Py_TRASHCAN_SAFE_BEGIN/END` (#1150) (by @musicinmybrain in 11101c6 for #1150)
SSPI is a Windows technology for secure authentication. SSPI and GSSAPI interoperate as clients and servers. Postgres documentation recommends using SSPI on Windows clients and servers and GSSAPI on non-Windows platforms[1].
Changes in this PR:
Support AUTH_REQUIRED_SSPI server request. This is the same as AUTH_REQUIRED_GSS, except it allows negotiation with SSPI clients.
Allow using SSPI on the client. Which library to use can be specified using the
gsslib
connection parameter.Use SSPI instead of GSSAPI on Windows by default. The latter requires installing Kerberos for Windows and is unlikely to work out of the box.
Closes #142
[1] https://www.postgresql.org/docs/current/sspi-auth.html