Skip site navigation (1) Skip section navigation (2)

elog(FATAL)ing non-existent roles during client authentication

From: Gavin Sherry <swm(at)linuxworld(dot)com(dot)au>
To: pgsql-hackers(at)postgresql(dot)org
Subject: elog(FATAL)ing non-existent roles during client authentication
Date: 2006-11-30 03:33:26
Message-ID: Pine.LNX.4.58.0611301355010.6943@linuxworld.com.au (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
Hi all,

I noticed that during client authentication by HBA, some times we will
necessarily determine whether or not a role exists. For example, password,
crypt and md5 auth methods call get_role_line() which tells the caller
whether the role exists. If it doesn't (or if the authentication fails due
to a password mismatch) we error out.

I wonder if we should check if the role exists for the other
authentication methods too? get_role_line() should be very cheap and it
would prevent unnecessary authentication work if we did it before
contacting, for example, the client ident server. Even with trust, it
would save work because otherwise we do not check if the user exists until
InitializeSessionUserId(), at which time we're set up our proc entry etc.

This might seem overly pessimistic, I know, but it seemed to me that a
malicious user on a local network might be able to tie up a system in
interesting ways by launching lots of connections without necessarily
knowing any usernames/passwords.

Thanks,

Gavin

Responses

pgsql-hackers by date

Next:From: Andrew - SupernewsDate: 2006-11-30 03:59:33
Subject: SSL and cert chains
Previous:From: soni deDate: 2006-11-30 03:17:34
Subject: Re: Regarding PQputline and PQendcopy

pgsql-patches by date

Next:From: Tom LaneDate: 2006-11-30 06:30:15
Subject: Re: elog(FATAL)ing non-existent roles during client authentication
Previous:From: Hiroshi SaitoDate: 2006-11-30 01:29:23
Subject: win32.mak patch of pg_dump.

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group