Re: security hook on authorization

2010/8/19 KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>:
> I also plan to add a security hook on authorization time.
> It shall allow external security providers to set up credential of
> the authenticated clients.
>
> Please note that it is not intended to control authentication process.
> It is typically checked based on a pair of username and password.
> What I want to discuss is things after success of this authentication
> steps.
>
> From viewpoint of SE-PostgreSQL, it uses getpeercon(3) which obtains
> a security label of the peer process, so it does not need to consider
> database username. But we can easily assume other security mechanism
> which assigns a certain label based on the authenticated database user
> such as Oracle Label Security.
>
> So, I think this hook should be also invoked on the code path of
> SET SESSION AUTHORIZATION, not only database login time, although
> SE-PostgreSQL ignores this case.
>
> So, I think SetSessionUserId() is a candidate to put this hook which is
> entirely called from both of the code path.
> This routine is to assign credential of the default database privilege
> mechanism, so it seems to me it is a good point where external security
> provider also assigns its credential of the authenticated database user.

How is this different from what we rejected before?

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise Postgres Company