From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> |
Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, PgSQL-Hackers <pgsql-hackers(at)postgresql(dot)org>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com> |
Subject: | Re: security hook on authorization |
Date: | 2010-10-26 01:45:23 |
Message-ID: | AANLkTintGh2z3JCk27KQ6O+_07PV6Jq6r3RfX+dyz7Y_@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Mon, Oct 25, 2010 at 8:51 AM, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp> wrote:
> One possible candidate is CheckMyDatabase() that checks ACL_CONNECT
> permission for the required database prior to execution of all the
> queries.
> Currently, we don't have any security hook around here.
> But, if we have "InvokeSecurityHook()" here, it will be able to
> kill two birds with one stone. The 1st bird is getpeercon(3), and
> the 2nd bird is permission check on the selected database.
Yeah, that might be a possibility.
>> This is closer to the mark, but mostly speculative, and not detailed
>> enough to determine whether the proposed hook is properly located. It
>> seems rather early to me: this is before we've sent the authentication
>> packet to the client, so we couldn't, for example, log the success or
>> failure of the authentication; we don't know whether it will succeed
>> or fail.
>>
> Hmm. But the auth_failed() raises a fatal error, so we need to put
> a hook before the invocation to log a case of authentication failed.
>
> | + if (ClientAuthentication_hook)
> | + (*ClientAuthentication_hook)(port, status);
> | +
> | if (status == STATUS_OK)
> | sendAuthRequest(port, AUTH_REQ_OK);
> | else
> | auth_failed(port, status);
>
> Or, perhaps, we should modify this if-block to ensure the hook being
> called after sendAuthRequest() but before auth_failed().
Oh. You know, I am realizing that I misread this patch. This hook is
actually after authentication has been done; it's merely before we've
told the client what happened. So maybe this is committable as-is,
modulo some work on the comments.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
From | Date | Subject | |
---|---|---|---|
Next Message | David Fetter | 2010-10-26 01:53:43 | Re: Tab completion for view triggers in psql |
Previous Message | Andrew Dunstan | 2010-10-26 01:32:26 | Re: Composite Types and Function Parameters |