| From: | Jeff Janes <jeff(dot)janes(at)gmail(dot)com> |
|---|---|
| To: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | postgres_fdw super user checks |
| Date: | 2016-10-16 18:33:26 |
| Message-ID: | CAMkU=1y0VSLjEUhGOh3tJcCs-_5VF5cGDMae7d2FfRhvtVwQfg@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
postgres_fdw has some checks to enforce that non-superusers must connect to
the foreign server with a password-based method. The reason for this is to
prevent the authentication to the foreign server from happening on the
basis of the OS user who is running the non-foreign server.
But I think these super user checks should be run against the userid of the
USER MAPPING being used for the connection, not the userid of currently
logged on user.
That is, I think the last line in this script should succeed: ('jjanes' is
both a superuser, and a database):
CREATE EXTENSION IF NOT EXISTS postgres_fdw WITH SCHEMA public;
CREATE SERVER foo FOREIGN DATA WRAPPER postgres_fdw;
CREATE USER MAPPING FOR jjanes SERVER foo;
CREATE TABLE foobar1 ( x integer);
CREATE FOREIGN TABLE foobar2 ( x integer) SERVER foo OPTIONS ( table_name
'foobar1');
CREATE VIEW foobar3 AS SELECT foobar2.x FROM foobar2;
CREATE USER test;
GRANT SELECT ON TABLE foobar3 TO test;
\c jjanes test
select * from foobar3;
It connects back to itself, simply for demonstration purposes.
The attached patch implements this change in auth checking.
Cheers,
Jeff
| Attachment | Content-Type | Size |
|---|---|---|
| postgres_fdw_superuser.patch | application/octet-stream | 3.0 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jim Nasby | 2016-10-16 19:03:21 | Question on "record type has not been registered" |
| Previous Message | Craig Ringer | 2016-10-16 13:01:44 | Re: COPY as a set returning function |