postgres_fdw super user checks

From: Jeff Janes <jeff(dot)janes(at)gmail(dot)com>
To: pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: postgres_fdw super user checks
Date: 2016-10-16 18:33:26
Message-ID: CAMkU=1y0VSLjEUhGOh3tJcCs-_5VF5cGDMae7d2FfRhvtVwQfg@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox
Thread:
Lists: pgsql-hackers

postgres_fdw has some checks to enforce that non-superusers must connect to
the foreign server with a password-based method. The reason for this is to
prevent the authentication to the foreign server from happening on the
basis of the OS user who is running the non-foreign server.

But I think these super user checks should be run against the userid of the
USER MAPPING being used for the connection, not the userid of currently
logged on user.

That is, I think the last line in this script should succeed: ('jjanes' is
both a superuser, and a database):

CREATE EXTENSION IF NOT EXISTS postgres_fdw WITH SCHEMA public;
CREATE SERVER foo FOREIGN DATA WRAPPER postgres_fdw;
CREATE USER MAPPING FOR jjanes SERVER foo;
CREATE TABLE foobar1 ( x integer);
CREATE FOREIGN TABLE foobar2 ( x integer) SERVER foo OPTIONS ( table_name
'foobar1');
CREATE VIEW foobar3 AS SELECT foobar2.x FROM foobar2;
CREATE USER test;
GRANT SELECT ON TABLE foobar3 TO test;
\c jjanes test
select * from foobar3;

It connects back to itself, simply for demonstration purposes.

The attached patch implements this change in auth checking.

Cheers,

Jeff

Attachment Content-Type Size
postgres_fdw_superuser.patch application/octet-stream 3.0 KB

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Jim Nasby 2016-10-16 19:03:21 Question on "record type has not been registered"
Previous Message Craig Ringer 2016-10-16 13:01:44 Re: COPY as a set returning function