Re: [PATCH] Expose port->authn_id to extensions and triggers

On 8/6/22 02:26, Michael Paquier wrote:
> On Fri, Aug 05, 2022 at 12:48:33PM +0200, Drouvot, Bertrand wrote:
>> On 8/2/22 11:57 PM, Jacob Champion wrote:
>>> Thoughts from prior reviewers? Is SYSTEM_USER the way to go?
>
> Reading through the other thread, there is a clear parallel between
> both in concept to provide this information at SQL level, indeed.
>
>> I did not look in detail to this thread, but if the goal is "only" to expose
>> authn_id (as the subject describes) then it seems to me that SYSTEM_USER [1]
>> is the way to go.
>>
>> [1]: https://commitfest.postgresql.org/39/3703/
>
> However, I am not sure if the suggestion of auth_method:authn as
> output generated by SYSTEM_USER would be correct according to the SQL
> specification, either. The spec being not really talkative about the
> details of what an external module should be opens up for a lot of
> interpretation, something that both thread are dealing with.

As I pointed out here [
https://www.postgresql.org/message-id/28b4a9ef-5103-f117-99e1-99ae5a86a6e8%40joeconway.com
] both the SQL Server and Oracle interpretations are similar to the one
provided by Bertrand's patch:

SQL Server:
"If the current user is logged in to SQL Server by
using Windows Authentication, SYSTEM_USER returns the
Windows login identification name in the form:
DOMAIN\user_login_name. However, if the current user
is logged in to SQL Server by using SQL Server
Authentication, SYSTEM_USER returns the SQL Server
login identification name"

Oracle:
"SYSTEM_USER
Returns the name of the current data store user as
identified by the operating system."

I am not sure how else we should interpret SYSTEM_USER -- if it isn't
port->authn_id what else would you propose it should be?

--
Joe Conway
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com