postgres_fdw super user checks
| От | Jeff Janes |
|---|---|
| Тема | postgres_fdw super user checks |
| Дата | |
| Msg-id | CAMkU=1y0VSLjEUhGOh3tJcCs-_5VF5cGDMae7d2FfRhvtVwQfg@mail.gmail.com обсуждение исходный текст |
| Ответы |
Re: postgres_fdw super user checks
Re: postgres_fdw super user checks |
| Список | pgsql-hackers |
postgres_fdw has some checks to enforce that non-superusers must connect to the foreign server with a password-based method. The reason for this is to prevent the authentication to the foreign server from happening on the basis of the OS user who is running the non-foreign server.
But I think these super user checks should be run against the userid of the USER MAPPING being used for the connection, not the userid of currently logged on user.
That is, I think the last line in this script should succeed: ('jjanes' is both a superuser, and a database):
CREATE EXTENSION IF NOT EXISTS postgres_fdw WITH SCHEMA public;
CREATE SERVER foo FOREIGN DATA WRAPPER postgres_fdw;
CREATE USER MAPPING FOR jjanes SERVER foo;
CREATE TABLE foobar1 ( x integer);
CREATE FOREIGN TABLE foobar2 ( x integer) SERVER foo OPTIONS ( table_name 'foobar1');
CREATE VIEW foobar3 AS SELECT foobar2.x FROM foobar2;
CREATE USER test;
GRANT SELECT ON TABLE foobar3 TO test;
\c jjanes test
select * from foobar3;
It connects back to itself, simply for demonstration purposes.
The attached patch implements this change in auth checking.
Cheers,
Jeff
Вложения
В списке pgsql-hackers по дате отправления: