Re: SYSTEM_USER reserved word implementation

On 6/22/22 11:52, Tom Lane wrote:
> Jacob Champion <jchampion@timescale.com> writes:
>> On Wed, Jun 22, 2022 at 8:10 AM Joe Conway <mail@joeconway.com> wrote:
>>> In case port->authn_id is NULL then the patch is returning the SESSION_USER for the SYSTEM_USER. Perhaps it should
returnNULL instead.
 
> 
>> If the spec says that SYSTEM_USER "represents the operating system
>> user", but we don't actually know who that user was (authn_id is
>> NULL), then I think SYSTEM_USER should also be NULL so as not to
>> mislead auditors.
> 
> Yeah, that seems like a fundamental type mismatch.  If we don't know
> the OS user identifier, substituting a SQL role name is surely not
> the right thing.

+1 agreed

> I think a case could be made for ONLY returning non-null when authn_id
> represents some externally-verified identifier (OS user ID gotten via
> peer identification, Kerberos principal, etc).

But -1 on that.

I think any time we have a non-null authn_id we should expose it. Are 
there examples of cases when we have authn_id but for some reason don't 
trust the value of it?


-- 
Joe Conway
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com