pgsql: Arrange for client authentication to occur before we select a

From: tgl(at)postgresql(dot)org (Tom Lane)
To: pgsql-committers(at)postgresql(dot)org
Subject: pgsql: Arrange for client authentication to occur before we select a
Date: 2010-04-20 23:48:50
Message-ID: 20100420234850.7C0417541D0@cvs.postgresql.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-committers

Log Message:
-----------
Arrange for client authentication to occur before we select a specific
database to connect to. This is necessary for the walsender code to work
properly (it was previously using an untenable assumption that template1 would
always be available to connect to). This also gets rid of a small security
shortcoming that was introduced in the original patch to eliminate the flat
authentication files: before, you could find out whether or not the requested
database existed even if you couldn't pass the authentication checks.

The changes needed to support this are mainly just to treat pg_authid and
pg_auth_members as nailed relations, so that we can read them without having
to be able to locate real pg_class entries for them. This mechanism was
already debugged for pg_database, but we hadn't recognized the value of
applying it to those catalogs too.

Since the current code doesn't have support for accessing toast tables before
we've brought up all of the relcache, remove pg_authid's toast table to ensure
that no one can store an out-of-line toasted value of rolpassword. The case
seems quite unlikely to occur in practice, and was effectively unsupported
anyway in the old "flatfiles" implementation.

Update genbki.pl to actually implement the same rules as bootstrap.c does for
not-nullability of catalog columns. The previous coding was a bit cheesy but
worked all right for the previous set of bootstrap catalogs. It does not work
for pg_authid, where rolvaliduntil needs to be nullable.

Initdb forced due to minor catalog changes (mainly the toast table removal).

Modified Files:
--------------
pgsql/src/backend/catalog:
catalog.c (r1.89 -> r1.90)
(http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/backend/catalog/catalog.c?r1=1.89&r2=1.90)
genbki.pl (r1.7 -> r1.8)
(http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/backend/catalog/genbki.pl?r1=1.7&r2=1.8)
pgsql/src/backend/utils/cache:
catcache.c (r1.151 -> r1.152)
(http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/cache/catcache.c?r1=1.151&r2=1.152)
relcache.c (r1.309 -> r1.310)
(http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/cache/relcache.c?r1=1.309&r2=1.310)
pgsql/src/backend/utils/init:
miscinit.c (r1.183 -> r1.184)
(http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/init/miscinit.c?r1=1.183&r2=1.184)
postinit.c (r1.209 -> r1.210)
(http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/backend/utils/init/postinit.c?r1=1.209&r2=1.210)
pgsql/src/include/catalog:
catversion.h (r1.585 -> r1.586)
(http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/include/catalog/catversion.h?r1=1.585&r2=1.586)
pg_auth_members.h (r1.8 -> r1.9)
(http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/include/catalog/pg_auth_members.h?r1=1.8&r2=1.9)
pg_authid.h (r1.12 -> r1.13)
(http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/include/catalog/pg_authid.h?r1=1.12&r2=1.13)
toasting.h (r1.13 -> r1.14)
(http://anoncvs.postgresql.org/cvsweb.cgi/pgsql/src/include/catalog/toasting.h?r1=1.13&r2=1.14)

Browse pgsql-committers by date

  From Date Subject
Next Message Tom Lane 2010-04-21 00:51:57 pgsql: Move the check for whether walreceiver has authenticated as a
Previous Message Tom Lane 2010-04-20 22:55:04 pgsql: Fix code that doesn't work on machines with strict alignment