| From: | Gevik Babakhani <pgdev(at)xs4all(dot)nl> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Subject: | TODO Item: ACL_CONNECT |
| Date: | 2006-04-24 12:51:57 |
| Message-ID: | 1145883117.12809.49.camel@voyager.truesoftware.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi
> I don't understand. The code should look like this:
>
> if (acl in pg_database == NULL)
> acl = acldefault
> else
> acl = acl in pg_database
> if (has_permission(acl, user, ACL_CONNECT))
> can connect
> else
> can't connect
>
To my surprise the code you described above was already there :)
function aclchk.c:pg_database_aclmask:1696
snip...
if (isNull)
{
/* No ACL, so build default ACL */
acl = acldefault(ACL_OBJECT_DATABASE, ownerId);
aclDatum = (Datum) 0;
}
However the original acldefault:case:ACL_OBJECT_DATABASE only had
ACL_CREATE_TEMP as default for PUBLIC. I thought by adding ACL_CONNECT
to the world_owner makes connecting to a database available for public,
which is the required behavior as discussed yesterday.
Original...
case ACL_OBJECT_DATABASE:
world_default = ACL_CREATE_TEMP /* NO_RIGHTS! */
owner_default = ACL_ALL_RIGHTS_DATABASE;
break;
Proposed....
case ACL_OBJECT_DATABASE:
world_default = ACL_CREATE_TEMP | ACL_CONNECT; /* NO_RIGHTS! */
owner_default = ACL_ALL_RIGHTS_DATABASE;
break;
Would the above be correct?
The following is how I tested the code above.
1. make new new compile/install and initdb.
2. run createdb <enter> (database pgdev is created)
3. psql <enter> (login with user pgdev to pgdev)
4. create role user1 login; and then quit.
5. psql -U user1 -d pgdev (login success. this is the backward
compatible and the required behavior I guess we wanted)
6. quit and login with psql like step in 3
7.
GRANT CONNECTION ON DATABASE pgdev to pgdev;
(this would overwrite the ACL NULL. The public ACL still exists.)
REVOKE CONNECTION ON DATABASE pgdev from PUBLIC; and the quit
(public cannot login to pgdev anymore :) only the owner )
8. psql -U user1 -d pgdev (login fails this time
psql: FATAL: couldn't connect to database pgdev
DETAIL: User user1 doesn't have the CONNECTION privilege for database
pgdev.
)
9. quit and login with psql like step in 3
GRANT CONNECTION ON DATABASE pgdev to user1; and quit.
10. psql -U user1 -d pgdev (login success and the {user1=c/pgdev}
is added to the ACL)
* end test *************************
If the above is okay and correct. Then I guess for simple systems one
could only enter the line below in pg_hba.conf
"host/hostssel all all (whatever IP) (whatever option)"
and by granting ACL_CONNECT to roles could keep
the pg_hba.conf simple and short.
New test patch:
http://www.xs4all.nl/~gevik/patch/patch-0.2.diff
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gevik Babakhani | 2006-04-24 12:54:25 | 2x compile warning |
| Previous Message | Michael Meskes | 2006-04-24 09:48:05 | ecpg memory leaks |