Return-Path: pg_adm@postgres.berkeley.edu
Received: by postgres.Berkeley.EDU (5.61/1.29)
	id AA16801; Wed, 29 Apr 92 03:06:38 -0700
Message-Id: <9204291006.AA16801@postgres.Berkeley.EDU>
From: schoenw@ibr.cs.tu-bs.de (Juergen Schoenwaelder)
Subject: Re: Who am I?
To: postgres@postgres.berkeley.edu
Sender: pg_adm@postgres.berkeley.edu
To: postgres@postgres.berkeley.edu (Postgres Mailing List)
Date: Wed, 29 Apr 92 12:04:35 MET DST
In-Reply-To: <9204270259.AA15561@postgres.Berkeley.EDU>; from "Sean.Levy@cs.cmu.edu" at Apr 26, 92 7:59 pm

Hi!
 
> When connecting to a backend via libpq from a remote host, who does the
> backend think I am? I want to define rules that disallow access to
> instances based on attributes of those instances, depending on the user
> trying to do the retrievals; thus, I need some way to know who the user
> performing the query is. The manual claims that pg_username() returns
> the user name of the "current user" (define rule man page), but what
> does that mean? Does libpq transmit the UID of the user? If the remote
> user's number UID is not one of the ones in the system catalogs (entered
> via createuser, I assume), then are libpq connections disallowed?

I had to look in $POSTGRESHOME/src/lib/libpq/*.c, because I wanted to
execute queries from a host during system boot. I always got a core
dump and so I found in fe-pqexec.c:

/* ----------------
 *      EstablishComm
 * ----------------
 */
static
void
EstablishComm()
{
    if (!PQportset) {
        read_initstr();

        if (pq_connect(PQdatabase, getenv("USER"), PQoption, PQhost, PQtty,
                        (char *) NULL, (short)atoi(PQport) ) == -1 ) {
            libpq_raise(&ProtocolError,
              form((int)"Failed to connect to backend (host=%s, port=%s)",
                   PQhost, PQport));
        }

        pq_flush();
        PQportset = 1;
    }
}

EstablishComm() initializes a connection. This functions gets the user name 
using the getenv() function. I got core dumps, because there is no environment
variable USER during system boot. Now, I looked into pq_connect() and I
found that the user name is transmitted to the backend as a normal string.

It should be clear, that fooling a backend about the user identity 
is no problem. We are currently thinking about using kerberos to
authenticate user for remote database access.

							Juergen