#include "miscadmin.h"

static char *connstr_strip_password(const char *connstr);

/* for non-superusers, check that server requires a password */

if (!superuser())

{

/* this attempt must fail */

persistent_conn = PQconnectdb(connstr_strip_password(connstr));

if (PQstatus(persistent_conn) == CONNECTION_OK)

{

PQfinish(persistent_conn);

persistent_conn = NULL;

elog(ERROR, "Non-superuser cannot connect if the server does not request a password.");

}

else

PQfinish(persistent_conn);

}

static char *

connstr_strip_password(const char *connstr)

{

char *pname;

char *pval;

char *buf;

char *cp;

char *cp2;

StringInfoData result;

/* initialize return value */

initStringInfo(&result);

/* Need a modifiable copy of the input string */

buf = pstrdup(connstr);

cp = buf;

while (*cp)

{

/* Skip blanks before the parameter name */

if (isspace((unsigned char) *cp))

{

cp++;

continue;

}

/* Get the parameter name */

pname = cp;

while (*cp)

{

if (*cp == '=')

break;

if (isspace((unsigned char) *cp))

{

*cp++ = '\0';

while (*cp)

{

if (!isspace((unsigned char) *cp))

break;

cp++;

}

break;

}

cp++;

}

/* Check that there is a following '=' */

if (*cp != '=')

elog(ERROR, "missing \"=\" after \"%s\" in connection string", pname);

*cp++ = '\0';

/* Skip blanks after the '=' */

while (*cp)

{

if (!isspace((unsigned char) *cp))

break;

cp++;

}

/* Get the parameter value */

pval = cp;

if (*cp != '\'')

{

cp2 = pval;

while (*cp)

{

if (isspace((unsigned char) *cp))

{

*cp++ = '\0';

break;

}

if (*cp == '\\')

{

cp++;

if (*cp != '\0')

*cp2++ = *cp++;

}

else

*cp2++ = *cp++;

}

*cp2 = '\0';

}

else

{

cp2 = pval;

cp++;

for (;;)

{

if (*cp == '\0')

elog(ERROR, "unterminated quoted string in connection string");

if (*cp == '\\')

{

cp++;

if (*cp != '\0')

*cp2++ = *cp++;

continue;

}

if (*cp == '\'')

{

*cp2 = '\0';

cp++;

break;

}

*cp2++ = *cp++;

}

}

/*

if (strcmp("password", pname) != 0)

/* append the value */

appendStringInfo(&result, " %s='%s'", pname, pval);

}

return result.data;

}

-- dblink_connect now restricts non-superusers to password

-- authenticated connections

-- dblink_connect_u allows non-superusers to use

-- non-password authenticated connections, but initially

-- privileges are revoked from public

CREATE OR REPLACE FUNCTION dblink_connect_u (text)

RETURNS text

AS 'MODULE_PATHNAME','dblink_connect'

LANGUAGE C STRICT SECURITY DEFINER;

REVOKE ALL ON FUNCTION dblink_connect_u (text) FROM public;

Notes

Only superusers may use dblink_connect to create non-password

authenticated connections. If non-superusers need this capability,

use dblink_connect_u instead.

==================================================================

Name

dblink_connect_u -- Opens a persistent connection to a remote database

Synopsis

dblink_connect_u(text connstr)

Inputs

connstr

standard libpq format connection string,

e.g. "hostaddr=127.0.0.1 port=5432 dbname=mydb user=postgres password=mypasswd"

Outputs

Returns status = "OK"

Notes

With dblink_connect_u, a non-superuser may connect to any database server

using any authentication method. If the authentication method specified

for a particular user does not require a password, impersonation and

therefore escalation of privileges may occur. For this reason,

dblink_connect_u is initially installed with all privileges revoked from

public. Privilege to these functions should be granted with care.

Example usage