pgsql-authorization-hook.2.patch

text/x-patch

Filename: pgsql-authorization-hook.2.patch
Type: text/x-patch
Part: 0
Message: Re: security hook on authorization

Patch

Same data as JSON: GET /api/v1/attachments/:id/patch the parsed metadata as JSON — format, series position, per-file stats; never the diff bytes. API reference →
Format: context
File+
src/backend/libpq/auth.c 10 0
src/include/libpq/auth.h 4 0
*** a/src/backend/libpq/auth.c
--- b/src/backend/libpq/auth.c
***************
*** 216,221 **** static int	CheckRADIUSAuth(Port *port);
--- 216,228 ----
   *----------------------------------------------------------------
   */
  
+ /*
+  * This hook allows plugins to get control next to client authentication,
+  * but before returning the status to user.
+  * It can be used to assign security label on the session, to record users
+  * login event, to delay disconnection if failed, and so on.
+  */
+ ClientAuthentication_hook_type ClientAuthentication_hook = NULL;
  
  /*
   * Tell the user the authentication failed, but not (much about) why.
***************
*** 577,582 **** ClientAuthentication(Port *port)
--- 584,592 ----
  			break;
  	}
  
+ 	if (ClientAuthentication_hook)
+ 		(*ClientAuthentication_hook)(port, status);
+ 
  	if (status == STATUS_OK)
  		sendAuthRequest(port, AUTH_REQ_OK);
  	else
*** a/src/include/libpq/auth.h
--- b/src/include/libpq/auth.h
***************
*** 24,27 **** extern char *pg_krb_realm;
--- 24,31 ----
  
  extern void ClientAuthentication(Port *port);
  
+ /* Hook for plugins to get control in ClientAuthentication() */
+ typedef void (*ClientAuthentication_hook_type)(Port *, int);
+ extern PGDLLIMPORT ClientAuthentication_hook_type ClientAuthentication_hook;
+ 
  #endif   /* AUTH_H */