pgsql-authorization-hook.2.patch
text/x-patch
Filename: pgsql-authorization-hook.2.patch
Type: text/x-patch
Part: 0
Message:
Re: security hook on authorization
Patch
Same data as JSON:
GET /api/v1/attachments/:id/patch
the parsed metadata as JSON — format, series position, per-file stats; never the diff bytes.
API reference →
Format: context
| File | + | − |
|---|---|---|
| src/backend/libpq/auth.c | 10 | 0 |
| src/include/libpq/auth.h | 4 | 0 |
*** a/src/backend/libpq/auth.c --- b/src/backend/libpq/auth.c *************** *** 216,221 **** static int CheckRADIUSAuth(Port *port); --- 216,228 ---- *---------------------------------------------------------------- */ + /* + * This hook allows plugins to get control next to client authentication, + * but before returning the status to user. + * It can be used to assign security label on the session, to record users + * login event, to delay disconnection if failed, and so on. + */ + ClientAuthentication_hook_type ClientAuthentication_hook = NULL; /* * Tell the user the authentication failed, but not (much about) why. *************** *** 577,582 **** ClientAuthentication(Port *port) --- 584,592 ---- break; } + if (ClientAuthentication_hook) + (*ClientAuthentication_hook)(port, status); + if (status == STATUS_OK) sendAuthRequest(port, AUTH_REQ_OK); else *** a/src/include/libpq/auth.h --- b/src/include/libpq/auth.h *************** *** 24,27 **** extern char *pg_krb_realm; --- 24,31 ---- extern void ClientAuthentication(Port *port); + /* Hook for plugins to get control in ClientAuthentication() */ + typedef void (*ClientAuthentication_hook_type)(Port *, int); + extern PGDLLIMPORT ClientAuthentication_hook_type ClientAuthentication_hook; + #endif /* AUTH_H */