danielcode
diff --git a/‎contrib/dblink/dblink.c
Lines changed: 144 additions & 0 deletions b/‎contrib/dblink/dblink.c
Lines changed: 144 additions & 0 deletions
diff --git a/‎contrib/dblink/dblink.sql.in
Lines changed: 12 additions & 0 deletions b/‎contrib/dblink/dblink.sql.in
Lines changed: 12 additions & 0 deletions
diff --git a/‎contrib/dblink/doc/connection
Lines changed: 38 additions & 0 deletions b/‎contrib/dblink/doc/connection
Lines changed: 38 additions & 0 deletions
@@ -32,6 +32,7 @@
 
 #include "fmgr.h"
 #include "funcapi.h"
+#include "miscadmin.h"
 #include "access/tupdesc.h"
 #include "access/heapam.h"
 #include "catalog/catname.h"
@@ -71,6 +72,7 @@ static dblink_results *get_res_ptr(int32 res_id_index);
 static void append_res_ptr(dblink_results * results);
 static void remove_res_ptr(dblink_results * results);
 static char *generate_relation_name(Oid relid);
+static char *connstr_strip_password(const char *connstr);
 
 /* Global */
 List	   *res_id = NIL;
@@ -105,6 +107,22 @@ dblink_connect(PG_FUNCTION_ARGS)
 		PQfinish(persistent_conn);
 
 	oldcontext = MemoryContextSwitchTo(TopMemoryContext);
+
+	/* for non-superusers, check that server requires a password */
+	if (!superuser())
+	{
+		/* this attempt must fail */
+		persistent_conn = PQconnectdb(connstr_strip_password(connstr));
+
+		if (PQstatus(persistent_conn) == CONNECTION_OK)
+		{
+			PQfinish(persistent_conn);
+			persistent_conn = NULL;
+			elog(ERROR, "Non-superuser cannot connect if the server does not request a password.");
+		}
+		else
+			PQfinish(persistent_conn);
+	}
 	persistent_conn = PQconnectdb(connstr);
 	MemoryContextSwitchTo(oldcontext);
 
@@ -2032,3 +2050,129 @@ generate_relation_name(Oid relid)
 
 	return result;
 }
+
+/*
+ * Modified version of conninfo_parse() from fe-connect.c
+ * Used to remove any password from the connection string
+ * in order to test whether the server auth method will
+ * require it.
+ */
+static char *
+connstr_strip_password(const char *connstr)
+{
+	char		   *pname;
+	char		   *pval;
+	char		   *buf;
+	char		   *cp;
+	char		   *cp2;
+	StringInfoData	result;
+
+	/* initialize return value */
+	initStringInfo(&result);
+
+	/* Need a modifiable copy of the input string */
+	buf = pstrdup(connstr);
+	cp = buf;
+
+	while (*cp)
+	{
+		/* Skip blanks before the parameter name */
+		if (isspace((unsigned char) *cp))
+		{
+			cp++;
+			continue;
+		}
+
+		/* Get the parameter name */
+		pname = cp;
+		while (*cp)
+		{
+			if (*cp == '=')
+				break;
+			if (isspace((unsigned char) *cp))
+			{
+				*cp++ = '\0';
+				while (*cp)
+				{
+					if (!isspace((unsigned char) *cp))
+						break;
+					cp++;
+				}
+				break;
+			}
+			cp++;
+		}
+
+		/* Check that there is a following '=' */
+		if (*cp != '=')
+			elog(ERROR, "missing \"=\" after \"%s\" in connection string", pname);
+		*cp++ = '\0';
+
+		/* Skip blanks after the '=' */
+		while (*cp)
+		{
+			if (!isspace((unsigned char) *cp))
+				break;
+			cp++;
+		}
+
+		/* Get the parameter value */
+		pval = cp;
+
+		if (*cp != '\'')
+		{
+			cp2 = pval;
+			while (*cp)
+			{
+				if (isspace((unsigned char) *cp))
+				{
+					*cp++ = '\0';
+					break;
+				}
+				if (*cp == '\\')
+				{
+					cp++;
+					if (*cp != '\0')
+						*cp2++ = *cp++;
+				}
+				else
+					*cp2++ = *cp++;
+			}
+			*cp2 = '\0';
+		}
+		else
+		{
+			cp2 = pval;
+			cp++;
+			for (;;)
+			{
+				if (*cp == '\0')
+					elog(ERROR, "unterminated quoted string in connection string");
+				if (*cp == '\\')
+				{
+					cp++;
+					if (*cp != '\0')
+						*cp2++ = *cp++;
+					continue;
+				}
+				if (*cp == '\'')
+				
10000
{
+					*cp2 = '\0';
+					cp++;
+					break;
+				}
+				*cp2++ = *cp++;
+			}
+		}
+
+		/*
+		 * Now we have the name and the value. If it is not a password,
+		 * append to the return connstr.
+		 */
+		if (strcmp("password", pname) != 0)
+			/* append the value */
+			appendStringInfo(&result, " %s='%s'", pname, pval);
+	}
+
+	return result.data;
+}
@@ -14,11 +14,23 @@
 --AS 'MODULE_PATHNAME','dblink_last_oid'
 --LANGUAGE 'C' WITH (isstrict);
 
+-- dblink_connect now restricts non-superusers to password
+-- authenticated connections
 CREATE OR REPLACE FUNCTION dblink_connect (text)
 RETURNS text
 AS 'MODULE_PATHNAME','dblink_connect'
 LANGUAGE 'C' WITH (isstrict);
 
+-- dblink_connect_u allows non-superusers to use
+-- non-password authenticated connections, but initially
+-- privileges are revoked from public
+CREATE OR REPLACE FUNCTION dblink_connect_u (text)
+RETURNS text
+AS 'MODULE_PATHNAME','dblink_connect'
+LANGUAGE C STRICT SECURITY DEFINER;
+
+REVOKE ALL ON FUNCTION dblink_connect_u (text) FROM public;
+
 CREATE OR REPLACE FUNCTION dblink_disconnect ()
 RETURNS text
 AS 'MODULE_PATHNAME','dblink_disconnect'
 
@@ -18,6 +18,12 @@ Outputs
 
   Returns status = "OK"
 
+Notes
+
+  Only superusers may use dblink_connect to create non-password
+  authenticated connections. If non-superusers need this capability,
+  use dblink_connect_u instead.
+
 Example usage
 
 test=# select dblink_connect('dbname=template1');
@@ -26,6 +32,38 @@ test=# select dblink_connect('dbname=template1');
  OK
 (1 row)
 
+==================================================================
+Name
+
+dblink_connect_u -- Opens a persistent connection to a remote database
+
+Synopsis
+
+dblink_connect_u(text connstr)
+
+Inputs
+
+  connstr
+
+    standard libpq format connection string, 
+    e.g. "hostaddr=127.0.0.1 port=5432 dbname=mydb user=postgres password=mypasswd"
+
+Outputs
+
+  Returns status = "OK"
+
+Notes
+
+  With dblink_connect_u, a non-superuser may connect to any database server
+  using any authentication method. If the authentication method specified
+  for a particular user does not require a password, impersonation and
+  therefore escalation of privileges may occur. For this reason,
+  dblink_connect_u is initially installed with all privileges revoked from
+  public. Privilege to these functions should be granted with care.
+
+Example usage
+
+
 ==================================================================
 Name