NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitfe7a32f

committed

New contrib module, auth_delay.

KaiGai Kohei, with a few changes by me.

1 parentd53c125 commitfe7a32fCopy full SHA for fe7a32f

File tree

7 files changed

+159

-0

lines changed

contrib
- Makefile
- README
- auth_delay
  - Makefile
  - auth_delay.c
doc/src/sgml

7 files changed

+159

-0

lines changed

`‎contrib/Makefile`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@ include $(top_builddir)/src/Makefile.global`
`6`	`6`
`7`	`7`	`SUBDIRS =\`
`8`	`8`	`adminpack\`
	`9`	`+auth_delay\`
`9`	`10`	`auto_explain\`
`10`	`11`	`btree_gin\`
`11`	`12`	`btree_gist\`

`‎contrib/README`

Lines changed: 5 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,11 @@ adminpack -`
`28`	`28`	`File and log manipulation routines, used by pgAdmin`
`29`	`29`	`by Dave Page <dpage@vale-housing.co.uk>`
`30`	`30`
	`31`	`+auth_delay`
	`32`	`+Add a short delay after a failed authentication attempt, to make`
	`33`	`+ make brute-force attacks on database passwords a bit harder.`
	`34`	`+by KaiGai Kohei <kaigai@ak.jp.nec.com>`
	`35`	`+`
`31`	`36`	`auto_explain -`
`32`	`37`	`Log EXPLAIN output for long-running queries`
`33`	`38`	`by Takahiro Itagaki <itagaki.takahiro@oss.ntt.co.jp>`

`‎contrib/auth_delay/Makefile`

Lines changed: 14 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,14 @@`
	`1`	`+# contrib/auth_delay/Makefile`
	`2`	`+`
	`3`	`+MODULES = auth_delay`
	`4`	`+`
	`5`	`+ifdefUSE_PGXS`
	`6`	`+PG_CONFIG = pg_config`
	`7`	`+PGXS :=$(shell$(PG_CONFIG) --pgxs)`
	`8`	`+include$(PGXS)`
	`9`	`+else`
	`10`	`+subdir = contrib/auth_delay`
	`11`	`+top_builddir = ../..`
	`12`	`+include$(top_builddir)/src/Makefile.global`
	`13`	`+include$(top_srcdir)/contrib/contrib-global.mk`
	`14`	`+endif`

`‎contrib/auth_delay/auth_delay.c`

Lines changed: 70 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,70 @@`
	`1`	`+/* -------------------------------------------------------------------------`
	`2`	`+ *`
	`3`	`+ * auth_delay.c`
	`4`	`+ *`
	`5`	`+ * Copyright (C) 2010, PostgreSQL Global Development Group`
	`6`	`+ *`
	`7`	`+ * IDENTIFICATION`
	`8`	`+ *contrib/auth_delay/auth_delay.c`
	`9`	`+ *`
	`10`	`+ * -------------------------------------------------------------------------`
	`11`	`+ */`
	`12`	`+#include"postgres.h"`
	`13`	`+`
	`14`	`+#include"libpq/auth.h"`
	`15`	`+#include"port.h"`
	`16`	`+#include"utils/guc.h"`
	`17`	`+#include"utils/timestamp.h"`
	`18`	`+`
	`19`	`+PG_MODULE_MAGIC;`
	`20`	`+`
	`21`	`+void_PG_init(void);`
	`22`	`+`
	`23`	`+/* GUC Variables */`
	`24`	`+staticintauth_delay_milliseconds;`
	`25`	`+`
	`26`	`+/* Original Hook */`
	`27`	`+staticClientAuthentication_hook_typeoriginal_client_auth_hook=NULL;`
	`28`	`+`
	`29`	`+/*`
	`30`	`+ * Check authentication`
	`31`	`+ */`
	`32`	`+staticvoid`
	`33`	`+auth_delay_checks(Port*port,intstatus)`
	`34`	`+{`
	`35`	`+/*`
	`36`	`+ * Any other plugins which use ClientAuthentication_hook.`
	`37`	`+ */`
	`38`	`+if (original_client_auth_hook)`
	`39`	`+original_client_auth_hook(port,status);`
	`40`	`+`
	`41`	`+/*`
	`42`	`+ * Inject a short delay if authentication failed.`
	`43`	`+ */`
	`44`	`+if (status!=STATUS_OK)`
	`45`	`+{`
	`46`	`+pg_usleep(1000L*auth_delay_milliseconds);`
	`47`	`+}`
	`48`	`+}`
	`49`	`+`
	`50`	`+/*`
	`51`	`+ * Module Load Callback`
	`52`	`+ */`
	`53`	`+void`
	`54`	`+_PG_init(void)`
	`55`	`+{`
	`56`	`+/* Define custome GUC variables */`
	`57`	`+DefineCustomIntVariable("auth_delay.milliseconds",`
	`58`	`+"Milliseconds to delay before reporting authentication failure",`
	`59`	`+NULL,`
	`60`	`+&auth_delay_milliseconds,`
	`61`	`+0,`
	`62`	`+0,INT_MAX,`
	`63`	`+PGC_SIGHUP,`
	`64`	`+GUC_UNIT_MS,`
	`65`	`+NULL,`
	`66`	`+NULL);`
	`67`	`+/* Install Hooks */`
	`68`	`+original_client_auth_hook=ClientAuthentication_hook;`
	`69`	`+ClientAuthentication_hook=auth_delay_checks;`
	`70`	`+}`

`‎doc/src/sgml/auth-delay.sgml`

Lines changed: 67 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,67 @@`
	`1`	`+<!-- doc/src/sgml/auth-delay.sgml -->`
	`2`	`+`
	`3`	`+<sect1 id="auth-delay">`
	`4`	`+ <title>auth_delay</title>`
	`5`	`+`
	`6`	`+ <indexterm zone="auth-delay">`
	`7`	`+ <primary>auth_delay</primary>`
	`8`	`+ </indexterm>`
	`9`	`+`
	`10`	`+ <para>`
	`11`	`+ <filename>auth_delay</filename> causes the server to pause briefly before`
	`12`	`+ reporting authentication failure, to make brute-force attacks on database`
	`13`	`+ passwords more difficult. Note that it does nothing to prevent`
	`14`	`+ denial-of-service attacks, and may even exacerbate them, since processes`
	`15`	`+ that are waiting before reporting authentication failure will still consume`
	`16`	`+ connection slots.`
	`17`	`+ </para>`
	`18`	`+`
	`19`	`+ <para>`
	`20`	`+ In order to function, this module must be loaded via`
	`21`	`+ <xref linkend="guc-shared-preload-libraries"> in <filename>postgresql.conf</>.`
	`22`	`+ </para>`
	`23`	`+`
	`24`	`+ <sect2>`
	`25`	`+ <title>Configuration parameters</title>`
	`26`	`+`
	`27`	`+ <variablelist>`
	`28`	`+ <varlistentry>`
	`29`	`+ <term>`
	`30`	`+ <varname>auth_delay.milliseconds</varname> (<type>int</type>)`
	`31`	`+ </term>`
	`32`	`+ <indexterm>`
	`33`	`+ <primary><varname>auth_delay.milliseconds</> configuration parameter</primary>`
	`34`	`+ </indexterm>`
	`35`	`+ <listitem>`
	`36`	`+ <para>`
	`37`	`+ The number of milliseconds to wait before reporting an authentication`
	`38`	`+ failure. The default is 0.`
	`39`	`+ </para>`
	`40`	`+ </listitem>`
	`41`	`+ </varlistentry>`
	`42`	`+ </variablelist>`
	`43`	`+`
	`44`	`+ <para>`
	`45`	`+ In order to set these parameters in your <filename>postgresql.conf</> file,`
	`46`	`+ you will need to add <literal>auth_delay</> to`
	`47`	`+ <xref linkend="guc-custom-variable-classes">. Typical usage might be:`
	`48`	`+ </para>`
	`49`	`+`
	`50`	`+<programlisting>`
	`51`	`+# postgresql.conf`
	`52`	`+shared_preload_libraries = 'auth_delay'`
	`53`	`+`
	`54`	`+custom_variable_classes = 'auth_delay'`
	`55`	`+auth_delay.milliseconds = '500'`
	`56`	`+</programlisting>`
	`57`	`+ </sect2>`
	`58`	`+`
	`59`	`+ <sect2>`
	`60`	`+ <title>Author</title>`
	`61`	`+`
	`62`	`+ <para>`
	`63`	`+ KaiGai Kohei <email>kaigai@ak.jp.nec.com</email>`
	`64`	`+ </para>`
	`65`	`+ </sect2>`
	`66`	`+`
	`67`	`+</sect1>`

`‎doc/src/sgml/contrib.sgml`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -81,6 +81,7 @@ psql -d dbname -f <replaceable>SHAREDIR</>/contrib/<replaceable>module</>.sql`
`81`	`81`	`</para>`
`82`	`82`
`83`	`83`	`&adminpack;`
	`84`	`+ &auth-delay;`
`84`	`85`	`&auto-explain;`
`85`	`86`	`&btree-gin;`
`86`	`87`	`&btree-gist;`

`‎doc/src/sgml/filelist.sgml`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -93,6 +93,7 @@`
`93`	`93`	`<!-- contrib information -->`
`94`	`94`	`<!entity contrib SYSTEM "contrib.sgml">`
`95`	`95`	`<!entity adminpack SYSTEM "adminpack.sgml">`
	`96`	`+<!entity auth-delay SYSTEM "auth-delay.sgml">`
`96`	`97`	`<!entity auto-explain SYSTEM "auto-explain.sgml">`
`97`	`98`	`<!entity btree-gin SYSTEM "btree-gin.sgml">`
`98`	`99`	`<!entity btree-gist SYSTEM "btree-gist.sgml">`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitfe7a32f

File tree

7 files changed

7 files changed

`‎contrib/Makefile`

`‎contrib/README`

`‎contrib/auth_delay/Makefile`

`‎contrib/auth_delay/auth_delay.c`

`‎doc/src/sgml/auth-delay.sgml`

`‎doc/src/sgml/contrib.sgml`

`‎doc/src/sgml/filelist.sgml`

0 commit comments