l4postgres: add user/database, client, and SSL matchers (supersedes #188)#436
Open
tannevaled wants to merge 1 commit into
Open
l4postgres: add user/database, client, and SSL matchers (supersedes #188)#436tannevaled wants to merge 1 commit into
tannevaled wants to merge 1 commit into
Conversation
Supersedes mholt#188 by Liam Clancy (metafeather), rebased onto the current, hardened MatchPostgres on master. The original PR added three Postgres StartupMessage matchers but predated the maintainers' rewrite of the connection detector; this brings the same matching capabilities onto that detector and fills the gaps the original PR left. What it adds: - MatchPostgres gains an optional "user" map (user -> allowed databases, with "*" as the wildcard user) applied to the StartupMessage. - MatchPostgresClient ("postgres_client") matches on the application_name parameter. - MatchPostgresSSL ("postgres_ssl") matches connections that do, or with "disabled" do not, begin with an SSLRequest. How it differs from mholt#188 (kept faithful to its design, JSON config shapes and module IDs are unchanged, so existing configs keep working): - Reuses master's DoS-hardened length/payload bounds checks for all three matchers via a shared readFirstMessage helper, instead of the unchecked Uint32(head)-4 read (which could underflow on a short message). - Adds proper json struct tags so the documented lowercase keys (user, client, disabled) are produced. - Adds UnmarshalCaddyfile to all three matchers (the original was JSON-only), with caddyfile_adapt integration tests. - 100% statement coverage on the package, verified under -race. - Documentation for all three matchers under docs/matchers/. Co-authored-by: Liam Clancy (metafeather) <github@metafeather.com> Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
This supersedes #188 by @metafeather, rebased onto the current hardened
MatchPostgresonmaster. The original PR added three Postgres StartupMessage matchers, but it predated the maintainers' rewrite of the connection detector, so it no longer applied cleanly. This brings the same matching capabilities onto the current detector and fills the gaps the original left. @metafeather is preserved asCo-authored-by:on the commit.As discussed on #188, this keeps #432 (the
postgres_starttlshandler) as a separate PR on top. Once this lands I'll close #188.Matchers
postgresgains an optionalusermap (user → allowed databases,*as the wildcard user), applied to the StartupMessage parameters.postgres_clientmatches on theapplication_nameparameter.postgres_sslmatches connections that request SSL, or — withdisabled— that do not.How it differs from #188
Faithful to the original design — module IDs and JSON config shapes are unchanged, so existing configs keep working — but elevated to current standards:
master's DoS-hardened length/payload bounds checks for all three matchers (via a sharedreadFirstMessagehelper) instead of the uncheckedUint32(head)-4read, which could underflow on a short message.jsonstruct tags so the documented lowercase keys (user,client,disabled) are actually produced.UnmarshalCaddyfileto all three matchers (the original was JSON-only), withcaddyfile_adaptintegration tests.-race. The maintainers' existing 388-lineTestMatchPostgresis kept and still passes unchanged (behavior of the bare matcher is identical).docs/matchers/.Verification