Re: distinguish between all and "all" in pg_hba.conf - Mailing list pgsql-patches
From | Bruce Momjian |
---|---|
Subject | Re: distinguish between all and "all" in pg_hba.conf |
Date | |
Msg-id | 200312200046.hBK0kbF00929@candle.pha.pa.us Whole thread Raw |
In response to | Re: distinguish between all and "all" in pg_hba.conf (Andrew Dunstan <andrew@dunslane.net>) |
List | pgsql-patches |
That IPv6 cleanup is major! > ! host all all ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff trust > ! host all all ::1/128 trust Your patch has been added to the PostgreSQL unapplied patches list at: http://momjian.postgresql.org/cgi-bin/pgpatches I will try to apply it within the next 48 hours. --------------------------------------------------------------------------- Andrew Dunstan wrote: > I wrote: > > > Tom Lane wrote: > > > >> Andrew Dunstan <andrew@dunslane.net> writes: > >> > >> > >>> The minimal disturbance change might be to teach the parser to > >>> distinguish between a quoted 'all' and an unquoted 'all', and forget > >>> the '*' idea. > >>> > >> > >> > >> Probably we ought to go with that, on backwards-compatibility grounds. > >> > >> > >> > > > > OK, here's the patch. Should we also do this for "sameuser" and > > "samegroup" for the sake of completness? > > > > Revised patch for this as suggested by Tom. > > cheers > > andrew > > Index: hba.c > =================================================================== > RCS file: /projects/cvsroot/pgsql-server/src/backend/libpq/hba.c,v > retrieving revision 1.118 > diff -c -w -r1.118 hba.c > *** hba.c 5 Dec 2003 15:50:31 -0000 1.118 > --- hba.c 19 Dec 2003 17:42:20 -0000 > *************** > *** 87,102 **** > * token or EOF, whichever comes first. If no more tokens on line, > * return null string as *buf and position file to beginning of > * next line or EOF, whichever comes first. Allow spaces in quoted > ! * strings. Terminate on unquoted commas. Handle comments. > */ > void > next_token(FILE *fp, char *buf, const int bufsz) > { > int c; > char *start_buf = buf; > ! char *end_buf = buf + (bufsz - 1); > bool in_quote = false; > bool was_quote = false; > > /* Move over initial whitespace and commas */ > while ((c = getc(fp)) != EOF && (pg_isblank(c) || c == ',')) > --- 87,105 ---- > * token or EOF, whichever comes first. If no more tokens on line, > * return null string as *buf and position file to beginning of > * next line or EOF, whichever comes first. Allow spaces in quoted > ! * strings. Terminate on unquoted commas. Handle comments. Treat > ! * unquoted keywords that might be user names or database names > ! * specially, by appending a newline to them. > */ > void > next_token(FILE *fp, char *buf, const int bufsz) > { > int c; > char *start_buf = buf; > ! char *end_buf = buf + (bufsz - 2); > bool in_quote = false; > bool was_quote = false; > + bool saw_quote = false; > > /* Move over initial whitespace and commas */ > while ((c = getc(fp)) != EOF && (pg_isblank(c) || c == ',')) > *************** > *** 149,155 **** > --- 152,161 ---- > was_quote = false; > > if (c == '"') > + { > in_quote = !in_quote; > + saw_quote = true; > + } > > c = getc(fp); > } > *************** > *** 161,167 **** > --- 167,188 ---- > if (c != EOF) > ungetc(c, fp); > } > + > + > + if ( !saw_quote && > + ( > + strncmp(start_buf,"all",3) == 0 || > + strncmp(start_buf,"sameuser",8) == 0 || > + strncmp(start_buf,"samegroup",9) == 0 > + ) > + ) > + { > + /* append newline to a magical keyword */ > + *buf++ = '\n'; > + } > + > *buf = '\0'; > + > } > > /* > *************** > *** 446,452 **** > return true; > } > else if (strcmp(tok, user) == 0 || > ! strcmp(tok, "all") == 0) > return true; > } > > --- 467,473 ---- > return true; > } > else if (strcmp(tok, user) == 0 || > ! strcmp(tok, "all\n") == 0) > return true; > } > > *************** > *** 463,476 **** > > for (tok = strtok(param_str, MULTI_VALUE_SEP); tok != NULL; tok = strtok(NULL, MULTI_VALUE_SEP)) > { > ! if (strcmp(tok, "all") == 0) > return true; > ! else if (strcmp(tok, "sameuser") == 0) > { > if (strcmp(dbname, user) == 0) > return true; > } > ! else if (strcmp(tok, "samegroup") == 0) > { > if (check_group(dbname, user)) > return true; > --- 484,497 ---- > > for (tok = strtok(param_str, MULTI_VALUE_SEP); tok != NULL; tok = strtok(NULL, MULTI_VALUE_SEP)) > { > ! if (strcmp(tok, "all\n") == 0) > return true; > ! else if (strcmp(tok, "sameuser\n") == 0) > { > if (strcmp(dbname, user) == 0) > return true; > } > ! else if (strcmp(tok, "samegroup\n") == 0) > { > if (check_group(dbname, user)) > return true; > *************** > *** 1068,1074 **** > errmsg("cannot use Ident authentication without usermap field"))); > found_entry = false; > } > ! else if (strcmp(usermap_name, "sameuser") == 0) > { > if (strcmp(pg_user, ident_user) == 0) > found_entry = true; > --- 1089,1095 ---- > errmsg("cannot use Ident authentication without usermap field"))); > found_entry = false; > } > ! else if (strcmp(usermap_name, "sameuser\n") == 0) > { > if (strcmp(pg_user, ident_user) == 0) > found_entry = true; > Index: pg_hba.conf.sample > =================================================================== > RCS file: /projects/cvsroot/pgsql-server/src/backend/libpq/pg_hba.conf.sample,v > retrieving revision 1.47 > diff -c -w -r1.47 pg_hba.conf.sample > *** pg_hba.conf.sample 13 Sep 2003 16:43:38 -0000 1.47 > --- pg_hba.conf.sample 19 Dec 2003 17:42:20 -0000 > *************** > *** 35,40 **** > --- 35,45 ---- > # encrypted passwords. OPTION is the ident map or the name of the PAM > # service. > # > + # Database and user names containing spaces, commas, quotes and other special > + # characters can be quoted. Quoting one of the keywords "all", "sameuser" or > + # "samegroup" makes the name lose its special character, and just match a > + # database or username with that name. > + # > # This file is read on server startup and when the postmaster receives > # a SIGHUP signal. If you edit the file on a running system, you have > # to SIGHUP the postmaster for the changes to take effect, or use > *************** > *** 59,62 **** > # IPv4-style local connections: > host all all 127.0.0.1 255.255.255.255 trust > # IPv6-style local connections: > ! host all all ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff trust > --- 64,67 ---- > # IPv4-style local connections: > host all all 127.0.0.1 255.255.255.255 trust > # IPv6-style local connections: > ! host all all ::1/128 trust > > ---------------------------(end of broadcast)--------------------------- > TIP 4: Don't 'kill -9' the postmaster -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
pgsql-patches by date: