Postgres Pro
Downloads
Home   >   mailing lists

Re: distinguish between all and "all" in pg_hba.conf - Mailing list pgsql-patches

From Bruce Momjian
Subject Re: distinguish between all and "all" in pg_hba.conf
Date
Msg-id 200312250344.hBP3iDP04347@candle.pha.pa.us
Whole thread Raw
In response to Re: distinguish between all and "all" in pg_hba.conf  (Andrew Dunstan <andrew@dunslane.net>)
List pgsql-patches
Tree view 
Patch applied.  Thanks.

---------------------------------------------------------------------------


Andrew Dunstan wrote:
> I wrote:
>
> > Tom Lane wrote:
> >
> >> Andrew Dunstan <andrew@dunslane.net> writes:
> >>
> >>
> >>> The minimal disturbance change might be to teach the parser to
> >>> distinguish between a quoted 'all' and an unquoted 'all', and forget
> >>> the '*' idea.
> >>>
> >>
> >>
> >> Probably we ought to go with that, on backwards-compatibility grounds.
> >>
> >>
> >>
> >
> > OK, here's the patch. Should we also do this for "sameuser" and
> > "samegroup" for the sake of completness?
>
>
>
> Revised patch for this as suggested by Tom.
>
> cheers
>
> andrew
>

> Index: hba.c
> ===================================================================
> RCS file: /projects/cvsroot/pgsql-server/src/backend/libpq/hba.c,v
> retrieving revision 1.118
> diff -c -w -r1.118 hba.c
> *** hba.c    5 Dec 2003 15:50:31 -0000    1.118
> --- hba.c    19 Dec 2003 17:42:20 -0000
> ***************
> *** 87,102 ****
>    *     token or EOF, whichever comes first. If no more tokens on line,
>    *     return null string as *buf and position file to beginning of
>    *     next line or EOF, whichever comes first. Allow spaces in quoted
> !  *     strings. Terminate on unquoted commas. Handle comments.
>    */
>   void
>   next_token(FILE *fp, char *buf, const int bufsz)
>   {
>       int            c;
>       char       *start_buf = buf;
> !     char       *end_buf = buf + (bufsz - 1);
>       bool        in_quote = false;
>       bool        was_quote = false;
>
>       /* Move over initial whitespace and commas */
>       while ((c = getc(fp)) != EOF && (pg_isblank(c) || c == ','))
> --- 87,105 ----
>    *     token or EOF, whichever comes first. If no more tokens on line,
>    *     return null string as *buf and position file to beginning of
>    *     next line or EOF, whichever comes first. Allow spaces in quoted
> !  *     strings. Terminate on unquoted commas. Handle comments. Treat
> !  *   unquoted keywords that might be user names or database names
> !  *   specially, by appending a newline to them.
>    */
>   void
>   next_token(FILE *fp, char *buf, const int bufsz)
>   {
>       int            c;
>       char       *start_buf = buf;
> !     char       *end_buf = buf + (bufsz - 2);
>       bool        in_quote = false;
>       bool        was_quote = false;
> +     bool        saw_quote = false;
>
>       /* Move over initial whitespace and commas */
>       while ((c = getc(fp)) != EOF && (pg_isblank(c) || c == ','))
> ***************
> *** 149,155 ****
> --- 152,161 ----
>                   was_quote = false;
>
>               if (c == '"')
> +             {
>                   in_quote = !in_quote;
> +                 saw_quote = true;
> +             }
>
>               c = getc(fp);
>           }
> ***************
> *** 161,167 ****
> --- 167,188 ----
>           if (c != EOF)
>               ungetc(c, fp);
>       }
> +
> +
> +     if ( !saw_quote &&
> +          (
> +              strncmp(start_buf,"all",3) == 0  ||
> +              strncmp(start_buf,"sameuser",8) == 0  ||
> +              strncmp(start_buf,"samegroup",9) == 0
> +          )
> +         )
> +     {
> +         /* append newline to a magical keyword */
> +         *buf++ = '\n';
> +     }
> +
>       *buf = '\0';
> +
>   }
>
>   /*
> ***************
> *** 446,452 ****
>                   return true;
>           }
>           else if (strcmp(tok, user) == 0 ||
> !                  strcmp(tok, "all") == 0)
>               return true;
>       }
>
> --- 467,473 ----
>                   return true;
>           }
>           else if (strcmp(tok, user) == 0 ||
> !                  strcmp(tok, "all\n") == 0)
>               return true;
>       }
>
> ***************
> *** 463,476 ****
>
>       for (tok = strtok(param_str, MULTI_VALUE_SEP); tok != NULL; tok = strtok(NULL, MULTI_VALUE_SEP))
>       {
> !         if (strcmp(tok, "all") == 0)
>               return true;
> !         else if (strcmp(tok, "sameuser") == 0)
>           {
>               if (strcmp(dbname, user) == 0)
>                   return true;
>           }
> !         else if (strcmp(tok, "samegroup") == 0)
>           {
>               if (check_group(dbname, user))
>                   return true;
> --- 484,497 ----
>
>       for (tok = strtok(param_str, MULTI_VALUE_SEP); tok != NULL; tok = strtok(NULL, MULTI_VALUE_SEP))
>       {
> !         if (strcmp(tok, "all\n") == 0)
>               return true;
> !         else if (strcmp(tok, "sameuser\n") == 0)
>           {
>               if (strcmp(dbname, user) == 0)
>                   return true;
>           }
> !         else if (strcmp(tok, "samegroup\n") == 0)
>           {
>               if (check_group(dbname, user))
>                   return true;
> ***************
> *** 1068,1074 ****
>           errmsg("cannot use Ident authentication without usermap field")));
>           found_entry = false;
>       }
> !     else if (strcmp(usermap_name, "sameuser") == 0)
>       {
>           if (strcmp(pg_user, ident_user) == 0)
>               found_entry = true;
> --- 1089,1095 ----
>           errmsg("cannot use Ident authentication without usermap field")));
>           found_entry = false;
>       }
> !     else if (strcmp(usermap_name, "sameuser\n") == 0)
>       {
>           if (strcmp(pg_user, ident_user) == 0)
>               found_entry = true;
> Index: pg_hba.conf.sample
> ===================================================================
> RCS file: /projects/cvsroot/pgsql-server/src/backend/libpq/pg_hba.conf.sample,v
> retrieving revision 1.47
> diff -c -w -r1.47 pg_hba.conf.sample
> *** pg_hba.conf.sample    13 Sep 2003 16:43:38 -0000    1.47
> --- pg_hba.conf.sample    19 Dec 2003 17:42:20 -0000
> ***************
> *** 35,40 ****
> --- 35,45 ----
>   # encrypted passwords.  OPTION is the ident map or the name of the PAM
>   # service.
>   #
> + # Database and user names containing spaces, commas, quotes and other special
> + # characters can be quoted. Quoting one of the keywords "all", "sameuser" or
> + # "samegroup"  makes the name lose its special character, and just match a
> + # database or username with that name.
> + #
>   # This file is read on server startup and when the postmaster receives
>   # a SIGHUP signal.  If you edit the file on a running system, you have
>   # to SIGHUP the postmaster for the changes to take effect, or use
> ***************
> *** 59,62 ****
>   # IPv4-style local connections:
>   host    all         all         127.0.0.1         255.255.255.255   trust
>   # IPv6-style local connections:
> ! host    all         all         ::1               ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff        trust
> --- 64,67 ----
>   # IPv4-style local connections:
>   host    all         all         127.0.0.1         255.255.255.255   trust
>   # IPv6-style local connections:
> ! host    all         all         ::1/128                             trust

>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

pgsql-patches by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: ISO year.
Next
From: Bruce Momjian
Date:
Subject: Re: fork/exec patch: pgstat + BootstrapMain