Re: distinguish between all and "all" in pg_hba.conf - Mailing list pgsql-patches
From | Andrew Dunstan |
---|---|
Subject | Re: distinguish between all and "all" in pg_hba.conf |
Date | |
Msg-id | 3FE33A4E.8000307@dunslane.net Whole thread Raw |
In response to | distinguish between all and "all" in pg_hba.conf (Andrew Dunstan <andrew@dunslane.net>) |
Responses |
Re: distinguish between all and "all" in pg_hba.conf
Re: distinguish between all and "all" in pg_hba.conf |
List | pgsql-patches |
I wrote: > Tom Lane wrote: > >> Andrew Dunstan <andrew@dunslane.net> writes: >> >> >>> The minimal disturbance change might be to teach the parser to >>> distinguish between a quoted 'all' and an unquoted 'all', and forget >>> the '*' idea. >>> >> >> >> Probably we ought to go with that, on backwards-compatibility grounds. >> >> >> > > OK, here's the patch. Should we also do this for "sameuser" and > "samegroup" for the sake of completness? Revised patch for this as suggested by Tom. cheers andrew Index: hba.c =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/backend/libpq/hba.c,v retrieving revision 1.118 diff -c -w -r1.118 hba.c *** hba.c 5 Dec 2003 15:50:31 -0000 1.118 --- hba.c 19 Dec 2003 17:42:20 -0000 *************** *** 87,102 **** * token or EOF, whichever comes first. If no more tokens on line, * return null string as *buf and position file to beginning of * next line or EOF, whichever comes first. Allow spaces in quoted ! * strings. Terminate on unquoted commas. Handle comments. */ void next_token(FILE *fp, char *buf, const int bufsz) { int c; char *start_buf = buf; ! char *end_buf = buf + (bufsz - 1); bool in_quote = false; bool was_quote = false; /* Move over initial whitespace and commas */ while ((c = getc(fp)) != EOF && (pg_isblank(c) || c == ',')) --- 87,105 ---- * token or EOF, whichever comes first. If no more tokens on line, * return null string as *buf and position file to beginning of * next line or EOF, whichever comes first. Allow spaces in quoted ! * strings. Terminate on unquoted commas. Handle comments. Treat ! * unquoted keywords that might be user names or database names ! * specially, by appending a newline to them. */ void next_token(FILE *fp, char *buf, const int bufsz) { int c; char *start_buf = buf; ! char *end_buf = buf + (bufsz - 2); bool in_quote = false; bool was_quote = false; + bool saw_quote = false; /* Move over initial whitespace and commas */ while ((c = getc(fp)) != EOF && (pg_isblank(c) || c == ',')) *************** *** 149,155 **** --- 152,161 ---- was_quote = false; if (c == '"') + { in_quote = !in_quote; + saw_quote = true; + } c = getc(fp); } *************** *** 161,167 **** --- 167,188 ---- if (c != EOF) ungetc(c, fp); } + + + if ( !saw_quote && + ( + strncmp(start_buf,"all",3) == 0 || + strncmp(start_buf,"sameuser",8) == 0 || + strncmp(start_buf,"samegroup",9) == 0 + ) + ) + { + /* append newline to a magical keyword */ + *buf++ = '\n'; + } + *buf = '\0'; + } /* *************** *** 446,452 **** return true; } else if (strcmp(tok, user) == 0 || ! strcmp(tok, "all") == 0) return true; } --- 467,473 ---- return true; } else if (strcmp(tok, user) == 0 || ! strcmp(tok, "all\n") == 0) return true; } *************** *** 463,476 **** for (tok = strtok(param_str, MULTI_VALUE_SEP); tok != NULL; tok = strtok(NULL, MULTI_VALUE_SEP)) { ! if (strcmp(tok, "all") == 0) return true; ! else if (strcmp(tok, "sameuser") == 0) { if (strcmp(dbname, user) == 0) return true; } ! else if (strcmp(tok, "samegroup") == 0) { if (check_group(dbname, user)) return true; --- 484,497 ---- for (tok = strtok(param_str, MULTI_VALUE_SEP); tok != NULL; tok = strtok(NULL, MULTI_VALUE_SEP)) { ! if (strcmp(tok, "all\n") == 0) return true; ! else if (strcmp(tok, "sameuser\n") == 0) { if (strcmp(dbname, user) == 0) return true; } ! else if (strcmp(tok, "samegroup\n") == 0) { if (check_group(dbname, user)) return true; *************** *** 1068,1074 **** errmsg("cannot use Ident authentication without usermap field"))); found_entry = false; } ! else if (strcmp(usermap_name, "sameuser") == 0) { if (strcmp(pg_user, ident_user) == 0) found_entry = true; --- 1089,1095 ---- errmsg("cannot use Ident authentication without usermap field"))); found_entry = false; } ! else if (strcmp(usermap_name, "sameuser\n") == 0) { if (strcmp(pg_user, ident_user) == 0) found_entry = true; Index: pg_hba.conf.sample =================================================================== RCS file: /projects/cvsroot/pgsql-server/src/backend/libpq/pg_hba.conf.sample,v retrieving revision 1.47 diff -c -w -r1.47 pg_hba.conf.sample *** pg_hba.conf.sample 13 Sep 2003 16:43:38 -0000 1.47 --- pg_hba.conf.sample 19 Dec 2003 17:42:20 -0000 *************** *** 35,40 **** --- 35,45 ---- # encrypted passwords. OPTION is the ident map or the name of the PAM # service. # + # Database and user names containing spaces, commas, quotes and other special + # characters can be quoted. Quoting one of the keywords "all", "sameuser" or + # "samegroup" makes the name lose its special character, and just match a + # database or username with that name. + # # This file is read on server startup and when the postmaster receives # a SIGHUP signal. If you edit the file on a running system, you have # to SIGHUP the postmaster for the changes to take effect, or use *************** *** 59,62 **** # IPv4-style local connections: host all all 127.0.0.1 255.255.255.255 trust # IPv6-style local connections: ! host all all ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff trust --- 64,67 ---- # IPv4-style local connections: host all all 127.0.0.1 255.255.255.255 trust # IPv6-style local connections: ! host all all ::1/128 trust
pgsql-patches by date: