Re: distinguish between all and "all" in pg_hba.conf - Mailing list pgsql-patches
| From | Andrew Dunstan |
|---|---|
| Subject | Re: distinguish between all and "all" in pg_hba.conf |
| Date | |
| Msg-id | 3FE33A4E.8000307@dunslane.net Whole thread Raw |
| In response to | distinguish between all and "all" in pg_hba.conf (Andrew Dunstan <andrew@dunslane.net>) |
| Responses |
Re: distinguish between all and "all" in pg_hba.conf
Re: distinguish between all and "all" in pg_hba.conf |
| List | pgsql-patches |
I wrote:
> Tom Lane wrote:
>
>> Andrew Dunstan <andrew@dunslane.net> writes:
>>
>>
>>> The minimal disturbance change might be to teach the parser to
>>> distinguish between a quoted 'all' and an unquoted 'all', and forget
>>> the '*' idea.
>>>
>>
>>
>> Probably we ought to go with that, on backwards-compatibility grounds.
>>
>>
>>
>
> OK, here's the patch. Should we also do this for "sameuser" and
> "samegroup" for the sake of completness?
Revised patch for this as suggested by Tom.
cheers
andrew
Index: hba.c
===================================================================
RCS file: /projects/cvsroot/pgsql-server/src/backend/libpq/hba.c,v
retrieving revision 1.118
diff -c -w -r1.118 hba.c
*** hba.c 5 Dec 2003 15:50:31 -0000 1.118
--- hba.c 19 Dec 2003 17:42:20 -0000
***************
*** 87,102 ****
* token or EOF, whichever comes first. If no more tokens on line,
* return null string as *buf and position file to beginning of
* next line or EOF, whichever comes first. Allow spaces in quoted
! * strings. Terminate on unquoted commas. Handle comments.
*/
void
next_token(FILE *fp, char *buf, const int bufsz)
{
int c;
char *start_buf = buf;
! char *end_buf = buf + (bufsz - 1);
bool in_quote = false;
bool was_quote = false;
/* Move over initial whitespace and commas */
while ((c = getc(fp)) != EOF && (pg_isblank(c) || c == ','))
--- 87,105 ----
* token or EOF, whichever comes first. If no more tokens on line,
* return null string as *buf and position file to beginning of
* next line or EOF, whichever comes first. Allow spaces in quoted
! * strings. Terminate on unquoted commas. Handle comments. Treat
! * unquoted keywords that might be user names or database names
! * specially, by appending a newline to them.
*/
void
next_token(FILE *fp, char *buf, const int bufsz)
{
int c;
char *start_buf = buf;
! char *end_buf = buf + (bufsz - 2);
bool in_quote = false;
bool was_quote = false;
+ bool saw_quote = false;
/* Move over initial whitespace and commas */
while ((c = getc(fp)) != EOF && (pg_isblank(c) || c == ','))
***************
*** 149,155 ****
--- 152,161 ----
was_quote = false;
if (c == '"')
+ {
in_quote = !in_quote;
+ saw_quote = true;
+ }
c = getc(fp);
}
***************
*** 161,167 ****
--- 167,188 ----
if (c != EOF)
ungetc(c, fp);
}
+
+
+ if ( !saw_quote &&
+ (
+ strncmp(start_buf,"all",3) == 0 ||
+ strncmp(start_buf,"sameuser",8) == 0 ||
+ strncmp(start_buf,"samegroup",9) == 0
+ )
+ )
+ {
+ /* append newline to a magical keyword */
+ *buf++ = '\n';
+ }
+
*buf = '\0';
+
}
/*
***************
*** 446,452 ****
return true;
}
else if (strcmp(tok, user) == 0 ||
! strcmp(tok, "all") == 0)
return true;
}
--- 467,473 ----
return true;
}
else if (strcmp(tok, user) == 0 ||
! strcmp(tok, "all\n") == 0)
return true;
}
***************
*** 463,476 ****
for (tok = strtok(param_str, MULTI_VALUE_SEP); tok != NULL; tok = strtok(NULL, MULTI_VALUE_SEP))
{
! if (strcmp(tok, "all") == 0)
return true;
! else if (strcmp(tok, "sameuser") == 0)
{
if (strcmp(dbname, user) == 0)
return true;
}
! else if (strcmp(tok, "samegroup") == 0)
{
if (check_group(dbname, user))
return true;
--- 484,497 ----
for (tok = strtok(param_str, MULTI_VALUE_SEP); tok != NULL; tok = strtok(NULL, MULTI_VALUE_SEP))
{
! if (strcmp(tok, "all\n") == 0)
return true;
! else if (strcmp(tok, "sameuser\n") == 0)
{
if (strcmp(dbname, user) == 0)
return true;
}
! else if (strcmp(tok, "samegroup\n") == 0)
{
if (check_group(dbname, user))
return true;
***************
*** 1068,1074 ****
errmsg("cannot use Ident authentication without usermap field")));
found_entry = false;
}
! else if (strcmp(usermap_name, "sameuser") == 0)
{
if (strcmp(pg_user, ident_user) == 0)
found_entry = true;
--- 1089,1095 ----
errmsg("cannot use Ident authentication without usermap field")));
found_entry = false;
}
! else if (strcmp(usermap_name, "sameuser\n") == 0)
{
if (strcmp(pg_user, ident_user) == 0)
found_entry = true;
Index: pg_hba.conf.sample
===================================================================
RCS file: /projects/cvsroot/pgsql-server/src/backend/libpq/pg_hba.conf.sample,v
retrieving revision 1.47
diff -c -w -r1.47 pg_hba.conf.sample
*** pg_hba.conf.sample 13 Sep 2003 16:43:38 -0000 1.47
--- pg_hba.conf.sample 19 Dec 2003 17:42:20 -0000
***************
*** 35,40 ****
--- 35,45 ----
# encrypted passwords. OPTION is the ident map or the name of the PAM
# service.
#
+ # Database and user names containing spaces, commas, quotes and other special
+ # characters can be quoted. Quoting one of the keywords "all", "sameuser" or
+ # "samegroup" makes the name lose its special character, and just match a
+ # database or username with that name.
+ #
# This file is read on server startup and when the postmaster receives
# a SIGHUP signal. If you edit the file on a running system, you have
# to SIGHUP the postmaster for the changes to take effect, or use
***************
*** 59,62 ****
# IPv4-style local connections:
host all all 127.0.0.1 255.255.255.255 trust
# IPv6-style local connections:
! host all all ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff trust
--- 64,67 ----
# IPv4-style local connections:
host all all 127.0.0.1 255.255.255.255 trust
# IPv6-style local connections:
! host all all ::1/128 trust
pgsql-patches by date: