Re: pg_hba.conf editing question - Mailing list pgadmin-support
| From | Guillaume Lelarge |
|---|---|
| Subject | Re: pg_hba.conf editing question |
| Date | |
| Msg-id | CAECtzeVdP0Ag1Aa5m2AySbDhFU2=b_pETm6rcgAxDjdPjb8h7A@mail.gmail.com Whole thread Raw |
| In response to | Re: pg_hba.conf editing question (Scott Furry <scott.wl.furry@gmail.com>) |
| Responses |
Re: pg_hba.conf editing question
(Scott Furry <scott.wl.furry@gmail.com>)
|
| List | pgadmin-support |
2014-07-20 23:15 GMT+02:00 Scott Furry <scott.wl.furry@gmail.com>:
On 20/07/14 02:45 PM, Guillaume Lelarge wrote:2014-07-19 18:11 GMT+02:00 Scott Furry <scott.wl.furry@gmail.com <mailto:scott.wl.furry@gmail.com>>:What about the case of a linux-base system. There was another message on the pgAdmin list mentioning that pg_file_read did not work on Debian. I used pgAdmin on a Windows system to edit the pg_hba.conf file. No problems, but emulating that behaviour on linux systems by entering the SQL commands fails.
I am working with the pgAdmin git source and I am having trouble
understanding the adminpack functions being used.
In the file pgadmin/frm/frmHbaConfig.cpp, the pg_hba.conf edit
form constructor appears to get the absolute path to the
configuration file and stores this value in "serverFileName"
("SHOW hba_file"). The value is then used to few lines down in a
call to "SELECT pg_file_read(...)".
Net Search suggests that pg_file_read can be used to access files
in the pg data/log directories only. Experimenting on my
localhost, any attempt to use a "../" or and absolute path results
in an error.
What I'm having a problem understanding is how the pg_file_read
function can work in this context. I can access files in the data
directory nicely, but emulating the queries being used in the
pgAdmin code will not work. What magic was built into the code to
get around the absolute path security?
No magic. pg_file_read() calls pg_read_file. Here is the main comment of this function:
/*¬
* Convert a "text" filename argument to C string, and check it's allowable.¬
*¬
* Filename may be absolute or relative to the DataDir, but we only allow¬
* absolute paths that match DataDir or Log_directory.¬
*/¬
So the path may be absolute but, in such a case, it must contain the data directory.
I'm using the postgres account and the "SELECT pg_file_read" command fails if I try to take into account the data directory.
Using:
SELECT * from pg_read_file('../../../../../etc/postgresql/9.3/main/pg_hba.conf');
will return the error:
ERROR: path must be in or below the current directory
Yet this sequence of commands works for pgAdmin?
I'm pretty sure it doesn't.
This is why I'm asking here if there was some special setup made when calling the config file editing.
Nope, no special setup.
--
pgadmin-support by date: