Avoid downcasing/truncation of RADIUS authentication parameters.
Commit 6b76f1bb5 changed all the RADIUS auth parameters to be lists
rather than single values. But its use of SplitIdentifierString
to parse the list format was not very carefully thought through,
because that function thinks it's parsing SQL identifiers, which
means it will (a) downcase the strings and (b) truncate them to
be shorter than NAMEDATALEN. While downcasing should be harmless
for the server names and ports, it's just wrong for the shared
secrets, and probably for the NAS Identifier strings as well.
The truncation aspect is at least potentially a problem too,
though typical values for these parameters would fit in 63 bytes.
Fortunately, we now have a function SplitGUCList that is exactly
the same except for not doing the two unwanted things, so fixing
this is a trivial matter of calling that function instead.
While here, improve the documentation to show how to double-quote
the parameter values. I failed to resist the temptation to do
some copy-editing as well.
Report and patch from Marcos David (bug #16106); doc changes by me.
Back-patch to v10 where the aforesaid commit came in, since this is
arguably a regression from our previous behavior with RADIUS auth.
Discussion: https://postgr.es/m/16106-7d319e4295d08e70@postgresql.org
Branch
------
REL_10_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/4be69e2ea14d4f00c77a1185e68b7f9235aeb95f
Modified Files
--------------
doc/src/sgml/client-auth.sgml | 39 +++++++++++++++++++++++++--------------
src/backend/libpq/hba.c | 8 ++++----
2 files changed, 29 insertions(+), 18 deletions(-)
