Hi all,
While we run an ident-less site, we'd still like to specify as what
account a user might connect from a trusted host.
Currently, if you allow connections from host X to database Y, people on
host X are still allowed to connect as a database administrator, which I
think is not very pretty (even though it's the 'trust' mode of
authentication).
This patches uses the auth_arg for specifying the allowed user name.
Basically, it will allow you to specify you an 'allowed user' after a hba
entry. I've found it pretty useful.
Please CC me on replies, as I've not yet found out to subscribe to the
lists here.
greetings,
Lennert
--- postgresql-7.0.2-orig/src/backend/libpq/hba.c Wed Apr 12 19:15:14 2000
+++ postgresql-7.0.2/src/backend/libpq/hba.c Wed Oct 18 00:47:40 2000
@@ -297,7 +297,8 @@
if ((strcmp(db, port->database) != 0 && strcmp(db, "all") != 0 &&
(strcmp(db, "sameuser") != 0 || strcmp(port->database, port->user) != 0)) ||
port->raddr.sa.sa_family != AF_INET ||
- ((file_ip_addr.s_addr ^ port->raddr.in.sin_addr.s_addr) & mask.s_addr) != 0x0000)
+ ((file_ip_addr.s_addr ^ port->raddr.in.sin_addr.s_addr) & mask.s_addr) != 0x0000 ||
+ (port->auth_arg[0] && strcmp(port->auth_arg, port->user) != 0))
return;
}
else
