Thread: [WIP] Patch : Change pg_ident.conf parsing to be the same as pg_hba.conf
<div class="WordSection1"><p><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Attached is a Patch to changethe parsing of pg_ident.conf to make it similar to pg_hba.conf. <br />This is based on Todo Item: <br /><a href="http://archives.postgresql.org/pgsql-hackers/2011-06/msg02204.php">http://archives.postgresql.org/pgsql-hackers/2011-06/msg02204.php</a> </span><p><spanstyle="font-size:10.0pt;font-family:"Arial","sans-serif"">Purpose - This will allow to catch syntax errorsin pg_ident at the startup or reload time.<br /> <br /> <br />Changes are described as follows: <br />a. Makethe load_ident() functionality same as load_hba, such that it cleans the previous context, after successful parsing.<br />b. Change the load_ident(), so that parsing can be done during load time and the parsed lines are saved.<br />c. Change the functionality of parse_ident_usermap() so that parsing is not done during authentication.<br />d. If load_ident() fails for parsing, it returns false and error is issued. <br /> Thispoint I am not sure, as for pg_hba failure it issues FATAL at startup. Currently I have kept error handlingfor load of pg_ident same as pg_hba <br /> <br />I have done the basic testing and test is still in progress. <br/> <br />Suggestions? <br /> <br /> <br />With Regards, <br />Amit Kapila. </span><p class="MsoNormal"> </div>
Re: [WIP] Patch : Change pg_ident.conf parsing to be the same as pg_hba.conf
From
Heikki Linnakangas
Date:
On 02.07.2012 15:08, Amit Kapila wrote: > Attached is a Patch to change the parsing of pg_ident.conf to make it > similar to pg_hba.conf. > This is based on Todo Item: > http://archives.postgresql.org/pgsql-hackers/2011-06/msg02204.php > > Purpose - This will allow to catch syntax errors in pg_ident at the startup > or reload time. > > > Changes are described as follows: > a. Make the load_ident() functionality same as load_hba, such that it > cleans the previous context, after successful parsing. > b. Change the load_ident(), so that parsing can be done during load > time and the parsed lines are saved. > c. Change the functionality of parse_ident_usermap() so that parsing is > not done during authentication. > d. If load_ident() fails for parsing, it returns false and error is > issued. Looks good to me, committed with some small cleanup. > This point I am not sure, as for pg_hba failure it issues FATAL at > startup. Currently I have kept error handling for load of pg_ident same as > pg_hba I think we should be more lenient with pg_ident.conf, and behave as if the file was empty. That is the old behavior, and it seems sensible. You can still connect using an authentication method that doesn't use pg_ident.conf, but if pg_hba.conf is missing, you cannot log in at all. Thanks! - Heikki
On Friday, September 21, 2012 8:28 PM Heikki Linnakangas wrote: On 02.07.2012 15:08, Amit Kapila wrote: >> Attached is a Patch to change the parsing of pg_ident.conf to make it >> similar to pg_hba.conf. >> This is based on Todo Item: >> http://archives.postgresql.org/pgsql-hackers/2011-06/msg02204.php > >> Purpose - This will allow to catch syntax errors in pg_ident at the startup >> or reload time. > > Looks good to me, committed with some small cleanup. Thank you. With Regards, Amit Kapila.