On Thu, Jul 06, 2023 at 08:21:18AM +0900, Michael Paquier wrote:
> Removing the GUC from this table is kind of annoying. Cannot this be
> handled like default_with_oids or ssl_renegotiation_limit to avoid any
> kind of issues with the reload of dump files and the kind?
Ah, good catch.
--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com
>From ba8f57f2e15bcf9c147c25496f5ea7dba211fefb Mon Sep 17 00:00:00 2001
From: Nathan Bossart <nat...@postgresql.org>
Date: Fri, 30 Jun 2023 12:46:08 -0700
Subject: [PATCH v4 1/1] remove db_user_namespace
---
doc/src/sgml/client-auth.sgml | 5 --
doc/src/sgml/config.sgml | 52 -------------------
src/backend/commands/variable.c | 15 ++++++
src/backend/libpq/auth.c | 5 --
src/backend/libpq/hba.c | 12 -----
src/backend/postmaster/postmaster.c | 19 -------
src/backend/utils/misc/guc_tables.c | 16 ++++--
src/backend/utils/misc/postgresql.conf.sample | 1 -
src/include/libpq/pqcomm.h | 2 -
src/include/utils/guc_hooks.h | 1 +
.../unsafe_tests/expected/guc_privs.out | 4 ++
.../modules/unsafe_tests/sql/guc_privs.sql | 3 ++
12 files changed, 35 insertions(+), 100 deletions(-)
diff --git a/doc/src/sgml/client-auth.sgml b/doc/src/sgml/client-auth.sgml
index 204d09df67..6c95f0df1e 100644
--- a/doc/src/sgml/client-auth.sgml
+++ b/doc/src/sgml/client-auth.sgml
@@ -1253,11 +1253,6 @@ omicron bryanh guest1
attacks.
</para>
- <para>
- The <literal>md5</literal> method cannot be used with
- the <xref linkend="guc-db-user-namespace"/> feature.
- </para>
-
<para>
To ease transition from the <literal>md5</literal> method to the newer
SCRAM method, if <literal>md5</literal> is specified as a method
diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
index 6262cb7bb2..e6cea8ddfc 100644
--- a/doc/src/sgml/config.sgml
+++ b/doc/src/sgml/config.sgml
@@ -1188,58 +1188,6 @@ include_dir 'conf.d'
</para>
</listitem>
</varlistentry>
-
- <varlistentry id="guc-db-user-namespace" xreflabel="db_user_namespace">
- <term><varname>db_user_namespace</varname> (<type>boolean</type>)
- <indexterm>
- <primary><varname>db_user_namespace</varname> configuration parameter</primary>
- </indexterm>
- </term>
- <listitem>
- <para>
- This parameter enables per-database user names. It is off by default.
- This parameter can only be set in the <filename>postgresql.conf</filename>
- file or on the server command line.
- </para>
-
- <para>
- If this is on, you should create users as <replaceable>username@dbname</replaceable>.
- When <replaceable>username</replaceable> is passed by a connecting client,
- <literal>@</literal> and the database name are appended to the user
- name and that database-specific user name is looked up by the
- server. Note that when you create users with names containing
- <literal>@</literal> within the SQL environment, you will need to
- quote the user name.
- </para>
-
- <para>
- With this parameter enabled, you can still create ordinary global
- users. Simply append <literal>@</literal> when specifying the user
- name in the client, e.g., <literal>joe@</literal>. The <literal>@</literal>
- will be stripped off before the user name is looked up by the
- server.
- </para>
-
- <para>
- <varname>db_user_namespace</varname> causes the client's and
- server's user name representation to differ.
- Authentication checks are always done with the server's user name
- so authentication methods must be configured for the
- server's user name, not the client's. Because
- <literal>md5</literal> uses the user name as salt on both the
- client and server, <literal>md5</literal> cannot be used with
- <varname>db_user_namespace</varname>.
- </para>
-
- <note>
- <para>
- This feature is intended as a temporary measure until a
- complete solution is found. At that time, this option will
- be removed.
- </para>
- </note>
- </listitem>
- </varlistentry>
</variablelist>
</sect2>
diff --git a/src/backend/commands/variable.c b/src/backend/commands/variable.c
index f0f2e07655..b6a2fa2512 100644
--- a/src/backend/commands/variable.c
+++ b/src/backend/commands/variable.c
@@ -1157,6 +1157,21 @@ check_bonjour(bool *newval, void **extra, GucSource source)
return true;
}
+bool
+check_db_user_namespace(bool *newval, void **extra, GucSource source)
+{
+ if (*newval)
+ {
+ /* check the GUC's definition for an explanation */
+ GUC_check_errcode(ERRCODE_FEATURE_NOT_SUPPORTED);
+ GUC_check_errmsg("db_user_namespace is not supported");
+
+ return false;
+ }
+
+ return true;
+}
+
bool
check_default_with_oids(bool *newval, void **extra, GucSource source)
{
diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index a98b934a8e..65d452f099 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -873,11 +873,6 @@ CheckMD5Auth(Port *port, char *shadow_pass, const char **logdetail)
char *passwd;
int result;
- if (Db_user_namespace)
- ereport(FATAL,
- (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
- errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled")));
-
/* include the salt to use for computing the response */
if (!pg_strong_random(md5Salt, 4))
{
diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c
index f89f138f3c..5d4ddbb04d 100644
--- a/src/backend/libpq/hba.c
+++ b/src/backend/libpq/hba.c
@@ -1741,19 +1741,7 @@ parse_hba_line(TokenizedAuthLine *tok_line, int elevel)
else if (strcmp(token->string, "reject") == 0)
parsedline->auth_method = uaReject;
else if (strcmp(token->string, "md5") == 0)
- {
- if (Db_user_namespace)
- {
- ereport(elevel,
- (errcode(ERRCODE_CONFIG_FILE_ERROR),
- errmsg("MD5 authentication is not supported when \"db_user_namespace\" is enabled"),
- errcontext("line %d of configuration file \"%s\"",
- line_num, file_name)));
- *err_msg = "MD5 authentication is not supported when \"db_user_namespace\" is enabled";
- return NULL;
- }
parsedline->auth_method = uaMD5;
- }
else if (strcmp(token->string, "scram-sha-256") == 0)
parsedline->auth_method = uaSCRAM;
else if (strcmp(token->string, "pam") == 0)
diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c
index 0b1de9efb2..9c8ec779f9 100644
--- a/src/backend/postmaster/postmaster.c
+++ b/src/backend/postmaster/postmaster.c
@@ -236,7 +236,6 @@ int AuthenticationTimeout = 60;
bool log_hostname; /* for ps display and logging */
bool Log_connections = false;
-bool Db_user_namespace = false;
bool enable_bonjour = false;
char *bonjour_name;
@@ -2272,24 +2271,6 @@ retry1:
if (port->database_name == NULL || port->database_name[0] == '\0')
port->database_name = pstrdup(port->user_name);
- if (Db_user_namespace)
- {
- /*
- * If user@, it is a global user, remove '@'. We only want to do this
- * if there is an '@' at the end and no earlier in the user string or
- * they may fake as a local user of another database attaching to this
- * database.
- */
- if (strchr(port->user_name, '@') ==
- port->user_name + strlen(port->user_name) - 1)
- *strchr(port->user_name, '@') = '\0';
- else
- {
- /* Append '@' and dbname */
- port->user_name = psprintf("%s@%s", port->user_name, port->database_name);
- }
- }
-
if (am_walsender)
MyBackendType = B_WAL_SENDER;
else
diff --git a/src/backend/utils/misc/guc_tables.c b/src/backend/utils/misc/guc_tables.c
index f8ef87d26d..94e87b7bd4 100644
--- a/src/backend/utils/misc/guc_tables.c
+++ b/src/backend/utils/misc/guc_tables.c
@@ -505,6 +505,7 @@ bool check_function_bodies = true;
*/
bool default_with_oids = false;
bool session_auth_is_superuser;
+bool Db_user_namespace = false;
int log_min_error_statement = ERROR;
int log_min_messages = WARNING;
@@ -1534,14 +1535,21 @@ struct config_bool ConfigureNamesBool[] =
false,
NULL, NULL, NULL
},
+
+ /*
+ * db_user_namespace was removed in PostgreSQL 17, but we tolerate the
+ * parameter being set to false to avoid unnecessarily breaking older dump
+ * files.
+ */
{
- {"db_user_namespace", PGC_SIGHUP, CONN_AUTH_AUTH,
- gettext_noop("Enables per-database user names."),
- NULL
+ {"db_user_namespace", PGC_SIGHUP, COMPAT_OPTIONS_PREVIOUS,
+ gettext_noop("db_user_namespace is no longer supported; this can only be false."),
+ NULL,
+ GUC_NO_SHOW_ALL | GUC_NOT_IN_SAMPLE
},
&Db_user_namespace,
false,
- NULL, NULL, NULL
+ check_db_user_namespace, NULL, NULL
},
{
{"default_transaction_read_only", PGC_USERSET, CLIENT_CONN_STATEMENT,
diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample
index e4c0269fa3..c768af9a73 100644
--- a/src/backend/utils/misc/postgresql.conf.sample
+++ b/src/backend/utils/misc/postgresql.conf.sample
@@ -96,7 +96,6 @@
#authentication_timeout = 1min # 1s-600s
#password_encryption = scram-sha-256 # scram-sha-256 or md5
#scram_iterations = 4096
-#db_user_namespace = off
# GSSAPI using Kerberos
#krb_server_keyfile = 'FILE:${sysconfdir}/krb5.keytab'
diff --git a/src/include/libpq/pqcomm.h b/src/include/libpq/pqcomm.h
index c85090259d..3da00f7983 100644
--- a/src/include/libpq/pqcomm.h
+++ b/src/include/libpq/pqcomm.h
@@ -103,8 +103,6 @@ typedef ProtocolVersion MsgType;
typedef uint32 PacketLen;
-extern PGDLLIMPORT bool Db_user_namespace;
-
/*
* In protocol 3.0 and later, the startup packet length is not fixed, but
* we set an arbitrary limit on it anyway. This is just to prevent simple
diff --git a/src/include/utils/guc_hooks.h b/src/include/utils/guc_hooks.h
index 2ecb9fc086..c51d44ec15 100644
--- a/src/include/utils/guc_hooks.h
+++ b/src/include/utils/guc_hooks.h
@@ -49,6 +49,7 @@ extern bool check_cluster_name(char **newval, void **extra, GucSource source);
extern const char *show_data_directory_mode(void);
extern bool check_datestyle(char **newval, void **extra, GucSource source);
extern void assign_datestyle(const char *newval, void *extra);
+extern bool check_db_user_namespace(bool *newval, void **extra, GucSource source);
extern bool check_default_table_access_method(char **newval, void **extra,
GucSource source);
extern bool check_default_tablespace(char **newval, void **extra,
diff --git a/src/test/modules/unsafe_tests/expected/guc_privs.out b/src/test/modules/unsafe_tests/expected/guc_privs.out
index f43a1da214..17f7a0c980 100644
--- a/src/test/modules/unsafe_tests/expected/guc_privs.out
+++ b/src/test/modules/unsafe_tests/expected/guc_privs.out
@@ -40,6 +40,10 @@ RESET autovacuum; -- fail, requires reload
ERROR: parameter "autovacuum" cannot be changed now
ALTER SYSTEM SET autovacuum = OFF; -- ok
ALTER SYSTEM RESET autovacuum; -- ok
+ALTER SYSTEM SET db_user_namespace = OFF; -- ok
+ALTER SYSTEM SET db_user_namespace = ON; -- fail, cannot be changed
+ERROR: db_user_namespace is not supported
+ALTER SYSTEM RESET db_user_namespace; -- ok
-- PGC_SUSET
SET lc_messages = 'C'; -- ok
RESET lc_messages; -- ok
diff --git a/src/test/modules/unsafe_tests/sql/guc_privs.sql b/src/test/modules/unsafe_tests/sql/guc_privs.sql
index 7a4fb24b9d..233ce1a5ac 100644
--- a/src/test/modules/unsafe_tests/sql/guc_privs.sql
+++ b/src/test/modules/unsafe_tests/sql/guc_privs.sql
@@ -31,6 +31,9 @@ SET autovacuum = OFF; -- fail, requires reload
RESET autovacuum; -- fail, requires reload
ALTER SYSTEM SET autovacuum = OFF; -- ok
ALTER SYSTEM RESET autovacuum; -- ok
+ALTER SYSTEM SET db_user_namespace = OFF; -- ok
+ALTER SYSTEM SET db_user_namespace = ON; -- fail, cannot be changed
+ALTER SYSTEM RESET db_user_namespace; -- ok
-- PGC_SUSET
SET lc_messages = 'C'; -- ok
RESET lc_messages; -- ok
--
2.25.1
