Re: [HACKERS] Keywords in pg_hba.conf should be field-specific

Sat, 16 Oct 2010 07:53:56 -0700 

On 17 October 2010 01:52, Brendan Jurd <[email protected]> wrote:
> Per the above discussion, I've prepared a patch to make keywords in
> pg_hba.conf field-specific.
>

Try New and Improved This Message (tm), now with attachment!

Cheers,
BJ

*** a/src/backend/libpq/hba.c
--- b/src/backend/libpq/hba.c
***************
*** 855,861 **** parse_hba_line(List *line, int line_num, HbaLine *parsedline)
                                                        line_num, 
HbaFileName)));
                return false;
        }
!       parsedline->database = pstrdup(lfirst(line_item));
  
        /* Get the role. */
        line_item = lnext(line_item);
--- 855,873 ----
                                                        line_num, 
HbaFileName)));
                return false;
        }
!       token = pstrdup(lfirst(line_item));
! 
!       /* Filter out inapplicable keywords for the database field. */
!       if (token[strlen(token) - 1] == '\n'
!               && strcmp(token, "all\n") != 0
!               && strcmp(token, "sameuser\n") != 0
!               && strcmp(token, "samerole\n") != 0
!               && strcmp(token, "samegroup\n") != 0
!               && strcmp(token, "replication\n") != 0)
!       {
!               token[strlen(token) - 1] = '\0';
!       }
!       parsedline->database = token;
  
        /* Get the role. */
        line_item = lnext(line_item);
***************
*** 868,874 **** parse_hba_line(List *line, int line_num, HbaLine *parsedline)
                                                        line_num, 
HbaFileName)));
                return false;
        }
!       parsedline->role = pstrdup(lfirst(line_item));
  
        if (parsedline->conntype != ctLocal)
        {
--- 880,894 ----
                                                        line_num, 
HbaFileName)));
                return false;
        }
!       token = pstrdup(lfirst(line_item));
! 
!       /* Filter out inapplicable keywords for the role field. */
!       if (token[strlen(token) - 1] == '\n'
!               && strcmp(token, "all\n") != 0)
!       {
!               token[strlen(token) - 1] = '\0';
!       }
!       parsedline->role = token;
  
        if (parsedline->conntype != ctLocal)
        {
***************
*** 904,909 **** parse_hba_line(List *line, int line_num, HbaLine *parsedline)
--- 924,937 ----
                        /* need a modifiable copy of token */
                        token = pstrdup(token);
  
+                       /*
+                        * Filter out any remaining keywords, as the only valid 
keywords
+                        * for this context ('samehost' and 'samenet') have 
already been
+                        * handled above.
+                        */
+                       if (token[strlen(token) - 1] = '\n')
+                               token[strlen(token) - 1] = '\0';
+ 
                        /* Check if it has a CIDR suffix and if so isolate it */
                        cidr_slash = strchr(token, '/');
                        if (cidr_slash)

-- 
Sent via pgsql-hackers mailing list ([email protected])
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to