Skip site navigation (1) Skip section navigation (2)

Re: distinguish between all and "all" in pg_hba.conf

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Andrew Dunstan <andrew(at)dunslane(dot)net>
Cc: "Patches (PostgreSQL)" <pgsql-patches(at)postgresql(dot)org>
Subject: Re: distinguish between all and "all" in pg_hba.conf
Date: 2003-12-20 00:46:37
Message-ID: 200312200046.hBK0kbF00929@candle.pha.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
That IPv6 cleanup is major!

> ! host    all         all         ::1               ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff        trust

> ! host    all         all         ::1/128                             trust

Your patch has been added to the PostgreSQL unapplied patches list at:

	http://momjian.postgresql.org/cgi-bin/pgpatches

I will try to apply it within the next 48 hours.

---------------------------------------------------------------------------


Andrew Dunstan wrote:
> I wrote:
> 
> > Tom Lane wrote:
> >
> >> Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> >>  
> >>
> >>> The minimal disturbance change might be to teach the parser to 
> >>> distinguish between a quoted 'all' and an unquoted 'all', and forget 
> >>> the '*' idea.
> >>>   
> >>
> >>
> >> Probably we ought to go with that, on backwards-compatibility grounds.
> >>
> >>  
> >>
> >
> > OK, here's the patch. Should we also do this for "sameuser" and 
> > "samegroup" for the sake of completness?
> 
> 
> 
> Revised patch for this as suggested by Tom.
> 
> cheers
> 
> andrew
> 

> Index: hba.c
> ===================================================================
> RCS file: /projects/cvsroot/pgsql-server/src/backend/libpq/hba.c,v
> retrieving revision 1.118
> diff -c -w -r1.118 hba.c
> *** hba.c	5 Dec 2003 15:50:31 -0000	1.118
> --- hba.c	19 Dec 2003 17:42:20 -0000
> ***************
> *** 87,102 ****
>    *	 token or EOF, whichever comes first. If no more tokens on line,
>    *	 return null string as *buf and position file to beginning of
>    *	 next line or EOF, whichever comes first. Allow spaces in quoted
> !  *	 strings. Terminate on unquoted commas. Handle comments.
>    */
>   void
>   next_token(FILE *fp, char *buf, const int bufsz)
>   {
>   	int			c;
>   	char	   *start_buf = buf;
> ! 	char	   *end_buf = buf + (bufsz - 1);
>   	bool		in_quote = false;
>   	bool		was_quote = false;
>   
>   	/* Move over initial whitespace and commas */
>   	while ((c = getc(fp)) != EOF && (pg_isblank(c) || c == ','))
> --- 87,105 ----
>    *	 token or EOF, whichever comes first. If no more tokens on line,
>    *	 return null string as *buf and position file to beginning of
>    *	 next line or EOF, whichever comes first. Allow spaces in quoted
> !  *	 strings. Terminate on unquoted commas. Handle comments. Treat
> !  *   unquoted keywords that might be user names or database names 
> !  *   specially, by appending a newline to them.
>    */
>   void
>   next_token(FILE *fp, char *buf, const int bufsz)
>   {
>   	int			c;
>   	char	   *start_buf = buf;
> ! 	char	   *end_buf = buf + (bufsz - 2);
>   	bool		in_quote = false;
>   	bool		was_quote = false;
> + 	bool        saw_quote = false;
>   
>   	/* Move over initial whitespace and commas */
>   	while ((c = getc(fp)) != EOF && (pg_isblank(c) || c == ','))
> ***************
> *** 149,155 ****
> --- 152,161 ----
>   				was_quote = false;
>   
>   			if (c == '"')
> + 			{
>   				in_quote = !in_quote;
> + 				saw_quote = true;
> + 			}
>   
>   			c = getc(fp);
>   		}
> ***************
> *** 161,167 ****
> --- 167,188 ----
>   		if (c != EOF)
>   			ungetc(c, fp);
>   	}
> + 
> + 
> + 	if ( !saw_quote && 
> + 	     (
> + 			 strncmp(start_buf,"all",3) == 0  ||
> + 			 strncmp(start_buf,"sameuser",8) == 0  ||
> + 			 strncmp(start_buf,"samegroup",9) == 0 
> + 		 )
> + 		)
> + 	{
> + 		/* append newline to a magical keyword */
> + 		*buf++ = '\n';
> + 	}
> + 
>   	*buf = '\0';
> + 
>   }
>   
>   /*
> ***************
> *** 446,452 ****
>   				return true;
>   		}
>   		else if (strcmp(tok, user) == 0 ||
> ! 				 strcmp(tok, "all") == 0)
>   			return true;
>   	}
>   
> --- 467,473 ----
>   				return true;
>   		}
>   		else if (strcmp(tok, user) == 0 ||
> ! 				 strcmp(tok, "all\n") == 0)
>   			return true;
>   	}
>   
> ***************
> *** 463,476 ****
>   
>   	for (tok = strtok(param_str, MULTI_VALUE_SEP); tok != NULL; tok = strtok(NULL, MULTI_VALUE_SEP))
>   	{
> ! 		if (strcmp(tok, "all") == 0)
>   			return true;
> ! 		else if (strcmp(tok, "sameuser") == 0)
>   		{
>   			if (strcmp(dbname, user) == 0)
>   				return true;
>   		}
> ! 		else if (strcmp(tok, "samegroup") == 0)
>   		{
>   			if (check_group(dbname, user))
>   				return true;
> --- 484,497 ----
>   
>   	for (tok = strtok(param_str, MULTI_VALUE_SEP); tok != NULL; tok = strtok(NULL, MULTI_VALUE_SEP))
>   	{
> ! 		if (strcmp(tok, "all\n") == 0)
>   			return true;
> ! 		else if (strcmp(tok, "sameuser\n") == 0)
>   		{
>   			if (strcmp(dbname, user) == 0)
>   				return true;
>   		}
> ! 		else if (strcmp(tok, "samegroup\n") == 0)
>   		{
>   			if (check_group(dbname, user))
>   				return true;
> ***************
> *** 1068,1074 ****
>   		errmsg("cannot use Ident authentication without usermap field")));
>   		found_entry = false;
>   	}
> ! 	else if (strcmp(usermap_name, "sameuser") == 0)
>   	{
>   		if (strcmp(pg_user, ident_user) == 0)
>   			found_entry = true;
> --- 1089,1095 ----
>   		errmsg("cannot use Ident authentication without usermap field")));
>   		found_entry = false;
>   	}
> ! 	else if (strcmp(usermap_name, "sameuser\n") == 0)
>   	{
>   		if (strcmp(pg_user, ident_user) == 0)
>   			found_entry = true;
> Index: pg_hba.conf.sample
> ===================================================================
> RCS file: /projects/cvsroot/pgsql-server/src/backend/libpq/pg_hba.conf.sample,v
> retrieving revision 1.47
> diff -c -w -r1.47 pg_hba.conf.sample
> *** pg_hba.conf.sample	13 Sep 2003 16:43:38 -0000	1.47
> --- pg_hba.conf.sample	19 Dec 2003 17:42:20 -0000
> ***************
> *** 35,40 ****
> --- 35,45 ----
>   # encrypted passwords.  OPTION is the ident map or the name of the PAM
>   # service.
>   #
> + # Database and user names containing spaces, commas, quotes and other special
> + # characters can be quoted. Quoting one of the keywords "all", "sameuser" or
> + # "samegroup"  makes the name lose its special character, and just match a 
> + # database or username with that name.
> + #
>   # This file is read on server startup and when the postmaster receives
>   # a SIGHUP signal.  If you edit the file on a running system, you have
>   # to SIGHUP the postmaster for the changes to take effect, or use
> ***************
> *** 59,62 ****
>   # IPv4-style local connections:
>   host    all         all         127.0.0.1         255.255.255.255   trust
>   # IPv6-style local connections:
> ! host    all         all         ::1               ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff        trust
> --- 64,67 ----
>   # IPv4-style local connections:
>   host    all         all         127.0.0.1         255.255.255.255   trust
>   # IPv6-style local connections:
> ! host    all         all         ::1/128                             trust

> 
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman(at)candle(dot)pha(dot)pa(dot)us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

In response to

pgsql-hackers by date

Next:From: Dennis BjorklundDate: 2003-12-20 06:34:26
Subject: What to do with my patch?
Previous:From: Bruce MomjianDate: 2003-12-20 00:37:26
Subject: Re: PostgreSQL speakers needed for OSCON 2004

pgsql-patches by date

Next:From: Bruce MomjianDate: 2003-12-20 15:32:45
Subject: Re: ISO 8601 "Time Intervals" of the "format with time-unit
Previous:From: Bruce MomjianDate: 2003-12-20 00:39:12
Subject: Re: ISO year.

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group