| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Reporting hba lines |
| Date: | 2012-06-27 14:14:33 |
| Message-ID: | 29678.1340806473@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Magnus Hagander <magnus(at)hagander(dot)net> writes:
> On Wed, Jun 27, 2012 at 3:55 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> BTW, are you sure that auth_failed is only called in cases where
>> an hba line has already been identified? Even if true today,
>> it seems fairly risky to assume that.
> It is true today, but yes, it might be safe to guard against it with
> something like this?
FWIW, the usual approach for conditionally emitting bits of an ereport
is more like
ereport(FATAL,
(errcode(errcode_return),
errmsg(errstr, port->user_name),
port->hba ? errdetail_log("Connection matched pg_hba.conf line %d", port->hba->linenumber) : 0));
but that's just a nitpick. A bigger issue is that I'm not convinced
that a line number will be tremendously helpful: it's easy to miscount
lines, and a line number will certainly not be helpful in the frequent
cases where people are modifying the wrong hba file. Can we show
the source text of the hba line?
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2012-06-27 14:17:57 | Re: Posix Shared Mem patch |
| Previous Message | Amit Kapila | 2012-06-27 14:14:29 | Regarding WAL Format Changes |