Re: include host names in hba error messages

On Tue, Jul 19, 2011 at 2:18 AM, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
> Since we are accepting host names in pg_hba.conf now, I figured it could
> be useful to also show the host names in error message, e.g.,
>
>    no pg_hba.conf entry for host "localhost" (127.0.0.1), user "x", database "y"
>
> Attached is an example patch.  The question might be what criterion to
> use for when to show the host name.  It could be
>
>    if (port->remote_hostname_resolv == +1)
>
> that is, we have done the reverse and forward lookup, or
>
>    if (port->remote_hostname_resolv >= 0)
>
> that is, we have only done the reverse lookup (which is consistent with
> log_hostname).
>
> Although this whole thing could be quite weird, because the message that
> a host name was rejected because the forward lookup didn't match the IP
> address is at DEBUG2, so it's usually never shown.  So if we tell
> someone that there is 'no pg_hba.conf entry for host "foo"', even though
> there is clearly a line saying "foo" in the file, it would be confusing.
>
> Ideas?

I think it would be less confusing to write the IP address as the main
piece of information, and put the hostname in parentheses only if we
accepted it as valid (i.e. we did both lookups, and everything
matched).

ERROR: no pg_hba.conf entry for host 127.0.0.1 ("localhost"), user
"x", database "y"

As for the case where we the forward lookup and reverse lookup don't
match, could we add that as a DETAIL?

ERROR: no pg_hba.conf entry for host 127.0.0.1, user "x", database "y"
DETAIL: Forward and reverse DNS lookups do not match.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company