Skip site navigation (1) Skip section navigation (2)

[PATCH] allow specifying allowed user in 'trust' hba entries

From: Lennert Buytenhek <buytenh(at)gnu(dot)org>
To: pgsql-patches(at)postgresql(dot)org
Subject: [PATCH] allow specifying allowed user in 'trust' hba entries
Date: 2000-10-17 23:32:32
Message-ID: Pine.LNX.4.21.0010180126530.5436-100000@mara.math.leidenuniv.nl (view raw or flat)
Thread:
Lists: pgsql-patches
Hi all,

While we run an ident-less site, we'd still like to specify as what
account a user might connect from a trusted host.

Currently, if you allow connections from host X to database Y, people on
host X are still allowed to connect as a database administrator, which I
think is not very pretty (even though it's the 'trust' mode of
authentication).

This patches uses the auth_arg for specifying the allowed user name.
Basically, it will allow you to specify you an 'allowed user' after a hba
entry. I've found it pretty useful.

Please CC me on replies, as I've not yet found out to subscribe to the
lists here.


greetings,
Lennert



--- postgresql-7.0.2-orig/src/backend/libpq/hba.c	Wed Apr 12 19:15:14 2000
+++ postgresql-7.0.2/src/backend/libpq/hba.c	Wed Oct 18 00:47:40 2000
@@ -297,7 +297,8 @@
 		if ((strcmp(db, port->database) != 0 && strcmp(db, "all") != 0 &&
 			 (strcmp(db, "sameuser") != 0 || strcmp(port->database, port->user) != 0)) ||
 			port->raddr.sa.sa_family != AF_INET ||
-			((file_ip_addr.s_addr ^ port->raddr.in.sin_addr.s_addr) & mask.s_addr) != 0x0000)
+			((file_ip_addr.s_addr ^ port->raddr.in.sin_addr.s_addr) & mask.s_addr) != 0x0000 ||
+			(port->auth_arg[0] && strcmp(port->auth_arg, port->user) != 0))
 			return;
 	}
 	else


pgsql-patches by date

Next:From: Tom LaneDate: 2000-10-18 03:40:44
Subject: Re: Bugs in to_char function
Previous:From: Tom RogersDate: 2000-10-17 14:47:40
Subject: Bugs in to_char function

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group