Re: Allow file inclusion in pg_hba and pg_ident files

On Wed, Oct 26, 2022 at 11:19:48AM +0800, Julien Rouhaud wrote:
> That wouldn't be overdoing anymore if we remove the line number / filename from
> the fill_*_line prototypes right?

Yeah, but there is a twist: HbaLine or IdentLine can be passed as
NULL when entering in fill_hba_line() or fill_ident_line() in the
event of an error when tokenizing the line or when failing the
creation of their Line, so attempting to read the line number from
either of them when filling in a tuple for their respective view would
cause a crash.

So, for now, I have taken the minimalistic approach with the addition
of the source file name in HbaFile and in TokenizedAuthLine. The
former is actually necessary anyway as auth.c wants it in two
locations (improved auth_failed() and set_authn_id()).

It is still true that the line number in IdentLine remains unused.
Hence, do you think that the addition of the source file name and its
line number could be useful for the error reporting done in
check_ident_usermap()? The contents of the HbaLines are used in
auth.c for its own reporting magic, and it looks like this would be
the only location where what's in the IdentLines is useful, aka
provide more details about what is happening. Once users are able to
include ident files, that would likely help in debugging issues.
--
Michael