Re: Allow file inclusion in pg_hba and pg_ident files

From: Michael Paquier <michael(at)paquier(dot)xyz>
To: Julien Rouhaud <rjuju123(at)gmail(dot)com>
Cc: PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Nathan Bossart <nathandbossart(at)gmail(dot)com>
Subject: Re: Allow file inclusion in pg_hba and pg_ident files
Date: 2022-11-08 01:04:16
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On Mon, Nov 07, 2022 at 03:07:15PM +0900, Michael Paquier wrote:
> Attached is a set of three patches:
> - 0001 changes tokenize_inc_file() to use AbsoluteConfigLocation().
> AbsoluteConfigLocation() uses a static buffer and a MAXPGPATH, but
> we'd rather change it to use a palloc()+strcpy() instead and remove
> the static restriction? What do you think? The same applies for the
> case where we use DataDir, actually, and it seems like there is no
> point in this path-length restriction in this code path.
> - 0002 invents the interface to open auth files and check for their
> depths, simplifying the main patch a bit as there is no need to track
> the depth level here and there anymore.
> - 0003 is the rebased patch, simplified after the other changes. The
> bulk of the patch is in its TAP test.

CF bot unhappy as I have messed up with rules.out. Rebased. I have
removed the restriction on MAXPGPATH in AbsoluteConfigLocation() in
0001, while on it. The absolute paths built on GUC or ident
inclusions are the same.

Attachment Content-Type Size
v17-0001-Expand-the-use-of-AbsoluteConfigLocation-in-hba..patch text/x-diff 2.9 KB
v17-0002-Invent-open_auth_file-in-hba.c-to-refactor-auth-.patch text/x-diff 9.0 KB
v17-0003-Allow-file-inclusion-in-pg_hba-and-pg_ident-file.patch text/x-diff 55.0 KB

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message David Rowley 2022-11-08 01:31:12 Re: Add proper planner support for ORDER BY / DISTINCT aggregates
Previous Message Jacob Champion 2022-11-08 01:04:14 Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert