From 3e32e9476f827f9ac76fa3cdb1b3767d8a69619d Mon Sep 17 00:00:00 2001 From: Bruce Momjian Date: Thu, 25 Dec 2003 03:44:05 +0000 Subject: [PATCH] Patch that makes quoting "sameuser", "samegroup", and "all" remove special meaning of these terms in pg_hba.conf. Also changes ugly pg_hba.conf IPv6 netmask of ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff to ::1/128. Andrew Dunstan --- src/backend/libpq/hba.c | 37 ++++++++++++++++++++++------ src/backend/libpq/pg_hba.conf.sample | 7 +++++- 2 files changed, 35 insertions(+), 9 deletions(-) diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c index b1b2f343ee..ea32ead174 100644 --- a/src/backend/libpq/hba.c +++ b/src/backend/libpq/hba.c @@ -10,7 +10,7 @@ * * * IDENTIFICATION - * $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.118 2003/12/05 15:50:31 tgl Exp $ + * $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.119 2003/12/25 03:44:04 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -87,16 +87,19 @@ pg_isblank(const char c) * token or EOF, whichever comes first. If no more tokens on line, * return null string as *buf and position file to beginning of * next line or EOF, whichever comes first. Allow spaces in quoted - * strings. Terminate on unquoted commas. Handle comments. + * strings. Terminate on unquoted commas. Handle comments. Treat + * unquoted keywords that might be user names or database names + * specially, by appending a newline to them. */ void next_token(FILE *fp, char *buf, const int bufsz) { int c; char *start_buf = buf; - char *end_buf = buf + (bufsz - 1); + char *end_buf = buf + (bufsz - 2); bool in_quote = false; bool was_quote = false; + bool saw_quote = false; /* Move over initial whitespace and commas */ while ((c = getc(fp)) != EOF && (pg_isblank(c) || c == ',')) @@ -149,7 +152,10 @@ next_token(FILE *fp, char *buf, const int bufsz) was_quote = false; if (c == '"') + { in_quote = !in_quote; + saw_quote = true; + } c = getc(fp); } @@ -161,7 +167,22 @@ next_token(FILE *fp, char *buf, const int bufsz) if (c != EOF) ungetc(c, fp); } + + + if ( !saw_quote && + ( + strncmp(start_buf,"all",3) == 0 || + strncmp(start_buf,"sameuser",8) == 0 || + strncmp(start_buf,"samegroup",9) == 0 + ) + ) + { + /* append newline to a magical keyword */ + *buf++ = '\n'; + } + *buf = '\0'; + } /* @@ -446,7 +467,7 @@ check_user(char *user, char *param_str) return true; } else if (strcmp(tok, user) == 0 || - strcmp(tok, "all") == 0) + strcmp(tok, "all\n") == 0) return true; } @@ -463,14 +484,14 @@ check_db(char *dbname, char *user, char *param_str) for (tok = strtok(param_str, MULTI_VALUE_SEP); tok != NULL; tok = strtok(NULL, MULTI_VALUE_SEP)) { - if (strcmp(tok, "all") == 0) + if (strcmp(tok, "all\n") == 0) return true; - else if (strcmp(tok, "sameuser") == 0) + else if (strcmp(tok, "sameuser\n") == 0) { if (strcmp(dbname, user) == 0) return true; } - else if (strcmp(tok, "samegroup") == 0) + else if (strcmp(tok, "samegroup\n") == 0) { if (check_group(dbname, user)) return true; @@ -1068,7 +1089,7 @@ check_ident_usermap(const char *usermap_name, errmsg("cannot use Ident authentication without usermap field"))); found_entry = false; } - else if (strcmp(usermap_name, "sameuser") == 0) + else if (strcmp(usermap_name, "sameuser\n") == 0) { if (strcmp(pg_user, ident_user) == 0) found_entry = true; diff --git a/src/backend/libpq/pg_hba.conf.sample b/src/backend/libpq/pg_hba.conf.sample index f4f002b707..bd9120676a 100644 --- a/src/backend/libpq/pg_hba.conf.sample +++ b/src/backend/libpq/pg_hba.conf.sample @@ -35,6 +35,11 @@ # encrypted passwords. OPTION is the ident map or the name of the PAM # service. # +# Database and user names containing spaces, commas, quotes and other special +# characters can be quoted. Quoting one of the keywords "all", "sameuser" or +# "samegroup" makes the name lose its special character, and just match a +# database or username with that name. +# # This file is read on server startup and when the postmaster receives # a SIGHUP signal. If you edit the file on a running system, you have # to SIGHUP the postmaster for the changes to take effect, or use @@ -59,4 +64,4 @@ local all all trust # IPv4-style local connections: host all all 127.0.0.1 255.255.255.255 trust # IPv6-style local connections: -host all all ::1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff trust +host all all ::1/128 trust