Reject empty pg_hba.conf files.
An empty HBA file is surely an error, since it means there is no way to connect to the server. We've not heard identifiable reports of people actually doing that, but this will also close off the case Thom Brown just complained of, namely pointing hba_file at a directory. (On at least some platforms with some directories, it will read as an empty file.) Perhaps this should be back-patched, but given the lack of previous complaints, I won't add extra work for the translators.
This commit is contained in:
Tom Lane
parent
7c19e0446c
commit
e27f52f3a1
|
|
@ -1685,9 +1685,13 @@ check_hba(hbaPort *port)
|
|||
/*
|
||||
* Read the config file and create a List of HbaLine records for the contents.
|
||||
*
|
||||
* The configuration is read into a temporary list, and if any parse error occurs
|
||||
* the old list is kept in place and false is returned. Only if the whole file
|
||||
* parses Ok is the list replaced, and the function returns true.
|
||||
* The configuration is read into a temporary list, and if any parse error
|
||||
* occurs the old list is kept in place and false is returned. Only if the
|
||||
* whole file parses OK is the list replaced, and the function returns true.
|
||||
*
|
||||
* On a false result, caller will take care of reporting a FATAL error in case
|
||||
* this is the initial startup. If it happens on reload, we just keep running
|
||||
* with the old data.
|
||||
*/
|
||||
bool
|
||||
load_hba(void)
|
||||
|
|
@ -1710,12 +1714,6 @@ load_hba(void)
|
|||
(errcode_for_file_access(),
|
||||
errmsg("could not open configuration file \"%s\": %m",
|
||||
HbaFileName)));
|
||||
|
||||
/*
|
||||
* Caller will take care of making this a FATAL error in case this is
|
||||
* the initial startup. If it happens on reload, we just keep the old
|
||||
* version around.
|
||||
*/
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -1755,13 +1753,27 @@ load_hba(void)
|
|||
new_parsed_lines = lappend(new_parsed_lines, newline);
|
||||
}
|
||||
|
||||
/*
|
||||
* A valid HBA file must have at least one entry; else there's no way
|
||||
* to connect to the postmaster. But only complain about this if we
|
||||
* didn't already have parsing errors.
|
||||
*/
|
||||
if (ok && new_parsed_lines == NIL)
|
||||
{
|
||||
ereport(LOG,
|
||||
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
||||
errmsg("configuration file \"%s\" contains no entries",
|
||||
HbaFileName)));
|
||||
ok = false;
|
||||
}
|
||||
|
||||
/* Free tokenizer memory */
|
||||
MemoryContextDelete(linecxt);
|
||||
MemoryContextSwitchTo(oldcxt);
|
||||
|
||||
if (!ok)
|
||||
{
|
||||
/* Parsing failed at one or more rows, so bail out */
|
||||
/* File contained one or more errors, so bail out */
|
||||
MemoryContextDelete(hbacxt);
|
||||
return false;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue