Modernise pg_hba.conf token processing
The previous coding was ugly, as it marked special tokens as such in the wrong stage, relying on workarounds to figure out if they had been quoted in the original or not. This made it impossible to have specific keywords be recognized as such only in certain positions in HBA lines, for example. Fix by restructuring the parser code so that it remembers whether tokens were quoted or not. This eliminates widespread knowledge of possible known keywords for all fields. Also improve memory management in this area, to use memory contexts that are reset as a whole instead of using retail pfrees; this removes a whole lotta crufty (and probably slow) code. Instead of calling strlen() three times in next_field_expand on the returned token to find out whether there was a comma (and strip it), pass back the info directly from the callee, which is simpler. In passing, update historical artifacts in hba.c API. Authors: Brendan Jurd, Alvaro Herrera Reviewed by Pavel Stehule
This commit is contained in:
parent
615c384972
commit
e5e2fc842c
|
@ -315,15 +315,11 @@ ClientAuthentication(Port *port)
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Get the authentication method to use for this frontend/database
|
* Get the authentication method to use for this frontend/database
|
||||||
* combination. Note: a failure return indicates a problem with the hba
|
* combination. Note: we do not parse the file at this point; this has
|
||||||
* config file, not with the request. hba.c should have dropped an error
|
* already been done elsewhere. hba.c dropped an error message
|
||||||
* message into the postmaster logfile if it failed.
|
* into the server logfile if parsing the hba config file failed.
|
||||||
*/
|
*/
|
||||||
if (hba_getauthmethod(port) != STATUS_OK)
|
hba_getauthmethod(port);
|
||||||
ereport(FATAL,
|
|
||||||
(errcode(ERRCODE_CONFIG_FILE_ERROR),
|
|
||||||
errmsg("missing or erroneous pg_hba.conf file"),
|
|
||||||
errhint("See server log for details.")));
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Enable immediate response to SIGTERM/SIGINT/timeout interrupts. (We
|
* Enable immediate response to SIGTERM/SIGINT/timeout interrupts. (We
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -49,12 +49,12 @@ typedef enum ConnType
|
||||||
ctHostNoSSL
|
ctHostNoSSL
|
||||||
} ConnType;
|
} ConnType;
|
||||||
|
|
||||||
typedef struct
|
typedef struct HbaLine
|
||||||
{
|
{
|
||||||
int linenumber;
|
int linenumber;
|
||||||
ConnType conntype;
|
ConnType conntype;
|
||||||
char *database;
|
List *databases;
|
||||||
char *role;
|
List *roles;
|
||||||
struct sockaddr_storage addr;
|
struct sockaddr_storage addr;
|
||||||
struct sockaddr_storage mask;
|
struct sockaddr_storage mask;
|
||||||
IPCompareMethod ip_cmp_method;
|
IPCompareMethod ip_cmp_method;
|
||||||
|
@ -87,7 +87,7 @@ typedef struct Port hbaPort;
|
||||||
|
|
||||||
extern bool load_hba(void);
|
extern bool load_hba(void);
|
||||||
extern void load_ident(void);
|
extern void load_ident(void);
|
||||||
extern int hba_getauthmethod(hbaPort *port);
|
extern void hba_getauthmethod(hbaPort *port);
|
||||||
extern int check_usermap(const char *usermap_name,
|
extern int check_usermap(const char *usermap_name,
|
||||||
const char *pg_role, const char *auth_user,
|
const char *pg_role, const char *auth_user,
|
||||||
bool case_sensitive);
|
bool case_sensitive);
|
||||||
|
|
Loading…
Reference in New Issue