Modernise pg_hba.conf token processing

The previous coding was ugly, as it marked special tokens as such in the wrong stage, relying on workarounds to figure out if they had been quoted in the original or not. This made it impossible to have specific keywords be recognized as such only in certain positions in HBA lines, for example. Fix by restructuring the parser code so that it remembers whether tokens were quoted or not. This eliminates widespread knowledge of possible known keywords for all fields. Also improve memory management in this area, to use memory contexts that are reset as a whole instead of using retail pfrees; this removes a whole lotta crufty (and probably slow) code. Instead of calling strlen() three times in next_field_expand on the returned token to find out whether there was a comma (and strip it), pass back the info directly from the callee, which is simpler. In passing, update historical artifacts in hba.c API. Authors: Brendan Jurd, Alvaro Herrera Reviewed by Pavel Stehule
2011-06-20 17:20:14 -04:00 · 2011-06-20 17:20:14 -04:00 · e5e2fc842c
parent 615c384972
commit e5e2fc842c
3 changed files with 657 additions and 621 deletions
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@ -315,15 +315,11 @@ ClientAuthentication(Port *port)

 	/*
 	 * Get the authentication method to use for this frontend/database
-	 * combination.  Note: a failure return indicates a problem with the hba
-	 * config file, not with the request.  hba.c should have dropped an error
-	 * message into the postmaster logfile if it failed.
+	 * combination.  Note: we do not parse the file at this point; this has
+	 * already been done elsewhere.  hba.c dropped an error message
+	 * into the server logfile if parsing the hba config file failed.
 	 */
-	if (hba_getauthmethod(port) != STATUS_OK)
-		ereport(FATAL,
-				(errcode(ERRCODE_CONFIG_FILE_ERROR),
-				 errmsg("missing or erroneous pg_hba.conf file"),
-				 errhint("See server log for details.")));
+	hba_getauthmethod(port);

 	/*
 	 * Enable immediate response to SIGTERM/SIGINT/timeout interrupts. (We
--- a/src/backend/libpq/hba.c
+++ b/src/backend/libpq/hba.c
--- a/src/include/libpq/hba.h
+++ b/src/include/libpq/hba.h
@ -49,12 +49,12 @@ typedef enum ConnType
 	ctHostNoSSL
 } ConnType;

-typedef struct
+typedef struct HbaLine
 {
 	int			linenumber;
 	ConnType	conntype;
-	char	   *database;
-	char	   *role;
+	List	   *databases;
+	List	   *roles;
 	struct sockaddr_storage addr;
 	struct sockaddr_storage mask;
 	IPCompareMethod ip_cmp_method;
@ -87,7 +87,7 @@ typedef struct Port hbaPort;

 extern bool load_hba(void);
 extern void load_ident(void);
-extern int	hba_getauthmethod(hbaPort *port);
+extern void hba_getauthmethod(hbaPort *port);
 extern int check_usermap(const char *usermap_name,
 			  const char *pg_role, const char *auth_user,
 			  bool case_sensitive);