Allow pg_shadow to be MD5 encrypted.
Add ENCRYPTED/UNENCRYPTED option to CREATE/ALTER user.
Add password_encryption postgresql.conf option.
Update wire protocol version to 2.1.
that call is not needed to prepare for SO_PEERCRED. Also, simplify code
so that #ifdef SO_PEERCRED appears in only one place, to make it easier
to support other platforms with variants of this capability.
points out how silly it is to use Autoconf to test for a preprocessor
symbol, when one can equally easily #ifdef on the symbol itself.
Accordingly, revert configure to prior state and do it that way.
system supports SO_PEERCRED requests for Unix sockets. This is an
amalgamation of patches submitted by Helge Bahmann and Oliver Elphick,
with some editorializing by yours truly.
number in the data structure so that we can give at least a minimally
useful idea of where the mistake is when we issue syntax error messages.
Move the ClientAuthentication() call to where it should have been in
the first place, so that postmaster memory releasing can happen in a
reasonable place also. Update obsolete comments, correct one real bug
(auth_argument was not picked up correctly).
are now separate files "postgres.h" and "postgres_fe.h", which are meant
to be the primary include files for backend .c files and frontend .c files
respectively. By default, only include files meant for frontend use are
installed into the installation include directory. There is a new make
target 'make install-all-headers' that adds the whole content of the
src/include tree to the installed fileset, for use by people who want to
develop server-side code without keeping the complete source tree on hand.
Cleaned up a whole lot of crufty and inconsistent header inclusions.
backend functions via backend PQexec(). The SPI interface has long
been our only documented way to do this, and the backend pqexec/portal
code is unused and suffering bit-rot. I'm putting it out of its misery.
running gcc and HP's cc with warnings cranked way up. Signed vs unsigned
comparisons, routines declared static and then defined not-static,
that kind of thing. Tedious, but perhaps useful...
When drawing up a very simple "text-drawing" of how the negotiation is done,
I realised I had done this last part (fallback) in a very stupid way. Patch
#4 fixes this, and does it in a much better way.
Included is also the simple text-drawing of how the negotiation is done.
//Magnus
have > 20000 users and each (potentially) needs a separate database
which is > only accessible to them. Rather than having 20000 lines
in pg_hba.conf, > I've patched Postgres so that the special token
"sameuser" in the > database field of pg_hba.conf allows access
only to the username which > is connecting.
a while back I posted a patch for pg_ident, the patch worked but I didn't
diagnose the problem properly.
on my compiler(gcc2.7.2) this compiles with no errors...
char buf[1000]; if(buf != '\0') {
...but it doesn't compare '\0' with the first char of buf.
What it does:
It solves stupid problem with cyrillic charsets IP-based on-fly recoding.
take a look at /data/charset.conf for details.
You can use any tables for any charset.
Tables are from Russian Apache project.
Tables in this patch contains also Ukrainian characters.
Then run ./configure --enable-recode
I've completed the patch to fix the protocol and authentication issues I
was discussing a couple of weeks ago. The particular changes are:
- the protocol has a version number
- network byte order is used throughout
- the pg_hba.conf file is used to specify what method is used to
authenticate a frontend (either password, ident, trust, reject, krb4
or krb5)
- support for multiplexed backends is removed
- appropriate changes to man pages
- the -a switch to many programs to specify an authentication service
no longer has any effect
- the libpq.so version number has changed to 1.1
The new backend still supports the old protocol so old interfaces won't
break.