| Lists: | pgsql-hackers |
|---|
| From: | Amit Kapila <amit(dot)kapila(at)huawei(dot)com> |
|---|---|
| To: | "'Pg Hackers'" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | [WIP] Patch : Change pg_ident.conf parsing to be the same as pg_hba.conf |
| Date: | 2012-07-02 12:08:22 |
| Message-ID: | 008801cd584bd2ed8078c880$@kapila@huawei.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
Attached is a Patch to change the parsing of pg_ident.conf to make it
similar to pg_hba.conf.
This is based on Todo Item:
http://archives.postgresql.org/pgsql-hackers/2011-06/msg02204.php
Purpose - This will allow to catch syntax errors in pg_ident at the startup
or reload time.
Changes are described as follows:
a. Make the load_ident() functionality same as load_hba, such that it
cleans the previous context, after successful parsing.
b. Change the load_ident(), so that parsing can be done during load
time and the parsed lines are saved.
c. Change the functionality of parse_ident_usermap() so that parsing is
not done during authentication.
d. If load_ident() fails for parsing, it returns false and error is
issued.
This point I am not sure, as for pg_hba failure it issues FATAL at
startup. Currently I have kept error handling for load of pg_ident same as
pg_hba
I have done the basic testing and test is still in progress.
Suggestions?
With Regards,
Amit Kapila.
| Attachment | Content-Type | Size |
|---|---|---|
| pg_ident_parsing.patch | application/octet-stream | 15.2 KB |
| From: | Heikki Linnakangas <hlinnakangas(at)vmware(dot)com> |
|---|---|
| To: | Amit Kapila <amit(dot)kapila(at)huawei(dot)com> |
| Cc: | 'Pg Hackers' <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [WIP] Patch : Change pg_ident.conf parsing to be the same as pg_hba.conf |
| Date: | 2012-09-21 14:58:34 |
| Message-ID: | 505C809A.5030802@vmware.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
On 02.07.2012 15:08, Amit Kapila wrote:
> Attached is a Patch to change the parsing of pg_ident.conf to make it
> similar to pg_hba.conf.
> This is based on Todo Item:
> http://archives.postgresql.org/pgsql-hackers/2011-06/msg02204.php
>
> Purpose - This will allow to catch syntax errors in pg_ident at the startup
> or reload time.
>
>
> Changes are described as follows:
> a. Make the load_ident() functionality same as load_hba, such that it
> cleans the previous context, after successful parsing.
> b. Change the load_ident(), so that parsing can be done during load
> time and the parsed lines are saved.
> c. Change the functionality of parse_ident_usermap() so that parsing is
> not done during authentication.
> d. If load_ident() fails for parsing, it returns false and error is
> issued.
Looks good to me, committed with some small cleanup.
> This point I am not sure, as for pg_hba failure it issues FATAL at
> startup. Currently I have kept error handling for load of pg_ident same as
> pg_hba
I think we should be more lenient with pg_ident.conf, and behave as if
the file was empty. That is the old behavior, and it seems sensible. You
can still connect using an authentication method that doesn't use
pg_ident.conf, but if pg_hba.conf is missing, you cannot log in at all.
Thanks!
- Heikki
| From: | Amit kapila <amit(dot)kapila(at)huawei(dot)com> |
|---|---|
| To: | Heikki Linnakangas <hlinnakangas(at)vmware(dot)com> |
| Cc: | "'Pg Hackers'" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: [WIP] Patch : Change pg_ident.conf parsing to be the same as pg_hba.conf |
| Date: | 2012-09-22 03:57:08 |
| Message-ID: | 6C0B27F7206C9E4CA54AE035729E9C38285339C8@szxeml509-mbs |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
On Friday, September 21, 2012 8:28 PM Heikki Linnakangas wrote:
On 02.07.2012 15:08, Amit Kapila wrote:
>> Attached is a Patch to change the parsing of pg_ident.conf to make it
>> similar to pg_hba.conf.
>> This is based on Todo Item:
>> http://archives.postgresql.org/pgsql-hackers/2011-06/msg02204.php
>
>> Purpose - This will allow to catch syntax errors in pg_ident at the startup
>> or reload time.
>
> Looks good to me, committed with some small cleanup.
Thank you.
With Regards,
Amit Kapila.