Eliminate fixed token-length limit in hba.c.

Tom Lane <tgl@sss.pgh.pa.us>

Commit: de3f0e3fe0e7d44620111c5723504a3a6e8c046e
Author: Tom Lane <tgl@sss.pgh.pa.us>
Date: 2023-07-27T15:56:35Z
Releases: 16.0
Eliminate fixed token-length limit in hba.c.

Historically, hba.c limited tokens in the authentication configuration
files (pg_hba.conf and pg_ident.conf) to less than 256 bytes.  We have
seen a few reports of this limit causing problems; notably, for
moderately-complex LDAP configurations.  Let's get rid of the fixed
limit by using a StringInfo instead of a fixed-size buffer.
This actually takes less code than before, since we can get rid of
a nontrivial error recovery stanza.  It's doubtless a hair slower,
but parsing the content of the HBA files should in no way be
performance-critical.

Although this is a pretty straightforward patch, it doesn't seem
worth the risk to back-patch given the small number of complaints
to date.  In released branches, we'll just raise MAX_TOKEN to
ameliorate the problem.

Discussion: https://postgr.es/m/1588937.1690221208@sss.pgh.pa.us

Files

PathChange+/−
src/backend/libpq/hba.c modified +26 −48

Discussion