Re: Allow file inclusion in pg_hba and pg_ident files
Michael Paquier <michael@paquier.xyz>
Attachments
- v17-0001-Expand-the-use-of-AbsoluteConfigLocation-in-hba..patch (text/x-diff) patch v17-0001
- v17-0002-Invent-open_auth_file-in-hba.c-to-refactor-auth-.patch (text/x-diff) patch v17-0002
- v17-0003-Allow-file-inclusion-in-pg_hba-and-pg_ident-file.patch (text/x-diff) patch v17-0003
On Mon, Nov 07, 2022 at 03:07:15PM +0900, Michael Paquier wrote: > Attached is a set of three patches: > - 0001 changes tokenize_inc_file() to use AbsoluteConfigLocation(). > AbsoluteConfigLocation() uses a static buffer and a MAXPGPATH, but > we'd rather change it to use a palloc()+strcpy() instead and remove > the static restriction? What do you think? The same applies for the > case where we use DataDir, actually, and it seems like there is no > point in this path-length restriction in this code path. > - 0002 invents the interface to open auth files and check for their > depths, simplifying the main patch a bit as there is no need to track > the depth level here and there anymore. > - 0003 is the rebased patch, simplified after the other changes. The > bulk of the patch is in its TAP test. CF bot unhappy as I have messed up with rules.out. Rebased. I have removed the restriction on MAXPGPATH in AbsoluteConfigLocation() in 0001, while on it. The absolute paths built on GUC or ident inclusions are the same. -- Michael
Commits
-
Add TAP tests for include directives in HBA end ident files
- cbe6e482d7bf 16.0 landed
-
Introduce variables for initial and max nesting depth on configuration files
- d13b684117bd 16.0 landed
-
Add support for file inclusions in HBA and ident configuration files
- a54b658ce77b 16.0 landed
-
Add missing initialization in tokenize_expand_file() for output list
- d5566fbfeb6a 16.0 landed
-
Rework memory contexts in charge of HBA/ident tokenization
- efc981627a72 16.0 landed
-
Add error context callback when tokenizing authentication files
- ad6c52846f13 16.0 landed
-
Invent open_auth_file() in hba.c to refactor authentication file opening
- 783e8c69cbcd 16.0 landed
-
Use AbsoluteConfigLocation() when building an included path in hba.c
- 6bbd8b73857a 16.0 landed
-
Move code related to configuration files in directories to new file
- a1a7bb8f16cd 16.0 landed
-
doc: Fix some descriptions related to pg_ident_file_mappings
- 468a9f37fb69 15.1 landed
- e76502871ee3 16.0 landed
-
Add rule_number to pg_hba_file_rules and map_number to pg_ident_file_mappings
- c591300a8f54 16.0 landed
-
Refactor code handling the names of files loaded in hba.c
- 1b73d0b1c393 16.0 landed
-
Make consistent a couple of log messages when parsing HBA files
- 718fe0a14add 16.0 landed
-
Use hba_file/ident_file GUCs rather than pg_hba.conf/pg_ident.conf in logs
- 47ab1ac822cd 16.0 landed
-
Fix path reference when parsing pg_ident.conf for pg_ident_file_mappings
- 7977ac1640a7 15.0 landed
- 27e0ee57f68d 16.0 landed
-
Add system view pg_ident_file_mappings
- a2c84990bea7 15.0 landed
-
Modify query on pg_hba_file_rules to check for errors in regression tests
- 091a971bb59c 15.0 landed
-
Refactor code related to pg_hba_file_rules() into new file
- d4781d8873f8 15.0 landed