Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit370f909

Browse files
committed
Cause pg_hba.conf file inclusion (@file stuff) to behave as documented,
that is, files are sought in the same directory as the referencing file.Also allow absolute paths in@file constructs. Improve documentationto actually say what is allowed in an included file.
1 parent6dac6b8 commit370f909

File tree

2 files changed

+95
-81
lines changed

2 files changed

+95
-81
lines changed

‎doc/src/sgml/client-auth.sgml

Lines changed: 13 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
<!--
2-
$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.69 2004/12/26 23:06:56 tgl Exp $
2+
$PostgreSQL: pgsql/doc/src/sgml/client-auth.sgml,v 1.70 2004/12/27 19:19:23 tgl Exp $
33
-->
44

55
<chapter id="client-authentication">
@@ -175,8 +175,7 @@ hostnossl <replaceable>database</replaceable> <replaceable>user</replaceable>
175175
a specific <productname>PostgreSQL</productname> database.
176176
Multiple database names can be supplied by separating them with
177177
commas. A file containing database names can be specified by
178-
preceding the file name with <literal>@</>. The file must be in
179-
the same directory as <filename>pg_hba.conf</>.
178+
preceding the file name with <literal>@</>.
180179
</para>
181180
</listitem>
182181
</varlistentry>
@@ -192,8 +191,7 @@ hostnossl <replaceable>database</replaceable> <replaceable>user</replaceable>
192191
can be supplied by separating them with commas. Group names can
193192
be specified by preceding the group name with <literal>+</>. A
194193
file containing user names can be specified by preceding the
195-
file name with <literal>@</>. The file must be in the same
196-
directory as <filename>pg_hba.conf</>.
194+
file name with <literal>@</>.
197195
</para>
198196
</listitem>
199197
</varlistentry>
@@ -393,6 +391,16 @@ hostnossl <replaceable>database</replaceable> <replaceable>user</replaceable>
393391
</variablelist>
394392
</para>
395393

394+
<para>
395+
Files included by <literal>@</> constructs are read as lists of names,
396+
which can be separated by either whitespace or commas. Comments are
397+
introduced by <literal>#</literal>, just as in
398+
<filename>pg_hba.conf</filename>, and nested <literal>@</> constructs are
399+
allowed. Unless the file name following <literal>@</> is an absolute
400+
path, it is taken to be relative to the directory containing the
401+
referencing file.
402+
</para>
403+
396404
<para>
397405
Since the <filename>pg_hba.conf</filename> records are examined
398406
sequentially for each connection attempt, the order of the records is

‎src/backend/libpq/hba.c

Lines changed: 82 additions & 76 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
*
1111
*
1212
* IDENTIFICATION
13-
* $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.134 2004/11/17 19:54:24 tgl Exp $
13+
* $PostgreSQL: pgsql/src/backend/libpq/hba.c,v 1.135 2004/12/27 19:19:24 tgl Exp $
1414
*
1515
*-------------------------------------------------------------------------
1616
*/
@@ -82,8 +82,10 @@ static List **group_sorted = NULL;/* sorted group list, for
8282
staticintuser_length;
8383
staticintgroup_length;
8484

85-
staticvoidtokenize_file(FILE*file,List**lines,List**line_nums);
86-
staticchar*tokenize_inc_file(constchar*inc_filename);
85+
staticvoidtokenize_file(constchar*filename,FILE*file,
86+
List**lines,List**line_nums);
87+
staticchar*tokenize_inc_file(constchar*outer_filename,
88+
constchar*inc_filename);
8789

8890
/*
8991
* isblank() exists in the ISO C99 spec, but it's not very portable yet,
@@ -212,7 +214,7 @@ next_token(FILE *fp, char *buf, int bufsz)
212214
* we have reached EOL.
213215
*/
214216
staticchar*
215-
next_token_expand(FILE*file)
217+
next_token_expand(constchar*filename,FILE*file)
216218
{
217219
charbuf[MAX_TOKEN];
218220
char*comma_str=pstrdup("");
@@ -236,7 +238,7 @@ next_token_expand(FILE *file)
236238

237239
/* Is this referencing a file? */
238240
if (buf[0]=='@')
239-
incbuf=tokenize_inc_file(buf+1);
241+
incbuf=tokenize_inc_file(filename,buf+1);
240242
else
241243
incbuf=pstrdup(buf);
242244

@@ -301,40 +303,53 @@ free_lines(List **lines, List **line_nums)
301303

302304

303305
staticchar*
304-
tokenize_inc_file(constchar*inc_filename)
306+
tokenize_inc_file(constchar*outer_filename,
307+
constchar*inc_filename)
305308
{
306309
char*inc_fullname;
307310
FILE*inc_file;
308311
List*inc_lines;
309312
List*inc_line_nums;
310313
ListCell*line;
311-
char*comma_str=pstrdup("");
314+
char*comma_str;
312315

313-
inc_fullname= (char*)palloc(strlen(DataDir)+1+
314-
strlen(inc_filename)+1);
315-
strcpy(inc_fullname,DataDir);
316-
strcat(inc_fullname,"/");
317-
strcat(inc_fullname,inc_filename);
316+
if (is_absolute_path(inc_filename))
317+
{
318+
/* absolute path is taken as-is */
319+
inc_fullname=pstrdup(inc_filename);
320+
}
321+
else
322+
{
323+
/* relative path is relative to dir of calling file */
324+
inc_fullname= (char*)palloc(strlen(outer_filename)+1+
325+
strlen(inc_filename)+1);
326+
strcpy(inc_fullname,outer_filename);
327+
get_parent_directory(inc_fullname);
328+
join_path_components(inc_fullname,inc_fullname,inc_filename);
329+
canonicalize_path(inc_fullname);
330+
}
318331

319332
inc_file=AllocateFile(inc_fullname,"r");
320-
if (!inc_file)
333+
if (inc_file==NULL)
321334
{
322335
ereport(LOG,
323336
(errcode_for_file_access(),
324337
errmsg("could not open secondary authentication file \"@%s\" as \"%s\": %m",
325338
inc_filename,inc_fullname)));
326339
pfree(inc_fullname);
327340

328-
/* returnempty string, it matches nothing */
329-
returncomma_str;
341+
/* returnsingle space, it matches nothing */
342+
returnpstrdup(" ");
330343
}
331-
pfree(inc_fullname);
332344

333345
/* There is possible recursion here if the file contains @ */
334-
tokenize_file(inc_file,&inc_lines,&inc_line_nums);
346+
tokenize_file(inc_fullname,inc_file,&inc_lines,&inc_line_nums);
347+
335348
FreeFile(inc_file);
349+
pfree(inc_fullname);
336350

337351
/* Create comma-separated string from List */
352+
comma_str=pstrdup("");
338353
foreach(line,inc_lines)
339354
{
340355
List*token_list= (List*)lfirst(line);
@@ -357,6 +372,13 @@ tokenize_inc_file(const char *inc_filename)
357372

358373
free_lines(&inc_lines,&inc_line_nums);
359374

375+
/* if file is empty, return single space rather than empty string */
376+
if (strlen(comma_str)==0)
377+
{
378+
pfree(comma_str);
379+
returnpstrdup(" ");
380+
}
381+
360382
returncomma_str;
361383
}
362384

@@ -365,9 +387,12 @@ tokenize_inc_file(const char *inc_filename)
365387
* Tokenize the given file, storing the resulting data into two lists:
366388
* a list of sublists, each sublist containing the tokens in a line of
367389
* the file, and a list of line numbers.
390+
*
391+
* filename must be the absolute path to the target file.
368392
*/
369393
staticvoid
370-
tokenize_file(FILE*file,List**lines,List**line_nums)
394+
tokenize_file(constchar*filename,FILE*file,
395+
List**lines,List**line_nums)
371396
{
372397
List*current_line=NIL;
373398
intline_number=1;
@@ -377,7 +402,7 @@ tokenize_file(FILE *file, List **lines, List **line_nums)
377402

378403
while (!feof(file))
379404
{
380-
buf=next_token_expand(file);
405+
buf=next_token_expand(filename,file);
381406

382407
/* add token to list, unless we are at EOL or comment start */
383408
if (buf[0])
@@ -893,61 +918,13 @@ check_hba(hbaPort *port)
893918
}
894919

895920

896-
897-
/*
898-
* Open the group file if possible (return NULL if not)
899-
*/
900-
staticFILE*
901-
group_openfile(void)
902-
{
903-
char*filename;
904-
FILE*groupfile;
905-
906-
filename=group_getfilename();
907-
groupfile=AllocateFile(filename,"r");
908-
909-
if (groupfile==NULL&&errno!=ENOENT)
910-
ereport(LOG,
911-
(errcode_for_file_access(),
912-
errmsg("could not open file \"%s\": %m",filename)));
913-
914-
pfree(filename);
915-
916-
returngroupfile;
917-
}
918-
919-
920-
921-
/*
922-
* Open the password file if possible (return NULL if not)
923-
*/
924-
staticFILE*
925-
user_openfile(void)
926-
{
927-
char*filename;
928-
FILE*pwdfile;
929-
930-
filename=user_getfilename();
931-
pwdfile=AllocateFile(filename,"r");
932-
933-
if (pwdfile==NULL&&errno!=ENOENT)
934-
ereport(LOG,
935-
(errcode_for_file_access(),
936-
errmsg("could not open file \"%s\": %m",filename)));
937-
938-
pfree(filename);
939-
940-
returnpwdfile;
941-
}
942-
943-
944-
945921
/*
946922
* Load group/user name mapping file
947923
*/
948924
void
949925
load_group(void)
950926
{
927+
char*filename;
951928
FILE*group_file;
952929

953930
/* Discard any old data */
@@ -958,11 +935,25 @@ load_group(void)
958935
group_sorted=NULL;
959936
group_length=0;
960937

961-
group_file=group_openfile();
962-
if (!group_file)
938+
/* Read in the file contents */
939+
filename=group_getfilename();
940+
group_file=AllocateFile(filename,"r");
941+
942+
if (group_file==NULL)
943+
{
944+
/* no complaint if not there */
945+
if (errno!=ENOENT)
946+
ereport(LOG,
947+
(errcode_for_file_access(),
948+
errmsg("could not open file \"%s\": %m",filename)));
949+
pfree(filename);
963950
return;
964-
tokenize_file(group_file,&group_lines,&group_line_nums);
951+
}
952+
953+
tokenize_file(filename,group_file,&group_lines,&group_line_nums);
954+
965955
FreeFile(group_file);
956+
pfree(filename);
966957

967958
/* create sorted lines for binary searching */
968959
group_length=list_length(group_lines);
@@ -990,6 +981,7 @@ load_group(void)
990981
void
991982
load_user(void)
992983
{
984+
char*filename;
993985
FILE*user_file;
994986

995987
/* Discard any old data */
@@ -1000,11 +992,25 @@ load_user(void)
1000992
user_sorted=NULL;
1001993
user_length=0;
1002994

1003-
user_file=user_openfile();
1004-
if (!user_file)
995+
/* Read in the file contents */
996+
filename=user_getfilename();
997+
user_file=AllocateFile(filename,"r");
998+
999+
if (user_file==NULL)
1000+
{
1001+
/* no complaint if not there */
1002+
if (errno!=ENOENT)
1003+
ereport(LOG,
1004+
(errcode_for_file_access(),
1005+
errmsg("could not open file \"%s\": %m",filename)));
1006+
pfree(filename);
10051007
return;
1006-
tokenize_file(user_file,&user_lines,&user_line_nums);
1008+
}
1009+
1010+
tokenize_file(filename,user_file,&user_lines,&user_line_nums);
1011+
10071012
FreeFile(user_file);
1013+
pfree(filename);
10081014

10091015
/* create sorted lines for binary searching */
10101016
user_length=list_length(user_lines);
@@ -1045,7 +1051,7 @@ load_hba(void)
10451051
errmsg("could not open configuration file \"%s\": %m",
10461052
HbaFileName)));
10471053

1048-
tokenize_file(file,&hba_lines,&hba_line_nums);
1054+
tokenize_file(HbaFileName,file,&hba_lines,&hba_line_nums);
10491055
FreeFile(file);
10501056
}
10511057

@@ -1189,7 +1195,7 @@ load_ident(void)
11891195
}
11901196
else
11911197
{
1192-
tokenize_file(file,&ident_lines,&ident_line_nums);
1198+
tokenize_file(IdentFileName,file,&ident_lines,&ident_line_nums);
11931199
FreeFile(file);
11941200
}
11951201
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp