Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit3f372ee

Browse files
committed
> I needed to do that for the web database that I'm setting up. We
have > 20000 users and each (potentially) needs a separate databasewhich is > only accessible to them. Rather than having 20000 linesin pg_hba.conf, > I've patched Postgres so that the special token"sameuser" in the > database field of pg_hba.conf allows accessonly to the username which > is connecting.
1 parentd939f60 commit3f372ee

File tree

5 files changed

+27
-24
lines changed

5 files changed

+27
-24
lines changed

‎src/backend/libpq/auth.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
*
88
*
99
* IDENTIFICATION
10-
* $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.27 1998/02/26 04:31:42 momjian Exp $
10+
* $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.28 1998/06/13 04:27:14 momjian Exp $
1111
*
1212
*-------------------------------------------------------------------------
1313
*/
@@ -419,8 +419,8 @@ be_recvauth(Port *port)
419419
* combination.
420420
*/
421421

422-
if (hba_getauthmethod(&port->raddr,port->database,port->auth_arg,
423-
&port->auth_method)!=STATUS_OK)
422+
if (hba_getauthmethod(&port->raddr,port->user,port->database,
423+
port->auth_arg,&port->auth_method)!=STATUS_OK)
424424
PacketSendError(&port->pktInfo,"Missing or mis-configured pg_hba.conf file");
425425

426426
elseif (PG_PROTOCOL_MAJOR(port->proto)==0)

‎src/backend/libpq/hba.c

Lines changed: 17 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
*
88
*
99
* IDENTIFICATION
10-
* $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.30 1998/03/15 08:18:03 scrappy Exp $
10+
* $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.31 1998/06/13 04:27:15 momjian Exp $
1111
*
1212
*-------------------------------------------------------------------------
1313
*/
@@ -154,8 +154,8 @@ read_hba_entry2(FILE *file, UserAuth *userauth_p, char auth_arg[],
154154

155155

156156
staticvoid
157-
process_hba_record(FILE*file,SockAddr*raddr,constchardatabase[],
158-
bool*matches_p,bool*error_p,
157+
process_hba_record(FILE*file,SockAddr*raddr,constcharuser[],
158+
constchardatabase[],bool*matches_p,bool*error_p,
159159
UserAuth*userauth_p,charauth_arg[])
160160
{
161161
/*---------------------------------------------------------------------------
@@ -210,7 +210,8 @@ process_hba_record(FILE *file, SockAddr *raddr, const char database[],
210210
* sort of connection, ignore it.
211211
*/
212212

213-
if ((strcmp(db,database)!=0&&strcmp(db,"all")!=0)||
213+
if ((strcmp(buf,database)!=0&&strcmp(buf,"all")!=0&&
214+
(strcmp(buf,"sameuser")!=0||strcmp(user,database)!=0))||
214215
raddr->sa.sa_family!=AF_UNIX)
215216
return;
216217
}
@@ -269,7 +270,8 @@ process_hba_record(FILE *file, SockAddr *raddr, const char database[],
269270
* sort of connection, ignore it.
270271
*/
271272

272-
if ((strcmp(db,database)!=0&&strcmp(db,"all")!=0)||
273+
if ((strcmp(buf,database)!=0&&strcmp(buf,"all")!=0&&
274+
(strcmp(buf,"sameuser")!=0||strcmp(user,database)!=0))||
273275
raddr->sa.sa_family!=AF_INET||
274276
((file_ip_addr.s_addr ^raddr->in.sin_addr.s_addr)&mask.s_addr)!=0x0000)
275277
return;
@@ -297,9 +299,9 @@ process_hba_record(FILE *file, SockAddr *raddr, const char database[],
297299

298300

299301
staticvoid
300-
process_open_config_file(FILE*file,SockAddr*raddr,constchardatabase[],
301-
bool*host_ok_p,UserAuth*userauth_p,
302-
charauth_arg[])
302+
process_open_config_file(FILE*file,SockAddr*raddr,constcharuser[],
303+
constchardatabase[],bool*host_ok_p,
304+
UserAuth*userauth_p,charauth_arg[])
303305
{
304306
/*---------------------------------------------------------------------------
305307
This function does the same thing as find_hba_entry, only with
@@ -333,7 +335,7 @@ process_open_config_file(FILE *file, SockAddr *raddr, const char database[],
333335
read_through_eol(file);
334336
else
335337
{
336-
process_hba_record(file,raddr,database,
338+
process_hba_record(file,raddr,user,database,
337339
&found_entry,&error,userauth_p,auth_arg);
338340
}
339341
}
@@ -353,8 +355,8 @@ process_open_config_file(FILE *file, SockAddr *raddr, const char database[],
353355

354356

355357
staticvoid
356-
find_hba_entry(SockAddr*raddr,constchardatabase[],bool*host_ok_p,
357-
UserAuth*userauth_p,charauth_arg[])
358+
find_hba_entry(SockAddr*raddr,constcharuser[],constchardatabase[],
359+
bool*host_ok_p,UserAuth*userauth_p,charauth_arg[])
358360
{
359361
/*--------------------------------------------------------------------------
360362
Read the config file and find an entry that allows connection from
@@ -428,7 +430,7 @@ find_hba_entry(SockAddr *raddr, const char database[], bool *host_ok_p,
428430
}
429431
else
430432
{
431-
process_open_config_file(file,raddr,database,host_ok_p,userauth_p,
433+
process_open_config_file(file,raddr,user,database,host_ok_p,userauth_p,
432434
auth_arg);
433435
FreeFile(file);
434436
}
@@ -1054,8 +1056,8 @@ GetCharSetByHost(char TableName[], int host, const char DataDir[])
10541056
#endif
10551057

10561058
externint
1057-
hba_getauthmethod(SockAddr*raddr,char*database,char*auth_arg,
1058-
UserAuth*auth_method)
1059+
hba_getauthmethod(SockAddr*raddr,char*user,char*database,
1060+
char*auth_arg,UserAuth*auth_method)
10591061
{
10601062
/*---------------------------------------------------------------------------
10611063
Determine what authentication method should be used when accessing database
@@ -1066,7 +1068,7 @@ hba_getauthmethod(SockAddr *raddr, char *database, char *auth_arg,
10661068

10671069
host_ok= false;
10681070

1069-
find_hba_entry(raddr,database,&host_ok,auth_method,auth_arg);
1071+
find_hba_entry(raddr,user,database,&host_ok,auth_method,auth_arg);
10701072

10711073
return (host_ok ?STATUS_OK :STATUS_ERROR);
10721074
}

‎src/backend/libpq/pg_hba.conf.sample

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -39,8 +39,9 @@
3939
#
4040
# host DBNAME IP_ADDRESS ADDRESS_MASK USERAUTH [AUTH_ARGUMENT]
4141
#
42-
# DBNAME is the name of a PostgreSQL database, or "all" to indicate all
43-
# databases.
42+
# DBNAME is the name of a PostgreSQL database, "all" to indicate all
43+
# databases, or "sameuser" to restrict a user's access to a database
44+
# with the same user name.
4445
#
4546
# IP_ADDRESS and ADDRESS_MASK are a standard dotted decimal IP address and
4647
# mask to identify a set of hosts. These hosts are allowed to connect to

‎src/backend/parser/gram.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -218,7 +218,7 @@
218218
*
219219
*
220220
* IDENTIFICATION
221-
* $Header: /cvsroot/pgsql/src/backend/parser/Attic/gram.c,v 2.11 1998/05/12 17:46:46 momjian Exp $
221+
* $Header: /cvsroot/pgsql/src/backend/parser/Attic/gram.c,v 2.12 1998/06/13 04:27:15 momjian Exp $
222222
*
223223
* HISTORY
224224
* AUTHORDATEMAJOR EVENT

‎src/include/libpq/hba.h

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
* Interface to hba.c
55
*
66
*
7-
* $Id: hba.h,v 1.8 1998/02/26 04:41:43 momjian Exp $
7+
* $Id: hba.h,v 1.9 1998/06/13 04:27:18 momjian Exp $
88
*
99
*-------------------------------------------------------------------------
1010
*/
@@ -51,8 +51,8 @@ typedef enum UserAuth
5151
}UserAuth;
5252

5353
int
54-
hba_getauthmethod(SockAddr*raddr,char*database,char*auth_arg,
55-
UserAuth*auth_method);
54+
hba_getauthmethod(SockAddr*raddr,char*user,char*database,
55+
char*auth_arg,UserAuth*auth_method);
5656
int
5757
authident(structsockaddr_in*raddr,structsockaddr_in*laddr,
5858
constcharpostgres_username[],constcharauth_arg[]);

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp