Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitde16ab7

Browse files
committed
Invent pg_hba_file_rules view to show the content of pg_hba.conf.
This view is designed along the same lines as pg_file_settings, to witit shows what is currently in the file, not what the postmaster hasloaded as the active settings. That allows it to be used to pre-vetedits before issuing SIGHUP. As with the earlier view, go out of ourway to allow errors in the file to be reflected in the view, to assistthat use-case.(We might at some point invent a view to show the current active settings,but this is not that patch; and it's not trivial to do.)Haribabu Kommi, reviewed by Ashutosh Bapat, Michael Paquier, Simon Riggs,and myselfDiscussion:https://postgr.es/m/CAJrrPGerH4jiwpcXT1-46QXUDmNp2QDrG9+-Tek_xC8APHShYw@mail.gmail.com
1 parentd002f16 commitde16ab7

File tree

10 files changed

+873
-121
lines changed

10 files changed

+873
-121
lines changed

‎doc/src/sgml/catalogs.sgml

Lines changed: 113 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7808,6 +7808,11 @@
78087808
<entry>groups of database users</entry>
78097809
</row>
78107810

7811+
<row>
7812+
<entry><link linkend="view-pg-hba-file-rules"><structname>pg_hba_file_rules</structname></link></entry>
7813+
<entry>summary of client authentication configuration file contents</entry>
7814+
</row>
7815+
78117816
<row>
78127817
<entry><link linkend="view-pg-indexes"><structname>pg_indexes</structname></link></entry>
78137818
<entry>indexes</entry>
@@ -8408,6 +8413,114 @@
84088413

84098414
</sect1>
84108415

8416+
<sect1 id="view-pg-hba-file-rules">
8417+
<title><structname>pg_hba_file_rules</structname></title>
8418+
8419+
<indexterm zone="view-pg-hba-file-rules">
8420+
<primary>pg_hba_file_rules</primary>
8421+
</indexterm>
8422+
8423+
<para>
8424+
The view <structname>pg_hba_file_rules</structname> provides a summary of
8425+
the contents of the client authentication configuration
8426+
file, <filename>pg_hba.conf</>. A row appears in this view for each
8427+
non-empty, non-comment line in the file, with annotations indicating
8428+
whether the rule could be applied successfully.
8429+
</para>
8430+
8431+
<para>
8432+
This view can be helpful for checking whether planned changes in the
8433+
authentication configuration file will work, or for diagnosing a previous
8434+
failure. Note that this view reports on the <emphasis>current</> contents
8435+
of the file, not on what was last loaded by the server.
8436+
</para>
8437+
8438+
<para>
8439+
By default, the <structname>pg_hba_file_rules</structname> view can be read
8440+
only by superusers.
8441+
</para>
8442+
8443+
<table>
8444+
<title><structname>pg_hba_file_rules</> Columns</title>
8445+
8446+
<tgroup cols="3">
8447+
<thead>
8448+
<row>
8449+
<entry>Name</entry>
8450+
<entry>Type</entry>
8451+
<entry>Description</entry>
8452+
</row>
8453+
</thead>
8454+
<tbody>
8455+
<row>
8456+
<entry><structfield>line_number</structfield></entry>
8457+
<entry><structfield>integer</structfield></entry>
8458+
<entry>
8459+
Line number of this rule in <filename>pg_hba.conf</>
8460+
</entry>
8461+
</row>
8462+
<row>
8463+
<entry><structfield>type</structfield></entry>
8464+
<entry><structfield>text</structfield></entry>
8465+
<entry>Type of connection</entry>
8466+
</row>
8467+
<row>
8468+
<entry><structfield>database</structfield></entry>
8469+
<entry><structfield>text[]</structfield></entry>
8470+
<entry>List of database name(s) to which this rule applies</entry>
8471+
</row>
8472+
<row>
8473+
<entry><structfield>user_name</structfield></entry>
8474+
<entry><structfield>text[]</structfield></entry>
8475+
<entry>List of user and group name(s) to which this rule applies</entry>
8476+
</row>
8477+
<row>
8478+
<entry><structfield>address</structfield></entry>
8479+
<entry><structfield>text</structfield></entry>
8480+
<entry>
8481+
Host name or IP address, or one
8482+
of <literal>all</literal>, <literal>samehost</literal>,
8483+
or <literal>samenet</literal>, or null for local connections
8484+
</entry>
8485+
</row>
8486+
<row>
8487+
<entry><structfield>netmask</structfield></entry>
8488+
<entry><structfield>text</structfield></entry>
8489+
<entry>IP address mask, or null if not applicable</entry>
8490+
</row>
8491+
<row>
8492+
<entry><structfield>auth_method</structfield></entry>
8493+
<entry><type>text</type></entry>
8494+
<entry>Authentication method</entry>
8495+
</row>
8496+
<row>
8497+
<entry><structfield>options</structfield></entry>
8498+
<entry><type>text[]</type></entry>
8499+
<entry>Options specified for authentication method, if any</entry>
8500+
</row>
8501+
<row>
8502+
<entry><structfield>error</structfield></entry>
8503+
<entry><structfield>text</structfield></entry>
8504+
<entry>
8505+
If not null, an error message indicating why this
8506+
line could not be processed
8507+
</entry>
8508+
</row>
8509+
</tbody>
8510+
</tgroup>
8511+
</table>
8512+
8513+
<para>
8514+
Usually, a row reflecting an incorrect entry will have values for only
8515+
the <structfield>line_number</> and <structfield>error</> fields.
8516+
</para>
8517+
8518+
<para>
8519+
See <xref linkend="client-authentication"> for more information about
8520+
client authentication configuration.
8521+
</para>
8522+
</sect1>
8523+
84118524
<sect1 id="view-pg-indexes">
84128525
<title><structname>pg_indexes</structname></title>
84138526

‎doc/src/sgml/client-auth.sgml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -597,6 +597,24 @@ hostnossl <replaceable>database</replaceable> <replaceable>user</replaceable>
597597
re-read the file.
598598
</para>
599599

600+
<note>
601+
<para>
602+
The preceding statement is not true on Microsoft Windows: there, any
603+
changes in the <filename>pg_hba.conf</filename> file are immediately
604+
applied by subsequent new connections.
605+
</para>
606+
</note>
607+
608+
<para>
609+
The system view
610+
<link linkend="view-pg-hba-file-rules"><structname>pg_hba_file_rules</structname></link>
611+
can be helpful for pre-testing changes to the <filename>pg_hba.conf</>
612+
file, or for diagnosing problems if loading of the file did not have the
613+
desired effects. Rows in the view with
614+
non-null <structfield>error</structfield> fields indicate problems in the
615+
corresponding lines of the file.
616+
</para>
617+
600618
<tip>
601619
<para>
602620
To connect to a particular database, a user must not only pass the

‎src/backend/catalog/system_views.sql

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -459,6 +459,12 @@ CREATE VIEW pg_file_settings AS
459459
REVOKE ALLon pg_file_settingsFROM PUBLIC;
460460
REVOKE EXECUTEON FUNCTION pg_show_all_file_settings()FROM PUBLIC;
461461

462+
CREATEVIEWpg_hba_file_rulesAS
463+
SELECT*FROM pg_hba_file_rules()AS A;
464+
465+
REVOKE ALLon pg_hba_file_rulesFROM PUBLIC;
466+
REVOKE EXECUTEON FUNCTION pg_hba_file_rules()FROM PUBLIC;
467+
462468
CREATEVIEWpg_timezone_abbrevsAS
463469
SELECT*FROM pg_timezone_abbrevs();
464470

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp