[PATCH] allow specifying allowed user in 'trust' hba entries

Hi all,

While we run an ident-less site, we'd still like to specify as what
account a user might connect from a trusted host.

Currently, if you allow connections from host X to database Y, people on
host X are still allowed to connect as a database administrator, which I
think is not very pretty (even though it's the 'trust' mode of
authentication).

This patches uses the auth_arg for specifying the allowed user name.
Basically, it will allow you to specify you an 'allowed user' after a hba
entry. I've found it pretty useful.

Please CC me on replies, as I've not yet found out to subscribe to the
lists here.


greetings,
Lennert



--- postgresql-7.0.2-orig/src/backend/libpq/hba.c    Wed Apr 12 19:15:14 2000
+++ postgresql-7.0.2/src/backend/libpq/hba.c    Wed Oct 18 00:47:40 2000
@@ -297,7 +297,8 @@
         if ((strcmp(db, port->database) != 0 && strcmp(db, "all") != 0 &&
              (strcmp(db, "sameuser") != 0 || strcmp(port->database, port->user) != 0)) ||
             port->raddr.sa.sa_family != AF_INET ||
-            ((file_ip_addr.s_addr ^ port->raddr.in.sin_addr.s_addr) & mask.s_addr) != 0x0000)
+            ((file_ip_addr.s_addr ^ port->raddr.in.sin_addr.s_addr) & mask.s_addr) != 0x0000 ||
+            (port->auth_arg[0] && strcmp(port->auth_arg, port->user) != 0))
             return;
     }
     else