Re: Patch proposal: make use of regular expressions for the username in pg_hba.conf
| От | Drouvot, Bertrand |
|---|---|
| Тема | Re: Patch proposal: make use of regular expressions for the username in pg_hba.conf |
| Дата | |
| Msg-id | e346f82f-4a6b-22f7-d6c1-cef16d472de9@gmail.com обсуждение исходный текст |
| Ответ на | Re: Patch proposal: make use of regular expressions for the username in pg_hba.conf (Michael Paquier <michael@paquier.xyz>) |
| Ответы |
Re: Patch proposal: make use of regular expressions for the username in pg_hba.conf
|
| Список | pgsql-hackers |
Hi,
On 10/5/22 9:24 AM, Michael Paquier wrote:
> On Tue, Sep 20, 2022 at 01:33:09PM +0200, Drouvot, Bertrand wrote:
> Anyway, I have looked at the patch.
>
> + List *roles_re;
> + List *databases_re;
> + regex_t hostname_re;
> I am surprised by the approach of using separate lists for the regular
> expressions and the raw names. Wouldn't it be better to store
> everything in a single list but assign an entry type? In this case it
> would be either regex or plain string. This would minimize the
> footprint of the changes (no extra arguments *_re in the routines
> checking for a match on the roles, databases or hosts). And it seems
> to me that this would make unnecessary the use of re_num here and
> there.
Please find attached v5 addressing this. I started with an union but it
turns out that we still need the plain string when a regex is used. This
is not needed for the authentication per say but for fill_hba_line(). So
I ended up creating a new struct without union in v5.
> The hostname is different, of course, requiring only an extra
> field for its type, or something like that.
I'm using the same new struct as described above for the hostname.
>
> Perhaps the documentation would gain in clarity if there were more
> examples, like a set of comma-separated examples (mix of regex and raw
> strings for example, for all the field types that gain support for
> regexes)?
>
Right, I added more examples in v5.
> -$node->append_conf('postgresql.conf', "log_connections = on\n");
> +$node->append_conf(
> + 'postgresql.conf', qq{
> +listen_addresses = '127.0.0.1'
> +log_connections = on
> +});
> Hmm. I think that we may need to reconsider the location of the tests
> for the regexes with the host name, as the "safe" regression tests
> should not switch listen_addresses. One location where we already do
> that is src/test/ssl/, so these could be moved there.
Good point, I moved the hostname related tests in src/test/ssl.
Regards,
--
Bertrand Drouvot
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com
Вложения
В списке pgsql-hackers по дате отправления: