On Wed, Jun 27, 2012 at 4:14 PM, Tom Lane <t...@sss.pgh.pa.us> wrote:
> Magnus Hagander <mag...@hagander.net> writes:
>> On Wed, Jun 27, 2012 at 3:55 PM, Tom Lane <t...@sss.pgh.pa.us> wrote:
>>> BTW, are you sure that auth_failed is only called in cases where
>>> an hba line has already been identified? Even if true today,
>>> it seems fairly risky to assume that.
>
>> It is true today, but yes, it might be safe to guard against it with
>> something like this?
>
> FWIW, the usual approach for conditionally emitting bits of an ereport
> is more like
>
> ereport(FATAL,
> (errcode(errcode_return),
> errmsg(errstr, port->user_name),
> port->hba ? errdetail_log("Connection matched pg_hba.conf
> line %d", port->hba->linenumber) : 0));
Hmm. Ok. So it treats a 0/NULL there as a way to ignore it. I tried
something with the NULL inside the errdetail, which obviously failed.
> but that's just a nitpick. A bigger issue is that I'm not convinced
> that a line number will be tremendously helpful: it's easy to miscount
> lines, and a line number will certainly not be helpful in the frequent
Editors will help you count the lines, no? :-)
> cases where people are modifying the wrong hba file. Can we show
> the source text of the hba line?
We don't currently keep the full source text around - but we certainly
could do that if we wanted to.
I'm not sure how much it helps - usually, you're going to end up on a
line that's completely irrelevant if you get the wrong hba file (e.g.
a comment or a line that's not even in the file at all due to size).
Maybe we should just include the *name* of the HBA file in the error
message?
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
