On Wed, Jun 27, 2012 at 4:14 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: > Magnus Hagander <mag...@hagander.net> writes: >> On Wed, Jun 27, 2012 at 3:55 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: >>> BTW, are you sure that auth_failed is only called in cases where >>> an hba line has already been identified? Even if true today, >>> it seems fairly risky to assume that. > >> It is true today, but yes, it might be safe to guard against it with >> something like this? > > FWIW, the usual approach for conditionally emitting bits of an ereport > is more like > > ereport(FATAL, > (errcode(errcode_return), > errmsg(errstr, port->user_name), > port->hba ? errdetail_log("Connection matched pg_hba.conf > line %d", port->hba->linenumber) : 0));
Hmm. Ok. So it treats a 0/NULL there as a way to ignore it. I tried something with the NULL inside the errdetail, which obviously failed. > but that's just a nitpick. A bigger issue is that I'm not convinced > that a line number will be tremendously helpful: it's easy to miscount > lines, and a line number will certainly not be helpful in the frequent Editors will help you count the lines, no? :-) > cases where people are modifying the wrong hba file. Can we show > the source text of the hba line? We don't currently keep the full source text around - but we certainly could do that if we wanted to. I'm not sure how much it helps - usually, you're going to end up on a line that's completely irrelevant if you get the wrong hba file (e.g. a comment or a line that's not even in the file at all due to size). Maybe we should just include the *name* of the HBA file in the error message? -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers