[HACKERS] Process pg_hba.conf keywords as case-insensitive

Thu, 08 Oct 2015 04:37:20 -0700 

Hi!
This is my first post to this list.
(Sorry for my bad english)

I decided to start small, but as it is in the TODO, then why not.

In TODO:
> Process pg_hba.conf keywords as case-insensitive
>http://archives.postgresql.org/pgsql-hackers/2009-09/msg00432.php

It seems to me reasonable to throw an error saying 'ALL' is not a valid
value and * not * reload the pg_hba.conf file.

It seems a good place parse_hba_line in src/backend/libpq/hba.c, and
use strcasecmp
for checks.

Patch attached, if is very simple,

diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c
index 23c8b5d..72ae6f3 100644
--- a/src/backend/libpq/hba.c
+++ b/src/backend/libpq/hba.c
@@ -62,6 +62,8 @@ typedef struct check_network_data
 
 
 #define token_is_keyword(t, k)	(!t->quoted && strcmp(t->string, k) == 0)
+#define token_is_fake_keyword(t, k)	(strcasecmp(t->string, k) == 0 \
+        && strcmp(t->string, k) != 0)
 #define token_matches(t, k)  (strcmp(t->string, k) == 0)
 
 /*
@@ -931,6 +933,20 @@ parse_hba_line(List *line, int line_num, char *raw_line)
 	tokens = lfirst(field);
 	foreach(tokencell, tokens)
 	{
+        token = lfirst(tokencell);
+        if (!token->quoted && (    
+            token_is_fake_keyword(token, "all") ||
+            token_is_fake_keyword(token, "sameuser") ||
+            token_is_fake_keyword(token, "samerole") ||
+            token_is_fake_keyword(token, "replication")))
+        {
+            ereport(LOG,
+                    (errcode(ERRCODE_CONFIG_FILE_ERROR),
+                     errmsg("invalid database keyword name \"%s\"", token->string),
+                     errcontext("line %d of configuration file \"%s\"",
+                                line_num, HbaFileName)));
+            return NULL;
+        }
 		parsedline->databases = lappend(parsedline->databases,
 										copy_hba_token(lfirst(tokencell)));
 	}
@@ -950,6 +966,17 @@ parse_hba_line(List *line, int line_num, char *raw_line)
 	tokens = lfirst(field);
 	foreach(tokencell, tokens)
 	{
+        token = lfirst(tokencell);
+        if (!token->quoted && token_is_fake_keyword(token, "all")) 
+        {
+            ereport(LOG,
+                    (errcode(ERRCODE_CONFIG_FILE_ERROR),
+                     errmsg("invalid role keyword name \"%s\"", token->string),
+                     errcontext("line %d of configuration file \"%s\"",
+                                line_num, HbaFileName)));
+            return NULL;
+        }
+        
 		parsedline->roles = lappend(parsedline->roles,
 									copy_hba_token(lfirst(tokencell)));
 	}

-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to