mirrors/postgres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add rule_number to pg_hba_file_rules and map_number to pg_ident_file_mappings

Browse Source 
These numbers are strictly-monotone identifiers assigned to each rule
of pg_hba_file_rules and each map of pg_ident_file_mappings when loading
the HBA and ident configuration files, indicating the order in which
they are checked at authentication time, until a match is found.

With only one file loaded currently, this is equivalent to the line
numbers assigned to the entries loaded if one wants to know their order,
but this becomes mandatory once the inclusion of external files is
added to the HBA and ident files to be able to know in which order the
rules and/or maps are applied at authentication.  Note that NULL is used
when a HBA or ident entry cannot be parsed or validated, aka when an
error exists, contrary to the line number.

Bump catalog version.

Author: Julien Rouhaud
Discussion: https://postgr.es/m/20220223045959.35ipdsvbxcstrhya@jrouhaud
This commit is contained in:
Michael Paquier 2022-10-26 15:22:15 +09:00
parent 37d264478a
commit c591300a8f
5 changed files with 74 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
doc/src/sgml/system-views.sgml
View File

@ -991,6 +991,17 @@
</thead> </thead>
<tbody> <tbody>
<row>
<entry role="catalog_table_entry"><para role="column_definition">
<structfield>rule_number</structfield> <type>int4</type>
</para>
<para>
Number of this rule, if valid, otherwise <literal>NULL</literal>.
This indicates the order in which each rule is considered
until a match is found during authentication.
</para></entry>
</row>
<row> <row>
<entry role="catalog_table_entry"><para role="column_definition"> <entry role="catalog_table_entry"><para role="column_definition">
<structfield>line_number</structfield> <type>int4</type> <structfield>line_number</structfield> <type>int4</type>
@ -1131,6 +1142,16 @@
</thead> </thead>
<tbody> <tbody>
<row>
<entry role="catalog_table_entry"><para role="column_definition">
<structfield>map_number</structfield> <type>int4</type>
</para>
<para>
Number of this map, in priority order, if valid, otherwise
<literal>NULL</literal>
</para></entry>
</row>
<row> <row>
<entry role="catalog_table_entry"><para role="column_definition"> <entry role="catalog_table_entry"><para role="column_definition">
<structfield>line_number</structfield> <type>int4</type> <structfield>line_number</structfield> <type>int4</type>

51
src/backend/utils/adt/hbafuncs.c
View File

@ -26,10 +26,12 @@
static ArrayType *get_hba_options(HbaLine *hba); static ArrayType *get_hba_options(HbaLine *hba);
static void fill_hba_line(Tuplestorestate *tuple_store, TupleDesc tupdesc, static void fill_hba_line(Tuplestorestate *tuple_store, TupleDesc tupdesc,
int lineno, HbaLine *hba, const char *err_msg); int rule_number, int lineno, HbaLine *hba,
const char *err_msg);
static void fill_hba_view(Tuplestorestate *tuple_store, TupleDesc tupdesc); static void fill_hba_view(Tuplestorestate *tuple_store, TupleDesc tupdesc);
static void fill_ident_line(Tuplestorestate *tuple_store, TupleDesc tupdesc, static void fill_ident_line(Tuplestorestate *tuple_store, TupleDesc tupdesc,
int lineno, IdentLine *ident, const char *err_msg); int map_number, int lineno, IdentLine *ident,
const char *err_msg);
static void fill_ident_view(Tuplestorestate *tuple_store, TupleDesc tupdesc); static void fill_ident_view(Tuplestorestate *tuple_store, TupleDesc tupdesc);
@ -157,7 +159,7 @@ get_hba_options(HbaLine *hba)
} }
/* Number of columns in pg_hba_file_rules view */ /* Number of columns in pg_hba_file_rules view */
#define NUM_PG_HBA_FILE_RULES_ATTS 9 #define NUM_PG_HBA_FILE_RULES_ATTS 10
/* /*
* fill_hba_line * fill_hba_line
@ -165,6 +167,7 @@ get_hba_options(HbaLine *hba)
* *
* tuple_store: where to store data * tuple_store: where to store data
* tupdesc: tuple descriptor for the view * tupdesc: tuple descriptor for the view
* rule_number: unique identifier among all valid rules
* lineno: pg_hba.conf line number (must always be valid) * lineno: pg_hba.conf line number (must always be valid)
* hba: parsed line data (can be NULL, in which case err_msg should be set) * hba: parsed line data (can be NULL, in which case err_msg should be set)
* err_msg: error message (NULL if none) * err_msg: error message (NULL if none)
@ -174,7 +177,8 @@ get_hba_options(HbaLine *hba)
*/ */
static void static void
fill_hba_line(Tuplestorestate *tuple_store, TupleDesc tupdesc, fill_hba_line(Tuplestorestate *tuple_store, TupleDesc tupdesc,
int lineno, HbaLine *hba, const char *err_msg) int rule_number, int lineno, HbaLine *hba,
const char *err_msg)
{ {
Datum values[NUM_PG_HBA_FILE_RULES_ATTS]; Datum values[NUM_PG_HBA_FILE_RULES_ATTS];
bool nulls[NUM_PG_HBA_FILE_RULES_ATTS]; bool nulls[NUM_PG_HBA_FILE_RULES_ATTS];
@ -193,6 +197,12 @@ fill_hba_line(Tuplestorestate *tuple_store, TupleDesc tupdesc,
memset(nulls, 0, sizeof(nulls)); memset(nulls, 0, sizeof(nulls));
index = 0; index = 0;
/* rule_number, nothing on error */
if (err_msg)
nulls[index++] = true;
else
values[index++] = Int32GetDatum(rule_number);
/* line_number */ /* line_number */
values[index++] = Int32GetDatum(lineno); values[index++] = Int32GetDatum(lineno);
@ -336,7 +346,7 @@ fill_hba_line(Tuplestorestate *tuple_store, TupleDesc tupdesc,
else else
{ {
/* no parsing result, so set relevant fields to nulls */ /* no parsing result, so set relevant fields to nulls */
memset(&nulls[1], true, (NUM_PG_HBA_FILE_RULES_ATTS - 2) * sizeof(bool)); memset(&nulls[2], true, (NUM_PG_HBA_FILE_RULES_ATTS - 3) * sizeof(bool));
} }
/* error */ /* error */
@ -359,6 +369,7 @@ fill_hba_view(Tuplestorestate *tuple_store, TupleDesc tupdesc)
FILE *file; FILE *file;
List *hba_lines = NIL; List *hba_lines = NIL;
ListCell *line; ListCell *line;
int rule_number = 0;
MemoryContext linecxt; MemoryContext linecxt;
MemoryContext hbacxt; MemoryContext hbacxt;
MemoryContext oldcxt; MemoryContext oldcxt;
@ -393,8 +404,12 @@ fill_hba_view(Tuplestorestate *tuple_store, TupleDesc tupdesc)
if (tok_line->err_msg == NULL) if (tok_line->err_msg == NULL)
hbaline = parse_hba_line(tok_line, DEBUG3); hbaline = parse_hba_line(tok_line, DEBUG3);
fill_hba_line(tuple_store, tupdesc, tok_line->line_num, /* No error, set a new rule number */
hbaline, tok_line->err_msg); if (tok_line->err_msg == NULL)
rule_number++;
fill_hba_line(tuple_store, tupdesc, rule_number,
tok_line->line_num, hbaline, tok_line->err_msg);
} }
/* Free tokenizer memory */ /* Free tokenizer memory */
@ -431,7 +446,7 @@ pg_hba_file_rules(PG_FUNCTION_ARGS)
} }
/* Number of columns in pg_ident_file_mappings view */ /* Number of columns in pg_ident_file_mappings view */
#define NUM_PG_IDENT_FILE_MAPPINGS_ATTS 5 #define NUM_PG_IDENT_FILE_MAPPINGS_ATTS 6
/* /*
* fill_ident_line: build one row of pg_ident_file_mappings view, add it to * fill_ident_line: build one row of pg_ident_file_mappings view, add it to
@ -439,6 +454,7 @@ pg_hba_file_rules(PG_FUNCTION_ARGS)
* *
* tuple_store: where to store data * tuple_store: where to store data
* tupdesc: tuple descriptor for the view * tupdesc: tuple descriptor for the view
* map_number: unique identifier among all valid maps
* lineno: pg_ident.conf line number (must always be valid) * lineno: pg_ident.conf line number (must always be valid)
* ident: parsed line data (can be NULL, in which case err_msg should be set) * ident: parsed line data (can be NULL, in which case err_msg should be set)
* err_msg: error message (NULL if none) * err_msg: error message (NULL if none)
@ -448,7 +464,8 @@ pg_hba_file_rules(PG_FUNCTION_ARGS)
*/ */
static void static void
fill_ident_line(Tuplestorestate *tuple_store, TupleDesc tupdesc, fill_ident_line(Tuplestorestate *tuple_store, TupleDesc tupdesc,
int lineno, IdentLine *ident, const char *err_msg) int map_number, int lineno, IdentLine *ident,
const char *err_msg)
{ {
Datum values[NUM_PG_IDENT_FILE_MAPPINGS_ATTS]; Datum values[NUM_PG_IDENT_FILE_MAPPINGS_ATTS];
bool nulls[NUM_PG_IDENT_FILE_MAPPINGS_ATTS]; bool nulls[NUM_PG_IDENT_FILE_MAPPINGS_ATTS];
@ -461,6 +478,12 @@ fill_ident_line(Tuplestorestate *tuple_store, TupleDesc tupdesc,
memset(nulls, 0, sizeof(nulls)); memset(nulls, 0, sizeof(nulls));
index = 0; index = 0;
/* map_number, nothing on error */
if (err_msg)
nulls[index++] = true;
else
values[index++] = Int32GetDatum(map_number);
/* line_number */ /* line_number */
values[index++] = Int32GetDatum(lineno); values[index++] = Int32GetDatum(lineno);
@ -473,7 +496,7 @@ fill_ident_line(Tuplestorestate *tuple_store, TupleDesc tupdesc,
else else
{ {
/* no parsing result, so set relevant fields to nulls */ /* no parsing result, so set relevant fields to nulls */
memset(&nulls[1], true, (NUM_PG_IDENT_FILE_MAPPINGS_ATTS - 2) * sizeof(bool)); memset(&nulls[2], true, (NUM_PG_IDENT_FILE_MAPPINGS_ATTS - 3) * sizeof(bool));
} }
/* error */ /* error */
@ -495,6 +518,7 @@ fill_ident_view(Tuplestorestate *tuple_store, TupleDesc tupdesc)
FILE *file; FILE *file;
List *ident_lines = NIL; List *ident_lines = NIL;
ListCell *line; ListCell *line;
int map_number = 0;
MemoryContext linecxt; MemoryContext linecxt;
MemoryContext identcxt; MemoryContext identcxt;
MemoryContext oldcxt; MemoryContext oldcxt;
@ -529,7 +553,12 @@ fill_ident_view(Tuplestorestate *tuple_store, TupleDesc tupdesc)
if (tok_line->err_msg == NULL) if (tok_line->err_msg == NULL)
identline = parse_ident_line(tok_line, DEBUG3); identline = parse_ident_line(tok_line, DEBUG3);
fill_ident_line(tuple_store, tupdesc, tok_line->line_num, identline, /* no error, set a new mapping number */
if (tok_line->err_msg == NULL)
map_number++;
fill_ident_line(tuple_store, tupdesc, map_number,
tok_line->line_num, identline,
tok_line->err_msg); tok_line->err_msg);
} }

2
src/include/catalog/catversion.h
View File

@ -57,6 +57,6 @@
*/ */
/* yyyymmddN */ /* yyyymmddN */
#define CATALOG_VERSION_NO 202210141 #define CATALOG_VERSION_NO 202210261
#endif #endif

11
src/include/catalog/pg_proc.dat
View File

@ -6135,15 +6135,16 @@
{ oid => '3401', descr => 'show pg_hba.conf rules', { oid => '3401', descr => 'show pg_hba.conf rules',
proname => 'pg_hba_file_rules', prorows => '1000', proretset => 't', proname => 'pg_hba_file_rules', prorows => '1000', proretset => 't',
provolatile => 'v', prorettype => 'record', proargtypes => '', provolatile => 'v', prorettype => 'record', proargtypes => '',
proallargtypes => '{int4,text,_text,_text,text,text,text,_text,text}', proallargtypes => '{int4,int4,text,_text,_text,text,text,text,_text,text}',
proargmodes => '{o,o,o,o,o,o,o,o,o}', proargmodes => '{o,o,o,o,o,o,o,o,o,o}',
proargnames => '{line_number,type,database,user_name,address,netmask,auth_method,options,error}', proargnames => '{rule_number,line_number,type,database,user_name,address,netmask,auth_method,options,error}',
prosrc => 'pg_hba_file_rules' }, prosrc => 'pg_hba_file_rules' },
{ oid => '6250', descr => 'show pg_ident.conf mappings', { oid => '6250', descr => 'show pg_ident.conf mappings',
proname => 'pg_ident_file_mappings', prorows => '1000', proretset => 't', proname => 'pg_ident_file_mappings', prorows => '1000', proretset => 't',
provolatile => 'v', prorettype => 'record', proargtypes => '', provolatile => 'v', prorettype => 'record', proargtypes => '',
proallargtypes => '{int4,text,text,text,text}', proargmodes => '{o,o,o,o,o}', proallargtypes => '{int4,int4,text,text,text,text}',
proargnames => '{line_number,map_name,sys_name,pg_username,error}', proargmodes => '{o,o,o,o,o,o}',
proargnames => '{map_number,line_number,map_name,sys_name,pg_username,error}',
prosrc => 'pg_ident_file_mappings' }, prosrc => 'pg_ident_file_mappings' },
{ oid => '1371', descr => 'view system lock information', { oid => '1371', descr => 'view system lock information',
proname => 'pg_lock_status', prorows => '1000', proretset => 't', proname => 'pg_lock_status', prorows => '1000', proretset => 't',

10
src/test/regress/expected/rules.out
View File

@ -1337,7 +1337,8 @@ pg_group| SELECT pg_authid.rolname AS groname,
WHERE (pg_auth_members.roleid = pg_authid.oid)) AS grolist WHERE (pg_auth_members.roleid = pg_authid.oid)) AS grolist
FROM pg_authid FROM pg_authid
WHERE (NOT pg_authid.rolcanlogin); WHERE (NOT pg_authid.rolcanlogin);
pg_hba_file_rules| SELECT a.line_number, pg_hba_file_rules| SELECT a.rule_number,
a.line_number,
a.type, a.type,
a.database, a.database,
a.user_name, a.user_name,
@ -1346,13 +1347,14 @@ pg_hba_file_rules| SELECT a.line_number,
a.auth_method, a.auth_method,
a.options, a.options,
a.error a.error
FROM pg_hba_file_rules() a(line_number, type, database, user_name, address, netmask, auth_method, options, error); FROM pg_hba_file_rules() a(rule_number, line_number, type, database, user_name, address, netmask, auth_method, options, error);
pg_ident_file_mappings| SELECT a.line_number, pg_ident_file_mappings| SELECT a.map_number,
a.line_number,
a.map_name, a.map_name,
a.sys_name, a.sys_name,
a.pg_username, a.pg_username,
a.error a.error
FROM pg_ident_file_mappings() a(line_number, map_name, sys_name, pg_username, error); FROM pg_ident_file_mappings() a(map_number, line_number, map_name, sys_name, pg_username, error);
pg_indexes| SELECT n.nspname AS schemaname, pg_indexes| SELECT n.nspname AS schemaname,
c.relname AS tablename, c.relname AS tablename,
i.relname AS indexname, i.relname AS indexname,