| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Removing the fixed-size buffer restriction in hba.c |
| Date: | 2023-07-24 17:53:28 |
| Message-ID: | 1588937.1690221208@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
We got a complaint at [1] about how a not-so-unreasonable LDAP
configuration can hit the "authentication file token too long,
skipping" error case in hba.c's next_token(). I think we've
seen similar complaints before, although a desultory archives
search didn't turn one up.
A minimum-change response would be to increase the MAX_TOKEN
constant from 256 to (say) 1K or 10K. But it wouldn't be all
that hard to replace the fixed-size buffer with a StringInfo,
as attached.
Given the infrequency of complaints, I'm inclined to apply
the more thorough fix only in HEAD, and to just raise MAX_TOKEN
in the back branches. Thoughts?
regards, tom lane
| Attachment | Content-Type | Size |
|---|---|---|
| v1-remove-hba-token-length-limit.patch | text/x-diff | 5.1 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Geoghegan | 2023-07-24 17:54:31 | Re: Use of additional index columns in rows filtering |
| Previous Message | Tom Lane | 2023-07-24 17:43:56 | Re: psql not responding to SIGINT upon db reconnection |