From: | Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com> |
---|---|
To: | Peter Eisentraut <peter_e(at)gmx(dot)net> |
Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: pg_hba_lookup function to get all matching pg_hba.conf entries |
Date: | 2015-11-25 07:05:20 |
Message-ID: | CAJrrPGfb8uM9pTiOE-m6mMn5C=dNrejCCU1AG5m_A2YpjHrO2A@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Tue, Nov 17, 2015 at 9:37 AM, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
> On 11/16/15 2:37 AM, Haribabu Kommi wrote:
>> On Mon, Nov 16, 2015 at 2:30 PM, Peter Eisentraut <peter_e(at)gmx(dot)net> wrote:
>>> On 7/21/15 5:15 AM, Haribabu Kommi wrote:
>>>> With the output of this view, administrator can identify the lines
>>>> that are matching for the given
>>>> criteria easily without going through the file.
>>>
>>> How is this useful? I could see the use if you want to debug cases of
>>> user foo on host bar says they can't connect, but you can't impersonate
>>> them to verify it. But then all you need is a function with a scalar
>>> result, not a result set.
>>
>> Do you mean the function should return true or false based on the connection
>> status with the provided arguments?
>>
>> I also feel difficult to understand the function result as compared to a view.
>
> An hba lookup is essentially a lookup by user name, database name,
> client address, yielding an authentication method (possibly with
> parameters). So I think this function should work that way as well:
> arguments are user name, database name, and so on, and the return value
> is an authentication method. Maybe it would be some kind of record,
> with line number and some parameters.
>
> That would address the use case I put forth above. I don't know whether
> that's what you were going for.
Thanks. Here I attached the poc patch that returns authentication method of the
first matched hba entry in pg_hba.conf with the given input values.
Currently these
functions returns text type. Based on the details required to be
printed, it can
be changed.
postgres=# select pg_hba_lookup('all', 'all');
pg_hba_lookup
---------------
trust
(1 row)
comments for the approach?
Regards,
Hari Babu
Fujitsu Australia
Attachment | Content-Type | Size |
---|---|---|
pg_hba_lookup_poc_v2.patch | application/octet-stream | 9.1 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Victor Wagner | 2015-11-25 07:36:58 | What .gitignore files do in the tarball? |
Previous Message | Jim Nasby | 2015-11-25 06:57:31 | Re: custom function for converting human readable sizes to bytes |