From: | Michael Paquier <michael(at)paquier(dot)xyz> |
---|---|
To: | Julien Rouhaud <rjuju123(at)gmail(dot)com> |
Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org>, Nathan Bossart <nathandbossart(at)gmail(dot)com> |
Subject: | Re: Allow file inclusion in pg_hba and pg_ident files |
Date: | 2022-11-08 01:04:16 |
Message-ID: | Y2mrEIcUED81TGMT@paquier.xyz |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Mon, Nov 07, 2022 at 03:07:15PM +0900, Michael Paquier wrote:
> Attached is a set of three patches:
> - 0001 changes tokenize_inc_file() to use AbsoluteConfigLocation().
> AbsoluteConfigLocation() uses a static buffer and a MAXPGPATH, but
> we'd rather change it to use a palloc()+strcpy() instead and remove
> the static restriction? What do you think? The same applies for the
> case where we use DataDir, actually, and it seems like there is no
> point in this path-length restriction in this code path.
> - 0002 invents the interface to open auth files and check for their
> depths, simplifying the main patch a bit as there is no need to track
> the depth level here and there anymore.
> - 0003 is the rebased patch, simplified after the other changes. The
> bulk of the patch is in its TAP test.
CF bot unhappy as I have messed up with rules.out. Rebased. I have
removed the restriction on MAXPGPATH in AbsoluteConfigLocation() in
0001, while on it. The absolute paths built on GUC or ident
inclusions are the same.
--
Michael
Attachment | Content-Type | Size |
---|---|---|
v17-0001-Expand-the-use-of-AbsoluteConfigLocation-in-hba..patch | text/x-diff | 2.9 KB |
v17-0002-Invent-open_auth_file-in-hba.c-to-refactor-auth-.patch | text/x-diff | 9.0 KB |
v17-0003-Allow-file-inclusion-in-pg_hba-and-pg_ident-file.patch | text/x-diff | 55.0 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | David Rowley | 2022-11-08 01:31:12 | Re: Add proper planner support for ORDER BY / DISTINCT aggregates |
Previous Message | Jacob Champion | 2022-11-08 01:04:14 | Re: [PATCH] Add `verify-system` sslmode to use system CA pool for server cert |