Re: [QUESTIONS] How is PostgreSQL doing?
От | Bruce Momjian |
---|---|
Тема | Re: [QUESTIONS] How is PostgreSQL doing? |
Дата | |
Msg-id | 199801251927.OAA23008@candle.pha.pa.us обсуждение исходный текст |
Список | pgsql-hackers |
I found this patch in my mailbox. Is there any intestest in this, or is it too site-specific? > > Eze Ogwuma writes: > > Bruce Momjian <maillist@candle.pha.pa.us> writes: > > > Can you be specific? Something I can add to the TODO list. > > > > Database based access for users so that each user can be giving access > > to a particular database only. More permissions for each databse user: > > Create, Drop, Select, Insert etc. Possibly table based > > authentification as well. > > I needed to do that for the web database that I'm setting up. We have > 20000 users and each (potentially) needs a separate database which is > only accessible to them. Rather than having 20000 lines in pg_hba.conf, > I've patched Postgres so that the special token "%username" in the > database field of pg_hba.conf allows access only to the username which > is connecting. (I chose the leading "%" so that it couldn't clash with > a real database name.) Since the patch is against 6.1 rather than > 6.2beta, I hadn't made it public. Here it is in case it's of interest. > > ----------------------------- cut here ----------------------------- > --- postgresql-v6.1/src/include/libpq/hba.h.ORI Wed Jul 30 18:05:12 1997 > +++ postgresql-v6.1/src/include/libpq/hba.h Wed Jul 30 18:05:37 1997 > @@ -42,7 +42,7 @@ > hba_recvauth(const Port *port, const char database[], const char user[], > const char DataDir[]); > void find_hba_entry(const char DataDir[], const struct in_addr ip_addr, > - const char database[], > + const char user[], const char database[], > bool *host_ok_p, enum Userauth *userauth_p, > char usermap_name[], bool find_password_entries); > > --- postgresql-v6.1/src/backend/libpq/hba.c.ORI Wed Jul 30 18:05:47 1997 > +++ postgresql-v6.1/src/backend/libpq/hba.c Thu Jul 31 14:18:03 1997 > @@ -144,8 +144,8 @@ > > static void > process_hba_record(FILE *file, > - const struct in_addr ip_addr, const char database[], > - bool *matches_p, bool *error_p, > + const struct in_addr ip_addr, const char user[], > + const char database[], bool *matches_p, bool *error_p, > enum Userauth *userauth_p, char usermap_name[], > bool find_password_entries) { > /*--------------------------------------------------------------------------- > @@ -173,7 +173,8 @@ > if (buf[0] == '\0') *matches_p = false; > else { > /* If this record isn't for our database, ignore it. */ > - if (strcmp(buf, database) != 0 && strcmp(buf, "all") != 0) { > + if (strcmp(buf, database) != 0 && strcmp(buf, "all") != 0 > + && (strcmp(buf, "%username") != 0 || strcmp(user, database) != 0)) { > *matches_p = false; > read_through_eol(file); > } else { > @@ -235,7 +236,8 @@ > > static void > process_open_config_file(FILE *file, > - const struct in_addr ip_addr, const char database[], > + const struct in_addr ip_addr, > + const char user[], const char database[], > bool *host_ok_p, enum Userauth *userauth_p, > char usermap_name[], bool find_password_entries) { > /*--------------------------------------------------------------------------- > @@ -261,7 +263,7 @@ > else { > if (c == '#') read_through_eol(file); > else { > - process_hba_record(file, ip_addr, database, > + process_hba_record(file, ip_addr, user, database, > &found_entry, &error, userauth_p, usermap_name, > find_password_entries); > } > @@ -277,7 +279,7 @@ > > void > find_hba_entry(const char DataDir[], const struct in_addr ip_addr, > - const char database[], > + const char user[], const char database[], > bool *host_ok_p, enum Userauth *userauth_p, > char usermap_name[], bool find_password_entries) { > /*-------------------------------------------------------------------------- > @@ -348,8 +350,8 @@ > fputs(PQerrormsg, stderr); > pqdebug("%s", PQerrormsg); > } else { > - process_open_config_file(file, ip_addr, database, host_ok_p, userauth_p, > - usermap_name, find_password_entries); > + process_open_config_file(file, ip_addr, user, database, host_ok_p, > + userauth_p, usermap_name, find_password_entries); > fclose(file); > } > free(conf_file); > @@ -719,7 +721,7 @@ > /* Our eventual return value */ > > > - find_hba_entry(DataDir, port->raddr.sin_addr, database, > + find_hba_entry(DataDir, port->raddr.sin_addr, user, database, > &host_ok, &userauth, usermap_name, > false /* don't find password entries of type 'password' */); > > --- postgresql-v6.1/src/backend/libpq/password.c.ORI Wed Jul 30 18:05:55 1997 > +++ postgresql-v6.1/src/backend/libpq/password.c Wed Jul 30 18:06:43 1997 > @@ -23,7 +23,7 @@ > char *p, *test_user, *test_pw; > char salt[3]; > > - find_hba_entry(DataDir, port->raddr.sin_addr, database, > + find_hba_entry(DataDir, port->raddr.sin_addr, user, database, > &host_ok, &userauth, pw_file_name, true); > > if(!host_ok) { > ----------------------------- cut here ----------------------------- > > --Malcolm > > -- > Malcolm Beattie <mbeattie@sable.ox.ac.uk> > Unix Systems Programmer > Oxford University Computing Services > > -- Bruce Momjian maillist@candle.pha.pa.us
В списке pgsql-hackers по дате отправления:
Следующее
От: Bruce MomjianДата:
Сообщение: Re: [HACKERS] Re: Copyright question: GPL patches for non-GPL packages (fwd)