Обсуждение: Re: [ADMIN] Cannot connect to the database (PG 7.3)
I wrote:
> Michiel Lange <michiel@minas.demon.nl> writes:
>> It is, somehow, not possible to connect as a user which name is completely
>> numeric.
> I muttered "nonsense!" to myself, but darned if you're not right:
> regression=# create user "12345";
> CREATE USER
> regression=# \q
> $ psql -U 12345 regression
> psql: FATAL: SET SESSION AUTHORIZATION: permission denied
> Will look into it.
After some looking, it appears the culprit is
assign_session_authorization() in commands/variable.c, which is assuming
that a numeric-looking parameter string should be taken as a numeric
user sysid, rather than an actual user name.
The reason this was done was to avoid the need to do catalog lookups
when restoring a prior setting during error recovery. That's still a
valid concern, so right offhand I don't see an easy fix. Any ideas?
regards, tom lane
On Tue, 28 Jan 2003, Tom Lane wrote: > I wrote: > > Michiel Lange <michiel@minas.demon.nl> writes: > >> It is, somehow, not possible to connect as a user which name is completely > >> numeric. > > > I muttered "nonsense!" to myself, but darned if you're not right: > > > regression=# create user "12345"; > > CREATE USER > > regression=# \q > > $ psql -U 12345 regression > > psql: FATAL: SET SESSION AUTHORIZATION: permission denied > > > Will look into it. > > After some looking, it appears the culprit is > assign_session_authorization() in commands/variable.c, which is assuming > that a numeric-looking parameter string should be taken as a numeric > user sysid, rather than an actual user name. > > The reason this was done was to avoid the need to do catalog lookups > when restoring a prior setting during error recovery. That's still a > valid concern, so right offhand I don't see an easy fix. Any ideas? How about throwing an error if an all digit user name is given to create user as already alluded to? Seems that would be simple, not that I know anything about the parser, but does that break any standards? -- Nigel J. Andrews
>> After some looking, it appears the culprit is
>> assign_session_authorization() in commands/variable.c, which is assuming
>> that a numeric-looking parameter string should be taken as a numeric
>> user sysid, rather than an actual user name.
>>
>> The reason this was done was to avoid the need to do catalog lookups
>> when restoring a prior setting during error recovery. That's still a
>> valid concern, so right offhand I don't see an easy fix. Any ideas?
I've got an idea ... it's a bit grotty, but certainly not as ugly as
prohibiting all-numeric user names.
The problem for assign_session_authorization is to store a numeric sysid
in a form that can't be mistaken for a user name. There is no string
that can't be generated by a quoted identifier (except for strings with
embedded nulls, which won't really help us here). However, there *is*
the NAMEDATALEN limit. What if we generate strings consisting of, say,
NAMEDATALEN+1 'x's and then the numeric sysid?
This might seem a tad wasteful of storage, but at most a couple of such
strings need be stored at one time, so it's really insignificant (the
code space to implement any more-complex solution would probably be
more).
If anyone has a cleaner solution, let's hear it; otherwise I'll put this
in.
regards, tom lane
On Wednesday 29 Jan 2003 3:34 am, you wrote: > I wrote: > The reason this was done was to avoid the need to do catalog lookups > when restoring a prior setting during error recovery. That's still a > valid concern, so right offhand I don't see an easy fix. Any ideas? Document it as a bug and recommend users that do not create a numerical only user name. Agreed it is not a fix but a workaround. But it should be acceptable to most of users, isn't it? Shridhar